Anyone using/used Pulumi deployments with openid c...
# pulumi-deploymentss
square-airplane-92568
07/24/2023, 3:40 AMAnyone using/used Pulumi deployments with openid connect to GCP? I am having trouble with audience I think. Pulumi doc say use organization name, so I did add that to allowed audiences when creating a workload provider. But its complaining about format of it, Any suggestions on what I might be doing wrong? I tried with just my org name in allowed audience and also with default
Just the relevant message from error in deployment logs,
Copy code
.....generateAccessToken": oauth2/google: status code 400: {"error":"invalid_request","error_description":"Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See <https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token> for the list of possible formats."square-airplane-92568
07/24/2023, 3:42 AMJust for comparison, I did almost same setup for GitHub actions which works (using google auth action) and only changes between that and pulumi pool/provider are the audience and custom attributes mapping (I get repo owner from github and org from pulumi)
square-airplane-92568
07/24/2023, 4:39 AMThis is user(me) error, I was using project name and full names for provider and pool id. After changing to number and just the short id for both worked like a charm
b
bland-dog-47600
07/25/2023, 8:57 PMI just had the same problem. You saved me days! 👍
8 Views