在同一个项目中，我有一个 HTTP Cloud Function 和一个向该函数发送 POST 请求的 Cloud Scheduler。 我只想允许来自项目内部的请求调用函数。但是，当我将入口设置设置为“仅允许内部流量”时，Cloud Scheduler 得到“PERMISSION_DENIED”

这是错误日志(已编辑)

httpRequest: {
  status: 403   
 }
 insertId: "insert_id"  

jsonPayload: {
  @type: "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished"   
  jobName: "projects/project_name/locations/location/jobs/cloud_scheduler_job"   
  status: "PERMISSION_DENIED"   
  targetType: "HTTP"   
  url: "https://location-project_name.cloudfunctions.net/cloud_function_name"   
 }
 logName: "projects/project_name/logs/cloudscheduler.googleapis.com%2Fexecutions"  
 receiveTimestamp: "2020-02-20T13:15:43.134508712Z"  

resource: {

labels: {
   job_id: "cloud_scheduler_name"    
   location: "location"    
   project_id: "project_id"    
  }
  type: "cloud_scheduler_job"   
 }
 severity: "ERROR"  
 timestamp: "2020-02-20T13:15:43.134508712Z"  
}

Link to UI options for ingressSettings

最佳答案

根据官方文档:

To use Cloud Scheduler your Cloud project must contain an App Engine app that is located in one of the supported regions. If your project does not have an App Engine app, you must create one.

Cloud Scheduler overview

因此，通过运行找到您的 App Engine 应用程序的位置:

gcloud app describe
#check for the locationId: europe-west2

然后确保使用 Ingress Settings 将云函数部署到与 App Engine 应用程序相同的位置“仅允许内部流量”。

我在与我的 App Engine 应用程序相同的区域部署了一个云功能，一切都按预期工作。

关于google-cloud-functions - ingressSettings = ALLOW_INTERNAL_ONLY 时如何从 Google Cloud Scheduler 调用 Google Cloud Function？，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/60321764/