0

I am trying to call a cloud function which shuts down a VM Instance with: 

gcloud functions call stopInstancePubSub --data '{"data":"<instance data in base64>"}'

This works perfectly fine when I run it from my local machine or from gcloud console. But I need to be able to run it from inside the instance itself and when I try to do that, this is the error that gets thrown: 

ERROR: (gcloud.functions.call) ResponseError: status=[403], code=[Forbidden], message=[Request had insufficient authentication scopes.]

Essentially I want to be able to schedule a script to run daily (it'll run for about 2-3 hours). So I've used cloud scheduler to call the cloud function which starts the script at 12 AM every day, and it works, but I need to be able to shut down the instance (to avoid unnecessary charges being added) after the script finishes running. So, I need to be able to call the function from inside the instance itself.

Any other suggestions to achieve my goal would be highly appreciated.

4

1 回答 1

2

我相信您必须允许对作为服务帐户链接运行的实例上的所有云 API 的完全访问权限。

然后将必要的角色分配给服务帐户以调用云功能(roles/cloudfunctions.invoker)。

要更改范围,请在访问范围部分中,根据您的需要设置适当的范围。作为最佳实践,请仅指定您的 VM 实例所需的访问范围。如果您不确定要设置的正确访问范围,请选择允许完全访问所有 Cloud API,然后确保通过设置 IAM 角色来限制访问。

于 2019-12-11T21:48:08.083 回答