错误: (gcloud.beta.functions.deploy) ... message=[调用者没有权限] [英] ERROR: (gcloud.beta.functions.deploy) ... message=[The caller does not have permission]

问题描述

我正在尝试从这个 repo 部署代码:

I am trying to deploy code from this repo:

https://github.com/anishkny/puppeteer-on-cloud-functions

在 Google Cloud Build 中.我的 cloudbuild.yaml 文件内容是:

in Google Cloud Build. My cloudbuild.yaml file contents are:

steps:
- name: 'gcr.io/cloud-builders/gcloud'
  args: ['beta', 'functions', 'deploy', 'screenshot', '--trigger-http', '--runtime', 'nodejs8', '--memory', '1024MB']

我已为我的 Cloud Build Service 帐户 (****@cloudbuild.gserviceaccount.com) 指定了以下角色:

I have given the following roles to my Cloud Build Service account (****@cloudbuild.gserviceaccount.com):

• Cloud Build 服务帐号
• 云函数开发人员

然而，在我的 Cloud Build 日志中，我看到以下错误:

Yet, in my Cloud Build log I see the following error:

starting build "1f04522c-fe60-4a25-a4a8-d70e496e2821"

FETCHSOURCE
Fetching storage object: gs://628906418368.cloudbuild-source.googleusercontent.com/94762cc396ed1bb46e8c5dbfa3fa42550140c2eb-b3cfa476-cb21-45ba-849c-c28423982a0f.tar.gz#1534532794239047
Copying gs://628906418368.cloudbuild-source.googleusercontent.com/94762cc396ed1bb46e8c5dbfa3fa42550140c2eb-b3cfa476-cb21-45ba-849c-c28423982a0f.tar.gz#1534532794239047...
/ [0 files][    0.0 B/  835.0 B]                                                
/ [1 files][  835.0 B/  835.0 B]                                                
Operation completed over 1 objects/835.0 B.                                      
tar: Substituting `.' for empty member name
BUILD
Already have image (with digest): gcr.io/cloud-builders/gcloud
ERROR: (gcloud.beta.functions.deploy) ResponseError: status=[403], code=[Forbidden], message=[The caller does not have permission]
ERROR
ERROR: build step 0 "gcr.io/cloud-builders/gcloud" failed: exit status 1

我错过了什么?

推荐答案

根据Cloud Build 文档，对于 Cloud Functions，您必须将项目编辑器"角色授予您的服务帐户.

According to Cloud Build documentation, for Cloud Functions you have to grant the "Project Editor" role to your service account.

但是，Cloud Functions 文档 声明可以替代使用项目编辑角色，您可以使用Cloud Functions 开发人员角色 [但您必须] 确保您已授予服务帐户用户角色".关于服务帐户，它表示具有您的项目的 CloudFunctions.ServiceAgent 角色"和具有触发源的权限，例如 Pub/Sub 或触发您的功能的 Cloud Storage 存储桶".

But, Cloud Functions documentation states that alternatively to using the Project Editor role, you can use "the Cloud Functions Developer role [but you have to] ensure that you have granted the Service Account User role". Regarding Service Accounts, it indicates to have "the CloudFunctions.ServiceAgent role on your project" and to "have permissions for trigger sources, such as Pub/Sub or the Cloud Storage bucket triggering your function".

由于这些考虑，我的理解是文档省略了指定您的服务帐户需要的所有角色，并直接指示授予项目编辑角色.

Due to those considerations, my understanding is that the documentation omitted to specify all the roles your service account would need and went directly to indicate to grant the Project Editor role.

这篇关于错误: (gcloud.beta.functions.deploy) ... message=[调用者没有权限]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！