[英]Unable to run GCP terraform commands from GitHub Actions
我按照官方教程使用 Workload Identity Federation 為我的 Github Actions 管道設置了無密鑰身份驗證
從我的管道運行 terraform init 命令時,出現以下錯誤:
│ Error: Failed to get existing workspaces: querying Cloud Storage failed: Get "https://storage.googleapis.com/storage/v1/b/lws-dev-common-bucket/o?alt=json&delimiter=%2F&pageToken=&prefix=global%2Fnetworking.state%2F&prettyPrint=false&projection=full&versions=false": oauth2/google: status code 403: {
│ "error": {
│ "code": 403,
│ "message": "Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).",
│ "status": "PERMISSION_DENIED",
│ "details": [
│ {
│ "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│ "reason": "IAM_PERMISSION_DENIED",
│ "domain": "iam.googleapis.com",
│ "metadata": {
│ "permission": "iam.serviceAccounts.getAccessToken"
│ }
│ }
│ ]
│ }
│ }
我已確保我使用的服務帳戶具有適當的權限,包括:
下面是我的管道代碼片段:
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v0.4.0'
with:
workload_identity_provider: 'projects/385050593732/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'lws-d-iac-sa@lefewaresolutions-poc.iam.gserviceaccount.com'
- name: Terraform Init
working-directory: ./Terraform/QuickStartDeployments/EKSCluster
run: terraform init
和我的 terraform 代碼:
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.89.0"
}
}
backend "gcs" {
bucket = "lws-dev-common-bucket"
prefix = "global/networking.state"
}
required_version = ">= 0.14.9"
}
provider "google" {
project = var.project_id
region = var.region
}
module "vpc" {
source = "../../Modules/VPC"
project_id = var.project_id
region = "us-west1"
vpc_name = var.vpc_name
}
我遇到了同樣的問題,並且能夠通過在項目 IAM 頁面中手動授予服務帳戶Service Account Token Creator角色來解決它
如果您的服務賬戶無權訪問存儲 terraform state 文件的存儲桶,或者如果您的服務賬戶沒有正確設置Workload Identity User角色,也會發生這種情況。
如何在多目錄存儲庫中使用 gcp 和 github 操作設置 terraform cicd
[英]How to setup terraform cicd with gcp and github actions in a multidirectory repository
Github 操作恢復/銷毀 terraform Terraform 計划創建的 AWS 基礎設施
[英]Github Actions revert/destroy terraform AWS infrastructure created by Terraform Plan
無法通過 Terraform 使用 GCP Cloud Build 對 GitHub 存儲庫進行身份驗證
[英]Cannot authenticate GitHub repository with GCP Cloud Build via Terraform
如何從 gitlab/github 上的 gitlab-ci CI/CD 運行 curl 命令?
[英]How to run curl commands from gitlab-ci CI/CD on gitlab/github?
GCP 工作負載身份聯合-Github 提供程序-“無法獲取模擬憑據”
[英]GCP workload identity federation - Github provider - 'Unable to acquire impersonated credentials'
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.