feat: add custom metrics writer role to autogen templates

Signed-off-by: samuelarogbonlo <sbayo971@gmail.com>

autogen/main/sa.tf.tmpl

@@ -56,7 +56,7 @@ resource "google_project_iam_member" "cluster_service_account_node_service_accou
 resource "google_project_iam_member" "cluster_service_account_metric_writer" {
   count   = var.create_service_account ? 1 : 0
   project = google_service_account.cluster_service_account[0].project
-  role    = "roles/monitoring.metricWriter"
+  role    = var.monitoring_metric_writer_role
   member  = google_service_account.cluster_service_account[0].member
 }
 

autogen/main/variables.tf.tmpl

@@ -1032,3 +1032,13 @@ variable "logging_variant" {
   default     = null
 }
 {% endif %}
+
+variable "monitoring_metric_writer_role" {
+  description = "The monitoring metrics writer role to assign to the GKE node service account"
+  type        = string
+  default     = "roles/monitoring.metricWriter"
+  validation {
+    condition     = can(regex("^(roles/[a-zA-Z0-9_.]+|projects/[a-zA-Z0-9-]+/roles/[a-zA-Z0-9_.]+)$", var.monitoring_metric_writer_role))
+    error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
+  }
+}