Python 2.7 GCP部署管理器,尝试将角色分配给用户组或服务帐户时出错
我试图使用CFT模板将用户和服务帐户添加到项目中,但即使使用提供的示例也遇到了问题 以下是我试图执行的yaml:Python 2.7 GCP部署管理器,尝试将角色分配给用户组或服务帐户时出错,python-2.7,google-cloud-platform,google-iam,google-deployment-manager,Python 2.7,Google Cloud Platform,Google Iam,Google Deployment Manager,我试图使用CFT模板将用户和服务帐户添加到项目中,但即使使用提供的示例也遇到了问题 以下是我试图执行的yaml: imports: - path: ../IAMaddmembers/iam_member.py name: iam_member.py resources: - name: iam-member-test type: iam_member.py properties: p
imports:
- path: ../IAMaddmembers/iam_member.py
name: iam_member.py
resources:
- name: iam-member-test
type: iam_member.py
properties:
projectId: devopstest10
type: string
roles:
- role: roles/viewer
members:
- user: test@test.com
这在--preview模式下可以正常工作,但当我尝试执行它时,总会得到以下结果:
Waiting for create [operation-1562955409608-58d7fe9fd4e4d-acb76aee-3d39880a]...failed.
ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1562955409608-58d7fe9fd4e4d-acb76aee-3d39880a]: errors:
- code: CONDITION_NOT_MET
location: /deployments/iamtest16/resources/get-iam-policy-iam-member-test-0-0->$.properties->$.policy
message: |-
InputMapping for field [policy] for method [setIamPolicy] could not be set from input, mapping was: [$.gcpIamMemberBinding($.intent, $.inputs.policy.response, $.resource.properties)], and evaluation context was:
{
"deployment" : {
"id" : 9129742963189313662,
"name" : "iamtest16"
},
"extensions" : {
"EnableAdditionalJsonPathFunctions" : true,
"EnableGoogleTypeProviderFunctionsExperiment" : true
},
"inputs" : {
"policy" : {
"response" : {
"bindings" : [ {
"members" : [ "serviceAccount:service-973040049758@gcp-sa-binaryauthorization.iam.gserviceaccount.com" ],
"role" : "roles/binaryauthorization.serviceAgent"
}, {
"members" : [ "serviceAccount:service-973040049758@compute-system.iam.gserviceaccount.com" ],
"role" : "roles/compute.serviceAgent"
}, {
"members" : [ "serviceAccount:helm-sa@devopstest10.iam.gserviceaccount.com" ],
"role" : "roles/container.admin"
}, {
"members" : [ "serviceAccount:service-973040049758@container-engine-robot.iam.gserviceaccount.com" ],
"role" : "roles/container.serviceAgent"
}, {
"members" : [ "serviceAccount:service-973040049758@container-analysis.iam.gserviceaccount.com" ],
"role" : "roles/containeranalysis.ServiceAgent"
}, {
"members" : [ "serviceAccount:service-973040049758@gcp-sa-containerscanning.iam.gserviceaccount.com" ],
"role" : "roles/containerscanning.ServiceAgent"
}, {
"members" : [ "serviceAccount:973040049758-compute@developer.gserviceaccount.com", "serviceAccount:973040049758@cloudservices.gserviceaccount.com", "serviceAccount:service-973040049758@containerregistry.iam.gserviceaccount.com" ],
"role" : "roles/editor"
}, {
"members" : [ "serviceAccount:helm-sa@devopstest10.iam.gserviceaccount.com", "serviceAccount:spinnaker-sa@devopstest10.iam.gserviceaccount.com" ],
"role" : "roles/logging.logWriter"
}, {
"members" : [ "serviceAccount:683109009519@cloudservices.gserviceaccount.com" ],
"role" : "roles/owner"
}, {
"members" : [ "serviceAccount:service-973040049758@cloud-redis.iam.gserviceaccount.com" ],
"role" : "roles/redis.serviceAgent"
}, {
"members" : [ "serviceAccount:service-973040049758@service-networking.iam.gserviceaccount.com" ],
"role" : "roles/servicenetworking.serviceAgent"
}, {
"members" : [ "serviceAccount:spinnaker-sa@devopstest10.iam.gserviceaccount.com" ],
"role" : "roles/storage.admin"
}, {
"members" : [ "group:dataeng@b6tp.com", "serviceAccount:helm-sa@devopstest10.iam.gserviceaccount.com", "serviceAccount:spinnaker-sa@devopstest10.iam.gserviceaccount.com" ],
"role" : "roles/viewer"
}, {
"members" : [ "serviceAccount:service-973040049758@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ],
"role" : "roles/websecurityscanner.serviceAgent"
} ],
"etag" : "BwWNfjdKbuI=",
"version" : 1
}
}
},
"intent" : "CREATE",
"matches" : [ ],
"project" : "dm-creator-poc",
"requestId" : "bfc4cd4c-564b-3bb5-877d-cedee78686ea",
"resource" : {
"name" : "get-iam-policy-iam-member-test-0-0",
"previous" : { },
"properties" : {
"member" : {
"user" : "test@test.com"
},
"resource" : "devopstest10",
"role" : "roles/viewer"
},
"self" : { }
}
}
Error was:
Could not deserialize parameter for gcpIamMemberBinding at position 2, details: Cannot deserialize instance of `java.lang.String` out of START_OBJECT token
at [Source: UNKNOWN; line: -1, column: -1] (through reference chain: com.google.cloud.config.jsonpath.GcpIamMemberBindingFunction$MemberBinding["member"])
我不知道现在发生了什么事。任何帮助都将不胜感激
此行不应包含空格:
- user: test@test.com
应该看起来像
- user:test@test.com
我遇到了同样的问题,我可以确认(如您所见)电子邮件值不能有空格(在任何情况下,可以是用户邮件、组、服务帐户或域!)