Compute service account email statically
Generate the service account output statically based on the service account name and parent project. This allows, among other things, to use service accounts as map keys (e.g. to be used in the `iam` argument in other modules).
This commit is contained in:
parent
f181c5164d
commit
75418bbbd0
|
@ -56,8 +56,10 @@ locals {
|
||||||
? google_service_account_key.key["1"]
|
? google_service_account_key.key["1"]
|
||||||
: map("", null)
|
: map("", null)
|
||||||
, {})
|
, {})
|
||||||
prefix = var.prefix != null ? "${var.prefix}-" : ""
|
prefix = var.prefix != null ? "${var.prefix}-" : ""
|
||||||
resource_iam_email = "serviceAccount:${local.service_account.email}"
|
resource_email_static = "${local.prefix}${var.name}@${var.project_id}.iam.gserviceaccount.com"
|
||||||
|
resource_iam_email_static = "serviceAccount:${local.resource_email_static}"
|
||||||
|
resource_iam_email = "serviceAccount:${local.service_account.email}"
|
||||||
service_account = (
|
service_account = (
|
||||||
var.service_account_create
|
var.service_account_create
|
||||||
? try(google_service_account.service_account.0, null)
|
? try(google_service_account.service_account.0, null)
|
||||||
|
|
|
@ -21,12 +21,18 @@ output "service_account" {
|
||||||
|
|
||||||
output "email" {
|
output "email" {
|
||||||
description = "Service account email."
|
description = "Service account email."
|
||||||
value = local.service_account.email
|
value = local.resource_email_static
|
||||||
|
depends_on = [
|
||||||
|
local.service_account
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
output "iam_email" {
|
output "iam_email" {
|
||||||
description = "IAM-format service account email."
|
description = "IAM-format service account email."
|
||||||
value = local.resource_iam_email
|
value = local.resource_iam_email_static
|
||||||
|
depends_on = [
|
||||||
|
local.service_account
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
output "key" {
|
output "key" {
|
||||||
|
|
Loading…
Reference in New Issue