I have seen many questions in invoking cloud functions from AppScript, but I am unable to invoke the function from any of those methods. Here are the things I have already checked:
[x] - Invoke successful from Google Cloud Testing Tab
[x] - Invoke successful from command line: curl <CLOUD_FUNCTION_URI> -H "Authorization: bearer $(gcloud auth print-identity-token)"
[x] - Invoke successful from Call API: gcloud functions call YOUR_FUNCTION_NAME --data '{"name":"Keyboard Cat"}'
[x] - Invoke successful from Python client library:
from modules.cloudInvoker import CloudFunctionInvoker
from os import environ
uri = environ['URI']
invoker = CloudFunctionInvoker(service_account_path=r'secrets/service.json',
endpoint=uri)
if __name__ == '__main__':
response = invoker.session.post(uri,json={
"test":True
})
print(response)
where my invoker Class looks like this:
from google.oauth2 import service_account
from google.auth.transport.requests import AuthorizedSession
class CloudFunctionInvoker:
def __init__(self,service_account_path:str,endpoint:str)->None:
try:
self.path = service_account_path
self.creds = service_account.IDTokenCredentials.from_service_account_file(service_account_path, target_audience=endpoint)
self.session = AuthorizedSession(self.creds)
except Exception as e:
raise(e)
def updateEndpoint(self,new_endpoint:str)->None:
try:
self.creds = service_account.IDTokenCredentials.from_service_account_file(self.path, target_audience=new_endpoint)
self.session = AuthorizedSession(self.creds)
except Exception as e:
raise(e)
But when I try to invoke the same function using app script as shown below:
const cloudFunctionInvoker = (payload,cloud_function_uri) => {
const token = ScriptApp.getIdentityToken();
// const token = ScriptApp.getOAuthToken();
const headers = { "Authorization": "Bearer " + token };
const options = {
"method": "post",
"headers": headers,
"muteHttpExceptions": true,
"contentType": "application/json",
"payload": JSON.stringify(payload||{})
};
const response = UrlFetchApp.fetch(cloud_function_uri, options);
try{
const response_object = JSON.parse(response.getContentText());
console.log(response_object);
}
catch(e) {
console.log("Error = ", e.message);
console.log(response.getContentText());
}
}
I get a 401 unauthorized error.
I have tried using both identity token and OAuth token, but none of them works.
Additionally, I have also set up my manifest.json to include scopes:
"oauthScopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/script.external_request"
],
Finally, I changed my project to work within the google cloud project environment:
But none of these worked for me. Here's the command I used to deploy my cloud function:
gcloud functions deploy <function_name> --entry-point main --runtime python39 --source . --timeout 540 --trigger-http
Allow unauthenticated invocations of new function <function_name>?
(y/N)? n
WARNING: Function created with limited-access IAM policy. To enable unauthorized access consider `gcloud alpha functions add-iam-policy-binding <function_name> --region=us-central1 --member=allUsers --role=roles/cloudfunctions.invoker`
I wrote an article on that topic, but focus on Cloud Run.
The security principle on Cloud Run and Cloud Functions is the same (the same underlying infrastructure is shared between both). So you should be able to achieve what you want with that article. If not, let me know I will help you.
I am using a Cloud Function to call another Cloud Function on the free spark tier.
Is there a special way to call another Cloud Function? Or do you just use a standard http request?
I have tried calling the other function directly like so:
exports.purchaseTicket = functions.https.onRequest((req, res) => {
fetch('https://us-central1-functions-****.cloudfunctions.net/validate')
.then(response => response.json())
.then(json => res.status(201).json(json))
})
But I get the error
FetchError: request to
https://us-central1-functions-****.cloudfunctions.net/validate
failed, reason: getaddrinfo ENOTFOUND
us-central1-functions-*****.cloudfunctions.net
us-central1-functions-*****.cloudfunctions.net:443
Which sounds like firebase is blocking the connection, despite it being a google owned, and therefore it shouldn't be locked
the Spark plan only allows outbound network requests to Google owned
services.
How can I make use a Cloud Function to call another Cloud Function?
