From 931b1e74ff5011197497374ed248abb32c5bc0bd Mon Sep 17 00:00:00 2001
From: Daniel Panzella <daniel.panzella@wandb.com>
Date: Mon, 9 Dec 2024 09:29:59 -0800
Subject: [PATCH 1/3] feat: Enable bufstream to use workload identity for auth

---
 main.tf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/main.tf b/main.tf
index 8e1103c3..c2aa7196 100644
--- a/main.tf
+++ b/main.tf
@@ -28,6 +28,7 @@ locals {
   create_network = var.network == null
   k8s_sa_map = {
     app         = "wandb-app"
+    bufstream   = "wandb-bufstream"
     parquet     = "wandb-parquet"
     flat_runs   = "wandb-flat-run-fields-updater"
     weave       = "wandb-weave"
@@ -326,6 +327,15 @@ module "wandb" {
         ]
       }
 
+      bufstream = {
+        serviceAccount = var.create_workload_identity ? {
+          name        = local.k8s_sa_map.bufstream
+          annotations = { "iam.gke.io/gcp-service-account" = module.service_accounts.sa_account_role }
+          } : {
+          name        = ""
+          annotations = {}
+        }
+      }
       ingress = {
         create       = var.public_access # external ingress for public connection
         nameOverride = var.namespace

From c6caed02b366a9d55a250f3620362ce8797fb8fe Mon Sep 17 00:00:00 2001
From: Daniel Panzella <daniel.panzella@wandb.com>
Date: Mon, 9 Dec 2024 09:32:20 -0800
Subject: [PATCH 2/3] fix: Correct bufstream values structure

---
 main.tf | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index c2aa7196..89dfcbd2 100644
--- a/main.tf
+++ b/main.tf
@@ -328,12 +328,14 @@ module "wandb" {
       }
 
       bufstream = {
-        serviceAccount = var.create_workload_identity ? {
-          name        = local.k8s_sa_map.bufstream
-          annotations = { "iam.gke.io/gcp-service-account" = module.service_accounts.sa_account_role }
+        bufstream = {
+          serviceAccount = var.create_workload_identity ? {
+            name = local.k8s_sa_map.bufstream
+            annotations = { "iam.gke.io/gcp-service-account" = module.service_accounts.sa_account_role }
           } : {
-          name        = ""
-          annotations = {}
+            name = ""
+            annotations = {}
+          }
         }
       }
       ingress = {

From f66e9a020047dd474861f4b30f135e3201f93597 Mon Sep 17 00:00:00 2001
From: Daniel Panzella <daniel.panzella@wandb.com>
Date: Mon, 9 Dec 2024 14:06:26 -0800
Subject: [PATCH 3/3] fix: terraform fmt

---
 main.tf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/main.tf b/main.tf
index 89dfcbd2..fd8c7feb 100644
--- a/main.tf
+++ b/main.tf
@@ -322,7 +322,7 @@ module "wandb" {
         internalJWTMap = [
           {
             subject = "system:serviceaccount:default:${local.k8s_sa_map.weave_trace}"
-            issuer = var.kubernetes_cluster_oidc_issuer_url
+            issuer  = var.kubernetes_cluster_oidc_issuer_url
           }
         ]
       }
@@ -330,10 +330,10 @@ module "wandb" {
       bufstream = {
         bufstream = {
           serviceAccount = var.create_workload_identity ? {
-            name = local.k8s_sa_map.bufstream
+            name        = local.k8s_sa_map.bufstream
             annotations = { "iam.gke.io/gcp-service-account" = module.service_accounts.sa_account_role }
-          } : {
-            name = ""
+            } : {
+            name        = ""
             annotations = {}
           }
         }