Hi all. Trying to setup pulumi deployments and getting the following error:

pulumi:pulumi:Stack [project]-dev running
	gcp:storage:Bucket [bucket-1]
  + gcp:storage:Bucket test-files creating (0s)
	gcp:cloudrunv2:Service [project]
  + gcp:storage:Bucket test-files creating (0s) error: 1 error occurred:
  + gcp:storage:Bucket test-files **creating failed** error: 1 error occurred:
    pulumi:pulumi:Stack [project]-dev running error: update failed
	pulumi:pulumi:Stack [project]-dev running Error creating bucket test-files: Post "<https://storage.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&[gcp-project-id]>": oauth2/google: unable to generate access token: Post "<https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/pulumi-deployments@[gcp-project-id].iam.gserviceaccount.com:generateAccessToken>": oauth2/google: status code 400: {"error":"invalid_request","error_description":"Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See <https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token> for the list of possible formats."}
	pulumi:pulumi:Stack [project]-dev **failed** 1 error; 1 message

Truncated for brevity.

Using gcp with the setup described in the documentation to setup OIDC. Attached screenshots of the relevant configuration under google clouds workload identity federation.

Hi @stocky-scientist-3792, you should use your organization name as the ODIC audience (which looks like is

inash-covertech

) instead of

pulumi-org

Sorry for the confusion. Actually I am. In the screenshots, I just masked the values as pulumi-org. Also the provider is configured and named

pulumi

instead of

pulumi-org

. Appreciate any help.

Hi @stocky-scientist-3792 could you DM me a screenshot of the gcp and pulumi screens with the real configuration?

Sure sending shortly.