Use workflow identity federation in composer

ohrite · ohrite · commit 75c403dbf54e · 2025-07-15T11:56:13.000-07:00
diff --git a/airflow/dags/parse_and_validate_rt_v2/parse_rt_service_alerts.yml b/airflow/dags/parse_and_validate_rt_v2/parse_rt_service_alerts.yml
@@ -23,17 +23,10 @@ env_vars:
   CALITP_BUCKET__GTFS_RT_PARSED: "{{ env_var('CALITP_BUCKET__GTFS_RT_PARSED') }}"
   CALITP_BUCKET__GTFS_RT_VALIDATION: "{{ env_var('CALITP_BUCKET__GTFS_RT_VALIDATION') }}"
   CALITP_BUCKET__GTFS_SCHEDULE_RAW: "{{ env_var('CALITP_BUCKET__GTFS_SCHEDULE_RAW') }}"
-  GOOGLE_APPLICATION_CREDENTIALS: /secrets/jobs-data/service_account.json
   GRAAS_SERVER_URL: "{{ env_var('GRAAS_SERVER_URL') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service_account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/parse_and_validate_rt_v2/parse_rt_trip_updates.yml b/airflow/dags/parse_and_validate_rt_v2/parse_rt_trip_updates.yml
@@ -14,7 +14,6 @@ arguments:
   - "{{ execution_date.replace(minute=0, second=0).format('YYYY-MM-DDTHH:mm:ss') }}"
   - "--verbose"
 
