okay i finally figured it out the `Project ID` field must ha

Question

okay i finally figured it out the `Project ID` field must have the numeric project ID The Workload Pool ID and Identity provider ID fields must each have just the short ID not the fully qualified ` lt iam googleapis com gt ` or even ` projects lt project number gt ` that s definitely what <https pulumi community slack com archives C048NVDH6DV p1690173567200419 thread ts=1690170041 730299 amp cid=C048NVDH6DV|this comment> says i just didn t follow it some help text on this would be super helpful

lemon-agent-27707 · Answer

Glad you were able to get it working If you have ideas for how we could improve our contributions are welcome

damp-magazine-59707 · Answer

sure off the top of my head 1 Clarify the format of the IDs in step 6 Enter the workload pool ID identity provider ID and service account email address in the Workload Pool ID Identity Provider ID and Service Account Email Address fields 2 perhaps bold numerical in step 5 just for those of us who can t read slightly smiling face 3 this sentence is largely useless Recall the when adding attribute conditions that check the value of the `google subject` attribute IOW figure it out bro getting claims right is touchy and important especially when you re probably dealing with full cloud admin there should at least be some examples not just a pointer to the reference docs 4 the fact that the instructions are all point and click console instructions to set up an IaC system is a little silly these are useful and should exist but a set of pulumi scripts even just sample scripts that require customization would be far far more useful for instance even once i d figured out which workload provider ID to use figuring out which ID and or name attribute of the object to use in Pulumi was another trial and error process in part this is GCP s fault for having so many different identifiers but the docs could make it easier having an example to start from for plumbing together the various OIDC bits with Deployment Settings would have saved me a bunch of time and frustration 5 literally every code snippet at appears to be copy pasted from the same unrelated source none of them are even vaguely related to the documentation some are just ` ` and they re a mix of at least three or four different languages 6 the docs should actually exist unlike for instance this took me a few days to get right so there are probably other things but these are the bits that stand out in my memory