Skip to content

Commit

Permalink
fix: more permissions for now
Browse files Browse the repository at this point in the history
  • Loading branch information
@danielpanzella
danielpanzella committed Nov 15, 2024
1 parent e1bcac3 commit 50095ff
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 2 deletions.
11 changes: 11 additions & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ locals {
app = "wandb-app"
parquet = "wandb-parquet"
flat_runs = "wandb-flat-run-fields-updater"
filestream = "wandb-filestream"
weave = "wandb-weave"
weave_trace = "wandb-weave-trace"
}
Expand Down Expand Up @@ -420,6 +421,16 @@ module "wandb" {
annotations = {}
}
}

filestream = {
serviceAccount = var.create_workload_identity ? {
name = local.k8s_sa_map.filestream
annotations = { "iam.gke.io/gcp-service-account" = module.service_accounts.sa_account_role }
} : {
name = null
annotations = {}
}
}
}
}

Expand Down
2 changes: 1 addition & 1 deletion modules/bigtable/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,6 @@ resource "google_bigtable_instance" "default" {

resource "google_bigtable_instance_iam_member" "default" {
instance = google_bigtable_instance.default.name
role = "roles/bigtable.user"
role = "roles/bigtable.admin"
member = local.sa_member
}
22 changes: 21 additions & 1 deletion modules/pubsub/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "5.34.0"
}
}
}
locals {
sa_member = "serviceAccount:${var.service_account.email}"
}
Expand All @@ -15,7 +23,7 @@ resource "google_pubsub_topic_iam_member" "filestream" {
member = local.sa_member
}

resource "google_pubsub_subscription" "filestream" {
resource "google_pubsub_subscription" "filestream-gorilla" {
name = "${var.namespace}-filestream-gorilla"
topic = google_pubsub_topic.filestream.name

Expand All @@ -25,6 +33,12 @@ resource "google_pubsub_subscription" "filestream" {
labels = var.labels
}

resource "google_pubsub_subscription_iam_member" "filestream-gorilla" {
subscription = google_pubsub_subscription.filestream-gorilla.name
role = "roles/pubsub.admin"
member = local.sa_member
}

resource "google_pubsub_topic" "run_updates_v2" {
name = "${var.namespace}-run-updates-v2"
kms_key_name = var.crypto_key
Expand All @@ -46,4 +60,10 @@ resource "google_pubsub_subscription" "flat-run-fields-updater-v2" {
ack_deadline_seconds = 60

labels = var.labels
}

resource "google_pubsub_subscription_iam_member" "flat-run-fields-updater-v2" {
subscription = google_pubsub_subscription.flat-run-fields-updater-v2.name
role = "roles/pubsub.admin"
member = local.sa_member
}

0 comments on commit 50095ff

Please sign in to comment.