在terraform配置中多次尝试将有效的iam策略定义(包括roles/owner绑定)包括在内之后,我在documentation for projects.setIamPolicy方法中遇到了以下信息:
要添加为所有者,必须通过Cloud Platform邀请用户 控制台,并且必须接受邀请。
这是否也适用于Terraforma及其google_project_iam_policy资源?如果是这样,我认为这将使该资源无法使用,因为:
roles/owner绑定,那么您将失败roles/owner绑定,则在terraform apply(即锁定情况)下,所有者将从您的项目中永久删除我的最新测试是使用google_project_iam_member资源完成的:
resource "google_project_iam_member" "project_owner" {
count = "${length(var.owners)}"
project = "${var.project_id}"
role = "roles/owner"
member = "${element(var.owners, count.index)}"
}
导致:
* google_project_iam_binding.project_owner: Error applying IAM policy for project "<project_name>": Error setting IAM policy for project "<project_name>": googleapi: Error 400: Request contains an invalid argument., badRequest