Closed sherwoodzern closed 4 weeks ago
I executed additional tests and with some logging information. I still get the same error, but I have a bit more information.
{"name":"workloadIdentity","hostname":"workloadauth-54d8796969-dz785","pid":1,"level":20,"msg":"The OciEnabledServiceSet is empty, all OCI services are enabled","time":"2024-07-05T21:46:46.590Z","v":0}
{"name":"workloadIdentity","hostname":"workloadauth-54d8796969-dz785","pid":1,"level":20,"msg":"Calling operation IdentityClient#listRegions.","time":"2024-07-05T21:46:46.591Z","v":0}
{"name":"workloadIdentity","hostname":"workloadauth-54d8796969-dz785","pid":1,"level":20,"msg":"Retry policy to use: MaximumNumberAttempts=7, MaxSleepBetween=30, ExponentialBackoffBase=2","time":"2024-07-05T21:46:46.593Z","v":0}
Request failed with Exception : [object Object]
Retrying request -> Total Attempts : 1, Retrying after 1.913 seconds...
/app/node_modules/oci-common/lib/auth/X509-federation-client-for-oke-workload-identity.js:169
throw Error(Failed to call Proxymux, error: ${e}. ${OKE_WORKLOAD_IDENTITY_GENERIC_ERROR}
);
^
Error: Failed to call Proxymux, error: TypeError: fetch failed. Failed to get a RPST token from Proxymux. See https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm for more info.
at X509FederationClientForOkeWorkloadIdentity.
Node.js v20.12.2
the proxymux endpoint is: federationClient: X509FederationClientForOkeWorkloadIdentity { proxymuxEndpoint: 'https://10.96.0.1:12250/resourcePrincipalSessionTokens',
@sherwoodzern Did you fixed this issue? I'm getting the same error.
@T-iny
I did fix the issue. 2 items to correct the issue.
Above these 2 items also add a line of code if you don't have it: identityClient.region = common.Region.fromRegionId('
The client could be database.client, etc.
If you are attempting to run the example as provided it will not work. As an example I had to modify the creation of the authentication provider to the following:
const authProvider = await new common.OkeWorkloadIdentityAuthenticationDetailsProvider.OkeWorkloadIdentityAuthenticationDetailsProviderBuilder().build();
I hope this helps.
@sherwoodzern Thank you so much!!!!! You saved my life! You're so kind!
Attempting to use the SDK sample code but it fails because it is unable to retrieve the RPST token.
/**
/**
var identity = require("oci-identity"); var common = require("oci-common");
(async () => { const authProvider = await common.OkeWorkloadIdentityAuthenticationDetailsProvider.builder(); const compartmentId = await authProvider.getStringClaim("res_tenant");
const identityClient = new identity.IdentityClient({ authenticationDetailsProvider: authProvider });
identityClient.close(); })();
/app/node_modules/oci-common/lib/auth/X509-federation-client-for-oke-workload-identity.js:169 throw Error(
Failed to call Proxymux, error: ${e}. ${OKE_WORKLOAD_IDENTITY_GENERIC_ERROR}
); ^Error: Failed to call Proxymux, error: TypeError: fetch failed. Failed to get a RPST token from Proxymux. See https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm for more info. at X509FederationClientForOkeWorkloadIdentity. (/app/node_modules/oci-common/lib/auth/X509-federation-client-for-oke-workload-identity.js:169:23)
at Generator.throw ()
at rejected (/app/node_modules/oci-common/lib/auth/X509-federation-client-for-oke-workload-identity.js:10:65)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Node.js v20.15.0