Merge pull request #1153 from cdapio/cherry-pick-sa-fill-tenantid-inh…

…elpcmd Cherry pick service accounts tenant id help command changes to release/6.10
cdapio · Nov 22, 2023 · 62333f7 · 62333f7
2 parents 738dcc6 + 5c5c5e2
commit 62333f7
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/app/cdap/components/NamespaceAdmin/ServiceAccounts/EditConfirmDialog.tsx b/app/cdap/components/NamespaceAdmin/ServiceAccounts/EditConfirmDialog.tsx
@@ -63,13 +63,13 @@ const StyledTextField = styled(TextField)`
  * @return string, the gcloud cli command to run
  */
 const getGcloudCommand = ({
-  tenantProjectId = '${TENANT_PROJECT_ID}',
+  k8sWorkloadIdentityPool = '${TENANT_PROJECT_ID}.svc.id.goog',
   identity = '${IDENTITY}',
   gsaEmail = '${GSA_EMAIL}',
   gsaProjectId = '${GSA_PROJECT_ID}',
   k8snamespace = 'default',
 }): string =>
-  `gcloud iam service-accounts add-iam-policy-binding --role roles/iam.workloadIdentityUser --member "serviceAccount:${tenantProjectId}.svc.id.goog[${k8snamespace}/${identity}]" ${gsaEmail} --project ${gsaProjectId}`;
+  `gcloud iam service-accounts add-iam-policy-binding --role roles/iam.workloadIdentityUser --member "serviceAccount:${k8sWorkloadIdentityPool}[${k8snamespace}/${identity}]" ${gsaEmail} --project ${gsaProjectId}`;
 
 export const EditConfirmDialog = ({
   selectedServiceAcccount,
@@ -79,6 +79,7 @@ export const EditConfirmDialog = ({
   k8snamespace,
 }: IEditConfirmDialogProps) => {
   const namespacedCreationHookEnabled = window.CDAP_CONFIG.cdap.namespaceCreationHookEnabled;
+  const k8sWorkloadIdentityPool = window.CDAP_CONFIG.cdap.k8sWorkloadIdentityPool;
   const [serviceAccountInputValue, setServiceAccountInputValue] = useState<string>(
     selectedServiceAcccount
   );
@@ -94,6 +95,7 @@ export const EditConfirmDialog = ({
     identity: namespaceIdentity || undefined,
     gsaEmail: serviceAccountInputValue || undefined,
     k8snamespace: (namespacedCreationHookEnabled && k8snamespace) || undefined,
+    k8sWorkloadIdentityPool: k8sWorkloadIdentityPool || undefined,
   };
 
   const copyableExtendedMessage =

diff --git a/server/express.js b/server/express.js
@@ -241,6 +241,7 @@ function makeApp(authAddress, cdapConfig, uiSettings) {
         maxRecordsPreview: cdapConfig['preview.max.num.records'],
         ui: uiSettings['ui'],
         k8sWorkloadIdentityEnabled: cdapConfig['master.environment.k8s.workload.identity.enabled'],
+        k8sWorkloadIdentityPool:cdapConfig['credential.provider.system.properties.gcp-wi-credential-provider.k8s.workload.identity.pool'],
         namespaceCreationHookEnabled: cdapConfig['namespaces.creation.hook.enabled'],
         hstsEnabled: cdapConfig['hsts.enabled'],
         hstsMaxAge: cdapConfig['hsts.max.age'],