Docs Home
This example will create OIDC configuration between Pulumi Cloud and Google Cloud, specifically demonstrating connectivity with Pulumi ESC. The program automates the process detailed in the Google Cloud documentation for the following activities:
Prerequisites
- Install Pulumi
- Configure Pulumi to Use GCP
- Create a Google Cloud Project with the required APIs enabled
Running the Example
Clone the examples repo and navigate to the folder for this example.
git clone https://github.com/pulumi/examples.git
cd examples/gcp-py-oidc-provider-pulumi-cloud
Next, to deploy the application and its infrastructure, follow these steps:
Create a new stack, which is an isolated deployment target for this example:
pulumi stack init devSet your Pulumi ESC environment name and the name of your GCP Project:
pulumi config set environmentName <your-environment-name> # replace with your environment name pulumi config set gcp:project <your-project-id> # replace with your GCP project IDInstall requirements.
python3 -m venv venv venv/bin/pip install -r requirements.txtRun
pulumi up -y. Once the program completes, it will output a YAML template for you to use in the next step.
Validating the OIDC Configuration
This next section will walk you through validating your OIDC configuration using Pulumi ESC.
- Start by creating a new Pulumi ESC environment.
- Then, copy the template definition from the output in the CLI and paste it into your environment.
- Save your environment file and run the
pulumi env open <your-pulumi-org>/<your-environment>command in the CLI. You should see output similar to the following:
$ pulumi env open myOrg/myEnvironment
{
"environmentVariables": {
"GOOGLE_PROJECT": 111111111111
"CLOUDSDK_AUTH_ACCESS_TOKEN": "ya29...."
},
"gcp": {
"login": {
"accessToken": "ya29.....",
"expiry": "2023-11-09T11:12:41Z",
"project": 111111111111,
"tokenType": "Bearer"
}
}
}
Clean-Up Resources
Once you are done, you can destroy all of the resources as well as the stack:
$ pulumi destroy
$ pulumi stack rm