如何在 ingressSettings = ALLOW_INTERNAL_ONLY 时从 Google Cloud Scheduler 调用 Google Cloud Function?
How to call a Google Cloud Function from Google Cloud Scheduler when ingressSettings = ALLOW_INTERNAL_ONLY?
在同一个项目中,我有一个 HTTP Cloud Function 和一个 Cloud Scheduler,它向该函数发送 POST 请求。
我只想允许来自项目内部的请求调用函数。但是,当我将 Ingress Settings 设置为 "Allow internal traffic only" 时,Cloud Scheduler 得到 "PERMISSION_DENIED"
这是错误日志(已编辑)
httpRequest: {
status: 403
}
insertId: "insert_id"
jsonPayload: {
@type: "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished"
jobName: "projects/project_name/locations/location/jobs/cloud_scheduler_job"
status: "PERMISSION_DENIED"
targetType: "HTTP"
url: "https://location-project_name.cloudfunctions.net/cloud_function_name"
}
logName: "projects/project_name/logs/cloudscheduler.googleapis.com%2Fexecutions"
receiveTimestamp: "2020-02-20T13:15:43.134508712Z"
resource: {
labels: {
job_id: "cloud_scheduler_name"
location: "location"
project_id: "project_id"
}
type: "cloud_scheduler_job"
}
severity: "ERROR"
timestamp: "2020-02-20T13:15:43.134508712Z"
}
Link to UI options for ingressSettings
当您使用选项 "Allow internal traffic only" 时,您需要在 Cloud Functions 中使用某种身份验证(为避免这种情况,您可以使用选项 "Allow all traffic")。
请检查 link 中提供的第三条评论:https://serverfault.com/questions/1000987/trigger-google-cloud-functions-from-google-cloud-scheduler-with-private-network
根据官方文档:
To use Cloud Scheduler your Cloud project must contain an App Engine
app that is located in one of the supported regions. If your project
does not have an App Engine app, you must create one.
因此通过 运行 找到您的 App Engine 应用程序的位置:
gcloud app describe
#check for the locationId: europe-west2
然后确保将带有 Ingress 设置的云函数部署到 "Allow internal traffic only" 与应用引擎应用程序相同的位置。
我在与我的 App Engine 应用程序相同的区域部署了一个云功能,一切都按预期工作。
在同一个项目中,我有一个 HTTP Cloud Function 和一个 Cloud Scheduler,它向该函数发送 POST 请求。 我只想允许来自项目内部的请求调用函数。但是,当我将 Ingress Settings 设置为 "Allow internal traffic only" 时,Cloud Scheduler 得到 "PERMISSION_DENIED"
这是错误日志(已编辑)
httpRequest: {
status: 403
}
insertId: "insert_id"
jsonPayload: {
@type: "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished"
jobName: "projects/project_name/locations/location/jobs/cloud_scheduler_job"
status: "PERMISSION_DENIED"
targetType: "HTTP"
url: "https://location-project_name.cloudfunctions.net/cloud_function_name"
}
logName: "projects/project_name/logs/cloudscheduler.googleapis.com%2Fexecutions"
receiveTimestamp: "2020-02-20T13:15:43.134508712Z"
resource: {
labels: {
job_id: "cloud_scheduler_name"
location: "location"
project_id: "project_id"
}
type: "cloud_scheduler_job"
}
severity: "ERROR"
timestamp: "2020-02-20T13:15:43.134508712Z"
}
Link to UI options for ingressSettings
当您使用选项 "Allow internal traffic only" 时,您需要在 Cloud Functions 中使用某种身份验证(为避免这种情况,您可以使用选项 "Allow all traffic")。
请检查 link 中提供的第三条评论:https://serverfault.com/questions/1000987/trigger-google-cloud-functions-from-google-cloud-scheduler-with-private-network
根据官方文档:
To use Cloud Scheduler your Cloud project must contain an App Engine app that is located in one of the supported regions. If your project does not have an App Engine app, you must create one.
因此通过 运行 找到您的 App Engine 应用程序的位置:
gcloud app describe
#check for the locationId: europe-west2
然后确保将带有 Ingress 设置的云函数部署到 "Allow internal traffic only" 与应用引擎应用程序相同的位置。
我在与我的 App Engine 应用程序相同的区域部署了一个云功能,一切都按预期工作。