Calling authenticated cloud function from applicat...

pis7ftw · 12-20-2023 06:10 AM

Hello,

I'm attempting to call an authenticated cloud function (V2) from an elixir application. I'm attempting to use the elixir client library but I believe this is an issue with my service account. I attempt to call my authenticated function with

curl -H "Authorization Bearer <bearer token created from service account key>" <cloud function url>

The error I receive is:

Error: Unauthorized

Your client does not have permission to the requested URL

My service account has the following roles: roles/run-invoker

I also granted access to the function to the service account principal with the role: Cloud Functions Invoker

My question is two-fold.

Am I missing a permission/role somewhere?

Am I not converting the service account key to a bearer token properly? I'm using the google-apis elixir library if that helps anybody. It's more or less the same method I use to convert a service account key to a bearer token to access cloud storage.

Thank you

Marramirez

Hello @pis7ftw!

Welcome to the Google Cloud Community!

You can do the following troubleshooting options:

Take a look at this documentation. You can enable access to a function by adding principals and granting roles. Select the function then click permissions. Click Add principals then enter the identity (user or service account) that needs access to your function. Select the role and save.
If the above option doesn't work, you can contact Google Cloud Support to further look into your case. Let me know if it helped, thanks!

Calling authenticated cloud function from application - client does not have permission