Skip to content

Use google_service_account.member when possible#216

Merged
jku merged 1 commit into
sigstore:mainfrom
jku:member-cleanup
May 18, 2026
Merged

Use google_service_account.member when possible#216
jku merged 1 commit into
sigstore:mainfrom
jku:member-cleanup

Conversation

@jku
Copy link
Copy Markdown
Member

@jku jku commented May 15, 2026
edited
Loading

Just a cleanup refactor: no functional change expected:

  • No need to build the service account strings manually
  • Also no need to depend explicitly if the resource is already referenced

Removal of depends_on is less code but is also based on docs that say You should only use depends_on as a last resort because it can cause Terraform to create more conservative plans that replace more resources than necessary. For example, Terraform may treat more values as unknown "(known after apply)" because it is uncertain what changes will occur on the upstream object.

We could remove unnecessary "depends_on" elsewhere too but I kept this change limited to IAM memberships

@jku
Use google_service_account.member when possible
83dbb04 
* No need to build the service account string manually
* Also no need to depend explicitly if the resource is
  already referenced

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku requested a review from a team as a code owner May 15, 2026 12:31
loosebazooka
loosebazooka reviewed May 15, 2026
View reviewed changes
Comment thread gcp/modules/external_secrets/external_secrets.tf
@jku jku merged commit 578f704 into sigstore:main May 18, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@loosebazooka loosebazooka loosebazooka approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jku @loosebazooka