configure field with email not service-acount-key

- we were filling in two fields with the service account key json when what they really wanted was just the email [#165233462] Signed-off-by: Nick Mahoney <[email protected]>
vmware-archive · Apr 10, 2019 · ce2f202 · ce2f202
1 parent 98046d3
commit ce2f202
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 5 deletions.
diff --git a/ci/assets/template/pks-config.yml b/ci/assets/template/pks-config.yml
@@ -39,9 +39,9 @@ product-properties:
   .properties.cloud_provider.gcp.network:
     value: {{.network_name}}
   .properties.cloud_provider.gcp.master_service_account:
-    value: {{.pks_master_node_service_account_key}}
+    value: {{.pks_master_node_service_account_email}}
   .properties.cloud_provider.gcp.worker_service_account:
-    value: {{.pks_worker_node_service_account_key}}
+    value: {{.pks_worker_node_service_account_email}}
   .properties.telemetry_selector:
     value: disabled
 resource-config:

diff --git a/modules/pks/outputs.tf b/modules/pks/outputs.tf
@@ -37,3 +37,11 @@ output "pks_worker_node_service_account_key" {
 output "api_endpoint" {
   value = "api.${replace(replace(google_dns_record_set.wildcard-pks-dns.name, "/^\\*\\./", ""), "/\\.$/", "")}"
 }
+
+output "worker_node_service_account_email" {
+  value = "${google_service_account.pks_worker_node_service_account.email}"
+}
+
+output "master_node_service_account_email" {
+  value = "${google_service_account.pks_master_node_service_account.email}"
+}
diff --git a/scripts/configure-director b/scripts/configure-director
@@ -10,9 +10,9 @@ main() {
   local path=${1?"Path is required (e.g. terraforming-pas, terraforming-pks, terraforming-control-plane)"}
   local password=${2?"OpsManager password is required."}
 
-  pushd $PROJECT_DIR/$path > /dev/null
+  pushd "${PROJECT_DIR}/${path}" > /dev/null
     RAW_JSON=$(jq -e --raw-output '.modules[0].outputs | map_values(.value)' terraform.tfstate)
-    WITH_CERT=$(echo ${RAW_JSON} | jq --arg terraformingca "${CA_CERT}" '. + {terraforming_ca_cert: $terraformingca}')
+    WITH_CERT=$(echo "${RAW_JSON}" | jq --arg terraformingca "${CA_CERT}" '. + {terraforming_ca_cert: $terraformingca}')
 
     authenticate_om "${password}"
 

diff --git a/terraforming-pks/outputs.tf b/terraforming-pks/outputs.tf
@@ -40,7 +40,7 @@ output "director_blobstore_bucket" {
 }
 
 output "director_blobstore_service_account_key" {
-  value = "${module.infra.blobstore_gcp_service_account_key}"
+  value     = "${module.infra.blobstore_gcp_service_account_key}"
   sensitive = true
 }
 
@@ -165,6 +165,16 @@ output "pks_worker_node_service_account_key" {
   sensitive = true
 }
 
+output "pks_worker_node_service_account_email" {
+  value     = "${module.pks.worker_node_service_account_email}"
+  sensitive = true
+}
+
+output "pks_master_node_service_account_email" {
+  value     = "${module.pks.master_node_service_account_email}"
+  sensitive = true
+}
+
 # Certificates
 
 output "ssl_cert" {