Open edaniszewski opened 4 years ago
I've updated the PR with some of your recommendations. I'm not sure I've handled the orphaned promises correctly, so I may need further guidance there.
I also didn't move towards using native promises instead of bluebird since it feels like transitioning from bluebird to native is a bit out-of-scope for this PR and feels to me like that project-wide change should be in its own PR
it feels like transitioning from bluebird to native is a bit out-of-scope for this PR
Yes definitely, but to avoid increase of technical debt we should not introduce any new code on Bluebird (it's not a problem to use native promises together with Bluebird). Any new code should be constructed with async/await and native promises.
@medikoo - sorry for the delay here and being a bother, but do you know of any examples (e.g. in the serverless repo or elsewhere) of migrating from bluebird to native promises? I'm a bit new to JS promises, and even though I feel kinda close to getting it right, I'm hoping there is an example for me to use as a reference and validate against.
Wondering what needs to be done for this merge? New to OSS but would love IAM capabilities with GCP Functions
@medikoo Please approve this fix
Just throwing in my two cents, would love for the PR to be merged as I'm looking for a way to "allowUnauthenticated" on deploy as opposed to having to manually add the permission per function in google cloud console.
@KavinJey @mrlucasrib @cgossain Do you think you can finalize this PR? Aside of suggestions pointed in review process it needs now updating with master
Any plans for merging this PR soon? I am looking for the "allowUnauthenticated" option.
Any status update on this? This is certainly a very useful PR and a very much needed one.
Plans on getting this merged?
I too would be interested in this functionality. I had to write a script just to get around this but it’s an extra thing to manage.
This PR is not finalized. Can you can help with finalizing it?
It would be great if this fix could be merged soon. We're using deployment manager to manage all our cloud functions and currently have to manually assign permissions to public HTTP functions after deploy to work around this bug.
In the meanwhile... this is a decent workaround, although you'll have to install another plugin.
https://github.com/serverless/serverless-google-cloudfunctions/issues/205#issuecomment-658759740
@J-Rojas thanks for the tips on how to update. Simple stuff, but since I'm not really a JS developer I was just unfamiliar.
Hopefully with these updates, this should now be ready for review + merge.
@edaniszewski not a problem, I'm glad I can help and thanks for taking the time to fix this.
@medikoo bump... can we get this merged since your requested changes have been addressed?
I really need this too!
Status of this MR?
+1 on this PR; would be very useful!
Any updates on this? This is really blocking us from moving to GCP from AWS.
This implementation is a pretty sizable departure of the previous implementation attempt (https://github.com/serverless/serverless-google-cloudfunctions/pull/219) which did not work as anticipated (https://github.com/serverless/serverless-google-cloudfunctions/issues/222) because it seems like the documented configuration/behavior for setting via
deploymentmanager
does not work as expected.This approach does offer a bit better granularity of how functions IAM policies can be defined though, which is nice.
IAM roles are applied after a function is deployed/updated.
Note: In order to apply IAM policies to functions, the serviceaccount you are using for serverless deploys will need the
cloudfunctions.functions.setIamPolicy
permission. This permission is not granted by the default cloudfunctions roles so will require you to create a custom policy.If you do not have the appropriate permissions, you should get an error message stating you lack the permission:
IAM policies can be set a number of different ways.
Globally
Per-function
IAM policies are merged between the global/function-local scope as well. This definition:
the full set of IAM policies would get merged to
There are some caveats with this approach which this PR does not address:
sls remove
and re-deploy.sls deploy
command will fail, but since IAM policies are applied to functions after deployment manager is setup and creates the functions, a failure to set policy will not automatically remove functions.setIamPolicy
call failing or not.Fixes #222
Also related:
205