這篇文章的後續,目前總共試了三個Google Cloud 服務
- Google Cloud Function 對應的GitHub Repo (with TypeScript)
- Google Firestore 對應的GitHub Repo (with TypeScript)
- Google Cloud Storage 對應的GitHub Repo (with Python)
一般來說使用者權限要盡量小(最小權限原則),所以現在在嘗試自訂角色去設權限,只要能夠上傳/更新就可以
目前試出來的權限如下
- Google Cloud Function:能夠透過CI/CD佈署API
- default
roles/cloudfunctions.Developer
- default
- Google Firestore:能夠正常進行CRUD
datastore.databases.getdatastore.databases.getMetadatadatastore.entities.allocateIdsdatastore.entities.createdatastore.entities.deletedatastore.entities.getdatastore.entities.listdatastore.entities.updatedatastore.indexes.list
- Google Cloud Storage:能夠透過CI/CD上傳/更新物件
storage.objects.createstorage.objects.deletestorage.objects.liststorage.objects.update