I think it's not possible. Mainly because Google says and says again: don't trust the network.
And the correct pattern is to use IAM authorization to reach private function.
The problem will be for your external calls. The best way again, is to use IAM, with a service account and a service account key file deployed on the non Google environment. However, all the system aren't compliant with this. So, You can imagine something like this
External environment --> Cloud Function IP Check --IAM--> Private Cloud Function
^
|
Google environment ----------------------IAM------------------
You can use a function to check the IP and then to call privately (with its own service account credential) the private function; like a proxy.
Other solution
If you really want to use only IP for authentication, even if it's not recommended, I think you can achieve this with a serverless NEG on HTTP Global Load balancer.
The HTTP Global load Balancer is a proxy and the HTTPS connexion is terminated at the Load balancer level. So, the originator IP can be found in the header
External environment --> Global Load Balancer with pubic IP--> Cloud Function
^
|
Public internet
|
Google Environment --> NAT/VPC Connector
IMO, it's a lot of things to set up to reduce the security level. It solves your problem, but it's bad!
