Enable the use of a service account to install ASM with the module

[alexbrand-au]

In our terraform setup, we configure the google and google-beta providers to use a service account access token to interact with the GCP APIs:

provider "google" {
  access_token = data.google_service_account_access_token.default.access_token
}

provider "google-beta" {
  access_token = data.google_service_account_access_token.default.access_token
}

Ideally, the ASM module would impersonate this service account as well during the ASM installation. However, this does not seem to be the case, given that the module shells out to the gcloud CLIs, which are not guaranteed to be configured with the service account (e.g. they are configured with personal accounts).

[alexbrand-au]

Related to #874

[yashbhutwala]

@alexbrand-au I did add impersonate_service_account to the asm module as part of this. Hopefully, it resolves the issue for you as well 😃

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[bharathkkb]

This should now be possible via

terraform-google-kubernetes-engine/modules/asm/variables.tf

Line 90 in 57fca4b

variable "impersonate_service_account" {

[ignaciojcano]

Was this removed in newer versions?