actions/auth
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update TROUBLESHOOTING.md (#457)

Browse Source 
Fix a bunch of issues since GitHub apparently dropped support for
special callouts.

Refs https://github.com/google-github-actions/auth/issues/455

Signed-off-by: Seth Vargo <seth@sethvargo.com>
This commit is contained in:
Seth Vargo 2024-12-02 09:20:26 -05:00 committed by GitHub
parent 6fc4af4b14
commit 83354cacbb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docs/TROUBLESHOOTING.md
View File

@ -6,9 +6,7 @@
see exactly which step is failing. Ensure you are using the latest version
of the GitHub Action.
> [!CAUTION]
>
> Enabling debug logging increases the chances of a secret
> **⚠️ WARNING!** Enabling debug logging increases the chances of a secret
> being accidentally logged. While GitHub Actions will scrub secrets,
> please take extra caution when sharing these debug logs in publicly
> accessible places like GitHub issues.
@ -46,7 +44,7 @@
```diff
- projects/my-project/locations/global/workloadIdentityPools/my-pool/providers/my-provider
+ projects/1234567890/locations/global/workloadIdentityPools/my-pool/providers/
+ projects/1234567890/locations/global/workloadIdentityPools/my-pool/providers/my-provider
```
1. Ensure that you have the correct `permissions:` for the job in your
@ -64,11 +62,9 @@
GitHub OIDC token. You cannot grant permissions on an attribute unless you
map that value from the incoming GitHub OIDC token.
> [!TIP]
>
> Use the [GitHub Actions OIDC Debugger][oidc-debugger] to print the list of
> token claims and compare them to your Attribute Mappings and Attribute
> Conditions.
> ** TIP!** Use the [GitHub Actions OIDC Debugger][oidc-debugger] to print
> the list of token claims and compare them to your Attribute Mappings and
> Attribute Conditions.
1. Ensure you have the correct character casing and capitalization. GitHub does
not distinguish between "foobar" and "FooBar", but Google Cloud does. Ensure
@ -89,10 +85,8 @@
1. Enable `Admin Read`, `Data Read`, and `Data Write` [Audit Logging][cal] for
Identity and Access Management (IAM) in your Google Cloud project.
> [!WARNING]
>
> This will increase log volume which may increase costs. You can disable
> this audit logging after you have debugged the issue.
> **⚠️ WARNING!** This will increase log volume which may increase costs.
> You can disable this audit logging after you have debugged the issue.
Try to authenticate again, and then explore the logs for your Workload
Identity Provider and Workload Identity Pool. Sometimes these error messages
@ -238,9 +232,7 @@ cat credentials.json | jq -r tostring
## Organizational Policy Constraints
> [!NOTE]
>
> Your Google Cloud organization administrator controls these
> ** NOTE!** Your Google Cloud organization administrator controls these
> policies. You must work with your internal IT department to resolve OrgPolicy
> violations and constraints.