Refactor service agent management (#2423)

* Service agents script * Service agents update * WIP * Update script and terraform * Fix tests * Fix linter * Update docs * Bring back pf example inventory * Fix tests * Fix more tests * Fix tests * Use dataclasses for build_service_agents.py * Remove unneeded field() from build_service_agents * Re-enable CMEK depends_on in project outputs * Update tools/requirements.txt * Enable storage in GCS example projects * Fix tests * Add CMEK Service Agents dependencies for services * Fix typos and data platform cmek * More typos
2024-07-23 22:05:38 +02:00
parent e49b2d686f
commit c0bf32e797
147 changed files with 3676 additions and 1301 deletions
--- a/blueprints/gke/patterns/autopilot-cluster/main.tf
+++ b/blueprints/gke/patterns/autopilot-cluster/main.tf
@@ -71,7 +71,7 @@ module "project" {
    attach       = true
    host_project = var.project_create.shared_vpc_host
    # grant required roles on the host project to service identities
-    service_identity_iam = {
+    service_agent_iam = {
      "roles/compute.networkUser" = [
        "cloudservices", "container-engine"
      ]
@@ -87,8 +87,8 @@ module "project" {
        role = "roles/gkehub.serviceAgent"
        member = (
          var.fleet_project_id == null
-          ? "serviceAccount:${module.project.service_accounts.robots.gkehub}"
-          : "serviceAccount:${module.fleet-project[0].service_accounts.robots.gkehub}"
+          ? module.project.service_agents.gkehub.iam_email
+          : module.fleet-project[0].service_agents.gkehub.iam_email
        )
      }
    },