问题描述
我正在尝试为Cloudbuild触发器创建google_storage_bucket_iam_policy。我不想对存储区名称进行硬编码,而是要使用数据资源获取cloudbuild的存储区名称。我不想像这样bucket = var.bucket_name硬编码我的存储桶名称。
这是我当前的main.tf文件的样子:
###
### Manage permission for google bucket
###
data "google_iam_policy" "admin" {
binding {
role = "var.custom_role"
members = var.admin_member
}
}
resource "google_storage_bucket_iam_policy" "policy" {
bucket = var.bucket_name
policy_data = data.google_iam_policy.admin.policy_data
}
###
### Manage a list of Cloudbuild triggers
###
resource "google_cloudbuild_trigger" "filename-trigger" {
trigger_template {
branch_name = var.branch_name
repo_name = var.repo_name
}
filename = var.file_name
}
解决方法
这是解决我的问题的方法:
###
### Manage permission for google bucket
###
data "google_iam_policy" "admin" {
binding {
role = "var.custom_role"
members = var.admin_member
}
}
resource "google_storage_bucket_iam_policy" "policy" {
bucket = "artifacts.${var.project_id}.appspot.com"
policy_data = data.google_iam_policy.admin.policy_data
}
###
### Manage a list of Cloudbuild triggers
###
resource "google_cloudbuild_trigger" "filename-trigger" {
trigger_template {
branch_name = var.branch_name
repo_name = var.repo_name
}
filename = var.file_name
}