0

I am trying to set up the cloud scheduler to trigger the cloud function. I set the frequency to 0 9 1 * *, target type http, url https://europe-west2-project_name.cloudfunctions.net/xxxxx.

And also I have added the `OIDC token, created the service account that invoke cloud function. When I try to run my cloud scheduler manually it fails and I get the following error

 {
httpRequest: {
status: 500
}
insertId: "132gtrbf1pw9rq"
jsonPayload: {
@type: "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished"
jobName: "projects/project_name/locations/europe-west2/jobs/cloud-scheduler-job"
status: "INTERNAL"
targetType: "HTTP"
url: "https://europe-west2-project_name.cloudfunctions.net/xxxx"
}
logName: "projects/project_name/logs/cloudscheduler.googleapis.com%2Fexecutions"
receiveTimestamp: "2023-06-28T07:37:31.684339045Z"
resource: {
labels: {3}
type: "cloud_scheduler_job"
}
severity: "ERROR"
timestamp: "2023-06-28T07:37:31.684339045Z"
}

I have been stuck with this issue for 2 days and I don't know how to resolve it. can anyone please help me?

updated:

{
insertId: "-r6s7cscbc"
logName: "projects/project-name/logs/cloudaudit.googleapis.com%2Fdata_access"
protoPayload: {
@type: "type.googleapis.com/google.cloud.audit.AuditLog"
authenticationInfo: {
principalEmail: "service-1234567890@gcf-admin-robot.iam.gserviceaccount.com"
}
requestMetadata: {
requestAttributes: {
time: "2023-06-27T18:17:21.627074Z"
auth: {
}}
destinationAttributes: {0}}
serviceName: "cloudfunctions.googleapis.com"
methodName: "google.cloud.functions.v1.CloudFunctionsService.GetFunction"
authorizationInfo: [
0: {
resource: "projects/project-name/locations/europe-west2/functions/cloud-function-name"
permission: "cloudfunctions.functions.get"
granted: true
resourceAttributes: {
}}]
resourceName: "projects/project-name/locations/europe-west2/functions/cloud-function-name"
resourceLocation: {
currentLocations: [
0: "europe-west2"
]}}
receiveTimestamp: "2023-06-27T18:17:21.927721083Z"
resource: {
labels: {
function_name: "cloud-function-name"
project_id: "project-name"
region: "europe-west2"
}
type: "cloud_function"
}
severity: "INFO"
timestamp: "2023-06-27T18:17:21.556303Z"
}

updated: python code

from google.cloud import storage
import zipfile
import datetime
import os

def move_files(data, context):
    source_bucket_name = 'source-input'
    destination_bucket_name = 'destination-input'
    client = storage.client()

    source_bucket = client.get_bucket(source_bucket_name)
    destination_bucket = client.get_bucket(destination_bucket_name)

    three_month_file = datetime.datetime.now() - datetime.timedelta(days=90)

    for blob in source_bucket.list_blobs(prefix='files/data/document'):
        blob_updated = blob.updated
        if blob_updated < three_month_file:
            #Create temporary local directory to store the zipped file
            temp_dir = 'temp'
            os.makedirs(temp_dir,exist_ok=True)

            #Store the file to the temporary local directory
            blob.store_filename(os.path.join(temp_dir,blob.name))
            #Zip the file
            zip_Name = os.path.join(temp_dir,f"{blob.name}.zip")
            with zipfile.ZipFile(zip_Name,'w') as zipfile_obj:
                zipfile_obj.write(os.path.join(temp_dir,blob.name),blob.name)

            #move the zipeed file to destination bucket
            destination_blob = destination_bucket.blob(f"{blob.name}.zip")
            destination_blob.upload_files(zip_Name)

            #Delete the original file and zipped file
            os.remove(os.path.join(temp_dir,blob.name))
            os.remove(zip_Name)

            #Delete the original from the source bucket
            blob.delete()
        #Remove the temporary local directory
        os.rmdir(temp_dir)
Suba
  • 25
  • 4
  • Can you make sure that you have given [required permissions to your service account](https://cloud.google.com/scheduler/docs/http-target-auth#set_up_the_service_account)? Also can you share your cloud function logs? – Roopa M Jun 28 '23 at 10:18
  • @RoopaM- updated the cloud function logs. – Suba Jun 28 '23 at 10:46
  • Can you also confirm service account has required permission? Also test your cloud function to check whether it is giving `200` or `500` status. If it is a issue with `cloud functions`, don't forgot to share the code. Also this could be due to header mismatch, check these threads : [thread1](https://stackoverflow.com/a/65263124/18265570) & [thread2](https://stackoverflow.com/a/60059921/18265570) – Roopa M Jun 29 '23 at 04:57
  • @RoopaM- I am getting 403 forbidden status (Your client does not have permission to get URL /xxxxx from this server) when I try to access my url. My service account has the 'cloud function invoker' role assigned to it, does it requires any other permission? – Suba Jun 29 '23 at 07:12
  • Are you using `1st gen` or `2nd gen` functions? If you're working with the 2nd gen Cloud Functions, you should grant the caller Service Account the `roles/run.invoker` role instead of `roles/cloudfunctions.invoker` – Roopa M Jun 29 '23 at 08:13
  • Also According to [document](https://cloud.google.com/scheduler/docs/http-target-auth#set_up_the_service_account) : ***Do not remove the default Cloud Scheduler service account from your project, or its Cloud Scheduler Service Agent (roles/cloudscheduler.serviceAgent) role. Doing so results in 403 responses to endpoints requiring authentication, even if your job's service account has the appropriate role.*** – Roopa M Jun 29 '23 at 08:18
  • @RoopaM - I am using 1st gen function. And I haven't removed my service account from project. Also, I have added my cloud function code pls have a look and let me know if you find any issue. – Suba Jun 29 '23 at 09:03
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/254298/discussion-between-suba-and-roopa-m). – Suba Jun 29 '23 at 10:03

0 Answers0