Serverless tip #5 — How to invoke a secured Cloud Run service locally

📅 December 11, 2019 — by Guillaume Laforge

Requirements:

an existing Google Cloud Platform account with a project
you have enabled the Cloud Run service and already deployed a container image
your local environment’s gcloud is already configured to point at your GCP project

By default, when you deploy a Cloud Run service, it is secured by default, unless you use the –allow-unauthenticated flag when using the gcloud command-line (or the appropriate checkbox on the Google Cloud Console).

But once deployed, if you want to call it locally from your development machine, for testing purpose, you’ll have to be authenticated.

If you look at the Cloud Console, alongside the URL of the service, you can hover the little icon next to the URL, and you’ll see the a pop-up showing how you can invoke that service with a curl command:

curl -H \
    "Authorization: Bearer $(gcloud auth print-identity-token)" \
    https://authenticated-x2rq3lgmra-uc.a.run.app

Note how a bearer token generated by the gcloud command is passed as header to the curl request.

More information

https://cloud.run, the serverless container platform
Authentication overview documentation
Unauthenticated invocations of your services
gcloud auth print-identity-token

← PREVIOUS
8 production-ready features you'll find in Cloud Run fully managed

NEXT →
Serverless tip #6 — Create a mini web API with Cloud Functions