Google cloud platform 部署云函数时出错错误:(gcloud.functions.deploy)ResponseError:status=[403],code=[禁止]
我正在尝试通过GitLab CI/CD将云函数从GitLab中的存储库部署到Google云函数。我得到了标题和下面的错误 错误:(gcloud.functions.deploy)ResponseError:status=[403],code=[probled],message=[Permission'cloudfunctions.functions.get'denied on resource'projects/ahinko website prd/locations/us-central1/functions/send_contact'(或资源可能不存在)。] 我的.gitlab-CI.yml文件是:Google cloud platform 部署云函数时出错错误:(gcloud.functions.deploy)ResponseError:status=[403],code=[禁止],google-cloud-platform,google-cloud-functions,gitlab-ci-runner,Google Cloud Platform,Google Cloud Functions,Gitlab Ci Runner,我正在尝试通过GitLab CI/CD将云函数从GitLab中的存储库部署到Google云函数。我得到了标题和下面的错误 错误:(gcloud.functions.deploy)ResponseError:status=[403],code=[probled],message=[Permission'cloudfunctions.functions.get'denied on resource'projects/ahinko website prd/locations/us-central1/f
image: google/cloud-sdk:slim
stages:
- release
- function_deploy
before_script:
- gcloud auth activate-service-account --key-file $GOOGLE_SERVICE_ACCOUNT_FILE
- gcloud config set project $GOOGLE_PROJECT_ID
release:
stage: release
script:
- gsutil -m rm gs://ahinko.com/**
- gsutil -m cp -R src/client-side/* gs://ahinko.com
environment:
name: production
url: https://ahinko.com
only:
- master
function_deploy:
stage: function_deploy
script:
- gcloud functions deploy send_contact --entry-point=send_contact_form --ingress-settings=all --runtime=python37 --trigger-http
environment:
name: production
url: https://ahinko.com
only:
- ci-test
这似乎是由于gitlab服务帐户中缺少权限。您必须授予部署云功能的权限 您可以将角色:
cloudfunctions.developer
授予服务帐户:
可以创建、更新和删除函数。
无法设置云IAM策略,但可以查看源代码。
需要,以便部署功能
附加配置:
为了向用户分配云功能管理员(角色/cloudfunctions.Admin
)或云功能开发人员角色(角色/cloudfunctions.Developer
)或可以部署功能的自定义角色,您还必须向用户分配服务帐户用户云IAM角色(角色/IAM.serviceAccountUser
)在云功能运行时服务帐户上
很高兴读到它!你能接受这个答案吗?这样其他成员可以从中受益。
gcloud iam service-accounts add-iam-policy-binding \
PROJECT_ID@appspot.gserviceaccount.com \
--member MEMBER \
--role roles/iam.serviceAccountUser