我创建了一个由发布到 pubsub 主题触发的云函数。当我向主题发布消息并阅读函数日志时,我看到以下错误: “请求未经身份验证。要么允许未经身份验证的调用,要么设置正确的授权标头。了解更多信息,请访问 https://cloud.google.com/run/docs/securing/authenticating 其他文档故障排除可以在以下位置找到:https ://cloud.google.com/run/docs/troubleshooting#unauthorized-client"
如果我正确理解该错误,则意味着调用该函数的实体没有这样做的权限。在这种情况下,谁或那个人会是呼叫者。主题订阅?
我自己的函数读取和写入 Cloud Storage 并发布到另一个主题,因此我尝试将服务帐户分配给具有 pubsub.editor 和 storage.user 角色的函数,但这没有什么区别。
为了使其回归基础,我尝试按照本教程一步步进行操作,但得到了相同的结果。教程中的函数只是写入控制台。
这是功能代码(来自教程)
use strict';
// [START functions_cloudevent_pubsub]
const functions = require('@google-cloud/functions-framework');
// Register a CloudEvent callback with the Functions Framework that will
// be executed when the Pub/Sub trigger topic receives a message.
functions.cloudEvent('helloPubSub', cloudEvent => {
// The Pub/Sub message is passed as the CloudEvent's data payload.
const base64name = cloudEvent.data.message.data;
const name = base64name
? Buffer.from(base64name, 'base64').toString()
: 'World';
console.log(`Hello, ${name}!`);
});
// [END functions_cloudevent_pubsub]
这是我创建该函数的方法:
gcloud pubsub topics create test-example-1
gcloud functions deploy nodejs-pubsub-function \
--gen2 \
--runtime=nodejs20 \
--region=europe-west1 \
--source=. \
--entry-point=helloPubSub \
--trigger-topic=test-example-1
然后,我通过发布到主题来触发该功能
gcloud pubsub topics publish test-example-1 --message="Friend"
当我检查日志时,我得到了这个:
gcloud functions logs read --gen2 --region=europe-west1 --limit=5 nodejs-pubsub-function
LEVEL NAME TIME_UTC LOG
WARNING nodejs-pubsub-function 2024-07-06 20:19:13.564 The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating Additional troubleshooting documentation can be found at: https://cloud.google.com/run/docs/troubleshooting#unauthorized-client
WARNING nodejs-pubsub-function 2024-07-06 20:19:02.007 The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating Additional troubleshooting documentation can be found at: https://cloud.google.com/run/docs/troubleshooting#unauthorized-client
I nodejs-pubsub-function 2024-07-06 20:17:16.448 Default STARTUP TCP probe succeeded after 1 attempt for container "worker" on port 8080.
我尝试为 allUsers 设置权限来调用该函数,但我没有项目的权限来执行此操作:
gcloud functions add-iam-policy-binding nodejs-pubsub-function --member=allUsers --role=roles/cloudfunctions.invoker --region=europe-west1
ERROR: (gcloud.functions.add-iam-policy-binding) ResponseError: status=[403], code=[Ok], message=[Permission 'cloudfunctions.functions.setIamPolicy' denied on 'projects/***/locations/europe-west1/functions/nodejs-pubsub-function']
缺乏设置 Iam 策略的权限是否与此有关?使用上述命令部署函数时,我没有收到任何错误
缺乏设置 Iam 策略的权限是否与此有关?使用上述命令部署函数时,我没有收到任何错误
是的。您需要通过拥有正确的权限来添加 allUsers 绑定,或者
添加 创建 CF 时的
--allow-unauthenticated