I've just been following the standard setup script using the recommended settings via cr_setup() for a new project on Google Cloud; unfortunately cr_setup_test("plumber") failed with the following error message in the logs for Cloud Build:
"auth cloudrun": ERROR: (gcloud.run.services.add-iam-policy-binding) PERMISSION_DENIED: Permission 'run.services.setIamPolicy' denied on resource
I solved the issue by manually adding 'run.services.setIamPolicy' as Cloud Functions Admin to the roles of the service account.
I'm not sure if it was something I did or if this is a new build requirement from Google's end (I did find a blog post from August of some changes related to Cloud Functions and Cloud Run) or perhaps the role has simply been renamed as cr_setup_role_lookup() seems to include roles with similar looking roles -- perhaps cr_setup_role_lookup() needs to be updated. Unfortunately I don't know enough about the subtleties to make any concrete suggestions.
Great thanks, yes looks like an IAM update. I suspect a less permissive role than Cloud Functions Admin will fix it too but glad you got over the blocker.
I've just been following the standard setup script using the recommended settings via
cr_setup()
for a new project on Google Cloud; unfortunatelycr_setup_test("plumber")
failed with the following error message in the logs for Cloud Build:I solved the issue by manually adding 'run.services.setIamPolicy' as
Cloud Functions Admin
to the roles of the service account.I'm not sure if it was something I did or if this is a new build requirement from Google's end (I did find a blog post from August of some changes related to Cloud Functions and Cloud Run) or perhaps the role has simply been renamed as
cr_setup_role_lookup()
seems to include roles with similar looking roles -- perhapscr_setup_role_lookup()
needs to be updated. Unfortunately I don't know enough about the subtleties to make any concrete suggestions.Thanks for a great package. Christian