I have been continually deploying, deleting, and re-deploying a GCP Cloud function. This function is really complicated to set up in the browser. It takes 5 secrets, and runs through a service account (It's crucial that this function is only allowed to be run with this 1 particular service account). I also limited the maxInstances to 10. Since this takes so long to continuously re-deploy from the browser, is there a way to set this up through the command line with a gcloud command? Or maybe a Docker command or something like that?
This is the output of gcloud functions describe <MY GCP CLOUD FUNCTION NAME>:
availableMemoryMb: 256
buildId: <BUILD ID HERE (LOOKS LIKE A GUID)>
buildName: projects/<PROJECT ID HERE>/locations/us-central1/builds/<BUILD ID HERE>
dockerRegistry: CONTAINER_REGISTRY
entryPoint: <ENTRY POINT FUNCTION NAME HERE>
httpsTrigger:
securityLevel: SECURE_ALWAYS
url: https://us-central1-<PROJECT ID NAME HERE>.cloudfunctions.net/<CLOUD FUNCTION NAME HERE>
ingressSettings: ALLOW_ALL
labels:
deployment-tool: console-cloud
maxInstances: 10
name: projects/<PROJECT ID NAME HERE>/locations/us-central1/functions/<CLOUD FUNCTION NAME HERE>
runtime: python39
secretEnvironmentVariables:
- key: CONSUMER_KEY
projectId: '<PROJECT ID HERE>'
secret: <CONSUMER_KEY SECRET NAME HERE>
version: '1'
- key: CONSUMER_SECRET
projectId: '<PROJECT ID HERE>'
secret: <CONSUMER_SECRET SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_PART_ONE
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_PART_ONE SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_PART_TWO
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_PART_TWO SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_SECRET
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_SECRET SECRET NAME HERE>
version: '1'
serviceAccountEmail: <SERVICE ACCOUNT NAME HERE>@<PROJECT ID NAME HERE>.iam.gserviceaccount.com
sourceUploadUrl: https://storage.googleapis.com/uploads-<RANDOM LOOKING NUMBER THAT I DON'T RECOGNIZE>.us-central1.cloudfunctions.appspot.com/<RANDOM GUID LOOKING VALUE THAT I DON'T RECOGNIZE>.zip
status: ACTIVE
timeout: 60s
updateTime: '<TIMECODE HERE>'
versionId: '1'
I tried to create a deploy command for a basic python function in a main.py file that simply prints Hello World to the terminal.
gcloud functions --account=<SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com deploy <NEW FUNCTION NAME> \
--memory=256MB \
--runtime=python39 \
--trigger-http \
--security-level=secure-always \
--entry-point=hello_world \
--max-instances=10 \
--service-account=<SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com \
--source=/path/to/main/py/file/dir
And I got this error: ERROR: (gcloud.functions.deploy) PERMISSION_DENIED: Permission 'cloudfunctions.functions.sourceCodeSet' denied on resource 'projects/<MY PROJECT NAME>/locations/us-central1' (or resource may not exist).
Btw I already tried setting Cloud Build Settings > Cloud Functions > Cloud Functions Developer to enabled. It still gives me the same error...
What am I doing wrong? How can I get the function to deploy?
CodePudding user response:
This worked:
gcloud functions deploy <NEW FUNCTION NAME> --memory 256MB --runtime python39 --trigger-http --project <MY PROJECT ID HERE> --set-secrets=SECRET_1=secret_1_name:latest,SECRET_2=secret_2_name:latest,SECRET_3=secret_3_name:latest,SECRET_4=secret_4_name:latest,SECRET_5=secret_5_name:latest --security-level secure-always --entry-point <ENTRY FUNCTION NAME> --max-instances 10 --service-account <SERVICE ACCOUNT NAME HERE>@<PROJECT ID HERE>.iam.gserviceaccount.com --source path/to/dir/with/main/py/
P.S. don't forget to put your requirements.txt in the same folder as your main.py
CodePudding user response:
According to the error message, you'd have to assign role roles/cloudfunctions.developer, which provides permission cloudfunctions.functions.sourceCodeSet.