If I already have Cloud Functions Admin role, why do I need Cloud Functions Invoker role to run cloud functions?
I have been assigned Cloud Functions Admin role in the IAM permissions settings. I have created a cloud function callable by HTTP. When I make the request it throws
Error: Forbidden
Your client does not have permission to get URL /<function name> from this server.
Apparently I have to add the Cloud Functions Invoker role to be able to call cloud functions, but this seems unnecessary since I'm already a Cloud Functions Admin, whose permissions surely encompass any held within Cloud Functions Invoker.
Is this strange behavior correct or have I taken a wrong turn?
I have now added Owner role aswell as Cloud Functions Admin and it still throws the same 403.
I have updated my CLI using npm install -g firebase-tools - now on v11.8.0.
I have added allUsers principal to have Cloud Functions Invoker.
I have checked any errors logged in the console and gcf-artifacts has failed as the Artifact Registry API is not active. Please enable the API and try again. - however when I check if the Artifact Registry API is enabled, it is.
I am now attempting to enable unauthenticated HTTP function invocation using this article however I can't find the Configuration panel within the google cloud console.
If you are experiencing the same issue and have already completed all of my troubleshooting above, delete your cloud function and redeploy it.
It's that simple.