0

I am trying to know whether the cloud function URL is always responding or not, It is important to know the status of the URL and show it in GCP monitoring.

Is it possible to know whether it is active or not. If it is possible can anyone help me with sample code.

I am trying like below,

os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = "sa.json"

cf_url = f'https://{region}-{self.cf_project_id}.cloudfunctions.net/{self.cf_name}'

var1=requests.get(cf_url)

print(var1.status_code)

I am expecting this get call should give me status code 200 to know that the CF URL is up and fine. But I am getting status 403.

That Service account is having Cloud Function Viewer access!

Puteri
  • 3,348
  • 4
  • 12
  • 27
ash_ketchum12
  • 73
  • 6
  • SO is not a free code writing service so what you ask is not feasible here. Go and try something on your own and then comeback with any specific questions. – Puteri Jul 05 '22 at 16:53
  • Now, to what do you refer as "status of the URL"? That you get HTTP 200 responses to say it is okay? – Puteri Jul 05 '22 at 16:54
  • Please provide enough code so others can better understand or reproduce the problem. – Community Jul 05 '22 at 19:46
  • @FerreginaPelona, I am sorry earlier, In a hurry, I could not ask my question in a better way, I edited the question – ash_ketchum12 Jul 06 '22 at 17:19

1 Answers1

0

This is expected. You're getting HTTP 403 because your requests are not being authenticated.

Setting the GOOGLE_APPLICATION_CREDENTIALS variable to the Service Account will not automagically set the authentication headers.

In addition the role you need is Cloud Functions Invoker and NOT Cloud Function Viewer. Cloud Function Viewer is used to view the functions, not to trigger them.

You can try this as seen in this answer:

from google.oauth2 import service_account
from google.auth.transport.requests import AuthorizedSession


url = 'https://test-123456.cloudfunctions.net/my-cloud-function'

creds = service_account.IDTokenCredentials.from_service_account_file(
       '/path/to/service-account-credentials.json', target_audience=url)

authed_session = AuthorizedSession(creds)

# make authenticated request and print the response, status_code
resp = authed_session.get(url)
print(resp.status_code)
print(resp.text)

Or this code presented by Jonh Hanley here:

import json
import base64
import requests

import google.auth.transport.requests
from google.oauth2.service_account import IDTokenCredentials

# The service account JSON key file to use to create the Identity Token
sa_filename = 'service-account.json'

# Endpoint to call
endpoint = 'https://us-east1-replace_with_project_id.cloudfunctions.net/main'

# The audience that this ID token is intended for (example Google Cloud Functions service URL)
aud = 'https://us-east1-replace_with_project_id.cloudfunctions.net/main'

def invoke_endpoint(url, id_token):
    headers = {'Authorization': 'Bearer ' + id_token}

    r = requests.get(url, headers=headers)

    if r.status_code != 200:
        print('Calling endpoint failed')
        print('HTTP Status Code:', r.status_code)
        print(r.content)
        return None

    return r.content.decode('utf-8')

if __name__ == '__main__':
    credentials = IDTokenCredentials.from_service_account_file(
            sa_filename,
            target_audience=aud)

    request = google.auth.transport.requests.Request()

    credentials.refresh(request)

    # This is debug code to show how to decode Identity Token
    # print('Decoded Identity Token:')
    # print_jwt(credentials.token.encode())

    response = invoke_endpoint(endpoint, credentials.token)

    if response is not None:
        print(response)
Puteri
  • 3,348
  • 4
  • 12
  • 27