google_client_openid_userinfo data source does not work in Cloud Shell

[arueth]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version

$ terraform version Terraform v1.5.7 on linux_amd64

• provider registry.terraform.io/hashicorp/google v5.26.0

Your version of Terraform is out of date! The latest version is 1.8.1. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

google_client_openid_userinfo

Terraform Configuration

data "google_client_openid_userinfo" "me" {}

output "userinfo" {
  value = data.google_client_openid_userinfo.me.email
}

Debug Output

$ terraform apply
2024-04-23T20:17:51.761Z [INFO]  Terraform version: 1.5.7
2024-04-23T20:17:51.761Z [DEBUG] using github.com/hashicorp/go-tfe v1.26.0
2024-04-23T20:17:51.761Z [DEBUG] using github.com/hashicorp/hcl/v2 v2.16.2
2024-04-23T20:17:51.761Z [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.0
2024-04-23T20:17:51.761Z [DEBUG] using github.com/zclconf/go-cty v1.12.2
2024-04-23T20:17:51.761Z [INFO]  Go runtime version: go1.20.7
2024-04-23T20:17:51.761Z [INFO]  CLI args: []string{"terraform", "apply"}
2024-04-23T20:17:51.761Z [DEBUG] Attempting to open CLI config file: /home/rueth/.terraformrc
2024-04-23T20:17:51.761Z [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2024-04-23T20:17:51.763Z [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2024-04-23T20:17:51.763Z [DEBUG] ignoring non-existing provider search directory /home/rueth/.terraform.d/plugins
2024-04-23T20:17:51.763Z [DEBUG] ignoring non-existing provider search directory /home/rueth/.local/share/terraform/plugins
2024-04-23T20:17:51.763Z [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
2024-04-23T20:17:51.763Z [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2024-04-23T20:17:51.764Z [INFO]  CLI command args: []string{"apply"}
2024-04-23T20:17:51.764Z [DEBUG] New state was assigned lineage "d749e81a-35bd-cd9c-41e3-644d402344c7"
2024-04-23T20:17:52.123Z [DEBUG] checking for provisioner in "."
2024-04-23T20:17:52.130Z [DEBUG] checking for provisioner in "/usr/bin"
2024-04-23T20:17:52.131Z [INFO]  backend/local: starting Apply operation
2024-04-23T20:17:52.133Z [DEBUG] created provider logger: level=debug
2024-04-23T20:17:52.133Z [INFO]  provider: configuring client automatic mTLS
2024-04-23T20:17:52.159Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 args=[.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5]
2024-04-23T20:17:52.160Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 pid=1766
2024-04-23T20:17:52.160Z [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5
2024-04-23T20:17:52.220Z [INFO]  provider.terraform-provider-google_v5.26.0_x5: configuring server automatic mTLS: timestamp=2024-04-23T20:17:52.219Z
2024-04-23T20:17:52.236Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: plugin address: address=/tmp/plugin3355910246 network=unix timestamp=2024-04-23T20:17:52.236Z
2024-04-23T20:17:52.236Z [DEBUG] provider: using plugin: version=5
2024-04-23T20:17:52.521Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-04-23T20:17:52.529Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 pid=1766
2024-04-23T20:17:52.529Z [DEBUG] provider: plugin exited
2024-04-23T20:17:52.529Z [DEBUG] Building and walking validate graph
2024-04-23T20:17:52.530Z [DEBUG] adding implicit provider configuration provider["registry.terraform.io/hashicorp/google"], implied first by data.google_client_openid_userinfo.me
2024-04-23T20:17:52.530Z [DEBUG] ProviderTransformer: "data.google_client_openid_userinfo.me" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/hashicorp/google"]
2024-04-23T20:17:52.530Z [DEBUG] ReferenceTransformer: "data.google_client_openid_userinfo.me" references: []
2024-04-23T20:17:52.530Z [DEBUG] ReferenceTransformer: "output.userinfo (expand)" references: [data.google_client_openid_userinfo.me]
2024-04-23T20:17:52.530Z [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/google\"]" references: []
2024-04-23T20:17:52.531Z [DEBUG] Starting graph walk: walkValidate
2024-04-23T20:17:52.531Z [DEBUG] created provider logger: level=debug
2024-04-23T20:17:52.531Z [INFO]  provider: configuring client automatic mTLS
2024-04-23T20:17:52.543Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 args=[.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5]
2024-04-23T20:17:52.544Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 pid=1775
2024-04-23T20:17:52.544Z [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5
2024-04-23T20:17:52.604Z [INFO]  provider.terraform-provider-google_v5.26.0_x5: configuring server automatic mTLS: timestamp=2024-04-23T20:17:52.604Z
2024-04-23T20:17:52.621Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: plugin address: address=/tmp/plugin1011517476 network=unix timestamp=2024-04-23T20:17:52.621Z
2024-04-23T20:17:52.621Z [DEBUG] provider: using plugin: version=5
2024-04-23T20:17:52.899Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-04-23T20:17:52.907Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 pid=1775
2024-04-23T20:17:52.907Z [DEBUG] provider: plugin exited
2024-04-23T20:17:52.907Z [INFO]  backend/local: apply calling Plan
2024-04-23T20:17:52.907Z [DEBUG] Building and walking plan graph for NormalMode
2024-04-23T20:17:52.907Z [DEBUG] adding implicit provider configuration provider["registry.terraform.io/hashicorp/google"], implied first by data.google_client_openid_userinfo.me (expand)
2024-04-23T20:17:52.908Z [DEBUG] ProviderTransformer: "data.google_client_openid_userinfo.me (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/hashicorp/google"]
2024-04-23T20:17:52.908Z [DEBUG] ReferenceTransformer: "data.google_client_openid_userinfo.me (expand)" references: []
2024-04-23T20:17:52.908Z [DEBUG] ReferenceTransformer: "output.userinfo (expand)" references: [data.google_client_openid_userinfo.me (expand)]
2024-04-23T20:17:52.908Z [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/google\"]" references: []
2024-04-23T20:17:52.908Z [DEBUG] Starting graph walk: walkPlan
2024-04-23T20:17:52.909Z [DEBUG] created provider logger: level=debug
2024-04-23T20:17:52.909Z [INFO]  provider: configuring client automatic mTLS
2024-04-23T20:17:52.919Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 args=[.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5]
2024-04-23T20:17:52.920Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 pid=1784
2024-04-23T20:17:52.920Z [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5
2024-04-23T20:17:52.977Z [INFO]  provider.terraform-provider-google_v5.26.0_x5: configuring server automatic mTLS: timestamp=2024-04-23T20:17:52.977Z
