HI I am trying to get ci cd pipeline running in bitbucket us Pulumi Community #google-cloud

HI I am trying to get ci/cd pipeline running in bi...

curved-dream-12503

12/04/2022, 9:50 PM

HI I am trying to get ci/cd pipeline running in bitbucket using workload identity federation (oidc). After following the instructions from pulumi I end up with a step like this:

Copy code

- step:
    name: Update Infrastructure
    oidc: true
    deployment: production
    script:
      - *deps
      - echo $BITBUCKET_STEP_OIDC_TOKEN > /tmp/oidc-token.txt
      - export GOOGLE_CREDENTIALS=credential-config.json
      - pulumi up --yes --cwd ${PULUMI_WORKING_DIRECTORY} -s ${PULUMI_STACK_NAME}

When running this pipeline I get the following error:

Copy code

Diagnostics:
  gcp:serviceAccount:Account (serviceAccount):
    error: failed to load application credentials.
    To use your default gcloud credentials, run:
    	`gcloud auth application-default login`
    See <https://www.pulumi.com/registry/packages/gcp/installation-configuration/> for details.

Is pulumi supporting oidc workload federated service accounts?

curved-dream-12503

12/06/2022, 11:14 AM

Adding to this, if using identity federation is not supported bij gcp-classic, is it supported by gcp-native provider?

curved-dream-12503

12/06/2022, 8:35 PM

update. When the I put the JSON file in the env var it works when pointing to a file it does not work.

curved-dream-12503

12/06/2022, 8:45 PM

🦆 ok one more update, problem was that when you use

--cwd

flag it cannot find the credential file anymore so lesson always put the full path ie

GOOGLE_CREDENTIALS=${PWD}/credential-config.json

curved-dream-12503

12/09/2022, 1:38 PM

Created an issue: https://github.com/pulumi/pulumi-gcp/issues/956

112 Views

Open in Slack

Previous Next