Trouble Accessing Cloud Run Service: "Error: Forbi...

bestbehaivior · 06-06-2024 11:51 AM

Hi everyone, I'm new here to GCP

I'm encountering an issue with a Cloud Run service that I've deployed, and I'm hoping someone can help me troubleshoot it. Here's the problem:

I've deployed a Cloud Run service using Google Cloud Platform, and I've configured it to be publicly accessible with the "All" ingress setting. However, when I try to access the service using the provided URL, I'm getting an "Error: Forbidden" message in my browser.

I've checked the permissions, and everything seems to be set up correctly. The service has the necessary IAM roles assigned, and the ingress setting is configured to allow all traffic. Despite this, I'm still unable to access the service.

I'm not sure what could be causing this issue, so any advice or suggestions would be greatly appreciated. Has anyone encountered a similar problem before, or does anyone have any ideas on how I can troubleshoot this further?

NoCommandLine

As the documentation says

All Cloud Run services are deployed privately by default, which means that they can't be accessed without providing authentication credentials in the request.

Navigate to https://console.cloud.google.com/run?project=<your_project_name>

1) Check what you have under "Authentication". If it shows "Require authentication", then that is the cause of your error unless you're using a url which has code behind the scene to obtain the necessary access token

2) To fix it, click on the Cloud Run App, go to Security and change your Authentication to "Allow unauthenticated invocations"

......NoCommandLine ......
https://nocommandline.com

Analytics & GUI for
App Engine & Datastore Emulator

bestbehaivior

Thanks man, does making it "Allow unauthenticated invocations" mean that it will be public to everyone?

The code I am using will be part of an automation that I will use within my business where it uses a UUID. Here is the code also if it helps:

app.py:

from flask import Flask, jsonify

from flask_cors import CORS

import uuid

# Initialize Flask application

app = Flask(__name__)

CORS(app, resources={r"/*": {"origins": ["(URLs Removed by Staff), ]}})

# Define a route to generate and return a UUID

@App.route('/get_uuid', methods=['GET'])

def get_uuid():

my_uuid = uuid.uuid4()

return jsonify({"uuid": str(my_uuid)})

# Run Flask app

if __name__ == '__main__':

app.run(host='0.0.0.0', port=8080)

Dockerfile:

FROM python:3.8

# Set the working directory in the container

WORKDIR /app

# Copy the dependencies file to the working directory

COPY requirements.txt .

# Install dependencies

RUN pip install -r requirements.txt

# Copy the content of the local src directory to the working directory

COPY . .

# Specify the command to run on container start

CMD [ "python", "./app.py" ]

Requirements.txt:

Flask-CORS==3.0.10

So this is the code I want to deploy to the cloud so that I can use it for production use within my automation that i am building for myself.

Will allowing unauthenticated invocations will this mean that everyone has access to this on the web? Also when I go to save unauthenticated invocations it comes up with an error:

After this I click save and then this popup appears:

Sorry if these are dumb questions. I have been trying to figure this out for a while now

NoCommandLine

does making it "Allow unauthenticated invocations" mean that it will be public to everyone?

Yes. My understanding of your original post is that's what you want cos you have this ...and I've configured it to be publicly accessible.... Do you want something different?

Regarding the error you get when you try to change the authentication, see if the blog post from Google, - How to Create Public Cloud Run Services when Domain Restricted Sharing is Enforced helps

......NoCommandLine ......
https://nocommandline.com

Analytics & GUI for
App Engine & Datastore Emulator

Trouble Accessing Cloud Run Service: "Error: Forbidden"