-
Notifications
You must be signed in to change notification settings - Fork 10
Description
What happened?
We use app_auth
as method to authenticate against our GHE and since we've upgraded to v5.8.0 this produces an authentication error. For example:
Exception: invoke of github:index/getRepository:getRepository failed: invocation of github:index/getRepository:getRepository returned an error: invoking github:index/getRepository:getRepository: GET https://<ghe-instance>/api/v3/repos/<owner>/<repo>: 401 Must authenticate to access this API. []
It seems to affect resources and functions alike.
When downgrading to the previous version (v5.7.0) it works.
Expected Behavior
The expected behavior is that with a github provider using app_auth
it should be possible to access the GH(E) API.
Steps to reproduce
I have coded a sample app to reproduce: https://github.com/ederst/pulumi-in-a-pickle/tree/github-provider-app-auth
Note that this also includes a Terraform version of the Pulumi app, using the terraform-github provider this provider is based on. However, using app auth with the Terraform provider still works - tested v5.20.0 (used in v5.7.0), v5.23.0 (used in v5.8.0), and v5.25.0.
Additional context
What I also noticed is that, setting the pem_file
to any invalid value - a path, or a random string - does not produce the error: no decodeable PEM data found
error as described in #348.
I also glanced at the "changelog" (v5.7.0...v5.8.0 ) but have not found anything so far.
Edit: What also works is setting the environment variables and just initializing the app auth args with empty values:
export GITHUB_APP_ID=
export GITHUB_APP_INSTALLATION_ID=
export GITHUB_APP_PEM_FILE=
app_auth=github.ProviderAppAuthArgs(
id="",
installation_id="",
pem_file="",
),
So by the looks of it the app auth is not set correctly by the pulumi provider.
Output of pulumi about
CLI
Version 3.66.0
Go Version go1.20.4
Go Compiler gc
Plugins
NAME VERSION
github 5.8.0
python unknown
Host
OS darwin
Version 13.3.1
Arch arm64
This project is written in python: executable='/Playground/pulumi-stuff/test-github-provider/.venv/bin/python3' version='3.11.3
'
Current Stack: test-github-provider/dev
TYPE URN
pulumi:pulumi:Stack urn:pulumi:dev::test-github-provider::pulumi:pulumi:Stack::test-github-provider-dev
pulumi:providers:pulumi urn:pulumi:dev::test-github-provider::pulumi:providers:pulumi::default
pulumi:pulumi:StackReference urn:pulumi:dev::test-github-provider::pulumi:pulumi:StackReference::common-config-stack
pulumi:providers:github urn:pulumi:dev::test-github-provider::pulumi:providers:github::github-provider
Found no pending operations associated with dev
Backend
<redacted>
Dependencies:
NAME VERSION
pip 23.0.1
pulumi-github 5.8.0
setuptools 67.4.0
test-github-provider 0.1.0
wheel 0.38.4
Pulumi locates its logs in /var/folders/5b/dd8bgp9178s13b8bm4g7vhs40000gn/T/ by default
Contributing
No response