'Error Deploying Cloud Function from gitlab

I am trying to deploy a cloud function via gitlab using a new service account (Not using default service account). It has the cloud functions developer role but it is still failing with below error:

The error below includes a user as cloud-functions-mixer. I haven't configured anything like that in my repo and not sure why it is coming up.

First of all, running the suggested command doesn't even work because the suggested syntax is bad . I have tried running the below command but it’s not right

Error: googleapi: Error 403: Missing necessary permission iam.serviceAccounts.actAs for cloud-functions-mixer on the service account [email protected]. Grant the role 'roles/iam.serviceAccountUser' to cloud-functions-mixer on the service account [email protected]. You can do that by running 'gcloud iam service-accounts add-iam-policy-binding [email protected] --member=cloud-functions-mixer --role=roles/iam.serviceAccountUser'.

google-cloud-platformgoogle-cloud-functionsservice-accounts


Solution 1:[1]

Google's instructions about the cloud-functions-mixer are wrong. What you actually need to do is replace the string cloud-functions-mixer with the name of the service account that is building or deploying your function.

The following user-defined service accounts will be used in an example:

The command to run is:

gcloud iam service-accounts add-iam-policy-binding [email protected] --member=serviceAccount:[email protected] --role=roles/iam.serviceAccountUser

Or, in Terraform, you would need a resource like this:

resource "google_service_account_iam_member" "opentok_webhook_mixer" {
  service_account_id = google_service_account.my_cloud_function.id
  role               = "roles/iam.serviceAccountUser"
  member             = "serviceAccount:${google_service_account.build_service_account.email}"
}

You'll have to update the names of the service account resources.

This approach also works for Google Cloud Build.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Craig Finch

Related Questions

How to use use Firestore document field's HashMap key value and populate recyclerview?

how to keep GKE cluster nodes in different regions?

Google Cloud TTS API for M1 Mac

Is it possible to render a video from AfterEffects in a Google Collaboratory notebook?

Allow-IAP Firewall Rule created in default VPC in GCP getting reflected in other VPC as well

Attribute Error when importing SpeechClient from google.cloud.speech

GCP Cost billing data

What is the difference between gcloud and gsutil?

Volume not persistent in Google Cloud

Permission Denied when trying to write on a TPU VM foler

Google Cloud Free Tier will start charging for static or ephemeral IP Address?

How to create a empty folder in google storage(bucket) using gsutil command?

How can size of the root disk in Google Compute Engine be increased?

Cannot switch Firestore from Datastore to native mode on GCP

action console simulator is not working and I cannot release my project