From 06b787ef97b87c94bf97cd85c52b37c2cafdeea2 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 18 Jul 2021 16:55:55 -0400
Subject: [PATCH] Start a module for creating a workload identity service
 account.

---
 terraform/basic_gke/main.tf                         | 13 +++++++------
 .../workload_identity_account.tf                    |  8 ++++++++
 2 files changed, 15 insertions(+), 6 deletions(-)
 create mode 100644 terraform/modules/workload_identity_account/workload_identity_account.tf

diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf
index 747dcba..7af54f9 100644
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -105,6 +105,13 @@ module "cloudsql" {
   ]
 }
 
+# Create a workload identity service account for IAM authentication to
+# cloudsql
+module "cloudsql_test_sa" {
+  source  = "../modules/workload_identity_account"
+  project = var.project
+}
+
 #################### Redis ################################
 
 module "redis" {
@@ -127,9 +134,3 @@ output "redis_port" {
   description = "Port for redis database."
   value       = module.redis.redis_port
 }
-
-
-
-
-
-
diff --git a/terraform/modules/workload_identity_account/workload_identity_account.tf b/terraform/modules/workload_identity_account/workload_identity_account.tf
new file mode 100644
index 0000000..c6c10e6
--- /dev/null
+++ b/terraform/modules/workload_identity_account/workload_identity_account.tf
@@ -0,0 +1,8 @@
+# Requires a google_iam_workload_identity_pool to exist, but it is not
+# referenced in this module.
+
+
+variable "project" {
+  description = "Project ID."
+  type        = string
+}