Skip to content

Commit

Permalink
SA is not the root cause
Browse files Browse the repository at this point in the history
Tested-by: zlq
  • Loading branch information
blackzlq committed Mar 11, 2024
1 parent 64b6c07 commit e4248f0
Showing 1 changed file with 2 additions and 11 deletions.
13 changes: 2 additions & 11 deletions modules/jupyter/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -65,26 +65,17 @@ resource "kubernetes_annotations" "hub" {
]
}

data "google_service_account" "sa" {
account_id = var.workload_identity_service_account
depends_on = [
helm_release.jupyterhub,
module.jupyterhub-workload-identity
]
}

resource "google_service_account_iam_binding" "hub-workload-identity-user" {
count = var.add_auth ? 1 : 0
service_account_id = data.google_service_account.sa.name
service_account_id = module.jupyterhub-workload-identity.gcp_service_account.name
role = "roles/iam.workloadIdentityUser"

members = [
"serviceAccount:${var.project_id}.svc.id.goog[${var.namespace}/hub]",
"serviceAccount:${var.project_id}.svc.id.goog[${var.namespace}/${var.workload_identity_service_account}]",
]
depends_on = [
helm_release.jupyterhub,
module.jupyterhub-workload-identity
helm_release.jupyterhub
]
}

Expand Down

0 comments on commit e4248f0

Please sign in to comment.