如何将GCP角色添加到可授予的列表中?
我正在尝试在GCP中设置一个服务帐户,以便我可以使用
Docker Pull
我的个人外壳和Google Cloud Shell中的
,在该外壳中自动起作用。我尝试了这一点:
gcloud projects add-iam-policy-binding myProject --member=serviceAccount:dockerdude --role=roles/container.admin
但是我发现了这个不太热心的错误:
错误:策略修改失败。对于具有条件的绑定,请运行“ GCLOUD ALPHA IAM策略绒毛条件”,以识别条件的问题。 错误:( gcloud.projects.add-iam-policy-bunding)invalid_argument:无效的服务帐户(Dockerdude)。
我发现这个问题:这个角色不是授予的 ...我使用了命令
gcloud iam list-grantable-roles
//cloudresourcemanager.googleapis.com/projects/myProject
...实际上,角色 container.admin 不在列表中。
我的问题:如何使这个角色授予?还是有其他方法可以获取我的想法( Docker Plul 用户外壳以及Google Cloud Cloud Shell的许可)?
非常感谢您对这个问题的任何见解!
I am trying to get a service account set up in GCP so I can use
docker pull
from my personal shell as well as from Google Cloud Shell, where it works automagically.
I tried this:
gcloud projects add-iam-policy-binding myProject --member=serviceAccount:dockerdude --role=roles/container.admin
But I got this not-very-helpful error:
ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Invalid service account (dockerdude).
I found the problem: this role isn't grantable ... I used the command
gcloud iam list-grantable-roles
//cloudresourcemanager.googleapis.com/projects/myProject
... and indeed the role container.admin isn't in the list.
My question: how do I make this role grantable? Or is there some other way to get what I'm looking for (docker pull permission from user shells as well as from Google Cloud Shell)?
Thanks much for any insight into this problem whatsoever!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以使用此引用来交互方式编写您的命令,授予单一角色:
一些缺失的参数,但应该……
还可以检查一下非常好服务帐户的说明可以将其描述为身份和资源,检查完整的问题以获取更多详细信息:
,请阅读此问题与
list> list-groltable-roles 命令:You can use this reference to write your command interactively, Granting a Single Role:
Some missing parameters, but should be…
Also check this very good explanation of the service accounts as they can be described as an identity and a resource, check the full question to get more details:
Additionally, read this question related to
list-grantable-rolescommand: