search

hashicorp / terraform-provider-googleworkspace

Terraform Provider for Google Workspace
https://registry.terraform.io/providers/hashicorp/googleworkspace
Mozilla Public License 2.0
130 stars 58 forks source link

data.googleworkspace_user 403: Not Authorized when collecting custom schema information #383

Closed via-justa closed 1 year ago

via-justa commented 1 year ago

Terraform Version

Terraform v1.3.3
on darwin_arm64
+ provider registry.terraform.io/hashicorp/googleworkspace v0.7.0

Affected Resource(s)

Terraform Configuration Files

terraform {
  required_providers {
    googleworkspace = {
      source = "hashicorp/googleworkspace"
      version = "0.7.0"
    }
  }
}

provider "googleworkspace" {
  customer_id  = "xxxxxxxx"
  credentials = "key.json"
  oauth_scopes = [
    "https://www.googleapis.com/auth/admin.directory.user",
    "https://www.googleapis.com/auth/admin.directory.userschema",
  ]
}

data "googleworkspace_user" "user" {
  primary_email = "user@domain.com"
}

output "custom_schemas" {
  value = data.googleworkspace_user.user.custom_schemas
}

Expected Behavior

User is returned with custom schema

Actual Behavior

The service account have both scopes set. Call to retrieve user works Call to retrieve custom scheme fails with googleapi: Error 403: Not Authorized to access this resource/api, forbidden

---[ REQUEST ]---------------------------------------
GET /admin/directory/v1/customer/xxxxxxxx/schemas/Employee_Information?alt=json&prettyPrint=false HTTP/1.1
Host: admin.googleapis.com
User-Agent: google-api-go-client/0.5
X-Goog-Api-Client: gl-go/1.16.2 gdcl/0.79.0
Accept-Encoding: gzip

-----------------------------------------------------: timestamp=2022-10-28T13:48:56.434+0200
2022-10-28T13:48:56.626+0200 [INFO]  provider.terraform-provider-googleworkspace: 2022/10/28 13:48:56 [DEBUG] Google Workspace API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 403 Forbidden
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Fri, 28 Oct 2022 11:48:56 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "error": {
    "code": 403,
    "message": "Not Authorized to access this resource/api",
    "errors": [
      {
        "message": "Not Authorized to access this resource/api",
        "domain": "global",
        "reason": "forbidden"
      }
    ]
  }
}

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

Important Factoids

Running the code from a local Mac M1 computer. User have 1 custom schema

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example: Couldn't locate any that fully match

via-justa commented 1 year ago

was missing impersonated_user_email