Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.
According to the documentation, for cloudfunctions v2 you need to assigned the roles/run.invoker role for custom SA or invokers.
By just assigning the cloudfunctions.invoker role, you still get permission denied when invoking the function.
edwardmedia
commented
1 year ago
Community Note
modular-magicianuser, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot, a community member has claimed the issue already.Terraform Version
1.3.3
Affected Resource(s)
https://github.com/GoogleCloudPlatform/terraform-google-cloud-functions/blob/main/main.tf
Terraform Configuration Files
resource "google_cloudfunctions2_function_iam_member" "invokers" {
According to the documentation, for cloudfunctions v2 you need to assigned the roles/run.invoker role for custom SA or invokers. By just assigning the cloudfunctions.invoker role, you still get permission denied when invoking the function.
see also: https://cloud.google.com/functions/docs/securing/authenticating#:~:text=Cloud%20Functions%20(2nd%20gen)%3A