google-github-actions/auth
1
0
Fork 0
mirror of https://github.com/google-github-actions/auth.git synced 2026-06-08 18:17:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

Document possible issues with org policies (#258)

Browse source 
Fixes GH-257
This commit is contained in:
Seth Vargo 2023-01-24 08:02:03 -06:00 committed by GitHub
commit 1475a55569
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
README.md
View file

@ -632,6 +632,31 @@ Terraform module to automate your infrastructure provisioning. See [examples](ht
Identity Pool mapping until the permissions are available. Identity Pool mapping until the permissions are available.
#### Organizational Policy Constraints
By default, Google Cloud allows you to create Workload Identity Pools and
Workload Identity Providers for any endpoints. Your organization may restrict
which external identity providers are permitted on your Google Cloud account. To
enable GitHub Actions as a Workload Identity Pool and Provider, add the
`https://token.actions.githubusercontent.com` to the allowed
`iam.workloadIdentityPoolProviders` Org Policy constraint.
```shell
gcloud resource-manager org-policies allow "constraints/iam.workloadIdentityPoolProviders" \
https://token.actions.githubusercontent.com
```
You can specify a `--folder` or `--organization`. If you do not have permission
to manage these Org Policies, please contact your Google Cloud administrator.
For GitHub Enterprise Server, the endpoint will be your server URL:
```shell
gcloud resource-manager org-policies allow "constraints/iam.workloadIdentityPoolProviders" \
https://my.github.company
```
## GitHub Token Format ## GitHub Token Format
Below is a sample GitHub Token for reference for attribute mappings. For a list of all Below is a sample GitHub Token for reference for attribute mappings. For a list of all