Hi, I don’t understand the behavior of the google_service_account resource and the “member” attribute in my code. Here’s what I observed, but it doesn’t make sense to me why the member attribute causes an issue.
- I have a service account that I created:
resource "google_service_account" "scheduler" {
account_id = "scheduler"
display_name = "scheduler"
project = "clutch-platform-dev"
}
and I see the resource in the tfstate file
- When I show the resource at the console, I get this message:
% terraform state show google_service_account.scheduler
unsupported attribute "member"
# google_service_account.scheduler:
resource "google_service_account" "scheduler" {
- There is an outputs.tf file also, with this output defined:
output "scheduler" {
value = google_service_account.scheduler
}
- When I run plan I see this message:
% terraform plan
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.
Preparing the remote plan...
The remote workspace is configured to work with configuration at
IAM/dev relative to the target repository.
Terraform will upload the contents of the following directory,
excluding files or directories as defined by a .terraformignore file
at /Users/mike.james/Github/terraformCloudGCP/.terraformignore (if it is present),
in order to capture the filesystem context the remote workspace expects:
/Users/mike.james/Github/terraformCloudGCP
To view this run in a browser, visit:
https://app.terraform.io/app/clutchholdingsgcp/dev-iam/runs/run-VD5fGcn3WkDEKETP
Waiting for the plan to start...
Terraform v0.14.6
Initializing plugins and modules...
google_project_iam_binding.quota_admin_role: Refreshing state... [id=clutch-platform-dev/roles/servicemanagement.quotaAdmin]
google_project_iam_binding.iam_service_account_user_role: Refreshing state... [id=clutch-platform-dev/roles/iam.serviceAccountUser]
google_project_iam_member.composer_api_service_agent_role: Refreshing state... [id=clutch-platform-dev/roles/composer.ServiceAgentV2Ext/serviceAccount:[service-847803494713@cloudcomposer-accounts.iam.gserviceaccount.com](mailto:service-847803494713@cloudcomposer-accounts.iam.gserviceaccount.com)]
google_project_iam_binding.pubsub_admin_role: Refreshing state... [id=clutch-platform-dev/roles/pubsub.admin]
google_service_account.arsenal: Refreshing state... [id=projects/clutch-platform-dev/serviceAccounts/[arsenal@clutch-platform-dev.iam.gserviceaccount.com](mailto:arsenal@clutch-platform-dev.iam.gserviceaccount.com)]
google_project_iam_binding.kubernetes_engine_developer_role: Refreshing state... [id=clutch-platform-dev/roles/container.developer]
google_project_iam_binding.logging_admin_role: Refreshing state... [id=clutch-platform-dev/roles/logging.admin]
google_service_account.jciccarone-datascience: Refreshing state... [id=projects/clutch-platform-dev/serviceAccounts/[jciccarone-datascience@clutch-platform-dev.iam.gserviceaccount.com](mailto:jciccarone-datascience@clutch-platform-dev.iam.gserviceaccount.com)]
google_project_iam_binding.serverlessvpc_admin_role: Refreshing state... [id=clutch-platform-dev/roles/vpcaccess.admin]
google_project_iam_binding.cloudstorage_admin_role: Refreshing state... [id=clutch-platform-dev/roles/storage.admin]
google_project_iam_binding.dataproc_admin_role: Refreshing state... [id=clutch-platform-dev/roles/dataproc.admin]
google_project_iam_binding.bigquery_admin_role: Refreshing state... [id=clutch-platform-dev/roles/bigquery.admin]
google_project_iam_binding.cloudsql_admin_role: Refreshing state... [id=clutch-platform-dev/roles/cloudsql.admin]
google_project_iam_binding.gce_instance_admin_role: Refreshing state... [id=clutch-platform-dev/roles/compute.instanceAdmin]
