Home > OS >  Error: Unauthorized: Your client does not have permission to the requested URL while sending gRPC re
Error: Unauthorized: Your client does not have permission to the requested URL while sending gRPC re

Time:10-28

I would like to deploy my grpc service to Cloud Run and send authenticated requests to it via Python3. I have followed various Documents regarding setting establishing authentication to Google Cloud Run Services and have been recieving grpc._channel._InactiveRpcError errors:

my client code is as follows:

#server_info='<service url>:443'
credentials, _ = google.auth.default()
request = google.auth.transport.requests.Request()
channel = google.auth.transport.grpc.secure_authorized_channel(
            credentials, request, server_info,
            ssl_credentials=grpc.ssl_channel_credentials())

stub = myClient_pb2_grpc.MyGrpcClientPBStub(channel)

I have assigned myself 'Cloud Run Invoker' role for this service. I am also the owner of the Service account associated with this service.

I ran gcloud auth application-default and executing client code produces the error:

grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNAUTHENTICATED
 debug_error_string = "UNKNOWN:Error received from peer  ipv4:xxx.xxx.xx.xx:443:

I have tried manually downloading the associated Service Account's .json key for this project and assigned it to the GOOGLE_APPLICATION_CREDENTIALS env variable. and executing client code produces the error:

grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
debug_error_string = "UNKNOWN:Error received from peer <service url>:443

Any pointers to properly authenticate would be greatly appreciated.

CodePudding user response:

It's confusing and it's poorly-documented.

The issue is that you need an ID token including an audience (claim) of the Cloud Run service's address. The credentials that you're getting from google.auth.credentials.Credentials provide an access token.

See this grpc_client.py and the associated README and note that the blog post he references is now here gRPC auth with OpenID Connect tokens.

NOTE It's unclear to my why you're getting a different error StatusCode.UNAUTHENTICATED when using using user credentials as Application Default Credentials (ADC) and StatusCode.UNAUTHORIZED when using a Service Account for ADC.

Page link:https//www.codepudding.com/os/591112.html

Prev:PropertyChanged called but UI doesn't update in MAUI
Next:How to make copy of a treeview nodes to another treeview
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding