Within GCP:
Why does it give 403 error if I'm using a service account with "Cloud Functions Invoker" permissions? If I disable authentication for the function it works, but I need authentication because it's not a public API.
This must be added in the workflow code:
auth:
type: OIDC
See https://cloud.google.com/workflows/docs/calling-run-functions?authuser=1#add_auth_info
It works fine.
It allows you to remove IAM default rights for "All Users" applied to any Cloud Function.
With this mechanism, you allow only Workflow Service Account executor to invoke the Cloud Function.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.