GCP Cloud Functions how to to access Secrets Manager with 'PERMISSION_DENIED' despite correct IAM roles
I've searched everywhere and can't find a clear answer. I'm relatively new to this, so bear with me... I'm working with a `PERMISSION_DENIED` behavior when my Google Cloud Function tries to access a secret from the Google Secret Manager. I've ensured that the service account associated with the Cloud Function has the `roles/secretmanager.secretAccessor` role, but I'm still seeing this scenario. Here's the code snippet I'm using to access the secret: ```python import google.auth from google.cloud import secretmanager def access_secret_version(secret_id): # Get the project ID from the default credentials project_id, _ = google.auth.default() client = secretmanager.SecretManagerServiceClient() name = f"projects/{project_id}/secrets/{secret_id}/versions/latest" try: response = client.access_secret_version(name=name) # The payload is a bytes string secret_data = response.payload.data.decode('UTF-8') return secret_data except Exception as e: print(f'behavior accessing secret: {e}') ``` I've verified that the secret actually exists and the Cloud Function is correctly configured to use the appropriate service account. Additionally, when I test the same code locally with the appropriate credentials, it works without any issues. To further troubleshoot, I checked the IAM settings and confirmed that the Cloud Function service account has the necessary permissions. The function is deployed in the same project as the secret, so there shouldn't be any cross-project issues. I also checked the Google Cloud Console for any relevant logs and none seem to indicate any misconfigurations or additional errors. Could there be something I'm missing or additional permissions that need to be granted? Any insights on this would be greatly appreciated! I'm on Debian using the latest version of Python. Has anyone else encountered this? This is for a REST API running on Linux.