From 16964075c01a4eb14a373f9af2935ea7178fbcc1 Mon Sep 17 00:00:00 2001 From: Stano Bocinec Date: Wed, 25 Sep 2024 17:37:30 +0200 Subject: [PATCH] Fix Service Account creation by ignoring 403 errors on read polling --- .../resourcemanager/resource_google_service_account.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/resourcemanager/resource_google_service_account.go b/mmv1/third_party/terraform/services/resourcemanager/resource_google_service_account.go index 9640ca08df0a..072619aab6d4 100644 --- a/mmv1/third_party/terraform/services/resourcemanager/resource_google_service_account.go +++ b/mmv1/third_party/terraform/services/resourcemanager/resource_google_service_account.go @@ -152,7 +152,8 @@ func resourceGoogleServiceAccountCreate(d *schema.ResourceData, meta interface{} // We poll until the resource is found due to eventual consistency issue // on part of the api https://cloud.google.com/iam/docs/overview#consistency - err = transport_tpg.PollingWaitTime(resourceServiceAccountPollRead(d, meta), transport_tpg.PollCheckForExistence, "Creating Service Account", d.Timeout(schema.TimeoutCreate), 1) + // IAM API returns 403 when the queried SA is not found, so we must ignore both 404 & 403 errors + err = transport_tpg.PollingWaitTime(resourceServiceAccountPollRead(d, meta), transport_tpg.PollCheckForExistenceWith403, "Creating Service Account", d.Timeout(schema.TimeoutCreate), 1) if err != nil { return err