feat: Allow customizing default service account name (#565)

README.md

@@ -140,6 +140,7 @@ determining that location is as follows:
 | name | The name for the project | `string` | n/a | yes |
 | org\_id | The organization ID. | `string` | n/a | yes |
 | project\_id | The ID to give the project. If not provided, the `name` will be used. | `string` | `""` | no |
+| project\_sa\_name | Default service account name for the project. | `string` | `"project-service-account"` | no |
 | random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | `bool` | `false` | no |
 | sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project\_id/regions/$region/subnetworks/$subnet\_id) | `list(string)` | `[]` | no |

main.tf

@@ -42,6 +42,7 @@ module "project-factory" {
   billing_account                    = var.billing_account
   folder_id                          = var.folder_id
   create_project_sa                  = var.create_project_sa
+  project_sa_name                    = var.project_sa_name
   sa_role                            = var.sa_role
   activate_apis                      = var.activate_apis
   activate_api_identities            = var.activate_api_identities

modules/core_project_factory/main.tf

@@ -130,7 +130,7 @@ resource "google_project_default_service_accounts" "default_service_accounts" {
  *****************************************/
 resource "google_service_account" "default_service_account" {
   count        = var.create_project_sa ? 1 : 0
-  account_id   = "project-service-account"
+  account_id   = var.project_sa_name
   display_name = "${var.name} Project Service Account"
   project      = google_project.main.project_id
 }

modules/core_project_factory/variables.tf

@@ -83,6 +83,12 @@ variable "create_project_sa" {
   default     = true
 }
 
+variable "project_sa_name" {
+  description = "Default service account name for the project."
+  type        = string
+  default     = "project-service-account"
+}
+
 variable "sa_role" {
   description = "A role to give the default Service Account for the project (defaults to none)"
   type        = string

modules/gsuite_enabled/README.md

@@ -89,6 +89,7 @@ The roles granted are specifically:
 | name | The name for the project | `any` | n/a | yes |
 | org\_id | The organization ID. | `any` | n/a | yes |
 | project\_id | The ID to give the project. If not provided, the `name` will be used. | `string` | `""` | no |
+| project\_sa\_name | Default service account name for the project. | `string` | `"project-service-account"` | no |
 | random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | `string` | `"false"` | no |
 | sa\_group | A G Suite group to place the default Service Account for the project in | `string` | `""` | no |
 | sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |

modules/gsuite_enabled/main.tf

@@ -84,6 +84,7 @@ module "project-factory" {
   billing_account                   = var.billing_account
   folder_id                         = var.folder_id
   create_project_sa                 = var.create_project_sa
+  project_sa_name                   = var.project_sa_name
   sa_role                           = var.sa_role
   activate_apis                     = var.activate_apis
   usage_bucket_name                 = var.usage_bucket_name

modules/gsuite_enabled/variables.tf

@@ -84,6 +84,12 @@ variable "create_project_sa" {
   default     = true
 }
 
+variable "project_sa_name" {
+  description = "Default service account name for the project."
+  type        = string
+  default     = "project-service-account"
+}
+
 variable "sa_role" {
   description = "A role to give the default Service Account for the project (defaults to none)"
   default     = ""

modules/svpc_service_project/README.md

@@ -59,6 +59,7 @@ module "service-project" {
 | name | The name for the project | `string` | n/a | yes |
 | org\_id | The organization ID. | `string` | n/a | yes |
 | project\_id | The ID to give the project. If not provided, the `name` will be used. | `string` | `""` | no |
+| project\_sa\_name | Default service account name for the project. | `string` | `"project-service-account"` | no |
 | random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | `bool` | `false` | no |
 | sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |
 | shared\_vpc | The ID of the host project which hosts the shared VPC | `string` | `""` | no |

modules/svpc_service_project/main.tf

@@ -41,6 +41,7 @@ module "project-factory" {
   billing_account                   = var.billing_account
   folder_id                         = var.folder_id
   create_project_sa                 = var.create_project_sa
+  project_sa_name                   = var.project_sa_name
   sa_role                           = var.sa_role
   activate_apis                     = var.activate_apis
   activate_api_identities           = var.activate_api_identities

modules/svpc_service_project/variables.tf

@@ -77,6 +77,12 @@ variable "create_project_sa" {
   default     = true
 }
 
+variable "project_sa_name" {
+  description = "Default service account name for the project."
+  type        = string
+  default     = "project-service-account"
+}
+
 variable "sa_role" {
   description = "A role to give the default Service Account for the project (defaults to none)"
   default     = ""

variables.tf

@@ -83,6 +83,12 @@ variable "create_project_sa" {
   default     = true
 }
 
+variable "project_sa_name" {
+  description = "Default service account name for the project."
+  type        = string
+  default     = "project-service-account"
+}
+
 variable "sa_role" {
   description = "A role to give the default Service Account for the project (defaults to none)"
   type        = string