如何使用 Terraform 將自定義 GCP 角色附加到 GCP 服務帳戶
[英]How to Attach Custom GCP Role to a GCP Service Account Using Terraform
問題描述
我使用 Terraform 在 GCP 中創建了一個服務帳戶和一個自定義角色。 如何將此自定義角色附加到服務帳戶? 我可以使用 GCP Console 來做到這一點,但這不是這里的需要,因為我必須使用 Terraform 來做到這一點。 請在下面找到我用於創建服務帳戶和自定義規則的代碼片段。
resource "google_service_account" "mservice_infra_service_account" {
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
}
resource "google_project_iam_custom_role" "mservice_infra_admin" {
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
}
如果有人能找到基於 Terraform 的解決方案來解決此問題,將不勝感激。 謝謝
1 個解決方案
解決方案1
8 已采納 2019-03-29 00:05:25
使用資源google_project_iam_binding
所以完整的代碼如下:
data "google_project" "project" {}
resource "google_service_account" "mservice_infra_service_account" {
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
}
resource "google_project_iam_custom_role" "mservice_infra_admin" {
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
}
resource "google_project_iam_binding" "mservice_infra_binding" {
role = "projects/${data.google_project.project.project_id}/roles/${google_project_iam_custom_role.mservice_infra_admin.role_id}"
members = [
"serviceAccount:${google_service_account.mservice_infra_service_account.email}",
]
}
如何使用 terraform 中的角色正確創建 gcp 服務帳戶
[英]How to properly create gcp service-account with roles in terraform
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.