我想使用部署管理器以编程方式创建云存储桶,但部署失败并出现以下错误:
ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1626165906845-5c6fd413930ca-1a833b6c-81671664]: errors:
- code: RESOURCE_ERROR
location: /deployments/example-config/resources/storage-bucket
message: '{"ResourceType":"storage.v1.bucket","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"errors":[{"domain":"global","message":"[email protected]
does not have storage.buckets.get access to the Google Cloud Storage bucket.","reason":"forbidden"}],"message":"[email protected]
does not have storage.buckets.get access to the Google Cloud Storage bucket.","statusMessage":"Forbidden","requestPath":"https://storage.googleapis.com/storage/v1/b/storage-bucket","httpMethod":"GET","suggestion":"Consider
granting permissions to [email protected]"}}'
但是,我已添加roles/storage-admin
到错误中提到的帐户,并根据策略疑难解答授予storage.buckets.get
API 调用访问权限:
这是yaml
我使用的文件:
imports:
- path: template.jinja
resources:
- name: template
type: template.jinja
properties:
storage:
bucket: qa-bucket-68586
这是jinja
模板:
resources:
- name: storage-bucket
type: storage.v1.bucket
properties:
kind: storage#bucket
name: {{ properties["storage"]["bucket"] }}
location: EU
projectNumber: {{ env["project_number"] }}
storageClass: STANDARD
根据您的问题,我尝试重现您的问题但失败了 - 这意味着我可以使用 DM 创建存储桶。
我使用了更简单的方法:
我没有使用任何变量来传递项目名称,所以它可能有效。
结果是:
我可以从控制台 UI 中查看和访问它。
尝试在文件中“硬编码”您的项目名称
jinja
或使用我的开始,这应该可以。