问题
I need one cloud function (CF) to invoke another CF that is protected. Protected meaning it can only be invoked by other CFs but not from Internet.
Protected CF: I disabled the "Allow unauthenticated invocations" when creating this. I now need to give this function the correct Role and Permission so that it can be accessed from other CFs.
I have tried almost all options but keep getting 403 from the invoker.
Any ideas? Thanks!
回答1:
You can specify that a receiving function accepts requests from other functions by granting the Cloud Functions Invoker role to the calling function identity. More info on this here.
Cloud Functions run under a specific identity, given by the service account they run under. By default, this service account is the same as for App Engine, PROJECT_ID@appspot.gserviceaccount.com. So by giving the invoker role to this service account, you'll allow all your other functions to call this function. You may want to give a different identity/service account to each of your functions to specify access permissions in a more granular way. More info on this here.
来源:https://stackoverflow.com/questions/57994997/what-is-the-correct-permission-to-give-gcp-cloud-function-cf-so-that-its-call