具有“roles/container.admin”的 Google 云服务帐户
[英]Google Cloud Service Account with 'roles/container.admin'
问题描述
I am trying to create a Service Account with 'roles/container.admin' and i get an error saying that the role is not supported for this resource.
我正在尝试使用“roles/container.admin”创建一个服务帐户,但我收到一条错误消息,指出该资源不支持该角色。
$ gcloud iam service-accounts add-iam-policy-binding sa-ci-vm@PROJECT-ID.iam.gserviceaccount.com --member='serviceAccount:sa-ci-vm@PROJECT-ID.iam.gserviceaccount.com' --role='roles/container.admin'
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: Role roles/container.admin is not supported for this resource.
If I create a Service Account from the CONSOLE UI I can add this role without a problem.如果我从 CONSOLE UI 创建一个服务帐户,我可以毫无问题地添加这个角色。
2 个解决方案
解决方案1
10 2018-01-20 16:33:52
You have to use gcloud projects to add roles for a service account at a project level as shown here .你必须使用gcloud projects如图所示为一个服务帐户在项目级别添加角色这里。
This works for me:这对我有用:
gcloud projects add-iam-policy-binding PROJECT_ID \
--member serviceAccount:sa-ci-vm@PROJECT-ID.iam.gserviceaccount.com \
--role roles/container.admin
解决方案2
1 2020-07-29 04:01:19
I got the same error.我得到了同样的错误。 You have to give the absolute path to the role.你必须给出角色的绝对路径。
cloud iam service-accounts add-iam-policy-binding SERVICEACCOUNT --member= SERVICEACCOUNT_EMAIL --role=projects/ PROJECTNAME /roles/ ROLENAME云IAM服务帐户添加-IAM策略结合SERVICEACCOUNT --member = SERVICEACCOUNT_EMAIL --role =项目/ PROJECTNAME /角色/ ROLENAME
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.