'Getting UNAUTHENTICATED Firebase scheduled functions

I've created a simple project in firebase and i wanted to try scheduled functions: https://firebase.google.com/docs/functions/schedule-functions

After deploy I'm using Cloud Scheduler to test it but I'm getting result: failed.

Logs:

{ jsonPayload: { jobName: xxxxxxx/jobs/firebase-schedule-scheduletest-us-central1" status: "UNAUTHENTICATED" pubsubTopic: "xxxxxxxx/firebase-schedule-scheduletest-us-central1" @type: "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished" targetType: "PUB_SUB" } resource: { type: "cloud_scheduler_job" labels: {3} } timestamp: "2020-12-08T04:56:44.442003070Z" severity: "ERROR" logName: "xxxxxxxxx/logs/cloudscheduler.googleapis.com%2Fexecutions" receiveTimestamp: "2020-12-08T04:56:44.442003070Z" }

I've also tried this without luck:

https://cloud.google.com/functions/docs/securing/managing-access-iam#allowing_unauthenticated_function_invocation

I'm Using firestore db, Blaze Plan is enabled

Update

It fixed by itself ... this is the answer from Firebase support:

There is not much to share regarding this issue, it was not possible to replicate it, but there is a possible cause: if the Cloud Function uses a custom service account, it could be causing the "UNAUTHENTICATED" error message if it doesn't have the proper IAM configuration. By default, Cloud Functions use the AppEngine default service account, but if you are using a different one, please try one of the following:

a) Revert the Cloud Function to use the default service account (and verify that it has the "Editor" role), and redeploy the Cloud Function b) Make sure that the custom service account has the required role: this is a little tricky, but try adding the role "cloudfunctions.serviceAgent" to it, and redeploy the Cloud Function

Now, in case it doesn't work, or there is no custom service account used in the Cloud Functions, please share with me the code snippet showing how the Scheduled Cloud Function is created, to investigate further.



Solution 1:[1]

For the people getting here, we've to redeploy the cloud function/scheduler job if we made any modification to the service account.

I had a similar issue with cloud scheduler job which had the following error while invoking a cloud function.

{"@type":"type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished", "jobName":"projects/project-id-XXXX/locations/us-east4/jobs/jobName", "status":"UNAUTHENTICATED", "targetType":"HTTP", "url":"https://us-east4-project-id-XXXX.cloudfunctions.net/functionName"}

Service account used to trigger cloud function was missing the Cloud Functions Invoker permission. but just adding the role to the service account didn't resolve the issue.

Following are the steps i'd followed to resolve the same

  1. Added Cloud Functions Invoker role to the service account.
  2. Redeployed the cloud function.
  3. Created a new job from the existing one(using the copy job option in cloud scheduler.)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Dharman