Help with Security in Cloud Functions

[Miguel Pagan Murphy]

Hi,

I'm a newbie to cloud functions. I'm using them for a web app, and was surprised to see that when deployed they are completely public.

Is there no way to secure them without doing it in the function in itself? Maybe by means of a service account or something similar. If you can't, what would be the correct way to protect a REST cloud function endpoint? 

The most relevant article i've found is this one, and it doesn't give me very much hope:

https://stackoverflow.com/questions/46358013/secure-google-cloud-functions-http-trigger-with-auth

Thanks,

Miguel Pagán Murphy

[George (Cloud Platform Support)]

Hello Miguel, 

Your concern is legitimate, and you should be able to restrict access to your deployed functions. Work is being done and a solution under way. You may check the "Provide Authentication / Access Control" feature request in the Public Issue Tracker. Progress towards eventual implementation my be followed in that issue. You are welcome to formulate related concerns, or provide more detail on your requirements. Posting this information in the mentioned feature request is more effective, and your concerns would reach Engineering directly. 

[Miguel Pagan Murphy]

Hi Geroge,

Thank you so much for your fast response. I registered for the alpha and it seems like it's going in the right direction, :).

Thanks again,

Miguel.