2024-04-23T20:17:52.997Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: plugin address: address=/tmp/plugin3650567656 network=unix timestamp=2024-04-23T20:17:52.996Z
2024-04-23T20:17:52.997Z [DEBUG] provider: using plugin: version=5
2024-04-23T20:17:53.310Z [INFO]  provider.terraform-provider-google_v5.26.0_x5: Authenticating using DefaultClient...: tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=57da6901-fe78-c8fd-7a2c-f7f660384caa tf_rpc=ConfigureProvider @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_config.go:1777 @module=google tf_mux_provider=*proto5server.Server timestamp=2024-04-23T20:17:53.310Z
2024-04-23T20:17:53.310Z [INFO]  provider.terraform-provider-google_v5.26.0_x5:   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]: @module=google tf_req_id=57da6901-fe78-c8fd-7a2c-f7f660384caa tf_rpc=ConfigureProvider @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_config.go:1778 tf_mux_provider=*proto5server.Server tf_provider_addr=registry.terraform.io/hashicorp/google timestamp=2024-04-23T20:17:53.310Z
2024-04-23T20:17:53.311Z [INFO]  provider.terraform-provider-google_v5.26.0_x5: Authenticating using DefaultClient...: @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_config.go:1777 @module=google tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=57da6901-fe78-c8fd-7a2c-f7f660384caa tf_rpc=ConfigureProvider tf_mux_provider=*proto5server.Server timestamp=2024-04-23T20:17:53.310Z
2024-04-23T20:17:53.311Z [INFO]  provider.terraform-provider-google_v5.26.0_x5:   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]: tf_mux_provider=*proto5server.Server tf_req_id=57da6901-fe78-c8fd-7a2c-f7f660384caa tf_rpc=ConfigureProvider @module=google tf_provider_addr=registry.terraform.io/hashicorp/google @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_config.go:1778 timestamp=2024-04-23T20:17:53.310Z
2024-04-23T20:17:53.311Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Waiting for state to become: [success]
2024-04-23T20:17:53.455Z [INFO]  provider.terraform-provider-google_v5.26.0_x5: Terraform is using this identity: rueth@google.com: @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_config.go:1651 @module=google tf_mux_provider=*proto5server.Server tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=57da6901-fe78-c8fd-7a2c-f7f660384caa tf_rpc=ConfigureProvider timestamp=2024-04-23T20:17:53.455Z
2024-04-23T20:17:53.459Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [INFO] Authenticating using DefaultClient...
2024-04-23T20:17:53.459Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [INFO]   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024-04-23T20:17:53.459Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [INFO] Authenticating using DefaultClient...
2024-04-23T20:17:53.459Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [INFO]   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024-04-23T20:17:53.460Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Waiting for state to become: [success]
2024-04-23T20:17:53.551Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [INFO] Terraform is using this identity: rueth@google.com
2024-04-23T20:17:53.552Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] parent context canceled, cleaning up batcher batches
2024-04-23T20:17:53.552Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Stopping batcher "Service Usage"
2024-04-23T20:17:53.552Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] parent context canceled, cleaning up batcher batches
2024-04-23T20:17:53.552Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Stopping batcher "IAM"
2024-04-23T20:17:53.553Z [DEBUG] ReferenceTransformer: "data.google_client_openid_userinfo.me" references: []
data.google_client_openid_userinfo.me: Reading...
2024-04-23T20:17:53.557Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Waiting for state to become: [success]
2024-04-23T20:17:53.557Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024-04-23T20:17:53.557Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Retry Transport: request attempt 0
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Google API Request Details:
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: ---[ REQUEST ]---------------------------------------
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: GET /v1/userinfo?alt=json HTTP/1.1
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Host: openidconnect.googleapis.com
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: User-Agent: Terraform/1.5.7 (+https://www.terraform.io) Terraform-Plugin-SDK/terraform-plugin-framework terraform-provider-google/5.26.0
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Content-Type: application/json
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Accept-Encoding: gzip
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 
2024-04-23T20:17:53.558Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: -----------------------------------------------------
2024-04-23T20:17:53.630Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Google API Response Details:
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: ---[ RESPONSE ]--------------------------------------
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: HTTP/2.0 403 Forbidden
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Cache-Control: private
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Content-Type: application/json; charset=UTF-8
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Date: Tue, 23 Apr 2024 20:17:53 GMT
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Server: ESF
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Vary: Origin
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Vary: X-Origin
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Vary: Referer
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: X-Content-Type-Options: nosniff
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: X-Frame-Options: SAMEORIGIN
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: X-Xss-Protection: 0
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: {
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:   "error": {
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     "code": 403,
2024-04-23T20:17:53.631Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     "message": "Caller does not have required permission to use project rueth-prod. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=rueth-prod and then retry. Propagation of the new permission may take a few minutes.",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     "status": "PERMISSION_DENIED",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     "details": [
