Truncate optional service account name, simplify service account expansion

adrienthebo · Jberlinsky · commit 61796be5daf2 · 2019-02-13T09:47:27.000-05:00
diff --git a/autogen/cluster_regional.tf b/autogen/cluster_regional.tf
@@ -81,7 +81,7 @@ resource "google_container_cluster" "primary" {
     name = "default-pool"
 
     node_config {
-      service_account = "${lookup(var.node_pools[0], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"
+      service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
     }
   }
 {% if private_cluster %}
@@ -127,7 +127,7 @@ resource "google_container_node_pool" "pools" {
 
     disk_size_gb    = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
     disk_type       = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
-    service_account = "${lookup(var.node_pools[count.index], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"
+    service_account = "${lookup(var.node_pools[count.index], "service_account", local.service_account)}"
     preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
 
     oauth_scopes = [
diff --git a/autogen/cluster_zonal.tf b/autogen/cluster_zonal.tf
@@ -81,7 +81,7 @@ resource "google_container_cluster" "zonal_primary" {
     name = "default-pool"
 
     node_config {
-      service_account = "${lookup(var.node_pools[0], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"
+      service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
     }
   }
 {% if private_cluster %}
@@ -127,7 +127,7 @@ resource "google_container_node_pool" "zonal_pools" {
 
     disk_size_gb    = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
     disk_type       = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
-    service_account = "${lookup(var.node_pools[count.index], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"
+    service_account = "${lookup(var.node_pools[count.index], "service_account", local.service_account)}"
     preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
 
     oauth_scopes = [
diff --git a/autogen/sa.tf b/autogen/sa.tf
@@ -16,8 +16,14 @@
 
 {{ autogeneration_note }}
 
+locals {
+  service_account_list = "${compact(concat(google_service_account.cluster_service_account.*.email, list("dummy")))}"
+  service_account = "${var.service_account == "create" ? element(local.service_account_list, 0) : var.service_account}"
+}
+
 resource "google_service_account" "cluster_service_account" {
-  count = "${(var.service_account == "create") ? 1 : 0}"
-  account_id = "tf-gke-${var.name}"
+  count        = "${var.service_account == "create" ? 1 : 0}"
+  project      = "${var.project_id}"
+  account_id   = "tf-gke-${substr(var.name, 0, 20)}"
   display_name = "Terraform-managed service account for cluster ${var.name}"
 }
diff --git a/cluster_regional.tf b/cluster_regional.tf
@@ -81,7 +81,7 @@ resource "google_container_cluster" "primary" {
     name = "default-pool"
 
     node_config {
-      service_account = "${lookup(var.node_pools[0], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"
+      service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
     }
   }
 
@@ -121,7 +121,7 @@ resource "google_container_node_pool" "pools" {
 
     disk_size_gb    = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
     disk_type       = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
-    service_account = "${lookup(var.node_pools[count.index], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"
+    service_account = "${lookup(var.node_pools[count.index], "service_account", local.service_account)}"
     preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
 
     oauth_scopes = [
diff --git a/cluster_zonal.tf b/cluster_zonal.tf
@@ -81,7 +81,7 @@ resource "google_container_cluster" "zonal_primary" {
     name = "default-pool"
 
     node_config {
-      service_account = "${lookup(var.node_pools[0], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"
+      service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
     }
   }
 
@@ -121,7 +121,7 @@ resource "google_container_node_pool" "zonal_pools" {
 
     disk_size_gb    = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
     disk_type       = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
-    service_account = "${lookup(var.node_pools[count.index], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"
+    service_account = "${lookup(var.node_pools[count.index], "service_account", local.service_account)}"
     preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
 
     oauth_scopes = [
diff --git a/sa.tf b/sa.tf
@@ -16,8 +16,14 @@
 
 // This file was automatically generated from a template in ./autogen
 
+locals {
+  service_account_list = "${compact(concat(google_service_account.cluster_service_account.*.email, list("dummy")))}"
+  service_account = "${var.service_account == "create" ? element(local.service_account_list, 0) : var.service_account}"
+}
+
 resource "google_service_account" "cluster_service_account" {
-  count = "${(var.service_account == "create") ? 1 : 0}"
-  account_id = "tf-gke-${var.name}"
+  count        = "${var.service_account == "create" ? 1 : 0}"
+  project      = "${var.project_id}"
+  account_id   = "tf-gke-${substr(var.name, 0, 20)}"
   display_name = "Terraform-managed service account for cluster ${var.name}"
 }

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ resource "google_container_cluster" "primary" {`
`81`	`81`	`name = "default-pool"`
`82`	`82`
`83`	`83`	`node_config {`
`84`		`- service_account = "${lookup(var.node_pools[0], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"`
	`84`	`+ service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"`
`85`	`85`	`}`
`86`	`86`	`}`
`87`	`87`	`{% if private_cluster %}`
`@@ -127,7 +127,7 @@ resource "google_container_node_pool" "pools" {`
`127`	`127`
`128`	`128`	`disk_size_gb = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"`
`129`	`129`	`disk_type = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"`
`130`		`- service_account = "${lookup(var.node_pools[count.index], "service_account", (var.service_account == "create") ? element(concat(google_service_account.cluster_service_account.*.email, list("")), 0) : var.service_account)}"`
	`130`	`+ service_account = "${lookup(var.node_pools[count.index], "service_account", local.service_account)}"`
`131`	`131`	`preemptible = "${lookup(var.node_pools[count.index], "preemptible", false)}"`
`132`	`132`
`133`	`133`	`oauth_scopes = [`