Re: Cloud function not deploying because service a...

SoftcroDEv · 08-13-2024 01:58 PM

I create a google account, then create a project in the google console. create a node project local and install dependencies and also the google cloud SDK, I create a cloud function to send an email, and Im able to deploy it with this commands:

gcloud functions deploy sendEmail \
--runtime nodejs20 \
--trigger-http \
--allow-unauthenticated

once deploying ask me a couple of times if I want to enable the function build api, I say Y, and deploys

After that a default Service Account is created under IAM > Services Accounts,
When I try to deploy again, it says this error no matter what I do, I have tried disabling and enabling the service account, adding roles, deleting it and re creating it, creating an App Engine application, this is the error:

ERROR: (gcloud.functions.deploy) ResponseError: status=[400], code=[Ok], message=[Default service account 'softcro-site@appspot.gserviceaccount.com' doesn't exist. Please recreate this account or specify a different account. Please visit https://cloud.google.com/functions/docs/troubleshooting for in-depth troubleshooting documentation.]

I ended up removing the prject, and creating a new project and the same happens

What should I change in order to be able to deploy multiple times after changes in the code?

DamianS

Hello @SoftcroDEv ,Welcome on Google Cloud Community.

Did you've tried to change service account associated with Cloud Functions? If not, please create Service Account, grant IAM roles ( based on your needs, most probably Cloud Functions Service Agent) and edit Cloud Function to choose not default service account. Then, deploy new service revision of your Function.

--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

SoftcroDEv

Thank you!

After waiting a couple of hours I just hit this commands and deployment passed with not errors, not sure why:

gcloud functions deploy sendEmail \
--runtime nodejs20 \
--trigger-http \
--allow-unauthenticated \
--set-env-vars EMAIL_USER=<PII removed by staff>,EMAIL_PASS="xnpb pdsl rieg uwmu",EMAIL_RECIPIENT=<PII removed by staff> \
--project=softcro-backend

Although seems that your solution might be what I'm looking for, but Im just not sure how you get to that page. I appologize for my ignorance lol.

This is what I see in my functions page, and I don't see those options under this navigation tabs or a way of edit and change what service account runs with the function

Function detail page:

bitsflying

I also encountered the same problem. The first creation was normal, but subsequent updates always encountered the same error.

It is normal for previously created projects to be updated, but this exception occurs only for this newly created project.

Has anyone encountered the same problem? Please help me. Thank you.

frankkuipers

Hi Bitsflying,

Yes, I encountered the same problem for newly created projects. The first build goes as expected, but then it constantly tells me:

"message=[Default service account '<project-id>@appspot.gserviceaccount.com' doesn't exist. Please recreate this account or specify a different account. Please visit https://cloud.google.com/functions/docs/troubleshooting for in-depth troubleshooting documentation.]".

Still trying to find a fix.

frankkuipers

Hey all,

I found a fix. You should delete your failed cloud function, then when you redeploy everything goes as expected. I still find this error weird, maybe someone can explain why this is happening?

Cheers

bitsflying

Hi, thanks for your reply.

That's to say, we can not update function after deployed. If we want to update deployed function, must first delete the deployed function , then redeploy the updated function ?

This phenomenon is somewhat strange. Everything is normal in the old project, but when updating functions in the new project, errors will occur.
I'm not sure if it's related to project settings or payment issues.

hope google cloud function team help us. thx a lot.

DamianS

Hello @bitsflying ,Welcome on Google Cloud Community.

@bitsflying wrote:

That's to say, we can not update function after deployed. If we want to update deployed function, must first delete the deployed function , then redeploy the updated function ?

No. You can update your Cloud Function after deployment. Click "EDIT"

Edit as you want, then NEXT

And DEPLOY

spdev

Same problem here. In a new project, if I try to update a cloud function via the gcloud command line, it fails with the same error as reported above. Updating from the GUI does not seem to be a definitive solution. Hopefully Google will come up with a solution.

spdev

Hello,

I'm commenting here the solution that worked for me to deploy several times by command line. Apparently, the new projects in Google differentiate in terms of permissions two service accounts (gen1): one SA for execution of the function in runtime and another SA to be able to build the function. The SA that has the necessary permissions to be able to build is this one:

PROJECT_NUMBER-compute@developer.gserviceaccount.com

According to this, the following parameter should be included in the deploy command:

--build-service-account="projects/project-datalake-isrg-poc/serviceAccounts/{PROJECT_NUMBER}-compute@developer.gserviceaccount.com’

This way the cloud function will be deployed with the default SA for runtime executions (PROJECT_ID@appspot.gserviceaccount.com) and will use the SA compute for build (PROJECT_NUMBER-compute@developer.gserviceaccount.com).

I hope it helps someone.
Best regards.

haxrox

@spdev you saved me hours when even the LLMs could not. For anyone else whose deploy command has recently started failing, you can list all the accounts with
gcloud iam service-accounts list --format="table(email)"
find the [numbers]-compute email and append that to the deploy command with --service-account

Cloud function not deploying because service account doesn't exist, after first deploy