feat: Add bool option for automount_service_account_token (#571)

davidholsgrove · morgante · web-flow · commit 002cfb1a6f22 · 2020-06-24T20:24:21.000-04:00
Co-authored-by: Morgante Pell &lt;morgantep@google.com&gt;
diff --git a/modules/workload-identity/README.md b/modules/workload-identity/README.md
@@ -68,6 +68,7 @@ module "my-app-workload-identity" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| automount\_service\_account\_token | Enable automatic mounting of the service account token | bool | `"false"` | no |
 | cluster\_name | Cluster name. Required if using existing KSA. | string | `""` | no |
 | k8s\_sa\_name | Name for the existing Kubernetes service account | string | `"null"` | no |
 | location | Cluster location (region if regional cluster, zone if zonal cluster). Required if using existing KSA. | string | `""` | no |
diff --git a/modules/workload-identity/main.tf b/modules/workload-identity/main.tf
@@ -47,6 +47,7 @@ resource "google_service_account" "cluster_service_account" {
 resource "kubernetes_service_account" "main" {
   count = var.use_existing_k8s_sa ? 0 : 1
 
+  automount_service_account_token = var.automount_service_account_token
   metadata {
     name      = var.name
     namespace = var.namespace
diff --git a/modules/workload-identity/variables.tf b/modules/workload-identity/variables.tf
@@ -53,3 +53,9 @@ variable "use_existing_k8s_sa" {
   default     = false
   type        = bool
 }
+
+variable "automount_service_account_token" {
+  description = "Enable automatic mounting of the service account token"
+  default     = false
+  type        = bool
+}
