i am quite new to the GCP world and i am asking here just to have some other informations about my issue.
I would like to create an HTTP Google Cloud Function that performs some operations over a certain project.
At the same way, i need to invoke this function from an external service (let's say from a Gsheet for which the SA that own the function could edit it).
I saw that there is GoogleAppScripts, and in particular the URLFetchApp service. My idea is to call that function from that service.
In order to have authentication i saw that the library OAuth2 is needed, in this case, is it necessary to create a ClientID and a ClientSecret for the account that manage the function? If this is the case, how the AppScript could create the related service?
Thank you in advance.
You can query the identity token via google apps script and then use it to call the gcloud function.
The first thing we have to do is to have a cloud function and make sure you have permissions to invoke it (try executing it using another method).
After that, go to your Apps Script project manifest and set at least 2 specific scopes:
{
...
"oauthScopes": [
"openid",
"https://www.googleapis.com/auth/script.external_request"
],
...
}
openid allows us to get an identity token to call the function with and .../script.external_request allows us to use a fetch.
Then you can add the code:
const response = UrlFetchApp.fetch(
'https://gcloud-function-url',
{
muteHttpExceptions: true,
headers: {
'Authorization': `Bearer ${ScriptApp.getIdentityToken()}`
}
}
)
// use response
As documented in the reference, ScriptApp.getIdentityToken() returns the the OpenID token that we need.