Home > Mobile >  How Can I Deploy A GCP Function from The Command Line WITH Multiple Secrets AND Only Runable Through
How Can I Deploy A GCP Function from The Command Line WITH Multiple Secrets AND Only Runable Through

Time:05-22

I have been continually deploying, deleting, and re-deploying a GCP Cloud function. This function is really complicated to set up in the browser. It takes 5 secrets, and runs through a service account (It's crucial that this function is only allowed to be run with this 1 particular service account). I also limited the maxInstances to 10. Since this takes so long to continuously re-deploy from the browser, is there a way to set this up through the command line with a gcloud command? Or maybe a Docker command or something like that?

This is the output of gcloud functions describe <MY GCP CLOUD FUNCTION NAME>:

availableMemoryMb: 256
buildId: <BUILD ID HERE (LOOKS LIKE A GUID)>
buildName: projects/<PROJECT ID HERE>/locations/us-central1/builds/<BUILD ID HERE>
dockerRegistry: CONTAINER_REGISTRY
entryPoint: <ENTRY POINT FUNCTION NAME HERE>
httpsTrigger:
  securityLevel: SECURE_ALWAYS
  url: https://us-central1-<PROJECT ID NAME HERE>.cloudfunctions.net/<CLOUD FUNCTION NAME HERE>
ingressSettings: ALLOW_ALL
labels:
  deployment-tool: console-cloud
maxInstances: 10
name: projects/<PROJECT ID NAME HERE>/locations/us-central1/functions/<CLOUD FUNCTION NAME HERE>
runtime: python39
secretEnvironmentVariables:
- key: CONSUMER_KEY
  projectId: '<PROJECT ID HERE>'
  secret: <CONSUMER_KEY SECRET NAME HERE>
  version: '1'
- key: CONSUMER_SECRET
  projectId: '<PROJECT ID HERE>'
  secret: <CONSUMER_SECRET SECRET NAME HERE>
  version: '1'
- key: ACCESS_TOKEN_PART_ONE
  projectId: '<PROJECT ID HERE>'
  secret: <ACCESS_TOKEN_PART_ONE SECRET NAME HERE>
  version: '1'
- key: ACCESS_TOKEN_PART_TWO
  projectId: '<PROJECT ID HERE>'
  secret: <ACCESS_TOKEN_PART_TWO SECRET NAME HERE>
  version: '1'
- key: ACCESS_TOKEN_SECRET
  projectId: '<PROJECT ID HERE>'
  secret: <ACCESS_TOKEN_SECRET SECRET NAME HERE>
  version: '1'
serviceAccountEmail: <SERVICE ACCOUNT NAME HERE>@<PROJECT ID NAME HERE>.iam.gserviceaccount.com
sourceUploadUrl: https://storage.googleapis.com/uploads-<RANDOM LOOKING NUMBER THAT I DON'T RECOGNIZE>.us-central1.cloudfunctions.appspot.com/<RANDOM GUID LOOKING VALUE THAT I DON'T RECOGNIZE>.zip
status: ACTIVE
timeout: 60s
updateTime: '<TIMECODE HERE>'
versionId: '1'

I tried to create a deploy command for a basic python function in a main.py file that simply prints Hello World to the terminal.

gcloud functions --account=<SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com deploy <NEW FUNCTION NAME> \
    --memory=256MB \
    --runtime=python39 \
    --trigger-http \
    --security-level=secure-always \
    --entry-point=hello_world \
    --max-instances=10 \
    --service-account=<SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com \
    --source=/path/to/main/py/file/dir

And I got this error: ERROR: (gcloud.functions.deploy) PERMISSION_DENIED: Permission 'cloudfunctions.functions.sourceCodeSet' denied on resource 'projects/<MY PROJECT NAME>/locations/us-central1' (or resource may not exist).

Btw I already tried setting Cloud Build Settings > Cloud Functions > Cloud Functions Developer to enabled. It still gives me the same error...

What am I doing wrong? How can I get the function to deploy?

CodePudding user response:

This worked:

gcloud functions deploy <NEW FUNCTION NAME> --memory 256MB --runtime python39 --trigger-http --project <MY PROJECT ID HERE> --set-secrets=SECRET_1=secret_1_name:latest,SECRET_2=secret_2_name:latest,SECRET_3=secret_3_name:latest,SECRET_4=secret_4_name:latest,SECRET_5=secret_5_name:latest --security-level secure-always --entry-point <ENTRY FUNCTION NAME> --max-instances 10 --service-account <SERVICE ACCOUNT NAME HERE>@<PROJECT ID HERE>.iam.gserviceaccount.com --source path/to/dir/with/main/py/

P.S. don't forget to put your requirements.txt in the same folder as your main.py

CodePudding user response:

According to the error message, you'd have to assign role roles/cloudfunctions.developer, which provides permission cloudfunctions.functions.sourceCodeSet.

  • Related