Hi, I try to setup GCP Workload Identity Federation, following the examples to use ESC (trying to create an environment). Unfortunately when I try to save the following snippet it fails with an error. Project ids of GCP are strings, but the script seems to expect an int (or number in the case of the error). It perfectly saves when I provide an int like 1234. Any clue how I can trick the yaml to accept my project id? (which is a string, not a number or int)

values:
  gcp:
    login:
      fn::open::gcp-login:
        project: <your-project-id>
        oidc:
          workloadPoolId: <your-pool-id>
          providerId: <your-provider-id>
          serviceAccount: <your-service-account>
  environmentVariables:
    GOOGLE_PROJECT: ${gcp.login.project}
    CLOUDSDK_AUTH_ACCESS_TOKEN: ${gcp.login.accessToken}
  pulumiConfig:
    gcp:accessToken: ${gcp.login.accessToken}

Here is the error

<yaml>:5:18 - values.gcp.login["fn::open::gcp-login"].project:

Error: expected number, got strin

I usually just grab the project number from the GCP console welcome screen

hey, Just hit the same problem, how did you fix it @green-waiter-10176 ? I'm stuck here @billions-river-87988 the project id is NOT a number, it is a string you can customize (we did), like

foobar

There is a project number for every project which works. I'll ask why the ESC team why the human readable project ID doesnt work here

alright, found it, the label is misleading, that's not the project id the oidc login function needs but the project number

yeah its odd, since GCP uses the "regualr" project id everywhere else. maybe its a limitation of the OIDC endpoint.. will verify

The docs https://www.pulumi.com/docs/pulumi-cloud/oidc/gcp/ and https://www.pulumi.com/registry/packages/gcp/installation-configuration/ should be adjusted to reflect that, they say to put the project-id instead of the project-number (and how to retrieve it)

It does say "Enter the numerical ID of your Google Cloud project in the “Project ID” field." in that first one... i think its just nomenclature issues mostly

Yeah well, didn't read that one since I'm dynamically setting the env values, and was only referring to the yaml examples.

to be clear, im in agreement that the docs make it unclear

I'll comment on the issue, thanks for pointing that out

Hi @billions-river-87988 and @faint-motherboard-95438, just noticed the replies and even if it is some time ago I wanted to say tyvm for the conversation and pointing to the solution! 😀