Skip to content

Commit

Permalink
Add retry to service account creation (GoogleCloudPlatform#3513)
Browse files Browse the repository at this point in the history
  • Loading branch information
c2thorn authored and Nathan Klish committed May 18, 2020
1 parent f217d88 commit 4e35925
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 5 deletions.
18 changes: 13 additions & 5 deletions third_party/terraform/resources/resource_google_service_account.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ func resourceGoogleServiceAccount() *schema.Resource {
Importer: &schema.ResourceImporter{
State: resourceGoogleServiceAccountImport,
},
Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(5 * time.Minute),
},
Schema: map[string]*schema.Schema{
"email": {
Type: schema.TypeString,
Expand Down Expand Up @@ -83,10 +86,15 @@ func resourceGoogleServiceAccountCreate(d *schema.ResourceData, meta interface{}
}

d.SetId(sa.Name)
// This API is meant to be synchronous, but in practice it shows the old value for
// a few milliseconds after the update goes through. A second is more than enough
// time to ensure following reads are correct.
time.Sleep(time.Second)

err = retryTimeDuration(func() (operr error) {
_, saerr := config.clientIAM.Projects.ServiceAccounts.Get(d.Id()).Do()
return saerr
}, d.Timeout(schema.TimeoutCreate), isNotFoundRetryableError("service account creation"))

if err != nil {
return fmt.Errorf("Error reading service account after creation: %s", err)
}

return resourceGoogleServiceAccountRead(d, meta)
}
Expand Down Expand Up @@ -146,7 +154,7 @@ func resourceGoogleServiceAccountUpdate(d *schema.ResourceData, meta interface{}
if err != nil {
return err
}
// See comment in Create.
// API tends to be asynchronous
time.Sleep(time.Second)

return nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,13 @@ exported:

* `unique_id` - The unique id of the service account.

## Timeouts

This resource provides the following
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:

- `create` - Default is 5 minutes.

## Import

Service accounts can be imported using their URI, e.g.
Expand Down

0 comments on commit 4e35925

Please sign in to comment.