3

I've been using GCP for some time.

I created a new GCP Project to test new functions, and enabled the Runtime API.

However, clicking Deploy pops up this message: "User does not have the 'iam.serviceAccounts.actAs' permission on webcalc-taskc2@appspot.gserviceaccount.com required to create the function. You can fix this by running gcloud iam service-accounts add-iam-policy-binding webcalc-taskc2@appspot.gserviceaccount.com --member=user: --role=roles/iam.serviceAccountUser"

I entered this into Shell, replacing with my Owner email for GCP. Still no luck ;(

1 Answers1

1

You have to add permissions that can use service account to your account.

According to Google document, A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs.

Seems that "webcalc-taskc2@appspot.gserviceaccount.com" is your service account runs cloud function.

The pop up message you received said that a user account running cloud function does not have 'iam.serviceAccounts.actAs' permission on that service account.

So you have to entered command in the message with replaced --member=user to --member=user:Your account email.

You can check your cloud function service account at details -> General information tab.

enter image description here

SeungwooLee
  • 959
  • 3
  • 12
  • Ty for contributing! Can you possibly link more or tell me step by step how to add all the appropriate permissions to my service account please? I don't think I can access Details > General Information as I am yet to create a function in this project –  Dec 21 '20 at 00:20
  • 1
    My bad, I misunderstanding your question. Did you mean you replaced --member=user to your owner e-mail? If yes, It should have worked. Refer to https://cloud.google.com/functions/docs/troubleshooting#role-actAs to get detailed informations. I edited my answers. – SeungwooLee Dec 21 '20 at 00:39
  • I replace the gap after "member-user=" with my Owner email address –  Dec 21 '20 at 00:55
  • 1
    You should have to replaced "member=user:YOUR_ACCOUNT", not "member-user=YOUR_ACCOUNT" Same problem occurred after correction? – SeungwooLee Dec 21 '20 at 01:01