fixed naming

wandb · Jun 10, 2024 · cdf3c13 · cdf3c13
1 parent 4389616
commit cdf3c13
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 39 deletions.
diff --git a/main.tf b/main.tf
@@ -29,13 +29,12 @@ locals {
 }
 
 module "service_accounts" {
- source = "./modules/service_accounts"
- namespace = var.namespace
- bucket_name = var.bucket_name
- account_id = var.workload_account_id
- service_account_name = var.service_account_name
- enable_stackdriver = var.enable_stackdriver
- depends_on = [module.project_factory_project_services]
+ source = "./modules/service_accounts"
+ namespace = var.namespace
+ bucket_name = var.bucket_name
+ stackdriver_sa_name = var.stackdriver_sa_name
+ enable_stackdriver = var.enable_stackdriver
+ depends_on = [module.project_factory_project_services]
 }
 
 module "kms" {
@@ -87,7 +86,7 @@ module "app_gke" {
  network = local.network
  subnetwork = local.subnetwork
  service_account = module.service_accounts.service_account
- create_workload_identity = var.enable_stackdriver
+ create_workload_identity = var.create_workload_identity
  depends_on = [module.project_factory_project_services]
 }
 
@@ -261,10 +260,10 @@ module "wandb" {
  stackdriver = var.enable_stackdriver ? {
  install = true
  stackdriver = {
- projectId = data.google_client_config.current.project
- serviceAccountName = var.service_account_name
+ projectId  = data.google_client_config.current.project
+ serviceAccountName = var.stackdriver_sa_name
  }
- serviceAccount = { annotations = { "iam.gke.io/gcp-service-account" = module.service_accounts.monitoring_role } }
+ serviceAccount = { annotations = { "iam.gke.io/gcp-service-account" = module.service_accounts.stackdriver_email } }
  } : {
  install = false
  stackdriver = {}

diff --git a/modules/service_accounts/main.tf b/modules/service_accounts/main.tf
@@ -63,29 +63,29 @@ resource "google_project_iam_member" "secretmanager_admin" {
 }
 
 
-resource "google_service_account" "workload-identity-user-sa" {
+resource "google_service_account" "stackdriver" {
  count = var.enable_stackdriver == true ? 1 : 0
- account_id = var.account_id
+ account_id = var.stackdriver_sa_name
  display_name = "Service Account For Workload Identity"
 }
 
-resource "google_project_iam_member" "monitoring-role" {
+resource "google_project_iam_member" "monitoring" {
  count = var.enable_stackdriver == true ? 1 : 0
  project = local.project_id
  role = "roles/monitoring.viewer"
- member = "serviceAccount:${google_service_account.workload-identity-user-sa[count.index].email}"
+ member = "serviceAccount:${google_service_account.stackdriver[count.index].email}"
 }
 
-resource "google_service_account_iam_member" "monitoring-role" {
+resource "google_service_account_iam_member" "stackdriver_token_creator" {
  count = var.enable_stackdriver == true ? 1 : 0
- service_account_id = google_service_account.workload-identity-user-sa[count.index].id
+ service_account_id = google_service_account.stackdriver[count.index].id
  role = "roles/iam.serviceAccountTokenCreator"
- member = "serviceAccount:${google_service_account.workload-identity-user-sa[count.index].email}"
+ member = "serviceAccount:${google_service_account.stackdriver[count.index].email}"
 }
 
-resource "google_service_account_iam_member" "workload_identity-role" {
+resource "google_service_account_iam_member" "stackdriver_binding" {
  count = var.enable_stackdriver == true ? 1 : 0
- service_account_id = google_service_account.workload-identity-user-sa[count.index].id
+ service_account_id = google_service_account.stackdriver[count.index].id
  role = "roles/iam.workloadIdentityUser"
- member = "serviceAccount:${local.project_id}.svc.id.goog[${var.stackdriver_namespace}/${var.service_account_name}]"
+ member = "serviceAccount:${local.project_id}.svc.id.goog[default/${var.stackdriver_sa_name}]"
 }
diff --git a/modules/service_accounts/outputs.tf b/modules/service_accounts/outputs.tf
@@ -4,6 +4,6 @@ output "service_account" {
  description = "The service account."
 }
 
-output "monitoring_role" {
- value = var.enable_stackdriver == true ? google_service_account.workload-identity-user-sa[0].email : null
+output "stackdriver_email" {
+ value = var.enable_stackdriver == true ? google_service_account.stackdriver[0].email : null
 }
diff --git a/modules/service_accounts/variables.tf b/modules/service_accounts/variables.tf
@@ -9,12 +9,8 @@ variable "bucket_name" {
  default = ""
 }
 
-variable "account_id" {
- description = "The ID of the Google Cloud Platform (GCP) account."
- type = string
-}
 
-variable "service_account_name" {
+variable "stackdriver_sa_name" {
  description = "The name of the service account."
  type = string
 }
@@ -23,8 +19,3 @@ variable "enable_stackdriver" {
  description = "Flag to indicate whether to enable workload identity for the service account."
  type = bool
 }
-
-variable "stackdriver_namespace" {
- type = string
- default = "default"
-}
diff --git a/variables.tf b/variables.tf
@@ -256,15 +256,16 @@ variable "parquet_wandb_env" {
 
 variable "enable_stackdriver" {
  type = bool
- default = false
+ default = true
 }
 
-variable "workload_account_id" {
- type = string
- default = "wandb-stackdriver"
+variable "create_workload_identity" {
+ description = "Flag to indicate whether to create a workload identity for the service account."
+ type = bool
+ default = true
 }
 
-variable "service_account_name" {
+variable "stackdriver_sa_name" {
  type = string
  default = "wandb-stackdriver"
-}
+}