I'm trying to setup a resource that triggers a Cloud Run Service.
It should be able to preform a POST request to the base url with a JSON payload.
The resource works fine if I set the authentication to Allow unauthenticated invocations, but I want to be the only to that's able to access it.
I have the resource set up like so:
where the connected service account has the appropriate permissions.
Is this misguided?
As far as I know, Cloud Run expects an identity token, which can be generated using the service account key. Is that what's being used to authenticate a request in such a case? I would assume not, since I keep getting the error:
Your client does not have permission to get URL / from this server.
Am I completely missing the mark here? Is there any way to do this?
Again, OAuth 2.0 doesn't work, since Cloud Run expects an identity token (gcloud auth print-identity-token), not an access token.
Any info or help is appreciated.