terraform-provider-google icon indicating copy to clipboard operation
terraform-provider-google copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

google_service_directory_namespace not authenticating from provider access token

Open nicain opened this issue 2 years ago • 1 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.2.9 on linux_amd64

  • provider registry.terraform.io/hashicorp/google v3.17.0
  • provider registry.terraform.io/hashicorp/google-beta v4.36.0

Affected Resource(s)

  • google_service_directory_namespace

Terraform Configuration Files

provider "google" {
  project     = var.project_id
  region      = var.region
  access_token = var.access_token
}

resource "google_service_directory_namespace" "reverse_proxy" {
  provider     = google-beta
  namespace_id = var.service_directory_namespace
  location     = var.region
  project = var.project_id
}

Debug Output

google_service_directory_namespace.reverse_proxy: Creating... 2022-09-19T17:27:17.085Z [INFO] Starting apply for google_service_directory_namespace.reverse_proxy 2022-09-19T17:27:17.085Z [DEBUG] google_service_directory_namespace.reverse_proxy: applying the planned Create change 2022-09-19T17:27:17.086Z [INFO] provider.terraform-provider-google-beta_v4.36.0_x5: 2022/09/19 17:27:17 [DEBUG] Creating new Namespace: map[string]interface {}{}: timestamp=2022-09-19T17:27:17.086Z 2022-09-19T17:27:17.086Z [INFO] provider.terraform-provider-google-beta_v4.36.0_x5: 2022/09/19 17:27:17 [DEBUG] Waiting for state to become: [success]: timestamp=2022-09-19T17:27:17.086Z 2022-09-19T17:27:17.087Z [INFO] provider.terraform-provider-google-beta_v4.36.0_x5: 2022/09/19 17:27:17 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2022-09-19T17:27:17.086Z 2022-09-19T17:27:17.087Z [INFO] provider.terraform-provider-google-beta_v4.36.0_x5: 2022/09/19 17:27:17 [DEBUG] Retry Transport: request attempt 0: timestamp=2022-09-19T17:27:17.087Z 2022-09-19T17:27:17.087Z [INFO] provider.terraform-provider-google-beta_v4.36.0_x5: 2022/09/19 17:27:17 [DEBUG] Google API Request Details: ---[ REQUEST ]--------------------------------------- POST /v1beta1/projects/<REDACTED>/locations/<REDACTED>/namespaces?alt=json&namespaceId=df-namespace HTTP/1.1 Host: servicedirectory.googleapis.com User-Agent: Terraform/1.2.9 (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/dev Content-Length: 3 Content-Type: application/json Accept-Encoding: gzip

{}

-----------------------------------------------------: timestamp=2022-09-19T17:27:17.087Z 2022-09-19T17:27:17.090Z [INFO] provider.terraform-provider-google-beta_v4.36.0_x5: 2022/09/19 17:27:17 [DEBUG] Retry Transport: Stopping retries, last request failed with non-retryable error: metadata: GCE metadata "instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email" not defined: timestamp=2022-09-19T17:27:17.089Z

Expected Behavior

Create the resource

Actual Behavior

Resource does not deploy from my local (scenario-1).

Important Factoids

When identical config run from Google Cloud Shell (scenario-2), deploy occurs without a problem. This lead me to believe that this was an issue getting the authentication token from "provider" to the API request. I confirmed this by configuring the environment to include:

GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud auth print-access-token)

With this change, the plan executed in both scenarios.

I am a googler with Cloud DevRel; happy to communicate more about this if needed.

nicain avatar Sep 19 '22 17:09 nicain

@nicain shouldn't this be an enhancement if this needs to be supported?

edwardmedia avatar Sep 19 '22 20:09 edwardmedia

@nicain looks like this is a new feature. Could you please file an enhancement instead? Closing this now

edwardmedia avatar Oct 04 '22 23:10 edwardmedia

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Nov 04 '22 02:11 github-actions[bot]