From 30af289c5508dfa343c24d81071ec91941807b50 Mon Sep 17 00:00:00 2001
From: Lauren Voswinkel <lvoswinkel@hashicorp.com>
Date: Fri, 28 Aug 2020 15:17:50 -0700
Subject: [PATCH] Add check for 403 during rollback to prevent spam (#97)

---
 plugin/rollback.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/plugin/rollback.go b/plugin/rollback.go
index fca1d731..3717704f 100644
--- a/plugin/rollback.go
+++ b/plugin/rollback.go
@@ -222,7 +222,7 @@ func (b *backend) deleteServiceAccount(ctx context.Context, iamAdmin *iam.Servic
 	}
 
 	_, err := iamAdmin.Projects.ServiceAccounts.Delete(account.ResourceName()).Do()
-	if err != nil && !isGoogleAccountNotFoundErr(err) {
+	if err != nil && (!isGoogleAccountNotFoundErr(err) || !isGoogleAccountUnauthorizedErr(err)) {
 		return errwrap.Wrapf("unable to delete service account: {{err}}", err)
 	}
 	return nil
@@ -285,6 +285,10 @@ func isGoogleAccountNotFoundErr(err error) bool {
 	return isGoogleApiErrorWithCodes(err, 404)
 }
 
+func isGoogleAccountUnauthorizedErr(err error) bool {
+	return isGoogleApiErrorWithCodes(err, 403)
+}
+
 func isGoogleAccountKeyNotFoundErr(err error) bool {
 	return isGoogleApiErrorWithCodes(err, 403, 404)
 }