terraform/gcp - 如何使用 TF 启用 iam.googleapis.com

mon*_*mon 5 terraform terraform-provider-gcp

请帮助了解如何使用 Terraform 启用 GCP IAM API。

\n

环境

\n
$ terraform --version\nTerraform v1.0.4\non linux_amd64\n+ provider registry.terraform.io/hashicorp/google v4.6.0\n+ provider registry.terraform.io/hashicorp/time v0.7.2\n
Run Code Online (Sandbox Code Playgroud)\n

资源

\n
resource "google_project_service" "iam" {\n  project = data.google_project.project.project_id\n  service = "iam.googleapis.com"\n  timeouts {\n    create = "20m"\n    update = "20m"\n  }\n  disable_dependent_services = false\n  disable_on_destroy         = false\n}\n
Run Code Online (Sandbox Code Playgroud)\n

错误

\n

运行terraform apply但它不断重复错误消息。

\n
Error: Error creating service account: googleapi: Error 403: Identity and Access Management (IAM) API has not been used in project 450605631931 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=450605631931 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.\n\xe2\x94\x82 Details:\n\xe2\x94\x82 [\n\xe2\x94\x82   {\n\xe2\x94\x82     "@type": "type.googleapis.com/google.rpc.Help",\n\xe2\x94\x82     "links": [\n\xe2\x94\x82       {\n\xe2\x94\x82         "description": "Google developers console API activation",\n\xe2\x94\x82         "url": "https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=450605631931"\n\xe2\x94\x82       }\n\xe2\x94\x82     ]\n\xe2\x94\x82   },\n\xe2\x94\x82   {\n\xe2\x94\x82     "@type": "type.googleapis.com/google.rpc.ErrorInfo",\n\xe2\x94\x82     "domain": "googleapis.com",\n\xe2\x94\x82     "metadata": {\n\xe2\x94\x82       "consumer": "projects/450605631931",\n\xe2\x94\x82       "service": "iam.googleapis.com"\n\xe2\x94\x82     },\n\xe2\x94\x82     "reason": "SERVICE_DISABLED"\n\xe2\x94\x82   }\n\xe2\x94\x82 ]\n\xe2\x94\x82 , accessNotConfigured\n\xe2\x94\x82 \n\xe2\x94\x82   with google_service_account.gke,\n\xe2\x94\x82   on sa.tf line 14, in resource "google_service_account" "gke":\n\xe2\x94\x82   14: resource "google_service_account" "gke" {\n
Run Code Online (Sandbox Code Playgroud)\n

GCP 控制台表示它已启用。

\n

在此输入图像描述

\n

V_i*_*_er 0

鉴于这一行抛出错误:

\n
on sa.tf line 14, in resource "google_service_account" "gke":\n\xe2\x94\x82   14: resource "google_service_account" "gke" {\n
Run Code Online (Sandbox Code Playgroud)\n

需要更新google_service_account资源块以等待API激活资源块:

\n
resource "google_service_account" "gke" {\n depends_on = [google_project_service.iam]\n ...\n}\n
Run Code Online (Sandbox Code Playgroud)\n