From 61ae5dc20d3d1f593ccc670a99c2f35f1ae34dad Mon Sep 17 00:00:00 2001
From: Jason Frey <fryguy9@gmail.com>
Date: Thu, 12 Oct 2023 13:26:55 -0400
Subject: [PATCH 1/2] Pass a service account to the Kubernetes runner for the
 task execution

---
 lib/manageiq/providers/workflows/engine.rb | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/manageiq/providers/workflows/engine.rb b/lib/manageiq/providers/workflows/engine.rb
index f6cecac..36919fc 100644
--- a/lib/manageiq/providers/workflows/engine.rb
+++ b/lib/manageiq/providers/workflows/engine.rb
@@ -42,12 +42,15 @@ def self.floe_docker_runner
             host = ENV.fetch("KUBERNETES_SERVICE_HOST")
             port = ENV.fetch("KUBERNETES_SERVICE_PORT")
 
-            Floe::Workflow::Runner::Kubernetes.new(
-              "server"     => URI::HTTPS.build(:host => host, :port => port).to_s,
-              "token_file" => "/run/secrets/kubernetes.io/serviceaccount/token",
-              "ca_cert"    => "/run/secrets/kubernetes.io/serviceaccount/ca.crt",
-              "namespace"  => File.read("/run/secrets/kubernetes.io/serviceaccount/namespace")
-            )
+            options = {
+              "server"               => URI::HTTPS.build(:host => host, :port => port).to_s,
+              "token_file"           => "/run/secrets/kubernetes.io/serviceaccount/token",
+              "ca_cert"              => "/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+              "namespace"            => File.read("/run/secrets/kubernetes.io/serviceaccount/namespace"),
+              "task_service_account" => ENV.fetch("AUTOMATION_JOB_SERVICE_ACCOUNT")
+            }
+
+            Floe::Workflow::Runner::Kubernetes.new(options)
           elsif MiqEnvironment::Command.is_appliance? || MiqEnvironment::Command.supports_command?("podman")
             options = {}
             if Rails.env.production?

From 74af26dce289dfe20081dbf2fba8fd90d0c1a333 Mon Sep 17 00:00:00 2001
From: Jason Frey <fryguy9@gmail.com>
Date: Thu, 12 Oct 2023 14:58:10 -0400
Subject: [PATCH 2/2] Bump floe to v0.5.0

---
 manageiq-providers-workflows.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manageiq-providers-workflows.gemspec b/manageiq-providers-workflows.gemspec
index 83f3fd2..7af7143 100644
--- a/manageiq-providers-workflows.gemspec
+++ b/manageiq-providers-workflows.gemspec
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "floe", "~> 0.4.1"
+  spec.add_dependency "floe", "~> 0.5.0"
 
   spec.add_development_dependency "manageiq-style"
   spec.add_development_dependency "simplecov", ">= 0.21.2"