403 Response from Google Cloud Functions

Question

I'm receiving the following error when trying to execute a Cloud Function endpoint from the web:

<!DOCTYPE html>
<html lang=en>
  <meta charset=utf-8>
  <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
  <title>Error 403 (Forbidden)!!1</title>
  <style>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5pxno-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
  </style>
  <a href=//www.google.com/><span id=logo aria-label=Google></span></a>
  <p><b>403.</b> <ins>That’s an error.</ins>
  <p>Access is forbidden.  <ins>That’s all we know.</ins>

I followed this tutorial: https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/functions/helloworld/main.py

When calling the function as noted here: https://cloud.google.com/functions/docs/writing/http, I receive a 403 error. I'm logged into the gcloud project and using the correct user.

Deploy command:

gcloud beta functions deploy hello_get --runtime python37 --trigger-http

From this doc: https://cloud.google.com/functions/docs/concepts/python-runtime

Called it with this command: curl -X POST https://<REGION-PROJECT_ID>.cloudfunctions.net/hello_get

From this doc: https://cloud.google.com/functions/docs/writing/http

It's odd because this started happening about 3 weeks ago. Old functions stopped working and return a 403 response. I deployed the sample function in the UI and it only works when deploying from the UI but fails with a 403 when going to the endpoint via an http request.

Also, the function successfully executes when using the command: gcloud functions call hello_get

Was there a change in GCF auth over the last couple of weeks?

UPDATE I was able to identify the issue. The project I was on and user was in a beta auth program. After switching to a user and project not in the program, I was able to access the endpoint.

Thank you for the help.

Answer 1

It seems to me that additional IAM functionality was added to Google Cloud Functions, and as a result, you may have not turned on allUser access to the function (FYI this give acess to the whole web).

1. On the Cloud Functions homepage, highlight the Cloud Function you want to add all access to.

2. Click "Permissions" on the top bar.

3. Click "Add Principal" and type "allUsers" then select "Cloud Function Invokers" under "Cloud Function" in the Role box.

4. Click "Save"

5. Click "Allow Public Access"

**Updated for new Google UI for Cloud Functions