Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Retry Service Account post-creation reads if 403 is returned #15760

Merged
merged 1 commit into from
Sep 7, 2023
Merged

Retry Service Account post-creation reads if 403 is returned #15760

merged 1 commit into from
Sep 7, 2023
+23 −2

Conversation

modular-magician
Copy link
Collaborator

Retry polling for a service account right after its creation if 403 Forbidden is returned. Trying to get a service account immediately after it was created might fail due to the IAM API being eventually consistent..

Given the GetServiceAccountRequest to IAM Admin API returns 403 if the service account is not found, we must retry when trying to read (confirm) the SA was indeed created.

This fixes #15042

If this PR is for Terraform, I acknowledge that I have:

  • Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
  • Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
  • Generated Terraform providers, and ran make test and make lint in the generated providers to ensure it passes unit and linter tests.
  • Ran relevant acceptance tests using my own Google Cloud project and credentials (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
  • Read Write release notes before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

serviceaccount: retry read after `google_service_account` creation if 403 Forbidden is returned.

Derived from GoogleCloudPlatform/magic-modules#8815

Sorry, something went wrong.

@modular-magician
Retry Service Account post-creation reads if 403 is returned (hashico…
fd7fc25 
…rp#8815)

Signed-off-by: Modular Magician <magic-modules@google.com>
@modular-magician modular-magician merged commit 7673820 into hashicorp:main Sep 7, 2023
@rileykarson
Copy link
Collaborator

@shuyama1: Note that changes like this are bug fixes, not enhancements!

@shuyama1
Copy link
Collaborator

oh, got it. Sorry, my bad

@elchead elchead mentioned this pull request Sep 19, 2023
Merged
1 task
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 15, 2023
@modular-magician modular-magician deleted the downstream-pr-b60a9cd6dad1ed74075d5ec2305c7e3761e5c0ef branch November 17, 2024 00:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Error reading service account after creation - 403 Halts Execution
3 participants
@modular-magician @rileykarson @shuyama1