fix: add a new variable for service account name

terraform-google-modules · Apr 17, 2023 · baefc13 · baefc13
1 parent b6b2ebc
commit baefc13
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/autogen/main/sa.tf.tmpl b/autogen/main/sa.tf.tmpl
@@ -17,9 +17,17 @@
 {{ autogeneration_note }}
 
 locals {
+  service_account_list = compact(
+    concat(
+      google_service_account.cluster_service_account.*.email,
+      ["dummy"],
+    ),
+  )
   service_account_default_name = "tf-gke-${substr(var.name, 0, min(15, length(var.name)))}-${random_string.cluster_service_account_suffix.result}"
+  service_account_name = var.service_account_name == "" ? local.service_account_default_name : var.service_account_name
+
   // if user set var.service_account it will be used even if var.create_service_account==true, so service account will be created but not used
-  service_account = (var.service_account == "" || var.service_account == "create") && var.create_service_account ? local.service_account_default_name : var.service_account
+  service_account = (var.service_account == "" || var.service_account == "create") && var.create_service_account ? local.service_account_list[0] : var.service_account
 
   registry_projects_list = length(var.registry_project_ids) == 0 ? [var.project_id] : var.registry_project_ids
 }
@@ -34,7 +42,7 @@ resource "random_string" "cluster_service_account_suffix" {
 resource "google_service_account" "cluster_service_account" {
   count        = var.create_service_account ? 1 : 0
   project      = var.project_id
-  account_id   = local.service_account
+  account_id   = local.service_account_name
   display_name = "Terraform-managed service account for cluster ${var.name}"
 }
 

diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -383,6 +383,12 @@ variable "service_account" {
   default     = ""
 }
 
+variable "service_account_name" {
+  type        = string
+  description = "The name of the service account that will be created if create_service_account is true."
+  default     = ""
+}
+
 variable "issue_client_certificate" {
   type        = bool
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"