"Unsupported service account" errors from gcloud when deploying --gen2 functions with --build-service-account
gcloud --version
Google Cloud SDK 488.0.0
alpha 2024.08.09
beta 2024.08.09
bq 2.1.8
core 2024.08.09
gcloud-crc32c 1.0.0
gsutil 5.30
istioctl 1.20.47
I'm at a loss for how to execute the gcloud functions deploy --gen2 command. I can deploy gen1, but gen2 throws indecipherable service account errors.
First going right from the docs: https://cloud.google.com/functions/docs/deploy#basics
gcloud functions deploy sdfsdfsd \
--gen2 \
--project="sdfsdf" \
--region="us-central1" \
--entry-point=my_func \
--no-allow-unauthenticated \
--runtime=python312 \
--build-service-account="my-cloud-build-acct@my-project-id.iam.gserviceaccount.com" \
--trigger-http
I get ERROR: (gcloud.functions.deploy) OperationError: code=3, message=Deployment failed: ["params.service_account: must be empty or a service account of format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}"]. Check your build configuration. Already makes no sense because I'm not setting the service account.
Then I set the account with: --service-account="myacct@my-project-id.iam.gserviceaccount.com" and I get ERROR: (gcloud.functions.deploy) Deployment failed: ["params.service_account: must be empty or a service account of format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}"]. Check your build configuration..
I can't find any examples of the gcloud cli using this format, but when I try it I get this error: ERROR: (gcloud.functions.deploy) ResponseError: status=[400], code=[Ok], message=[Could not create Cloud Run service sdfsdfsd. serviceAccountName: Unsupported service account: projects/my-project-id/serviceAccounts/myacct@my-project-id.iam.gserviceaccount.com]
I gave the myacct@my-project-id.iam.gserviceaccount.com account the following roles:
What do I have to do to get this command to work?
I can deploy gen2 functions through the UI with this service account without issues.
The answer had nothing to do with the --service-account param even though whenever I modified its format I got DIFFERENT ERRORS!
I left this off initially (edited my post to include it), but I'm using a custom build service account (default is disabled now for security reasons).
It seems this is the correct series of switches:
--build-service-account="projects/{PROJECT_ID}/serviceAccounts/{CLOUD_BUILD_GSA}" \
--service-account="{RUNTIME_GSA}" \
It does mention this format in the docs: https://cloud.google.com/sdk/gcloud/reference/functions/deploy#--build-service-account
But the fact that the errors changed in response to modifying the other switch was very confusing. I would open a bug report, but not sure how it would be worded. params.service_account should have been params.build_service_account in the errors.
- Google Cloud Platform: SSH to Google cloud instance will have "Permission denied (publickey)"
- Unable to assign iam.serviceAccounts.signBlob permission
- how to disable soft delete from a GCS bucket
- GCP load balancer 502 server error and "backend_connection_closed_before_data_sent_to_client" IIS 10
- Duplicate events in Eventarc triggered Google Cloud Run service
- Extract a string value from a JSON field in GCP log analytics
- GitLab LDAP Authentication Issues (SSL_connect, user auth)
- I got this error when i try to SignIN[GSI_LOGGER-TOKEN_CLIENT]: The OAuth token was not passed to gapi.client - Flutter,GoogleSignIn
- How to Setup Different Maintenance windows for Node Pools Within the Same GKE
- Understanding customer and service producer VPC networks in Private Service Access
- Why is BigQuery so slow on non-large data sizes?
- Is it possible to identify who triggered a GCB build?
- GCP - How do you create a URL Redirect path rule with gcloud url-maps?
- "Unsupported service account" errors from gcloud when deploying --gen2 functions with --build-service-account
- How to decode Google CloudEvent data?
- How to connect to GCP VM instance with password using SSH?
- testing google sheet editor addon fails with error 403
- Google Cloud SQL connection to flutter
- New Trace and Span Generated even after using TraceId and SpanID from Remote Context
- I can't get Future to complete with a value
- Connecting to Endpoint API on Android Client
- Post Count not updating in firebase react
- Previously successful Cloud Run Service & Job deploy process with resource level IAM grants not working anymore for certain projects
- "Deadline" error when embedding video with Google Vertex AI multimodal embedding modal
- Firebase function deployment timing out
- Deploying to GCP App Engine from terminal produces contradictory error messages
- Stripe Error: No signatures found matching the expected signature for payload
- Firestore .where + Filter.and queries not working
- How to use Google Cloud Firestore local emulator for python and for testing purpose
- How to serialize a ComputeRoutesResponse