Cloud Scheduler fails in HTTP Cloud Function

1
votes

I'd like to make a simply job in cloud scheduler that would use my cloud function.

That's what I've done so far:

  1. Created a service account called "cloudfunction" with owner role (for tests)
  2. Created a cloud function job (lets call it JOB1) with internal traffic only, europe-west3 (that's what my gcloud app describe says), and as a service account I used my SA "cloudfunction".

  3. Cloud Scheduler, I made a job with JOB1 HTTP and :

    URL = JOB1s URL,
auth method = OIDC,
http method = get,
SA = cloudfunction (which is linked in JOB1 as well)
audience = JOB1s URL.

I've already seen some topics with similar problem, but in my case I have my [email protected] IAM account, so it does not resolve my problem, restarting scheduler API too.

Similar topics which did not really help me in my case :

How to invoke Cloud Function from Cloud Scheduler with Authentication

Cannot invoke Google Cloud Function from GCP Scheduler

cannot invoke cloud function from cloud scheduler

1
authenticationgoogle-cloud-platformgoogle-cloud-functionsgoogle-cloud-scheduler
as is mentioned here in the comments of this answer, are you tried on a fresh project stackoverflow.com/questions/61235853/…Jan Hernandez
In the other thread i've seen that refreshing project helps in the same way as reloading scheduler API...brasai
I created a job on an old project and in a new one, by using the GCP console and works as is expected cloud.google.com/scheduler/docs/…Jan Hernandez
Could you explain what service accounts (and with what roles) do you have and which one do you use? I've got service account with owner permissions, and still it has no access. hmmbrasai
Many questions: Did you have delete and re-created the SA cloudfunction? Did you grant your SA cloudfunction with the role Service Account User?guillaume blaquiere

1 Answers

3
votes

This behavior is caused due a connectivity lack between Cloud Scheduler and Internal GCP services.

Cloud Scheduler can't use an internal IP within your project and for this reason,the requests always will be detected as external traffic, I found that another user filed a feature request about a similar issue.