fetch and set up secret for skaffold-metrics project

GoogleContainerTools · Jun 29, 2021 · 118a557 · 118a557
1 parent 7b496d2
commit 118a557
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/deploy/setup-secret.sh b/deploy/setup-secret.sh
@@ -17,6 +17,7 @@
 set -x
 # set default project id
 PROJECT_ID="k8s-skaffold"
+METRICS_PROJECT_ID="skaffold-metrics"
 KEY_FILE="./secrets/keys.json"
 BUCKET_ID="k8s-skaffold-secrets"
 LATEST_GCS_PATH="keys.json"
@@ -30,10 +31,10 @@ done
 
 function download_existing_key() {
   # Download a valid key created within the past two weeks.
-  KEY_IDS=$(gcloud iam service-accounts keys list --iam-account=metrics-writer@k8s-skaffold.iam.gserviceaccount.com --project=k8s-skaffold --managed-by=user --filter="validAfterTime>-P2W" --format="value(name)")
+  KEY_IDS=$(gcloud iam service-accounts keys list --iam-account=metrics-writer@${METRICS_PROJECT_ID}.iam.gserviceaccount.com --project=${METRICS_PROJECT_ID} --managed-by=user --format="value(name)")
   while read -r KEY_ID
   do
-    if gsutil cp gs://${BUCKET_ID}/${KEY_ID}.json ${KEY_FILE}; then
+    if gsutil cp gs://${BUCKET_ID}/${LATEST_GCS_PATH}.json ${KEY_FILE}; then
       echo "Downloaded existing key to ${KEY_FILE}"
       return 0
     fi
@@ -43,14 +44,14 @@ function download_existing_key() {
 
 function upload_new_key() {
   echo "Creating new service account key..."
-  gcloud iam service-accounts keys create ${KEY_FILE} --iam-account=metrics-writer@${PROJECT_ID}.iam.gserviceaccount.com --project=${PROJECT_ID}
+  gcloud iam service-accounts keys create ${KEY_FILE} --iam-account=metrics-writer@${METRICS_PROJECT_ID}.iam.gserviceaccount.com --project=${METRICS_PROJECT_ID}
   retVal=$?
   if [ $retVal -ne 0 ]; then
     echo "No key created."
     return 1
   fi
   echo "New service account key created."
-  KEY_ID=$(gcloud iam service-accounts keys list --iam-account=metrics-writer@k8s-skaffold.iam.gserviceaccount.com --project=k8s-skaffold --managed-by=user --filter="validAfterTime.date('%Y-%m-%d', Z) = `date +%F`" --format="value(name)" --limit=1)
+  KEY_ID=$(gcloud iam service-accounts keys list --iam-account=metrics-writer@${METRICS_PROJECT_ID}.iam.gserviceaccount.com --project=${METRICS_PROJECT_ID} --managed-by=user --format="value(name)" --limit=1)
   gsutil cp ${KEY_FILE} gs://${BUCKET_ID}/${KEY_ID}.json
   gsutil cp ${KEY_FILE} gs://${BUCKET_ID}/${LATEST_GCS_PATH}
   echo "New service account key uploaded to GCS."