ERROR: (gcloud.beta.functions.deploy) … message=[The caller does not have permission]

Question

I am trying to deploy code from this repo:

https://github.com/anishkny/puppeteer-on-cloud-functions

in Google Cloud Build. My cloudbuild.yaml file contents a

Answer 1

It would appear that the permissions changed when (perhaps) Cloud Functions went GA. Another customer raised this issue today and I recalled your question.

The Cloud Build robot (${NUM}@cloudbuild.gserviceaccount.com) additionally needs to be a serviceAccountUser of the ${PROJECT-ID}@appspot.gserviceaccount.com account:

NB While the Cloud Build robot local part is the project number (${NUM}), the appspot robot local part is the project ID (${PROJECT})

Please try:

PROJECT=[[YOUR-PROJECT-ID]]

NUM=$(gcloud projects describe $PROJECT --format='value(projectNumber)')

gcloud iam service-accounts add-iam-policy-binding \
${PROJECT}@appspot.gserviceaccount.com \
--member=serviceAccount:${NUM}@cloudbuild.gserviceaccount.com \
--role=roles/iam.serviceAccountUser \
--project=${PROJECT}

Let me know!