问题描述
我正在尝试在 GCP 中使用 Cloud Deployment Manager 启用审核日志,即数据访问日志,但出现一些错误,以下是我在 YAML 中创建的脚本。
resources:
- name: get-iam-policy
action: gcp-types/cloudresourcemanager-v1:cloudresourcemanager.projects.getIamPolicy
properties:
resource: <project_id>
Metadata:
runtimePolicy:
- 'UPDATE_ALWAYS'
- name: patch-iam-policy
action: gcp-types/cloudresourcemanager-v1:cloudresourcemanager.projects.setIamPolicy
properties:
resource: <project_id>
policy:
etag: $(ref.get-iam-policy.etag)
auditConfigs:
- auditLogConfigs:
- logType: ADMIN_READ
service: allServices
上面的代码存储在文件 deploy.yaml 中,下面的命令用于创建部署
gcloud deployment-manager deployments create test --config deploy.yaml
我在下面遇到错误
(gcloud.deployment-manager.deployments.create) Error in Operation [operation-1621334235876-5c2984b310ba1-9e1e602f-d982565d]: errors:
- code: RESOURCE_ERROR
location: /deployments/test/resources/patch-iam-policy
message: '{"ResourceType":"gcp-types/cloudresourcemanager-v1:cloudresourcemanager.projects.setIamPolicy","ResourceErrorCode":"400","ResourceErrorMessage":{"code":400,"message":"Invalid
JSON payload received. UnkNown name \"auditConfigs\": Cannot find field.","status":"INVALID_ARGUMENT","details":[{"@type":"type.googleapis.com/google.rpc.BadRequest","fieldViolations":[{"description":"Invalid
JSON payload received. UnkNown name \"auditConfigs\": Cannot find field."}]}],"statusMessage":"Bad
Request","requestPath":"https://cloudresourcemanager.googleapis.com/v1/projects/******:setIamPolicy","httpMethod":"POST"}}'
解决方法
我对这个例子做了一些尝试,并为此查找了一些 documentation。
您的代码似乎是正确的,所有 yaml 语法验证器都表示相同。
在我尝试部署您的代码后,我收到与您完全相同的错误消息。
这看起来可能是一个错误,所以我建议在 Google IssueTracker 上提出问题。