feat: Add bool option for automount_service_account_token (#571)

Co-authored-by: Morgante Pell <morgantep@google.com>

modules/workload-identity/README.md

@@ -68,6 +68,7 @@ module "my-app-workload-identity" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| automount\_service\_account\_token | Enable automatic mounting of the service account token | bool | `"false"` | no |
 | cluster\_name | Cluster name. Required if using existing KSA. | string | `""` | no |
 | k8s\_sa\_name | Name for the existing Kubernetes service account | string | `"null"` | no |
 | location | Cluster location (region if regional cluster, zone if zonal cluster). Required if using existing KSA. | string | `""` | no |

modules/workload-identity/main.tf

@@ -47,6 +47,7 @@ resource "google_service_account" "cluster_service_account" {
 resource "kubernetes_service_account" "main" {
   count = var.use_existing_k8s_sa ? 0 : 1
 
+  automount_service_account_token = var.automount_service_account_token
   metadata {
     name      = var.name
     namespace = var.namespace

modules/workload-identity/variables.tf

@@ -53,3 +53,9 @@ variable "use_existing_k8s_sa" {
   default     = false
   type        = bool
 }
+
+variable "automount_service_account_token" {
+  description = "Enable automatic mounting of the service account token"
+  default     = false
+  type        = bool
+}