The docs for Setting Up Workload Identity Federation need to be updated. Because step 8 refers to the incorrect way of using the --member parameter.
For step 8) for the Setting Up Workload Identity Federation, the command should be:
gcloud iam service-accounts add-iam-policy-binding "[email protected]${PROJECT_ID}.iam.gserviceaccount.com" \ --project="${PROJECT_ID}" \ --role="roles/iam.workloadIdentityUser" \ --member="principalSet://iam.googleapis.com/projects/${PROJECT_NUMBER}/locations/global/workloadIdentityPools/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}"
Where the --member parameter should be of the format specificied here.
The current step 8) for the Setting Up Workload Identity Federation, the command is:
gcloud iam service-accounts add-iam-policy-binding "[email protected]${PROJECT_ID}.iam.gserviceaccount.com" \ --project="${PROJECT_ID}" \ --role="roles/iam.workloadIdentityUser" \ --member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}"
N/AAnd if you use the incorrect format for the `--member` parameter the error looks like this:
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: The member principalSet://iam.googleapis.com/*REDACTED*/attribute.repository/REPO_OWNER/REPO_NAME is of an unknown type. Please set a valid type prefix for the member.
No response
Hi there @alerickson0
Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.
Hi @alerickson0
If you're following the instructions, step 6 exports this environment variable. I've updated this to be clearer inline.
| Owner Name | google-github-actions |
| Repo Name | auth |
| Full Name | google-github-actions/auth |
| Language | TypeScript |
| Created Date | 2021-09-16 |
| Updated Date | 2023-03-24 |
| Star Count | 573 |
| Watcher Count | 16 |
| Fork Count | 116 |
| Issue Count | 3 |
| Issue Title | Created Date | Updated Date |
|---|