using gcloud functions deploy --set-secrets=/workspace will trigger an error #696
Description
Expected
It is possible to deploy a secret file into /workspace within a cloud function environment.
Observed
After function is deployed, the step that tests it fails, and it prints this error:
ERROR: (gcloud.functions.deploy) OperationError: code=3, message=Function failed on loading user code. This is likely due to a bug in the user code. Error message: Provided code location '/workspace' is not a loadable module.
I've googled "Error message: Provided code location '/workspace' is not a loadable module." but not much luck yet finding where this comes from.
Steps to reproduce
Assuming you have a gen 1 function e.g. named my-existing-gen1-cloud-function (I'm not sure if this works on Gen 2; I haven't yet tried it):
gcloud functions deploy my-existing-gen1-cloud-function --entry-point=webhook --set-secrets=/workspace/.env-file=Secrets-Env-File:latest
Note there is a warning printed: "Ensure that the runtime service account...has access to the secrets." (which I've done)
Logs
For Cloud Build Logs, visit: https://console.cloud.google.com/cloud-build/builds;region=us-central1/(redacted)?project=(redacted)
Deploying function (may take a while - up to 2 minutes)...⠏
Deploying function (may take a while - up to 2 minutes)...failed.
ERROR: (gcloud.functions.deploy) OperationError: code=3, message=Function failed on loading user code. This is likely due to a bug in the user code. Error message: Provided code location '/workspace' is not a loadable module.
Did you specify the correct location for the module defining your function?
Could not load the function, shutting down.. Please visit https://cloud.google.com/functions/docs/troubleshooting for in-depth troubleshooting documentation.
Workarounds
It seems possible to deploy the secret file to another directory, such as /tmp or /etc.