-
 is_delete_operator_pod: true
 get_logs: true
 
@@ -24,17 +23,10 @@ env_vars:
   CALITP_BUCKET__GTFS_RT_PARSED: "{{ env_var('CALITP_BUCKET__GTFS_RT_PARSED') }}"
   CALITP_BUCKET__GTFS_RT_VALIDATION: "{{ env_var('CALITP_BUCKET__GTFS_RT_VALIDATION') }}"
   CALITP_BUCKET__GTFS_SCHEDULE_RAW: "{{ env_var('CALITP_BUCKET__GTFS_SCHEDULE_RAW') }}"
-  GOOGLE_APPLICATION_CREDENTIALS: /secrets/jobs-data/service_account.json
   GRAAS_SERVER_URL: "{{ env_var('GRAAS_SERVER_URL') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service_account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
@@ -44,6 +36,7 @@ tolerations:
     operator: Equal
     value: computetask
     effect: NoSchedule
+
 affinity:
   nodeAffinity:
     requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/airflow/dags/parse_and_validate_rt_v2/parse_rt_vehicle_positions.yml b/airflow/dags/parse_and_validate_rt_v2/parse_rt_vehicle_positions.yml
@@ -23,17 +23,10 @@ env_vars:
   CALITP_BUCKET__GTFS_RT_PARSED: "{{ env_var('CALITP_BUCKET__GTFS_RT_PARSED') }}"
   CALITP_BUCKET__GTFS_RT_VALIDATION: "{{ env_var('CALITP_BUCKET__GTFS_RT_VALIDATION') }}"
   CALITP_BUCKET__GTFS_SCHEDULE_RAW: "{{ env_var('CALITP_BUCKET__GTFS_SCHEDULE_RAW') }}"
-  GOOGLE_APPLICATION_CREDENTIALS: /secrets/jobs-data/service_account.json
   GRAAS_SERVER_URL: "{{ env_var('GRAAS_SERVER_URL') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service_account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
@@ -43,6 +36,7 @@ tolerations:
     operator: Equal
     value: computetask
     effect: NoSchedule
+
 affinity:
   nodeAffinity:
     requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/airflow/dags/parse_and_validate_rt_v2/validate_rt_service_alerts.yml b/airflow/dags/parse_and_validate_rt_v2/validate_rt_service_alerts.yml
@@ -24,17 +24,10 @@ env_vars:
   CALITP_BUCKET__GTFS_RT_PARSED: "{{ env_var('CALITP_BUCKET__GTFS_RT_PARSED') }}"
   CALITP_BUCKET__GTFS_RT_VALIDATION: "{{ env_var('CALITP_BUCKET__GTFS_RT_VALIDATION') }}"
   CALITP_BUCKET__GTFS_SCHEDULE_RAW: "{{ env_var('CALITP_BUCKET__GTFS_SCHEDULE_RAW') }}"
-  GOOGLE_APPLICATION_CREDENTIALS: /secrets/jobs-data/service_account.json
   GRAAS_SERVER_URL: "{{ env_var('GRAAS_SERVER_URL') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service_account.json
-
 k8s_resources:
   request_memory: 5.0Gi
   request_cpu: 2
diff --git a/airflow/dags/parse_and_validate_rt_v2/validate_rt_trip_updates.yml b/airflow/dags/parse_and_validate_rt_v2/validate_rt_trip_updates.yml
@@ -24,17 +24,10 @@ env_vars:
   CALITP_BUCKET__GTFS_RT_PARSED: "{{ env_var('CALITP_BUCKET__GTFS_RT_PARSED') }}"
   CALITP_BUCKET__GTFS_RT_VALIDATION: "{{ env_var('CALITP_BUCKET__GTFS_RT_VALIDATION') }}"
   CALITP_BUCKET__GTFS_SCHEDULE_RAW: "{{ env_var('CALITP_BUCKET__GTFS_SCHEDULE_RAW') }}"
-  GOOGLE_APPLICATION_CREDENTIALS: /secrets/jobs-data/service_account.json
   GRAAS_SERVER_URL: "{{ env_var('GRAAS_SERVER_URL') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service_account.json
-
 k8s_resources:
   request_memory: 5.0Gi
   request_cpu: 2
diff --git a/airflow/dags/parse_and_validate_rt_v2/validate_rt_vehicle_positions.yml b/airflow/dags/parse_and_validate_rt_v2/validate_rt_vehicle_positions.yml
@@ -24,17 +24,10 @@ env_vars:
   CALITP_BUCKET__GTFS_RT_PARSED: "{{ env_var('CALITP_BUCKET__GTFS_RT_PARSED') }}"
   CALITP_BUCKET__GTFS_RT_VALIDATION: "{{ env_var('CALITP_BUCKET__GTFS_RT_VALIDATION') }}"
   CALITP_BUCKET__GTFS_SCHEDULE_RAW: "{{ env_var('CALITP_BUCKET__GTFS_SCHEDULE_RAW') }}"
-  GOOGLE_APPLICATION_CREDENTIALS: /secrets/jobs-data/service_account.json
   GRAAS_SERVER_URL: "{{ env_var('GRAAS_SERVER_URL') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service_account.json
-
 k8s_resources:
   request_memory: 5.0Gi
   request_cpu: 2
diff --git a/airflow/dags/publish_open_data/publish_california_open_data.yml b/airflow/dags/publish_open_data/publish_california_open_data.yml
@@ -14,15 +14,10 @@ is_delete_operator_pod: true
 get_logs: true
 
 env_vars:
-  GOOGLE_APPLICATION_CREDENTIALS: /secrets/jobs-data/service_account.json
   CALITP_BUCKET__DBT_ARTIFACTS: "{{ env_var('CALITP_BUCKET__DBT_ARTIFACTS') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
 
 secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
   - deploy_type: env
     deploy_target: CALITP_CKAN_GTFS_SCHEDULE_KEY
     secret: jobs-data
diff --git a/airflow/dags/transform_warehouse/dbt_run_and_upload_artifacts.yml b/airflow/dags/transform_warehouse/dbt_run_and_upload_artifacts.yml
@@ -22,20 +22,13 @@ env_vars:
   GOOGLE_CLOUD_PROJECT: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
   CALITP_BUCKET__DBT_ARTIFACTS: "{{ env_var('CALITP_BUCKET__DBT_ARTIFACTS') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
-  BIGQUERY_KEYFILE_LOCATION: /secrets/jobs-data/service_account.json
   DBT_PROJECT_DIR: /app
   DBT_PROFILES_DIR: /app
   DBT_DATABASE: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
   DBT_TARGET: "{{ env_var('DBT_TARGET') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/transform_warehouse/dbt_test.yml b/airflow/dags/transform_warehouse/dbt_test.yml
@@ -25,20 +25,13 @@ get_logs: true
 env_vars:
   AIRFLOW_ENV: "{{ env_var('AIRFLOW_ENV') }}"
   GOOGLE_CLOUD_PROJECT: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
-  BIGQUERY_KEYFILE_LOCATION: /secrets/jobs-data/service_account.json
   DBT_PROJECT_DIR: /app
   DBT_PROFILES_DIR: /app
   DBT_TARGET: "{{ env_var('DBT_TARGET') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/transform_warehouse_full_refresh/dbt_run_and_upload_artifacts.yml b/airflow/dags/transform_warehouse_full_refresh/dbt_run_and_upload_artifacts.yml
@@ -23,20 +23,13 @@ env_vars:
   GOOGLE_CLOUD_PROJECT: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
   CALITP_BUCKET__DBT_ARTIFACTS: "{{ env_var('CALITP_BUCKET__DBT_ARTIFACTS') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
-  BIGQUERY_KEYFILE_LOCATION: /secrets/jobs-data/service_account.json
   DBT_PROJECT_DIR: /app
   DBT_PROFILES_DIR: /app
   DBT_DATABASE: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
   DBT_TARGET: "{{ env_var('DBT_TARGET') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/transform_warehouse_full_refresh/dbt_test.yml b/airflow/dags/transform_warehouse_full_refresh/dbt_test.yml
@@ -26,20 +26,13 @@ get_logs: true
 env_vars:
   AIRFLOW_ENV: "{{ env_var('AIRFLOW_ENV') }}"
   GOOGLE_CLOUD_PROJECT: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
-  BIGQUERY_KEYFILE_LOCATION: /secrets/jobs-data/service_account.json
   DBT_PROJECT_DIR: /app
   DBT_PROFILES_DIR: /app
   DBT_TARGET: "{{ env_var('DBT_TARGET') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/transform_warehouse_full_refresh_sunday/dbt_run_and_upload_artifacts_full_refresh_exclude_rt.yml b/airflow/dags/transform_warehouse_full_refresh_sunday/dbt_run_and_upload_artifacts_full_refresh_exclude_rt.yml
@@ -23,20 +23,13 @@ env_vars:
