Closed maqiuyujoyce closed 6 years ago
I refactored the commit based on the new comments in #120. Now sc installer will create one service account for each cluster, and it will be able to create an idempotent experience for the users.
Since the cluster name is actually very long while SA name has a maximum length of 30 characters, I decided to use MD5 hash and base32 encoding to construct valid and unique SA names.
For existent users, a warning is printed when running sc remove-gcp-broker
so that they will know the deprecation of service account _service-catalog-gcp@[projectid].iam.gserviceaccount.com.
One question is that: Can different users share the same cluster at the same time? If so, it might cause problems.
This change also fixes #125 and partially addresses #38. The second part of the problem for #38 is that if we keep running sc add-gcp-broker
, we will get failures from the second time. However, it won't stop new keys from being created. So do we want to remove the newly created keys when sc add-gcp-broker
failed?
Please test this scenario:
(1) sc add-gcp-broker
(2) users delete the service acccount
(3) sc add-gcp-broker
again
Another scenario:
(1) sc add-gcp-broker
(2) sc add-gcp-broker
many times
sc add-gcp-broker
idempotent? I guess we keep creating a private key, and it will eventually fail? Failing is okay, but we could output the error message that "Warning: please run sc uninstall
before running sc install
".
Fixes #120