错误:创建资源时出错:google_project_service:googleapi:错误 403:Cloud Resource Manager API 之前未在项目 'my-project' 中使用或已禁用。
Error: Error creating resource: google_project_service: googleapi: Error 403: Cloud Resource Manager API has not been used in project 'my-project' before or it is disabled.
ID: policy/gcp-resource-manager-api-not-enabled
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Google Cloud SDK 400+ | active | — | — | — |
| Terraform Google Provider 4.0+ | active | — | — | — |
根因分析
Google Cloud 项目未启用 Cloud Resource Manager API,这是通过 Terraform 或 gcloud 管理项目级资源(如 IAM 策略和服务账户)所必需的。
English
The Google Cloud project does not have the Cloud Resource Manager API enabled, which is required to manage project-level resources like IAM policies and service accounts via Terraform or gcloud.
官方文档
https://cloud.google.com/resource-manager/docs/creating-managing-projects解决方案
-
通过 gcloud 启用 Cloud Resource Manager API:gcloud services enable cloudresourcemanager.googleapis.com --project=my-project
-
通过 Google Cloud 控制台启用 API:转到 APIs & Services > Library,搜索 'Cloud Resource Manager API',然后点击启用。
-
在 Terraform 中,添加 google_project_service 资源以在创建其他资源之前启用 API:resource "google_project_service" "crm" { project = "my-project" service = "cloudresourcemanager.googleapis.com" }
无效尝试
常见但无效的做法:
-
Re-authenticate with gcloud auth login to refresh credentials
95% 失败
The error is not about authentication but about the API not being enabled; re-login does not enable APIs.
-
Use a different service account or user account to run the command
90% 失败
The API disablement is project-wide; all accounts in the project face the same issue until the API is enabled.
-
Set the project ID in gcloud config and retry without enabling the API
85% 失败
The API must be explicitly enabled; setting the project ID only changes the target project but does not enable the API.