Merge pull request #35 from artefactory/fix/project_name_sa

Fix app engine service account name
artefactory · Oct 15, 2020 · 2857ac6 · 2857ac6
2 parents 42a65be + 6aeea11
commit 2857ac6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 12 deletions.
diff --git a/IaC/modules/mlflow/server/main.tf b/IaC/modules/mlflow/server/main.tf
@@ -43,14 +43,14 @@ resource "google_project_iam_member" "cloudsql" {
   depends_on = [google_app_engine_application.app]
   project = data.google_project.project.project_id
   role    = "roles/cloudsql.client"
-  member = format("serviceAccount:%[email protected]", data.google_project.project.name)
+  member = format("serviceAccount:%[email protected]", data.google_project.project.project_id)
 }
 
 resource "google_project_iam_member" "secret" {
   depends_on = [google_app_engine_application.app]
   project = data.google_project.project.project_id
   role    = "roles/secretmanager.secretAccessor"
-  member = format("serviceAccount:%[email protected]", data.google_project.project.name)
+  member = format("serviceAccount:%[email protected]", data.google_project.project.project_id)
 }
 
 resource "google_project_iam_member" "gcs" {
@@ -64,14 +64,14 @@ resource "google_project_iam_member" "gae_gcs" {
   depends_on = [google_app_engine_application.app]
   project = data.google_project.project.project_id
   role    = "roles/storage.objectViewer"
-  member = format("serviceAccount:%[email protected]", data.google_project.project.name)
+  member = format("serviceAccount:%[email protected]", data.google_project.project.project_id)
 }
 
 resource "google_project_iam_member" "gae_api" {
   depends_on = [google_app_engine_application.app]
   project = data.google_project.project.project_id
   role    = "roles/compute.networkUser"
-  member  = format("serviceAccount:%[email protected]", data.google_project.project.name)
+  member  = format("serviceAccount:%[email protected]", data.google_project.project.project_id)
 }
 
 resource "google_app_engine_flexible_app_version" "myapp_v1" {
@@ -130,8 +130,8 @@ resource "google_iap_client" "project_client" {
   brand        =  google_iap_brand.project_brand.name
 }
 resource "google_iap_app_engine_service_iam_binding" "member" {
-  project = data.google_project.project.name
-  app_id = data.google_project.project.name
+  project = data.google_project.project.project_id
+  app_id = data.google_project.project.project_id
   service = google_app_engine_flexible_app_version.myapp_v1.service
   role = "roles/iap.httpsResourceAccessor"
   members = var.web_app_users

diff --git a/README.md b/README.md
@@ -5,6 +5,7 @@ A tool to deploy a mostly serverless MLflow on a GCP project with one command
 
 ### Pre-requesites
 - A GCP project on which you are owner
+- Terraform >= 0.13.2 installed
 - Initialized gcloud SDK with your owner account
 - Docker engine running
 - No app engine application running and no consent screen already setup
@@ -17,11 +18,12 @@ Fill out the `vars` file.
 |`TF_VAR_project_id`|Name of the GCP project|
 |`TF_VAR_backend_bucket`|Name of the terraform backend bucket. Should be globally unique. No `gs://` prefix|
 |`TF_VAR_consent_screen_support_email`|Contact email address displayed by the SSO screen when the user trying to log in is not authorized. The address should be that of the user deploying mlflow (you) or a Cloud Identity group managed by this user|
-|`TF_VAR_web_app_users`|List of authorized users/groups/domains. Should be a single quoted list of string such as '["user:jane@example.com", "group:people@example.com", "domain:example.com"]'|
+|`TF_VAR_web_app_users`|List of authorized users/groups/domains. Should be a single quoted list of string such as '["user:jane@example.com", "group:people@example.com", "domain:example.com"]'. Email addresses and domains must be associated with an active Google Account, G Suite account, or Cloud Identity account.|
 |`TF_VAR_network_name`|The network the application and backend should attach to. If left blank, a new network will be created.|
 
 **Run `make one-click-mlflow` and follow the prompts.**
 
+
 ### What it does
 - Enables the necessary services
 - Builds and pushes the MLFlow docker image

diff --git a/vars b/vars
@@ -1,5 +1,5 @@
-export TF_VAR_project_id=two-click-mlflow
-export TF_VAR_backend_bucket=tfstate-mlflow-atf-two
-export TF_VAR_consent_screen_support_email=[email protected]
-export TF_VAR_web_app_users='["user:[email protected]", "user:[email protected]"]'
-export TF_VAR_network_name=default
+export TF_VAR_project_id=
+export TF_VAR_backend_bucket=
+export TF_VAR_consent_screen_support_email=
+export TF_VAR_web_app_users=
+export TF_VAR_network_name=