1. Firewall Policy vs Firewall Rule (Where to use which one and why) 2. Create Firewall Policy and Implement it for Hybrid use case (Typically customer has dev and prod projects, hence a implement it considering both project) 3. Rules, Policy and Association (Understand use case in detail) 4. Automation of this using terraform (Hierarchical Firewall Policy Automation with Terraform | Google Cloud Blog) can you make a documentation on these ? Need help in understanding clearly kindly look into it, if you can answer all of them.
Hi, I have gone through your videos on using Workflow identity federation to connect to GCP. They are very much helpful in understanding the feature and get to know how it is working. Can I use wfi for copying files from Linux server to GCS buckets? Could you please tell me in that case how this wfi pool has to be configured? Any help in this regard would be much appreciated.
Thanks for the video😁👍. Can you tell how these attributes (timestamp- 3:34) work? And are these safe to use cuz I read somewhere in the document that if another repo has the same value or something it can allow that repo access too. Thanks in advance.
my friends, thanks for your video but my output in github actions is: Error: Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist). and see when I follow your tutorial in the 4:24 minute , generate in your case principalSet, in my case principal :(
It would have been also very useful to explain a bit more about what the attribute mapping is and how does it work. Putting the values in there without any explanation what does what, does not really help the understand the whole picture.
@CloudAdvocate what is the value of 'my-secret' in the yml file last line? I added this key in the github settings key-value but not sure about its value. Please help... @SnehaU-uj8rt
Hi, Thanks for the video. It was really useful. I did the exact same thing as mentioned in the video but I faced the following error in the github actions. Can you help me resolve this issue? Why is this happening? (gcloud.secrets.versions.access) There was a problem refreshing your current auth tokens: ('Unable to acquire impersonated credentials', '{ "error": { "code": 403, "message": "Permission \'iam.serviceAccounts.getAccessToken\' denied on resource (or it may not exist).", "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "IAM_PERMISSION_DENIED", "domain": "iam.googleapis.com", "metadata": { "permission": "iam.serviceAccounts.getAccessToken" } } ] } } ') Please run: $ gcloud auth login to obtain new credentials. If you have already logged in with a different account: $ gcloud config set account ACCOUNT to select an already authenticated account to use. Error: Process completed with exit code 1.
Thanks for the video. How can we provision the gcp resources using terraform authenticating through wif without using service account keys?
1. Firewall Policy vs Firewall Rule (Where to use which one and why)
2. Create Firewall Policy and Implement it for Hybrid use case (Typically customer has dev and prod projects, hence a implement it considering both project)
3. Rules, Policy and Association (Understand use case in detail)
4. Automation of this using terraform (Hierarchical Firewall Policy Automation with Terraform | Google Cloud Blog)
can you make a documentation on these ? Need help in understanding clearly kindly look into it, if you can answer all of them.
Hi, I have gone through your videos on using Workflow identity federation to connect to GCP. They are very much helpful in understanding the feature and get to know how it is working. Can I use wfi for copying files from Linux server to GCS buckets? Could you please tell me in that case how this wfi pool has to be configured? Any help in this regard would be much appreciated.
Thanks for the video😁👍.
Can you tell how these attributes (timestamp- 3:34) work? And are these safe to use cuz I read somewhere in the document that if another repo has the same value or something it can allow that repo access too.
Thanks in advance.
Hi, excellent video. My question is how can we set up this with Terraform? There is a way? Thanks for the content
Yes after the auth block you can use terraform action. You don’t have to use any keys
my friends, thanks for your video but my output in github actions is: Error: Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist). and see when I follow your tutorial in the 4:24 minute , generate in your case principalSet, in my case principal :(
Thanks for this video ❤
Why are the mappings the way they are? Why are these three necessary? What about other fields? What do they mean? You’re not explaining that 😢
It would have been also very useful to explain a bit more about what the attribute mapping is and how does it work. Putting the values in there without any explanation what does what, does not really help the understand the whole picture.
Sir I am BCA graduate and i am fresher. Can i become a Devops Engineer????
Thanks gk for this great video
Can we use this same flow for azure devops pipelines?
Yes, I believe
@@CloudAdvocate one more question GK can we use this WIF in azure cloud
Shoud work. Pls try and let me know :D
1:15 🤣
@CloudAdvocate what is the value of 'my-secret' in the yml file last line?
I added this key in the github settings key-value but not sure about its value. Please help...
@SnehaU-uj8rt
Hi, Thanks for the video. It was really useful.
I did the exact same thing as mentioned in the video but I faced the following error in the github actions. Can you help me resolve this issue? Why is this happening?
(gcloud.secrets.versions.access) There was a problem refreshing your current auth tokens: ('Unable to acquire impersonated credentials', '{
"error": {
"code": 403,
"message": "Permission \'iam.serviceAccounts.getAccessToken\' denied on resource (or it may not exist).",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "IAM_PERMISSION_DENIED",
"domain": "iam.googleapis.com",
"metadata": {
"permission": "iam.serviceAccounts.getAccessToken"
}
}
]
}
}
')
Please run:
$ gcloud auth login
to obtain new credentials.
If you have already logged in with a different account:
$ gcloud config set account ACCOUNT
to select an already authenticated account to use.
Error: Process completed with exit code 1.
yeah, the same problem, I guess, the service account needs Service Account Token Creator role
That’s correct. Pls try that
@marcelomg1986 @CloudAdvocate i tried adding the service account token creator role. It wasn't working.
@@SnehaU-uj8rt oh, what command is throwing you this error?
@@SnehaU-uj8rt try to follow, documentation, set up the commands in the gcp console. It helps me a lot.