terraform-google-kubernetes-engine icon indicating copy to clipboard operation
terraform-google-kubernetes-engine copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

fix: handle random suffix only when `create_service_account` is false - Issue #1808

Open lucetre opened this issue 2 years ago • 2 comments

Description

This pull request addresses issue #1808, which pertains to the generation of random suffixes for service account names even when create_service_account is set to false. The changes ensure that the random suffix logic is conditioned on the create_service_account setting.

Changes Made

  1. Updated the service_account_default_name local variable in sa.tf to conditionally include the random suffix only when create_service_account is true.
  2. Modified the random_string resource to have a count condition, ensuring it is created only when create_service_account is true.

Testing

  • [x] Ensure the create_service_account variable is set to false.
  • [x] Verify that the random_string.cluster_service_account_suffix resource is not created when create_service_account is false.
  • [x] Confirm that the service account name is generated correctly without a random suffix in the absence of random_string.cluster_service_account_suffix.
Testing codes 
variable "name" {
  type    = string
  default = ""
}

variable "create_service_account" {
  type    = bool
  default = false
}

variable "service_account_name" {
  type    = string
  default = ""
}

locals {
  service_account_default_name = "tf-gke-${substr(var.name, 0, min(15, length(var.name)))}-${var.create_service_account ? random_string.cluster_service_account_suffix[0].result : ""}"
}

resource "random_string" "cluster_service_account_suffix" {
  count   = var.create_service_account ? 1 : 0
  upper   = false
  lower   = true
  special = false
  length  = 4
}

resource "google_service_account" "cluster_service_account" {
  count        = var.create_service_account ? 1 : 0
  project      = var.project_id
  account_id   = var.service_account_name == "" ? local.service_account_default_name : var.service_account_name
  display_name = "Terraform-managed service account for cluster ${var.name}"
}

Related Issue

  • #1808

lucetre avatar Dec 01 '23 14:12 lucetre

/gcbrun

apeabody avatar Jan 22 '24 16:01 apeabody

Thanks - I was looking for the same thing.

Though I think you need to modify autogen/main/sa.tf.impl instead and then run make build.

Bo98 avatar Feb 23 '24 23:02 Bo98

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Apr 24 '24 23:04 github-actions[bot]