google-cloud-platform - 如何使用 Deployment Manager 将 IAM 策略设置为 Cloud Function

标签 google-cloud-platform google-cloud-functions google-deployment-manager

我想通过 Deployment Manager 部署具有特定 IAM 策略的 Cloud Functions。我的deployment.yml:

resources:
  - type: gcp-types/cloudfunctions-v1:projects.locations.functions
    name: test-function
    properties:
      parent: projects/test-project/locations/europe-west3
      function: test-function
      entryPoint: functions.KotlinHelloWorld
      timeout: 30s
      availableMemoryMb: 256
      runtime: java11
      location: europe-west3
      sourceArchiveUrl: gs://source-bucket/kotlin-function.zip
      httpsTrigger:
        url: https://europe-west3-test-project.cloudfunctions.net/test-function
      environmentVariables:
        BUCKET: function-results
        RESULT_FILE: dates.txt
    accessControl:
      gcpIamPolicy:
        bindings:
          - role: roles/cloudfunctions.invoker
            members:
              - allUsers

它在没有 accessControl block 的情况下工作。但是在上面的情况下我得到一个错误:

user@pc-003:~/Develop/kotlin-function$ gcloud deployment-manager deployments update learning --config deployment.yml
The fingerprint of the deployment is 6MAQlDoq73-O_QDwSCD7uA==
Waiting for update [operation-1593088111352-5a8e7baf9192b-7d149199-82e96170]...failed.                                                                                                                                                 
ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation [operation-1593088111352-5a8e7baf9192b-7d149199-82e96170]: errors:
- code: RESOURCE_ERROR
  location: /deployments/learning/resources/test-function
  message: '{"ResourceType":"gcp-types/cloudfunctions-v1:projects.locations.functions","ResourceErrorCode":"404","ResourceErrorMessage":{"statusMessage":"Not
    Found","requestPath":"https://cloudfunctions.googleapis.com/v1/:setIamPolicy","httpMethod":"POST"}}'

最佳答案

这是部署管理器和云函数 API 的问题。您可以在这里阅读更多相关信息:https://github.com/GoogleCloudPlatform/deploymentmanager-samples/issues/494

作为解决方法,您可以将 IAM 策略定义为单独的资源:

  - name: [BINDING_NAME]
    type: gcp-types/cloudfunctions-v1:virtual.projects.locations.functions.iamMemberBinding
    properties:
      resource: projects/[PROJECT_NAME]/locations/[LOCATION]/functions/[FUNCTION_NAME]
      role: roles/cloudfunctions.invoker
      member: allUsers

为此,您需要授予 Google API 服务代理 编辑 IAM 策略的权限。 Cloud Functions Admin 是在这种情况下拥有所有必需权限的角色

关于google-cloud-platform - 如何使用 Deployment Manager 将 IAM 策略设置为 Cloud Function,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62576013/

上一篇:javascript - 谷歌云抛出错误 : Could not load the default credentials in Nodejs

下一篇:reactjs - 如果在内容之外单击,则 React Modal 关闭

相关文章:

google-cloud-platform - 谷歌云语音api返回空结果

go - pubsub.NewClient 方法卡在 GKE golang 上

google-cloud-platform - 如何将外部 IP 转移到其他谷歌云帐户?

ios - 当键为特定值时运行 firebase 云函数

google-cloud-platform - 在 GCP Deployment Manager 配置中使用 Stackdriver 资源组的 ID

hadoop - 将配置单元表迁移到 Google BigQuery

node.js - Firebase CLI 部署错误 : "Deploys to runtimes below Node.js 10 are now disabled in the Firebase CLI."

node.js - Cron 作业在 firebase 函数中不起作用

google-cloud-platform - 通过 deploymentmanager 创建 GCP 项目

google-cloud-platform - 使用部署管理器创建云运行服务返回 "Requested entity was not found."错误

©2024 IT工具网  联系我们