google-github-actions/auth failed with: retry function failed after 4 attempts: failed to generate Google Cloud access token for ***

[arivictor]

TL;DR

• Github action workflow job run is failing with the above.
• Successfully deploy step 0 - Bootstrap
• At stage now where I have a PR open on a "plan" branch against "production"

Expected behavior

Pull request GHA runs terraform plan successfully, authenticating to the project using the provided secrets/credentials in GH.

Observed behavior

Error: google-github-actions/auth failed with: retry function failed after 4 attempts: failed to generate Google Cloud access token for ***: (403) {
  "error": {
    "code": 403,
    "message": "Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "IAM_PERMISSION_DENIED",
        "domain": "iam.googleapis.com",
        "metadata": {
          "permission": "iam.serviceAccounts.getAccessToken"
        }
      }
    ]
  }
}

The workload identity federation is created, I don't know if it's configured right as it doesn't show any connected service accounts.

Terraform Configuration

As per the repo

Terraform Version

Terraform v1.8.3
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v4.84.0
+ provider registry.terraform.io/hashicorp/google-beta v4.84.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.1
+ provider registry.terraform.io/hashicorp/time v0.11.1
+ provider registry.terraform.io/integrations/github v5.34.0

Additional information

Terraform plans and applies locally fine.

[aalldridge]

I am observing the same behaviour with GitLab.

[sleighton2022]

Will try and reproduce