0

I am facing a permission error (403) while trying to deploy a Pub/Sub Cloud Function Gen2 using GitHub Actions however its passing for gen1 . I have followed the necessary steps to set up the deployment workflow, but I keep encountering this error.

Here is some background information on my setup:

I have a Cloud Function written in java that triggers on a Pub/Sub event.

I am using GitHub Actions as my CI/CD platform.

I have set up the necessary credentials and authentication for GitHub Actions to access my Google Cloud project.

The deployment workflow seems to be working fine until it reaches the deployment step. At that point, I receive the following error message:

PermissionError: The caller does not have permission

I have verified that the service account used by GitHub Actions has the necessary IAM roles and permissions for Pub/Sub and Cloud Functions.

Here are the steps I have taken to troubleshoot the issue:

Checked the IAM roles and permissions of the service account used by GitHub Actions. It has the roles roles/pubsub.publisher and roles/cloudfunctions.admin.

Verified that the project and service account are correct in the GitHub Actions workflow configuration.

Ensured that the necessary APIs (Pub/Sub and Cloud Functions) are enabled in the Google Cloud project.

Manually tested deploying the Cloud Function using the gcloud command-line tool, which was successful.

Despite these efforts, I am still unable to deploy the Pub/Sub Cloud Function Gen2 successfully through GitHub Actions.

However when i tried to modified the command from Gen2 to Gen1 it was deploying properly with no issues

I would greatly appreciate any insights, suggestions, or possible solutions to resolve this permission error. Thank you in advance for your help

Below is Gen2 command which is failing using github action

gcloud functions deploy spannerdbbackup \
      --runtime java11 \
          --trigger-topic spanner-db-backup \
          --entry-point com.test.function.CreateSpannerBackUp \
          --source target/deployment \
          --region ${{env.REGION}} \
          --project ${{env.PROJECT_ID}} \
          --gen2 \

Below is gen1 command which is passing without any issues

gcloud functions deploy spannerdbbackup \
      --runtime java11 \
          --trigger-topic spanner-db-backup \
          --entry-point com.test.function.CreateSpannerBackUp \
          --source target/deployment \
          --region ${{env.REGION}} \
          --project ${{env.PROJECT_ID}} \
Improve this question
1

1 Answer 1

Reset to default
1

You need to update your gcloud CLI version to 436.0.0 by using this command:

gcloud components update

According to this release notes on 436.0.0 (2023-06-21):

Fixed issue where gcloud functions deploy could fail in certain cases if the caller was missing permissions to get the project IAM policy.

In case that your gcloud CLI is already updated to the latest version, I would suggest to file this one as a bug so that Google Cloud engineers could further investigate on this case.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.