A

5

8

I'm trying to deploy a function to Google Function running as a different service account other than the default "PROJECT_ID"@appspot.gserviceaccount.com.

Is this even possible?

What I've tried until now is:

Auth as the service account and run the deploy command
Auth as the service account and run the deploy command using "--account"

The functions keep getting deployed with the default serviceAccount.

Thanks

EDIT (2019/02/13):

As stated by @JJC, This is now available via gcloud beta features via:

gcloud beta functions deploy ... --service-account=$YOUR_SA_HERE

EDIT (2023/07/06): As stated by @TinyTiger this is now GA: see the response here

Autoerotic answered 12/2, 2018 at 9:5 Comment(0)

K

7

This is now available via gcloud beta features:

gcloud beta functions deploy ... --service-account=$YOUR_SA_HERE

Killingsworth answered 13/2, 2019 at 4:9 Comment(0)

S

5

2023 UPDATE:

It can be done like this:

gcloud functions deploy FUNCTION_NAME --service-account=SERVICE_ACCOUNT_EMAIL

Read more in the offical docs.

Also note you can use = in-between if you want. Both styles work. For example, both of these will work...

With = works:

gcloud functions deploy FUNCTION_NAME --service-account=SERVICE_ACCOUNT_EMAIL

Without = also works:

gcloud functions deploy FUNCTION_NAME --service-account SERVICE_ACCOUNT_EMAIL

Shantell answered 5/7, 2023 at 12:38 Comment(1)

Thanks @Shantell - I've updated the original Q linking to your response! – Autoerotic 6/7, 2023 at 13:54

N

2

Update Oct 2018

This is available now via gcloud alpha sdk, i.e

gcloud alpha functions deploy --service-account=SERVICE_ACCOUNT

The email address of the IAM service account associated with the function at runtime. The service account represents the identity of the running function, and determines what permissions the function has. If not provided, the function will use the project's default service account.

A note: It's probably necessary to sign up for the alpha in order to use. When I try it (not having signed up for alpha), it deploys without error, but seems to ignore the new flag and use the default service account.

The good news is that it is coming, hopefully it will hit beta soon.

For anyone that may be interested, here is a link to a great use case with example code -- basic solution to secure secrets in your cloud functions: Secrets in Serverless | Seth Vargo

Nit answered 18/10, 2018 at 11:24 Comment(0)

A

1

Found the answer on the Google issue tracker: https://issuetracker.google.com/issues/63801748

It's a feature that is still not available at the moment.

Autoerotic answered 13/2, 2018 at 12:17 Comment(3)

by any chance did you find solution to this as in this thread they never mentioned that they are working on this? – Archetype 5/9, 2018 at 7:10

Actually, yeah they did mention that they are working on it, look at this: issuetracker.google.com/issues/63801748#comment9 – Autoerotic 5/9, 2018 at 13:43

Yes, read it sorry what I wanted to say was that they never talked about any progress on it and still it's not available. – Archetype 5/9, 2018 at 14:23

R

0

And from the UI, you can choose the Service Account from here:

Rodriques answered 18/7, 2023 at 11:26 Comment(0)

2023 UPDATE:

Update Oct 2018

Recommended topics

Hot tags