Python 2.7 GCP部署管理器，尝试将角色分配给用户组或服务帐户时出错_Python 2.7_Google Cloud Platform_Google Iam_Google Deployment Manager

Python 2.7 GCP部署管理器，尝试将角色分配给用户组或服务帐户时出错

python-2.7 google-cloud-platform

Python 2.7 GCP部署管理器，尝试将角色分配给用户组或服务帐户时出错,python-2.7,google-cloud-platform,google-iam,google-deployment-manager,Python 2.7,Google Cloud Platform,Google Iam,Google Deployment Manager,我试图使用CFT模板将用户和服务帐户添加到项目中，但即使使用提供的示例也遇到了问题以下是我试图执行的yaml： imports: - path: ../IAMaddmembers/iam_member.py name: iam_member.py resources: - name: iam-member-test type: iam_member.py properties: p

我试图使用CFT模板将用户和服务帐户添加到项目中，但即使使用提供的示例也遇到了问题以下是我试图执行的yaml：

    imports:
        - path: ../IAMaddmembers/iam_member.py
        name: iam_member.py

    resources:
      - name: iam-member-test
        type: iam_member.py
        properties:
          projectId: devopstest10
          type: string
          roles:
            - role: roles/viewer
              members:
                - user: test@test.com

这在--preview模式下可以正常工作，但当我尝试执行它时，总会得到以下结果：

Waiting for create [operation-1562955409608-58d7fe9fd4e4d-acb76aee-3d39880a]...failed.                                                                               
ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1562955409608-58d7fe9fd4e4d-acb76aee-3d39880a]: errors:
- code: CONDITION_NOT_MET
  location: /deployments/iamtest16/resources/get-iam-policy-iam-member-test-0-0->$.properties->$.policy
  message: |-
    InputMapping for field [policy] for method [setIamPolicy] could not be set from input, mapping was: [$.gcpIamMemberBinding($.intent, $.inputs.policy.response, $.resource.properties)], and evaluation context was:
    {
      "deployment" : {
        "id" : 9129742963189313662,
        "name" : "iamtest16"
      },
      "extensions" : {
        "EnableAdditionalJsonPathFunctions" : true,
        "EnableGoogleTypeProviderFunctionsExperiment" : true
      },
      "inputs" : {
        "policy" : {
          "response" : {
            "bindings" : [ {
              "members" : [ "serviceAccount:service-973040049758@gcp-sa-binaryauthorization.iam.gserviceaccount.com" ],
              "role" : "roles/binaryauthorization.serviceAgent"
            }, {
              "members" : [ "serviceAccount:service-973040049758@compute-system.iam.gserviceaccount.com" ],
              "role" : "roles/compute.serviceAgent"
            }, {
              "members" : [ "serviceAccount:helm-sa@devopstest10.iam.gserviceaccount.com" ],
              "role" : "roles/container.admin"
            }, {
              "members" : [ "serviceAccount:service-973040049758@container-engine-robot.iam.gserviceaccount.com" ],
              "role" : "roles/container.serviceAgent"
            }, {
              "members" : [ "serviceAccount:service-973040049758@container-analysis.iam.gserviceaccount.com" ],
              "role" : "roles/containeranalysis.ServiceAgent"
            }, {
              "members" : [ "serviceAccount:service-973040049758@gcp-sa-containerscanning.iam.gserviceaccount.com" ],
              "role" : "roles/containerscanning.ServiceAgent"
            }, {
              "members" : [ "serviceAccount:973040049758-compute@developer.gserviceaccount.com", "serviceAccount:973040049758@cloudservices.gserviceaccount.com", "serviceAccount:service-973040049758@containerregistry.iam.gserviceaccount.com" ],
              "role" : "roles/editor"
            }, {
              "members" : [ "serviceAccount:helm-sa@devopstest10.iam.gserviceaccount.com", "serviceAccount:spinnaker-sa@devopstest10.iam.gserviceaccount.com" ],
              "role" : "roles/logging.logWriter"
            }, {
              "members" : [ "serviceAccount:683109009519@cloudservices.gserviceaccount.com" ],
              "role" : "roles/owner"
            }, {
              "members" : [ "serviceAccount:service-973040049758@cloud-redis.iam.gserviceaccount.com" ],
              "role" : "roles/redis.serviceAgent"
            }, {
              "members" : [ "serviceAccount:service-973040049758@service-networking.iam.gserviceaccount.com" ],
              "role" : "roles/servicenetworking.serviceAgent"
            }, {
              "members" : [ "serviceAccount:spinnaker-sa@devopstest10.iam.gserviceaccount.com" ],
              "role" : "roles/storage.admin"
            }, {
              "members" : [ "group:dataeng@b6tp.com", "serviceAccount:helm-sa@devopstest10.iam.gserviceaccount.com", "serviceAccount:spinnaker-sa@devopstest10.iam.gserviceaccount.com" ],
              "role" : "roles/viewer"
            }, {
              "members" : [ "serviceAccount:service-973040049758@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ],
              "role" : "roles/websecurityscanner.serviceAgent"
            } ],
            "etag" : "BwWNfjdKbuI=",
            "version" : 1
          }
        }
      },
      "intent" : "CREATE",
      "matches" : [ ],
      "project" : "dm-creator-poc",
      "requestId" : "bfc4cd4c-564b-3bb5-877d-cedee78686ea",
      "resource" : {
        "name" : "get-iam-policy-iam-member-test-0-0",
        "previous" : { },
        "properties" : {
          "member" : {
            "user" : "test@test.com"
          },
          "resource" : "devopstest10",
          "role" : "roles/viewer"
        },
        "self" : { }
      }
    }
    Error was:
    Could not deserialize parameter for gcpIamMemberBinding at position 2, details: Cannot deserialize instance of `java.lang.String` out of START_OBJECT token
     at [Source: UNKNOWN; line: -1, column: -1] (through reference chain: com.google.cloud.config.jsonpath.GcpIamMemberBindingFunction$MemberBinding["member"])

我不知道现在发生了什么事。任何帮助都将不胜感激此行不应包含空格：

- user: test@test.com

应该看起来像

- user:test@test.com

我遇到了同样的问题，我可以确认（如您所见）电子邮件值不能有空格（在任何情况下，可以是用户邮件、组、服务帐户或域！）