Google cloud platform 地形';条件';google_项目_iam_绑定中出错
我正在尝试创建用户并为其设置策略。 创建用户,就可以了。 问题是当我尝试设置一个条件时 Via gcloud工作正常,但使用terraform,而不是。 当我删除条件行时,工作正常,但我需要此条件 遵循gcloud命令:Google cloud platform 地形';条件';google_项目_iam_绑定中出错,google-cloud-platform,terraform,terraform-provider-gcp,Google Cloud Platform,Terraform,Terraform Provider Gcp,我正在尝试创建用户并为其设置策略。 创建用户,就可以了。 问题是当我尝试设置一个条件时 Via gcloud工作正常,但使用terraform,而不是。 当我删除条件行时,工作正常,但我需要此条件 遵循gcloud命令: cloud projects add-iam-policy-binding projeto-xyz --member='serviceAccount:client-bot@projeto-xyz.iam.gserviceaccount.com' --role='roles/st
cloud projects add-iam-policy-binding projeto-xyz --member='serviceAccount:client-bot@projeto-xyz.iam.gserviceaccount.com' --role='roles/storage.objectAdmin' --condition='expression=resource.type == "storage.googleapis.com/Bucket" && resource.name.startsWith("projects/_/buckets/bucket-clientz") ,title=bucket'
resource "google_service_account" "service_account" {
account_id = var.accountid
display_name = var.iam-display-name
provisioner "local-exec" {
command = "gcloud iam service-accounts keys create ${var.accountid}.json --iam-account ${var.accountid}@${var.project}.iam.gserviceaccount.com"
}
}
resource "google_project_iam_binding" "project" {
project = var.project
role = "roles/storage.objectAdmin"
members = [
"serviceAccount:${var.accountid}@${var.project}.iam.gserviceaccount.com",
]
condition {
title = "bucket"
description = "acessar_bucket"
expression = "resource.type == \"storage.googleapis.com/Bucket\"&& resource.name.startsWith("projects/_/buckets/${var.gcp-bucket")"
}
}
$terraform plan
on iam.tf line 18, in resource "google_project_iam_binding" "project":
18: expression = "resource.type == \"storage.googleapis.com/Bucket\"&& resource.name.startsWith("projects/_/buckets/${var.gcp-bucket")"
An argument definition must end with a newline.
Error: Invalid character
on iam.tf line 18, in resource "google_project_iam_binding" "project":
18: expression = "resource.type == \"storage.googleapis.com/Bucket\"&& resource.name.startsWith("projects/_/buckets/${var.gcp-bucket")"
谢谢您的帮助。您没有在条件中转义所有引号。当您看到错误
参数后缺少换行符时expression = "resource.type == \"storage.googleapis.com/Bucket\"&& resource.name.startsWith("projects/_/buckets/${var.gcp-bucket")"
expression = "resource.type == \"storage.googleapis.com/Bucket\" && resource.name.startsWith(\"projects/_/buckets/${var.gcp-bucket}\")"
在资源中使用google beta作为提供程序后,错误消息 关于“条件”的事已经过去了。现在,我可以创建服务帐户,并将角色与条件一起用于此帐户 约翰·汉利,谢谢你的支持 main.tf
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.5.0"
}
}
}
provider "google" {
credentials = file(var.credentials_file)
project = var.project
region = var.region
zone = var.zone
}
provider "google-beta" {
credentials = file(var.credentials_file)
project = var.project
region = var.region
zone = var.zone
resource "google_service_account" "service_account" {
provider = google-beta
account_id = var.accountid
display_name = var.iam-display-name
provisioner "local-exec" {
command = "gcloud iam service-accounts keys create ${var.accountid}.json --iam-account ${var.accountid}@${var.project}.iam.gserviceaccount.com"
}
}
resource "google_project_iam_member" "project" {
provider = google-beta
project = var.project
role = "roles/storage.objectAdmin"
member = "serviceAccount:${var.accountid}@${var.project}.iam.gserviceaccount.com"
condition {
title = "bucket"
description = "acessar_bucket"
expression = "resource.type == \"storage.googleapis.com/Bucket\" && resource.name.startsWith(\"projects/_/buckets/${var.gcp-bucket}\")"
}
}
更改后出现更多错误:错误:iam.tf行18上的无效字符,在资源“google\u project\u iam\u binding”“project”中:18:expression=“resource.type==\”storage.googleapis.com/Bucket\”&&resource.name.startsWith(\“projects/\uu/Bucket/${var.gcp-Bucket\”)“…当我删除“&&&&&…”并保留“resource.type…”其他错误:错误:iam.tf行15上的不支持的块类型,在资源“google_项目_iam_绑定”“项目”中:15:条件{类型为“条件”的块“此处不应出现语法错误。@LuciannoRamalho-我注意到您的代码中存在另一个语法错误。我已将
更新到此google_project_iam_bindinggoogle_project_iam_成员