This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

build-service-account argument is unrecognized with gcloud functions deploy

Posted on 09-07-2024 12:18 AM
Raibek
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

I try to use custome service account for Cloud Build to deploy Google Run Function.

I followed these instructions https://cloud.google.com/functions/docs/securing/build-custom-sa

and 

https://cloud.google.com/build/docs/cloud-build-service-account-updates

  1. I set the Organisation policies as "Not enforced": constraints/cloudbuild.useBuildServiceAccount, constraints/cloudbuild.useComputeServiceAccount
  2. I set the Organisation policies as "Enforced": 
    constraints/cloudbuild.disableCreateDefaultServiceAccount
  3. I created a new service acoount for Cloud Build with the roles: logging.logWriter, artifactregistryWriter, storage.objectAdmin

In my local Cloud Tools for Power Shell I run the command:

gcloud functions deploy function-inventory-post --gen2 --region=us-central1 --runtime=python312 --source=. --entry-point=post_inventory --build-service-account=projects/daritap-development/serviceAccounts/custom-for-cloud-build@daritap-development.iam.gserviceaccount.com --trigger-http

It ends up with the error:

ERROR: (gcloud.functions.deploy) unrecognized arguments: --build-service-account=projects/daritap-development/serviceAccounts/custom-for-cloud-build@daritap-development.iam.gserviceaccount.com (did you mean '--run-service-account'?)

1 4 624
Topic Labels
4 REPLIES 4

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hello @Raibek  ,Welcome on Google Cloud Community.

I have question. Is this Cloud Function already deployed an you are trying to update it with new SA, or you are creating Function from scratch ?

--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost Sessionize Youtube

0 Likes

Posted on --/--/---- --:-- AM
Raibek
Bronze 3
Bronze 3
In response to DamianS
Reply posted on --/--/---- --:-- AM

Hello, @DamianS ! Thanks!

I tried the both options many times tweaking the command but mostly I created Function from scratch.

I mean first I deleted the Function if it existed and tried again.

Posted on --/--/---- --:-- AM
Tuan
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm facing the same issue when creating new cloud function using gcloud functions deploy

0 Likes

Posted on --/--/---- --:-- AM
Raibek
Bronze 3
Bronze 3
In response to Tuan
Reply posted on --/--/---- --:-- AM

Eventually, I just

  1.  re-enforced the Organization policy constraints/cloudbuild.useBuildServiceAccount and
  2. set as non-enforced constraints/cloudbuild.disableCreateDefaultServiceAccount

So, I use the legacy Cloud Build service account for deployment instead of the recommended way of creating your own service account for this activity.

0 Likes