@@ -121,7 +121,7 @@ func TestAccServiceAccount_createIgnoreAlreadyExists(t *testing.T) {
121121 },
122122 // The second step creates a new resource that duplicates with the existing service account.
123123 {
124- Config : testAccServiceAccountCreateIgnoreAlreadyExists (accountId , displayName , desc ),
124+ Config : testAccServiceAccountDuplicateIgnoreAlreadyExists (accountId , displayName , desc ),
125125 Check : resource .ComposeTestCheckFunc (
126126 resource .TestCheckResourceAttr (
127127 "google_service_account.duplicate" , "member" , "serviceAccount:" + expectedEmail ),
@@ -131,6 +131,50 @@ func TestAccServiceAccount_createIgnoreAlreadyExists(t *testing.T) {
131131 })
132132}
133133
134+ // Test setting create_ignore_already_exists on an existing resource
135+ func TestAccServiceAccount_existingResourceCreateIgnoreAlreadyExists (t * testing.T ) {
136+ t .Parallel ()
137+
138+ project := envvar .GetTestProjectFromEnv ()
139+ accountId := "a" + acctest .RandString (t , 10 )
140+ displayName := "Terraform Test"
141+ desc := "test description"
142+
143+ expectedEmail := fmt .Sprintf ("%s@%s.iam.gserviceaccount.com" , accountId , project )
144+ acctest .VcrTest (t , resource.TestCase {
145+ PreCheck : func () { acctest .AccTestPreCheck (t ) },
146+ ProtoV5ProviderFactories : acctest .ProtoV5ProviderFactories (t ),
147+ Steps : []resource.TestStep {
148+ // The first step creates a new resource with create_ignore_already_exists=false
149+ {
150+ Config : testAccServiceAccountCreateIgnoreAlreadyExists (accountId , displayName , desc , false ),
151+ Check : resource .ComposeTestCheckFunc (
152+ resource .TestCheckResourceAttr (
153+ "google_service_account.acceptance" , "project" , project ),
154+ resource .TestCheckResourceAttr (
155+ "google_service_account.acceptance" , "member" , "serviceAccount:" + expectedEmail ),
156+ ),
157+ },
158+ {
159+ ResourceName : "google_service_account.acceptance" ,
160+ ImportStateId : fmt .Sprintf ("projects/%s/serviceAccounts/%s" , project , expectedEmail ),
161+ ImportState : true ,
162+ ImportStateVerify : true ,
163+ ImportStateVerifyIgnore : []string {"create_ignore_already_exists" }, // Import leaves this field out when false
164+ },
165+ // The second step updates the resource to have create_ignore_already_exists=true
166+ {
167+ Config : testAccServiceAccountCreateIgnoreAlreadyExists (accountId , displayName , desc , true ),
168+ Check : resource .ComposeTestCheckFunc (resource .TestCheckResourceAttr (
169+ "google_service_account.acceptance" , "project" , project ),
170+ resource .TestCheckResourceAttr (
171+ "google_service_account.acceptance" , "member" , "serviceAccount:" + expectedEmail ),
172+ ),
173+ },
174+ },
175+ })
176+ }
177+
134178func TestAccServiceAccount_Disabled (t * testing.T ) {
135179 t .Parallel ()
136180
@@ -209,7 +253,18 @@ resource "google_service_account" "acceptance" {
209253` , account , name , desc )
210254}
211255
212- func testAccServiceAccountCreateIgnoreAlreadyExists (account , name , desc string ) string {
256+ func testAccServiceAccountCreateIgnoreAlreadyExists (account , name , desc string , ignore_already_exists bool ) string {
257+ return fmt .Sprintf (`
258+ resource "google_service_account" "acceptance" {
259+ account_id = "%v"
260+ display_name = "%v"
261+ description = "%v"
262+ create_ignore_already_exists = %t
263+ }
264+ ` , account , name , desc , ignore_already_exists )
265+ }
266+
267+ func testAccServiceAccountDuplicateIgnoreAlreadyExists (account , name , desc string ) string {
213268 return fmt .Sprintf (`
214269resource "google_service_account" "acceptance" {
215270 account_id = "%v"
0 commit comments