我正在尝试在部署管理器配置中创建logging.v2.sink
:
resources:
- name: audit-log-sink
type: logging.v2.sink
properties:
name: audit-log
destination: projects/{{ env["project"] }}/topics/audit-log-topic
metadata:
dependsOn:
- audit-log-topic
运行命令后:
gcloud deployment-manager deployments create my-deployment --config ./my-deployment.jinja --preview
我收到以下验证错误:
errors:
- code: CONDITION_NOT_MET
location: /deployments/my-deployment/resources/audit-log-sink->$.properties
message: '"/name": domain: validation; keyword: type; message: instance does not
match any allowed primitive type; allowed: ["string"]; found: "null"'
无论我为name
属性的值放置什么,它都会作为null值传递给验证。
适当的领域是sink
而不是name
。这是正确的配置:
resources:
- name: audit-log-sink
type: logging.v2.sink
properties:
sink: audit-log
destination: projects/{{ env["project"] }}/topics/audit-log-topic
metadata:
dependsOn:
- audit-log-topic
resources:
- name: {{ env["name"] }}-projecthub-log-centralization-bucket
type: projecthubname/sharedstoragetype1:buckets
properties:
kind: storage#bucket
name: {{ env["name"] }}-projecthub-log-centralization-bucket
project: gcp-oc-ser-hub-sbx
storageClass: MULTI_REGIONAL
labels:
resourceid: {{ properties["resourceid"] }}
billingcode: {{ properties["billingcode"] }}
- name: {{ env["name"] }}-iam
type: gcp-types/storage-v1:storage.buckets.setIamPolicy
properties:
bucket: $(ref.{{ env["name"] }}-projecthub-log-centralization-bucket.name)
bindings:
- role: roles/storage.objectCreator
members:
- $(ref.{{ env["name"] }}-sink.writerIdentity)
- name: {{ env["name"] }}-sink
type: gcp-types/logging-v2:organizations.sinks
properties:
sink: {{ env["name"] }}
uniqueWriterIdentity: {{ properties["uniqueWriterIdentity"] }}
includeChildren: true
outputVersionFormat: V2
destination: storage.googleapis.com/$(ref.{{ env["name"] }}-servicehub-log-centralization-bucket.name)
filter: {{ properties["filter"] }}
organization: "{{ properties["organizationid"] }}"