You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ERROR: gcloud crashed (OAuthError): ('Error code invalid_request: Invalid value for "audience". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats.', '{"error":"invalid_request","error_description":"Invalid value for \\"audience\\". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats."}')
Action YAML
name: GCP OIDCon:
push:
jobs:
Get_OIDC_ID_token:
runs-on: ubuntu-latestenvironment:
name: dev-clusterpermissions:
contents: 'read'id-token: 'write'steps:
# Install gcloud, do not specify authentication.
- uses: 'google-github-actions/setup-gcloud@master'with:
project_id: ${{ secrets.GCP_PROJECT }}
- id: 'auth'name: 'Authenticate to GCP'uses: 'google-github-actions/auth@v0.4.0'with:
create_credentials_file: true#token_format: access_tokenworkload_identity_provider: ${{ secrets.GCP_OIDC_ID_PROVIDER }}service_account: ${{ secrets.GCP_OIDC_SA}}
- id: 'gcloud'name: 'gcloud'run: |- gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}" # Now you can run gcloud commands authenticated as the impersonated service account. gcloud secrets versions access "latest" --secret "TEST_SECRET"
Log output
2021-11-25T14:53:24.4249793Z Found online and idle hosted runner in the current repository's enterprise account that matches the required labels: 'ubuntu-latest'
2021-11-25T14:53:24.4921602Z Waiting for a Hosted runner in the 'enterprise' to pick this job...
2021-11-25T14:53:24.6012107Z Job is waiting for a hosted runner to come online.
2021-11-25T14:53:28.2866434Z Job is about to start running on the hosted runner: GitHub Actions 17 (hosted)
2021-11-25T14:53:32.2336114Z Current runner version: '2.284.0'
2021-11-25T14:53:32.2369044Z ##[group]Operating System
2021-11-25T14:53:32.2370224Z Ubuntu
2021-11-25T14:53:32.2370802Z 20.04.3
2021-11-25T14:53:32.2371363Z LTS
2021-11-25T14:53:32.2371994Z ##[endgroup]
2021-11-25T14:53:32.2372679Z ##[group]Virtual Environment
2021-11-25T14:53:32.2373595Z Environment: ubuntu-20.04
2021-11-25T14:53:32.2374260Z Version: 20211122.1
2021-11-25T14:53:32.2375711Z Included Software: https://github.com/actions/virtual-environments/blob/ubuntu20/20211122.1/images/linux/Ubuntu2004-README.md
2021-11-25T14:53:32.2377431Z Image Release: https://github.com/actions/virtual-environments/releases/tag/ubuntu20%2F20211122.1
2021-11-25T14:53:32.2378480Z ##[endgroup]
2021-11-25T14:53:32.2379264Z ##[group]Virtual Environment Provisioner
2021-11-25T14:53:32.2380103Z 1.0.0.0-master-20211123-1
2021-11-25T14:53:32.2380791Z ##[endgroup]
2021-11-25T14:53:32.2382371Z ##[group]GITHUB_TOKEN Permissions
2021-11-25T14:53:32.2383860Z Contents: read
2021-11-25T14:53:32.2384546Z Metadata: read
2021-11-25T14:53:32.2385325Z ##[endgroup]
2021-11-25T14:53:32.2388989Z Prepare workflow directory
2021-11-25T14:53:32.3062100Z Prepare all required actions
2021-11-25T14:53:32.3073335Z Getting action download info
2021-11-25T14:53:32.5454727Z Download action repository 'google-github-actions/setup-gcloud@master' (SHA:b8f95eb7d716bf9a715eafd169162b93f69ed520)
2021-11-25T14:53:34.4862198Z Download action repository 'google-github-actions/auth@v0.4.0' (SHA:a61909d048e0be579b6c15b27088d19668493851)
2021-11-25T14:53:34.9136477Z ##[group]Run google-github-actions/setup-gcloud@master
2021-11-25T14:53:34.9137476Z with:
2021-11-25T14:53:34.9138247Z project_id: ***
2021-11-25T14:53:34.9138812Z version: latest
2021-11-25T14:53:34.9139499Z export_default_credentials: false
