https://pulumi.com logo
Join Slack
Powered by
Struggling a bit with something that seems pretty ...
# general
o
Struggling a bit with something that seems pretty simple in TF - building a service account then calling the ID of that account. I think I'm miissing something simple but could use some review
c
@orange-tailor-85423 what do you mean “calling the ID of that account”?
o
what that API expects - it wants the service account ID; /projects/mindbody/etc/etc/serviceaccount
So I created that account - now I need to get that serviceAccountID and pass it to the function that creates the IAM/permissions
c
Uh, in the code below you’re populating 
serviceAccountId
with 
newserviceaccount.metadata.get()
, which does not seem right. You uprobably want 
newserviceaccount.metadata.apply(m => m.name)
or something like that.
o
ok
c
But, that does not look like what you’re doing before?
er, below?
What is 
google_service_account.k8s_node.name
?
Is that equivalent to 
.metadata.name
?
Because it looks like that’s actually supposed to be a 
google_service_account
, not a Kubernetes 
ServiceAccount
o
yea, I think just bad naming on our part
c
No, I mean that the GCP API seems to be asking for the ID of a GCP service account.
o
ok - so I guess more general - I want to do this in a function rather than static const
c
You’re making a Kubernetes service account.
o
Here's what the service account looks like in another project
it's an IAM account (GCP)
c
Yes, the IAM account is bound to a GCP service account. But you’re making a Kubernetes service account, right?
@orange-tailor-85423 in other words, look at your code, you’re using 
new k8s.core.v1.ServiceAccount
, but you need new 
new gcp.serviceAccount.Account(...)
right?
o
yep - working on this too late at night
ugh
now what if I do those operations in a function....how can I leverage that object that the 1st function created?
just do a return of the var object?
c
hmm, not sure I understand.
oh you mean
you want to put it into a function
o
yes
for example
export function createNodeServiceAccount(clustername: string){ var sa = new gcp.serviceAccount.Account("k8s_node", { accountId: 
${clusterName}-k8s-node1
, displayName: 
Service Account - ${clusterName} - K8s node
} ) return sa }
then call what got created to pass into this function:
export function createServiceAccountIamMember(serviceAccountID: string){ var sam = new gcp.serviceAccount.IAMMember("k8s_node_account_iam", { serviceAccountId: sa.serviceAccountId, role: "roles/iam.serviceAccountUser", member: "serviceAccount:terraform@mindbody-admin.iam.gserviceaccount.com" } ) return sam }
c
even something like this should work:
Copy code
function foo() {
    return [new gcp.serviceAccount.Account(...), new gcp.serviceAccount.IAMMember(...)]
}
o
oh I see - just called inside the other function
that way I can just create an account or do both operations
c
Yeah
o
trying
thanks Alex
I'm showing this to some people later on so need to get something working - hehe
c
or you could write your own component class:
Copy code
export class IamServiceAccouunt extends pulumi.ComponentResource {
    private readonly sa: gcp.serviceAccount.Account;
    private readonly iam: gcp.serviceAccount.IAMMember;
    constructor(...) {
        <http://this.sa|this.sa> = new gcp.serviceAccount.Account(...)
        this.iam = new gcp.serviceAccount.IAMMember(...)
    }
}
Then you could just do something like 
new IamServiceAccount(...)
Open in Slack
PreviousNext
Powered by