Fatal编程技术网
  • google-cloud-platform/
  • Google cloud platform 尝试在部署管理器中创建serviceaccount密钥时出错

Google cloud platform 尝试在部署管理器中创建serviceaccount密钥时出错

google-cloud-platform

Google cloud platform 尝试在部署管理器中创建serviceaccount密钥时出错,google-cloud-platform,service-accounts,google-deployment-manager,Google Cloud Platform,Service Accounts,Google Deployment Manager,错误如下: ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation [operation-1544517871651-57cbb1716c8b8-4fa66ff2-9980028f]: errors: - code: MISSING_REQUIRED_FIELD location: /deployments/infrastructure/resources/projects/resources-prac

错误如下:

ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation [operation-1544517871651-57cbb1716c8b8-4fa66ff2-9980028f]: errors:
- code: MISSING_REQUIRED_FIELD
  location: /deployments/infrastructure/resources/projects/resources-practice/serviceAccounts/storage-buckets-backend/keys/json->$.properties->$.parent
  message: |-
    Missing required field 'parent' with schema:
    {
      "type" : "string"
    }

resource:
- name: {{ name }}-keys
    type: iam.v1.serviceAccounts.key
    properties:
      name: projects/{{ properties["projectID"] }}/serviceAccounts/{{ serviceAccount["name"] }}/keys/json
      privateKeyType: enum(TYPE_GOOGLE_CREDENTIALS_FILE)
      keyAlgorithm: enum(KEY_ALG_RSA_2048)
下面是我的jinja模板内容:

ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation [operation-1544517871651-57cbb1716c8b8-4fa66ff2-9980028f]: errors:
- code: MISSING_REQUIRED_FIELD
  location: /deployments/infrastructure/resources/projects/resources-practice/serviceAccounts/storage-buckets-backend/keys/json->$.properties->$.parent
  message: |-
    Missing required field 'parent' with schema:
    {
      "type" : "string"
    }

resource:
- name: {{ name }}-keys
    type: iam.v1.serviceAccounts.key
    properties:
      name: projects/{{ properties["projectID"] }}/serviceAccounts/{{ serviceAccount["name"] }}/keys/json
      privateKeyType: enum(TYPE_GOOGLE_CREDENTIALS_FILE)
      keyAlgorithm: enum(KEY_ALG_RSA_2048)
p.S。
我对物业的参考基于

为了社区的利益,我将发布@John的回复

缺少父项,需要现有的:

其中,帐户值可以是电子邮件或服务帐户的唯一ID

关于模板,请删除包装privateKeyType和keyAlgoritm的枚举

上述部署为现有服务帐户创建服务帐户凭据,为了检索此可下载的json密钥文件,可以使用publicKeyData属性将其公开,然后对其进行Base64解码。

I只能对部分解决方案提供帮助。1) 你失去了父母。这需要是一个现有的服务帐户:
parent:projects/development-123456/serviceAccounts/mysa@development-123456.iam.gserviceaccount.com
2)删除包装privateKeyType和keyAlgoritm的枚举。@JohnHanley,你能给我举一个1.)的例子吗?你是说一个现有服务帐户的例子吗?你正在尝试的部署为你的项目中的现有服务帐户创建服务帐户凭据。问题是,我不知道如何告诉部署管理器将返回的凭据保存到文件中。Dany,您能否修改您的答案以包含最终解决方案。这将有助于其他人更清楚地了解解决方案。但是为什么文档中没有
父项
?实际上,我找不到任何使用Deployment Manager创建服务帐户的文档或任何示例。这就是为什么我做了一些研究来帮助你,因为我也想知道。我只能找到RESTAPI,它不能很好地转换为部署管理器YAML。RESTAPI不是Deployment Manager的参考(在许多情况下,它们的元素非常不同)。