googleapi 服务网络上的 terraform 后端 500 错误

terraform backend 500 error on googleapi servicenetworking

前几天我在我们的 Terraform 环境中修改一些 IAM 策略时犯了一个愚蠢的错误,我在我想添加策略的地方应用了一个更改,但实际上它把它作为唯一存在的策略所以被消灭了运行 GKE 等服务帐户的一些重要 IAM 政策。至少可以说这不是我最好的一天(吸取教训!)。

现在一切都已手动恢复正常,因为服务帐户权限从未通过 TF 设置过 - 它们是在 GCP 上启用 API 时应用的那种权限,因此由他们在背景。我们的 GKE 集群现在可以再次管理并可以自动缩放等。

但是,现在当我 运行 我们的 terraform 计划时,我在资源上收到 500 错误,这以前从来没有问题(已编辑的敏感信息):

2021-09-09T18:47:50.794Z [INFO]  provider.terraform-provider-google-beta_v3.60.0_x5: 2021/09/09 18:47:50 [DEBUG] Retry Transport: Finished waiting 4s before next retry: timestamp=2021-09-09T18:47:50.794Z
2021-09-09T18:47:50.794Z [INFO]  provider.terraform-provider-google-beta_v3.60.0_x5: 2021/09/09 18:47:50 [DEBUG] Retry Transport: request attempt 5: timestamp=2021-09-09T18:47:50.794Z
2021-09-09T18:47:50.794Z [INFO]  provider.terraform-provider-google-beta_v3.60.0_x5: 2021/09/09 18:47:50 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /v1/services/servicenetworking.googleapis.com/connections?alt=json&network=projects%2F411211291013%2Fglobal%2Fnetworks%2F**********&prettyPrint=false HTTP/1.1
Host: servicenetworking.googleapis.com
User-Agent: google-api-go-client/0.5 Terraform/1.0.6 (+https://www.terraform.io) Terraform-Plugin-SDK/2.4.4 terraform-provider-google-beta/dev
X-Goog-Api-Client: gl-go/1.14.5 gdcl/20210211
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-09-09T18:47:50.794Z
2021-09-09T18:47:51.601Z [INFO]  provider.terraform-provider-google-beta_v3.60.0_x5: 2021/09/09 18:47:51 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 500 Internal Server Error
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Thu, 09 Sep 2021 18:47:51 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "error": {
    "code": 500,
    "message": "An internal exception occurred.,
    "errors": [
      {
        "message": "An internal exception occurred.\nHelp Token: Ae-hA1PlQyCLBCgXD3Lle******************************************vhHU8zy1z9h",
        "domain": "global",
        "reason": "backendError"
      }
    ],
    "status": "INTERNAL"
  }
}

│ Error: googleapi: Error 500: An internal exception occurred.
│ Help Token: Ae-hA1ONdq************************************m0k, backendError
│ 
│   with google_service_networking_connection.private_vpc_connection,
│   on vpc.tf line 81, in resource "google_service_networking_connection" "private_vpc_connection":
│   81: resource "google_service_networking_connection" "private_vpc_connection"

有没有人遇到过类似的情况?到目前为止我尝试过的事情:

更新:这是由于缺少对网络服务 API 的许可。创建的默认服务帐户在擦除后需要再次获得 roles/servicenetworking.serviceAgent 权限。

更多详情here