From 6bdea96edfb9dfecd82d7bbab4fd57d6e89c03d7 Mon Sep 17 00:00:00 2001 From: Thomas Griseau Date: Mon, 17 Apr 2023 11:51:13 +0200 Subject: [PATCH] fix: add a new variable for service account name --- autogen/main/sa.tf.tmpl | 12 ++++++++++-- autogen/main/variables.tf.tmpl | 6 ++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/autogen/main/sa.tf.tmpl b/autogen/main/sa.tf.tmpl index f5a02ef8c6..5dd65d97bc 100644 --- a/autogen/main/sa.tf.tmpl +++ b/autogen/main/sa.tf.tmpl @@ -17,9 +17,17 @@ {{ autogeneration_note }} locals { + service_account_list = compact( + concat( + google_service_account.cluster_service_account.*.email, + ["dummy"], + ), + ) service_account_default_name = "tf-gke-${substr(var.name, 0, min(15, length(var.name)))}-${random_string.cluster_service_account_suffix.result}" + service_account_name = var.service_account_name ? var.service_account_name : local.service_account_default_name + // if user set var.service_account it will be used even if var.create_service_account==true, so service account will be created but not used - service_account = (var.service_account == "" || var.service_account == "create") && var.create_service_account ? local.service_account_default_name : var.service_account + service_account = (var.service_account == "" || var.service_account == "create") && var.create_service_account ? local.service_account_list[0] : var.service_account registry_projects_list = length(var.registry_project_ids) == 0 ? [var.project_id] : var.registry_project_ids } @@ -34,7 +42,7 @@ resource "random_string" "cluster_service_account_suffix" { resource "google_service_account" "cluster_service_account" { count = var.create_service_account ? 1 : 0 project = var.project_id - account_id = local.service_account + account_id = local.service_account_name display_name = "Terraform-managed service account for cluster ${var.name}" } diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index c4f44dfcc7..75ef590b08 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -383,6 +383,12 @@ variable "service_account" { default = "" } +variable "service_account_name" { + type = string + description = "The name of the service account that will be created if create_service_account is true." + default = "" +} + variable "issue_client_certificate" { type = bool description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"