I'm trying to deploy a Cloud Function named generate_image with gcloud functions deploy. Here is the command I am trying:
gcloud functions deploy generate_image \
--gen2 \
--runtime=python310 \
--region=europe-west3 \
--source=. \
--entry-point=generate_image \
--trigger-http \
--allow-unauthenticated
However, I'm encountering the following error:
ERROR: (gcloud.functions.deploy) ResponseError: status=[400], code=[Ok], message=[One or more users named in the policy do not belong to a permitted customer, perhaps due to an organization policy.]
I understand this error indicates an organization policy restricting identities allowed to deploy functions. I've checked my IAM permissions and confirmed I have the necessary roles (I am owner on my project). However, the issue persists.
Can anyone provide insights on how to resolve this error and successfully deploy my Cloud Function?
This might be due to organization policy iam.allowedPolicyMemberDomains. You try to set --allow-unauthenticated which might be limited by this policy:
Some Google Cloud products such as BigQuery, Cloud Functions, Cloud Run, Cloud Storage, and Pub/Sub support public data sharing. Enforcing the domain restricted sharing constraint in an organization policy will prevent public data sharing.
To publicly share data, disable the domain restricted sharing constraint temporarily for the Project resource where the data you want to share resides. After you share the resource publicly, you can then re-enable the domain restricted sharing constraint.
This policy not only restricts who can deploy Cloud Functions but also who can access it and you are trying to make it publicly available which is prohibited by this organization policy.