https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers discusses how to restrict which workload identity pool providers may be permitted, but doesn't go into a detailed example for when it's GitHub.
Please enhance https://github.com/google-github-actions/auth#setting-up-workload-identity-federation to also discuss what needs to be set for the
iam.workloadIdentityPoolProviders organization policy constraint.
Hi there @andrewpollock
Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.
|Issue Title||Created Date||Updated Date|