Authentication using Application Default Creds does not export creds in subsequent steps

Question

Authentication using Application Default Creds does not export creds in subsequent steps

loayei opened this issue a year ago · comments

TL;DR

I am authenticating into setup-gcloud using Application default credentials because am running a self hosted runner on GCP.
I am trying to run helm gcs init command but it is not running and am getting permission denied.

Is it something wrong am doing or I do need to run the auth action and pass a key or workload identity to run helm gcs command.

Detailed design

No response

Additional information

No response

Seth Vargo · Answer 1 · Fri Feb 17 2023 20:19:19 GMT+0800 (China Standard Time)

Hi @loayei

What permission errors are you getting? For Artifact Registry or Container Registry, you have to configure the Docker daemon auth. You can use gcloud or just google-github-actions/auth which would be faster since it doesn't need to download and install gcloud.

Loayei · Answer 2 · Sat Feb 18 2023 04:48:11 GMT+0800 (China Standard Time)

Its actually in storage buckets. so am getting a storage.object permission error.

does auth support application default credentials ? I tried it and it fails

Seth Vargo · Answer 3 · Sat Feb 18 2023 06:40:24 GMT+0800 (China Standard Time)

It's very difficult to debug these kinds of things when you bypass the issue template. Please provide your complete Action YAML, and the debug log output.

Loayei · Answer 4 · Sun Feb 19 2023 08:10:37 GMT+0800 (China Standard Time)

Thanks for your response i was able to figure it out. I was not giving the runner service account the required permissions.
Thanks again