0

我正在尝试创建一个新项目,然后在新项目中创建一个新的 Google Artifact Registry。以下是 Terraform 资源:

resource "google_project" "my_project" {
  name = "My Project Name"
  project_id = "my-project-id-abc"
  billing_account = "BILLING-ACCOUNT-ID"
}

resource "google_artifact_registry_repository" "my_ar" {
  provider = google-beta
  format = "DOCKER"
  repository_id = "myreponame"
  location = "europe-west1"
  project = google_project.my_project.project_id
  depends_on = [google_project_service.artifactregistry_googleapis_com]
}

resource "google_project_service" "artifactregistry_googleapis_com" {
  project = google_project.my_project.project_id
  service = "artifactregistry.googleapis.com"
}

这几乎总是首先失败,terraform apply并显示以下错误消息:

Error: Error creating Repository: googleapi: Error 403: Permission 'artifactregistry.repositories.create' denied on resource '//artifactregistry.googleapis.com/projects/my-project-id-abc/locations/europe-west1' (or it may not exist).
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.ErrorInfo",
    "domain": "artifactregistry.googleapis.com",
    "metadata": {
      "permission": "artifactregistry.repositories.create",
      "resource": "projects/my-project-id-abc/locations/europe-west1"
    },
    "reason": "IAM_PERMISSION_DENIED"
  }
]

立即再次运行相同的命令总是会成功并显示以下消息:

Terraform will perform the following actions:

  # google_artifact_registry_repository.my_ar will be created
  + resource "google_artifact_registry_repository" "my_ar" {
      + create_time   = (known after apply)
      + format        = "DOCKER"
      + id            = (known after apply)
      + location      = "europe-west1"
      + name          = (known after apply)
      + project       = "my-project-id-abc"
      + repository_id = "myreponame"
      + update_time   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.
google_artifact_registry_repository.my_ar: Creating...
google_artifact_registry_repository.my_ar: Still creating... [10s elapsed]
google_artifact_registry_repository.my_ar: Creation complete after 12s [id=projects/my-project-id-abc/locations/europe-west1/repositories/myreponame]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

属性的作用depends_on = [google_project_service.artifactregistry_googleapis_com]不支持在创建工件存储库之前等待一切准备就绪?

4

0 回答 0