Google Cloud Queue Tasks resolves with PERMISSION_DENIED(7): HTTP status code 403

Question

I'm using Google Cloud Queue tasks in my project where I'm able to create tasks that are added to my Queue in a scheduled time, but when the tasks are executed it throws: Google PERMISSION_DENIED(7): HTTP status code 403. Error screenshot

I followed the guidance from Google Cloud Tasks documentation, but there is something missing with permissions. Guide

I'm using the createHttpTask function that they provide as example in the https://www.npmjs.com/package/@google-cloud/tasks library.

const task = {
    httpRequest: {
      headers: {
        "Content-Type": "application/json",
        Authorization: "Bearer 'xxx'"
      },
      httpMethod: "POST",
      url,
      body: Buffer.from(JSON.stringify(body)).toString("base64"),
      oidcToken: {
        serviceAccountEmail,
        audience: url
      }
    }
  };

As you can see I added the serviceAccount and the audience in the task request

I created a new service account with this roles: Service account

I also enable the Google Tasks API, and I have another service account with this permissions Default Google API Tasks service account: Google Task API service account

Is there any other permissions that I'm missing? Or am I missing a step?

Thanks a lot

Is the service account that you use in the same project as the task queue? — guillaume blaquiere, Feb 01 '23 at 08:44
@guillaumeblaquiere is there any other hint you can give us? — roundrobin, Feb 02 '23 at 09:26
Do you have a service account in that form in the IAM page (activate the google manage service account list) `service-@gcp-sa-cloudtasks.iam.gserviceaccount.com`. If so, what is the roles of it? — guillaume blaquiere, Feb 02 '23 at 20:29
Another question, are you trying to reach a Cloud Functions gen2 or gen1 with your task? — guillaume blaquiere, Feb 02 '23 at 20:30

Google Cloud Queue Tasks resolves with PERMISSION_DENIED(7): HTTP status code 403

0 Answers0