...
kubernetes_deployment.main[0]: Plan to update
Plan: 0 to add, 1 to change, 0 to destroy.
Error: configmaps "coder-workspace-evan-demo-workspace-1-token" is forbidden: User "system:serviceaccount:coder:coder" cannot get resource "configmaps" in API group "" in the namespace "coder"
on main.tf line 440, in resource "kubernetes_config_map" "coder_agent_token":
  440: resource "kubernetes_config_map" "coder_agent_token" {

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{"meta.helm.sh/release-name":"coder","meta.helm.sh/release-namespace":"coder"},"creationTimestamp":"2023-10-25T02$
    meta.helm.sh/release-name: coder
    meta.helm.sh/release-namespace: coder
  creationTimestamp: "2023-10-25T02:11:31Z"
  labels:
    app.kubernetes.io/managed-by: Helm
  name: coder-workspace-perms
  namespace: coder
  resourceVersion: "202818590"
  uid: ed16fbd8-468b-41f7-8f6d-9c5492d7eca2
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  resources:
  - persistentvolumeclaims
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - apps
  resources:
  - deployments
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch