fix(terraform): Correct assumptions around naming

bheesham · bheesham · commit 474de225412f · 2025-08-12T10:02:57.000-04:00
* Cluster names were not the same as the filenames;
* The Service Account name was prefixed with `gha`, the release name.

Jira: IAM-1735
diff --git a/terraform/infra/common/oidc_gke.tf b/terraform/infra/common/oidc_gke.tf
@@ -4,7 +4,7 @@ module "oidc_gke_webservices_high_private_nonprod" {
   source           = "github.com/mozilla/terraform-modules//aws_gke_oidc_config?ref=aws_gke_oidc_config-0.1.0"
   gcp_region       = "us-west1"
   gcp_project_id   = "moz-fx-webservices-high-nonpro"
-  gke_cluster_name = "webservices-high-private-nonprod-us-west1"
+  gke_cluster_name = "webservices-high-nonprod"
 }
 
 # From:
@@ -13,5 +13,5 @@ module "oidc_gke_webservices_high_private_prod" {
   source           = "github.com/mozilla/terraform-modules//aws_gke_oidc_config?ref=aws_gke_oidc_config-0.1.0"
   gcp_region       = "us-west1"
   gcp_project_id   = "moz-fx-webservices-high-prod"
-  gke_cluster_name = "webservices-high-private-prod-us-west1"
+  gke_cluster_name = "webservices-high-prod"
 }
diff --git a/terraform/infra/dev/defaults.auto.tfvars b/terraform/infra/dev/defaults.auto.tfvars
@@ -1,5 +1,5 @@
 environment      = "development"
 gcp_region       = "us-west1"
-gke_cluster_name = "webservices-high-private-nonprod-us-west1"
+gke_cluster_name = "webservices-high-nonprod"
 gcp_project_id   = "moz-fx-webservices-high-nonpro"
 gke_namespace    = "iam-dev"
diff --git a/terraform/infra/dev/iam_gke.tf b/terraform/infra/dev/iam_gke.tf
@@ -32,6 +32,6 @@ module "cis_profile_retrieval_api" {
   gke_cluster_name    = var.gke_cluster_name
   gcp_project_id      = var.gcp_project_id
   gke_namespace       = var.gke_namespace
-  gke_service_account = "cis-profile-retrieval-api"
+  gke_service_account = "gha-cis-profile-retrieval-api"
   iam_policy_arns     = [aws_iam_policy.cis_dynamo_read.arn]
 }

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ module "oidc_gke_webservices_high_private_nonprod" {`
`4`	`4`	`source = "github.com/mozilla/terraform-modules//aws_gke_oidc_config?ref=aws_gke_oidc_config-0.1.0"`
`5`	`5`	`gcp_region = "us-west1"`
`6`	`6`	`gcp_project_id = "moz-fx-webservices-high-nonpro"`
`7`		`- gke_cluster_name = "webservices-high-private-nonprod-us-west1"`
	`7`	`+ gke_cluster_name = "webservices-high-nonprod"`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`# From:`
`@@ -13,5 +13,5 @@ module "oidc_gke_webservices_high_private_prod" {`
`13`	`13`	`source = "github.com/mozilla/terraform-modules//aws_gke_oidc_config?ref=aws_gke_oidc_config-0.1.0"`
`14`	`14`	`gcp_region = "us-west1"`
`15`	`15`	`gcp_project_id = "moz-fx-webservices-high-prod"`
`16`		`- gke_cluster_name = "webservices-high-private-prod-us-west1"`
	`16`	`+ gke_cluster_name = "webservices-high-prod"`
`17`	`17`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,6 @@ module "cis_profile_retrieval_api" {`
`32`	`32`	`gke_cluster_name = var.gke_cluster_name`
`33`	`33`	`gcp_project_id = var.gcp_project_id`
`34`	`34`	`gke_namespace = var.gke_namespace`
`35`		`- gke_service_account = "cis-profile-retrieval-api"`
	`35`	`+ gke_service_account = "gha-cis-profile-retrieval-api"`
`36`	`36`	`iam_policy_arns = [aws_iam_policy.cis_dynamo_read.arn]`
`37`	`37`	`}`