gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-31 15:05:44 -08:00
Code Issues Packages Projects Releases Wiki Activity

a

Browse Source
This commit is contained in:
carlospolop
2025-06-07 15:08:20 +02:00
parent 682420bd96
commit 8cb8cf4b78
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/pentesting-cloud/gcp-security/gcp-basic-information/gcp-federation-abuse.md
View File

@@ -86,13 +86,17 @@ poolId=$(gcloud iam workload-identity-pools describe $poolName \
--location global \
--format='get(name)')
gcloud iam workload-identity-pools providers create-oidc $poolName \
--project="${projectId}" \
gcloud iam workload-identity-pools providers create-oidc "$poolName" \
--project="$projectId" \
--location="global" \
--workload-identity-pool="$poolName" \
--display-name="Demo provider" \
--attribute-mapping="google.subject=assertion.sub,attribute.actor=assertion.actor,attribute.aud=assertion.aud" \
--issuer-uri="https://token.actions.githubusercontent.com"
--display-name="CTF provider" \
--issuer-uri="https://token.actions.githubusercontent.com" \
--attribute-mapping="google.subject=assertion.sub,\
attribute.actor=assertion.actor,\
attribute.repository=assertion.repository,\
attribute.aud=assertion.aud" \
--attribute-condition="assertion.repository_owner!=''"
providerId=$(gcloud iam workload-identity-pools providers describe $poolName \
--location global \
@@ -136,9 +140,9 @@ jobs:
uses: "google-github-actions/auth@v2.1.3"
with:
create_credentials_file: "true"
workload_identity_provider: "${providerId}" # In the providerId, the numerical project ID (12 digit number) should be used
service_account: "${saId}" # instead of the alphanumeric project ID. ex:
activate_credentials_file: true # projects/123123123123/locations/global/workloadIdentityPools/iam-lab-7-gh-pool/providers/iam-lab-7-gh-pool-oidc-provider'
workload_identity_provider: "${providerId}" # In the providerId, the numerical project ID (12 digit number) should be used instead of the alphanumeric project ID. ex: projects/123123123123/locations/global/workloadIdentityPools/iam-lab-7-gh-pool/providers/iam-lab-7-gh-pool-oidc-provider'
service_account: "${saId}" # <sa-name>@<proj-id>.iam.gserviceaccount.com
activate_credentials_file: true
- id: "gcloud"
name: "gcloud"
run: |-