Fix gam-install.sh #1741

Updated gam create project to retry the following unexpected error:
ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.
2026-06-21 06:31:37 +00:00 · 2025-01-30 19:09:20 -08:00 · 2025-01-27 08:16:37 -08:00
3 changed files with 45 additions and 20 deletions
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -1,3 +1,10 @@
+7.03.01
+
+Updated `gam create project` to retry the following unexpected error:
+```
+ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.
+```
+
 7.03.00

 Updated `gam create|use project` to discontinue use of the `Identity-Aware Proxy (IAP) OAuth Admin APIs`
--- a/src/gam-install.sh
+++ b/src/gam-install.sh
@@ -112,6 +112,12 @@ else
  check_type="authenticated"
  curl_opts=( "$GHCLIENT" )
 fi
+curl_ver=$(curl --version|head -1|cut -d " " -f 2)
+if [[ "${curl_ver:0:4}" < "7.76" ]]; then
+  curl_fail=( )
+else
+  curl_fail=( "--fail-with-body" )
+fi
 echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
 release_json=$(curl \
 	--silent \
@@ -119,7 +125,7 @@ release_json=$(curl \
 	-H "Accept: application/vnd.github+json" \
 	-H "X-GitHub-Api-Version: 2022-11-28" \
 	"$release_url" \
-	--fail-with-body)
+	"${curl_fail[@]}")
 curl_exit_code=$?
 if [ $curl_exit_code -ne 0 ]; then
  echo_red "ERROR retrieving URL: ${release_json}"
--- a/src/gam/init.py
+++ b/src/gam/init.py
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """

 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.03.00'
+__version__ = '7.03.01'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'

 #pylint: disable=wrong-import-position
@@ -11361,14 +11361,33 @@ def doEnableAPIs():
      url = f'https://console.cloud.google.com/apis/enableflow?apiid={apiid}&project={projectId}'
      writeStdout(f'    {url}\n\n')

+def _waitForSvcAcctCompletion(i):
+  sleep_time = i*5
+  if i > 3:
+    sys.stdout.write(Msg.WAITING_FOR_ITEM_CREATION_TO_COMPLETE_SLEEPING.format(Ent.Singular(Ent.SVCACCT), sleep_time))
+  time.sleep(sleep_time)
+
 def _grantRotateRights(iam, projectId, service_account, email, account_type='serviceAccount'):
-  printEntityMessage([Ent.PROJECT, projectId, Ent.SVCACCT, email],
-                     Msg.HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY.format(email, service_account))
  body = {'policy': {'bindings': [{'role': 'roles/iam.serviceAccountKeyAdmin',
                                   'members': [f'{account_type}:{email}']}]}}
-  callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
-           resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)
-
+  maxRetries = 10
+  printEntityMessage([Ent.PROJECT, projectId, Ent.SVCACCT, email],
+                     Msg.HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY.format(email, service_account))
+  for retry in range(1, maxRetries+1):
+    try:
+      callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
+               throwReasons=[GAPI.INVALID_ARGUMENT],
+               resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)
+      return True
+    except GAPI.invalidArgument as e:
+      entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
+      if 'does not exist' not in str(e) or retry == maxRetries:
+        return False
+      _waitForSvcAcctCompletion(retry)
+    except Exception as e:
+      entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
+      return False
+    
 def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True):
  iam = getAPIService(API.IAM, httpObj)
  try:
@@ -11392,8 +11411,7 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True)
                                             clientId=service_account['uniqueId']):
    return False
  sa_email = service_account['name'].rsplit('/', 1)[-1]
-  _grantRotateRights(iam, projectInfo['projectId'], sa_email, sa_email)
-  return True
+  return _grantRotateRights(iam, projectInfo['projectId'], sa_email, sa_email)

 def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key=True):
  def _checkClientAndSecret(csHttpObj, client_id, client_secret):
@@ -12563,12 +12581,6 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
      else:
        unknownArgumentExit()

