Cloud Functions returns 403 error also with Cloud Functions Invoker permissions
Question
Within GCP:
- I created a function in Google Cloud Functions.
- I want to invoke that function from Google Workflows.
- I added a service account with "Cloud Functions Invoker" permissions.
- I created a workflow in Google Workflows, it uses the service account with "Cloud Functions Invoker" permissions that I added before.
- I run the workflow... it fails with "HTTP server responded with error code 403".
Why does it give 403 error if I'm using a service account with "Cloud Functions Invoker" permissions? If I disable authentication for the function it works, but I need authentication because it's not a public API.
1 answers
solution1
0 2021-12-01 16:08:53
This must be added in the workflow code:
auth:
type: OIDC
See https://cloud.google.com/workflows/docs/calling-run-functions?authuser=1#add_auth_info
solution2
0 2021-12-22 11:33:40
It works fine.
It allows you to remove IAM default rights for "All Users" applied to any Cloud Function.
With this mechanism, you allow only Workflow Service Account executor to invoke the Cloud Function.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.