This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Remove authentication from Cloud Function

Posted on 01-03-2025 11:40 AM
asiurob
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have a Cloud Function connected to my frontend. The problem is, I must to refresh the token and inject it on the headers on every call. I'm feel frustrated because the token expires in 1 hour and in production environment it is unmainteinable. 
I was exploring the best way to remove the token auth and I found this command

 gcloud run services add-iam-policy-binding [SERVICE_NAME] \
    --member="allUsers" \
    --role="roles/run.invoker"

I guess SERVICE_NAME means the name of my cloud function?

asiurob_0-1735932791596.png

gcloud run services add-iam-policy-binding user-types \ --member="allUsers" \ --role="roles/run.invoker"

When I run that command it fails with the following message

(gcloud.run.services.add-iam-policy-binding) FAILED_PRECONDITION: One or more users named in the policy do not belong to a permitted customer,  perhaps due to an organization policy.

I'm not pretty sure how to sort it out? What I should to grant or revoke?

 

0 1 374
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
greb
Staff
Reply posted on --/--/---- --:-- AM

Hi @asiurob 

Welcome to Google Cloud Community!

I can see that you’re trying to eliminate token-based authentication for your Cloud Run services to prevent constant token renewals. Nonetheless, the gcloud run services add-iam-policy-binding command encounters a FAILED_PRECONDITION error, probably due to an organizational policy prohibiting unauthenticated access.

Here’s what you can do:

  1. Check Org Policy
    Run this to confirm if unauthenticated access is restricted, you may run thru this documentation.
    gcloud org-policies describe constraints/cloudfunctions.allowUnauthenticated --organization=ORG_ID
*
constraints/run.allowedBinaryAuthorizationPolicies
  2. Alternatives
  3. Request Policy Update
    If public access is required, ask your admin to allow     roles/run.invoker for allUsers.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.