google_project_iam_binding.pubsub_publisher_role: Refreshing state... [id=clutch-platform-dev/roles/pubsub.publisher]
google_project_iam_binding.iap_admin_role: Refreshing state... [id=clutch-platform-dev/roles/iap.admin]
google_service_account.harshshukla: Refreshing state... [id=projects/clutch-platform-dev/serviceAccounts/[harshshukla@clutch-platform-dev.iam.gserviceaccount.com](mailto:harshshukla@clutch-platform-dev.iam.gserviceaccount.com)]
google_project_iam_binding.serviceaccount_admin_role: Refreshing state... [id=clutch-platform-dev/roles/iam.serviceAccountAdmin]
google_project_iam_binding.securitycenter_admin_role: Refreshing state... [id=clutch-platform-dev/roles/securitycenter.admin]
google_project_iam_binding.cloudfunctions_admin_role: Refreshing state... [id=clutch-platform-dev/roles/cloudfunctions.admin]
google_project_iam_binding.compute_engine_admin_role: Refreshing state... [id=clutch-platform-dev/roles/compute.admin]
google_project_iam_binding.admins: Refreshing state... [id=clutch-platform-dev/roles/owner]
google_project_iam_binding.kubernetes_engine_admin_role: Refreshing state... [id=clutch-platform-dev/roles/container.admin]
google_project_iam_binding.cloudkms_admin_role: Refreshing state... [id=clutch-platform-dev/roles/cloudkms.admin]
google_project_iam_binding.bigquery_user_role: Refreshing state... [id=clutch-platform-dev/roles/bigquery.user]
google_project_iam_binding.monitoring_metric_writer_role: Refreshing state... [id=clutch-platform-dev/roles/monitoring.metricWriter]
google_service_account.composer-user-managed: Refreshing state... [id=projects/clutch-platform-dev/serviceAccounts/[composer-user-managed@clutch-platform-dev.iam.gserviceaccount.com](mailto:composer-user-managed@clutch-platform-dev.iam.gserviceaccount.com)]
google_project_iam_binding.dataproc_service_agent_role: Refreshing state... [id=clutch-platform-dev/roles/dataproc.serviceAgent]
google_project_iam_binding.pubsub_viewer_role: Refreshing state... [id=clutch-platform-dev/roles/pubsub.viewer]
google_project_iam_binding.composer_worker_role: Refreshing state... [id=clutch-platform-dev/roles/composer.worker]
google_service_account.scheduler: Refreshing state... [id=projects/clutch-platform-dev/serviceAccounts/[scheduler@clutch-platform-dev.iam.gserviceaccount.com](mailto:scheduler@clutch-platform-dev.iam.gserviceaccount.com)]
google_project_iam_binding.composer_admin_role: Refreshing state... [id=clutch-platform-dev/roles/composer.admin]
google_project_iam_binding.secretmanager_admin_role: Refreshing state... [id=clutch-platform-dev/roles/secretmanager.admin]
google_project_iam_binding.monitoring_admin_role: Refreshing state... [id=clutch-platform-dev/roles/monitoring.admin]
google_project_iam_binding.cloudstorage_object_admin_role: Refreshing state... [id=clutch-platform-dev/roles/storage.objectAdmin]
google_project_iam_binding.gce_instance_admin_v1_role: Refreshing state... [id=clutch-platform-dev/roles/compute.instanceAdmin.v1]
google_project_iam_binding.memcache_admin_role: Refreshing state... [id=clutch-platform-dev/roles/memcache.admin]
google_project_iam_binding.dataflow_admin_role: Refreshing state... [id=clutch-platform-dev/roles/dataflow.admin]
google_project_iam_binding.security_admin_role: Refreshing state... [id=clutch-platform-dev/roles/iam.securityAdmin]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
Terraform will perform the following actions:
Plan: 0 to add, 0 to change, 0 to destroy.
Changes to Outputs:
~ scheduler = {
- member = "serviceAccount:[scheduler@clutch-platform-dev.iam.gserviceaccount.com](mailto:scheduler@clutch-platform-dev.iam.gserviceaccount.com)" -> null
# (10 unchanged elements hidden)
}