使用Terraform 0.12.24
我创建了多个服务帐户,并希望将每个拥有所有者权限的服务帐户分配给存储桶列表,并遇到许多问题
# Service-accounts created with random-integer suffix
resource "google_service_account" "sample_accounts" {
for_each = {for proj in var.target_projects: proj => proj}
account_id = "cost-saver-${random_integer.sa_id[each.key].result}"
project = var.project
display_name = "service account for ${each.key}"
}
resource "google_storage_bucket_iam_member" "shared_buckets_iam" {
for_each = {for svc in google_service_account.sample_accounts: svc.email => svc.email}
bucket = "${var.shared_project}-shared-files"
role = "roles/storage.legacyBucketOwner"
member = "serviceAccount:${each.value}"
depends_on = [google_service_account.sample_accounts]
}
由于服务帐户是动态创建的,并且我想在同一地形应用运行中使用它们,所以我遇到了这个问题
Error: Invalid for_each argument
on main.tf line 138, in resource "google_storage_bucket_iam_member" "shared_buckets_iam":
138: for_each = {for svc in google_service_account.sample_accounts: svc.email => svc.email}
The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.
请给我一些帮助吗?