https://pulumi.com logo
#pulumi-deployments
Title
# pulumi-deployments
s

square-airplane-92568

07/24/2023, 3:40 AM
Anyone using/used Pulumi deployments with openid connect to GCP? I am having trouble with audience I think. Pulumi doc say use organization name, so I did add that to allowed audiences when creating a workload provider. But its complaining about format of it, Any suggestions on what I might be doing wrong? I tried with just my org name in allowed audience and also with default Just the relevant message from error in deployment logs,
Copy code
.....generateAccessToken": oauth2/google: status code 400: {"error":"invalid_request","error_description":"Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See <https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token> for the list of possible formats."
Just for comparison, I did almost same setup for GitHub actions which works (using google auth action) and only changes between that and pulumi pool/provider are the audience and custom attributes mapping (I get repo owner from github and org from pulumi)
This is user(me) error, I was using project name and full names for provider and pool id. After changing to number and just the short id for both worked like a charm
b

bland-dog-47600

07/25/2023, 8:57 PM
I just had the same problem. You saved me days! 👍
8 Views