如何使用Terraform将自定义GCP角色附加到GCP服务帐户 [英] How to Attach Custom GCP Role to a GCP Service Account Using Terraform
本文介绍了如何使用Terraform将自定义GCP角色附加到GCP服务帐户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经使用Terraform在GCP中创建了服务帐户和自定义角色.如何将此自定义角色附加到服务帐户?我可以使用GCP控制台执行此操作,但这不是必需的操作,因为我必须使用Terraform进行操作.请在下面找到我用来创建服务帐户和自定义规则的代码段.
I have created a service account and a custom role in GCP using Terraform. How do I attach this custom role to the service account? I could do this using GCP Console but that is not the need here as I have to do it using Terraform. Please find below the code snippets that I have used to create the service account and the custom rule.
resource "google_service_account" "mservice_infra_service_account" {
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
}
resource "google_project_iam_custom_role" "mservice_infra_admin" {
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
}
如果有人可以找到基于Terraform的解决方案来解决此问题,我们将不胜感激.谢谢
If someone can find a Terraform based solution to solve this problem, it is highly appreciated. Thanks
推荐答案
使用资源因此,完整代码如下:
data "google_project" "project" {}
resource "google_service_account" "mservice_infra_service_account" {
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
}
resource "google_project_iam_custom_role" "mservice_infra_admin" {
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
}
resource "google_project_iam_binding" "mservice_infra_binding" {
role = "projects/${data.google_project.project.project_id}/roles/${google_project_iam_custom_role.mservice_infra_admin.role_id}"
members = [
"serviceAccount:${google_service_account.mservice_infra_service_account.email}",
]
}
这篇关于如何使用Terraform将自定义GCP角色附加到GCP服务帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