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:       {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "@type": "type.googleapis.com/google.rpc.Help",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "links": [
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:           {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:             "description": "Google developer console IAM admin",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:             "url": "https://console.developers.google.com/iam-admin/iam/project?project=rueth-prod"
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:           }
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         ]
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:       },
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:       {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "@type": "type.googleapis.com/google.rpc.ErrorInfo",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "reason": "USER_PROJECT_DENIED",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "domain": "googleapis.com",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "metadata": {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:           "service": "openidconnect.googleapis.com",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:           "consumer": "projects/rueth-prod"
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         }
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:       }
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     ]
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:   }
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: }
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: -----------------------------------------------------
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Retry Transport: Stopping retries, last request failed with non-retryable error: googleapi: got HTTP response code 403 with body: HTTP/2.0 403 Forbidden
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Cache-Control: private
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Content-Type: application/json; charset=UTF-8
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Date: Tue, 23 Apr 2024 20:17:53 GMT
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Server: ESF
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Vary: Origin
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Vary: X-Origin
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: Vary: Referer
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: X-Content-Type-Options: nosniff
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: X-Frame-Options: SAMEORIGIN
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: X-Xss-Protection: 0
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:   "error": {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     "code": 403,
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     "message": "Caller does not have required permission to use project rueth-prod. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=rueth-prod and then retry. Propagation of the new permission may take a few minutes.",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     "status": "PERMISSION_DENIED",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     "details": [
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:       {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "@type": "type.googleapis.com/google.rpc.Help",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "links": [
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:           {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:             "description": "Google developer console IAM admin",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:             "url": "https://console.developers.google.com/iam-admin/iam/project?project=rueth-prod"
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:           }
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         ]
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:       },
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:       {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "@type": "type.googleapis.com/google.rpc.ErrorInfo",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "reason": "USER_PROJECT_DENIED",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "domain": "googleapis.com",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         "metadata": {
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:           "service": "openidconnect.googleapis.com",
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:           "consumer": "projects/rueth-prod"
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:         }
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:       }
2024-04-23T20:17:53.632Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:     ]
2024-04-23T20:17:53.633Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5:   }
2024-04-23T20:17:53.633Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: }
2024-04-23T20:17:53.633Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] Retry Transport: Returning after 1 attempts
2024-04-23T20:17:53.633Z [INFO]  provider.terraform-provider-google_v5.26.0_x5: error retrieving userinfo for your provider credentials. have you enabled the 'https://www.googleapis.com/auth/userinfo.email' scope?: tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=57da6901-fe78-c8fd-7a2c-f7f660384caa @module=google tf_mux_provider=*proto5server.Server tf_rpc=ConfigureProvider @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_utils.go:47 timestamp=2024-04-23T20:17:53.631Z
data.google_client_openid_userinfo.me: Read complete after 0s
2024-04-23T20:17:53.636Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-04-23T20:17:53.636Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] [transport] [server-transport 0xc000c0dba0] Closing: Server.Stop called 
2024-04-23T20:17:53.636Z [DEBUG] provider.terraform-provider-google_v5.26.0_x5: 2024/04/23 20:17:53 [DEBUG] [transport] [server-transport 0xc000c0dba0] loopyWriter exiting with error: transport closed by client 
2024-04-23T20:17:53.647Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.26.0/linux_amd64/terraform-provider-google_v5.26.0_x5 pid=1784
2024-04-23T20:17:53.647Z [DEBUG] provider: plugin exited
2024-04-23T20:17:53.647Z [DEBUG] no planned changes, skipping apply graph check

