Error deploying a cloud function ERROR: (gcloud.functions.deploy) ResponseError: status=[403], code=[Forbidden]
Error deploying a cloud function ERROR: (gcloud.functions.deploy) ResponseError: status=[403], code=[Forbidden]
我正在尝试通过 Gitlab CI/CD 将云功能从 GitLab 中的存储库部署到 Google 云功能。我在标题及以下内容中收到错误。
错误:(gcloud.functions.deploy)ResponseError:状态=[403],代码=[禁止],消息=[权限'cloudfunctions.functions.get'在资源'projects/ahinko-website-prd/locations/us-central1/functions/send_contact'上被拒绝(或者资源可能不存在)。]
我的 .gitlab-CI.yml 文件是:
image: google/cloud-sdk:slim
stages:
- release
- function_deploy
before_script:
- gcloud auth activate-service-account --key-file $GOOGLE_SERVICE_ACCOUNT_FILE
- gcloud config set project $GOOGLE_PROJECT_ID
release:
stage: release
script:
- gsutil -m rm gs://ahinko.com/**
- gsutil -m cp -R src/client-side/* gs://ahinko.com
environment:
name: production
url: https://ahinko.com
only:
- master
function_deploy:
stage: function_deploy
script:
- gcloud functions deploy send_contact --entry-point=send_contact_form --ingress-settings=all --runtime=python37 --trigger-http
environment:
name: production
url: https://ahinko.com
only:
- ci-test
这好像是gitlab服务账号权限不足。您必须授予 proper Role 才能部署 Cloud Functions。
您可以将角色:cloudfunctions.developer 授予服务帐户:
Can create, update, and delete functions.
Can't set Cloud IAM policies but can view source code.
Requires additional configuration in order to deploy functions.
Additional configuration:
In order to assign a user the Cloud Functions Admin (roles/cloudfunctions.admin) or Cloud Functions Developer role (roles/cloudfunctions.developer) or a custom role that can deploy functions, you must also assign the user the Service Account User Cloud IAM role (roles/iam.serviceAccountUser) on the Cloud Functions Runtime service account.
gcloud iam service-accounts add-iam-policy-binding \
PROJECT_ID@appspot.gserviceaccount.com \
--member MEMBER \
--role roles/iam.serviceAccountUser
我正在尝试通过 Gitlab CI/CD 将云功能从 GitLab 中的存储库部署到 Google 云功能。我在标题及以下内容中收到错误。
错误:(gcloud.functions.deploy)ResponseError:状态=[403],代码=[禁止],消息=[权限'cloudfunctions.functions.get'在资源'projects/ahinko-website-prd/locations/us-central1/functions/send_contact'上被拒绝(或者资源可能不存在)。]
我的 .gitlab-CI.yml 文件是:
image: google/cloud-sdk:slim
stages:
- release
- function_deploy
before_script:
- gcloud auth activate-service-account --key-file $GOOGLE_SERVICE_ACCOUNT_FILE
- gcloud config set project $GOOGLE_PROJECT_ID
release:
stage: release
script:
- gsutil -m rm gs://ahinko.com/**
- gsutil -m cp -R src/client-side/* gs://ahinko.com
environment:
name: production
url: https://ahinko.com
only:
- master
function_deploy:
stage: function_deploy
script:
- gcloud functions deploy send_contact --entry-point=send_contact_form --ingress-settings=all --runtime=python37 --trigger-http
environment:
name: production
url: https://ahinko.com
only:
- ci-test
这好像是gitlab服务账号权限不足。您必须授予 proper Role 才能部署 Cloud Functions。
您可以将角色:cloudfunctions.developer 授予服务帐户:
Can create, update, and delete functions. Can't set Cloud IAM policies but can view source code. Requires additional configuration in order to deploy functions.
Additional configuration:
In order to assign a user the Cloud Functions Admin (
roles/cloudfunctions.admin) or Cloud Functions Developer role (roles/cloudfunctions.developer) or a custom role that can deploy functions, you must also assign the user the Service Account User Cloud IAM role (roles/iam.serviceAccountUser) on the Cloud Functions Runtime service account.
gcloud iam service-accounts add-iam-policy-binding \
PROJECT_ID@appspot.gserviceaccount.com \
--member MEMBER \
--role roles/iam.serviceAccountUser