Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts #440

Merged
merged 1 commit into from Jan 4, 2022
Merged

Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts #440

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 6 additions & 0 deletions pkg/cmd/provisioning/gcp/create_service_accounts.go
View file
Open in desktop
Expand Up @@ -105,6 +105,12 @@ func processCredentialsRequests(ctx context.Context, client gcp.Client, credReqs
}

func createServiceAccount(ctx context.Context, client gcp.Client, name string, credReq *credreqv1.CredentialsRequest, serviceAccountNum int, workloadIdentityPool, workloadIdentityProvider, project, targetDir string, generateOnly bool) (string, error) {
// The credReq must have a non zero-length list of ServiceAccountNames
// that can be used to restrict which k8s ServiceAccounts can use the GCP ServiceAccount.
if len(credReq.Spec.ServiceAccountNames) == 0 {
return "", fmt.Errorf("CredentialsRequest %s/%s must provide at least one ServiceAccount in .spec.ServiceAccountNames", credReq.Namespace, credReq.Name)
}

// The service account id has a max length of 30 chars
// split it into 12-11-5 where the resuling string becomes:
// <infraName chopped to 12 chars>-<crName chopped to 11 chars>-<random 5 chars>
Expand Down