Genesys Cloud - Developer Community!

 View Only

Sign Up

  • 1.  Google Functions gen2

    Posted 20 days ago

    Dear colleagues,

    In our Organization we use Google Functions for some checks and automations. We invoke them via Data Actions. The full mechanism worked fine till the moment Google migrated to Gen 2 Cloud Run and a new Organizational policy was implemented in our Google environment. In the past we invoked the Functions unauthenticated, but now IAM authentication is mandatory. The old Functions are running, but I cannot invoke a newly created from Genesys.

    I wrote already several months ago about this issue. Does anybody have any update about the issue? When will Genesys solve it?

    Best regards,

    Borislav


    #ArchitectandDesign

    ------------------------------
    Borislav Taskov
    ------------------------------


  • 2.  RE: Google Functions gen2

    Posted 20 days ago

    Hello Borislav, 

    I have moved your question to the Genesys Cloud - Developer Community. Hopefully one of the experts there will be able to assist you with this. I'm tagging @Jason Mathison to see if they have any update on their research from the previous thread.



    ------------------------------
    Jason Kleitz
    Online Community Manager/Moderator
    ------------------------------

    Original Message


  • 3.  RE: Google Functions gen2

    Posted 20 days ago

    Hi Borislav,

    You are likely hitting a platform compatibility gap between the current Genesys Google Data Actions integration and Google Cloud Functions Gen 2 (Cloud Run functions) with mandatory IAM authentication.

    From what is publicly documented today, Genesys guidance for Google Data Actions is still focused on Cloud Functions 1st gen (including permissions such as cloudfunctions.functions.call and cloudfunctions.function.invoke) and the trigger URL model. The docs do not clearly describe native support for invoking Gen 2 / Cloud Run functions that require Cloud Run IAM auth (roles/run.invoker) plus a Google-signed ID token. ()

    Because Cloud Run authenticated endpoints require:

    • the caller principal to have Cloud Run Invoker permission, and

    • the request to include a Google-signed ID token (OIDC), not just a standard access token, ()

    the previous approach that worked for unauthenticated (or older 1st gen) functions may fail for newly created Gen 2 functions.

    Practical options (current workaround paths)

    1. Keep using Cloud Functions 1st gen for this integration path (if still allowed in your org), following Genesys' documented model. ()

    2. Use an intermediate proxy/service (e.g., API Gateway / another service) that Genesys can call, and let that component invoke Cloud Run with the required ID token.

    3. If policy allows, expose a controlled endpoint (not preferred) and apply compensating controls (IP restrictions, validation, signed payloads, etc.).

    4. Open / track a Genesys Care case or Product Idea to request explicit support for Cloud Run Gen 2 IAM-authenticated invocation (OIDC ID token for run.invoker).

    About "when will Genesys fix this?"

    At the moment, I'm not aware of a public ETA or release commitment for native support for this specific Cloud Run Gen 2 IAM invocation scenario. I would recommend raising a Care case and asking Product/Engineering to confirm roadmap status.



    ------------------------------
    Alex Sander Felicio
    ------------------------------

    Original Message


  • 4.  RE: Google Functions gen2

    Posted 19 days ago

    Hello,

    Richard Schott provided an update in this other post yesterday (answer at the bottom of the thread): https://community.genesys.com/discussion/no-access-to-google-cloud-run-functions-v2

    Regards,



    ------------------------------
    Jerome Saint-Marc
    Senior Development Support Engineer
    ------------------------------

    Original Message


Related Content