Re: How to run a cloud run job from an external ap...

drfalken · 11-18-2022 03:14 PM

I have a python script that takes 5-20 minutes to run. I may need to invoke many of these concurrently based on user input, but they are totally independent from each other.

I can successfully build and execute the script on google cloud run job, but I would like to invoke it from another service (outside of google). My issues:

1. I can invoke it, but the auth token seems to be very short lived
2. I want to have the script be able to make some POSTs with its uid, but I am not sure how the py script can get access to that.

Any help is appreciated!

marcanthonyb

Hi drfalken,

Have you already considered using a service account instead of workload identity federation? Service account key is a long-lived key-pair that you can use as a credential for a service account. Unlike the OAuth access token, a service account key does not expire. You are responsible for security of the private key and other key management operations, such as key rotation.

For guide how to use service account instead of workload identity federation, you may visit this documentations for more information:
- Set up the service account
- Use a downloaded service account key

dalenguyen

Hi @marcanthonyb, I have the same use case where a webhook triggers the Cloud Run API. Do you know if we can turn a service account into a long live Token? After that, we can pass the token to the header when triggering the cloud run. Since the webhook is on a third-party website, the token must be long live. Any suggestions? Thanks,

How to run a cloud run job from an external app?