程序员经验分享-hwhale

无法使用 Terraform 创建 google 项目

2024-04-09

我正在关注Google GKE 和 SQL 与 terraform https://medium.com/@mudrii/google-gke-and-sql-with-terraform-294fb84061教程 但我无法创建一个google_project.project。 我已经尝试过作为项目所有者和教程中描述的服务。两次尝试均以以下错误结束:

Error: Error applying plan:

1 error(s) occurred:

* google_project.project: 1 error(s) occurred:

* google_project.project: error creating project terraform-dev-357aa670 
 (terraform-dev): googleapi: Error 403: User is not authorized., forbidden. 
  If you received a 403 error, make sure 
  you have the `roles/resourcemanager.projectCreator` permission

我认为我作为项目所有者拥有正确的权限,但显然没有。

以下是我创建服务帐户的方法:

$ gcloud organizations add-iam-policy-binding ${TF_VAR_org_id} \                                (gke_my-domain-218910_europe-west1-b_my-domain-vpc-native/default)
> --member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \
> --role roles/resourcemanager.projectCreator
Updated IAM policy for organization [00000].
bindings:
- members:
  - domain:my-domain.no
  role: roles/billing.creator
- members:
  - serviceAccount:[email protected] /cdn-cgi/l/email-protection
  - serviceAccount:[email protected] /cdn-cgi/l/email-protection
  role: roles/billing.user
- members:
  - domain:min-familie.no
  - serviceAccount:[email protected] /cdn-cgi/l/email-protection
  - serviceAccount:[email protected] /cdn-cgi/l/email-protection
  role: roles/resourcemanager.projectCreator
etag: BwWJxJTDnQs=
version: 19d

“手动”创建项目是可行的。$ gcloud projects create ${TF_ADMIN}.

有什么想法可能是错的吗?


为了创建文件夹和项目,您的帐户需要具有相应的权限,当然您需要确保您使用的是正确的帐户。

首先确保用户拥有正确的权限:

gcloud organizations add-iam-policy-binding YOUR_ORGANIZATION_ID --member=user:[email protected] /cdn-cgi/l/email-protection --role=roles/billing.admin
gcloud organizations add-iam-policy-binding YOUR_ORGANIZATION_ID --member=user:[email protected] /cdn-cgi/l/email-protection --role=roles/resourcemanager.organizationAdmin
gcloud organizations add-iam-policy-binding YOUR_ORGANIZATION_ID --member=user:[email protected] /cdn-cgi/l/email-protection --role=roles/resourcemanager.folderCreator
gcloud organizations add-iam-policy-binding YOUR_ORGANIZATION_ID --member=user:[email protected] /cdn-cgi/l/email-protection --role=roles/resourcemanager.projectCreator

然后确保您设置应用程序默认值并登录到此帐户:

gcloud auth application-default login

设置 API 调用默认计费的项目。阅读更多相关内容here https://cloud.google.com/sdk/gcloud/reference/auth/application-default/set-quota-project。如果不设置此项,运行时可能会出现配额错误terraform apply.

gcloud auth application-default set-quota-project SOME_BILLING_PROJECT
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)

googlecloudplatform

Terraform

无法使用 Terraform 创建 google 项目 的相关文章

随机推荐

热门标签