Whenever I have to deploy a new python function using the <code>gcloud</code> sdk I get this message <blockquote> Allow unauthenticated invocations of new function [function-name]? (y/N)? WARNING: Function created with limited-access IAM policy. To enable unauthorized access consider "gcloud alpha functions add-iam-policy-binding function-name --region=europe-west1 --member=allUsers --role=roles/cloudfunctions.invoker" </blockquote> Is there any flag I can add to the command to make it a <code>NO</code> when deploying? This is a sample command I use to deploy one function: <pre class="prettyprint"><code>gcloud functions deploy function-name --region=europe-west1 --entry-point function-entry-point --trigger-resource "projects/my-project/databases/(default)/documents/user_ids/{user_id}" --trigger-event providers/cloud.firestore/eventTypes/document.create --runtime python37 --timeout 60 --project my-project </code></pre>

<ol> <li>Select the service</li> <li>Click Show Info Panel to display the Permissions tab.</li> <li>In the Add members field, allUsers</li> <li>Select the Cloud Functions Invoker from roles</li> <li>Add</li> </ol> or <pre class="prettyprint"><code> gcloud functions add-iam-policy-binding FUNCTION \ --member='serviceAccount:FUNCTION_IDENTITY' \ --role='roles/cloudfunctions.invoker' gcloud run services add-iam-policy-binding [SERVICE_NAME] \ --member="allUsers" \ --role="roles/cloudfunctions.invoker" </code></pre>

I just encountered this problem as well and discovered that you can supply <code>--no-allow-unauthenticated</code> to pre-emptively answer "no" to this question. <pre class="prettyprint"><code>gcloud functions deploy MyFunction \ --runtime=go116 --trigger-http --no-allow-unauthenticated </code></pre>

From https://cloud.google.com/sdk/docs/scripting-gcloud#disabling_prompts: <blockquote> You can disable prompts from gcloud CLI commands by setting the <code>disable_prompts</code> property in your configuration to <code>True</code> or by using the global <code>--quiet</code> or <code>-q</code> flag. </blockquote> So for your example, you could run: <pre class="prettyprint"><code>gcloud functions deploy function-name --quiet --region=europe-west1 --entry-point function-entry-point --trigger-resource "projects/my-project/databases/(default)/documents/user_ids/{user_id}" --trigger-event providers/cloud.firestore/eventTypes/document.create --runtime python37 --timeout 60 --project my-project </code></pre>

Google Cloud Functions Deploy "allow unauthenticated invocations..."

Tags:

python

google-cloud-platform

gcloud

google-cloud-functions

gcloud-python

Whenever I have to deploy a new python function using the gcloud sdk I get this message

Allow unauthenticated invocations of new function [function-name]?

(y/N)?

WARNING: Function created with limited-access IAM policy. To enable unauthorized access consider

"gcloud alpha functions add-iam-policy-binding function-name --region=europe-west1 --member=allUsers --role=roles/cloudfunctions.invoker"

Is there any flag I can add to the command to make it a NO when deploying?

This is a sample command I use to deploy one function:

gcloud functions deploy function-name --region=europe-west1 --entry-point function-entry-point --trigger-resource "projects/my-project/databases/(default)/documents/user_ids/{user_id}" --trigger-event providers/cloud.firestore/eventTypes/document.create --runtime python37 --timeout 60 --project my-project

991

asked May 01 '20 23:05

Guanaco Devs

3 Answers

Select the service
Click Show Info Panel to display the Permissions tab.
In the Add members field, allUsers
Select the Cloud Functions Invoker from roles
Add

  gcloud functions add-iam-policy-binding FUNCTION \
  --member='serviceAccount:FUNCTION_IDENTITY' \
  --role='roles/cloudfunctions.invoker'

 gcloud run services add-iam-policy-binding [SERVICE_NAME] \
    --member="allUsers" \
    --role="roles/cloudfunctions.invoker"

145

answered Sep 19 '22 15:09

Tiago Medici

I just encountered this problem as well and discovered that you can supply --no-allow-unauthenticated to pre-emptively answer "no" to this question.

gcloud functions deploy MyFunction \
  --runtime=go116 --trigger-http --no-allow-unauthenticated

answered Oct 13 '22 07:10

David

From https://cloud.google.com/sdk/docs/scripting-gcloud#disabling_prompts:

You can disable prompts from gcloud CLI commands by setting the disable_prompts property in your configuration to True or by using the global --quiet or -q flag.

So for your example, you could run:

gcloud functions deploy function-name --quiet --region=europe-west1 --entry-point function-entry-point --trigger-resource "projects/my-project/databases/(default)/documents/user_ids/{user_id}" --trigger-event providers/cloud.firestore/eventTypes/document.create --runtime python37 --timeout 60 --project my-project