Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(safer-cluster): add create_service_account variable #2138

Merged

Conversation

jlubawy
Copy link
Contributor

@jlubawy jlubawy commented Oct 14, 2024

Adds a var.create_service_account to the safer-cluster modules that when explicitly set to false avoids the following error:

Error: Invalid count argument

  on .terraform/modules/gke_cluster.gke/modules/beta-private-cluster/sa.tf line 35, in resource "random_string" "cluster_service_account_suffix":
  35:   count   = var.create_service_account && var.service_account_name == "" ? 1 : 0

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.

This seems to happen if var.compute_engine_service_account is passed in, and the service account is being created at the same time (so the name/email is not computed yet):

resource "google_service_account" "cluster_service_account" {
  project      = var.project_id
  account_id   = "tf-gke-${var.cluster_name}-${random_string.cluster_service_account_suffix.result}"
  display_name = "Terraform-managed service account for cluster ${var.cluster_name}"
}

module "gke" {
  source  = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"
  version = "~> 33.0"

  project_id  = var.project_id
  name        = var.cluster_name
  
  create_service_account         = false
  compute_engine_service_account = google_service_account.cluster_service_account.email
}

By explicitly passing a var.create_service_account = false it short circuits the calculations dependent on var.service_account_name:

resource "random_string" "cluster_service_account_suffix" {
  count   = var.create_service_account && var.service_account_name == "" ? 1 : 0
  upper   = false
  lower   = true
  special = false
  length  = 4
}

Happy to make any changes to help get this merged, it worked for my use-case. This also seemed like the easiest change to make while keeping backwards compatibility, but I'm open to other approaches.

@jlubawy jlubawy requested review from ericyz, gtsorbo and a team as code owners October 14, 2024 17:58
@apeabody
Copy link
Collaborator

/gcbrun

@apeabody apeabody changed the title modules/safer-cluster: Fix 'value depends on resource attributes that cannot be determined until apply' error feat(safer-cluster): add create_service_account variable Oct 15, 2024
Copy link
Collaborator

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @jlubawy!

This might be considered a breaking change, regardless can you please add an upgrade similar to the examples at to example how/when this should be used: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/docs/upgrading_to_v33.0.md

@apeabody apeabody changed the title feat(safer-cluster): add create_service_account variable feat(safer-cluster)!: add create_service_account variable Oct 15, 2024
@apeabody
Copy link
Collaborator

/gcbrun

@jlubawy jlubawy force-pushed the jlubawy/safer-cluster-fix branch from aa1dc2d to 4bbf60f Compare October 16, 2024 16:14
@jlubawy
Copy link
Contributor Author

jlubawy commented Oct 16, 2024

Thanks for the contribution @jlubawy!

This might be considered a breaking change, regardless can you please add an upgrade similar to the examples at to example how/when this should be used: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/docs/upgrading_to_v33.0.md

Hi @apeabody, I added a docs/upgrading_to_v34.0.md describing the change. For what it's worth I think it is backwards compatible the way I wrote it.

I also added some additional comments around the new variable to explain the reasoning and rebased again on master just now.

@apeabody
Copy link
Collaborator

/gcbrun

@apeabody
Copy link
Collaborator

Thanks for the contribution @jlubawy!
This might be considered a breaking change, regardless can you please add an upgrade similar to the examples at to example how/when this should be used: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/docs/upgrading_to_v33.0.md

Hi @apeabody, I added a docs/upgrading_to_v34.0.md describing the change. For what it's worth I think it is backwards compatible the way I wrote it.

I also added some additional comments around the new variable to explain the reasoning and rebased again on master just now.

Thanks @jlubawy! Agreed, it should be backwards compatible for existing users. The doc will help explain when users may want to use it.

@apeabody apeabody changed the title feat(safer-cluster)!: add create_service_account variable feat(safer-cluster): add create_service_account variable Oct 16, 2024
@apeabody
Copy link
Collaborator

/gcbrun

@apeabody
Copy link
Collaborator

/gcbrun

@apeabody apeabody merged commit cccabcb into terraform-google-modules:master Oct 17, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants