Skip to content

Add mainnet history dump user GCP SA#5737

Merged
jagathweerasinghe-da merged 6 commits into
mainfrom
wee/add_gcp_sa_for_gcs_dump_data_mgmt
Jun 1, 2026
Merged

Add mainnet history dump user GCP SA#5737
jagathweerasinghe-da merged 6 commits into
mainfrom
wee/add_gcp_sa_for_gcs_dump_data_mgmt

Conversation

@jagathweerasinghe-da
Copy link
Copy Markdown
Contributor

@jagathweerasinghe-da jagathweerasinghe-da commented May 29, 2026
edited
Loading

jagathweerasinghe-da
jagathweerasinghe-da commented May 29, 2026
View reviewed changes
Comment thread cluster/pulumi/gha/src/config.ts Outdated

export const ghaConfig = fullConfig.gha;

export const isSpliceCluster =
Copy link
Copy Markdown
Contributor Author

@jagathweerasinghe-da jagathweerasinghe-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to guard for splice

Copy link
Copy Markdown
Contributor Author

@jagathweerasinghe-da jagathweerasinghe-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

jagathweerasinghe-da
jagathweerasinghe-da commented May 29, 2026
View reviewed changes
Comment thread cluster/pulumi/gha/src/mainnetHistoryDumpsUser.ts
isegall-da
isegall-da reviewed May 29, 2026
View reviewed changes
Comment thread cluster/pulumi/gha/src/config.ts
.default([]),
mainnetHistoryDumpsUser: z
.object({
bucket: z.string().min(1),
Copy link
Copy Markdown
Contributor

@isegall-da isegall-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the min(1)? I don't recall seeing us doing that elsewhere. It's preventing an empty string basically?

Copy link
Copy Markdown
Contributor Author

@jagathweerasinghe-da jagathweerasinghe-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, making sure empty strings are not passed to GCP APIs.

isegall-da
isegall-da reviewed May 29, 2026
View reviewed changes
Comment thread cluster/pulumi/gha/src/config.ts
// GitHub repos (full "org/name") allowed to impersonate the SA via WIF.
githubRepositories: z.array(z.string().min(1)).min(1),
})
.optional(),
Copy link
Copy Markdown
Contributor

@isegall-da isegall-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider not even making this optional. We deploy gha only in one place, and we want to use it there.

Copy link
Copy Markdown
Contributor Author

@jagathweerasinghe-da jagathweerasinghe-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Until the conifg.yml is merged from network-internals, this will end up in an error if another 'pulumi up' executed.

Copy link
Copy Markdown
Contributor

@isegall-da isegall-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I thought of that too. Initially I thought it's fine, and you just merge your other PR quickly. But given that that might be a bit tricky to get fully working, with permissions etc., maybe it's better for now to keep it optional so that we can always easy not apply it yet? And then at a later stage once everything is applied, drop the optional.

isegall-da
isegall-da approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@isegall-da isegall-da left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thank you

isegall-da
isegall-da reviewed May 29, 2026
View reviewed changes
Comment thread cluster/pulumi/gha/src/config.ts
mainnetHistoryDumpsUser: z
.object({
bucket: z.string().min(1),
wifProjectNumber: z.string().min(1),
Copy link
Copy Markdown
Contributor

@isegall-da isegall-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can/should this be an int instead of string?

Copy link
Copy Markdown
Contributor Author

@jagathweerasinghe-da jagathweerasinghe-da May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

project number is eventually used in a string for IAM role config; string is the way to go.

@jagathweerasinghe-da
add gcp sa
dfc76f8 
[static]

Signed-off-by: Jagath Weerasinghe <jagath.weerasinghe@digitalasset.com>
@jagathweerasinghe-da
parameterize bucket name
0ec4bd1 
[static]

Signed-off-by: Jagath Weerasinghe <jagath.weerasinghe@digitalasset.com>
@jagathweerasinghe-da
rm cluster check
40d1a04 
[static]

Signed-off-by: Jagath Weerasinghe <jagath.weerasinghe@digitalasset.com>
@jagathweerasinghe-da jagathweerasinghe-da force-pushed the wee/add_gcp_sa_for_gcs_dump_data_mgmt branch from ffd1d3e to 40d1a04 Compare May 29, 2026 16:05
@jagathweerasinghe-da
rm optional
dddc1f0 
[static]

Signed-off-by: Jagath Weerasinghe <jagath.weerasinghe@digitalasset.com>
@jagathweerasinghe-da
clean up
9d06501 
[static]

Signed-off-by: Jagath Weerasinghe <jagath.weerasinghe@digitalasset.com>
@jagathweerasinghe-da
add optional
6f7bc86 
[static]

Signed-off-by: Jagath Weerasinghe <jagath.weerasinghe@digitalasset.com>
@jagathweerasinghe-da jagathweerasinghe-da merged commit 4ec0f6b into main Jun 1, 2026
47 checks passed
@jagathweerasinghe-da jagathweerasinghe-da deleted the wee/add_gcp_sa_for_gcs_dump_data_mgmt branch June 1, 2026 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@isegall-da isegall-da isegall-da approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jagathweerasinghe-da @isegall-da