Hi @MarioMont ,
Welcome to Google Cloud Community!
Right now, the Invoker feature doesn’t play nice with the Domain Restricted Sharing (DRS) settings in GCP, making it tough to create public-facing Cloud Run Functions. DRS blocks any IAM policies that include members like allUsers, which is a real headache for those looking to make their services publicly accessible.
The current workaround requires customers to exempt their projects from the org policy by resetting it to default at the project level. Unfortunately, this doesn’t let you manage public access on a service-by-service basis, which isn’t ideal.
You can file this in the public issue tracker, but just a heads-up—there’s no specific timeline for when it will be resolved. If you’re looking for a specific workaround or need something more immediate, you may reach out to Google Cloud Support.
I hope the above information is helpful.