fix: Additional roles should only granted for Shared VPC when attachi…

…ng to a service project (#542)

modules/shared_vpc_access/main.tf

@@ -86,7 +86,7 @@ resource "google_project_iam_member" "gke_host_agent" {
   and https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc#creating_additional_firewall_rules
  *****************************************/
 resource "google_project_iam_member" "gke_security_admin" {
-  count   = local.gke_shared_vpc_enabled && var.grant_services_security_admin_role ? 1 : 0
+  count   = local.gke_shared_vpc_enabled && var.enable_shared_vpc_service_project && var.grant_services_security_admin_role ? 1 : 0
   project = var.host_project_id
   role    = "roles/compute.securityAdmin"
   member  = format("serviceAccount:%s", local.apis["container.googleapis.com"])