Hi there!
I'm running GCP Cloud function
gcloud functions deploy <func-name> \
--gen2 \
--runtime=nodejs20 \
--region=europe-west10 \
--entry-point=<func-name> \
--trigger-http \
--no-allow-unauthenticated
I also have API Gateway
gitpod /workspace/core (feature/adding-crud-api) $ gcloud api-gateway apis describe <API_DI> --project=$PROJECT_ID
createTime: '2024-06-19T18:57:41.448868827Z'
displayName: <API_DI>
managedService: <API_DI>-0haf6f78r2luy.apigateway.budget-bot-421609.cloud.goog
name: projects/budget-bot-421609/locations/global/apis/<API_DI>
state: ACTIVE
updateTime: '2024-06-19T18:59:18.287841345Z'
gitpod /workspace/core (feature/adding-crud-api) $ gcloud api-gateway api-configs describe <CONFIG_ID> --project=$PROJECT_ID --api=<API_DI>
createTime: '2024-06-19T18:59:30.466213171Z'
displayName: <CONFIG_ID>
gatewayServiceAccount: projects/-/serviceAccounts/<service-account-name>@<PROJECT_ID>.iam.gserviceaccount.com
name: projects/371397289510/locations/global/apis/<API_DI>/configs/<CONFIG_ID>
serviceConfigId: <CONFIG_ID>-0ib4jmqay5ozc
state: ACTIVE
updateTime: '2024-06-19T19:01:39.420687820Z'
gitpod /workspace/core (feature/adding-crud-api) $
Here are my Service account roles:
gitpod /workspace/core (feature/adding-crud-api) $ gcloud projects get-iam-policy $PROJECT_ID \
--flatten="bindings[].members" \
--format='table(bindings.role)' \
--filter="bindings.members:<service-account-name>@<PROJECT_ID>.iam.gserviceaccount.com"
ROLE
roles/cloudfunctions.admin
roles/cloudfunctions.invoker
roles/firebase.admin
roles/iam.serviceAccountUser
roles/logging.admin
roles/owner
roles/run.admin
roles/run.invoker
roles/secretmanager.admin
roles/storage.admin
It's a test service accountand suposed for other activities, but it has required roles:
But when I make a call I have
All guides and articles are saying, that it is an IAM issue, but my service account has all required roles in the world, and it still doesn't work
Could you please help me?
Hello, did you manage to find the solution? I have the same issue.