diff --git a/.changelog/3513.txt b/.changelog/3513.txt new file mode 100644 index 00000000000..a024b9360bb --- /dev/null +++ b/.changelog/3513.txt @@ -0,0 +1,3 @@ +```release-note:bug +iam: Fixed an issue where `google_service_account` shows an error after creating the resource +``` diff --git a/google/resource_google_service_account.go b/google/resource_google_service_account.go index 2356b4bbcc0..c90a2e9831f 100644 --- a/google/resource_google_service_account.go +++ b/google/resource_google_service_account.go @@ -19,6 +19,9 @@ func resourceGoogleServiceAccount() *schema.Resource { Importer: &schema.ResourceImporter{ State: resourceGoogleServiceAccountImport, }, + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(5 * time.Minute), + }, Schema: map[string]*schema.Schema{ "email": { Type: schema.TypeString, @@ -83,10 +86,15 @@ func resourceGoogleServiceAccountCreate(d *schema.ResourceData, meta interface{} } d.SetId(sa.Name) - // This API is meant to be synchronous, but in practice it shows the old value for - // a few milliseconds after the update goes through. A second is more than enough - // time to ensure following reads are correct. - time.Sleep(time.Second) + + err = retryTimeDuration(func() (operr error) { + _, saerr := config.clientIAM.Projects.ServiceAccounts.Get(d.Id()).Do() + return saerr + }, d.Timeout(schema.TimeoutCreate), isNotFoundRetryableError("service account creation")) + + if err != nil { + return fmt.Errorf("Error reading service account after creation: %s", err) + } return resourceGoogleServiceAccountRead(d, meta) } @@ -146,7 +154,7 @@ func resourceGoogleServiceAccountUpdate(d *schema.ResourceData, meta interface{} if err != nil { return err } - // See comment in Create. + // API tends to be asynchronous time.Sleep(time.Second) return nil diff --git a/website/docs/r/google_service_account.html.markdown b/website/docs/r/google_service_account.html.markdown index 75efb5f5901..b411741cf25 100644 --- a/website/docs/r/google_service_account.html.markdown +++ b/website/docs/r/google_service_account.html.markdown @@ -58,6 +58,13 @@ exported: * `unique_id` - The unique id of the service account. +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 5 minutes. + ## Import Service accounts can be imported using their URI, e.g.