Update AWS OIDC examples

[pierskarsenbarg]

Now using the tls provider to get the thumbprints required for the oidcprovider

[pulumi-staging]

🍹 The Update for pulumi/k8s-ci-cluster/ef471e8adfbd075898d74b622cd33621df8006a9-1805 was successful.

Resource Changes

    Name                                                          Type                                        Operation
+   primary-node-pool                                             gcp:container/nodePool:NodePool             create
+   gke                                                           pulumi:providers:kubernetes                 create
+   k8s-ci-cluster-ef471e8adfbd075898d74b622cd33621df8006a9-1805  pulumi:pulumi:Stack                         create
+   multicloud                                                    pulumi-kubernetes:ci:GkeCluster             create
+   password                                                      random:index/randomPassword:RandomPassword  create
+   ephemeral-ci-cluster                                          gcp:container/cluster:Cluster               create

[pulumi-staging]

🍹 The Update for pulumi/k8s-ci-cluster/6e2f671de426c140920a00a013660f8d3d56b483-1806 was successful.

Resource Changes

    Name                                                          Type                                        Operation
+   k8s-ci-cluster-6e2f671de426c140920a00a013660f8d3d56b483-1806  pulumi:pulumi:Stack                         create
+   multicloud                                                    pulumi-kubernetes:ci:GkeCluster             create
+   password                                                      random:index/randomPassword:RandomPassword  create
+   ephemeral-ci-cluster                                          gcp:container/cluster:Cluster               create
+   primary-node-pool                                             gcp:container/nodePool:NodePool             create
+   gke                                                           pulumi:providers:kubernetes                 create

[pulumi-staging]

🍹 The Destroy for pulumi/k8s-ci-cluster/ef471e8adfbd075898d74b622cd33621df8006a9-1805 was successful.

Resource Changes

    Name                                                          Type                                        Operation
-   k8s-ci-cluster-ef471e8adfbd075898d74b622cd33621df8006a9-1805  pulumi:pulumi:Stack                         delete
-   gke                                                           pulumi:providers:kubernetes                 delete
-   primary-node-pool                                             gcp:container/nodePool:NodePool             delete
-   ephemeral-ci-cluster                                          gcp:container/cluster:Cluster               delete
-   multicloud                                                    pulumi-kubernetes:ci:GkeCluster             delete
-   password                                                      random:index/randomPassword:RandomPassword  delete

[pulumi-staging]

🍹 The Destroy for pulumi/k8s-ci-cluster/6e2f671de426c140920a00a013660f8d3d56b483-1806 was successful.

Resource Changes

    Name                                                          Type                                        Operation
-   gke                                                           pulumi:providers:kubernetes                 delete
-   primary-node-pool                                             gcp:container/nodePool:NodePool             delete
-   ephemeral-ci-cluster                                          gcp:container/cluster:Cluster               delete
-   multicloud                                                    pulumi-kubernetes:ci:GkeCluster             delete
-   password                                                      random:index/randomPassword:RandomPassword  delete
-   k8s-ci-cluster-6e2f671de426c140920a00a013660f8d3d56b483-1806  pulumi:pulumi:Stack                         delete

[desteves]

Root CA only

[pierskarsenbarg]

If you run this:

import * as tls from "@pulumi/tls";

export = async () => {
    const certs = tls.getCertificateOutput({
        url: "https://api.pulumi.com/oidc"
    });

    return {
        thumbprint: certs.certificates[0].sha1Fingerprint
    }
}

the thumbprint is the same as what's in IAM > Identity Providers > api.pulumi.com/oidc

and look at the thumbprint value.

[desteves]

9e99a48a9960b14926bb7f3b02e22da2b0ab7280

[desteves]

LGTM