From 83354cacbb08bb6ced8aa3959623167f377b302e Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Mon, 2 Dec 2024 09:20:26 -0500 Subject: [PATCH] Update TROUBLESHOOTING.md (#457) Fix a bunch of issues since GitHub apparently dropped support for special callouts. Refs https://github.com/google-github-actions/auth/issues/455 Signed-off-by: Seth Vargo --- docs/TROUBLESHOOTING.md | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md index 73fac9f6..2bf8154d 100644 --- a/docs/TROUBLESHOOTING.md +++ b/docs/TROUBLESHOOTING.md @@ -6,9 +6,7 @@ see exactly which step is failing. Ensure you are using the latest version of the GitHub Action. - > [!CAUTION] - > - > Enabling debug logging increases the chances of a secret + > **⚠️ WARNING!** Enabling debug logging increases the chances of a secret > being accidentally logged. While GitHub Actions will scrub secrets, > please take extra caution when sharing these debug logs in publicly > accessible places like GitHub issues. @@ -46,7 +44,7 @@ ```diff - projects/my-project/locations/global/workloadIdentityPools/my-pool/providers/my-provider - + projects/1234567890/locations/global/workloadIdentityPools/my-pool/providers/ + + projects/1234567890/locations/global/workloadIdentityPools/my-pool/providers/my-provider ``` 1. Ensure that you have the correct `permissions:` for the job in your @@ -64,11 +62,9 @@ GitHub OIDC token. You cannot grant permissions on an attribute unless you map that value from the incoming GitHub OIDC token. - > [!TIP] - > - > Use the [GitHub Actions OIDC Debugger][oidc-debugger] to print the list of - > token claims and compare them to your Attribute Mappings and Attribute - > Conditions. + > **ℹ️ TIP!** Use the [GitHub Actions OIDC Debugger][oidc-debugger] to print + > the list of token claims and compare them to your Attribute Mappings and + > Attribute Conditions. 1. Ensure you have the correct character casing and capitalization. GitHub does not distinguish between "foobar" and "FooBar", but Google Cloud does. Ensure @@ -89,10 +85,8 @@ 1. Enable `Admin Read`, `Data Read`, and `Data Write` [Audit Logging][cal] for Identity and Access Management (IAM) in your Google Cloud project. - > [!WARNING] - > - > This will increase log volume which may increase costs. You can disable - > this audit logging after you have debugged the issue. + > **⚠️ WARNING!** This will increase log volume which may increase costs. + > You can disable this audit logging after you have debugged the issue. Try to authenticate again, and then explore the logs for your Workload Identity Provider and Workload Identity Pool. Sometimes these error messages @@ -238,9 +232,7 @@ cat credentials.json | jq -r tostring ## Organizational Policy Constraints -> [!NOTE] -> -> Your Google Cloud organization administrator controls these +> **ℹ️ NOTE!** Your Google Cloud organization administrator controls these > policies. You must work with your internal IT department to resolve OrgPolicy > violations and constraints.