From b89bb89c36746f5dead86b82490ace173adda354 Mon Sep 17 00:00:00 2001
From: Daniel Morris <daniel@honestempire.com>
Date: Wed, 28 Jun 2023 12:42:08 +0100
Subject: [PATCH 1/4] fix: Reduce the allowed additional_thumbprints (#31)

---
 examples/complete/variables.tf | 4 ++--
 variables.tf                   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 219a9c1..96c8fd1 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -4,8 +4,8 @@ variable "additional_thumbprints" {
   type        = list(string)
 
   validation {
-    condition     = var.additional_thumbprints == null ? true : length(var.additional_thumbprints) <= 4
-    error_message = "Only 4 additional thumbprints can be set, for a maximum of 5 in the OIDC provider."
+    condition     = var.additional_thumbprints == null ? true : length(var.additional_thumbprints) <= 3
+    error_message = "Only 3 additional thumbprints can be set, for a maximum of 5 in the OIDC provider."
   }
 }
 
diff --git a/variables.tf b/variables.tf
index ffca52c..bba0891 100644
--- a/variables.tf
+++ b/variables.tf
@@ -18,8 +18,8 @@ variable "additional_thumbprints" {
   type        = list(string)
 
   validation {
-    condition     = var.additional_thumbprints == null ? true : length(var.additional_thumbprints) <= 4
-    error_message = "Only 4 additional thumbprints can be set, for a maximum of 5 in the OIDC provider."
+    condition     = var.additional_thumbprints == null ? true : length(var.additional_thumbprints) <= 3
+    error_message = "Only 3 additional thumbprints can be set, for a maximum of 5 in the OIDC provider."
   }
 }
 

From 52b5db32e07413af065bca8dfea27ba72977d2ce Mon Sep 17 00:00:00 2001
From: Daniel Morris <daniel@honestempire.com>
Date: Wed, 28 Jun 2023 12:46:21 +0100
Subject: [PATCH 2/4] chore: Add Terraform 1.5 to the verify matrix

---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 3ea4730..d4e824f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -37,7 +37,7 @@ jobs:
       run: terraform validate
     strategy:
       matrix:
-        terraform_version: [ "1.0", "1.1", "1.2", "1.3", "1.4" ]
+        terraform_version: [ "1.0", "1.1", "1.2", "1.3", "1.4", "1.5" ]
 
   caller-identity:
     if: ${{ github.event_name == 'push' }}

From 35f725d4448b6838afd5b9e95ca793f7d4988665 Mon Sep 17 00:00:00 2001
From: Witold Duranek <contact@witalis.net>
Date: Wed, 28 Jun 2023 14:03:24 +0200
Subject: [PATCH 3/4] fix: Prevent duplicate GitHub thumbprints (#32)

---
 main.tf | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index 193cfbd..e6974e2 100644
--- a/main.tf
+++ b/main.tf
@@ -71,8 +71,10 @@ resource "aws_iam_openid_connect_provider" "github" {
 
   tags = var.tags
   url  = "https://token.actions.githubusercontent.com%{if var.enterprise_slug != ""}/${var.enterprise_slug}%{endif}"
-  thumbprint_list = var.additional_thumbprints != null ? concat(
-    [data.tls_certificate.github.certificates[0].sha1_fingerprint],
-    [for thumbprint in var.additional_thumbprints : thumbprint]
+  thumbprint_list = var.additional_thumbprints != null ? distinct(
+    concat(
+      [data.tls_certificate.github.certificates[0].sha1_fingerprint],
+      [for thumbprint in var.additional_thumbprints : thumbprint]
+    )
   ) : [data.tls_certificate.github.certificates[0].sha1_fingerprint]
 }

From f3abd4e29c7ddf78594469e45451fad46250c50a Mon Sep 17 00:00:00 2001
From: Daniel Morris <daniel@honestempire.com>
Date: Wed, 28 Jun 2023 21:40:29 +0100
Subject: [PATCH 4/4] chore: Add changelog entry for 1.5.1

---
 CHANGELOG.md | 6 ++++++
 README.md    | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8f3215f..d22213d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,11 @@
 Notable changes to this project are documented in this changelog.  
 This project adheres to the [semantic versioning] specification.
 
+## [1.5.1] – 2023-06-28
+
+- Prevent duplication of thumbprints ([35f725d](https://github.com/unfunco/terraform-aws-oidc-github/commit/35f725d4448b6838afd5b9e95ca793f7d4988665))
+- Reduce the number of allowed additional thumbprints ([b89bb89](https://github.com/unfunco/terraform-aws-oidc-github/commit/b89bb89c36746f5dead86b82490ace173adda354))
+
 ## [1.5.0] – 2023-06-04
 
 - Add support for organisations using GitHub Enterprise Cloud ([c1d6cc13](https://github.com/unfunco/terraform-aws-oidc-github/commit/c1d6cc13cfd7668784dec11e96f23061b346eae0))
@@ -116,4 +121,5 @@ This project adheres to the [semantic versioning] specification.
 [1.3.1]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.3.0...v1.3.1
 [1.4.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.3.1...v1.4.0
 [1.5.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.4.0...v1.5.0
+[1.5.1]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.5.0...v1.5.1
 [semantic versioning]: https://semver.org
diff --git a/README.md b/README.md
index b23f8fb..9a422d6 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ provider "aws" {
 
 module "oidc_github" {
   source  = "unfunco/oidc-github/aws"
-  version = "1.5.0"
+  version = "1.5.1"
 
   github_repositories = [
     "org/repo",