[英]Github Actions to Google Cloud Functions "Constraint constraints/gcp.resourceLocations violated for projects/GOOGLE_PROJECT_ID attempting GenerateU
I am trying to build a Python application that is stored in Github that I want to run on Google Cloud Functions.我正在尝试构建一个存储在 Github 中的 Python 应用程序,我想在 Google Cloud Functions 上运行它。
I have followed this tutorial: https://blog.leandrotoledo.org/deploying-google-cloud-functions-using-github-actions-and-workload-identity-authentication/我遵循了本教程: https://blog.leandrotoledo.org/deploying-google-cloud-functions-using-github-actions-and-workload-identity-authentication/
.github/workflows/main.yaml .github/workflows/main.yaml
looks like this (with workload_identity_provider and service_account changed to my walues)看起来像这样(workload_identity_provider 和 service_account 更改为我的值)
# This is a basic workflow to help you get started
name: CD
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [main]
pull_request:
branches: [main]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "deploy"
deploy:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Add "id-token" with the intended permissions.
permissions:
contents: "read"
id-token: "write"
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- id: "auth"
name: "Authenticate to Google Cloud"
uses: "google-github-actions/auth@v0"
with:
# Replace with your Workload Identity Provider Location
workload_identity_provider: "$WORKLOAD_IDENTITY_PROVIDER_LOCATION"
# Replace with your GitHub Service Account
service_account: "$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com"
- id: "deploy"
uses: "google-github-actions/deploy-cloud-functions@v0"
with:
# Name of the Cloud Function, same as the entry point name
name: "helloWorld"
# Runtime to use for the function
runtime: "python3.10"
# Example of using the output
- id: "test"
run: 'curl "${{ steps.deploy.outputs.url }}"'
This gives me the following error at Github Actions:这在 Github 操作中给我以下错误:
Run google-github-actions/deploy-cloud-functions@v0
with:
name: helloWorld
runtime: python3.10
region: us-central1
source_dir: ./
timeout: 60s
https_trigger_security_level: security_level_unspecified
event_trigger_retry: false
deploy_timeout: 300
docker_registry: container-registry
env:
CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/helloWorld/helloWorld/gha-creds-xxx.json
GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/helloWorld/helloWorld/gha-creds-xxx.json
GOOGLE_GHA_CREDS_PATH: /home/runner/work/helloWorld/helloWorld/gha-creds-xxx.json
CLOUDSDK_CORE_PROJECT: engineering-infra
CLOUDSDK_PROJECT: engineering-infra
GCLOUD_PROJECT: engineering-infra
GCP_PROJECT: engineering-infra
GOOGLE_CLOUD_PROJECT: engineering-infra
Extracted project ID 'engineering-infra' from $GCLOUD_PROJECT
Created zip file from './' at '/tmp/cfsrc-xxx.zip'
Error: google-github-actions/deploy-cloud-functions failed with: failed to upload zip file: Failed to POST https://cloudfunctions.googleapis.com/v1/projects/engineering-infra/locations/us-central1/functions:generateUploadUrl: (400) {
"error": {
"code": 400,
"message": "The request has violated one or more Org Policies. Please refer to the respective violations for more information.",
"status": "FAILED_PRECONDITION",
"details": [
{
"@type": "type.googleapis.com/google.rpc.PreconditionFailure",
"violations": [
{
"type": "constraints/gcp.resourceLocations",
"subject": "orgpolicy:projects/engineering-infra",
"description": "Constraint constraints/gcp.resourceLocations violated for projects/engineering-infra attempting GenerateUploadUrlActionV1 with location set to us-central1. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information."
}
]
}
]
}
}
I am located in North Europe so I would want to use Findland.我位于北欧,所以我想使用 Findland。
There can be multiple Scenarios which could lead to the error you are facing.可能有多种情况可能导致您遇到的错误。
Could you please verify if your service account has enough permissions like iam.serviceAccountUser
and iam.cloudFunctionsDeveloper
role on project?您能否验证您的服务帐户是否具有足够的权限,例如项目上的
iam.serviceAccountUser
和iam.cloudFunctionsDeveloper
角色? You can check the details in document .您可以在文档中查看详细信息。
Have you checked the Stackoverflow linked in the blog/tutorial shared above?您是否检查过上面共享的博客/教程中链接的Stackoverflow ?
Another case could be, If the Organization Policy: Resource Location Restriction does not allow a multi-region (such as EU, US or Asia that contains two or more geographic places) but allows the region where you want to deploy function in (like us-central1-locations), then the function will fail to deploy with this error.另一种情况可能是,如果组织策略:资源位置限制不允许多区域(例如包含两个或更多地理位置的欧盟、美国或亚洲),但允许您要部署 function 的区域(例如我们-central1-locations),则 function 将无法部署并出现此错误。
If this is relatable for your use case, you can either allow a multi-region in your Organization Policy: Resource Location Restriction or you can temporarily change Resource Location constraint to allow a multi-region followed by deploying function and then editing the Organization Policy back to regional restrictions.如果这与您的用例相关,您可以在组织策略中允许多区域:资源位置限制,或者您可以临时更改资源位置约束以允许多区域,然后部署 function,然后编辑组织策略到区域限制。 For the details you can check document
有关详细信息,您可以查看文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.