How to attach GCP service account as optional?

Raviadonis · December 17, 2020, 6:55pm

I have created the generic terraform resource code for instance creation. Which includes the service_account child block.

Expected behavior:

User1 should to consume my code to create VM instance and attach a service account
User2 also should consume the same code, but to create only the VM instance and do not want to attach the service account.

Please suggest me how can I achieve this scenario

Generic TF code:

resource "google_compute_instance" "poc-instance" {
    ...
    ...
		
    service_account {
	  email  = google_service_account.test_service_account.email
      scopes = ["storage-rw"]
    }
}

stuart-c · December 17, 2020, 10:27pm

If you have a block within a resource which wants to be optional you can use a dynamic block:

resource "google" {
    ...

    dynamic "service_account" {
        for_each = var.optional ? [""] : []

        content {
            email = ...
        }
    }
}