https://pulumi.com logo
#google-cloud
Title
# google-cloud
c

curved-dream-12503

12/04/2022, 9:50 PM
HI I am trying to get ci/cd pipeline running in bitbucket using workload identity federation (oidc). After following the instructions from pulumi I end up with a step like this:
Copy code
- step:
    name: Update Infrastructure
    oidc: true
    deployment: production
    script:
      - *deps
      - echo $BITBUCKET_STEP_OIDC_TOKEN > /tmp/oidc-token.txt
      - export GOOGLE_CREDENTIALS=credential-config.json
      - pulumi up --yes --cwd ${PULUMI_WORKING_DIRECTORY} -s ${PULUMI_STACK_NAME}
When running this pipeline I get the following error:
Copy code
Diagnostics:
  gcp:serviceAccount:Account (serviceAccount):
    error: failed to load application credentials.
    To use your default gcloud credentials, run:
    	`gcloud auth application-default login`
    See <https://www.pulumi.com/registry/packages/gcp/installation-configuration/> for details.
Is pulumi supporting oidc workload federated service accounts?
Adding to this, if using identity federation is not supported bij gcp-classic, is it supported by gcp-native provider?
update. When the I put the JSON file in the env var it works when pointing to a file it does not work.
🦆 ok one more update, problem was that when you use
--cwd
flag it cannot find the credential file anymore so lesson always put the full path ie
GOOGLE_CREDENTIALS=${PWD}/credential-config.json
84 Views