search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.31k stars 1.73k forks source link

Failing test(s): TestAccFwProvider_impersonate_service_account_delegates #19741

Open ScottSuarez opened 3 hours ago

ScottSuarez commented 3 hours ago

Impacted tests

Affected Resource(s)

Failure rates

Message(s)

------- Stdout: -------
=== RUN   TestAccFwProvider_impersonate_service_account_delegates
=== RUN   TestAccFwProvider_impersonate_service_account_delegates/impersonate_service_account_delegates_can_be_set_in_config
=== RUN   TestAccFwProvider_impersonate_service_account_delegates/when_impersonate_service_account_delegates_is_set_to_an_empty_list_in_the_config_the_value_IS_ignored
=== RUN   TestAccFwProvider_impersonate_service_account_delegates/impersonate_service_account_delegates_controls_which_service_account_is_used_for_actions
    provider_impersonate_service_account_delegates_test.go:98: Step 2/2, expected an error with pattern, no match on: Error running apply: exit status 1
        Error: Error creating Topic: Put "https://pubsub.googleapis.com/v1/projects/xxxx/topics/tf-test-r2fe33sh0b-fail?alt=json": impersonate: status code 403: {
          "error": {
            "code": 403,
            "message": "Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).",
            "status": "PERMISSION_DENIED",
            "details": [
              {
                "@type": "type.googleapis.com/google.rpc.ErrorInfo",
                "reason": "IAM_PERMISSION_DENIED",
                "domain": "iam.googleapis.com",
                "metadata": {
                  "permission": "iam.serviceAccounts.getAccessToken"
                }
              }
            ]
          }
        }
          with google_pubsub_topic.fail,
          on terraform_plugin_test.tf line 44, in resource "google_pubsub_topic" "fail":
          44: resource "google_pubsub_topic" "fail" {

Nightly build test history

SarahFrench commented 2 hours ago

Something that comes to mind: I had some failures with the error message Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist) that were due to the IAM Service Account Credentials API not being enabled in the VCR test project, ~and were resolved by that API being enabled.~ Turns out the build I ran had an incorrect test name.

Could something be interfering with that API in the nightly test projects?