From 78b497783b17409e15c101d429e27069334fc381 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 18 Jul 2021 18:45:27 -0400
Subject: [PATCH] Add a cloudsql username output from the workload identity
 module.

---
 .../workload_identity_account/workload_identity_account.tf   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/terraform/modules/workload_identity_account/workload_identity_account.tf b/terraform/modules/workload_identity_account/workload_identity_account.tf
index 2ea3d24..c06aff6 100644
--- a/terraform/modules/workload_identity_account/workload_identity_account.tf
+++ b/terraform/modules/workload_identity_account/workload_identity_account.tf
@@ -23,6 +23,11 @@ output "service_account" {
   value       = google_service_account.service_account
 }
 
+output "cloudsql_username" {
+  description = "If this service account is to be used with IAM database authentication, this would be the username for the user. Note that the google_sql_user is not created by this module."
+  value       = trimsuffix(google_service_account.service_account.email, ".gserviceaccount.com")
+}
+
 resource "google_service_account" "service_account" {
   account_id   = "wi-${var.k8s_namespace}-${var.k8s_service_account}"
   display_name = "Workload identity account for GKE [${var.k8s_namespace}/${var.k8s_service_account}]"