sparse-intern-71089
11/03/2023, 8:23 AMgentle-application-59272
11/03/2023, 10:43 AMTF_LOG=TRACE pulumi up --logtostderr --logflow -v=10 2> out.txt
gentle-application-59272
11/03/2023, 10:43 AMgentle-application-59272
11/03/2023, 10:43 AMgreat-sunset-355
11/03/2023, 11:55 AMgreat-sunset-355
11/03/2023, 11:55 AMgreat-sunset-355
11/03/2023, 11:56 AMgentle-application-59272
11/03/2023, 11:57 AMgentle-application-59272
11/03/2023, 11:57 AMgentle-application-59272
11/03/2023, 11:57 AMgentle-application-59272
11/03/2023, 11:58 AMgreat-sunset-355
11/03/2023, 11:58 AMgreat-sunset-355
11/03/2023, 11:59 AMgreat-sunset-355
11/03/2023, 11:59 AMgentle-application-59272
11/03/2023, 12:00 PMgentle-application-59272
11/03/2023, 12:00 PMgreat-sunset-355
11/03/2023, 12:51 PMOIDC
connector for IAM, I have a tls
module to get the cert thumbprints but somehow it wanted to change the thumbprint and failed at that.enough-garden-22763
11/03/2023, 1:50 PMenough-garden-22763
11/03/2023, 1:50 PMgreat-sunset-355
11/04/2023, 3:13 AMstocky-restaurant-98004
11/04/2023, 9:18 PMgreat-sunset-355
11/04/2023, 10:28 PMtls
to get the cert.
Certificates are always an array and 90% of internet examples take the first item of the array.
IMO you should get the same result for <https://gitlab.com/oauth/discovery/keys>
as well as <tls://gitlab.com:443>
(haven't tested this)
Then during the provider / package update (not sure where) pulumi wanted to replace 2nd item in the array but to my surprise, the values were the same, perhaps the order was swapped or who knows what went wrong. In the end that triggered a resource update which led to the panic. But I haven't verified that yet.
this.gitlabUrl = "<https://gitlab.com>"
// maybe use tls url "<tls://gitlab.com:443>" -> `tls://${this.gitlabUrl.host}:443`
const cert = tls.getCertificateOutput({
url: new URL(`/oauth/discovery/keys`, this.gitlabUrl).toString(),
});
const audiences: string[] = [this.gitlabUrl.origin, ...(args.audiences ?? [])];
// this is always like this in the for IAM condition
const cond = "gitlab.com";
const gitlabOidcProvider = new aws.iam.OpenIdConnectProvider(
`gitlab-oidc-provider`,
{
url: this.gitlabUrl.origin,
clientIdLists: audiences,
thumbprintLists: cert.certificates.apply((x) => x.map((o) => o.sha1Fingerprint)),
},
{ deleteBeforeReplace: true, parent }
);
thumbprints
[
"b3dd7606d2b5a8b4a13771dbecc9ee1cecafa38a",
"a88ed77cf52a6b6185a436f2dec4270e9d456721"
]
great-sunset-355
11/05/2023, 9:14 AMstocky-restaurant-98004
11/06/2023, 6:59 PMgreat-sunset-355
11/06/2023, 8:24 PM