Skip to content
← General

I suggest you ...

General: Cloud Functions for Firebase

Categories

(thinking…)

Add support using custom SA for 2nd gen cloud functions deployment

Currently using 2nd gen cloud functions requires having the default Compute Engine Service Account and there is no way to use custom service account.

Not all projects have the service account or have any means to re-create the default SA if it has been deleted at some point and using default service accounts is anyway something that is not recommended by Google. So currently not all can move to using 2nd gen cloud functions unless support for using custom SA is added.

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Janne Julkunen shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Ivan Curada commented  ·   ·  Report

    Voting this up! We are in a bind here since we cannot use the default SA because of compliance and changing an organization policy is a no.

    While it is possible to apply a custom SA in the runtime, you cannot override the default build service account that runs the orchestration of Cloud Build to Cloud Functions Gen 2/Cloud Run functions.

  • Thomas Bouldin commented  ·   ·  Report

    As of the latest CLI version, the service account you use for your function is the service account that is used in the connecting services (e.g. Google Eventarc and Google Cloud Tasks). Hopefully that unblocks you!