refactor service account module outputs

modules/iam-service-accounts/main.tf

@@ -54,32 +54,13 @@ locals {
       ]
     ]
   ])
-  keys = (
-    var.generate_keys
-    ? {
-      for name in var.names :
-      name => lookup(google_service_account_key.keys, name, null)
-    }
-    : {}
-  )
-  prefix = (
-    var.prefix != ""
-    ? "${var.prefix}-"
-    : ""
-  )
-  resource = (
-    length(var.names) > 0
-    ? lookup(local.resources, var.names[0], null)
-    : null
-  )
+  keys     = var.generate_keys ? google_service_account_key.keys : {}
+  prefix   = var.prefix != null ? "${var.prefix}-" : ""
+  resource = try(google_service_account.service_accounts[var.names[0]], null)
   resource_iam_emails = {
-    for name, resource in local.resources :
+    for name, resource in google_service_account.service_accounts :
     name => "serviceAccount:${resource.email}"
   }
-  resources = {
-    for name in var.names :
-    name => lookup(google_service_account.service_accounts, name, null)
-  }
 }
 
 resource "google_service_account" "service_accounts" {

modules/iam-service-accounts/outputs.tf

@@ -21,27 +21,30 @@ output "service_account" {
 
 output "service_accounts" {
   description = "Service account resources."
-  value       = local.resources
+  value       = google_service_account.service_accounts
 }
 
 output "email" {
   description = "Service account email (for single use)."
-  value       = local.resource == null ? null : local.resource.email
+  value       = try(local.resource.email, null)
 }
 
 output "iam_email" {
   description = "IAM-format service account email (for single use)."
-  value       = local.resource == null ? null : "serviceAccount:${local.resource.email}"
+  value       = try("serviceAccount:${local.resource.email}", null)
 }
 
 output "key" {
   description = "Service account key (for single use)."
-  value       = lookup(local.keys, var.names[0], null)
+  value       = try(local.keys[var.names[0]], null)
 }
 
 output "emails" {
   description = "Service account emails."
-  value       = { for name, resource in local.resources : name => resource.email }
+  value = {
+    for name, resource in google_service_account.service_accounts :
+    name => resource.email
+  }
 }
 
 output "iam_emails" {
@@ -51,12 +54,18 @@ output "iam_emails" {
 
 output "emails_list" {
   description = "Service account emails."
-  value       = [for name, resource in local.resources : resource.email]
+  value = [
+    for name, resource in google_service_account.service_accounts :
+    resource.email
+  ]
 }
 
 output "iam_emails_list" {
   description = "IAM-format service account emails."
-  value       = [for name, resource in local.resources : "serviceAccount:${resource.email}"]
+  value = [
+    for name, resource in google_service_account.service_accounts :
+    "serviceAccount:${resource.email}"
+  ]
 }
 
 output "keys" {

modules/iam-service-accounts/variables.tf

@@ -20,23 +20,6 @@ variable "generate_keys" {
   default     = false
 }
 
-variable "names" {
-  description = "Names of the service accounts to create."
-  type        = list(string)
-  default     = []
-}
-
-variable "prefix" {
-  description = "Prefix applied to service account names."
-  type        = string
-  default     = ""
-}
-
-variable "project_id" {
-  description = "Project id where service account will be created."
-  type        = string
-}
-
 variable "iam_members" {
   description = "Map of member lists which are granted authoritative roles on the service accounts, keyed by role."
   type        = map(list(string))
@@ -78,3 +61,20 @@ variable "iam_storage_roles" {
   type        = map(list(string))
   default     = {}
 }
+
+variable "names" {
+  description = "Names of the service accounts to create."
+  type        = list(string)
+  default     = []
+}
+
+variable "prefix" {
+  description = "Prefix applied to service account names."
+  type        = string
+  default     = null
+}
+
+variable "project_id" {
+  description = "Project id where service account will be created."
+  type        = string
+}