You don't need to go through the trouble of invoking some shared functionality via a whole new HTTPS call. You can simply abstract away the common bits of code into a regular javascript function that gets called by either one. For example, you could modify the template helloWorld function like this:
var functions = require('firebase-functions');
exports.helloWorld = functions.https.onRequest((request, response) => {
common(response)
})
exports.helloWorld2 = functions.https.onRequest((request, response) => {
common(response)
})
function common(response) {
response.send("Hello from a regular old function!");
}
These two functions will do exactly the same thing, but with different endpoints.
To answer the question, you can do an https request to call another cloud function:
export const callCloudFunction = async (functionName: string, data: {} = {}) => {
let url = `https://us-central1-${config.firebase.projectId}.cloudfunctions.net/${functionName}`
await fetch(url, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ data }),
})
}
(Note we are using the npm package 'node-fetch' as our fetch implementation.)
And then simply call it:
callCloudFunction('search', { query: 'yo' })
There are legitimate reasons to do this. We used this to ping our search cloud function every minute and keep it running. This greatly lowers response latency for a few dollars a year.
It's possible to invoke another Google Cloud Function over HTTP by including an authorization token. It requires a primary HTTP request to calculate the token, which you then use when you call the actual Google Cloud Function that you want to run.
https://cloud.google.com/functions/docs/securing/authenticating#function-to-function
const {get} = require('axios');
// TODO(developer): set these values
const REGION = 'us-central1';
const PROJECT_ID = 'my-project-id';
const RECEIVING_FUNCTION = 'myFunction';
// Constants for setting up metadata server request
// See https://cloud.google.com/compute/docs/instances/verifying-instance-identity#request_signature
const functionURL = `https://${REGION}-${PROJECT_ID}.cloudfunctions.net/${RECEIVING_FUNCTION}`;
const metadataServerURL =
'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity?audience=';
const tokenUrl = metadataServerURL + functionURL;
exports.callingFunction = async (req, res) => {
// Fetch the token
const tokenResponse = await get(tokenUrl, {
headers: {
'Metadata-Flavor': 'Google',
},
});
const token = tokenResponse.data;
// Provide the token in the request to the receiving function
try {
const functionResponse = await get(functionURL, {
headers: {Authorization: `bearer ${token}`},
});
res.status(200).send(functionResponse.data);
} catch (err) {
console.error(err);
res.status(500).send('An error occurred! See logs for more details.');
}
};
October 2021 Update: You should not need to do this from a local development environment, thank you Aman James for clarifying this
Despite of the question tag and other answers concern the javascript I want to share the python example as it reflects the title and also authentification aspect mentioned in the question.
Google Cloud Function provide REST API interface what incluse call method that can be used in another Cloud Function.
Although the documentation mention using Google-provided client libraries there is still non one for Cloud Function on Python.
And instead you need to use general Google API Client Libraries. [This is the python one].3
Probably, the main difficulties while using this approach is an understanding of authentification process.
Generally you need provide two things to build a client service:
credentials ans scopes.
The simpliest way to get credentials is relay on Application Default Credentials (ADC) library. The rigth documentation about that are:
https://cloud.google.com/docs/authentication/production
https://github.com/googleapis/google-api-python-client/blob/master/docs/auth.md
The place where to get scopes is the each REST API function documentation page.
Like, OAuth scope: https://www.googleapis.com/auth/cloud-platform
The complete code example of calling 'hello-world' clound fucntion is below.
Before run:
Create default Cloud Function on GCP in your project.
Keep and notice the default service account to use
Keep the default body.
Notice the project_id, function name, location where you deploy function.
If you will call function outside Cloud Function environment (locally for instance) setup the environment variable GOOGLE_APPLICATION_CREDENTIALS according the doc mentioned above
If you will call actualy from another Cloud Function you don't need to configure credentials at all.
from googleapiclient.discovery import build
from googleapiclient.discovery_cache.base import Cache
import google.auth
import pprint as pp
def get_cloud_function_api_service():
class MemoryCache(Cache):
_CACHE = {}
def get(self, url):
return MemoryCache._CACHE.get(url)
def set(self, url, content):
MemoryCache._CACHE[url] = content
scopes = ['https://www.googleapis.com/auth/cloud-platform']
# If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set,
# ADC uses the service account file that the variable points to.
#
# If the environment variable GOOGLE_APPLICATION_CREDENTIALS isn't set,
# ADC uses the default service account that Compute Engine, Google Kubernetes Engine, App Engine, Cloud Run,
# and Cloud Functions provide
#
# see more on https://cloud.google.com/docs/authentication/production
credentials, project_id = google.auth.default(scopes)
service = build('cloudfunctions', 'v1', credentials=credentials, cache=MemoryCache())
return service
google_api_service = get_cloud_function_api_service()
name = 'projects/{project_id}/locations/us-central1/functions/function-1'
body = {
'data': '{ "message": "It is awesome, you are develop on Stack Overflow language!"}' # json passed as a string
}
result_call = google_api_service.projects().locations().functions().call(name=name, body=body).execute()
pp.pprint(result_call)
# expected out out is:
# {'executionId': '3h4c8cb1kwe2', 'result': 'It is awesome, you are develop on Stack Overflow language!'}
These suggestions don't seem to work anymore.
To get this to work for me, I made calls from the client side using httpsCallable and imported the requests into postman. There were some other links to https://firebase.google.com/docs/functions/callable-reference there were helpful. But determining where the information was available took a bit of figuring out.
I wrote everything down here as it takes a bit of explaining and some examples.
https://www.tiftonpartners.com/post/call-google-cloud-function-from-another-cloud-function
Here's an inline version for the 'url' might expire.
This 'should' work, it's not tested but based off of what I wrote and tested for my own application.
module.exports = function(name,context) {
const {protocol,headers} = context.rawRequest;
const host = headers['x-forwardedfor-host'] || headers.host;
// there will be two different paths for
// production and development
const url = `${protocol}://${host}/${name}`;
const method = 'post';
const auth = headers.authorization;
return (...rest) => {
const data = JSON.stringify({data:rest});
const config = {
method, url, data,
headers: {
'Content-Type': 'application/json',
'Authorization': auth,
'Connection': 'keep-alive',
'Pragma': 'no-cache,
'Cache-control': 'no-cache',
}
};
try {
const {data:{result}} = await axios(config);
return result;
} catch(e) {
throw e;
}
}
}
This is how you would call this function.
const crud = httpsCallable('crud',context);
return await crud('read',...data);
context you get from the google cloud entry point and is the most important piece, it contains the JWT token needed to make the subsequent call to your cloud function (in my example its crud)
To define the other httpsCallable endpoint you would write an export statement as follows
exports.crud = functions.https.onCall(async (data, context) => {})
It should work just like magic.
Hopefully this helps.
I found a combination of two of the methods works best
const anprURL = `https://${REGION}-${PROJECT_ID}.cloudfunctions.net/${RECEIVING_FUNCTION}`;
const metadataServerURL =
'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity?audience=';
const tokenUrl = metadataServerURL + anprURL;
// Fetch the token
const tokenResponse = await fetch(tokenUrl, {
method: "GET"
headers: {
'Metadata-Flavor': 'Google',
},
});
const token = await tokenResponse.text();
const functionResponse = await fetch(anprURL, {
method: 'POST',
headers: {
"Authorization": `bearer ${token}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({"imageUrl": url}),
});
// Convert the response to text
const responseText = await functionResponse.text();
// Convert from text to json
const reponseJson = JSON.parse(responseText);
Extending the Shea Hunter Belsky's answer I would love to inform you that the call to the metatdata server of google to fetch the authorization token would not work from local machine
Since fetch is not readily available in Node.JS and my project was already using the axios library, I did it like this:
const url = `https://${REGION}-${PROJECT_ID}.cloudfunctions.net/${FUNCTION_NAME}`;
const headers = {
'Content-Type': 'application/json',
};
const response = await axios.post(url, { data: YOUR_DATA }, { headers });
I'm using GCP's cloud function. What I want to achieve is to output logs by log4js.
I know and have tried that using console.xxx() works well.
