Include how to interoperate with the iam.workloadIdentityPoolProviders org policy constraint

This issue has been tracked since 2023-01-23.

TL;DR discusses how to restrict which workload identity pool providers may be permitted, but doesn't go into a detailed example for when it's GitHub.

Detailed design

No response

Additional information

Please enhance to also discuss what needs to be set for the iam.workloadIdentityPoolProviders organization policy constraint.

github-actions[bot] wrote this answer on 2023-01-25

Hi there @andrewpollock 👋!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

andrewpollock wrote this answer on 2023-01-25
ianlewis wrote this answer on 2023-01-25

I assume this is something like

gcloud resource-manager org-policies allow constraints/iam.workloadIdentityPoolProviders \ --organization=ORGANIZATION_NUMBER
sethvargo wrote this answer on 2023-01-25

#258 as a little blurb. We don't intend to be a replacement for the Google Cloud documentation though, and this is a somewhat advanced use case. I would recommend filing an internal docs bug as well.

andrewpollock wrote this answer on 2023-01-25

Cheers, I've ping you on the corresponding internal docs bug as an FYI.

More Details About Repo
Owner Name google-github-actions
Repo Name auth
Full Name google-github-actions/auth
Language TypeScript
Created Date 2021-09-16
Updated Date 2023-03-24
Star Count 573
Watcher Count 16
Fork Count 116
Issue Count 3


Issue Title Created Date Updated Date