"Unsupported service account" errors from gcloud when deploying --gen2 functions with --build-service-account
gcloud --version
Google Cloud SDK 488.0.0
alpha 2024.08.09
beta 2024.08.09
bq 2.1.8
core 2024.08.09
gcloud-crc32c 1.0.0
gsutil 5.30
istioctl 1.20.47
I'm at a loss for how to execute the gcloud functions deploy --gen2 command. I can deploy gen1, but gen2 throws indecipherable service account errors.
First going right from the docs: https://cloud.google.com/functions/docs/deploy#basics
gcloud functions deploy sdfsdfsd \
--gen2 \
--project="sdfsdf" \
--region="us-central1" \
--entry-point=my_func \
--no-allow-unauthenticated \
--runtime=python312 \
--build-service-account="my-cloud-build-acct@my-project-id.iam.gserviceaccount.com" \
--trigger-http
I get ERROR: (gcloud.functions.deploy) OperationError: code=3, message=Deployment failed: ["params.service_account: must be empty or a service account of format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}"]. Check your build configuration. Already makes no sense because I'm not setting the service account.
Then I set the account with: --service-account="myacct@my-project-id.iam.gserviceaccount.com" and I get ERROR: (gcloud.functions.deploy) Deployment failed: ["params.service_account: must be empty or a service account of format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}"]. Check your build configuration..
I can't find any examples of the gcloud cli using this format, but when I try it I get this error: ERROR: (gcloud.functions.deploy) ResponseError: status=[400], code=[Ok], message=[Could not create Cloud Run service sdfsdfsd. serviceAccountName: Unsupported service account: projects/my-project-id/serviceAccounts/myacct@my-project-id.iam.gserviceaccount.com]
I gave the myacct@my-project-id.iam.gserviceaccount.com account the following roles:
What do I have to do to get this command to work?
I can deploy gen2 functions through the UI with this service account without issues.
The answer had nothing to do with the --service-account param even though whenever I modified its format I got DIFFERENT ERRORS!
I left this off initially (edited my post to include it), but I'm using a custom build service account (default is disabled now for security reasons).
It seems this is the correct series of switches:
--build-service-account="projects/{PROJECT_ID}/serviceAccounts/{CLOUD_BUILD_GSA}" \
--service-account="{RUNTIME_GSA}" \
It does mention this format in the docs: https://cloud.google.com/sdk/gcloud/reference/functions/deploy#--build-service-account
But the fact that the errors changed in response to modifying the other switch was very confusing. I would open a bug report, but not sure how it would be worded. params.service_account should have been params.build_service_account in the errors.
- Error: 10: Developer console is not set up correctly (Not Using Firebase) (One Tap sign-up)
- How to drop multiple tables in Big query using Wildcards TABLE_DATE_RANGE()?
- A proper and secure way to do Cloud function authorization with access token from external server
- How to list all projects in GCP that belongs to a specific organization
- Constantly getting DEVELOPER_ERROR in Android Simulator using Firebase Authentication
- Google OAuth 2.0 authentication not working in React app: what am I doing wrong?
- How to SSH to docker container in kubernetes cluster?
- How to use google cloud load balance with cloudflare DNS proxy
- How to write data from apache beam using gcp dataflow to bigquery table?
- How does Firestore calculate read count for same queries with different limits?
- Firebase onAuthStateChanged user returns null when on localhost
- How do I list all resources in a particular google cloud project?
- What am I doing wrong to get this error for Google Vision API
- How do I propagate resource labels to my GKE application's GCE disks backing its PVCs?
- How to set environment variables in a Google Cloud VM (Ubuntu) for Django project without exposing sensitive information?
- How to avoid TypeError when using Python ApacheBeam for DataFlow?
- Why would Mysql return "error Column cannot be null"?
- Firebase login with GCP service account
- Listening to realtime changes to objects stored in a Firestore Document
- Installing Google Cloud SDK using Windows SSL error
- Serverless VPC access connector is in a bad shape
- Google Chat API Permission Issues
- skip header while reading a CSV file in Apache Beam
- firebase client cannot connect to correct firebase database
- Cloud Build private DNS GCP
- Google Firebase: How do I "work around" an invalid "issuer" value in my client's OIDC discovery document?
- Configure a principal that can only approve and revoke grant requests in GCP PAM
- GCP authentication fails in GitHub actions - IaC with Terraform
- Creating two Google Cloud VPCs in different regions using the same Terraform main.tf file
- google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)