acoustic-dress-83560
01/04/2023, 11:31 AMconfig-map
option in the Pulumi GitHub action?
I'm having trouble injecting secrets into it to create a new stack to access Azure with a clientId
, clientSecret
in the config.
In my action I have a YAML string similar to the following (I've shortened it a lot here):
config-map: "{azure-native:location: {value: westeurope, secret: false}, azure-native:clientSecret: {value: ${{ secrets.AZURE_DETAILS.clientSecret }}, secret: true}, azure-native:tenantId: {value: my-guid, secret: false}}"
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
ARM_CLIENT_ID: ${{ secrets.AZURE_DETAILS.clientId }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_DETAILS.clientSecret }}
ARM_TENANT_ID: ${{ secrets.AZURE_DETAILS.tenantId }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_DETAILS.subscriptionId }}
But I receive an error when the Pulumi step runs, suggesting I've used the wrong `clientSecret`:
azure-native:resources:ResourceGroup rg-myrg- creating (0s) error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to <https://management.azure.com/subscriptions/my-subscription-id-guid/resourcegroups/rg-rg-myrg-a8fcf880?api-version=2019-05-01>: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: ***"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'my-app-guid'.\r\nTrace ID: 8d13de75-afd6-492a-8c0a-aea6ed140801\r\nCorrelation ID: b8fd878d-cbc3-46cf-a1ac-24607590db62\r\nTimestamp: 2023-01-04 11:22:21Z","error_codes":[7000215],"timestamp":"2023-01-04 11:22:21Z","trace_id":"8d13de75-afd6-492a-8c0a-aea6ed140801","correlation_id":"b8fd878d-cbc3-46cf-a1ac-24607590db62","error_uri":"<https://login.microsoftonline.com/error?code=7000215>"*** Endpoint <https://login.microsoftonline.com/my-tenant-id-guid/oauth2/token?api-version=1.0>
If I run the action without config-map
and just target an existing stack, I can update and destroy the stack just fine. The credentials I'm using are the same in the config and in the env
, they are from the same GitHub secret.
It seems that GitHub secrets are not injected properly into the config-map
YAML string, using the syntax I am. Though, no syntax is shown in the description and I can't find any examples.modern-school-54566
01/04/2023, 11:48 AMwhite-architect-1595
01/04/2023, 3:11 PMvar standardLogicApp = new Pulumi.AzureNative.Web.WebApp($"Instanda-{sn}-logic-", new()
{
Kind = "functionapp,workflowapp",
ResourceGroupName = resourceGroup.Name,
Location = resourceGroup.Location,
ServerFarmId = appServicePlace.Id,
SiteConfig = new SiteConfigArgs
{
AppSettings = new[]{
new NameValuePairArgs
{
Name = "FUNCTIONS_EXTENSION_VERSION",
Value = "~4"
},
new NameValuePairArgs
{
Name = "FUNCTIONS_WORKER_RUNTIME",
Value = "node"
},
new NameValuePairArgs
{
Name = "WEBSITE_NODE_DEFAULT_VERSION",
Value = "~14"
},
new NameValuePairArgs
{
Name = "WEBSITE_CONTENTSHARE",
Value = Output.Format($"{workflowfolder}")
},
new NameValuePairArgs
{
Name = "AzureWebJobsStorage",
Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={primaryStorageKey};EndpointSuffix=<http://core.windows.net|core.windows.net>"),
},
new NameValuePairArgs
{
Name = "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={primaryStorageKey};EndpointSuffix=<http://core.windows.net|core.windows.net>"),
},
new NameValuePairArgs
{
Name = "AzureFunctionsJobHost__extensionBundle__id",
Value = "Microsoft.Azure.Functions.ExtensionBundle.Workflows",
},
new NameValuePairArgs
{
Name = "AzureFunctionsJobHost__extensionBundle__version",
Value = "[1.*, 2.0.0)",
},
new NameValuePairArgs
{
Name = "APP_KIND",
Value = "workflowapp",
},
},
},
delightful-terabyte-60652
01/04/2023, 3:39 PMnice-butcher-64302
01/04/2023, 4:18 PMtls.PrivateKey
custom resource. The reason why I'm asking this is because we potentially need to generate a new set of keys to sign JSON web tokens on a regular basis for security purposes. I was thinking something along the lines of what the random
package provides. Do you think it's possible somehow? Thanks in advancesparse-soccer-23105
01/04/2023, 7:08 PMerror: Preview failed: unrecognized resource type (Read):
ie: error: Preview failed: unrecognized resource type (Read): aws:rds/dbclustersnapshot:DBClusterSnapshot
From my understanding, the token
is wrong, how and/or where can I get a list of those ?sparse-nail-47035
01/04/2023, 8:01 PMsparse-nail-47035
01/04/2023, 8:02 PMval k8sCluster = new ManagedCluster(...)
