search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.33k stars 1.73k forks source link

If get calls to service account fails after terraform creation terraform retries to create it even though it already exists. #19112

Closed Dutta78 closed 1 month ago

Dutta78 commented 2 months ago

Community Note

google_service_account.service_account: Creating...

Error: Error creating service account: googleapi: Error 409: Service account bf1f61c6-sa already exists within project projects/. Details: [ { "@type": "type.googleapis.com/google.rpc.ResourceInfo", "resourceName": "projects/project_id>/serviceAccounts/bf1f61c6-sa@<project_id.iam.gserviceaccount.com" } ] , alreadyExists

with module.tenant-infra.google_service_account.service_account, on ../modules/v1/service_account.tf line 1, in resource "google_service_account" "service_account": 1: resource "google_service_account" "service_account" {

2024/08/13 08:16:43 TF error: terraform: exit status 1

Terraform Version & Provider Version(s)

Terraform v1.9.0 on

Affected Resource(s)

"google_service_account"

Terraform Configuration

Debug Output

No response

Expected Behavior

Terraform should be able to create the service account

Actual Behavior

Terraform made a create api call to gcp to create a service account. On its subsequent get call it returned an error even though a service account was created. And then it retried to create a service account again.

Steps to reproduce

Sometimes GCP does return an error while get call. If the service account is not attached to any policy.

Important Factoids

No response

References

No response

ggtisc commented 2 months ago

Hi @Dutta78!

To replicate this issue we need the terraform code of your google_service_account resource, because with the terraform registry examples everything looks correct without errors

sbocinec commented 1 month ago

@Dutta78 The solution for this error is to use google TF provider version ~>5.21.0 as it introduced solution for this problem - create_ignore_already_exists field in the google_service_account resource. If you use create_ignore_already_exists = true in the resource, it should help.

github-actions[bot] commented 1 week ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.