https://pulumi.com logo
#general
Title
# general
s

stale-van-70015

07/25/2023, 6:09 PM
Hello, I've been trying to get OIDC working between my GitLab instance and Azure without success. It looks like Pulumi is stuck thinking I'm trying to call a GitHub endpoint? I've put in all the variables required by Pulumi (see screenshot). The only value I'm uncertain of is what I've set for `ARM_OIDC_REQUEST_URL`: https://login.microsoftonline.com/edb7fc97-4792-0000-a129-0000000/oauth2/v2.0/token. Log errors begin:
Copy code
* building client: unable to obtain access token: githubAssertion: cannot unmarshal response: invalid character '<' looking for beginning of value
error: rpc error: code = Unknown desc = invocation of azure-native:authorization:getClientConfig returned an error: error reading from server: read tcp 127.0.0.1:52560->127.0.0.1:34229: use of closed network connection
and so on.
The Azure Native OIDC docs page doesn't appear to be right here.
ARM_OIDC_REQUEST_TOKEN
is a GitHub Actions specific variable. For other CI systems, users need to use
ARM_OIDC_TOKEN
. See also this GitHub issue and and Pulumi's own docs page for AzAPI. If I remove the GitHub Actions specific variables,
ARM_OIDC_REQUEST_TOKEN
and
ARM_OIDC_REQUEST_URL
, then set
ARM_OIDC_TOKEN
I still run into errors:
Copy code
error: rpc error: code = Unknown desc = invocation of azure-native:authorization:getClientConfig returned an error: OIDC authentication was requested via useOidc/ARM_USE_OIDC but no token and/or
                        request URL were configured.
Please let me know if I should submit this as a bug or if I'm overlooking something 😸
I created a GitHub Issue here.
3 Views