Add suffix to cluster service account

The service account ID truncation may drop appended to the cluster name;
this means that multiple clusters with a common prefix but different
name may try to create service accounts with identical IDs and then
fail.

This commit resolves the issue by adding a suffix to the service account
name to ensure uniqueness.

Author: adrienthebo

autogen/sa.tf

@@ -21,10 +21,17 @@ locals {
   service_account      = "${var.service_account == "create" ? element(local.service_account_list, 0) : var.service_account}"
 }
 
+resource "random_string" "cluster_service_account_suffix" {
+  upper   = "false"
+  lower   = "true"
+  special = "false"
+  length  = 4
+}
+
 resource "google_service_account" "cluster_service_account" {
   count        = "${var.service_account == "create" ? 1 : 0}"
   project      = "${var.project_id}"
-  account_id   = "tf-gke-${substr(var.name, 0, min(20, length(var.name)))}"
+  account_id   = "tf-gke-${substr(var.name, 0, min(15, length(var.name)))}-${random_string.cluster_service_account_suffix.result}"
   display_name = "Terraform-managed service account for cluster ${var.name}"
 }
 

modules/private-cluster/sa.tf

@@ -21,10 +21,17 @@ locals {
   service_account      = "${var.service_account == "create" ? element(local.service_account_list, 0) : var.service_account}"
 }
 
+resource "random_string" "cluster_service_account_suffix" {
+  upper   = "false"
+  lower   = "true"
+  special = "false"
+  length  = 4
+}
+
 resource "google_service_account" "cluster_service_account" {
   count        = "${var.service_account == "create" ? 1 : 0}"
   project      = "${var.project_id}"
-  account_id   = "tf-gke-${substr(var.name, 0, min(20, length(var.name)))}"
+  account_id   = "tf-gke-${substr(var.name, 0, min(15, length(var.name)))}-${random_string.cluster_service_account_suffix.result}"
   display_name = "Terraform-managed service account for cluster ${var.name}"
 }
 

sa.tf

@@ -21,10 +21,17 @@ locals {
   service_account      = "${var.service_account == "create" ? element(local.service_account_list, 0) : var.service_account}"
 }
 
+resource "random_string" "cluster_service_account_suffix" {
+  upper   = "false"
+  lower   = "true"
+  special = "false"
+  length  = 4
+}
+
 resource "google_service_account" "cluster_service_account" {
   count        = "${var.service_account == "create" ? 1 : 0}"
   project      = "${var.project_id}"
-  account_id   = "tf-gke-${substr(var.name, 0, min(20, length(var.name)))}"
+  account_id   = "tf-gke-${substr(var.name, 0, min(15, length(var.name)))}-${random_string.cluster_service_account_suffix.result}"
   display_name = "Terraform-managed service account for cluster ${var.name}"
 }