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
2024-04-23T20:17:53.673Z [INFO]  backend/local: apply calling Apply
2024-04-23T20:17:53.673Z [DEBUG] Building and walking apply graph for NormalMode plan
2024-04-23T20:17:53.673Z [DEBUG] adding implicit provider configuration provider["registry.terraform.io/hashicorp/google"], implied first by data.google_client_openid_userinfo.me (expand)
2024-04-23T20:17:53.673Z [DEBUG] ProviderTransformer: "data.google_client_openid_userinfo.me (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/hashicorp/google"]
2024-04-23T20:17:53.673Z [DEBUG] ReferenceTransformer: "output.userinfo (expand)" references: [data.google_client_openid_userinfo.me (expand)]
2024-04-23T20:17:53.673Z [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/google\"]" references: []
2024-04-23T20:17:53.673Z [DEBUG] ReferenceTransformer: "data.google_client_openid_userinfo.me (expand)" references: []
2024-04-23T20:17:53.673Z [DEBUG] pruneUnusedNodes: data.google_client_openid_userinfo.me (expand) is no longer needed, removing
2024-04-23T20:17:53.673Z [DEBUG] pruneUnusedNodes: provider["registry.terraform.io/hashicorp/google"] is no longer needed, removing
2024-04-23T20:17:53.673Z [DEBUG] Starting graph walk: walkApply

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

userinfo = ""

Expected Behavior

Expect to get a Terraform output of the executing identity's email property.

Actual Behavior

When doing this in Cloud Shell in the Google console, the value is always an empty string "".

Steps to reproduce

1. terraform apply

Important Factoids

It seems to work fine when on a Cloud Workstation.

References

A similar issue was raised before, but was closed due to inactivity: https://github.com/hashicorp/terraform-provider-google/issues/16431

[arueth]

I ran gcloud auth application-default login and the user(rueth@google.com) has Owner permission on the project.

[ggtisc]

Hi @arueth!

As you can see in the terraform registry link of this issue there is a note explaining that you need to configure your provider scope to have the desired output, otherwise you could have an error or other kind of harassment.

This issue was replicated successfully and without errors with the shared terraform configuration, just adding the scope in the provider as the following example:

provider "google" { scopes = ["https://www.googleapis.com/auth/userinfo.email"] }

Be careful because other bad configurations in your provider like credentials, project, region or zone could affect this, as an advice you can check these attributes before run the terraform apply.