google-cloud-functions

You must assign the Invoker role (roles/run.invoker) through Cloud Run for 2nd gen functions


I'm trying to invoke my Gen 2 Firebase function from my IOS app. It has been working fine for several months, until I redeployed it today, and now all of a sudden, users from my app receive Unauthenticated when trying to invoke it.

I granted the allUsers &Cloud Functions Invoker (1) principal to my function, but now it gives me this warning:

enter image description here

The specified principal roles/run.invoker is nowhere to be found.

My users can't access the function. Does google deliberately make things more complicated than they should be?


Solution

  • At the top right of your Gen 2 Cloud Function details, you should see a badge: “Powered by Cloud Run,” along with the Cloud Run service name at the bottom. Remember this service name.Powered by Cloud Run image

    Next, open Serverless -> Cloud Run in the left menu. Cloud runYou will see a list of Cloud Run services. Find your Cloud Run service and check the checkbox next to it. A panel will appear at the top with the message “1 service selected” and buttons like Copy, Delete, and Permissions. Cloud run service selected options. Click Permissions. The permissions panel for this Cloud Run service will appear on the right. Here, you can assign the Cloud Run Invoker role to the required service account.

    I would also suggest removing the allUsers permission from the original Cloud Function to avoid unexpected security consequences.