Environment:
- Google Cloud Functions
- Functions-framework
- nodejs10 as Runtime
logger.js
const log4js = require('log4js');
const logger = exports = module.exports = {};
log4js.configure({
appenders: {
out: { type: 'console' },
trail: {
type: 'dateFile',
filename: './logs/trail',
pattern: '-yyyy-MMdd-hh.log',
alwaysIncludePattern: true
}
},
categories: {
default: { appenders: [ 'out' ], level: 'info' },
trail: { appenders: [ 'trail' ], level: 'DEBUG' }
}
})
logger.trail = log4js.getLogger('trail')
index.js
const { logger } = require('./logger');
exports.spTest = (pubSubEvent, context) => {
console.log('console.log should appear'); // => properly logged
logger.trail.error('logger should appear'); => doesn't show up
};
Thanks in advance!
According to the oficial documentation link:
Cloud Logging is part of the Google Cloud's operations suite of
products in Google Cloud. It includes storage for logs, a user
interface called the Logs Viewer, and an API to manage logs
programmatically.
Also Custom StackDriver logs
Cloud Functions logs are backed by StackDriver Logging. You can use
the StackDriver Logging library for Node.js to log events with
structured data, enabling easier analysis and monitoring.
const { Logging } = require('#google-cloud/logging');
// ...
// Instantiate the StackDriver Logging SDK. The project ID will
// be automatically inferred from the Cloud Functions environment.
const logging = new Logging();
const log = logging.log('my-custom-log-name');
// This metadata is attached to each log entry. This specifies a fake
// Cloud Function called 'Custom Metrics' in order to make your custom
// log entries appear in the Cloud Functions logs viewer.
const METADATA = {
resource: {
type: 'cloud_function',
labels: {
function_name: 'CustomMetrics',
region: 'us-central1'
}
}
};
// ...
// Data to write to the log. This can be a JSON object with any properties
// of the event you want to record.
const data = {
event: 'my-event',
value: 'foo-bar-baz',
// Optional 'message' property will show up in the Firebase
// console and other human-readable logging surfaces
message: 'my-event: foo-bar-baz'
};
// Write to the log. The log.write() call returns a Promise if you want to
// make sure that the log was written successfully.
const entry = log.entry(METADATA, data);
log.write(entry);index.js
Therefore, I do not think you can use log4js on Cloud Functions.
My Google Actions project points to a Google Cloud Function as a webhook. In the google cloud function I am able to create the conversation responses using conv.ask(...).
However, what I am trying to do is: build a generic conversation content framework that resides on another server (also google cloud function) where I would like to compose the response and send it back to the webhook function.
The relevant code in both these servers are like this:
// in the webhook function
app.intent('actions.intent.MAIN', (conv, input) => {
// here I would like to call the second google function by
// passing, say, the input and receiving a response that can
// be passed on to the conv
// something like
// assume request-promise is being used
//
var options = {
method: 'POST',
uri: '..',
body: {...},
json: true
};
rp(options)
.then(resp => {
conv.ask(resp) // this is what I would like to do
});
});
In the second Google Functions server, I am using express as middleware. Here on some logic templated responses get built
const ..
const {
SimpleResponse,
BasicCard,
...
} = require('actions-on-google');
...
const express = require('express');
var app = express();
...
app.post('/main', function(req, res, next) {
// here I would like to compose the response
// and send it to the earlier function
var convresp = new SimpleResponse({...});
..
res.send(convresp);
// this seems to be only sending the json
// and causes the receiving response to give an error
// when applying to conv.ask in the above code
});
Question is: how should the response be sent from the second function so that it can be "pasted" to the conv.ask functionality in the first function?. Thanks
I'm using this function from the Azure Blob Service library: https://azure.github.io/azure-storage-node/global.html#createBlobService
But its not allowing me to, When specifying the environmental variables in environment.ts it throws up this error: ERROR Error: Credentials must be provided when creating a service client.
And when trying to pass in the ConnectionString it throws this error: ERROR TypeError: crypto.createHmac is not a function
var azure = require('azure-storage');
var bs = azure.createBlobService();
bs.createContainerIfNotExists('taskcontainer', {
publicAccessLevel: 'blob'
}, function(error, result, response) {
if (!error) {
console.log("True");
// if result = true, container was created.
// if result = false, container already existed.
}
});
Has anyone had this problem before? would be great to see a solution
you should provide account name and storage key something like this:
var blobService = azure.createBlobService(environment.storage_account_name, environment.storage_key);