我想使用部署管理器以编程方式创建云存储桶,但部署失败并出现以下错误:
ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1626165906845-5c6fd413930ca-1a833b6c-81671664]: errors:
- code: RESOURCE_ERROR
location: /deployments/example-config/resources/storage-bucket
message: '{"ResourceType":"storage.v1.bucket","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"errors":[{"domain":"global","message":"[email protected]
does not have storage.buckets.get access to the Google Cloud Storage bucket.","reason":"forbidden"}],"message":"[email protected]
does not have storage.buckets.get access to the Google Cloud Storage bucket.","statusMessage":"Forbidden","requestPath":"https://storage.googleapis.com/storage/v1/b/storage-bucket","httpMethod":"GET","suggestion":"Consider
granting permissions to [email protected]"}}'
但是,我已添加roles/storage-admin到错误中提到的帐户,并且根据策略疑难解答授予storage.buckets.getAPI 调用访问权限:
这是yaml我使用的文件:
imports:
- path: template.jinja
resources:
- name: template
type: template.jinja
properties:
storage:
bucket: qa-bucket-68586
这是jinja模板:
resources:
- name: storage-bucket
type: storage.v1.bucket
properties:
kind: storage#bucket
name: {{ properties["storage"]["bucket"] }}
location: EU
projectNumber: {{ env["project_number"] }}
storageClass: STANDARD
答案1
根据您的问题,我尝试重现您的问题但失败了 - 这意味着我可以使用 DM 创建存储桶。
我使用了更简单的方法:
resources:
- type: storage.v1.bucket
name: tb111
properties:
project: proj-name
name: tb111-1
我没有使用任何变量来传递项目名称,所以也许它有效。
结果是:
wb@cloudshell:~ (proj-name)$ gcloud deployment-manager deployments create deploy-test111 --config b1.yaml
The fingerprint of the deployment is b'fcW0t5_5DD75iIGyHz='
Waiting for create [operation-1626272156399-fe30b8a9-47-53bbc8c4]...done.
Create operation operation-1626272156399-fe30b8a9-47-53bbc8c4 completed successfully.
NAME TYPE STATE ERRORS INTENT
tb111 storage.v1.bucket COMPLETED []
我可以从控制台 UI 查看并访问它。
尝试在开始时仅在文件中“硬编码”您的项目名称jinja或使用我的项目名称开始,这样应该可以工作。