错误403:使用JSON key的所有者角色应用Terraform后需要的"container.clusters.create“
错误403:使用JSON key的所有者角色应用Terraform后需要的"container.clusters.create“
提问于 2020-09-29 02:27:11
我已经创建了一个service account,并添加了一个具有所有者角色的JSON密钥,然后从Chrome下载。尝试用Terraform apply创建一个Google集群,但是得到了这个错误:2020/09/26 01:46:14 [ERROR] eval: *terraform.EvalApplyPost, err: googleapi: Error 403: Required "container.clusters.create" permission(s) for "projects/gitops-webinar"., forbidden
扩展日志:https://pastebin.com/05btUi9f
Terraform main.tf文件
provider "google" {
credentials = file("~/gitops-project-290611-01b6aabd6093.json")
project = "gitops-webinar"
region = "us-central1-a"
}$ ls -la gitops-project-290611-01b6aabd6093.json
-rw-r--r--@ 1 organic staff 2346 Sep 25 14:56 gitops-project-290611-01b6aabd6093.json$ gcloud项目get-iam-policy gitops-project-290611 | pbcopy
bindings:
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
role: roles/compute.admin
- members:
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/compute.instanceAdmin
- members:
- serviceAccount:service-782490657309@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/container.admin
- members:
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
role: roles/container.clusterAdmin
- members:
- serviceAccount:service-782490657309@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/containeranalysis.ServiceAgent
- members:
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/containeranalysis.admin
- members:
- serviceAccount:service-782490657309@containerregistry.iam.gserviceaccount.com
role: roles/containerregistry.ServiceAgent
- members:
- serviceAccount:782490657309@cloudservices.gserviceaccount.com
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/editor
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/iam.serviceAccountUser
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
- deleted:serviceAccount:terraform@gitops-project-290611.iam.gserviceaccount.com?uid=115339463706838203610
- user:shuraisaeva2@gmail.com
role: roles/owner
- members:
- serviceAccount:service-782490657309@cloud-redis.iam.gserviceaccount.com
role: roles/redis.serviceAgent
- members:
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
role: roles/resourcemanager.organizationAdmin
- members:
- deleted:serviceAccount:gitops-webinar-2@gitops-project-290611.iam.gserviceaccount.com?uid=112358266788784007511
role: roles/resourcemanager.projectIamAdmin
- members:
- serviceAccount:gitops-webinar@gitops-project-290611.iam.gserviceaccount.com
role: roles/secretmanager.admin
- members:
- deleted:serviceAccount:gitops-webinar1@gitops-project-290611.iam.gserviceaccount.com?uid=113184308230946951276
role: roles/storage.admin
etag: BwWwOdndDu0=
version: 1回答 1
Stack Overflow用户
回答已采纳
发布于 2020-09-29 16:24:46
我想我找到问题所在了。您可以使用项目名称,而不是项目ID。
provider "google" {
credentials = file("~/gitops-project-290611-01b6aabd6093.json")
project = "gitops-project-290611"
region = "us-central1-a"
}您没有访问gitops-webinar project_id的权限
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/64107669
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号