Skip to content
Advertisement

Cannot add private python dependency to cloud function

I am trying to deploy a python cloud function on GCP, using a python package pushed on the artifact registry of another project.

I followed the instructions off the google cloud documentation:

The service account that deploys the cloudbuild has the role: Artifact Registry Reader

The error in cloudbuild:

CESTERROR: (gcloud.functions.deploy) OperationError: code=3, message=Build failed: Looking in indexes: https://pypi.org/simple, https://us-west1-python.pkg.dev/my-project-id/package-name/simple/

ERROR: Could not find a version that satisfies the requirement package_name==0.1.5 (from versions: none)

the requirements.txt

--extra-index-url https://us-west1-python.pkg.dev/my-project-id/package-name/simple/
package_name==0.1.5

the setup.py of the package

from distutils.core import setup

setup(
    name="package_name",
    version="0.1.5",
    description="Python package",
    author="Benjamin BRETON",
    author_email="john.doe@gmail.com",
    url="",
    packages=["src/package_name"],
)

the cloudbuild.yaml that deploys the function.

steps:
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  args:
  - gcloud
  - functions
  - deploy
  - ${_SERVICE_NAME}
  - --region=${_REGION}
  - --source=${_REPOSITORY_PATH}
  - --trigger-http
  - --allow-unauthenticated
  - --runtime=python39
  - --memory=128MB
  - --entry-point=${_ENTRY_POINT}
  - --service-account=${_SERVICE_ACCOUNT}
  - --set-env-vars=OUTPUT_BUCKET_NAME=${_OUTPUT_BUCKET_NAME}, URL_BUCKET_NAME=${_URL_BUCKET_NAME}
options:
  logging: 'CLOUD_LOGGING_ONLY'

I tried to run the pip install -r requirements.txt and it works locally If I remove the library import, the cloud function deploys and works. I also tried to switch to the –gen2 version of cloud functions, but without luck.

People seem to have similar issues: here with a different error.

Advertisement

Answer

I got the answer to this problem in another question, thanks @Edo Akse:

To grant access to the private library hosted on an artifact registry, you need to give the role Artifact Registry Reader to:

  • The service account running the cloudbuild
  • The default service account of the cloud build (in cate you ran the cloudbuild with a service account you specified yourself). This service account had the name: <PROJECT-NUMBER>@cloudbuild.gserviceaccount.com

You can find the <PROJECT-NUMBER> in the project settings.

User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement