Random suffix for service account generated even when `create_service_account` is false

[lucetre]

TL;DR

When setting create_service_account to false in the private-cluster module, the random_string.cluster_service_account_suffix resource is still being evaluated and generating a random suffix even though it should not be created.

Expected behavior

When create_service_account is set to false, the random_string.cluster_service_account_suffix resource should not be evaluated or generate a random suffix.

Observed behavior

The random_string.cluster_service_account_suffix resource is being evaluated and generating a random suffix even when create_service_account is set to false.

https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/24ccc6ba3a938d1e2ef88a0173c7849d6fa26d0c/sa.tf#L34-L39

Terraform Configuration

module "private_cluster_eventfnt_asia_south1_1" {
  source  = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
  version = "~> 29.0.0"

  project_id                = local.project_id
  name                      = local.eventfnt_asia_south1_1_name
  regional                  = true
  region                    = local.eventfnt_asia_south1_1_config.region
  zones                     = local.eventfnt_asia_south1_1_config.zones
  release_channel           = local.eventfnt_asia_south1_1_config.release_channel
  default_max_pods_per_node = local.cluster_preset.default_max_pods_per_node
  enable_cost_allocation    = local.enable_cost_allocation

  network_project_id     = local.eventfnt_asia_south1_1_config.network_project_id
  network                = local.eventfnt_asia_south1_1_config.network_name
  subnetwork             = local.eventfnt_asia_south1_1_config.subnetwork_name
  master_ipv4_cidr_block = local.eventfnt_asia_south1_1_config.master_ipv4_cidr_block
  ip_range_pods          = local.eventfnt_asia_south1_1_config.ip_range_pods_name
  ip_range_services      = local.eventfnt_asia_south1_1_config.ip_range_services_name

  identity_namespace           = "enabled"
  create_service_account       = false
  service_account              = local.eventfnt_asia_south1_1_config.service_account
  horizontal_pod_autoscaling   = true
  http_load_balancing          = true
  network_policy               = true
  network_policy_provider      = "CALICO"
  master_global_access_enabled = false
  enable_private_endpoint      = false
  enable_private_nodes         = true

  remove_default_node_pool = true

  maintenance_recurrence = local.eventfnt_asia_south1_1_config.maintenance_recurrence
  maintenance_start_time = local.eventfnt_asia_south1_1_config.maintenance_start_time
  maintenance_end_time   = local.eventfnt_asia_south1_1_config.maintenance_end_time

  cluster_resource_labels = local.cluster_preset.cluster_resource_labels

  node_pools = concat(
    local.eventfnt_asia_south1_1_config.node_pools,
  )
  node_pools_oauth_scopes = {
    all = [
      "https://www.googleapis.com/auth/cloud-platform",
    ]
  }

  node_pools_labels = merge(
    local.cluster_preset.node_pools_labels,
  )
  node_pools_taints = merge(
    local.cluster_preset.node_pools_taints,
  )
  node_pools_resource_labels = merge(
    local.cluster_preset.node_pools_resource_labels,
  )
}

Terraform Version

Terraform v1.4.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v5.7.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.24.0
+ provider registry.terraform.io/hashicorp/random v3.5.1

Your version of Terraform is out of date! The latest version
is 1.6.5. You can update by downloading from https://www.terraform.io/downloads.html

Additional information

• https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/1809

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days