Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google Cloud Function not created with Private access

Tags:

google-cloud-platform

google-cloud-functions

I'm creating Google Cloud HTTP Function using my python script as follows:

gcloud beta functions deploy " + function_name + " --runtime go111 --trigger-http --memory 128 --region " + cloud_region + " --source " + function_path + " --service-account " + my_service_account

Allow unauthenticated invocations of new function [ExecuteFunctionTest]? (y/N)? N

WARNING: Function created with default IAM policy. To enable unauthorized access consider "gcloud alpha functions add-iam-policy-binding function_name --region=us-central1 --member=allUsers --role=roles/cloudfunctions.invoker"

Then when I do:

gcloud beta functions get-iam-policy function_name

I get the following output:

bindings:
- members:
  - allUsers
  role: roles/cloudfunctions.invoker
etag: BwWOGyVdpDg=
version: 1

Why is 'allUsers' a member here?

The documentation https://cloud.google.com/functions/docs/securing/authenticating and https://cloud.google.com/functions/docs/securing/managing-access says that:

all Cloud Functions are deployed privately, which means that they can't be accessed without providing authentication credentials in the request.

By default, HTTP Functions are only callable by project owners, editors, and Cloud Functions Admins and Developers.

But I'm able to access the Cloud Function URL using a simple curl command or Postman client without any credentials from outside the project.

What could be causing the Cloud Function to have the 'allUsers' member and be Publicly accessible?

like image 341
user5155835 Avatar asked Dec 20 '25 23:12

user5155835

1 Answers

You can set access with the next command

https://cloud.google.com/sdk/gcloud/reference/alpha/functions/add-iam-policy-binding

and remove allUsers with the next one

https://cloud.google.com/sdk/gcloud/reference/alpha/functions/remove-iam-policy-binding

example: gcloud alpha functions add-iam-policy-binding function_name --region=us-central1 --member=user:[email protected] --role=roles/cloudfunctions.invoker

gcloud alpha functions remove-iam-policy-binding function_name --region=us-central1 --member=allUsers --role=roles/cloudfunctions.invoker

like image 177
user494611 Avatar answered Dec 23 '25 23:12

user494611

Sign in to Comment

Related questions

How to call GCP Datastore from GCP Cloud Function?
Firebase functions gen2 python init does not work
Google sheet update using service account key and php
Can Google Pub/Sub be used for chat messaging?
Firebase Cloud Functions cannot read nitro generated index.mjs file
Vertex AI model version using Python SDK
Firestore get all document of a sub collection
Cloud SQL point in time Data residency
ModuleNotFoundError in Dataflow job
Kubernetes Deployment with Zero Down Time
Connect to Cloud SQL for PosgreSQL from Cloud Composer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!