想要使用 terraform 在 GCP 中部署具有 public 可读存储对象权限的存储桶
Want to deploy a storage bucket with public readable storage object permission in GCP using terraform
我创建了一个 terraform 文件来创建具有 public 可读存储对象权限的 Google 存储桶。我能够部署存储桶,但无法针对我的模板分配正确的 ACL,我发现 ACL 部分存在一些错误。
provider "google-beta" {
project = "${var.project}"
}
resource "google_storage_default_object_access_control" "public_rule" {
bucket = "google_storage_bucket.test-${var.project}"
role = "READER"
entity = "allUsers"
}
resource "google_storage_bucket" "bucket" {
name = "test-${var.project}"
storage_class = "standard"
location = "US"
}
错误:附加
如果有人能帮我在创建存储桶时分配权限,那就太好了。
根据Terraform Official Documentation,使用函数bucket.name,它从变量name中读取桶名。您必须在 resource_storage_bucket 中提供您的项目 ID,如下所示。我试过了,它对我来说工作正常:
provider "google-beta" {
}
resource "google_storage_default_object_access_control" "public_rule" {
bucket = google_storage_bucket.bucket.name
role = "READER"
entity = "allUsers"
}
resource "google_storage_bucket" "bucket" {
name = "[THE_BUCKET_NAME]"
project = "[PROJECT_ID]"
storage_class = "standard"
location = "US"
}
其中 PROJECT_ID 是您的项目 ID,THE_BUCKET_NAME 是您要放置的存储桶名称。
以下设置解决了我的问题:
provider "google-beta" {
project = "${var.project}"
}
data "google_iam_policy" "viewer" {
binding {
role = "roles/storage.objectViewer"
members = [
"allUsers",
]
}
}
resource "google_storage_bucket_iam_policy" "editor" {
bucket = "${google_storage_bucket.bucket.name}"
policy_data = "${data.google_iam_policy.viewer.policy_data}"
}
resource "google_storage_bucket" "bucket" {
name = "${var.project}-xxxx"
storage_class = "xxxxx"
location = "xxxxxxx"
}
我创建了一个 terraform 文件来创建具有 public 可读存储对象权限的 Google 存储桶。我能够部署存储桶,但无法针对我的模板分配正确的 ACL,我发现 ACL 部分存在一些错误。
provider "google-beta" {
project = "${var.project}"
}
resource "google_storage_default_object_access_control" "public_rule" {
bucket = "google_storage_bucket.test-${var.project}"
role = "READER"
entity = "allUsers"
}
resource "google_storage_bucket" "bucket" {
name = "test-${var.project}"
storage_class = "standard"
location = "US"
}
错误:附加
如果有人能帮我在创建存储桶时分配权限,那就太好了。
根据Terraform Official Documentation,使用函数bucket.name,它从变量name中读取桶名。您必须在 resource_storage_bucket 中提供您的项目 ID,如下所示。我试过了,它对我来说工作正常:
provider "google-beta" {
}
resource "google_storage_default_object_access_control" "public_rule" {
bucket = google_storage_bucket.bucket.name
role = "READER"
entity = "allUsers"
}
resource "google_storage_bucket" "bucket" {
name = "[THE_BUCKET_NAME]"
project = "[PROJECT_ID]"
storage_class = "standard"
location = "US"
}
其中 PROJECT_ID 是您的项目 ID,THE_BUCKET_NAME 是您要放置的存储桶名称。
以下设置解决了我的问题:
provider "google-beta" {
project = "${var.project}"
}
data "google_iam_policy" "viewer" {
binding {
role = "roles/storage.objectViewer"
members = [
"allUsers",
]
}
}
resource "google_storage_bucket_iam_policy" "editor" {
bucket = "${google_storage_bucket.bucket.name}"
policy_data = "${data.google_iam_policy.viewer.policy_data}"
}
resource "google_storage_bucket" "bucket" {
name = "${var.project}-xxxx"
storage_class = "xxxxx"
location = "xxxxxxx"
}