This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Deployment issues for Google cloud functions

Posted on 12-07-2024 03:28 AM
Filip123
New Member
Reply posted on --/--/---- --:-- AM

Hi when I try to deploy my cloud function I get: 

IAM
cloudfunctions.googleapis.com
…s.v2.FunctionService.UpdateFunction
…ations/europe-west1/functions/function-1
filip@emploify.se

Could not build the function due to missing permissions. generic::permission_denied: Caller does not have required permission to use project emploify-592e2. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=emploify-592e2 and then retry. Propagation of the new permission may take a few minutes.

 

These are all of the roles: 

590666902450-compute@developer.gserviceaccount.com Default compute service account
  • Editor
  • Service Usage Consumer
  • 9054/9054 excess permissions
  •  
  
 
    emploify-592e2@appspot.gserviceaccount.com App Engine default service account
  • Editor
  • Service Usage Consumer
  • 9054/9054 excess permissions
  •  
  
 
    <PII removed by staff>  
  • Owner
  • Service Usage Consumer
  •  
  •  
  
 
    <PII removed by staff> Filip Hessle
  • Cloud Build Editor
  • Cloud Deploy Admin
  • Deployment Manager Editor
  • Owner
  • Service Usage Consumer
  •  
  •  
  •  
  •  
  •  
  
 
    firebase-adminsdk-1b9s8@emploify-592e2.iam.gserviceaccount.com firebase-adminsdk
  • Cloud Functions Admin
  • Firebase Admin SDK Administrator Service Agent
  • Firebase Authentication Admin
  • Firebase Remote Config Admin
  • Service Account Token Creator
  • Service Usage Consumer
  • Storage Admin
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  
 
    firebase-service-account@firebase-sa-management.iam.gserviceaccount.com  
  • Firebase Service Management Service Agent
  • Service Usage Consumer
  •  
  •  
  
 
    firebase@flutterflow.io  
  • Cloud Functions Admin
  • Editor
  • Service Account User
  • Service Usage Consumer
  •  
  • 9020/9056 excess permissions
  •  
  •  
  
 
    rowy-backend@emploify-592e2.iam.gserviceaccount.com Rowy Backend
  • Actions Admin
  • Artifact Registry Administrator
  • Cloud Build Service Account
  • Cloud Datastore User
  • Cloud Functions Admin
  • Cloud Run Builder
  • Firebase Authentication Admin
  • Logs Viewer
  • Logs Writer
  • Secret Manager Admin
  • Service Account User
  • Service Usage Consumer
  • Storage Object Admin
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  
 
    rowy-functions@emploify-592e2.iam.gserviceaccount.com Rowy Functions
  • BigQuery Admin
  • Cloud Datastore User
  • Firebase Cloud Messaging API Admin
  • Logs Writer
  • Secret Manager Secret Accessor
  • Service Usage Consumer
  • Storage Object Admin
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  
 
    rowy-hooks@emploify-592e2.iam.gserviceaccount.com Rowy Hooks
  • Cloud Datastore User
  • Firebase Authentication Admin
  • Logs Writer
  • Secret Manager Secret Accessor
  • Service Usage Consumer
  • Storage Object Admin
  •  
  •  
  •  
  •  
  •  
  •  
  
 
    rowy-service@emploify-592e2.iam.gserviceaccount.com Rowy Service Account
  • App Engine Admin
  • App Engine Creator
  • Cloud Build Editor
  • Cloud Datastore User
  • Cloud Functions Developer
  • Cloud Run Admin
  • Cloud Scheduler Admin
  • Cloud Storage for Firebase Admin
  • Eventarc Admin
  • Firebase Admin
  • Firebase Authentication Admin
  • Firebase Rules Admin
  • Project IAM Admin
  • Pub/Sub Admin
  • Secret Manager Admin
  • Service Account Admin
  • Service Account Token Creator
  • Service Account User
  • Service Directory Admin
  • Service Usage Admin
  • Service Usage Consumer
  • Storage Admin
  • Storage Object Admin
0 1 779
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
KyleMari
Staff
Reply posted on --/--/---- --:-- AM

Hi @Filip123,

Welcome to the Google Cloud community!

Most of the principals listed down in the IAM table have "Owner", "Editor" or "Cloud Function Admin" roles alongside the "Service Usage Consumer" role that was asked of you to grant to resolve the issue. The root cause of this seems odd as Cloud Run functions don't usually require the said role by default (see IAM roles for Cloud Run functions), so it may depend on how your function code does its intended work and the exact APIs it's trying to use during runtime. 

Depending on which exact principal is affected during your deployment (whether it's a real user account or a service account), and from what environment you're attempting to deploy your function, could you try to perform a login command like:

 

gcloud auth login user@domain.com

 

Where "user@domain.com" can be substituted by the exact email account you authenticated to use GCloud CLI operations.

If you're interacting with GCloud SDK through your code, you can use this command:

 

gcloud auth application-default login

 

This will see to it that your account is remaining logged in and Google Cloud still recognizes the authenticated account during the function deployment.

If you're using a Firebase CLI tool (as I've noticed that you have a Firebase Admin SDK service account), make sure to keep the CLI version up-to-date.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes