@@ -169,14 +169,14 @@ jobs:
169169
170170 # Print important claims
171171 print("\n=== GITHUB OIDC TOKEN CLAIMS ===")
172- print(f"Issuer (iss): {claims.get(\" iss\" )}")
173- print(f"Subject (sub): {claims.get(\" sub\" )}")
174- print(f"Audience (aud): {claims.get(\" aud\" )}")
175- print(f"Repository: {claims.get(\" repository\" )}")
176- print(f"Repository owner: {claims.get(\" repository_owner\" )}")
177- print(f"Event name: {claims.get(\" event_name\" )}")
178- print(f"Ref: {claims.get(\" ref\" )}")
179- print(f"Workflow ref: {claims.get(\" workflow_ref\" )}")
172+ print(f"Issuer (iss): {claims.get(' iss' )}")
173+ print(f"Subject (sub): {claims.get(' sub' )}")
174+ print(f"Audience (aud): {claims.get(' aud' )}")
175+ print(f"Repository: {claims.get(' repository' )}")
176+ print(f"Repository owner: {claims.get(' repository_owner' )}")
177+ print(f"Event name: {claims.get(' event_name' )}")
178+ print(f"Ref: {claims.get(' ref' )}")
179+ print(f"Workflow ref: {claims.get(' workflow_ref' )}")
180180 print("\n=== FULL CLAIMS ===")
181181 print(json.dumps(claims, indent=2))
182182 print("===========================\n")
@@ -312,9 +312,9 @@ jobs:
312312 # Add debugging info
313313 claims = decode_jwt(token)
314314 if claims:
315- print(f"Token issuer: {claims.get(\ 'iss\ ', \ 'unknown\ ')}")
316- print(f"Token subject: {claims.get(\ 'sub\ ', \ 'unknown\ ')}")
317- print(f"Token audience: {claims.get(\ 'aud\ ', \ 'unknown\ ')}")
315+ print(f"Token issuer: {claims.get('iss', 'unknown')}")
316+ print(f"Token subject: {claims.get('sub', 'unknown')}")
317+ print(f"Token audience: {claims.get('aud', 'unknown')}")
318318
319319 # If audience was specified in policy but doesn't match token
320320 if audience and audience != claims.get('aud'):
@@ -358,13 +358,13 @@ jobs:
358358 claims = decode_jwt(github_token)
359359 if claims:
360360 print("\n=== GitHub OIDC Token Claims ===")
361- print(f"Token issuer: {claims.get(\ 'iss\', \'unknown\ ')}")
362- print(f"Token subject: {claims.get(\ 'sub\', \'unknown\ ')}")
363- print(f"Token audience: {claims.get(\ 'aud\', \'unknown\ ')}")
364- print(f"Token expiration: {claims.get(\ 'exp\ ', \ 'unknown\ ')}")
365- print(f"Repository: {claims.get(\ 'repository\ ', \ 'unknown\ ')}")
366- print(f"Workflow ref: {claims.get(\ 'workflow_ref\ ', \ 'unknown\ ')}")
367- print(f"Event name: {claims.get(\ 'event_name\ ', \ 'unknown\ ')}")
361+ print(f"Token issuer: {claims.get('iss')}")
362+ print(f"Token subject: {claims.get('sub')}")
363+ print(f"Token audience: {claims.get('aud')}")
364+ print(f"Token expiration: {claims.get('exp', 'unknown')}")
365+ print(f"Repository: {claims.get('repository', 'unknown')}")
366+ print(f"Workflow ref: {claims.get('workflow_ref', 'unknown')}")
367+ print(f"Event name: {claims.get('event_name', 'unknown')}")
368368 print("===============================\n")
369369
370370 # Try token exchange with several possible audience values
@@ -443,7 +443,7 @@ jobs:
443443 env :
444444 DATABRICKS_HOST_FOR_TF : ${{ github.event_name == 'workflow_dispatch' && inputs.databricks_host || secrets.DATABRICKS_HOST_FOR_TF }}
445445 DATABRICKS_HTTP_PATH_FOR_TF : ${{ github.event_name == 'workflow_dispatch' && inputs.databricks_http_path || secrets.DATABRICKS_HTTP_PATH_FOR_TF }}
446- IDENTITY_FEDERATION_CLIENT_ID_FOR_TF : ${{ github.event_name == 'workflow_dispatch' && inputs.identity_federation_client_id || secrets.IDENTITY_FEDERATION_CLIENT_ID_FOR_TF }}
446+ IDENTITY_FEDERATION_CLIENT_ID : ${{ github.event_name == 'workflow_dispatch' && inputs.identity_federation_client_id || secrets.IDENTITY_FEDERATION_CLIENT_ID }}
447447 OIDC_TOKEN : ${{ steps.get-id-token.outputs.token }}
448448 run : |
449449 python test_github_token_federation.py
0 commit comments