Bug: sam pipeline bootstrap --oidc-provider gitlab with a custom gitlab url creates an identity provider with excessive `/` suffix

[hakandilek]

Description:

I am calling the sam pipeline bootstrap with Gitlab as the OIDC provider with an own Gitlab instance hosted on e.g. https://own-gitlab.com. This creates an identity provider with the name own-gitlab.com/ (mind the trailing slash) and the audience https://own-gitlab.com which fails to assume role later.

Steps to reproduce:

Run the CLI command

sam pipeline bootstrap --no-interactive --no-create-image-repository --no-confirm-changeset \
  --stage dev --region eu-central-1 \
  --permissions-provider oidc --oidc-provider gitlab \
  --oidc-provider-url https://own-gitlab.com \
  --oidc-client-id https://own-gitlab.com \
  --gitlab-group bar --gitlab-project foo

Observed result:

Creates the Identity provider own-gitlab.com/ (trailing slash) with audience https://own-gitlab.com.

This leads to an error for assume-role command later:

An error occurred (InvalidIdentityToken) when calling the AssumeRoleWithWebIdentity operation: No OpenIDConnect provider found in your account for https://own-gitlab.com/

Expected result:

Identity provider own-gitlab.com ( WITHOUT the trailing slash) with audience https://own-gitlab.com should be created.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

{
  "version": "1.122.0",
  "system": {
    "python": "3.12.5",
    "os": "macOS-14.6.1-arm64-arm-64bit"
  },
  "additional_dependencies": {
    "docker_engine": "25.0.5",
    "aws_cdk": "Not available",
    "terraform": "1.9.4"
  },
  "available_beta_feature_env_vars": [
    "SAM_CLI_BETA_FEATURES",
    "SAM_CLI_BETA_BUILD_PERFORMANCE",
    "SAM_CLI_BETA_TERRAFORM_SUPPORT",
    "SAM_CLI_BETA_RUST_CARGO_LAMBDA"
  ]
}

Add --debug flag to command you are running