gcloud iam service-accounts add-iam-policy-binding ... NOT_FOUND:未知服务帐户
gcloud iam service-accounts add-iam-policy-binding ... NOT_FOUND: Unknown service account
我正在创建一个新的服务帐户并尝试为其分配一个角色。分配部分找不到我刚创建的帐户。
为什么?
*[master][~]$ gcloud iam service-accounts add-iam-policy-binding some-project --member="serviceAccount:some-name@some-project.iam.gserviceaccount.com" --role="roles/secretmanager.secretAccessor"
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) NOT_FOUND: Unknown service account
*[master][~]$ gcloud iam service-accounts add-iam-policy-binding some-project --member="some-name@some-project.iam.gserviceaccount.com" --role="roles/secretmanager.secretAccessor"
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) NOT_FOUND: Unknown service account
*[master][~]$ gcloud iam service-accounts list
DISPLAY NAME EMAIL DISABLED
Compute Engine default service account 01234567890-compute@developer.gserviceaccount.com False
App Engine default service account some-project@appspot.gserviceaccount.com False
Some Name some-name@some-project.iam.gserviceaccount.com False
有趣的是,新帐户也没有出现在门户的 IAM 和管理 > 服务帐户 中。当我从 CLI 列出它们时,它仍然显示。噗噗...
我想你想要 gcloud projects 而不是 gcloud iam service-accounts
gcloud projects add-iam-policy-binding some-project \
--member=serviceAccount:some-name@some-project.iam.gserviceaccount.com \
--role=roles/secretmanager.secretAccessor
我有一个片段(来自记忆):
PROJECT="some-project"
ACCOUNT="some-name"
EMAIL="${ACCOUNT}@${PROJECT}.iam.gserviceaccount.com"
ROLES=(
"secretmanager.secretAccessor"
)
gcloud iam service-accounts create ${ACCOUNT} \
--project=${PROJECT}
# Use sparingly
gcloud iam service-accounts keys create ${PWD}/${ACCOUNT}.json \
--project=${PROJECT}
for ROLE in ${ROLES[@]}
do
gcloud projects add-iam-policy-binding ${PROJECT} \
--member=serviceAccount:${EMAIL} \
--role=roles/${ROLE}
done
我正在创建一个新的服务帐户并尝试为其分配一个角色。分配部分找不到我刚创建的帐户。
为什么?
*[master][~]$ gcloud iam service-accounts add-iam-policy-binding some-project --member="serviceAccount:some-name@some-project.iam.gserviceaccount.com" --role="roles/secretmanager.secretAccessor"
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) NOT_FOUND: Unknown service account
*[master][~]$ gcloud iam service-accounts add-iam-policy-binding some-project --member="some-name@some-project.iam.gserviceaccount.com" --role="roles/secretmanager.secretAccessor"
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) NOT_FOUND: Unknown service account
*[master][~]$ gcloud iam service-accounts list
DISPLAY NAME EMAIL DISABLED
Compute Engine default service account 01234567890-compute@developer.gserviceaccount.com False
App Engine default service account some-project@appspot.gserviceaccount.com False
Some Name some-name@some-project.iam.gserviceaccount.com False
有趣的是,新帐户也没有出现在门户的 IAM 和管理 > 服务帐户 中。当我从 CLI 列出它们时,它仍然显示。噗噗...
我想你想要 gcloud projects 而不是 gcloud iam service-accounts
gcloud projects add-iam-policy-binding some-project \
--member=serviceAccount:some-name@some-project.iam.gserviceaccount.com \
--role=roles/secretmanager.secretAccessor
我有一个片段(来自记忆):
PROJECT="some-project"
ACCOUNT="some-name"
EMAIL="${ACCOUNT}@${PROJECT}.iam.gserviceaccount.com"
ROLES=(
"secretmanager.secretAccessor"
)
gcloud iam service-accounts create ${ACCOUNT} \
--project=${PROJECT}
# Use sparingly
gcloud iam service-accounts keys create ${PWD}/${ACCOUNT}.json \
--project=${PROJECT}
for ROLE in ${ROLES[@]}
do
gcloud projects add-iam-policy-binding ${PROJECT} \
--member=serviceAccount:${EMAIL} \
--role=roles/${ROLE}
done