Hi all. Trying to setup pulumi deployments and get...
# pulumi-deployments
Hi all. Trying to setup pulumi deployments and getting the following error:
Copy code
pulumi:pulumi:Stack [project]-dev running
	gcp:storage:Bucket [bucket-1]
  + gcp:storage:Bucket test-files creating (0s)
	gcp:cloudrunv2:Service [project]
  + gcp:storage:Bucket test-files creating (0s) error: 1 error occurred:
  + gcp:storage:Bucket test-files **creating failed** error: 1 error occurred:
    pulumi:pulumi:Stack [project]-dev running error: update failed
	pulumi:pulumi:Stack [project]-dev running Error creating bucket test-files: Post "<https://storage.googleapis.com/storage/v1/b?alt=json&prettyPrint=false&[gcp-project-id]>": oauth2/google: unable to generate access token: Post "<https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/pulumi-deployments@[gcp-project-id].iam.gserviceaccount.com:generateAccessToken>": oauth2/google: status code 400: {"error":"invalid_request","error_description":"Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See <https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token> for the list of possible formats."}
	pulumi:pulumi:Stack [project]-dev **failed** 1 error; 1 message

Truncated for brevity.
Using gcp with the setup described in the documentation to setup OIDC. Attached screenshots of the relevant configuration under google clouds workload identity federation.
I've replaced some values with place holders. Appreciate any help.
Hi @stocky-scientist-3792, you should use your organization name as the ODIC audience (which looks like is
) instead of
Sorry for the confusion. Actually I am. In the screenshots, I just masked the values as pulumi-org. Also the provider is configured and named
instead of
. Appreciate any help.
Hi @able-market-62580 are you able to help further?
Hi @stocky-scientist-3792 could you DM me a screenshot of the gcp and pulumi screens with the real configuration?
Sure sending shortly.