我试图创建谷歌IAM,将allUsers添加到角色roles/run.invoker
我试着用:
resource "google_project_iam_member" "all_users_access" {
project = var.project
role = "roles/run.invoker"
member = "allUsers"
}
但不幸的是,我得到错误:
Policy members must be prefixed of the form 'u003ctypeu003e:u003cvalueu003e', where u003ctypeu003e is 'domain', 'group', 'serviceAccount', or 'user'."
所以我尝试了group前缀,但后来我得到了一个错误,让我感到困惑,因为它与之前的矛盾:
Error setting IAM policy for project "bt-dev-001": googleapi: Error 400: Member type allUsers should be used without prefix., badReques
我使用的是地形版4.16.0
有人知道怎么做吗?提前谢谢你。
我找到了答案,云运行实例的IAM角色与谷歌IAM是分开的……因此我的解决方案是:
resource "google_cloud_run_service_iam_member" "member" {
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
role = "roles/run.invoker"
member = "allUsers"
}