diff --git a/main.tf b/main.tf
index 5180579083c6cce1ad9687c5039efd451b365a16..1803bccf5ec549087d5b43cd264f40564d4cadc0 100644
--- a/main.tf
+++ b/main.tf
@@ -3,12 +3,15 @@
# A service account which the webapp runs in the context of.
resource "google_service_account" "webapp" {
project = var.project
- account_id = "webapp-run"
- display_name = "Web application Cloud Run service account"
+ account_id = coalesce(var.service_account_id, "${var.name}-run")
+ display_name = coalesce(var.service_account_display_name, "Web application Cloud Run service account")
}
# The webapp service account has the ability to connect to the SQL instance.
+# (Only if sql_instance_connection_name is non-empty.)
resource "google_project_iam_member" "webapp_sql_client" {
+ count = (var.sql_instance_connection_name != "") ? 1 : 0
+
project = local.sql_instance_project
role = "roles/cloudsql.client"
member = "serviceAccount:${google_service_account.webapp.email}"
@@ -25,23 +28,29 @@ resource "google_cloud_run_service" "webapp" {
template {
metadata {
- annotations = {
- # Maximum number of auto-scaled instances. For a container with
- # N-workers, maxScale should be less than 1/N of the maximum connection
- # count for the Cloud SQL instance.
- "autoscaling.knative.dev/maxScale" = var.max_scale
-
- # Cloud SQL instances to auto-magically make appear in the container as
- # Unix sockets.
- "run.googleapis.com/cloudsql-instances" = var.sql_instance_connection_name
-
- # As mentioned at https://www.terraform.io/docs/configuration/resources.html#ignore_changes
- # placeholders need to be created as the adding the key to the map is
- # considered a change and not ignored by ignore_changes
- "client.knative.dev/user-image" = "placeholder"
- "run.googleapis.com/client-name" = "placeholder"
- "run.googleapis.com/client-version" = "placeholder"
- }
+ annotations = merge(
+ # Annotations which are always set:
+ {
+ # Maximum number of auto-scaled instances. For a container with
+ # N-workers, maxScale should be less than 1/N of the maximum connection
+ # count for the Cloud SQL instance.
+ "autoscaling.knative.dev/maxScale" = var.max_scale
+
+ # As mentioned at https://www.terraform.io/docs/configuration/resources.html#ignore_changes
+ # placeholders need to be created as the adding the key to the map is
+ # considered a change and not ignored by ignore_changes
+ "client.knative.dev/user-image" = "placeholder"
+ "run.googleapis.com/client-name" = "placeholder"
+ "run.googleapis.com/client-version" = "placeholder"
+ },
+
+ # Annotations which are only set if there is a Cloud SQL instance:
+ (var.sql_instance_connection_name != "") ? {
+ # Cloud SQL instances to auto-magically make appear in the container as
+ # Unix sockets.
+ "run.googleapis.com/cloudsql-instances" = var.sql_instance_connection_name
+ } : {}
+ )
}
spec {
diff --git a/variables.tf b/variables.tf
index be7f5b0798c758d4c9e8797a03279f3a185bbb8a..17f7a1fcfdc5a757d0866b832b989052052f043b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -16,7 +16,7 @@ variable "sql_instance_project" {
variable "sql_instance_connection_name" {
description = "SQL instance connection name"
- type = string
+ default = ""
}
variable "cloud_run_region" {
@@ -69,3 +69,19 @@ If and only if a domain mapping has been created, the
EOI
default = ""
}
+
+variable "service_account_id" {
+ default = ""
+ description = <<EOI
+A service account is always created for the web application. If non-empty this
+variable overrides the default service account id. The default id is formed
+from the "name" variable value with "-run" appended.
+EOI
+}
+
+variable "service_account_display_name" {
+ default = ""
+ description = <<EOI
+If non-empty, override the default display name of the webapp service account.
+EOI
+}