From daa12c009141b1fd223aa7fe7568a5ba65f8f56c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Germ=C3=A1n=20Lena?= <v-german@pulumi.com>
Date: Fri, 17 May 2024 17:49:47 -0700
Subject: [PATCH 1/3] Update oidc blogpost to use the new action

---
 .../blog/oidc-trust-relationships/index.md    | 25 +++++--------------
 1 file changed, 6 insertions(+), 19 deletions(-)

diff --git a/content/blog/oidc-trust-relationships/index.md b/content/blog/oidc-trust-relationships/index.md
index 35255f18246d..33aa42edcbd6 100644
--- a/content/blog/oidc-trust-relationships/index.md
+++ b/content/blog/oidc-trust-relationships/index.md
@@ -71,11 +71,11 @@ In this demo, we are going to use Github Actions to retrieve Pulumi credentials
 3. Add a policy to allow OIDC and configure the sub and audience for your organization and repositories. In the demo, we are using:
 
 <!-- markdownlint-disable no-bare-urls -->
-* **Aud**: https://github.com/***organization***
+* **Aud**: urn:pulumi:org:***organization***
 
 * **Sub**: repo:***organization***/***repo***:*
 <!-- markdownlint-enable no-bare-urls -->
-4. Create a GitHub action. Here is a sample code. Make sure to substitute the `aud` claim with your organization's name in the `fetch pulumi token` step.
+4. Create a GitHub action. Here is a sample code. Make sure to substitute the `aud` claim with your organization's name in the `pulumi/auth-actions` parameters.
 
 <!-- markdownlint-disable code-block-style -->
 ```yaml
@@ -102,23 +102,10 @@ jobs:
       - name: Install deps
         run: yarn
 
-      - name: fetch gh token
-        run: |
-          OIDC_GH_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL"  | jq -r '.value')
-          echo "OIDC_GH_TOKEN=$OIDC_GH_TOKEN" >> $GITHUB_ENV
-
-      - name: fetch pulumi token
-        run: |
-          PULUMI_ACCESS_TOKEN=$(curl -X POST  \
-            -H 'Content-Type: application/x-www-form-urlencoded' \
-            -d 'audience=urn:pulumi:org:arun-test' \
-            -d 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
-            -d 'subject_token_type=urn:ietf:params:oauth:token-type:id_token' \
-            -d 'requested_token_type=urn:pulumi:token-type:access_token:organization' \
-            -d 'subject_token=${{ env.OIDC_GH_TOKEN }}' \
-            https://api.pulumi.com/api/oauth/token | jq -r '.access_token')
-          echo "::add-mask::$PULUMI_ACCESS_TOKEN"
-          echo "PULUMI_ACCESS_TOKEN=$PULUMI_ACCESS_TOKEN" >> $GITHUB_ENV
+      - uses: pulumi/auth-actions@v1
+        with:
+          organization: organization
+          requested-token-type: urn:pulumi:token-type:access_token:organization
 
       - name: Login to Pulumi
         run: pulumi login

From 8b66d229f03b0ceaa92585cc4a9f4eb158ae96f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Germ=C3=A1n=20Lena?= <v-german@pulumi.com>
Date: Mon, 20 May 2024 15:38:44 -0700
Subject: [PATCH 2/3] Add link to GKE

---
 content/blog/oidc-trust-relationships/index.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/content/blog/oidc-trust-relationships/index.md b/content/blog/oidc-trust-relationships/index.md
index 33aa42edcbd6..156a964fb6d8 100644
--- a/content/blog/oidc-trust-relationships/index.md
+++ b/content/blog/oidc-trust-relationships/index.md
@@ -124,3 +124,4 @@ jobs:
 
 * [OIDC Trust Relationships overview](/docs/pulumi-cloud/oidc/client/)
 * [Configuring OIDC for Github](/docs/pulumi-cloud/oidc/client/github/)
+* [Configuring OpenID Connect for Google Kubernetes Engine](/docs/pulumi-cloud/oidc/client/kubernetes-gke/)

From c45aa116c1c7ddaf150362581cd0d47998d673b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Germ=C3=A1n=20Lena?= <v-german@pulumi.com>
Date: Mon, 20 May 2024 16:02:15 -0700
Subject: [PATCH 3/3] Update text

---
 content/blog/oidc-trust-relationships/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/blog/oidc-trust-relationships/index.md b/content/blog/oidc-trust-relationships/index.md
index 156a964fb6d8..87eed47b40d6 100644
--- a/content/blog/oidc-trust-relationships/index.md
+++ b/content/blog/oidc-trust-relationships/index.md
@@ -75,7 +75,7 @@ In this demo, we are going to use Github Actions to retrieve Pulumi credentials
 
 * **Sub**: repo:***organization***/***repo***:*
 <!-- markdownlint-enable no-bare-urls -->
-4. Create a GitHub action. Here is a sample code. Make sure to substitute the `aud` claim with your organization's name in the `pulumi/auth-actions` parameters.
+4. Create a GitHub action. Here is a sample code. Make sure to substitute your organization in the `pulumi/auth-actions` organization parameter.
 
 <!-- markdownlint-disable code-block-style -->
 ```yaml