Google cloud platform 错误403:必选“;container.clusters.create";Terraform应用后,所有者角色为JSON密钥
我已经创建了一个Google cloud platform 错误403:必选“;container.clusters.create";Terraform应用后,所有者角色为JSON密钥,google-cloud-platform,terraform,nodes,cluster-computing,Google Cloud Platform,Terraform,Nodes,Cluster Computing,我已经创建了一个服务帐户,并添加了一个带有所有者角色的JSON密钥,然后从Chrome下载。正在尝试使用Terraform apply创建Google群集,但出现以下错误:2020/09/26 01:46:14[error]eval:*Terraform.EvalApplyPost,err:googleapi:error 403:Required“container.clusters.create”对“projects/gitops webinar”的权限,禁止 扩展日志: 地形main.tf文
服务帐户
,并添加了一个带有所有者角色的JSON
密钥,然后从Chrome下载。正在尝试使用Terraform apply创建Google群集,但出现以下错误:2020/09/26 01:46:14[error]eval:*Terraform.EvalApplyPost,err:googleapi:error 403:Required“container.clusters.create”对“projects/gitops webinar”的权限,禁止
扩展日志:
地形main.tf
文件
provider "google" {
credentials = file("~/gitops-project-290611-01b6aabd6093.json")
project = "gitops-webinar"
region = "us-central1-a"
}
$ls-la gitops-project-290611-01b6aabd6093.json
-rw-r--r--@ 1 organic staff 2346 Sep 25 14:56 gitops-project-290611-01b6aabd6093.json
$gcloud项目获取iam策略gitops-project-290611 | pbcopy
bindings:
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
role: roles/compute.admin
- members:
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/compute.instanceAdmin
- members:
- serviceAccount:service-782490657309@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/container.admin
- members:
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
role: roles/container.clusterAdmin
- members:
- serviceAccount:service-782490657309@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/containeranalysis.ServiceAgent
- members:
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/containeranalysis.admin
- members:
- serviceAccount:service-782490657309@containerregistry.iam.gserviceaccount.com
role: roles/containerregistry.ServiceAgent
- members:
- serviceAccount:782490657309@cloudservices.gserviceaccount.com
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/editor
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/iam.serviceAccountUser
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
- deleted:serviceAccount:terraform@gitops-project-290611.iam.gserviceaccount.com?uid=115339463706838203610
- user:shuraisaeva2@gmail.com
role: roles/owner
- members:
- serviceAccount:service-782490657309@cloud-redis.iam.gserviceaccount.com
role: roles/redis.serviceAgent
- members:
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
role: roles/resourcemanager.organizationAdmin
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
role: roles/resourcemanager.projectIamAdmin
- members:
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/secretmanager.admin
- members:
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
role: roles/storage.admin
etag: BwWwOdndDu0=
version: 1
我想我找到了问题所在。您使用的是项目名称,而不是项目ID。请尝试此操作
provider "google" {
credentials = file("~/gitops-project-290611-01b6aabd6093.json")
project = "gitops-project-290611"
region = "us-central1-a"
}
您没有访问
gitops网络研讨会
project\u id我想我找到了问题所在。您使用的是项目名称,而不是项目ID。请尝试此操作
provider "google" {
credentials = file("~/gitops-project-290611-01b6aabd6093.json")
project = "gitops-project-290611"
region = "us-central1-a"
}
您无法访问
gitops网络研讨会
project_id您的JSON文件的内容是什么(没有私钥)?@guillaumeblaquiere就在这里:您的JSON文件的内容是什么(没有私钥)?@guillaumeblaquiere就在这里: