Skip to content

Commit

Permalink
Add retry to service account creation (hashicorp#3513)
Browse files Browse the repository at this point in the history
Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician committed May 15, 2020
1 parent 2e8f4be commit adf0aff
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 5 deletions.
3 changes: 3 additions & 0 deletions .changelog/3513.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
iam: Fixed an issue where `google_service_account` shows an error after creating the resource
```
18 changes: 13 additions & 5 deletions google/resource_google_service_account.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ func resourceGoogleServiceAccount() *schema.Resource {
Importer: &schema.ResourceImporter{
State: resourceGoogleServiceAccountImport,
},
Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(5 * time.Minute),
},
Schema: map[string]*schema.Schema{
"email": {
Type: schema.TypeString,
Expand Down Expand Up @@ -83,10 +86,15 @@ func resourceGoogleServiceAccountCreate(d *schema.ResourceData, meta interface{}
}

d.SetId(sa.Name)
// This API is meant to be synchronous, but in practice it shows the old value for
// a few milliseconds after the update goes through. A second is more than enough
// time to ensure following reads are correct.
time.Sleep(time.Second)

err = retryTimeDuration(func() (operr error) {
_, saerr := config.clientIAM.Projects.ServiceAccounts.Get(d.Id()).Do()
return saerr
}, d.Timeout(schema.TimeoutCreate), isNotFoundRetryableError("service account creation"))

if err != nil {
return fmt.Errorf("Error reading service account after creation: %s", err)
}

return resourceGoogleServiceAccountRead(d, meta)
}
Expand Down Expand Up @@ -146,7 +154,7 @@ func resourceGoogleServiceAccountUpdate(d *schema.ResourceData, meta interface{}
if err != nil {
return err
}
// See comment in Create.
// API tends to be asynchronous
time.Sleep(time.Second)

return nil
Expand Down
7 changes: 7 additions & 0 deletions website/docs/r/google_service_account.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,13 @@ exported:

* `unique_id` - The unique id of the service account.

## Timeouts

This resource provides the following
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:

- `create` - Default is 5 minutes.

## Import

Service accounts can be imported using their URI, e.g.
Expand Down

0 comments on commit adf0aff

Please sign in to comment.