johnnyrocket33
Reputation: 131
GCP Cloud Scheduler ERROR with status INTERNAL for an HTTP target
I have a Scheduler job that calls my function every 8 hours. The function is working without a problem and returning HTTP 200 status every time when the member is "allUsers" for the role roles/cloudfunctions.invoker. However, when I use my service account as the member via serviceAccount:${google_service_account.ServiceAccount.email}, this error appears:
{
insertId: "---"
jsonPayload: {
status: "INTERNAL"
@type: "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished"
targetType: "HTTP"
jobName: "projects/projectname/locations/asia-northeast1/jobs/Function_Name"
url: "https://asia-northeast1-projectname.cloudfunctions.net/Function_Name"
}
httpRequest: {
status: 500
}
resource: {
type: "cloud_scheduler_job"
labels: {
project_id: "projectname"
job_id: "Function_Name"
location: "asia-northeast1"
}
}
timestamp: "2021-05-24T08:14:39.131999796Z"
severity: "ERROR"
logName: "projects/projectname/logs/cloudscheduler.googleapis.com%2Fexecutions"
receiveTimestamp: "2021-05-24T08:14:39.131999796Z"
}
and the scheduler results to "Failed" instead of "Success.
How can I fix this error? The terraform version I'm using for Google Cloud Platform is 2.20.3. This is how the code looks like:
resource "google_cloud_scheduler_job" "test" {
name = "Function_Name_Schedule_Job"
description = "Triggers ${google_cloudfunctions_function.Function_Name.name} function every 8 hours."
time_zone = "Asia/Singapore"
schedule = "59 7,15,23 * * *"
region = "${var.Region}"
retry_config {
retry_count = 5
max_retry_duration = "520s"
}
http_target {
uri = "${google_cloudfunctions_function.Function_Name.https_trigger_url}"
oidc_token {
service_account_email = "${google_service_account.ServiceAccount.email}"
}
}
depends_on = ["google_cloudfunctions_function.Function_Name"]
}
Upvotes: 1
Views: 2294
Answers (1)
guillaume blaquiere
Reputation: 75715
You need to add the audience in the oidc_token definition. Equals to your Cloud FUnctions URL (without any additional path or argument)
oidc_token {
service_account_email = "${google_service_account.ServiceAccount.email}"
audience = "${google_cloudfunctions_function.Function_Name.https_trigger_url}"
}
Upvotes: 1
Related Questions
- Plan Error: Cloud Resource Manager API has not been used
- Bigquery Terraform Schedule queries deployment error
- Terraform GCS backend writing .tflock failed. 403 access denied
- Error creating Job: googleapi: Error 403: lacks IAM permission
- GCP Cloud Scheduler API Issues
- GCP Cloud Scheduler throws ERROR for a HTTP targettype
- Cannot deploy public api on Cloud Run using Terraform
- Cloud Scheduler Results Failed, Although Http Request still running
- How to fix "Error 400: Invalid value at 'job.pubsub_target.data' (TYPE_BYTES)" for terraform resource "google_cloud_scheduler_job"
- GCP compute_engine network interface terraform error