Provide principalSet as an IAM permission example for Direct Workload Identity Federation

[esciara]

TL;DR

Can't find how to set principalSet as an IAM permission with Direct Workload Identity Federation.

Detailed design

In the current EXAMPLES.md doc, it is mentioned that

Google Cloud Resources must have the Workload Identity Pool as a principalSet as an IAM permission.

I could not find an example of how to set this IAM permission with the principalSet. Could you add an example in this doc?

Additional information

No response

[github-actions]

Hi there @esciara 👋!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

[sethvargo]

It's step 5 in the README, for example:

principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}

[esciara]

Arf... Did not see it. I actually had to reaaaaaally look carefully to see the expandable portion:

Personally I would prefer to have it all expanded and scroll down. But I let you decide.

Thanks for all the work though ! (and the article!)