0

I have a Google Cloud Function that works perfectly when I test the Cloud Function from Firebase. I have set it to trigger from a Pub/Sub topic, and when I manually publish a message from the Google Pub/Sub Topic Messages form, my cloud function also correctly triggers.

However when I set up a Cloud Scheduler job, I define the schedule, using the same Region as the Pub/Sub topic, select Pub/Sub as the target type and then the proven Pub/Sub topic as the target, and create the job- and it fails every time. There is no payload to my message as it just triggers the function, so I enter "Hello there" as the message.

I have set up the App Engine default service account in the IAM settings to have all of these permissions:

Cloud Functions Admin
Cloud Scheduler Admin
Cloud Scheduler Service Agent
Editor
Firebase Admin
Firebase Realtime Database Service Agent
Pub/Sub Admin
Pub/Sub Publisher
Pub/Sub Subscriber
Service Account Token Creator

And still, I get this error in the logs:

{
insertId: "8w7lidfgug942"
jsonPayload: {
@type: "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished"
jobName: "projects/budget-app-d568a/locations/us-central1/jobs/RecurrenceButler"
pubsubTopic: "projects/budget-app-d568a/topics/firebase-schedule-checkRecurringPurchases-us-central1"
status: "UNAUTHENTICATED"
targetType: "PUB_SUB"
}
logName: "projects/budget-app-d568a/logs/cloudscheduler.googleapis.com%2Fexecutions"
receiveTimestamp: "2023-07-07T18:49:18.573174465Z"
resource: {
labels: {
job_id: "RecurrenceButler"
location: "us-central1"
project_id: "budget-app-d568a"
}
type: "cloud_scheduler_job"
}
severity: "ERROR"
timestamp: "2023-07-07T18:49:18.573174465Z"
}

I've tried re-creating the Cloud Scheduler Job, using a different service account, and nothing works. I even went through and followed the tutorial for creating a new Scheduled Job using the cron-job tutorial, and even that failed with the same error code.

In Cloud Functions, I can see that my cloud function is in a "1st gen" environment.

I have been pulling my hair out over this, what am I doing wrong? Cloud support is $500 a month and I am just a single developer, but this issue is causing a ton of problems.

Any help is greatly appreciated, thanks!

Keith Lavoie
  • 15
  • 6
  • The key to your problem is `status: "UNAUTHENTICATED"`. That means no credentials. Your post does no show how you are adding authorization. Maybe this [question and answers](https://stackoverflow.com/q/61235853/8016720) will help. – John Hanley Jul 07 '23 at 20:01
  • I read that but it didn't seem to apply; I am not targeting an HTTP target, this is a pub/sub topic. – Keith Lavoie Jul 07 '23 at 22:30
  • You still must use credentials. Edit your post and show how you are authorizing Cloud Scheduler. The link I provided has examples. – John Hanley Jul 07 '23 at 22:52
  • I dont understand, are the credentials not linked to the service account that I am using for the Cloud Scheduler? From the documentation I read, the Cloud Scheduler uses App Engine default service account, which I gave all the role permissions in my post. "When you're using "Pub/Sub" as your target, the Cloud Scheduler publishes messages to the specified Pub/Sub topic and the authorization is managed through Pub/Sub. This means that you need to ensure the service account associated with your Cloud Scheduler has the correct Pub/Sub roles, such as roles/pubsub.publisher." – Keith Lavoie Jul 08 '23 at 01:55
  • You might want to consider this [documentation](https://cloud.google.com/scheduler/docs/tut-pub-sub#create_a_job). It is also a good thing to follow @John Hanley recommendation to edit your post and show on how you authorize your Cloud Scheduler. – DominicT Jul 13 '23 at 20:38

0 Answers0