gcloud google-cloud-functions service-accounts

service account roles to deploy google cloud function

I'm trying to use gcloud beta functions deploy from CI using a service account, but get an error:

(gcloud.beta.functions.deploy) ResponseError: status=[403], code=[Forbidden], message=[The caller does not have permission]

I can't find any roles in the IAM web console that look appropriate. Which one do I use?

Solution

To deploy function user should have role roles/cloudfunctions.developer

I found this by changing role in UI. I couldn't find any official google documentation. This role is also mentioned in this article https://medium.com/google-cloud/triggering-cloud-functions-deployments-97691f9b5416

Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error
How to list all enabled API services for Google Cloud Platform project
suppress bindings output from gcloud projects add-iam-policy-binding command
A list of values (multiple values) with gcloud (GCP)
How to connect VSCode to GCP instances
"gcloud run deploy" vs "gcloud run services update"
gcloud command not found - while installing Google Cloud SDK
gcloud \ kubectl authentication problem: forget service account
Is there any way to catch errors in Google Cloud Build?
How to fix requested URL was not found? - Angular 15 gcloud routing
What permission is required for a service account to deploy to Google App Engine using gcloud?
Organisational Policy Permissions Google Cloud for Microsoft Migration
gcloud Firestore import: PERMISSION_DENIED
Error Deploying Google Cloud Function with Firestore Trigger Using Eventarc in gcloud
Python equivalent for gcloud auth print-identity-token command
How to delete a service from all regions with gcloud run delete in cloudbuild.yaml
How do I get the organization ID of my current project in Google Cloud Platform?
gcloud run jobs deploy is crashing w/ can only concatenate str (not "tuple") to str?
Error on gcloud artifact registry: INVALID_ARGUMENT: Maven config is not supported for format "DOCKER"
Create compute engine from instance-template using gcloud CLI
Make Cloud Run service and android App connect to the same Firestore db
gcloud delete container image routed to artifact registry
Cloud Scheduler giving "INVALID_ARGUMENT" error to deploy Dataflow job (using flex template)
gcloud build requires "serviceusage.services.use", but i already have owner role
gcloud components update permission denied
gcloud SSH in same terminal window
Show GCloud Billing in Grafana
INVALID_ARGUMENT error while updating gcloud container cluster
Deploy GCP App Engine wtih GitHub Actions using (Preferred) Direct Workload Identity Federation
The command `gcloud container clusters get-credentials ` will not create a kubeconfig