Menu
We have developed a cloud function based on given requirements and did initial verification with 1st Gen and it went fine. But there were few modifications required which required additional processing time. Hence we had to switch to --gen2
Below is gcloud function deploy command.
gcloud functions deploy gen2-function \
--entry-point gen2 --runtime python37 --trigger-http --allow-unauthenticated \
--service-account=<> --region=<> --project=<> --timeout=3600s --gen2
This command deploys the function and internally cloud run service successfully, but it fails in the end with below error
[INFO] A new revision will be deployed serving with 100% traffic.
ERROR: (gcloud.functions.deploy) PERMISSION_DENIED: Permission 'run.services.setIamPolicy' denied on resource 'projects/<project>/locations/<region>/services/gen2-function' (or resource may not exist).
When we checked on cloud run, service name "gen2-function" does exist.
Can someone guide on this?
861
The account deploying the function is missing the permission run.services.setIamPolicy. That permission is required to specify the command argument --allow-unauthenticated.
That permission is in the role roles/run.admin.
Refer to this documentation on how to add a role to the account:
Grant a single role using the GUI
Grant or revoke multiple roles
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
