adventurous-butcher-54166
01/30/2024, 12:31 PMaz cli
• Tried setting useMsi
and useOidc
explicitly to false
• Tried esc open <env_name>
◦ It gives me a fresh valid OIDC token but it doesn't seem to use it
• Tried pulumi env run <env_name> -- pulumi refresh --yes
It's like the OIDC token is cached from the previous deployment.
Any ideas on what's going on?adventurous-butcher-54166
01/30/2024, 12:33 PM"error":"invalid_client",
"error_description":"AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-01-30T12:07:15.3716609Z, assertion valid from 2024-01-29T16:05:23.0000000Z, expiry time of assertion 2024-01-29T17:05:23.0000000Z."
red-match-15116
01/30/2024, 9:44 PMadventurous-butcher-54166
01/30/2024, 10:29 PMred-match-15116
01/30/2024, 10:47 PMadventurous-butcher-54166
01/30/2024, 10:50 PMred-match-15116
01/30/2024, 10:53 PMadventurous-butcher-54166
01/31/2024, 9:06 AMred-match-15116
01/31/2024, 4:58 PMMight be a good idea to mention this in the documentation.That's fair feedback and something we should do!
Ended up having to delete the stack.I'm surprised to hear that! Why did you have to delete the stack? You couldn't get the stack to use any other fresh credentials otherwise? Can you tell me what all you tried? If deleting the stack is in fact the only way to get out of this situation then that's something we need to fix.
adventurous-butcher-54166
01/31/2024, 5:06 PM"pulumniConfig": {
"azure-native": {
"location": "northeurope",
"tenantId": "${azure.login.tenantId}",
"subscriptionId": "${azure.login.subscriptionId}",
"useOidc": True,
"oidcToken": "${azure.login.oidc.token}
}
]
Unable to make any deployments despite:
• Removing the environment
parameter from my stack config where the config above was used
• Explicitly setting useOidc
to false
• az logout
& az login
• Removed refresh: always
• Tried esc open
and pulumi env open
to see if that would refresh the token
Everything I tried it was as if the old oidcToken
was just cached since previous deployment and the deployment would timeout after 5 minutes with the auth error above saying I was using an expired token.red-match-15116
01/31/2024, 5:39 PM