Menu
I'm trying the Using Cloud Tasks to trigger Cloud Functions tutorial but when I try to run the created task I get an error:
Status code: 7 (PERMISSION_DENIED)
Reason for retrying: PERMISSION_DENIED(7): HTTP status code 403
I have created a new service account with the Cloud Functions Invoker role.
And modified my code so the tasks are created using this service account:
const task = {
httpRequest: {
httpMethod: protos.google.cloud.tasks.v2.HttpMethod.POST,
url,
oidcToken: {
serviceAccountEmail: '[email protected]',
},
The task is created from a cloud function.
I have also modified the target Cloud Function access control so it can be accessed by allAuthenticatedUsers with the role Cloud Functions Invoker.
I can test trigger the function using the cloud functions console without any error.
What did I miss? Any ideas?
874
I just figured it out. I deployed the function with ingress-settings=internal-only. Thinking that Cloud Tasks would be considered an internal service. I had to change this to the default all, then it worked. internal-and-gclb also did not work.
111
Go to the IAM page, locate the Cloud task service agent service account: service-<projectNumber>@gcp-sa-cloudtasks.iam.gserviceaccount.com and grant the role roles/iam.serviceAccountTokenCreator on it.
It's not mentioned in your tutorial. I guess you didn't do it.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
