stackoom
  简体   繁体   中英

Error Deploying Cloud Function from gitlab

 原文  2022-04-12 10:13:54       google-cloud-platform/ google-cloud-functions/ service-accounts

Question

I am trying to deploy a cloud function via gitlab using a new service account (Not using default service account). It has the cloud functions developer role but it is still failing with below error:

The error below includes a user as cloud-functions-mixer. I haven't configured anything like that in my repo and not sure why it is coming up.

First of all, running the suggested command doesn't even work because the suggested syntax is bad. I have tried running the below command but it's not right

Error: googleapi: Error 403: Missing necessary permission iam.serviceAccounts.actAs for cloud-functions-mixer on the service account project-test-tf-02@appspot.gserviceaccount.com. Grant the role 'roles/iam.serviceAccountUser' to cloud-functions-mixer on the service account project-test-tf-02@appspot.gserviceaccount.com. You can do that by running 'gcloud iam service-accounts add-iam-policy-binding project-test-tf-02@appspot.gserviceaccount.com --member=cloud-functions-mixer --role=roles/iam.serviceAccountUser'.

1 answers

solution1
 18 ACCPTED  2022-04-29 18:26:19

Google's instructions about the cloud-functions-mixer are wrong . What you actually need to do is replace the string cloud-functions-mixer with the name of the service account that is building or deploying your function.

The following user-defined service accounts will be used in an example:

  • my-cloud-function@my-project.iam.gserviceaccount.com is the service account that your function runs as.
  • build-service-account@my-project.iam.gserviceaccount.com is the service account that builds/deploys your Cloud Function

The command to run is:

gcloud iam service-accounts add-iam-policy-binding 
  my-cloud-function@my-project.iam.gserviceaccount.com 
   --member=serviceAccount:build-service-account@my-project.iam.gserviceaccount.com 
    --role=roles/iam.serviceAccountUser

Docs

Or, in Terraform, you would need a resource like this:

resource "google_service_account_iam_member" "opentok_webhook_mixer" {
  service_account_id = google_service_account.my_cloud_function.id
  role               = "roles/iam.serviceAccountUser"
  member             = "serviceAccount:${google_service_account.build_service_account.email}"
}

You'll have to update the names of the service account resources.

This approach also works for Google Cloud Build.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error deploying a function from vscode cloud run extension Error deploying Encryption Java cloud function on Google cloud Firebase Cloud Functions: Error while deploying function Firebase Cloud Function not deploying What does this error mean when deploying Firebase cloud function Permission Denied Error while deploying Gen2 Cloud Function Cloud build error when deploying to cloud run Getting function.js does not exist error when deploying 1st gen cloud function ERROR: error fetching storage source: generic::unknown... When deploying GCP Cloud Function via GitHub Actions EOFError when deploying google cloud function
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM