user_login=ACD421
sub=project_path:ACD421/gcp-rob-45539:ref_type:branch:ref:main
project_id=82322622
GCP STS TOKEN: 1195 chars
GCP ACCESS TOKEN: 1024 chars
GCP Security Token Service accepted the squatted project's OIDC token. Service Account impersonation succeeded. Full authentication chain completed.
- Workload Identity Pool + Provider configured to trust
https://gitlab.com - Service Account
gitlab-oidc-poc@oidc-poc-acd421.iam.gserviceaccount.combound to sub claim - Project created, deleted, path freed instantly
- Squatted project mints OIDC token with identical sub claim
- GCP STS exchanges token (1195 chars)
- SA impersonation succeeds (1024-char access token)
- GCP resources accessible
- Project:
oidc-poc-acd421(#458865291500) - Pool:
gitlab-oidc-pool - Provider:
gitlab-oidc-provider(issuer: https://gitlab.com, condition: assertion.sub startsWith "project_path:") - SA:
gitlab-oidc-poc@oidc-poc-acd421.iam.gserviceaccount.com - Roles: Viewer, Storage Admin
evidence/gcp-full-chain.log- Full CI job trace: STS + SA impersonation + project accessevidence/gcp-e2e-proof.txt- E2E proof with both phases (different project_ids, identical sub)scripts/gcp-heist-ci.yml- GitLab CI template for GCP token exchangescripts/e2e_gcp.py- Automation script