Skip to content

Commit

Permalink
[#77] Argo: Fix SA permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
Dmitriy Karbyshev committed Apr 6, 2021
1 parent 147bc4c commit 87d0bdc
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion terraform/modules/k8s/argo/prereqs/gke/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
locals {
gsa_argo_name = "${var.cluster_name}-argo"
workflows_namespace = var.configuration.workflows_namespace == "" ? var.configuration.namespace : var.configuration.workflows_namespace
}

resource "google_service_account" "argo" {
Expand Down Expand Up @@ -45,7 +46,7 @@ resource "google_service_account_iam_binding" "argo_web_identity" {
service_account_id = google_service_account.argo.name
role = "roles/iam.workloadIdentityUser"

members = ["serviceAccount:${var.project_id}.svc.id.goog[argo]", "serviceAccount:${var.project_id}.svc.id.goog[argo-workflow]"]
members = ["serviceAccount:${var.project_id}.svc.id.goog[${var.configuration.namespace}|argo]", "serviceAccount:${var.project_id}.svc.id.goog[${local.workflows_namespace}|argo-workflow]"]
}

resource "google_service_account_key" "argo_sa_key" {
Expand Down

0 comments on commit 87d0bdc

Please sign in to comment.