为什么未创建此工作负载身份池？

我不明白为什么无法创建我的工作负载身份联合资源声明。

我收到的错误表明，我必须引用提供商的声明：

╷
│ Error: Error creating WorkloadIdentityPoolProvider: googleapi: Error 400: The attribute condition must reference one of the provider's claims. For more information, see https://cloud.google.com/iam/docs/workload-identity-federation-with-deployment-pipelines#conditions
│ 
│   with google_iam_workload_identity_pool_provider.github_provider,
│   on github-actions-sa.tf line 14, in resource "google_iam_workload_identity_pool_provider" "github_provider":
│   14: resource "google_iam_workload_identity_pool_provider" "github_provider" ***
│ 
╵

从我在文档中看到的，声明

repository

repository_owner

repository_owner

如您所见，我在

attribute_mapping

resource "google_iam_workload_identity_pool_provider" "github_provider" {
  project                            = var.project_id
  display_name                       = "GitHub Provider"
  workload_identity_pool_id          = google_iam_workload_identity_pool.github_actions_pool.workload_identity_pool_id
  workload_identity_pool_provider_id = "github-provider"
  provider                           = google
  oidc {
    issuer_uri = "https://token.actions.githubusercontent.com"
  }

  attribute_mapping = {
    "google.subject"             = "assertion.sub"
    "attribute.repository"       = "assertion.repository"
    "attribute.repository_owner" = "assertion.repository_owner"
  }
}

resource "google_service_account_iam_binding" "allow_github" {

  service_account_id = google_service_account.service_account.id
  role               = "roles/iam.workloadIdentityUser"

  members = [
    "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github_actions_pool.name}/attribute.repository/${var.github_organisation}/my-project",
    "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github_actions_pool.name}/attribute.repository_owner/${var.github_organisation}"
  ]
}