I do not see any function in the ManagedCluster class that I can use to export the KubeConfig object. Is there any mechanism in the API that can be used to build a KubeConfig from a clsuer instance?plain-belgium-35196
01/04/2023, 10:55 PMsparse-nail-47035
01/05/2023, 4:39 AMsparse-nail-47035
01/05/2023, 4:39 AMsteep-raincoat-47738
01/05/2023, 7:40 AMsteep-raincoat-47738
01/05/2023, 7:44 AMacoustic-dress-83560
01/05/2023, 8:40 AMremove
option from the Pulumi GitHub action?
When my action runs, it shows a warning that remove
isn't recognised, continues and does not delete the stack from Pulumi after successfully destroying the resources:
Warning: Unexpected input(s) 'remove', valid inputs are ['command', 'stack-name', 'work-dir', 'comment-on-pr', 'comment-on-pr-number', 'github-token', 'cloud-url', 'secrets-provider', 'parallel', 'message', 'config-map', 'expect-no-changes', 'diff', 'replace', 'target', 'target-dependents', 'policyPacks', 'policyPackConfigs', 'refresh', 'upsert', 'edit-pr-comment', 'pulumi-version', 'color']
...
Resources:
- 35 deleted
Duration: 4m7s
The resources in the stack have been deleted, but the history and configuration associated with the stack are still maintained.
If you want to remove the stack completely, run `pulumi stack rm company/infra`.
I'm using @v3
on the action and I can see the remove
option in the docs:
- uses: pulumi/actions@v3
with:
command: destroy
stack-name: company/${{ inputs.environment_name }}
work-dir: ${{ env.working_directory }}
upsert: false
remove: true
clever-painter-96148
01/05/2023, 10:37 AMtf2pulumi
still supported? Apparently I cannot use it because https://github.com/pulumi/pulumi-local doesn't exist.
$ ~/dev/oss/tf2pulumi/tf2pulumi
error: no resource plugin 'pulumi-resource-local' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource local`
$ pulumi plugin install resource local
error: 404 HTTP error fetching plugin from <https://api.github.com/repos/pulumi/pulumi-local/releases/latest>. If this is a private GitHub repository, try providing a token via the GITHUB_TOKEN environment variable. See: <https://github.com/settings/tokens>
sparse-nail-47035
01/05/2023, 2:08 PMsparse-nail-47035
01/05/2023, 2:10 PMwhite-architect-1595
01/05/2023, 4:26 PMvar clientConfig = Output.Create(GetClientConfig.InvokeAsync());
var tenantID = clientConfig.Apply(x => //tenant ID: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
{
var data = x.TenantId;
return Output.Create(data);
});
Then in my keyvault definition I say TenantId = tenantID
When I run pulumi up I get the following error
error: Running program 'C:\Users\xxxx\Source\Repos\xxxxx\bin\Debug\netx.0\xxxx.dll' failed with an unhandled exception:
Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:authorization:getClientConfig returned an error: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Continuous access evaluation resulted in claims challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied")
at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request)
at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2
at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult)
at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<Create>g__GetData|0(?)+GetData(?)
at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)
sparse-nail-47035
01/05/2023, 8:53 PMicy-doctor-13719
01/06/2023, 4:43 AMpulumi up
throwing an error … started about 20m ago … any ideas?
error: an unhandled error occurred: Program exited with non-zero exit code: 137
thankful-judge-75045
01/06/2023, 8:01 AMfuture-refrigerator-88869
01/06/2023, 9:34 AMdry-keyboard-94795
01/06/2023, 9:45 AM{ providers: [clusterProvider] }
Certmanager looks to be a Provider that wraps the kubernetes provider, which would explain why you can't pass in the kubernetes provider directlyrhythmic-sunset-53997
01/06/2023, 10:45 AMvirtualenv
option?
My aim is for the project config to be
• usable by anyone (so there cannot be an absolute path like /Users/myname/foo
), and
• the same virtualenv
to be used by multiple Pulumi projects (I do not want to install the full 1.5-GB venv for every single project)
The following would work, but sadly ~
does not get expanded to the home directory, so the virtualenv is created under /Users/myname/path/project/~/.pulumi/venv
runtime:
name: python
options:
virtualenv: ~/.pulumi/venv
Another option would be to define this via an environment variable, but I have not found any documentation on how that would be possible.sparse-nail-47035
01/06/2023, 11:33 AMechoing-oil-42947
01/06/2023, 8:41 PMplain-keyboard-29627
01/06/2023, 10:06 PMcreate
and update
methods, but wanted to make sure they were safe (e.g. will be stored encrypted) to return as results. If I passed config.requireSecret('mySecretKey')
as an argument to my provider, is it safe to set outs
like this?
