fixed tmp service account issue

wandb · Jun 6, 2024 · 5f7cf05 · 5f7cf05
1 parent 521da67
commit 5f7cf05
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/main.tf b/main.tf
@@ -87,7 +87,7 @@ module "app_gke" {
  network = local.network
  subnetwork = local.subnetwork
  service_account = module.service_accounts.service_account
- create_workload_identity = var.enable_stackdriver
+ create_workload_identity = var.create_workload_identity
  depends_on = [module.project_factory_project_services]
 }
 
@@ -255,9 +255,9 @@ module "wandb" {
  }
  serviceAccount = { annotations = { "iam.gke.io/gcp-service-account" = module.service_accounts.monitoring_role } }
  } : {
-  install = false
-  stackdriver = {}
-  serviceAccount = {}
+ install = false
+ stackdriver = {}
+ serviceAccount = {}
  }
 
  otel = {

diff --git a/modules/service_accounts/main.tf b/modules/service_accounts/main.tf
@@ -74,10 +74,9 @@ resource "google_project_iam_member" "monitoring-role" {
  count = var.enable_stackdriver == true ? 1 : 0
  project = local.project_id
  role = "roles/monitoring.viewer"
- member = "serviceAccount:${google_service_account.workload-identity-user-sa[count.index].email}"
+ member = local.sa_member
 }
 
-
 resource "google_project_iam_member" "workload_identity-role" {
  count = var.enable_stackdriver == true ? 1 : 0
  project = local.project_id

diff --git a/variables.tf b/variables.tf
@@ -256,7 +256,7 @@ variable "parquet_wandb_env" {
 
 variable "enable_stackdriver" {
  type = bool
- default = false
+ default = true
 }
 
 variable "workload_account_id" {
@@ -267,4 +267,10 @@ variable "workload_account_id" {
 variable "service_account_name" {
  type = string
  default = "stackdriver"
+}
+
+variable "create_workload_identity" {
+ description = "Flag to indicate whether to create a workload identity for the service account."
+ type = bool
+ default = true
 }