search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.36k stars 1.75k forks source link

Insufficient Permission for google_site_verification_token #20416

Open jakubno opened 1 day ago

jakubno commented 1 day ago

Question

Hi, I'm having trouble verifying a site with Terraform. I've enabled the Site Verification API, I'm the GCP project owner, and I own the property in Search Console. Everything works fine through the Cloud Console and Search Console, but with Terraform, I get an "insufficient authentication scopes" error.

I'm running it locally, using the same account and project as in the Console. Other tasks, like provisioning VMs and setting up networks, have always worked without issues. I'm not sure if I'm doing something wrong here.

Here's minimal example 

terraform {
  required_version = ">= 1.5.0, < 1.6.0"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "6.12.0"
    }
  }
}

provider "google" {
  project = var.gcp_project_id
  scopes = [
    "https://www.googleapis.com/auth/siteverification",
    "https://www.googleapis.com/auth/siteverification.verify_only",
  ]
}

data "google_site_verification_token" "token" {
  provider            = google
  type                = "INET_DOMAIN"
  identifier          = var.domain_name
  verification_method = "DNS_TXT"
}

I also tried to add scopes to the provider.

provider "google" {
  project = var.gcp_project_id
  region  = var.gcp_region
  zone    = var.gcp_zone
  scopes = [
    "https://www.googleapis.com/auth/siteverification",
    "https://www.googleapis.com/auth/siteverification.verify_only",
  ]
}

Here's the error:

│ Error: Error reading Token: googleapi: Error 403: Request had insufficient authentication scopes.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "method": "security.irdb.api.VerificationService.GetToken",
│       "service": "siteverification.googleapis.com"
│     },
│     "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT"
│   }
│ ]
│ 
│ More details:
│ Reason: insufficientPermissions, Message: Insufficient Permission
│ 
│ 
│   with data.google_site_verification_token.token,
│   on main.tf line 19, in data "google_site_verification_token" "token":
│   15: data "google_site_verification_token" "token" {
│

If you need anything, I'm happy to provide more information.