Subscribe to Google Cloud Tech → goo.gle/GoogleCloudTech

You guys have really good contributions over there, which are very friendly and informative. Especially for example knowing about that information for the exams is really useful. Thank you guys!

Excellent video, this was one of the few things chatGPT couldn't clearly explain how to set up.

Great stuff. Would be great if you guys could link the mentioned documentation here for reference. 🥂

The documentation on this is kind of lacking. I've tried every variation of setup I can find online and still get a "Permission storage.objects.list denied on resource" error every single time. My service account is properly setup and has the correct permissions/access to my bucket and is connected to my pool. My github secrets are the correct email and provider and they're setup in my workflow file which runs correctly each time. However permission is still denied. I've gone through dozens of stackoverflow and similar threads of people experiencing the same error, tried their solutions and nothing. Pretty frustrating experience when all I'm trying to do is read a couple of CSV files for an app so I don't have to manually download and push them once a week

Does the "workload identity provider ID" and "service account" have to be a secret? Can they just be plain text? Would be nice to know the security impications of that? Thanks for the video :)

Thanks for the wonderful session, it really starts my monday with new learning, will be waiting for more security focused videos.

Now the UI has changed and there are many other options that we need to fill to Grant Access. Please make a video on that

Can you make a video on publishing the npm package to the Google Artifact repository? Also, this video is a little bit outdated, and Google documentation is only for the lawyer not for developers. Can you point to the relevant video?

is there a document to go through all the provider mapping options?

The UI shown here is different from the current one, In the grant access with service account impersonation menu, i need to fill in: Select principals (identities that can access the service account): attribute name: ... attribute value:... What should i fill this with ?

Beautiful presentation Martin and Luka, how can i get the previous video on service account key?

Can Google's Workload Identity Federation be used if I want my back-end application which is running outside the Google Cloud to access Google APIs such as Calendar API? If not, what's the best solution for doing this in production environment? I don't want to use Service access key.

I am using terraform module in one repository in github and manifest in another repository. When try to run terraform it is unable to authorize module. How can we achieve this with workload identity federation?

@googlecloudtech Is it possible to access Google Cloud assets in one account from another Google Cloud account (belonging to another organisation)? For this use case, when creating a workload identity pool can OIDC be used? If OIDC can be used, what values to use as Provider ID and Issuer (URL) in case of Google Cloud?

Excelente, de mucha ayuda

Can we use the WIF approach for Firebase services, such as deploying Firebase Hosting and Firebase functions with GitHub Actions?

When i try to grant access to service account, the option for "All identites in the pool" under select principal is not there.

outdated

Good information but way to scripted and cringe to watch. Use your own words and trust the knowledge of the persons talking instead of scripting every word that is said. It is a pain to watch.