kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix id in service module when reusing in a universe (#3698)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2026-02-03 19:28:57 +01:00
committed by GitHub
parent 3e277d808a
commit 0e760c3015
4 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/iam-service-account/README.md
View File

@@ -170,8 +170,8 @@ module "service-account-with-tags" {
| [prefix](variables.tf#L64) | Prefix applied to service account names. | <code>string</code> | | <code>null</code> |
| [project_id](variables.tf#L75) | Project id where service account will be created. This can be left null when reusing service accounts. | <code>string</code> | | <code>null</code> |
| [project_number](variables.tf#L89) | Project number of var.project_id. Set this to avoid permadiffs when creating tag bindings. This can be left null when reusing service accounts and tags are not used. | <code>string</code> | | <code>null</code> |
| [service_account_reuse](variables.tf#L96) | Reuse existing service account if not null. Data source can be forced disabled if tag bindings are not used, or unique id is set. | <code title="object&#40;&#123;&#10; use_data_source &#61; optional&#40;bool, true&#41;&#10; attributes &#61; optional&#40;object&#40;&#123;&#10; project_number &#61; number&#10; unique_id &#61; string&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [tag_bindings](variables.tf#L109) | Tag bindings for this service accounts, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [service_account_reuse](variables.tf#L96) | Reuse existing service account if not null. Data source can be forced disabled if tag bindings are not used, or unique id is set. | <code title="object&#40;&#123;&#10; use_data_source &#61; optional&#40;bool, true&#41;&#10; attributes &#61; optional&#40;object&#40;&#123;&#10; project_number &#61; number&#10; unique_id &#61; string&#10; &#125;&#41;&#41;&#10; universe &#61; optional&#40;object&#40;&#123;&#10; prefix &#61; string&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [tag_bindings](variables.tf#L112) | Tag bindings for this service accounts, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
## Outputs

14
modules/iam-service-account/main.tf
View File

@@ -42,7 +42,7 @@ locals {
)
static_iam_email = "serviceAccount:${local.static_email}"
static_id = (
"projects/${local.project_id}/serviceAccounts/${local.static_email}"
"projects/${local.project_id_universe}/serviceAccounts/${local.static_email}"
)
service_account = (
local.use_data_source
@@ -50,11 +50,21 @@ locals {
: try(google_service_account.service_account[0], null)
)
# universe-related locals
universe = try(regex("^([^:]*):[a-z]", local.project_id)[0], "")
universe = try(
regex("^([^:]*):[a-z]", local.project_id)[0],
var.service_account_reuse.universe.prefix,
""
)
use_data_source = (
try(var.service_account_reuse.use_data_source, null) == true
)
project_id_no_universe = element(split(":", local.project_id), 1)
# reassemble project id for cases where we are reusing service account
project_id_universe = (
local.universe == ""
? local.project_id
: "${local.universe}:${local.project_id_no_universe}"
)
sa_domain = join(".", compact([
local.project_id_no_universe, local.universe
]))

3
modules/iam-service-account/variables.tf
View File

@@ -101,6 +101,9 @@ variable "service_account_reuse" {
project_number = number
unique_id = string
}))
universe = optional(object({
prefix = string
}))
})
nullable = true
default = null