   GOOGLE_CLOUD_PROJECT: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
   CALITP_BUCKET__DBT_ARTIFACTS: "{{ env_var('CALITP_BUCKET__DBT_ARTIFACTS') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
-  BIGQUERY_KEYFILE_LOCATION: /secrets/jobs-data/service_account.json
   DBT_PROJECT_DIR: /app
   DBT_PROFILES_DIR: /app
   DBT_DATABASE: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
   DBT_TARGET: "{{ env_var('DBT_TARGET') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/transform_warehouse_full_refresh_sunday/dbt_run_and_upload_artifacts_select_rt.yml b/airflow/dags/transform_warehouse_full_refresh_sunday/dbt_run_and_upload_artifacts_select_rt.yml
@@ -26,20 +26,13 @@ env_vars:
   GOOGLE_CLOUD_PROJECT: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
   CALITP_BUCKET__DBT_ARTIFACTS: "{{ env_var('CALITP_BUCKET__DBT_ARTIFACTS') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
-  BIGQUERY_KEYFILE_LOCATION: /secrets/jobs-data/service_account.json
   DBT_PROJECT_DIR: /app
   DBT_PROFILES_DIR: /app
   DBT_DATABASE: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
   DBT_TARGET: "{{ env_var('DBT_TARGET') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/transform_warehouse_full_refresh_sunday/dbt_test_exclude_rt.yml b/airflow/dags/transform_warehouse_full_refresh_sunday/dbt_test_exclude_rt.yml
@@ -25,20 +25,13 @@ get_logs: true
 env_vars:
   AIRFLOW_ENV: "{{ env_var('AIRFLOW_ENV') }}"
   GOOGLE_CLOUD_PROJECT: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
-  BIGQUERY_KEYFILE_LOCATION: /secrets/jobs-data/service_account.json
   DBT_PROJECT_DIR: /app
   DBT_PROFILES_DIR: /app
   DBT_TARGET: "{{ env_var('DBT_TARGET') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/transform_warehouse_full_refresh_sunday/dbt_test_select_rt.yml b/airflow/dags/transform_warehouse_full_refresh_sunday/dbt_test_select_rt.yml
@@ -25,20 +25,13 @@ get_logs: true
 env_vars:
   AIRFLOW_ENV: "{{ env_var('AIRFLOW_ENV') }}"
   GOOGLE_CLOUD_PROJECT: "{{ env_var('GOOGLE_CLOUD_PROJECT') }}"
-  BIGQUERY_KEYFILE_LOCATION: /secrets/jobs-data/service_account.json
   DBT_PROJECT_DIR: /app
   DBT_PROFILES_DIR: /app
   DBT_TARGET: "{{ env_var('DBT_TARGET') }}"
   SENTRY_DSN: "{{ env_var('SENTRY_DSN') }}"
   SENTRY_ENVIRONMENT: "{{ env_var('SENTRY_ENVIRONMENT') }}"
   CALITP_BUCKET__PUBLISH: "{{ env_var('CALITP_BUCKET__PUBLISH') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service-account.json
-
 k8s_resources:
   request_memory: 2.0Gi
   request_cpu: 1
diff --git a/airflow/dags/unzip_and_validate_gtfs_schedule_hourly/validate_gtfs_schedule.yml b/airflow/dags/unzip_and_validate_gtfs_schedule_hourly/validate_gtfs_schedule.yml
@@ -17,19 +17,12 @@ is_delete_operator_pod: true
 get_logs: true
 
