1

使用 Terraform 0.12.24

我创建了多个服务帐户,并希望将具有所有者权限的每个服务帐户分配给存储桶列表,并遇到许多问题

# Service-accounts created with random-integer suffix
resource "google_service_account" "sample_accounts" {
  for_each     = {for proj in var.target_projects: proj => proj}
  account_id   = "cost-saver-${random_integer.sa_id[each.key].result}" 
  project      = var.project
  display_name = "service account for ${each.key}"
}

resource "google_storage_bucket_iam_member" "shared_buckets_iam" {
  for_each    = {for svc in google_service_account.sample_accounts: svc.email => svc.email}
  bucket      = "${var.shared_project}-shared-files"
  role        = "roles/storage.legacyBucketOwner"
  member      = "serviceAccount:${each.value}"
  depends_on  = [google_service_account.sample_accounts]

}

由于服务帐户是动态创建的,我想在同一个 terraform apply 运行中使用它们,我遇到了这个问题

Error: Invalid for_each argument

  on main.tf line 138, in resource "google_storage_bucket_iam_member" "shared_buckets_iam":
 138:   for_each    = {for svc in google_service_account.sample_accounts: svc.email => svc.email}

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

我能得到一些帮助吗?

4

0 回答 0