consume workload identity from core api

astronomer · Aug 1, 2023 · c1e6f43 · c1e6f43
1 parent eacb540
commit c1e6f43
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 25 deletions.
diff --git a/cloud/deployment/inspect/inspect.go b/cloud/deployment/inspect/inspect.go
@@ -176,7 +176,7 @@ func getDeploymentInfo(sourceDeployment *astro.Deployment, coreDeployment astroc
 		"webserver_url":     sourceDeployment.DeploymentSpec.Webserver.URL,
 		"created_at":        sourceDeployment.CreatedAt,
 		"updated_at":        sourceDeployment.UpdatedAt,
-		"workload_identity": getWorkloadIdentity(sourceDeployment),
+		"workload_identity": coreDeployment.WorkloadIdentity,
 		"status":            coreDeployment.Status,
 	}, nil
 }
@@ -401,23 +401,3 @@ func getTemplate(formattedDeployment *FormattedDeployment) FormattedDeployment {
 
 	return template
 }
-
-func getWorkloadIdentity(de *astro.Deployment) string {
-	// deployment workload identity only applies to AWS and GCP for now
-	if de.Cluster.CloudProvider == "gcp" {
-		return fmt.Sprintf("%s@%s.iam.gserviceaccount.com", getGCPServiceAccountName(de), de.Cluster.ProviderAccount)
-	}
-	if de.Cluster.CloudProvider == "aws" {
-		return fmt.Sprintf("arn:aws:iam::%s:role/AirflowS3Logs-%s", de.Cluster.ProviderAccount, de.Cluster.ID)
-	}
-	return ""
-}
-
-func getGCPServiceAccountName(d *astro.Deployment) string {
-	name := fmt.Sprintf("astro-%s", d.ReleaseName)
-	if len(name) > gcpMaxChar { // GCP service accounts can only have a max of 30 characters
-		truncated := name[:gcpMaxChar]
-		return strings.TrimRight(truncated, "-") // for cosmetics, ensure the last character isn't a hyphen
-	}
-	return name
-}
diff --git a/cloud/deployment/inspect/inspect_test.go b/cloud/deployment/inspect/inspect_test.go
@@ -24,9 +24,11 @@ import (
 var (
 	errGetDeployment           = errors.New("test get deployment error")
 	errMarshal                 = errors.New("test error")
+	workloadIdentity           = "astro-great-release-name@provider-account.iam.gserviceaccount.com"
 	mockCoreDeploymentResponse = []astrocore.Deployment{
 		{
-			Status: "HEALTHY",
+			Status:           "HEALTHY",
+			WorkloadIdentity: &workloadIdentity,
 		},
 	}
 	mockListDeploymentsResponse = astrocore.ListDeploymentsResponse{
@@ -411,8 +413,6 @@ func TestGetDeploymentInspectInfo(t *testing.T) {
 		DeploymentIds: &depIds,
 	}
 
-	workloadIdentity := "astro-great-release-name@provider-account.iam.gserviceaccount.com"
-
 	t.Run("returns deployment metadata for the requested cloud deployment", func(t *testing.T) {
 		var actualDeploymentMeta deploymentMetadata
 		testUtil.InitTestConfig(testUtil.CloudPlatform)
@@ -455,8 +455,8 @@ func TestGetDeploymentInspectInfo(t *testing.T) {
 			CreatedAt:        &sourceDeployment.CreatedAt,
 			UpdatedAt:        &sourceDeployment.UpdatedAt,
 			DeploymentURL:    &expectedCloudDomainURL,
-			WorkloadIdentity: &workloadIdentity,
 			WebserverURL:     &sourceDeployment.DeploymentSpec.Webserver.URL,
+			WorkloadIdentity: &workloadIdentity,
 		}
 		rawDeploymentInfo, err := getDeploymentInfo(&sourceDeployment, mockCoreDeploymentResponse[0])
 		assert.NoError(t, err)