From 33bc480bb23a45e190a3431df7a503f9156f9ac4 Mon Sep 17 00:00:00 2001
From: Sanjay Vasandani <sanjayvas@google.com>
Date: Mon, 26 Feb 2024 12:50:39 -0800
Subject: [PATCH] Fix simulator service account not being created for GKE.

This addresses an issue that was missed in #1324.
---
 src/main/k8s/dev/BUILD.bazel                    |  6 +++---
 src/main/k8s/dev/bigquery_edp_simulator_gke.cue | 11 -----------
 src/main/k8s/dev/edp_simulator_gke.cue          | 11 ++++++++++-
 3 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/main/k8s/dev/BUILD.bazel b/src/main/k8s/dev/BUILD.bazel
index beb7ba11b9d..bac8ecf9606 100644
--- a/src/main/k8s/dev/BUILD.bazel
+++ b/src/main/k8s/dev/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@wfa_common_jvm//build:defs.bzl", "expand_template")
 load("@wfa_rules_cue//cue:defs.bzl", "cue_library")
 load(
     "//build:variables.bzl",
@@ -8,9 +9,8 @@ load(
     "KINGDOM_K8S_SETTINGS",
     "SIMULATOR_K8S_SETTINGS",
 )
-load("@wfa_common_jvm//build:defs.bzl", "expand_template")
-load("//src/main/k8s:macros.bzl", "cue_dump")
 load("//build/k8s:defs.bzl", "kustomization_dir")
+load("//src/main/k8s:macros.bzl", "cue_dump")
 
 SECRET_NAME = "certs-and-configs"
 
@@ -339,13 +339,13 @@ EDP_SIMULATOR_TAGS = {
     "image_tag": IMAGE_REPOSITORY_SETTINGS.image_tag,
     "kingdom_public_api_target": KINGDOM_K8S_SETTINGS.public_api_target,
     "duchy_public_api_target": DUCHY_K8S_SETTINGS.public_api_target,
+    "google_cloud_project": GCLOUD_SETTINGS.project,
 }
 
 cue_dump(
     name = "bigquery_edp_simulator_gke",
     srcs = ["bigquery_edp_simulator_gke.cue"],
     cue_tags = dict(EDP_SIMULATOR_TAGS.items() + {
-        "google_cloud_project": GCLOUD_SETTINGS.project,
         "bigquery_dataset": SIMULATOR_K8S_SETTINGS.bigquery_dataset,
         "bigquery_table": SIMULATOR_K8S_SETTINGS.bigquery_table,
     }.items()),
diff --git a/src/main/k8s/dev/bigquery_edp_simulator_gke.cue b/src/main/k8s/dev/bigquery_edp_simulator_gke.cue
index 6ac980c8608..4490e475c1d 100644
--- a/src/main/k8s/dev/bigquery_edp_simulator_gke.cue
+++ b/src/main/k8s/dev/bigquery_edp_simulator_gke.cue
@@ -14,8 +14,6 @@
 
 package k8s
 
-#SimulatorServiceAccount: "simulator"
-
 _bigQueryConfig: #BigQueryConfig & {
 	dataset: string @tag("bigquery_dataset")
 	table:   string @tag("bigquery_table")
@@ -41,16 +39,7 @@ edp_simulators: {
 				_container: {
 					resources: _resourceRequirements
 				}
-				spec: template: spec: #ServiceAccountPodSpec & {
-					serviceAccountName: #SimulatorServiceAccount
-				}
 			}
 		}
 	}
 }
-
-serviceAccounts: {
-	"\(#SimulatorServiceAccount)": #WorkloadIdentityServiceAccount & {
-		_iamServiceAccountName: "simulator"
-	}
-}
diff --git a/src/main/k8s/dev/edp_simulator_gke.cue b/src/main/k8s/dev/edp_simulator_gke.cue
index 77459e879de..752a563c97c 100644
--- a/src/main/k8s/dev/edp_simulator_gke.cue
+++ b/src/main/k8s/dev/edp_simulator_gke.cue
@@ -33,6 +33,8 @@ _secret_name:            string @tag("secret_name")
 _kingdomPublicApiTarget: string @tag("kingdom_public_api_target")
 _duchyPublicApiTarget:   string @tag("duchy_public_api_target")
 
+#SimulatorServiceAccount: "simulator"
+
 objectSets: [
 	serviceAccounts,
 	configMaps,
@@ -62,7 +64,9 @@ edp_simulators: {
 			_mc_resource_name:          _mc_name
 
 			deployment: {
-				spec: template: spec: #SpotVmPodSpec
+				spec: template: spec: #SpotVmPodSpec & #ServiceAccountPodSpec & {
+					serviceAccountName: #SimulatorServiceAccount
+				}
 			}
 		}
 	}
@@ -71,6 +75,11 @@ edp_simulators: {
 serviceAccounts: [Name=string]: #ServiceAccount & {
 	metadata: name: Name
 }
+serviceAccounts: {
+	"\(#SimulatorServiceAccount)": #WorkloadIdentityServiceAccount & {
+		_iamServiceAccountName: "simulator"
+	}
+}
 
 configMaps: [Name=string]: #ConfigMap & {
 	metadata: name: Name