chore(docs): update Workload Identity README example for existing GSA (…

…#1062) Addresses #1059 -- without the `depends_on` block, the WI module will try to read a data source for a Google service account that has not yet been created. This is alluded to in the Workload Identity examples but not in the Workload Identity README. This commit updates the README to include the `depends_on` block. Co-authored-by: Morgante Pell <morgantep@google.com>
terraform-google-modules · Nov 16, 2021 · 5b16a50 · 5b16a50
1 parent 3dea235
commit 5b16a50
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf
@@ -95,5 +95,6 @@ module "workload_identity_existing_gsa" {
   name                = google_service_account.custom.account_id
   use_existing_gcp_sa = true
   # wait till custom GSA is created to force module data source read during apply
+  # https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1059
   depends_on = [google_service_account.custom]
 }
diff --git a/modules/workload-identity/README.md b/modules/workload-identity/README.md
@@ -59,6 +59,10 @@ module "my-app-workload-identity" {
   use_existing_gcp_sa = true
   name                = google_service_account.preexisting.account_id
   project_id          = var.project_id
+
+  # wait for the custom GSA to be created to force module data source read during apply
+  # https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1059
+  depends_on = [google_service_account.preexisting]
 }
 ```