Hi, I try to setup GCP Workload Identity Federatio...
# google-cloud
g
Hi, I try to setup GCP Workload Identity Federation, following the examples to use ESC (trying to create an environment). Unfortunately when I try to save the following snippet it fails with an error. Project ids of GCP are strings, but the script seems to expect an int (or number in the case of the error). It perfectly saves when I provide an int like 1234. Any clue how I can trick the yaml to accept my project id? (which is a string, not a number or int)
Copy code
values:
  gcp:
    login:
      fn::open::gcp-login:
        project: <your-project-id>
        oidc:
          workloadPoolId: <your-pool-id>
          providerId: <your-provider-id>
          serviceAccount: <your-service-account>
  environmentVariables:
    GOOGLE_PROJECT: ${gcp.login.project}
    CLOUDSDK_AUTH_ACCESS_TOKEN: ${gcp.login.accessToken}
  pulumiConfig:
    gcp:accessToken: ${gcp.login.accessToken}
Here is the error
<yaml>:5:18 - values.gcp.login["fn::open::gcp-login"].project:
Error: expected number, got strin
b
I usually just grab the project number from the GCP console welcome screen
f
hey, Just hit the same problem, how did you fix it @green-waiter-10176 ? I'm stuck here @billions-river-87988 the project id is NOT a number, it is a string you can customize (we did), like
foobar
b
There is a project number for every project which works. I'll ask why the ESC team why the human readable project ID doesnt work here
f
alright, found it, the label is misleading, that's not the project id the oidc login function needs but the project number
thank you so much @billions-river-87988 🙏
b
yeah its odd, since GCP uses the "regualr" project id everywhere else. maybe its a limitation of the OIDC endpoint.. will verify
f
The docs https://www.pulumi.com/docs/pulumi-cloud/oidc/gcp/ and https://www.pulumi.com/registry/packages/gcp/installation-configuration/ should be adjusted to reflect that, they say to put the project-id instead of the project-number (and how to retrieve it)
b
It does say "Enter the numerical ID of your Google Cloud project in the “Project ID” field." in that first one... i think its just nomenclature issues mostly
Here is an issue that was already filed against this https://github.com/pulumi/esc/issues/262
f
Yeah well, didn't read that one since I'm dynamically setting the env values, and was only referring to the yaml examples.
can't hurt to says
project-number
instead of
project-id
in the yaml examples to match with google's nomenclature
b
to be clear, im in agreement that the docs make it unclear
f
I'll comment on the issue, thanks for pointing that out