fix: use provided service_account_name if available

autogen/main/sa.tf.tmpl

@@ -23,6 +23,9 @@ locals {
       ["dummy"],
     ),
   )
+  service_account_default_name = "tf-gke-${substr(var.name, 0, min(15, length(var.name)))}-${random_string.cluster_service_account_suffix.result}"
+  service_account_name = var.service_account_name == "" ? local.service_account_default_name : var.service_account_name
+
   // if user set var.service_account it will be used even if var.create_service_account==true, so service account will be created but not used
   service_account = (var.service_account == "" || var.service_account == "create") && var.create_service_account ? local.service_account_list[0] : var.service_account
 
@@ -39,7 +42,7 @@ resource "random_string" "cluster_service_account_suffix" {
 resource "google_service_account" "cluster_service_account" {
   count        = var.create_service_account ? 1 : 0
   project      = var.project_id
-  account_id   = "tf-gke-${substr(var.name, 0, min(15, length(var.name)))}-${random_string.cluster_service_account_suffix.result}"
+  account_id   = local.service_account_name
   display_name = "Terraform-managed service account for cluster ${var.name}"
 }
 

autogen/main/variables.tf.tmpl

@@ -383,6 +383,12 @@ variable "service_account" {
   default     = ""
 }
 
+variable "service_account_name" {
+  type        = string
+  description = "The name of the service account that will be created if create_service_account is true."
+  default     = ""
+}
+
 variable "issue_client_certificate" {
   type        = bool
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"