From d802e492832dde1bf2ac01a540c8281dd7c35e49 Mon Sep 17 00:00:00 2001
From: Jeffrey lean <57609485+jeffreylean@users.noreply.github.com>
Date: Tue, 12 Jul 2022 07:44:30 +0800
Subject: [PATCH] feat: expose use_existing_context variable in WI module
 (#1295)

exposing use_existing_context variable to allow kubectl wrapper to run kubectl using local kube config context

Co-authored-by: Bharath KKB <bharathkrishnakb@gmail.com>
---
 modules/workload-identity/README.md    | 1 +
 modules/workload-identity/main.tf      | 1 +
 modules/workload-identity/variables.tf | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/modules/workload-identity/README.md b/modules/workload-identity/README.md
index 09575b50d..ec69dbb47 100644
--- a/modules/workload-identity/README.md
+++ b/modules/workload-identity/README.md
@@ -109,6 +109,7 @@ already bear the `"iam.gke.io/gcp-service-account"` annotation.
 | namespace | Namespace for the Kubernetes service account | `string` | `"default"` | no |
 | project\_id | GCP project ID | `string` | n/a | yes |
 | roles | A list of roles to be added to the created service account | `list(string)` | `[]` | no |
+| use\_existing\_context | An optional flag to use local kubectl config context. | `bool` | `false` | no |
 | use\_existing\_gcp\_sa | Use an existing Google service account instead of creating one | `bool` | `false` | no |
 | use\_existing\_k8s\_sa | Use an existing kubernetes service account instead of creating one | `bool` | `false` | no |
 
diff --git a/modules/workload-identity/main.tf b/modules/workload-identity/main.tf
index 69b17df1f..261b62e1c 100644
--- a/modules/workload-identity/main.tf
+++ b/modules/workload-identity/main.tf
@@ -68,6 +68,7 @@ module "annotate-sa" {
   cluster_location            = var.location
   project_id                  = local.k8s_sa_project_id
   impersonate_service_account = var.impersonate_service_account
+  use_existing_context        = var.use_existing_context
 
   kubectl_create_command  = "kubectl annotate --overwrite sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account=${local.gcp_sa_email}"
   kubectl_destroy_command = "kubectl annotate sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account-"
diff --git a/modules/workload-identity/variables.tf b/modules/workload-identity/variables.tf
index ef8b1811e..ecf85e64e 100644
--- a/modules/workload-identity/variables.tf
+++ b/modules/workload-identity/variables.tf
@@ -95,3 +95,9 @@ variable "impersonate_service_account" {
   type        = string
   default     = ""
 }
+
+variable "use_existing_context" {
+  description = "An optional flag to use local kubectl config context."
+  type        = bool
+  default     = false
+}