05/27/2022, 7:38 AM
Hi all, trying to diagnose an issue in production with our Pulumi pipeline. It uses and AzureAD Provider (Terraform under the covers?) with a clientid/secret as follows:
var userTenantProvider = new Provider("UserTenantProvider", new ProviderArgs
TenantId = _config.Environment.ActiveDirectory.UserTenantId,
ClientId = _userTenantProviderConfig.ClientId,
ClientSecret = _userTenantProviderConfig.ClientSecret
The secret has been rotated and the new one is passed into the pipeline. However the pipeline still fails with the following message: _building client: unable to obtain access token: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '[secret]'._ The pipeline was working fine before the secret changed, it's as if the old one is cached somewhere. Any ideas?
Hmm it looks as if it's a problem with refresh. By skipping the stack refresh, the pipeline succeeded.