如何通过服务帐户使用 Terraform `google_app_engine_domain_mapping`?
How to use Terraform `google_app_engine_domain_mapping` with service account?
我正在尝试使用以下配置通过 Terraform 创建 GCP App Engine 域映射:
provider "google" {
version = "3.36.0"
region = var.region
}
resource "google_app_engine_domain_mapping" "domain_mapping" {
project = local.project_id
domain_name = var.domain_name
ssl_settings {
ssl_management_type = "AUTOMATIC"
}
depends_on = [
google_app_engine_application.backend_app
]
}
Terraform 配置为使用具有以下 IAM 权限(无条件)的 GCP 提供商的组织级服务帐户:
作为组织所有者的 Google 帐户已验证有问题的域,但我收到以下错误:
Error: Error creating DomainMapping: googleapi: Error 403: Caller is not authorized to administer the domain 'testing.redacted.com'. If you own 'testing.redacted.com', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=testing.redacted.com. We recommend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').
我也曾尝试在 Google Search Console 中将服务帐户的电子邮件作为用户添加到域中,但无济于事。
解决方案相当简单,但有点隐藏在文档中。您需要将您的服务帐户电子邮件添加为域的所有者。
- 去here
- Select你想要的属性
- 点击页面底部的“添加所有者”按钮并添加电子邮件地址(例如 terraform@
.iam.gserviceaccount.com)
我正在尝试使用以下配置通过 Terraform 创建 GCP App Engine 域映射:
provider "google" {
version = "3.36.0"
region = var.region
}
resource "google_app_engine_domain_mapping" "domain_mapping" {
project = local.project_id
domain_name = var.domain_name
ssl_settings {
ssl_management_type = "AUTOMATIC"
}
depends_on = [
google_app_engine_application.backend_app
]
}
Terraform 配置为使用具有以下 IAM 权限(无条件)的 GCP 提供商的组织级服务帐户:
作为组织所有者的 Google 帐户已验证有问题的域,但我收到以下错误:
Error: Error creating DomainMapping: googleapi: Error 403: Caller is not authorized to administer the domain 'testing.redacted.com'. If you own 'testing.redacted.com', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=testing.redacted.com. We recommend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').
我也曾尝试在 Google Search Console 中将服务帐户的电子邮件作为用户添加到域中,但无济于事。
解决方案相当简单,但有点隐藏在文档中。您需要将您的服务帐户电子邮件添加为域的所有者。
- 去here
- Select你想要的属性
- 点击页面底部的“添加所有者”按钮并添加电子邮件地址(例如 terraform@
.iam.gserviceaccount.com)