Reputation: 1041
Permission error 403 while deploying pub sub cloud function gen2 using github action
I am facing a permission error (403) while trying to deploy a Pub/Sub Cloud Function Gen2 using GitHub Actions however its passing for gen1 . I have followed the necessary steps to set up the deployment workflow, but I keep encountering this error.
Here is some background information on my setup:
I have a Cloud Function written in java that triggers on a Pub/Sub event.
I am using GitHub Actions as my CI/CD platform.
I have set up the necessary credentials and authentication for GitHub Actions to access my Google Cloud project.
The deployment workflow seems to be working fine until it reaches the deployment step. At that point, I receive the following error message:
PermissionError: The caller does not have permission
I have verified that the service account used by GitHub Actions has the necessary IAM roles and permissions for Pub/Sub and Cloud Functions.
Here are the steps I have taken to troubleshoot the issue:
Checked the IAM roles and permissions of the service account used by GitHub Actions. It has the roles roles/pubsub.publisher and roles/cloudfunctions.admin.
Verified that the project and service account are correct in the GitHub Actions workflow configuration.
Ensured that the necessary APIs (Pub/Sub and Cloud Functions) are enabled in the Google Cloud project.
Manually tested deploying the Cloud Function using the gcloud command-line tool, which was successful.
Despite these efforts, I am still unable to deploy the Pub/Sub Cloud Function Gen2 successfully through GitHub Actions.
However when i tried to modified the command from Gen2 to Gen1 it was deploying properly with no issues
I would greatly appreciate any insights, suggestions, or possible solutions to resolve this permission error. Thank you in advance for your help
Below is Gen2 command which is failing using github action
gcloud functions deploy spannerdbbackup \
--runtime java11 \
--trigger-topic spanner-db-backup \
--entry-point com.test.function.CreateSpannerBackUp \
--source target/deployment \
--region ${{env.REGION}} \
--project ${{env.PROJECT_ID}} \
--gen2 \
Below is gen1 command which is passing without any issues
gcloud functions deploy spannerdbbackup \
--runtime java11 \
--trigger-topic spanner-db-backup \
--entry-point com.test.function.CreateSpannerBackUp \
--source target/deployment \
--region ${{env.REGION}} \
--project ${{env.PROJECT_ID}} \
Upvotes: 0
Views: 312
Answers (1)
Reputation: 2055
You need to update your gcloud CLI version to 436.0.0 by using this command:
gcloud components update
According to this release notes on 436.0.0 (2023-06-21):
Fixed issue where
gcloud functions deploycould fail in certain cases if the caller was missing permissions to get the project IAM policy.
In case that your gcloud CLI is already updated to the latest version, I would suggest to file this one as a bug so that Google Cloud engineers could further investigate on this case.
Upvotes: 1
Related Questions
- PUBLISH_PERMISSIONS_MISSING_FOR_PUBSUB_TOPIC Error Despite Correct Pub/Sub Permissions
- Permissions error using deploy-cloud-functions GitHub Action
- Deploy gen2 Google Cloud Functions with GitHub Actions?
- Only run job on specific branch with GitHub Actions
- How can we attach a service account to cloud run service while deploying through github actions?
- Google Cloud Functions: Error when migrating a Gen1 to Gen2 function
- Getting permission denied error when calling Google cloud function from Cloud scheduler
- Error Deploying Cloud Function from gitlab
- Topic trigger for Google Cloud Function Github Action
- service account permission issue while deploying cloud function