search

GoogleCloudPlatform / eventarc-samples

This repository contains a collection of samples for Eventarc for various use cases.
Apache License 2.0
74 stars 34 forks source link

Sample flow broken for image-v3 #99

Closed russellpwirtz closed 1 year ago

russellpwirtz commented 1 year ago

In the image-v3 sample, the flow looks to be broken because of a missing step to add an IAM role.

Prior to the step "Deploy filter service" it looks like a role needs to be added to the service account. This command seemed to fix it for me:

gcloud projects add-iam-policy-binding $PROJECT_ID \ --member=serviceAccount:[service account id] \ --role=roles/artifactregistry.reader

meteatamel commented 1 year ago

Thanks for reporting @russellpwirtz. I tried to deploy on a new project under no organizatoin and as the owner of the project and it worked for me without adding that role:

gcloud functions deploy $SERVICE_NAME \
  --gen2 \
  --allow-unauthenticated \
  --runtime dotnet3 \
  --trigger-http \
  --region=$REGION \
  --entry-point Filter.Function \
  --set-build-env-vars GOOGLE_BUILDABLE=image-v3/filter/csharp
Preparing function...done.
X Deploying function...
    [Build] Logs are available at [https://console.cloud.google.com/cloud-build
  /builds;region=us-central1/8bc52402-3424-465a-8cb9-9adb2c94b4a1?project=84249
  832105]
  ✓ [Service]
  . [ArtifactRegistry]
  . [Healthcheck]
  . [Triggercheck]
Completed with warnings:
  [WARNING] Not deleting folder: /workspace/bin
You can view your function in the Cloud Console here: https://console.cloud.google.com/functions/details/us-central1/filter?project=image-processing-wed

buildConfig:
  build: projects/84249832105/locations/us-central1/builds/8bc52402-3424-465a-8cb9-9adb2c94b4a1
  entryPoint: Filter.Function
  environmentVariables:
    GOOGLE_BUILDABLE: image-v3/filter/csharp
  runtime: dotnet3
  source:
    storageSource:
      bucket: gcf-v2-sources-84249832105-us-central1
      object: filter/function-source.zip
  sourceProvenance:
    resolvedStorageSource:
      bucket: gcf-v2-sources-84249832105-us-central1
      generation: '1668599683669204'
      object: filter/function-source.zip
environment: GEN_2
labels:
  deployment-tool: cli-gcloud
name: projects/image-processing-wed/locations/us-central1/functions/filter
serviceConfig:
  allTrafficOnLatestRevision: true
  availableMemory: 256M
  ingressSettings: ALLOW_ALL
  maxInstanceCount: 100
  revision: filter-00001-loh
  service: projects/image-processing-wed/locations/us-central1/services/filter
  serviceAccountEmail: 84249832105-compute@developer.gserviceaccount.com
  timeoutSeconds: 60
  uri: https://filter-tibqghsvsq-uc.a.run.app
state: ACTIVE
updateTime: '2022-11-16T11:56:35.319285198Z'

Please let me know which might be different in your case?

russellpwirtz commented 1 year ago

@meteatamel Ah it's possible my existing setup caused this if you're seeing no issues on a fresh deploy.

Here are the logs FWIW: (base) russ@Russs-MacBook-Pro processing-pipelines % SERVICE_NAME=filter

% gcloud functions deploy $SERVICE_NAME \ --gen2 \ --allow-unauthenticated \ --runtime dotnet3 \ --trigger-http \ --region=$REGION \ --entry-point Filter.Function \ --set-build-env-vars GOOGLE_BUILDABLE=image-v3/filter/csharp Preparing function...done.
X Deploying function...
. [Build]
✓ [Service]
. [ArtifactRegistry]
. [Healthcheck]
. [Triggercheck]
Failed.
ERROR: (gcloud.functions.deploy) OperationError: code=7, message=Unable to retrieve the repository metadata for projects/eventarc-samples-01/locations/us-central1/repositories/gcf-artifacts. Ensure that the Cloud Functions service account has 'artifactregistry.repositories.list' and 'artifactregistry.repositories.get' permissions. You can add the permissions by granting the role 'roles/artifactregistry.reader'.

% gcloud projects add-iam-policy-binding eventarc-samples-01 \ --member=serviceAccount:[redacted]@cloudbuild.gserviceaccount.com --role=roles/artifactregistry.reader

Updated IAM policy for project [eventarc-samples-01].

% SERVICE_NAME=filter

gcloud functions deploy $SERVICE_NAME \ --gen2 \ --allow-unauthenticated \ --runtime dotnet3 \ --trigger-http \ --region=$REGION \ --entry-point Filter.Function \ --set-build-env-vars GOOGLE_BUILDABLE=image-v3/filter/csharp Preparing function...done.
X Updating function (may take a while)...
[Build] Logs are available at [https://console.cloud.google.com/cloud-build/builds;region=us-central1/[redacted]
[Service]
. [ArtifactRegistry]
. [Healthcheck]
. [Triggercheck]
Completed with warnings:
[WARNING] Not deleting folder: /workspace/bin