-  def waitForCompletion(i):
-    sleep_time = i*5
-    if i > 3:
-      sys.stdout.write(Msg.WAITING_FOR_ITEM_CREATION_TO_COMPLETE_SLEEPING.format(Ent.Singular(Ent.SVCACCT), sleep_time))
-    time.sleep(sleep_time)
-
  local_key_size = 2048
  validityHours = 0
  body = {}
@@ -12638,12 +12650,12 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
        if retry == maxRetries:
          entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
          return False
-        waitForCompletion(retry)
+        _waitForSvcAcctCompletion(retry)
      except GAPI.permissionDenied:
        if retry == maxRetries:
          entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
          return False
-        waitForCompletion(retry)
+        _waitForSvcAcctCompletion(retry)
      except GAPI.badRequest as e:
        entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
        return False
@@ -12656,7 +12668,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
          new_data['private_key'] = ''
          newPrivateKeyId = ''
          break
-        waitForCompletion(retry)
+        _waitForSvcAcctCompletion(retry)
    new_data['private_key_id'] = newPrivateKeyId
    oauth2service_data = _formatOAuth2ServiceData(new_data)
  else:
@@ -12673,7 +12685,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
        if retry == maxRetries:
          entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
          return False
-        waitForCompletion(retry)
+        _waitForSvcAcctCompletion(retry)
      except GAPI.badRequest as e:
        entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
        return False
@@ -12714,7 +12726,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
          if retry == maxRetries:
            entityActionFailedWarning([Ent.SVCACCT_KEY, keyName], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
            break
-          waitForCompletion(retry)
+          _waitForSvcAcctCompletion(retry)
        except GAPI.badRequest as e:
          entityActionFailedWarning([Ent.SVCACCT_KEY, keyName], str(e), i, count)
          break
Author	SHA1	Message	Date
Ross Scroggs	e744aa29e3	Fix gam-install.sh #1741 Some checks failed Build and test GAM / build (Win64, build, 10, VC-WIN64A, windows-2022) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 3, linux-aarch64, ubuntu-24.04-arm) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 4, linux-aarch64, ubuntu-22.04-arm) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 6, linux-aarch64, ubuntu-22.04-arm, yes) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 8, darwin64-arm64, macos-14) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 9, darwin64-arm64, macos-15) (push) Has been cancelled Details Build and test GAM / build (x86_64, build, 1, linux-x86_64, ubuntu-22.04) (push) Has been cancelled Details Build and test GAM / build (x86_64, build, 2, linux-x86_64, ubuntu-24.04) (push) Has been cancelled Details Build and test GAM / build (x86_64, build, 5, linux-x86_64, ubuntu-22.04, yes) (push) Has been cancelled Details Build and test GAM / build (x86_64, build, 7, darwin64-x86_64, macos-13) (push) Has been cancelled Details Build and test GAM / build (x86_64, test, 11, ubuntu-24.04, 3.10) (push) Has been cancelled Details Build and test GAM / build (x86_64, test, 12, ubuntu-24.04, 3.11) (push) Has been cancelled Details Build and test GAM / build (x86_64, test, 13, ubuntu-24.04, 3.12) (push) Has been cancelled Details CodeQL / Analyze (python) (push) Has been cancelled Details Check for Google Root CA Updates / check-apis (push) Has been cancelled Details Build and test GAM / merge (push) Has been cancelled Details Build and test GAM / publish (push) Has been cancelled Details	2025-01-30 19:09:20 -08:00
Ross Scroggs	367c23a13c	Updated `gam create project` to retry the following unexpected error: Some checks failed Build and test GAM / build (Win64, build, 10, VC-WIN64A, windows-2022) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 3, linux-aarch64, ubuntu-24.04-arm) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 4, linux-aarch64, ubuntu-22.04-arm) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 6, linux-aarch64, ubuntu-22.04-arm, yes) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 8, darwin64-arm64, macos-14) (push) Has been cancelled Details Build and test GAM / build (aarch64, build, 9, darwin64-arm64, macos-15) (push) Has been cancelled Details Build and test GAM / build (x86_64, build, 1, linux-x86_64, ubuntu-22.04) (push) Has been cancelled Details Build and test GAM / build (x86_64, build, 2, linux-x86_64, ubuntu-24.04) (push) Has been cancelled Details Build and test GAM / build (x86_64, build, 5, linux-x86_64, ubuntu-22.04, yes) (push) Has been cancelled Details Build and test GAM / build (x86_64, build, 7, darwin64-x86_64, macos-13) (push) Has been cancelled Details Build and test GAM / build (x86_64, test, 11, ubuntu-24.04, 3.10) (push) Has been cancelled Details Build and test GAM / build (x86_64, test, 12, ubuntu-24.04, 3.11) (push) Has been cancelled Details Build and test GAM / build (x86_64, test, 13, ubuntu-24.04, 3.12) (push) Has been cancelled Details CodeQL / Analyze (python) (push) Has been cancelled Details Check for Google Root CA Updates / check-apis (push) Has been cancelled Details Build and test GAM / merge (push) Has been cancelled Details Build and test GAM / publish (push) Has been cancelled Details ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.	2025-01-27 08:16:37 -08:00