Skip to content

Commit 8d79788

Browse files
julientinguely-dajulientinguely-da
authored
Make getSecretVersion work when fetching secret in external project (#4573)
Signed-off-by: Julien Tinguely <julien.tinguely@digitalasset.com>
1 parent 2b590c2 commit 8d79788

File tree

3 files changed

+7
-4
lines changed

3 files changed

+7
-4
lines changed

cluster/expected/canton-network/expected.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@
5151
"data": {
5252
"4dabf18193072939515e22adb298388d": "1b47061264138c4ac30d75fd1eb44270",
5353
"value": {
54-
"json-credentials": "eyJidWNrZXROYW1lIjoidG9wb2xvZ3ktc25hcHNob3QtYnVja2V0LW5hbWUiLCJzZWNyZXROYW1lIjoiZ2NwLXRvcG9sb2d5LXNuYXBzaG90LWJ1Y2tldC1zYS1rZXktc2VjcmV0IiwianNvbkNyZWRlbnRpYWxzIjoidG9wb2xvZ3ktc25hcHNob3QtYnVja2V0LXNhLWtleS1zZWNyZXQtY3JlZHMiLCJidWNrZXRTYUtleVNlY3JldCI6ImdjcC10b3BvbG9neS1zbmFwc2hvdC1idWNrZXQtc2Eta2V5LWV4YW1wbGUiLCJidWNrZXRTYUlhbUFjY291bnQiOiJkYS1jbi1leGFtcGxldEBkYS1jbi1zaGFyZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20ifQ=="
54+
"json-credentials": "eyJwcm9qZWN0SWQiOiJkYS1jbi1zaGFyZWQiLCJidWNrZXROYW1lIjoidG9wb2xvZ3ktc25hcHNob3QtYnVja2V0LW5hbWUiLCJzZWNyZXROYW1lIjoiZ2NwLXRvcG9sb2d5LXNuYXBzaG90LWJ1Y2tldC1zYS1rZXktc2VjcmV0IiwianNvbkNyZWRlbnRpYWxzIjoidG9wb2xvZ3ktc25hcHNob3QtYnVja2V0LXNhLWtleS1zZWNyZXQtY3JlZHMiLCJidWNrZXRTYUtleVNlY3JldCI6ImdjcC10b3BvbG9neS1zbmFwc2hvdC1idWNrZXQtc2Eta2V5LWV4YW1wbGUiLCJidWNrZXRTYUlhbUFjY291bnQiOiJkYS1jbi1leGFtcGxldEBkYS1jbi1zaGFyZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20ifQ=="
5555
}
5656
},
5757
"kind": "Secret",
@@ -3197,7 +3197,7 @@
31973197
"location": {
31983198
"bucket": {
31993199
"bucketName": "cn-topology-snapshots",
3200-
"jsonCredentials": "{\"bucketName\":\"topology-snapshot-bucket-name\",\"secretName\":\"gcp-topology-snapshot-bucket-sa-key-secret\",\"jsonCredentials\":\"topology-snapshot-bucket-sa-key-secret-creds\",\"bucketSaKeySecret\":\"gcp-topology-snapshot-bucket-sa-key-example\",\"bucketSaIamAccount\":\"da-cn-examplet@da-cn-shared.iam.gserviceaccount.com\"}",
3200+
"jsonCredentials": "{\"projectId\":\"da-cn-shared\",\"bucketName\":\"topology-snapshot-bucket-name\",\"secretName\":\"gcp-topology-snapshot-bucket-sa-key-secret\",\"jsonCredentials\":\"topology-snapshot-bucket-sa-key-secret-creds\",\"bucketSaKeySecret\":\"gcp-topology-snapshot-bucket-sa-key-example\",\"bucketSaIamAccount\":\"da-cn-examplet@da-cn-shared.iam.gserviceaccount.com\"}",
32013201
"projectId": "da-cn-shared",
32023202
"secretName": "cn-gcp-bucket-da-cn-shared-cn-topology-snapshots"
32033203
},

cluster/pulumi/common/src/buckets.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,11 @@ export type BucketConfig = {
2424
export async function bootstrapBucket(
2525
projectId: string,
2626
bucketName: string,
27-
gcpSecretName: string
27+
gcpSecretName: string,
28+
isSharedBucket: boolean = false
2829
): Promise<GcpBucket> {
2930
const cred = await gcp.secretmanager.getSecretVersion({
31+
project: isSharedBucket ? projectId : undefined,
3032
secret: gcpSecretName,
3133
});
3234
return {

cluster/pulumi/common/src/topology-snapshot.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,8 @@ export async function topologySnapshotConfig(
1212
const bucketSpec = await bootstrapBucket(
1313
configuration.projectId,
1414
configuration.bucketName,
15-
configuration.bucketSaKeySecret
15+
configuration.bucketSaKeySecret,
16+
true
1617
);
1718
return {
1819
backupInterval: configuration.backupInterval,

0 commit comments

Comments
 (0)