Use a kubernetes service account if one is specified

[ohrite]

Description

Adds a kubernetes service account for staging DAGs.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation

How has this been tested?

terraform plan and ongoing work on #4023

Post-merge follow-ups

• No action required
• Actions required (specified below)

Monitor terraform apply

[github-actions]

Terraform plan in iac/cal-itp-data-infra-staging/airflow/us

Plan: 0 to add, 2 to change, 0 to destroy.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
!~  update in-place

Terraform will perform the following actions:

  # google_storage_bucket_object.calitp-staging-composer["plugins/operators/pod_operator.py"] will be updated in-place
!~  resource "google_storage_bucket_object" "calitp-staging-composer" {
!~      crc32c              = "tj5eaw==" -> (known after apply)
!~      detect_md5hash      = "OUt+5FEzBToJsY29MClGeg==" -> "different hash"
!~      generation          = 1749663110737169 -> (known after apply)
        id                  = "calitp-staging-composer-plugins/operators/pod_operator.py"
!~      md5hash             = "OUt+5FEzBToJsY29MClGeg==" -> (known after apply)
        name                = "plugins/operators/pod_operator.py"
#        (17 unchanged attributes hidden)
    }

  # google_storage_bucket_object.calitp-staging-composer-partial_parse will be updated in-place
!~  resource "google_storage_bucket_object" "calitp-staging-composer-partial_parse" {
        id                  = "calitp-staging-composer-data/warehouse/target/partial_parse.msgpack"
        name                = "data/warehouse/target/partial_parse.msgpack"
#        (21 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

📝 Plan generated in Plan Airflow DAGs #175

[github-actions]

Terraform plan in iac/cal-itp-data-infra/airflow/us

Plan: 1 to add, 3 to change, 0 to destroy.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+   create
!~  update in-place

Terraform will perform the following actions:

  # google_storage_bucket_object.calitp-composer["plugins/operators/pod_operator.py"] will be updated in-place
!~  resource "google_storage_bucket_object" "calitp-composer" {
!~      crc32c              = "tj5eaw==" -> (known after apply)
!~      detect_md5hash      = "OUt+5FEzBToJsY29MClGeg==" -> "different hash"
!~      generation          = 1751416673613057 -> (known after apply)
        id                  = "calitp-composer-plugins/operators/pod_operator.py"
!~      md5hash             = "OUt+5FEzBToJsY29MClGeg==" -> (known after apply)
        name                = "plugins/operators/pod_operator.py"
#        (17 unchanged attributes hidden)
    }

  # google_storage_bucket_object.calitp-composer-catalog will be updated in-place
!~  resource "google_storage_bucket_object" "calitp-composer-catalog" {
!~      content             = (sensitive value)
!~      crc32c              = "vch5TA==" -> (known after apply)
!~      detect_md5hash      = "eBGyxPu1cnR8f6e+97JsdQ==" -> "different hash"
!~      generation          = 1751485820893572 -> (known after apply)
        id                  = "calitp-composer-data/warehouse/target/catalog.json"
!~      md5hash             = "eBGyxPu1cnR8f6e+97JsdQ==" -> (known after apply)
        name                = "data/warehouse/target/catalog.json"
#        (16 unchanged attributes hidden)
    }

  # google_storage_bucket_object.calitp-composer-manifest will be updated in-place
!~  resource "google_storage_bucket_object" "calitp-composer-manifest" {
!~      content             = (sensitive value)
!~      crc32c              = "SLqSDA==" -> (known after apply)
!~      detect_md5hash      = "YFjh35FkgCKpNuUEX+PCyQ==" -> "different hash"
!~      generation          = 1751485822274209 -> (known after apply)
        id                  = "calitp-composer-data/warehouse/target/manifest.json"
!~      md5hash             = "YFjh35FkgCKpNuUEX+PCyQ==" -> (known after apply)
        name                = "data/warehouse/target/manifest.json"
#        (16 unchanged attributes hidden)
    }

  # google_storage_bucket_object.calitp-composer-partial_parse will be created
+   resource "google_storage_bucket_object" "calitp-composer-partial_parse" {
+       bucket         = "calitp-composer"
+       content        = (sensitive value)
+       content_type   = "application/vnd.msgpack"
+       crc32c         = (known after apply)
+       detect_md5hash = "different hash"
+       generation     = (known after apply)
+       id             = (known after apply)
+       kms_key_name   = (known after apply)
+       md5hash        = (known after apply)
+       md5hexhash     = (known after apply)
+       media_link     = (known after apply)
+       name           = "data/warehouse/target/partial_parse.msgpack"
+       output_name    = (known after apply)
+       self_link      = (known after apply)
+       storage_class  = (known after apply)
    }

Plan: 1 to add, 3 to change, 0 to destroy.

❌ Error applying plan in Apply Airflow DAGs #28

[github-actions]

Terraform plan in iac/cal-itp-data-infra-staging/composer/us

Plan: 0 to add, 1 to change, 0 to destroy.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
!~  update in-place

Terraform will perform the following actions:

  # google_composer_environment.calitp-staging-composer will be updated in-place
!~  resource "google_composer_environment" "calitp-staging-composer" {
        id               = "projects/cal-itp-data-infra-staging/locations/us-west2/environments/calitp-staging-composer"
        name             = "calitp-staging-composer"
#        (5 unchanged attributes hidden)

!~      config {
#            (8 unchanged attributes hidden)

!~          software_config {
!~              env_variables            = {
!~                  "SERVICE_ACCOUNT_NAME"                                 = "composer-service-account@cal-itp-data-infra-staging.iam.gserviceaccount.com" -> "composer-service-account"
#                    (49 unchanged elements hidden)
                }
#                (6 unchanged attributes hidden)

#                (1 unchanged block hidden)
            }

#            (8 unchanged blocks hidden)
        }

#        (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

📝 Plan generated in Terraform Plan #347