gcpArchived
1 messages
Google Cloud Platform
Michał Czeraszkiewiczover 3 years ago(edited)
Hi, anyone configured Bitbucket Pipeline to access CGP via OIDC?
Currently I have:
But I get an error:
Currently I have:
`
image: atlassian/default-image:3
pipelines:
default:
- parallel:
- step: &docker-build-push
name: Build and push images to GCR
oidc: true
image: google/cloud-sdk:alpine
script:
- echo "${BITBUCKET_STEP_OIDC_TOKEN}" > /tmp/credential-source-file.out
- gcloud iam workload-identity-pools create-cred-config projects/${PROJECT_ID}/locations/global/workloadIdentityPools/bitbucket-pipelines/providers/bitbucket-pipelines --service-account="name@${PROJECT_ID}.<http://iam.gserviceaccount.com|iam.gserviceaccount.com>" --output-file=/tmp/FILEPATH.json --credential-source-file=/tmp/credential-source-file.out --credential-source-type=text
- gcloud auth login --cred-file=/tmp/FILEPATH.json
- CLOUDSDK_CORE_DISABLE_PROMPTS=1 gcloud components install alpha
- gcloud --project ${PROJECT_ID} alpha storage lsBut I get an error:
google.auth.exceptions.OAuthError: ('Error code invalid_target: The target service indicated by the "audience" parameters is invalid. This might either be because the pool or provider is disabled or deleted or because it doesn\'t exist.', '{"error":"invalid_target","error_description":"The target service indicated by the \\"audience\\" parameters is invalid. This might either be because the pool or provider is disabled or deleted or because it doesn\'t exist."}')