错误:(gcloud.beta.functions.deploy)... message = [呼叫者没有权限] [英] ERROR: (gcloud.beta.functions.deploy) ... message=[The caller does not have permission]

问题描述

我正在尝试从此仓库中部署代码:

I am trying to deploy code from this repo:

https://github.com/anishkny/puppeteer-on-cloud-functions

在Google Cloud Build中.我的cloudbuild.yaml文件内容为:

in Google Cloud Build. My cloudbuild.yaml file contents are:

steps:
- name: 'gcr.io/cloud-builders/gcloud'
  args: ['beta', 'functions', 'deploy', 'screenshot', '--trigger-http', '--runtime', 'nodejs8', '--memory', '1024MB']

我为我的Cloud Build Service帐户(****@cloudbuild.gserviceaccount.com)赋予了以下角色:

I have given the following roles to my Cloud Build Service account (****@cloudbuild.gserviceaccount.com):

• 云构建服务帐户
• 云功能开发人员

• Cloud Build Service Account
• Cloud Functions Developer

但是，在我的Cloud Build日志中，我看到以下错误:

Yet, in my Cloud Build log I see the following error:

starting build "1f04522c-fe60-4a25-a4a8-d70e496e2821"

FETCHSOURCE
Fetching storage object: gs://628906418368.cloudbuild-source.googleusercontent.com/94762cc396ed1bb46e8c5dbfa3fa42550140c2eb-b3cfa476-cb21-45ba-849c-c28423982a0f.tar.gz#1534532794239047
Copying gs://628906418368.cloudbuild-source.googleusercontent.com/94762cc396ed1bb46e8c5dbfa3fa42550140c2eb-b3cfa476-cb21-45ba-849c-c28423982a0f.tar.gz#1534532794239047...
/ [0 files][    0.0 B/  835.0 B]                                                
/ [1 files][  835.0 B/  835.0 B]                                                
Operation completed over 1 objects/835.0 B.                                      
tar: Substituting `.' for empty member name
BUILD
Already have image (with digest): gcr.io/cloud-builders/gcloud
ERROR: (gcloud.beta.functions.deploy) ResponseError: status=[403], code=[Forbidden], message=[The caller does not have permission]
ERROR
ERROR: build step 0 "gcr.io/cloud-builders/gcloud" failed: exit status 1

我想念什么?

推荐答案

根据 Cloud Build文档，对于Cloud Functions，您必须将"Project Editor"角色授予您的服务帐户.

According to Cloud Build documentation, for Cloud Functions you have to grant the "Project Editor" role to your service account.

但是， Cloud Functions文档指出，除了使用Project编辑者角色，您可以使用"Cloud Functions开发人员角色，但必须确保已授予服务帐户用户角色".关于服务帐户，它表示具有您的项目上的CloudFunctions.ServiceAgent角色"和具有对触发源(例如，触发您的功能的Pub/Sub或Cloud Storage存储桶)的许可".

But, Cloud Functions documentation states that alternatively to using the Project Editor role, you can use "the Cloud Functions Developer role [but you have to] ensure that you have granted the Service Account User role". Regarding Service Accounts, it indicates to have "the CloudFunctions.ServiceAgent role on your project" and to "have permissions for trigger sources, such as Pub/Sub or the Cloud Storage bucket triggering your function".

基于这些考虑，我的理解是省略了文档来指定您的服务帐户所需的所有角色，并直接指示授予项目编辑者角色.

Due to those considerations, my understanding is that the documentation omitted to specify all the roles your service account would need and went directly to indicate to grant the Project Editor role.

这篇关于错误:(gcloud.beta.functions.deploy)... message = [呼叫者没有权限]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！