从Google Build部署Google Cloud功能 [英] Deploying Google Cloud function from a Google Build
问题描述
尝试部署简单功能时,我遇到403错误.这是我的完整Yaml:
When attempting to deploy a simple function, I am running into a 403 error. Here is my full yaml:
steps:
# Install Dependencies
- name: 'python'
id: Pip install
args: ['pip3', 'install', '-r', 'requirements.txt', '--user']
# Run Tests
- name: 'python'
args: ['python3', '-m', 'pytest', 'functions/folder_a/test/']
# Deploy Cloud Functions
- name: 'gcr.io/cloud-builders/gcloud'
id: 'helloFunction'
args: ['functions', 'deploy', 'hello', '--source' , 'functions/folder_a/main.py',
'--runtime' , 'python37' ,'--trigger-http']
第一步完成得很好,但这里出现了第二步错误.
Step one finishes fine but step two errors here.
$ gcloud info
Account: [projectname@appspot.gserviceaccount.com]
Project: [projectname]
Current Properties:
[core]
project: [projectname]
account: [projectname@appspot.gserviceaccount.com]
disable_usage_reporting: [True]
我尝试向IAM中的上述帐户添加以下权限:
I tried adding the following permissions to the above account in IAM:
- 云构建服务代理
- 云函数开发人员
- 云功能服务代理
- 编辑器
运行Google Build时,使用的是哪个服务帐户?如何更改权限以允许自动部署功能?
When Google Build is running, which service account is it using? How can I change the permissions to allow automatic deploying of functions?
推荐答案
- To deploy Cloud Functions, you might want to assign the Cloud Functions Developer role to the Cloud Build service account (PROJECT_NUMBER@cloudbuild.gserviceaccount.com).
- If you use the Cloud Functions Developer role, you also need to grant the Cloud Functions Runtime service account (PROJECT_ID@appspot.gserviceaccount.com) the IAM Service Account User role.
Cloud Build服务帐户为PROJECT_NUMBER@cloudbuild.gserviceaccount.com,如果您在控制台中查找,则只有一个服务帐户具有*@cloudbuild*
The Cloud Build service account is PROJECT_NUMBER@cloudbuild.gserviceaccount.com, if you look for it in the console there's only going to be one service account with *@cloudbuild*
这篇关于从Google Build部署Google Cloud功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