 env_vars:
-  GOOGLE_APPLICATION_CREDENTIALS: /secrets/jobs-data/service_account.json
   AIRFLOW_ENV: "{{ env_var('AIRFLOW_ENV') }}"
   CALITP_USER: "{{ env_var('CALITP_USER') }}"
   CALITP_BUCKET__GTFS_SCHEDULE_RAW: "{{ env_var('CALITP_BUCKET__GTFS_SCHEDULE_RAW') }}"
   CALITP_BUCKET__GTFS_SCHEDULE_VALIDATION_HOURLY: "{{ env_var('CALITP_BUCKET__GTFS_SCHEDULE_VALIDATION_HOURLY') }}"
   GRAAS_SERVER_URL: "{{ env_var('GRAAS_SERVER_URL') }}"
 
-secrets:
-  - deploy_type: volume
-    deploy_target: /secrets/jobs-data/
-    secret: jobs-data
-    key: service_account.json
-
 k8s_resources:
   request_memory: 5.0Gi
   request_cpu: 1
diff --git a/iac/cal-itp-data-infra-staging/composer/us/environment.tf b/iac/cal-itp-data-infra-staging/composer/us/environment.tf
@@ -60,7 +60,7 @@ resource "google_composer_environment" "calitp-staging-composer" {
         "POD_LOCATION"                                         = "us-west2",
         "POD_CLUSTER_NAME"                                     = data.terraform_remote_state.gke.outputs.google_container_cluster_airflow-jobs-staging_name,
         "POD_SECRETS_NAMESPACE"                                = local.namespace,
-        "SERVICE_ACCOUNT_NAME"                                 = local.service_account_name,
+        "SERVICE_ACCOUNT_NAME"                                 = local.kubernetes_service_account,
         "CALITP_BUCKET__AGGREGATOR_SCRAPER"                    = "gs://${data.terraform_remote_state.gcs.outputs.google_storage_bucket_calitp-staging-aggregator-scraper_name}",
         "CALITP_BUCKET__AIRTABLE"                              = "gs://${data.terraform_remote_state.gcs.outputs.google_storage_bucket_calitp-staging-airtable_name}",
         "CALITP_BUCKET__AMPLITUDE_BENEFITS_EVENTS"             = "gs://${data.terraform_remote_state.gcs.outputs.google_storage_bucket_calitp-staging-amplitude-benefits-events_name}",
diff --git a/iac/cal-itp-data-infra-staging/composer/us/kubernetes.tf b/iac/cal-itp-data-infra-staging/composer/us/kubernetes.tf
@@ -22,8 +22,7 @@ resource "kubernetes_secret" "composer" {
     namespace = local.namespace
   }
   data = {
-    "service_account.json" = base64decode(google_service_account_key.composer.private_key)
-    transitland-api-key    = data.kubernetes_secret.composer.data.transitland-api-key
+    transitland-api-key = data.kubernetes_secret.composer.data.transitland-api-key
   }
 }
 
@@ -38,7 +37,7 @@ resource "kubernetes_priority_class" "dbt-high-priority" {
 
 resource "kubernetes_service_account" "composer-service-account" {
   metadata {
-    name      = local.service_account_name
+    name      = local.kubernetes_service_account
     namespace = local.namespace
     annotations = {
       "iam.gke.io/gcp-service-account" = data.terraform_remote_state.iam.outputs.google_service_account_composer-service-account_email
diff --git a/iac/cal-itp-data-infra-staging/composer/us/variables.tf b/iac/cal-itp-data-infra-staging/composer/us/variables.tf
@@ -1,7 +1,7 @@
 locals {
-  namespace            = "airflow-jobs"
-  secret               = "jobs-data"
-  service_account_name = "composer-service-account"
+  namespace                  = "airflow-jobs"
+  secret                     = "jobs-data"
+  kubernetes_service_account = "composer-service-account"
 
   # This regular expression corresponds to the Python package name specification
   # https://packaging.python.org/en/latest/specifications/name-normalization/
diff --git a/iac/cal-itp-data-infra/composer/us/environment.tf b/iac/cal-itp-data-infra/composer/us/environment.tf
@@ -60,7 +60,7 @@ resource "google_composer_environment" "calitp-composer" {
         "POD_LOCATION"                                         = "us-west2",
         "POD_CLUSTER_NAME"                                     = data.terraform_remote_state.gke.outputs.google_container_cluster_airflow-jobs_name,
         "POD_SECRETS_NAMESPACE"                                = local.namespace,
-        "SERVICE_ACCOUNT_NAME"                                 = local.service_account_name,
+        "SERVICE_ACCOUNT_NAME"                                 = local.kubernetes_service_account,
         "CALITP_BUCKET__AGGREGATOR_SCRAPER"                    = "gs://${data.terraform_remote_state.gcs.outputs.google_storage_bucket_calitp-aggregator-scraper_name}",
         "CALITP_BUCKET__AIRTABLE"                              = "gs://${data.terraform_remote_state.gcs.outputs.google_storage_bucket_calitp-airtable_name}",
         "CALITP_BUCKET__AMPLITUDE_BENEFITS_EVENTS"             = "gs://${data.terraform_remote_state.gcs.outputs.google_storage_bucket_calitp-amplitude-benefits-events_name}",
diff --git a/iac/cal-itp-data-infra/composer/us/kubernetes.tf b/iac/cal-itp-data-infra/composer/us/kubernetes.tf
diff --git a/iac/cal-itp-data-infra/composer/us/variables.tf b/iac/cal-itp-data-infra/composer/us/variables.tf
diff --git a/warehouse/profiles.yml b/warehouse/profiles.yml