2021-11-25T14:53:34.9140166Z ##[endgroup]
2021-11-25T14:53:35.9236231Z [command]/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/ee0bbbc1-8045-4cfb-9e13-77d6069c0a60 -f /home/runner/work/_temp/a40071b6-8738-42d3-ae17-e62ad83ea1ee
2021-11-25T14:53:47.1378275Z Successfully set default project
2021-11-25T14:53:47.1383366Z No credentials provided, skipping authentication
2021-11-25T14:53:47.1638461Z ##[group]Run google-github-actions/auth@v0.4.0
2021-11-25T14:53:47.1639147Z with:
2021-11-25T14:53:47.1639665Z create_credentials_file: true
2021-11-25T14:53:47.1641576Z workload_identity_provider: ***
2021-11-25T14:53:47.1642723Z service_account: ***
2021-11-25T14:53:47.1643268Z access_token_lifetime: 3600s
2021-11-25T14:53:47.1644151Z access_token_scopes: https://www.googleapis.com/auth/cloud-platform
2021-11-25T14:53:47.1645046Z id_token_include_email: false
2021-11-25T14:53:47.1645523Z env:
2021-11-25T14:53:47.1646281Z CLOUDSDK_METRICS_ENVIRONMENT: github-actions-setup-gcloud
2021-11-25T14:53:47.1647064Z ##[endgroup]
2021-11-25T14:53:47.3012596Z
2021-11-25T14:53:47.3054061Z
2021-11-25T14:53:47.3190530Z ##[group]Run gcloud auth login --brief --cred-file="/home/runner/work/_temp/7967505e41544b16b108c538"
2021-11-25T14:53:47.3191684Z �[36;1mgcloud auth login --brief --cred-file="/home/runner/work/_temp/7967505e41544b16b108c538"�[0m
2021-11-25T14:53:47.3192366Z �[36;1m�[0m
2021-11-25T14:53:47.3193135Z �[36;1m# Now you can run gcloud commands authenticated as the impersonated service account.�[0m
2021-11-25T14:53:47.3194147Z �[36;1mgcloud secrets versions access "latest" --secret "TEST_SECRET"�[0m
2021-11-25T14:53:47.3244473Z shell: /usr/bin/bash -e {0}
2021-11-25T14:53:47.3244976Z env:
2021-11-25T14:53:47.3245758Z CLOUDSDK_METRICS_ENVIRONMENT: github-actions-setup-gcloud
2021-11-25T14:53:47.3246860Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/_temp/7967505e41544b16b108c538
2021-11-25T14:53:47.3247842Z GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/_temp/7967505e41544b16b108c538
2021-11-25T14:53:47.3248745Z CLOUDSDK_PROJECT: ***
2021-11-25T14:53:47.3249388Z CLOUDSDK_CORE_PROJECT: ***
2021-11-25T14:53:47.3249974Z GCP_PROJECT: ***
2021-11-25T14:53:47.3250522Z GCLOUD_PROJECT: ***
2021-11-25T14:53:47.3251326Z GOOGLE_CLOUD_PROJECT: ***
2021-11-25T14:53:47.3251815Z ##[endgroup]
2021-11-25T14:53:48.1078158Z ERROR: gcloud crashed (OAuthError): ('Error code invalid_request: Invalid value for "audience". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats.', '{"error":"invalid_request","error_description":"Invalid value for \\"audience\\". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats."}')
2021-11-25T14:53:48.1082725Z
2021-11-25T14:53:48.1083439Z If you would like to report this issue, please run the following command:
2021-11-25T14:53:48.1086686Z gcloud feedback
2021-11-25T14:53:48.1089104Z
2021-11-25T14:53:48.1089997Z To check gcloud for common problems, please run the following command:
2021-11-25T14:53:48.1093474Z gcloud info --run-diagnostics
2021-11-25T14:53:48.2073244Z ##[error]Process completed with exit code 1.
2021-11-25T14:53:48.2107427Z Cleaning up orphan processes
Additional information
No response
The text was updated successfully, but these errors were encountered:
TL;DR
Auth is not working. Invalid value for "audience"
Expected behavior
Working example code
Observed behavior
Action YAML
Log output
Additional information
No response
The text was updated successfully, but these errors were encountered: