Provide `principalSet` as an IAM permission example for Direct Workload Identity Federation

google-github-actions / auth

A GitHub Action for authenticating to Google Cloud.

https://cloud.google.com/iam

Apache License 2.0

969 stars 196 forks source link

Provide `principalSet` as an IAM permission example for Direct Workload Identity Federation #416

Closed esciara closed 6 months ago

esciara commented 6 months ago

TL;DR

Can't find how to set principalSet as an IAM permission with Direct Workload Identity Federation.

Detailed design

In the current EXAMPLES.md doc, it is mentioned that

Google Cloud Resources must have the Workload Identity Pool as a principalSet as an IAM permission.

I could not find an example of how to set this IAM permission with the principalSet. Could you add an example in this doc?

Additional information

No response

github-actions[bot] commented 6 months ago

Hi there @esciara :wave:!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

sethvargo commented 6 months ago

It's step 5 in the README, for example:

principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}

esciara commented 6 months ago

Arf... Did not see it. I actually had to reaaaaaally look carefully to see the expandable portion:

Personally I would prefer to have it all expanded and scroll down. But I let you decide.

Thanks for all the work though ! (and the article!)