我创建了一个terraform文件,以创建具有公共可读存储对象权限的Google存储桶。我能够部署存储桶,但无法为模板分配正确的ACL,但我发现ACL部件有一些错误。
provider "google-beta" {
project = "${var.project}"
}
resource "google_storage_default_object_access_control" "public_rule" {
bucket = "google_storage_bucket.test-${var.project}"
role = "READER"
entity = "allUsers"
}
resource "google_storage_bucket" "bucket" {
name = "test-${var.project}"
storage_class = "standard"
location = "US"
}
如果在创建存储桶时有人可以帮助我分配权限,那将非常有用。
根据Terraform Official Documentation,使用功能“ bucket.name”,它从变量“名称”中读取存储桶名称。另外,您还必须在resource_storage_bucket中提供您的项目ID,如下所示。我尝试了一下,对我来说它正常工作:
provider "google-beta" {
}
resource "google_storage_default_object_access_control" "public_rule" {
bucket = google_storage_bucket.bucket.name
role = "READER"
entity = "allUsers"
}
resource "google_storage_bucket" "bucket" {
name = "[THE_BUCKET_NAME]"
project = "[PROJECT_ID]"
storage_class = "standard"
location = "US"
其中PROJECT_ID是您的项目ID,THE_BUCKET_NAME是您要添加的存储桶名称。