google-cloud-platform - 如何使用 Terraform 在云运行中添加 allUsers 成员
问题描述
我想使用 Terraform 自动将allUsers成员添加到具有 Cloud Run Invoker 角色的成员。google_cloud_run_service
要解决这个问题:
此服务只允许经过身份验证的调用。要允许未经身份验证的调用,请将“allUsers”添加为成员并为其分配“Cloud Run 调用者”角色。
allUsers我手动添加成员并将角色设置为 Cloud Run Invoker没有任何问题。
但我希望这可以通过 Terraform 完成。
我尝试了以下方法:
data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = [
"allUsers",
]
}
}
# Enable public access on Cloud Run service
resource "google_cloud_run_service_iam_policy" "noauth" {
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
policy_data = data.google_iam_policy.noauth.policy_data
}
allUsers但是在应用terraform planand之后似乎没有创建成员terraform apply。
更新:
主文件
terraform {
required_version = "= 0.14.7"
backend "gcs" {
bucket = "mybucket-terraform-test"
prefix = "backend"
}
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.42.0"
}
}
}
脚.tf
resource "google_service_account" "service_account" {
account_id = "project_name-cloudrun"
}
resource "google_service_account_iam_binding" "admin-account-iam" {
service_account_id = google_service_account.service_account.name
role = "roles/iam.serviceAccountUser"
members = [
"user:user@myorg.com",
]
}
resource "google_cloud_run_service" "default" {
name = "myproject-backend"
location = "us-central1"
template {
spec {
service_account_name = "myproject-cloudrun@myproject-dev.iam.gserviceaccount.com"
containers {
image = "us.gcr.io/myproject-dev/myproject/myproject-backend@sha256:abc123"
}
}
}
}
## not working as expected ##
data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = [
"allUsers",
]
}
}
resource "google_cloud_run_service_iam_policy" "noauth" {
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
policy_data = data.google_iam_policy.noauth.policy_data
}
##
解决方案
推荐阅读
- r - 将大数据框转换为 3 列
- sql - 更新后的排名
- flutter-layout - 有什么方法可以为颤振中的警报对话创建一个通用类?
- angular - Angular 7:虚拟滚动和延迟加载
- gitlab - 在 CI/CD 管道中使用 if-then else
- javascript - Styling react native picker - specifically text alignment (iOS)
- mysql - MySql 条件更新 TRIGGER 给出奇怪的语法错误
- node.js - 具有服务器功能的 WebPack 项目
- javascript - 如何在JavaScript中检测变量是否连续超过2秒
- javascript - 道具更改时反应子组件不会重新渲染