Ani*_*ket 3 google-cloud-platform terraform google-iam terraform-provider-gcp
想要通过 terraform 将多个 IAM 角色分配给单个服务帐户。准备了一个 tf 文件来执行此操作,但发现一些错误,如果我使用单个角色,那么它可以成功分配,但是当我尝试多个 IAM 角色时,它给出了一些错误。
data "google_iam_policy" "auth1" {
binding {
role = "roles/cloudsql.admin"
members = [
"serviceAccount:${google_service_account.service_account_1.email}",
]
role = "roles/secretmanager.secretAccessor"
members = [
"serviceAccount:${google_service_account.service_account_1.email}",
]
role = "roles/datastore.owner"
members = [
"serviceAccount:${google_service_account.service_account_1.email}",
]
role = "roles/storage.admin"
members = [
"serviceAccount:${google_service_account.service_account_1.email}",
]
}
}
您能帮我解决一下,如何针对单个服务帐户分配多个角色。
int*_*cho 59
我做了这样的事情
resource "google_project_iam_member" "member-role" {
for_each = toset([
"roles/cloudsql.admin",
"roles/secretmanager.secretAccessor",
"roles/datastore.owner",
"roles/storage.admin",
])
role = each.key
member = "serviceAccount:${google_service_account.service_account_1.email}"
project = my_project_id
}
注意您正在使用哪些资源。
google_project_iam_policy- 这是权威的- 它将取代 Terraform 代码中的其他策略。每个工作区目录仅使用一次。
google_project_iam_binding- 这是权威的- 它将覆盖 Terraform 代码中其他位置角色的其他绑定。每个工作区目录仅使用一次。
google_project_iam_member- 这是非权威的- 您可以在同一工作区目录中多次使用它 - 如果多次使用它可以更好地组织您的代码。
阅读此处:https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam
根据文档
每个文档配置必须有一个或多个绑定块,每个绑定块都接受以下参数: ....
你必须重复绑定,像这样
data "google_iam_policy" "auth1" {
binding {
role = "roles/cloudsql.admin"
members = [
"serviceAccount:${google_service_account.service_account_1.email}",
]
}
binding {
role = "roles/secretmanager.secretAccessor"
members = [
"serviceAccount:${google_service_account.service_account_1.email}",
]
}
binding {
role = "roles/datastore.owner"
members = [
"serviceAccount:${google_service_account.service_account_1.email}",
]
}
binding {
role = "roles/storage.admin"
members = [
"serviceAccount:${google_service_account.service_account_1.email}",
]
}
}
使用 gcloud 命令也是如此,您一次只能在电子邮件列表中添加 1 个角色。
| 归档时间: |
|
| 查看次数: |
2908 次 |
| 最近记录: |