dde*_*zia 6 google-app-engine google-cloud-platform gcloud terraform
我正在尝试使用 terraform 创建一个简单的 appengine 应用程序。
首先,我使用 gcloud cli 创建了所有基本资源。这里我列出我执行过的命令:
export PROJECT=ProjectName
export TF_VAR_billing_account=xxxxxx-xxxxxx-xxxxxx
export TF_VAR_project=${PROJECT}-terraform
export TF_CREDS=./${PROJECT}-terraform.json
gcloud projects create ${TF_VAR_project} \
--set-as-default
gcloud beta billing projects link ${TF_VAR_project} \
--billing-account ${TF_VAR_billing_account}
######################################################################################
##### Create the Terraform service account
######################################################################################
gcloud iam service-accounts create terraform \
--display-name "Terraform admin account"
gcloud iam service-accounts keys create ${TF_CREDS} \
--iam-account terraform@${TF_VAR_project}.iam.gserviceaccount.com
gcloud projects add-iam-policy-binding ${TF_VAR_project} \
--member serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com \
--role roles/editor
gcloud projects add-iam-policy-binding ${TF_VAR_project} \
--member serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com \
--role roles/storage.admin
gcloud projects add-iam-policy-binding ${TF_VAR_project} \
--member serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com \
--role roles/appengine.appAdmin
gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable cloudbilling.googleapis.com
gcloud services enable iam.googleapis.com
gcloud services enable serviceusage.googleapis.com
######################################################################################
##### Set up remote state in Cloud Storage
######################################################################################
gsutil mb -p ${TF_VAR_project} gs://${TF_VAR_project}
cat > backend.tf << EOF
terraform {
backend "gcs" {
bucket = "${TF_VAR_project}"
prefix = "terraform/state"
}
}
EOF
gsutil versioning set on gs://${TF_VAR_project}
export GOOGLE_APPLICATION_CREDENTIALS=${TF_CREDS}
export GOOGLE_PROJECT=${TF_VAR_project}
这些命令被正确执行。此时我有以下 terraform 文件:
variable "project" {}
variable "region" {}
provider "google" {
project = var.project
region = var.region
}
data "google_project" "project" {}
resource "google_project_service" "service" {
for_each = toset([
"appengine.googleapis.com",
"appengineflex.googleapis.com",
"firestore.googleapis.com"
])
service = each.key
disable_on_destroy = false
}
resource "google_app_engine_application" "app" {
project = data.google_project.project.project_id
location_id = var.region
}
当我运行 terraform 计划并应用资源时,正确创建了“服务”,但无法创建应用引擎应用程序,并且出现以下错误:
google_app_engine_application.app: Creating...
Error: Error creating App Engine application: googleapi: Error 403: The caller does not have permission, forbidden
on project.tf line 24, in resource "google_app_engine_application" "app":
24: resource "google_app_engine_application" "app" {
我创建的服务密钥似乎缺少一些权限,但我无法弄清楚是什么问题。
| 归档时间: |
|
| 查看次数: |
3105 次 |
| 最近记录: |