Merge branch 'issue-6-custom-service-account-id' into 'master'

allow webapp service account id to be customised and SQL instance to be blank

Closes #5 and #6

See merge request !6

main.tf

@@ -3,12 +3,15 @@
 # A service account which the webapp runs in the context of.
 resource "google_service_account" "webapp" {
   project      = var.project
-  account_id   = "webapp-run"
-  display_name = "Web application Cloud Run service account"
+  account_id   = coalesce(var.service_account_id, "${var.name}-run")
+  display_name = coalesce(var.service_account_display_name, "Web application Cloud Run service account")
 }
 
 # The webapp service account has the ability to connect to the SQL instance.
+# (Only if sql_instance_connection_name is non-empty.)
 resource "google_project_iam_member" "webapp_sql_client" {
+  count = (var.sql_instance_connection_name != "") ? 1 : 0
+
   project = local.sql_instance_project
   role    = "roles/cloudsql.client"
   member  = "serviceAccount:${google_service_account.webapp.email}"
@@ -25,23 +28,29 @@ resource "google_cloud_run_service" "webapp" {
 
   template {
     metadata {
-      annotations = {
-        # Maximum number of auto-scaled instances.  For a container with
-        # N-workers, maxScale should be less than 1/N of the maximum connection
-        # count for the Cloud SQL instance.
-        "autoscaling.knative.dev/maxScale" = var.max_scale
-
-        # Cloud SQL instances to auto-magically make appear in the container as
-        # Unix sockets.
-        "run.googleapis.com/cloudsql-instances" = var.sql_instance_connection_name
-
-        # As mentioned at https://www.terraform.io/docs/configuration/resources.html#ignore_changes
-        # placeholders need to be created as the adding the key to the map is
-        # considered a change and not ignored by ignore_changes
-        "client.knative.dev/user-image"     = "placeholder"
-        "run.googleapis.com/client-name"    = "placeholder"
-        "run.googleapis.com/client-version" = "placeholder"
-      }
+      annotations = merge(
+        # Annotations which are always set:
+        {
+          # Maximum number of auto-scaled instances.  For a container with
+          # N-workers, maxScale should be less than 1/N of the maximum connection
+          # count for the Cloud SQL instance.
+          "autoscaling.knative.dev/maxScale" = var.max_scale
+
+          # As mentioned at https://www.terraform.io/docs/configuration/resources.html#ignore_changes
+          # placeholders need to be created as the adding the key to the map is
+          # considered a change and not ignored by ignore_changes
+          "client.knative.dev/user-image"     = "placeholder"
+          "run.googleapis.com/client-name"    = "placeholder"
+          "run.googleapis.com/client-version" = "placeholder"
+        },
+
+        # Annotations which are only set if there is a Cloud SQL instance:
+        (var.sql_instance_connection_name != "") ? {
+          # Cloud SQL instances to auto-magically make appear in the container as
+          # Unix sockets.
+          "run.googleapis.com/cloudsql-instances" = var.sql_instance_connection_name
+        } : {}
+      )
     }
 
     spec {

variables.tf

@@ -16,7 +16,7 @@ variable "sql_instance_project" {
 
 variable "sql_instance_connection_name" {
   description = "SQL instance connection name"
-  type        = string
+  default     = ""
 }
 
 variable "cloud_run_region" {
@@ -69,3 +69,19 @@ If and only if a domain mapping has been created, the
 EOI
   default     = ""
 }
+
+variable "service_account_id" {
+  default     = ""
+  description = <<EOI
+A service account is always created for the web application. If non-empty this
+variable overrides the default service account id. The default id is formed
+from the "name" variable value with "-run" appended.
+EOI
+}
+
+variable "service_account_display_name" {
+  default     = ""
+  description = <<EOI
+If non-empty, override the default display name of the webapp service account.
+EOI
+}