I have a Cloud Function connected to my frontend. The problem is, I must to refresh the token and inject it on the headers on every call. I’m feel frustrated because the token expires in 1 hour and in production environment it is unmainteinable.
I was exploring the best way to remove the token auth and I found this command
gcloud run services add-iam-policy-binding [SERVICE_NAME] \
--member=**"allUsers"** \
--role=**"roles/run.invoker"**
I guess SERVICE_NAME means the name of my cloud function?
gcloud run services add-iam-policy-binding user-types \ –member=“allUsers” \ –role=“roles/run.invoker”
When I run that command it fails with the following message
(gcloud.run.services.add-iam-policy-binding) FAILED_PRECONDITION: One or more users named in the policy do not belong to a permitted customer, perhaps due to an organization policy.
I’m not pretty sure how to sort it out? What I should to grant or revoke?
I can see that you’re trying to eliminate token-based authentication for your Cloud Run services to prevent constant token renewals. Nonetheless, the gcloud run services add-iam-policy-binding command encounters a FAILED_PRECONDITION error, probably due to an organizational policy prohibiting unauthenticated access.
Here’s what you can do:
Check Org Policy
Run this to confirm if unauthenticated access is restricted, you may run thru this documentation.
Request Policy Update
If public access is required, ask your admin to allow roles/run.invoker for allUsers.
Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.
