stackoom
  简体   繁体   中英

Google cloud function authorization

 原文  2021-11-12 15:53:09       ruby/ google-cloud-platform

Question

I have a google cloud function that I can invoke using gcloud cli using a service account with the necessary IAM permissions

gcloud auth activate-service-account 'service-account-email' --key-file=google_key.json

gcloud functions call opt_manual --data '{some-json}'

this works just fine.

I'm trying to implement a similar call using official ruby sdk https://github.com/googleapis/google-cloud-ruby/tree/main/google-cloud-functions-v1

name = "opt_manual"
data = '{some-json}'

client = ::Google::Cloud::Functions::V1::CloudFunctionsService::Client.new do |config|
  config.credentials = "google_key.json"
end

client.get_function ::Google::Cloud::Functions::V1::GetFunctionRequest.new(name: name) 

# =>
# Permission denied on resource project opt_manual.. debug_error_string:{
#   "created":"@1636730694.210272000",
#   "description":"Error received from peer ipv4:142.251.36.202:443",
#   "file":"src/core/lib/surface/call.cc",
#   "file_line":1070,
#   "grpc_message":"Permission denied on resource project opt_manual.",
#   "grpc_status":7
# } (Google::Cloud::PermissionDeniedError)

The service account includes the following permissions:

  • Cloud Functions Admin
  • Cloud Functions Invoker
  • Service Account User
  • Workload Identity User

Cloud function principles include correct service account.

Despite all of that I'm still getting PermissionDeniedError maybe someone had a similar case and remember how it could be fixed? Keep in mind in the same project I access bigquery and cloud storage using official SDK using the same service account without any problem.

1 answers

solution1
 1 ACCPTED  2021-11-12 16:26:45

Can you replace the following with values and try it instead of opt_manual :

projects/{project}/locations/{location}/functions/opt_manual

Your Service Account likely has too many permissions. You should need only Cloud Functions Invoker ( roles/cloudfunctions.invoker ).

Explanation the underlying method call is projects.locations.functions.get . Unfortunately, the Ruby API documentation for GetFunctionsRequest doesn't explain this. APIs Explorer is the definitive tool for understanding Google's REST APIs.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Making authenticated request to Google Cloud Function Run Java Jar within Python Google Cloud Function Authorization error with google plus sign in UnavailableError in Google Cloud Logging Google Cloud flexible query Access Cloud Function via HTTP from ruby client, using google auth gem Authorization to google drive api using Ruby Google Cloud Talent Solution Exception: Google::Cloud::PermissionDeniedError Google Cloud - Access the Source Repositories Google Cloud DLP - CSV inspection
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM