Reputation: 59
Error deploying a cloud function ERROR: (gcloud.functions.deploy) ResponseError: status=[403], code=[Forbidden]
I'm trying to implement the deployment of a cloud function from a repository in GitLab to Google Cloud functions via Gitlab CI/CD. I'm getting the error in the title and below.
ERROR: (gcloud.functions.deploy) ResponseError: status=[403], code=[Forbidden], message=[Permission 'cloudfunctions.functions.get' denied on resource 'projects/ahinko-website-prd/locations/us-central1/functions/send_contact' (or resource may not exist).]
My .gitlab-CI.yml file is:
image: google/cloud-sdk:slim
stages:
- release
- function_deploy
before_script:
- gcloud auth activate-service-account --key-file $GOOGLE_SERVICE_ACCOUNT_FILE
- gcloud config set project $GOOGLE_PROJECT_ID
release:
stage: release
script:
- gsutil -m rm gs://ahinko.com/**
- gsutil -m cp -R src/client-side/* gs://ahinko.com
environment:
name: production
url: https://ahinko.com
only:
- master
function_deploy:
stage: function_deploy
script:
- gcloud functions deploy send_contact --entry-point=send_contact_form --ingress-settings=all --runtime=python37 --trigger-http
environment:
name: production
url: https://ahinko.com
only:
- ci-test
Upvotes: 1
Views: 3741
Answers (1)
Reputation: 1524
This seems to be a lack of permissions in the gitlab Service Account. You have to grant the proper Role to deploy Cloud Functions.
You can grant The role: cloudfunctions.developer to the Service Account:
Can create, update, and delete functions. Can't set Cloud IAM policies but can view source code. Requires additional configuration in order to deploy functions.
Additional configuration:
In order to assign a user the Cloud Functions Admin (
roles/cloudfunctions.admin) or Cloud Functions Developer role (roles/cloudfunctions.developer) or a custom role that can deploy functions, you must also assign the user the Service Account User Cloud IAM role (roles/iam.serviceAccountUser) on the Cloud Functions Runtime service account.
gcloud iam service-accounts add-iam-policy-binding \
[email protected] \
--member MEMBER \
--role roles/iam.serviceAccountUser
Upvotes: 3
Related Questions
- ERROR: (gcloud.beta.functions.deploy) ... message=[The caller does not have permission]
- gcloud cloud functions deployment failure code 13 message=Failure in the execution environment"
- Permissions error using deploy-cloud-functions GitHub Action
- 403 Response from Google Cloud Functions
- ERROR: (gcloud.functions.deploy) ResponseError: status=[403], code=[Forbidden]
- Error Deploying Cloud Function from gitlab
- Gitlab Cloud run deploy successfully but Job failed
- Google Cloud Function Authorization Failing
- google cloud function deploy start failing
- Getting an error when attempting to deploy a Cloud Function using the gcloud CLI