fix: enable create_ignore for service accounts (#292)

terraform-google-modules · May 20, 2024 · 7c8477b · 7c8477b
1 parent eeffa37
commit 7c8477b
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 23 deletions.
diff --git a/main.tf b/main.tf
@@ -90,9 +90,10 @@ module "enable_cross_project_service_account_usage" {
 resource "google_service_account" "org_terraform" {
   count = var.create_terraform_sa ? 1 : 0
 
-  project      = module.seed_project.project_id
-  account_id   = var.tf_service_account_id
-  display_name = var.tf_service_account_name
+  project                      = module.seed_project.project_id
+  account_id                   = var.tf_service_account_id
+  display_name                 = var.tf_service_account_name
+  create_ignore_already_exists = true
 }
 
 /***********************************************

diff --git a/modules/im_cloudbuild_workspace/sa.tf b/modules/im_cloudbuild_workspace/sa.tf
@@ -25,10 +25,11 @@ locals {
 }
 
 resource "google_service_account" "cb_sa" {
-  count       = local.create_cloudbuild_sa ? 1 : 0
-  project     = var.project_id
-  account_id  = trimsuffix(substr(var.custom_cloudbuild_sa_name != "" ? var.custom_cloudbuild_sa_name : "cb-sa-${random_id.resources_random_id.dec}-${local.default_prefix}", 0, 30), "-")
-  description = "SA used for Cloud Build triggers invoking Infrastructure Manager."
+  count                        = local.create_cloudbuild_sa ? 1 : 0
+  project                      = var.project_id
+  account_id                   = trimsuffix(substr(var.custom_cloudbuild_sa_name != "" ? var.custom_cloudbuild_sa_name : "cb-sa-${random_id.resources_random_id.dec}-${local.default_prefix}", 0, 30), "-")
+  description                  = "SA used for Cloud Build triggers invoking Infrastructure Manager."
+  create_ignore_already_exists = true
 }
 
 # https://cloud.google.com/infrastructure-manager/docs/configure-service-account
@@ -70,10 +71,11 @@ resource "google_project_iam_member" "cb_storage_objects_viewer" {
 }
 
 resource "google_service_account" "im_sa" {
-  count       = local.create_infra_manager_sa ? 1 : 0
-  project     = var.project_id
-  account_id  = trimsuffix(substr(var.custom_infra_manager_sa_name != "" ? var.custom_infra_manager_sa_name : "im-sa-${random_id.resources_random_id.dec}-${local.default_prefix}", 0, 30), "-")
-  description = "SA used by Infrastructure Manager for actuating resources."
+  count                        = local.create_infra_manager_sa ? 1 : 0
+  project                      = var.project_id
+  account_id                   = trimsuffix(substr(var.custom_infra_manager_sa_name != "" ? var.custom_infra_manager_sa_name : "im-sa-${random_id.resources_random_id.dec}-${local.default_prefix}", 0, 30), "-")
+  description                  = "SA used by Infrastructure Manager for actuating resources."
+  create_ignore_already_exists = true
 }
 
 # https://cloud.google.com/infrastructure-manager/docs/configure-service-account

diff --git a/modules/tf_cloudbuild_builder/cb.tf b/modules/tf_cloudbuild_builder/cb.tf
@@ -88,10 +88,11 @@ resource "google_cloudbuild_trigger" "build_trigger" {
 }
 
 resource "google_service_account" "cb_sa" {
-  count        = var.cloudbuild_sa == "" ? 1 : 0
-  project      = var.project_id
-  account_id   = "tf-cb-builder-sa"
-  display_name = "SA for Terraform builder build trigger. Managed by Terraform."
+  count                        = var.cloudbuild_sa == "" ? 1 : 0
+  project                      = var.project_id
+  account_id                   = "tf-cb-builder-sa"
+  display_name                 = "SA for Terraform builder build trigger. Managed by Terraform."
+  create_ignore_already_exists = true
 }
 
 # https://cloud.google.com/build/docs/securing-builds/configure-user-specified-service-accounts#permissions

diff --git a/modules/tf_cloudbuild_builder/workflow.tf b/modules/tf_cloudbuild_builder/workflow.tf
@@ -26,10 +26,11 @@ locals {
 }
 
 resource "google_service_account" "workflow_sa" {
-  count        = var.workflow_sa == "" ? 1 : 0
-  project      = var.project_id
-  account_id   = "terraform-runner-workflow-sa"
-  display_name = "SA for TF Builder Workflow. Managed by Terraform."
+  count                        = var.workflow_sa == "" ? 1 : 0
+  project                      = var.project_id
+  account_id                   = "terraform-runner-workflow-sa"
+  display_name                 = "SA for TF Builder Workflow. Managed by Terraform."
+  create_ignore_already_exists = true
 }
 
 resource "google_workflows_workflow" "builder" {

diff --git a/modules/tf_cloudbuild_workspace/sa.tf b/modules/tf_cloudbuild_workspace/sa.tf
@@ -34,10 +34,11 @@ locals {
 
 
 resource "google_service_account" "cb_sa" {
-  count        = var.create_cloudbuild_sa ? 1 : 0
-  project      = var.project_id
-  account_id   = var.create_cloudbuild_sa_name != "" ? var.create_cloudbuild_sa_name : "tf-cb-${local.default_prefix}"
-  display_name = "SA for Terraform build trigger ${local.default_prefix}. Managed by Terraform."
+  count                        = var.create_cloudbuild_sa ? 1 : 0
+  project                      = var.project_id
+  account_id                   = var.create_cloudbuild_sa_name != "" ? var.create_cloudbuild_sa_name : "tf-cb-${local.default_prefix}"
+  display_name                 = "SA for Terraform build trigger ${local.default_prefix}. Managed by Terraform."
+  create_ignore_already_exists = true
 }
 
 # https://cloud.google.com/build/docs/securing-builds/configure-user-specified-service-accounts#permissions