我正在尝试按照这里的教程https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build。我相信我已经在这篇文章中包含了所有必要的信息,但是如果还有什么我可以添加的,请告诉我:).
(可以忽略链接的教程,问题解释为“我从具有这些权限的 main.tf 文件中收到以下错误,我该如何修复”,但教程可能提供了更多上下文)
我从
terraform-apply# terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# google_compute_network.vpc_network will be created
+ resource "google_compute_network" "vpc_network" {
+ auto_create_subnetworks = true
+ delete_default_routes_on_create = false
+ gateway_ipv4 = (known after apply)
+ id = (known after apply)
+ internal_ipv6_range = (known after apply)
+ mtu = (known after apply)
+ name = "terraform-network"
+ project = (known after apply)
+ routing_mode = (known after apply)
+ self_link = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
google_compute_network.vpc_network: Creating...
╷
│ Error: Error creating Network: googleapi: Error 403: Permission denied on resource project terraform-learning-311890>.
│ Details:
│ [
│ {
│ "@type": "type.googleapis.com/google.rpc.Help",
│ "links": [
│ {
│ "description": "Google developer console API key",
│ "url": "https://console.developers.google.com/project/terraform-learning-311890\u003e/apiui/credential"
│ }
│ ]
│ },
│ {
│ "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│ "domain": "googleapis.com",
│ "metadatas": {
│ "consumer": "projects/terraform-learning-311890\u003e",
│ "service": "compute.googleapis.com"
│ },
│ "reason": "CONSUMER_INVALID"
│ }
│ ]
│ , forbidden
│
│ with google_compute_network.vpc_network,
│ on main.tf line 30, in resource "google_compute_network" "vpc_network":
│ 30: resource "google_compute_network" "vpc_network" {
main.tf显然我的
main.tfuser@comp ~/D/p/learn-terraform-gcp [1]> terraform validate
Success! The configuration is valid.
我的
main.tf# I have changed the region and zone values from those in the tutorial to match
# the output from the following:
# gcloud config list compute/region
# gcloud config list compute/zone
# -----------------------------------------------------------------------------
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "4.51.0"
}
}
}
provider "google" {
credentials = file("./terraform-learning-311890-692452ead201.json")
project = "terraform-learning-311890>"
region = "europe-west2-c"
zone = "europe-west2-c"
}
resource "google_compute_network" "vpc_network" {
name = "terraform-network"
}
{
"type": "service_account",
"project_id": "terraform-learning-311890",
"private_key_id": " ... ",
"private_key": "-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----\n",
"client_email": "terraform-gcp-testing@terraform-learning-311890.iam.gserviceaccount.com",
"client_id": "...",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/terraform-gcp-testing%40terraform-learning-311890.iam.gserviceaccount.com"
}
分配给我正在使用的服务帐户的权限(注意
editor# gcloud projects get-iam-policy terraform-learning-311890
bindings:
- members:
- serviceAccount:terraform-gcp-testing@terraform-learning-311890.iam.gserviceaccount.com
role: roles/editor
- members:
- user:[email protected]
role: roles/owner
etag: UwX39XyPWEX=
version: 1
我看过建议的帖子unable to create gcp vpc using terraform但不觉得它和这个一样。
你刚刚保留了项目ID,最后多了一个“>”。 请更正您的项目 ID。
这就是问题所在。具有 Editor 角色的服务账户可以创建 VPC。
provider "google" {
credentials = file("./terraform-learning-311890-692452ead201.json")
project = "terraform-learning-311890"
region = "europe-west2-c"
zone = "europe-west2-c"
}