From 56bb1121370897a093ff9070aa8b932cc90d0d8a Mon Sep 17 00:00:00 2001
From: Dustin Lactin <dlactin@mozilla.com>
Date: Thu, 10 Apr 2025 11:19:24 -0600
Subject: [PATCH 1/2] fix(google_gke_tenant): updated gcp_sa_name variable to
 use name instead of email

---
 google_gke_tenant/gke_service_account.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/google_gke_tenant/gke_service_account.tf b/google_gke_tenant/gke_service_account.tf
index c7e57e4f..5d6f641d 100644
--- a/google_gke_tenant/gke_service_account.tf
+++ b/google_gke_tenant/gke_service_account.tf
@@ -12,7 +12,7 @@ module "workload-identity-for-tenant-sa" {
   project_id          = var.cluster_project_id
   use_existing_k8s_sa = true
   use_existing_gcp_sa = true
-  gcp_sa_name         = google_service_account.gke-account.email
+  gcp_sa_name         = google_service_account.gke-account.name
 }
 
 module "workload-identity-for-generic-tenant-sa" {
@@ -23,7 +23,7 @@ module "workload-identity-for-generic-tenant-sa" {
   project_id          = var.cluster_project_id
   use_existing_k8s_sa = true
   use_existing_gcp_sa = true
-  gcp_sa_name         = google_service_account.gke-account.email
+  gcp_sa_name         = google_service_account.gke-account.name
 }
 
 module "workload-identity-for-tenant-external-secrets-sa" {
@@ -34,7 +34,7 @@ module "workload-identity-for-tenant-external-secrets-sa" {
   project_id          = var.cluster_project_id
   use_existing_k8s_sa = true
   use_existing_gcp_sa = true
-  gcp_sa_name         = google_service_account.gke-account.email
+  gcp_sa_name         = google_service_account.gke-account.name
 }
 
 # permissions for use with External Secrets Operator in GKE

From 123357f8b1471b3a7896506dac0c555597eaf496 Mon Sep 17 00:00:00 2001
From: Dustin Lactin <dlactin@mozilla.com>
Date: Thu, 10 Apr 2025 11:34:37 -0600
Subject: [PATCH 2/2] fix(google_gke_tenant): providing gcp_sa_email for
 existing service accounts

---
 google_gke_tenant/gke_service_account.tf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/google_gke_tenant/gke_service_account.tf b/google_gke_tenant/gke_service_account.tf
index 5d6f641d..c5b3698d 100644
--- a/google_gke_tenant/gke_service_account.tf
+++ b/google_gke_tenant/gke_service_account.tf
@@ -13,6 +13,7 @@ module "workload-identity-for-tenant-sa" {
   use_existing_k8s_sa = true
   use_existing_gcp_sa = true
   gcp_sa_name         = google_service_account.gke-account.name
+  gcp_sa_email        = google_service_account.gke-account.email
 }
 
 module "workload-identity-for-generic-tenant-sa" {
@@ -24,6 +25,7 @@ module "workload-identity-for-generic-tenant-sa" {
   use_existing_k8s_sa = true
   use_existing_gcp_sa = true
   gcp_sa_name         = google_service_account.gke-account.name
+  gcp_sa_email        = google_service_account.gke-account.email
 }
 
 module "workload-identity-for-tenant-external-secrets-sa" {
@@ -35,6 +37,7 @@ module "workload-identity-for-tenant-external-secrets-sa" {
   use_existing_k8s_sa = true
   use_existing_gcp_sa = true
   gcp_sa_name         = google_service_account.gke-account.name
+  gcp_sa_email        = google_service_account.gke-account.email
 }
 
 # permissions for use with External Secrets Operator in GKE