我有一个将要创建的服务帐户列表,为了向它们分配角色,我使用了Google 提供的模块,我的代码如下:
module "service-accounts" {
source = "terraform-google-modules/service-accounts/google"
version = "4.1.1"
project_id = var.project
names = var.sa_list
project_roles = [
"${var.project}=>roles/appengine.appAdmin",
"${var.project}=>roles/artifactregistry.reader",
"${var.project}=>roles/cloudbuild.builds.builder",
"${var.project}=>roles/cloudsql.client",
"${var.project}=>roles/cloudsql.instanceUser"
]
display_name = "Google App Engine SA - Managed by Terraform"
}
这很好用。但我不想让project_roles中的角色明确,所以我尝试使用for_each元参数”
变量.tf:
variable "rolesList" {
type =list(string)
default = ["roles/appengine.appAdmin","roles/artifactregistry.reader", "roles/cloudbuild.builds.builder", "roles/cloudsql.client", "roles/cloudsql.instanceUser"]
}
主要.tf:
module "service-accounts" {
source = "terraform-google-modules/service-accounts/google"
version = "4.1.1"
project_id = var.project
names = var.sa_list
for_each = (toset[var.rolesList])
project_roles = …