DEVHIDE
Login Or Sign up

Valid service account id not being accepted for workflow service account

408 Views Asked by At

I am attempting to deploy a workflow using the https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/workflows_workflow terraform resource and its failing with error:

Error: Error creating Workflow: googleapi: Error 400: request contains errors
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "The referenced service account is not user-managed, please verify the correctness of the service account name",
        "field": "workflow.service_account"
      }
    ]
  }
]

I can see from running terraform plan that this is the definition of my workflow:

  + resource "google_workflows_workflow" "my_first_workflow" {
      + create_time     = (known after apply)
      + description     = "Magic"
      + id              = (known after apply)
      + name            = "myworkflow"
      + name_prefix     = (known after apply)
      + project         = "myproject"
      + region          = "europe-west4"
      + revision_id     = (known after apply)
      + service_account = "projects/myproject/serviceAccounts/service-account"
      + source_contents = <<-EOT

              - postCallBigqueryStoredProcedure:
                  call: http.post
                  args:
                      url: https://bigquery.googleapis.com/bigquery/v2/projects/myproject/jobs
                      body: {
                                "configuration": {
                                    "query": {
                                    "query": "call mydataset.mystoredprocedure()"
                                    }
                                }
                            }
        EOT
      + state           = (known after apply)
      + update_time     = (known after apply)
    }

The error messages is complaining about the service account however I'm certain that the service account named here: projects/myproject/serviceAccounts/service-account is valid and exists so I'm clueless as to why I'm getting this error. Googling the error message hasn't turned up anything useful.

Does anyone know what might be the problem?

google-workflows
Original Q&A
1

There are 1 best solutions below

2
On BEST ANSWER

You mentioned that the service account is valid and it exists. When you are referencing it, are you including the full account name including the details after the '@' ie. 7**********[email protected]?

I was able to replicate this behaviour by using either an incorrect name or a service account name without the full email address.

You must use the complete email address of your service account. Here's a sample of a correct format. I'm currently using Terraform v0.14.7:

service_account = "projects/project_id/serviceAccounts/7**********[email protected]"

Related Questions in GOOGLE-WORKFLOWS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.