-
Notifications
You must be signed in to change notification settings - Fork 878
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update AWS OIDC examples #1657
Update AWS OIDC examples #1657
Conversation
…ertificate So no need to use openssl
🍹 The Update for pulumi/k8s-ci-cluster/ef471e8adfbd075898d74b622cd33621df8006a9-1805 was successful. Resource Changes Name Type Operation
+ primary-node-pool gcp:container/nodePool:NodePool create
+ gke pulumi:providers:kubernetes create
+ k8s-ci-cluster-ef471e8adfbd075898d74b622cd33621df8006a9-1805 pulumi:pulumi:Stack create
+ multicloud pulumi-kubernetes:ci:GkeCluster create
+ password random:index/randomPassword:RandomPassword create
+ ephemeral-ci-cluster gcp:container/cluster:Cluster create
|
🍹 The Update for pulumi/k8s-ci-cluster/6e2f671de426c140920a00a013660f8d3d56b483-1806 was successful. Resource Changes Name Type Operation
+ k8s-ci-cluster-6e2f671de426c140920a00a013660f8d3d56b483-1806 pulumi:pulumi:Stack create
+ multicloud pulumi-kubernetes:ci:GkeCluster create
+ password random:index/randomPassword:RandomPassword create
+ ephemeral-ci-cluster gcp:container/cluster:Cluster create
+ primary-node-pool gcp:container/nodePool:NodePool create
+ gke pulumi:providers:kubernetes create
|
🍹 The Destroy for pulumi/k8s-ci-cluster/ef471e8adfbd075898d74b622cd33621df8006a9-1805 was successful. Resource Changes Name Type Operation
- k8s-ci-cluster-ef471e8adfbd075898d74b622cd33621df8006a9-1805 pulumi:pulumi:Stack delete
- gke pulumi:providers:kubernetes delete
- primary-node-pool gcp:container/nodePool:NodePool delete
- ephemeral-ci-cluster gcp:container/cluster:Cluster delete
- multicloud pulumi-kubernetes:ci:GkeCluster delete
- password random:index/randomPassword:RandomPassword delete
|
🍹 The Destroy for pulumi/k8s-ci-cluster/6e2f671de426c140920a00a013660f8d3d56b483-1806 was successful. Resource Changes Name Type Operation
- gke pulumi:providers:kubernetes delete
- primary-node-pool gcp:container/nodePool:NodePool delete
- ephemeral-ci-cluster gcp:container/cluster:Cluster delete
- multicloud pulumi-kubernetes:ci:GkeCluster delete
- password random:index/randomPassword:RandomPassword delete
- k8s-ci-cluster-6e2f671de426c140920a00a013660f8d3d56b483-1806 pulumi:pulumi:Stack delete
|
|
||
# Create an OIDC identity provider | ||
print("Creating OIDC provider...") | ||
oidc_provider = iam.OpenIdConnectProvider("oidcProvider", | ||
client_id_lists=[audience], | ||
thumbprint_lists=[thumbprint], | ||
thumbprint_lists=[certificate.certificates[0].sha1_fingerprint], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Root CA only
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you run this:
import * as tls from "@pulumi/tls";
export = async () => {
const certs = tls.getCertificateOutput({
url: "https://api.pulumi.com/oidc"
});
return {
thumbprint: certs.certificates[0].sha1Fingerprint
}
}
the thumbprint is the same as what's in IAM > Identity Providers > api.pulumi.com/oidc
and look at the thumbprint value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
9e99a48a9960b14926bb7f3b02e22da2b0ab7280
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Now using the tls provider to get the thumbprints required for the oidcprovider