Cloud Function 2nd gen cant hit cloud run deployed...

oreobiskuit · 08-23-2023 03:47 AM

Hi team, currently I'm trying to create a cloud function to receive message from pubsub and do something with GCS. However when I deployed the code and start consuming pubsub message, I get this error

The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header

this is the cloud run url that my cloud function trying to hit, I censored some part

https://consumedatastream-*****-et.a.run.app/?__GCP_CloudEventsMode=CUSTOM_PUBSUB_projects%2Ftesting-dewi-*****%2Ftopics%2Fdatastream

when I check the cloud run, the service account used by google cloud function is already granted Cloud Run Invoker.

Marramirez

Hello @oreobiskuit,

Welcome to the Google Cloud Community!

Take a look at this documentation: Receive Pub/Sub events using an authenticated Cloud Run Service.

You are getting the above error because you created a trigger for an authenticated Cloud Run service without granting the Cloud Run Invoker role. But in your case, the service account that is used by Cloud Function has been granted the role.

Perhaps you have another service account (Compute Engine default service account) that is used by Cloud Run that requires the Cloud Run Invoker role. I suggest that you grant that role to the service account mentioned above.

You can also try the option of Allowing public (unauthenticated) access to your Cloud Run. This involves adding the Cloud Run Invoker role to allUsers.

If the above options don't work, you can contact Google Cloud Support to further look into your case. Let me know if it helped, thanks!

Cloud Function 2nd gen cant hit cloud run deployed by them