From ae6080ebf7a1c92a740cad2149c52d94481f9388 Mon Sep 17 00:00:00 2001
From: Miren Esnaola <mirene@google.com>
Date: Fri, 24 Feb 2023 09:38:05 +0100
Subject: [PATCH] Modifications related to autopilot and workload identity.
 Added workload_identity_pool output to module

---
 modules/gke-cluster/README.md  | 4 ++--
 modules/gke-cluster/main.tf    | 2 +-
 modules/gke-cluster/outputs.tf | 8 ++++++++
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md
index 2e09aeb1..2d60e487 100644
--- a/modules/gke-cluster/README.md
+++ b/modules/gke-cluster/README.md
@@ -91,8 +91,7 @@ module "cluster-autopilot" {
     master_ipv4_cidr_block = "192.168.0.0/28"
   }
   enable_features = {
-    autopilot         = true
-    workload_identity = false
+    autopilot = true
   }
 }
 # tftest modules=1 resources=1 inventory=autopilot.yaml
@@ -162,5 +161,6 @@ module "cluster-1" {
 | [name](outputs.tf#L49) | Cluster name. |  |
 | [notifications](outputs.tf#L54) | GKE PubSub notifications topic. |  |
 | [self_link](outputs.tf#L59) | Cluster self link. | ✓ |
+| [workload_identity_pool](outputs.tf#L65) | Workload identity pool. |  |
 
 <!-- END TFDOC -->
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
index 0079dd8d..107d8341 100644
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@@ -379,7 +379,7 @@ resource "google_container_cluster" "cluster" {
   }
 
   dynamic "workload_identity_config" {
-    for_each = var.enable_features.workload_identity ? [""] : []
+    for_each = (var.enable_features.workload_identity && !var.enable_features.autopilot) ? [""] : []
     content {
       workload_pool = "${var.project_id}.svc.id.goog"
     }
diff --git a/modules/gke-cluster/outputs.tf b/modules/gke-cluster/outputs.tf
index f98f4f54..c02c9be2 100644
--- a/modules/gke-cluster/outputs.tf
+++ b/modules/gke-cluster/outputs.tf
@@ -61,3 +61,11 @@ output "self_link" {
   sensitive   = true
   value       = google_container_cluster.cluster.self_link
 }
+
+output "workload_identity_pool" {
+  description = "Workload identity pool."
+  value       = "${var.project_id}.svc.id.goog"
+  depends_on = [
+    google_container_cluster.cluster
+  ]
+}
\ No newline at end of file