Modifications related to autopilot and workload identity. Added workl…

…oad_identity_pool output to module
GoogleCloudPlatform · Feb 24, 2023 · ae6080e · ae6080e
1 parent 89da766
commit ae6080e
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md
@@ -91,8 +91,7 @@ module "cluster-autopilot" {
     master_ipv4_cidr_block = "192.168.0.0/28"
   }
   enable_features = {
-    autopilot         = true
-    workload_identity = false
+    autopilot = true
   }
 }
 # tftest modules=1 resources=1 inventory=autopilot.yaml
@@ -162,5 +161,6 @@ module "cluster-1" {
 | [name](outputs.tf#L49) | Cluster name. |  |
 | [notifications](outputs.tf#L54) | GKE PubSub notifications topic. |  |
 | [self_link](outputs.tf#L59) | Cluster self link. | ✓ |
+| [workload_identity_pool](outputs.tf#L65) | Workload identity pool. |  |
 
 <!-- END TFDOC -->
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
@@ -379,7 +379,7 @@ resource "google_container_cluster" "cluster" {
   }
 
   dynamic "workload_identity_config" {
-    for_each = var.enable_features.workload_identity ? [""] : []
+    for_each = (var.enable_features.workload_identity && !var.enable_features.autopilot) ? [""] : []
     content {
       workload_pool = "${var.project_id}.svc.id.goog"
     }

diff --git a/modules/gke-cluster/outputs.tf b/modules/gke-cluster/outputs.tf
@@ -61,3 +61,11 @@ output "self_link" {
   sensitive   = true
   value       = google_container_cluster.cluster.self_link
 }
+
+output "workload_identity_pool" {
+  description = "Workload identity pool."
+  value       = "${var.project_id}.svc.id.goog"
+  depends_on = [
+    google_container_cluster.cluster
+  ]
+}