async update(id, olds, news) {
await this.createOrUpdate(olds, news); // internal, implementation doesn't matter
return { outs: news };
}
hallowed-australia-10473
01/07/2023, 7:55 AMelegant-crayon-4967
01/07/2023, 3:51 PMlocalValidityPeriodHours
validityPeriodHours
?abundant-oxygen-75465
01/08/2023, 1:05 PMabundant-oxygen-75465
01/08/2023, 1:05 PMDiagnostics:
kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://middlewares.traefik.containo.us|middlewares.traefik.containo.us>):
warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
error: resource <http://middlewares.traefik.containo.us|middlewares.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://ingressroutes.traefik.containo.us|ingressroutes.traefik.containo.us>):
warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
error: resource <http://ingressroutes.traefik.containo.us|ingressroutes.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://tlsoptions.traefik.containo.us|tlsoptions.traefik.containo.us>):
warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
error: resource <http://tlsoptions.traefik.containo.us|tlsoptions.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
kubernetes:<http://traefik.containo.us/v1alpha1:IngressRoute|traefik.containo.us/v1alpha1:IngressRoute> (traefik-dashboard):
warning: This resource contains Helm hooks that are not currently supported by Pulumi. The resource will be created, but any hooks will not be executed. Hooks support is tracked at <https://github.com/pulumi/pulumi-kubernetes/issues/555> -- This warning can be disabled by setting the PULUMI_K8S_SUPPRESS_HELM_HOOK_WARNINGS environment variable
error: creation of resource default/traefik-dashboard failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "IngressRoute" in version "<http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>"
kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://ingressroutetcps.traefik.containo.us|ingressroutetcps.traefik.containo.us>):
warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
error: resource <http://ingressroutetcps.traefik.containo.us|ingressroutetcps.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
kubernetes:<http://traefik.containo.us/v1alpha1:Middleware|traefik.containo.us/v1alpha1:Middleware> (mlflow-strip-prefix):
error: creation of resource mlflow/mlflow-strip-prefix-33bf2e4f failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "Middleware" in version "<http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>"
kubernetes:<http://traefik.containo.us/v1alpha1:Middleware|traefik.containo.us/v1alpha1:Middleware> (mlflow-trailing-slash):
error: creation of resource mlflow/mlflow-trailing-slash-0d17ce3f failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "Middleware" in version "<http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>"
kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://ingressrouteudps.traefik.containo.us|ingressrouteudps.traefik.containo.us>):
warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
error: resource <http://ingressrouteudps.traefik.containo.us|ingressrouteudps.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://traefikservices.traefik.containo.us|traefikservices.traefik.containo.us>):
warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
error: resource <http://traefikservices.traefik.containo.us|traefikservices.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
pulumi:pulumi:Stack (ml-infra-dev):
error: update failed
error: Error: invocation of kubernetes:helm:template returned an error: error reading from server: read tcp 127.0.0.1:53702->127.0.0.1:53700: use of closed network connection
at Object.callback (/Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@pulumi/runtime/invoke.ts:172:33)
at Object.onReceiveStatus (/Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@grpc/grpc-js/src/client.ts:338:26)
at Object.onReceiveStatus (/Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)
at Object.onReceiveStatus (/Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)
at /Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24
at processTicksAndRejections (node:internal/process/task_queues:77:11)
I0108 12:50:16.966189 2838 request.go:682] Waited for 1.032607959s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/apps/v1?timeout=32s>
I0108 12:50:27.164277 2838 request.go:682] Waited for 4.434218083s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/batch/v1beta1?timeout=32s>
I0108 12:50:37.364251 2838 request.go:682] Waited for 1.036100542s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/rbac.authorization.k8s.io/v1?timeout=32s>
I0108 12:50:47.564198 2838 request.go:682] Waited for 4.433233583s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/storage.k8s.io/v1?timeout=32s>
I0108 12:50:57.764186 2838 request.go:682] Waited for 1.032272375s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/node.k8s.io/v1beta1?timeout=32s>
I0108 12:51:07.964178 2838 request.go:682] Waited for 4.432762875s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/flowcontrol.apiserver.k8s.io/v1beta2?timeout=32s>
I0108 12:51:20.563948 2838 request.go:682] Waited for 1.09841225s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/batch/v1beta1?timeout=32s>
I0108 12:51:34.163858 2838 request.go:682] Waited for 1.102064041s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/rbac.authorization.k8s.io/v1?timeout=32s>
kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://tlsstores.traefik.containo.us|tlsstores.traefik.containo.us>):
warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
error: resource <http://tlsstores.traefik.containo.us|tlsstores.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.
dry-keyboard-94795
01/08/2023, 1:29 PMabundant-oxygen-75465
01/08/2023, 1:41 PMdry-keyboard-94795
01/08/2023, 1:45 PMabundant-oxygen-75465
01/08/2023, 2:12 PMconst cluster = new eks.Cluster('mlplatform-eks', {
createOidcProvider: true,
version: 1.21,
});