Access Google Cloud from GitHub Action Sans Keys - Workload Identity Federation

Thanks for the video. How can we provision the gcp resources using terraform authenticating through wif without using service account keys?

1. Firewall Policy vs Firewall Rule (Where to use which one and why)
2. Create Firewall Policy and Implement it for Hybrid use case (Typically customer has dev and prod projects, hence a implement it considering both project)
3. Rules, Policy and Association (Understand use case in detail)
4. Automation of this using terraform (Hierarchical Firewall Policy Automation with Terraform | Google Cloud Blog)
can you make a documentation on these ? Need help in understanding clearly kindly look into it, if you can answer all of them.

Hi, I have gone through your videos on using Workflow identity federation to connect to GCP. They are very much helpful in understanding the feature and get to know how it is working. Can I use wfi for copying files from Linux server to GCS buckets? Could you please tell me in that case how this wfi pool has to be configured? Any help in this regard would be much appreciated.

Thanks for the video😁👍.
Can you tell how these attributes (timestamp- 3:34) work? And are these safe to use cuz I read somewhere in the document that if another repo has the same value or something it can allow that repo access too.
Thanks in advance.

Hi, excellent video. My question is how can we set up this with Terraform? There is a way? Thanks for the content

my friends, thanks for your video but my output in github actions is: Error: Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist). and see when I follow your tutorial in the 4:24 minute , generate in your case principalSet, in my case principal :(

Thanks for this video ❤

Why are the mappings the way they are? Why are these three necessary? What about other fields? What do they mean? You’re not explaining that 😢

It would have been also very useful to explain a bit more about what the attribute mapping is and how does it work. Putting the values in there without any explanation what does what, does not really help the understand the whole picture.

Sir I am BCA graduate and i am fresher. Can i become a Devops Engineer????

Thanks gk for this great video
Can we use this same flow for azure devops pipelines?

1:15 🤣

@CloudAdvocate what is the value of 'my-secret' in the yml file last line?
I added this key in the github settings key-value but not sure about its value. Please help...
@SnehaU-uj8rt

Hi, Thanks for the video. It was really useful.
I did the exact same thing as mentioned in the video but I faced the following error in the github actions. Can you help me resolve this issue? Why is this happening?
(gcloud.secrets.versions.access) There was a problem refreshing your current auth tokens: ('Unable to acquire impersonated credentials', '{
"error": {
"code": 403,
"message": "Permission \'iam.serviceAccounts.getAccessToken\' denied on resource (or it may not exist).",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "IAM_PERMISSION_DENIED",
"domain": "iam.googleapis.com",
"metadata": {
"permission": "iam.serviceAccounts.getAccessToken"
}
}
]
}
}
')
Please run:
$ gcloud auth login
to obtain new credentials.
If you have already logged in with a different account:
$ gcloud config set account ACCOUNT
to select an already authenticated account to use.
Error: Process completed with exit code 1.