英文:
Give permission to service account to call all Cloud Function in Terraform
问题
As stated here, you need to define this block so a service account or user can call the function.
资源 "google_cloudfunctions_function_iam_member" "invoker" {
项目 = google_cloudfunctions_function.function.project
区域 = google_cloudfunctions_function.function.region
云函数 = google_cloudfunctions_function.function.name
角色 = "roles/cloudfunctions.invoker"
成员 = "user:myFunctionInvoker@example.com"
}
Is there anyway to give this user/service account to be able call the function without redefining this block repetitively?
*edit
I add roles/iam.serviceAccountUser binding to my service account and it works.
gcloud iam service-accounts add-iam-policy-binding SERVICE_ACCOUNT_EMAIL \
--member user:USER_EMAIL \
--role roles/iam.serviceAccountUser
英文:
As stated here, you need to define this block so a service account or user can call the function.
resource "google_cloudfunctions_function_iam_member" "invoker" {
project = google_cloudfunctions_function.function.project
region = google_cloudfunctions_function.function.region
cloud_function = google_cloudfunctions_function.function.name
role = "roles/cloudfunctions.invoker"
member = "user:myFunctionInvoker@example.com"
}
Is there anyway to give this user/service account to be able call the function without redefining this block repetitively?
*edit
I add roles/iam.serviceAccountUser binding to my service account and it works.
gcloud iam service-accounts add-iam-policy-binding SERVICE_ACCOUNT_EMAIL \
--member user:USER_EMAIL \
--role roles/iam.serviceAccountUser
答案1
得分: 1
发布此内容作为社区维基,供所有人查看。对于服务帐户或用户要调用函数,他们需要具有“roles/cloudfunctions.invoker”角色。要在多个用户或整个用户/服务帐户组上执行此操作,您可以使用IAM来管理他们的访问权限。您可以参考此文档。
英文:
Posting this as a community wiki for everyone's visibility. For a service account or a user to call a function, they need to have the "roles/cloudfunctions.invoker" role. To do this on multiple user or to an entire group of user/service account, you can use IAM to manage their access. You can refer to this documentation on how.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论