Failing test(s): TestAccSiteVerification*

[SarahFrench]

Impacted tests

• TestAccSiteVerificationOwner_siteVerificationBucket
• TestAccSiteVerificationWebResource_siteVerificationDomain

Affected Resource(s)

• google_site_verification_token

Failure rates

• 100% since 2024-09-14

Message(s)

------- Stdout: -------
=== RUN   TestAccSiteVerificationOwner_siteVerificationBucket
=== PAUSE TestAccSiteVerificationOwner_siteVerificationBucket
=== CONT  TestAccSiteVerificationOwner_siteVerificationBucket
    resource_site_verification_owner_test.go:25: Step 1/7 error: Error running apply: exit status 1
        Error: Error reading Token: googleapi: Error 403: Request had insufficient authentication scopes.
        Details:
        [
          {
            "@type": "type.googleapis.com/google.rpc.ErrorInfo",
            "domain": "googleapis.com",
            "metadata": {
              "method": "security.irdb.api.VerificationService.GetToken",
              "service": "siteverification.googleapis.com"
            },
            "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT"
          }
        ]
        More details:
        Reason: insufficientPermissions, Message: Insufficient Permission
          with data.google_site_verification_token.token,
          on terraform_plugin_test.tf line 28, in data "google_site_verification_token" "token":
          28: data "google_site_verification_token" "token" {
--- FAIL: TestAccSiteVerificationOwner_siteVerificationBucket (18.17s)
FAIL

------- Stdout: -------
=== RUN   TestAccSiteVerificationWebResource_siteVerificationDomain
    resource_site_verification_web_resource_test.go:39: Step 1/3 error: Error running apply: exit status 1
        Error: Error retrieving record sets for "terraform-test": googleapi: Error 404: The 'parameters.managedZone' resource named 'terraform-test' does not exist., notFound
          with google_dns_record_set.example,
          on terraform_plugin_test.tf line 19, in resource "google_dns_record_set" "example":
          19: resource "google_dns_record_set" "example" {
--- FAIL: TestAccSiteVerificationWebResource_siteVerificationDomain (6.59s)
FAIL

Nightly build test history

• https://hashicorp.teamcity.com/test/-1426504613197928608?currentProjectId=TerraformProviders_GoogleCloud_GOOGLE_NIGHTLYTESTS&expandTestHistoryChartSection=true
• https://hashicorp.teamcity.com/test/-841110319994049813?currentProjectId=TerraformProviders_GoogleCloud_GOOGLE_NIGHTLYTESTS&expandTestHistoryChartSection=true

[melinath]

Looks like we don't have a team that owns this resource yet.

[wyardley]

@NickElliot you may know all of this, but just commenting in case this helps at all... played with this a little just for "fun" -- using ADC is different from how the creds are setup in cloudbuild or teamcity, obviously, but, I got this exact error (even with the "scoped" provider) using ADC, and the error went away after running gcloud auth application-default login --scopes "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/siteverification,https://www.googleapis.com/auth/siteverification.verify_only", and setting a quota project for the ADC. Also read somewhere that the siteverification API may not work with service accounts properly?

So maybe the account / service account where the tests are running needs additional scopes itself?