Skip to content

fix(bigquery): Add retry predicates for BigQuery dataset IAM operations#26429

Draft
ElliotSwart wants to merge 1 commit intohashicorp:mainfrom
ElliotSwart:fix/bigquery-dataset-iam-retry-predicates
Draft

fix(bigquery): Add retry predicates for BigQuery dataset IAM operations#26429
ElliotSwart wants to merge 1 commit intohashicorp:mainfrom
ElliotSwart:fix/bigquery-dataset-iam-retry-predicates

Conversation

@ElliotSwart
Copy link
Copy Markdown

@ElliotSwart ElliotSwart commented Mar 12, 2026

Summary

  • Adds IamServiceAccountNotFound and IsBigqueryIAMQuotaError retry predicates to BigqueryDatasetIamUpdater.SetResourceIamPolicy
  • Fixes transient 400 errors when service accounts referenced in BigQuery dataset IAM policies haven't fully propagated
  • Fixes transient 403 quota errors during bulk BigQuery IAM operations

Problem

SetResourceIamPolicy in iam_bigquery_dataset.go calls SendRequest without any ErrorRetryPredicates. This means:

  1. When a google_service_account and a google_bigquery_dataset_iam_policy referencing that SA are created in the same terraform apply, the IAM operation can fail with Error 400: Service account <SA> does not exist if the SA hasn't fully propagated yet.

  2. During bulk BigQuery IAM operations, Error 403: exceeded rate limits errors are not retried.

Both predicates already exist in error_retry_predicates.go and are used by other IAM resource implementations, but were not connected to BigQuery dataset IAM operations.

Fix

Pass the two existing predicates to SendRequest in SetResourceIamPolicy:

ErrorRetryPredicates: []transport_tpg.RetryErrorPredicateFunc{
    transport_tpg.IamServiceAccountNotFound,
    transport_tpg.IsBigqueryIAMQuotaError,
},

This follows the same pattern used by other IAM implementations in the provider (e.g., Cloud Run IAM).

Test plan

  • Run provider acceptance tests for google_bigquery_dataset_iam_policy
  • Run provider acceptance tests for google_bigquery_dataset_iam_binding
  • Run provider acceptance tests for google_bigquery_dataset_iam_member
  • Verify retry behavior with debug logging when SA propagation delay occurs

References

  • IamServiceAccountNotFound predicate: google/transport/error_retry_predicates.go:470
  • IsBigqueryIAMQuotaError predicate: google/transport/error_retry_predicates.go:304
  • Source file: mmv1/third_party/terraform/services/bigquery/iam_bigquery_dataset.go

🤖 Generated with Claude Code

@ElliotSwart @claude
fix(bigquery): Add retry predicates for BigQuery dataset IAM operations
83f07bc 
BigQuery dataset IAM operations (SetResourceIamPolicy) currently do not
pass any ErrorRetryPredicates to SendRequest, causing transient errors
from service account propagation delays to fail immediately instead of
being retried.

This adds two existing retry predicates:
- IamServiceAccountNotFound: retries 400 errors when a service account
  referenced in an IAM policy does not yet exist (propagation delay)
- IsBigqueryIAMQuotaError: retries 403 errors from BigQuery IAM quota
  limits

This follows the same pattern used by other IAM resource implementations
in the provider and addresses errors observed when service accounts and
BigQuery dataset IAM policies are created in the same Terraform apply.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 12, 2026

This repository is generated by https://github.com/GoogleCloudPlatform/magic-modules. Any changes made directly to this repository will likely be overwritten. If you have further questions, please feel free to ping your reviewer or, internal employees, reach out to one of the engineers. Thank you!

@ElliotSwart ElliotSwart mentioned this pull request Mar 12, 2026
Draft
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@c2thorn c2thorn Awaiting requested review from c2thorn c2thorn will be requested when the pull request is marked ready for review c2thorn is a code owner

@hao-nan-li hao-nan-li Awaiting requested review from hao-nan-li hao-nan-li will be requested when the pull request is marked ready for review hao-nan-li is a code owner

@melinath melinath Awaiting requested review from melinath melinath will be requested when the pull request is marked ready for review melinath is a code owner

@NickElliot NickElliot Awaiting requested review from NickElliot NickElliot will be requested when the pull request is marked ready for review NickElliot is a code owner

@rileykarson rileykarson Awaiting requested review from rileykarson rileykarson will be requested when the pull request is marked ready for review rileykarson is a code owner

@roaks3 roaks3 Awaiting requested review from roaks3 roaks3 will be requested when the pull request is marked ready for review roaks3 is a code owner

@ScottSuarez ScottSuarez Awaiting requested review from ScottSuarez ScottSuarez will be requested when the pull request is marked ready for review ScottSuarez is a code owner

@shuyama1 shuyama1 Awaiting requested review from shuyama1 shuyama1 will be requested when the pull request is marked ready for review shuyama1 is a code owner

@SirGitsalot SirGitsalot Awaiting requested review from SirGitsalot SirGitsalot will be requested when the pull request is marked ready for review SirGitsalot is a code owner

@slevenick slevenick Awaiting requested review from slevenick slevenick will be requested when the pull request is marked ready for review slevenick is a code owner

@trodge trodge Awaiting requested review from trodge trodge will be requested when the pull request is marked ready for review trodge is a code owner

@zli82016 zli82016 Awaiting requested review from zli82016 zli82016 will be requested when the pull request is marked ready for review zli82016 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ElliotSwart