Failing test(s): TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityCustomSkiExample

roaks3 commented 5 months ago

Impacted tests

TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityCustomSkiExample

Affected Resource(s)

google_privateca_certificate_authority

Failure rates

100% since 2024-04-20 (this test never passed)

Message(s)

=== RUN   TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityCustomSkiExample
=== PAUSE TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityCustomSkiExample
=== CONT  TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityCustomSkiExample
    vcr_utils.go:152: Step 1/2 error: Error running apply: exit status 1
        Error: Error waiting to create CertificateAuthority: Error waiting for Creating CertificateAuthority: Error code 3, message: Exception calling IAM: Service account service-653407317329@gcp-sa-privateca.iam.gserviceaccount.com does not exist.\\ncom.google.apps.framework.request.StatusException: <eye3 title=\\\'INVALID_ARGUMENT\\\'/> generic::INVALID_ARGUMENT: Exception calling IAM: Service account service-653407317329@gcp-sa-privateca.iam.gserviceaccount.com does not exist.; IAM SetIamPolicy RPC failed on project_id: l3d48fa9a444dc7c4p-tp.
          with google_privateca_certificate_authority.default,
          on terraform_plugin_test.tf line 2, in resource "google_privateca_certificate_authority" "default":
           2: resource "google_privateca_certificate_authority" "default" {
--- FAIL: TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthorityCustomSkiExample (15.30s)
FAIL

Nightly build test history

https://hashicorp.teamcity.com/test/7434210128381544319?currentProjectId=TerraformProviders_GoogleCloud_GOOGLE_BETA_NIGHTLYTESTS&expandTestHistoryChartSection=true&expandedTest=build%3A%28id%3A140667%29%2Cid%3A2000000023

b/337845805

roaks3 commented 5 months ago

This test was skipped in VCR with the message Multiple IAM bindings on the same key cause non-determinism, but it's unclear if it ever passed. It looks like it's complaining that a service agent doesn't exist.

bbonafil commented 4 months ago

@roaks3 a service agent is required on the project which is running the test... which is used to access the KMS key...

Looks like some configuration is missing in the example test file required, which was overlooked during manual testing probably due to the project used.

Will send up a fix

hashicorp / terraform-provider-google