From 7296e5030f49592b61b04397fd5c197da724c402 Mon Sep 17 00:00:00 2001 From: Bogdan A Date: Mon, 27 Sep 2021 19:59:53 +0300 Subject: [PATCH] docs: remove unnecessary steps and update examples (#15) --- README.md | 29 ++++------------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index f0bab66..4ee7df5 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ and permissions on Google Cloud. ```yaml jobs: - run: + job_id: # ... # Add "id-token" with the intended permissions. @@ -152,7 +152,7 @@ for the `gcloud` CLI tool. Note this does **not** work for the `gsutil` tool. ```yaml jobs: - run: + job_id: # ... # Add "id-token" with the intended permissions. @@ -198,7 +198,7 @@ the [`constraints/iam.allowServiceAccountCredentialLifetimeExtension` organizati ```yaml jobs: - run: + job_id: # ... # Add "id-token" with the intended permissions. @@ -233,7 +233,7 @@ invoking a Cloud Run service. ```yaml jobs: - run: + job_id: # ... # Add "id-token" with the intended permissions. @@ -349,27 +349,6 @@ the [gcloud][gcloud] command-line tool. --attribute-mapping="google.subject=assertion.sub,attribute.repository=assertion.repository" ``` -1. Get the full ID for the Workload Identity Provider: - - ```sh - gcloud iam workload-identity-pools providers describe "my-provider" \ - --project="${PROJECT_ID}" \ - --location="global" \ - --workload-identity-pool="my-pool" - ``` - - Take note of the `name` attribute. It will be of the format: - - ```text - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider - ``` - - Save this value as an environment variable: - - ```sh - export WORKLOAD_IDENTITY_PROVIDER_ID="..." # value from above - ``` - 1. Allow authentications from the Workload Identity Provider to impersonate the Service Account created above: