Absolutely! You can set up a Pub/Sub topic/subscription in one Google Cloud project to send HTTP push requests to a Cloud Function—whether that function lives in the same project or a completely separate one. This is a distinct approach from the native Pub/Sub trigger (which does have cross-project limitations), so it’s a valid workaround for your use case.

Let’s break down how to make this work, especially addressing the INVALID_ARGUMENT error you’re seeing:

Key Requirements to Fix the Error & Get Push Working #

1. You Must Validate the Cloud Function Endpoint #

Pub/Sub requires endpoints to pass a validation check before it will send any messages. This is almost certainly the root cause of your INVALID_ARGUMENT error if you skipped this step.

When you create a push subscription, Pub/Sub will send a GET request to your Cloud Function’s URL with two query parameters: token and topic. Your function needs to:

• Detect this GET validation request
• Respond with a 200 OK status, and return the exact value of the token parameter

Here’s a quick Node.js example of how to handle this in your Cloud Function:

exports.targetFunction = (req, res) => {
  // Handle Pub/Sub validation request
  if (req.method === 'GET') {
    const validationToken = req.query.token;
    // Optional: Add checks here to verify the topic matches your expected topic
    res.status(200).send(validationToken);
    return;
  }

  // Handle actual Pub/Sub message payload
  const message = req.body.message;
  const payload = message.data ? Buffer.from(message.data, 'base64').toString() : '';
  console.log('Received push message:', payload);
  res.status(200).send('Message processed');
};

2. Configure Cross-Project Permissions (If Applicable) #

If your Pub/Sub subscription and Cloud Function are in different projects, you need to grant the Pub/Sub service account permission to invoke the function:

• Find the Pub/Sub service account for the project hosting your subscription: it follows the format service-<PROJECT_NUMBER>@gcp-sa-pubsub.iam.gserviceaccount.com
• In the Cloud Function’s project, add this service account to the Cloud Functions Invoker (roles/cloudfunctions.invoker) role

For same-project setups, this permission is often granted by default, but it’s worth double-checking if you still run into issues.

3. Use the Correct Push Subscription Configuration #

When creating your push subscription (via gcloud console, CLI, or API), ensure:

• The push_endpoint is the full URL of your Cloud Function (e.g., https://us-central1-my-function-project.cloudfunctions.net/my-target-function)
• If using OAuth2 authentication (recommended for security), specify the correct client_id associated with your Cloud Function’s project

Quick Recap #

The INVALID_ARGUMENT error typically stems from a failed endpoint validation or missing permissions. By implementing the validation logic in your function and setting up the correct cross-project roles (if needed), you’ll get the push delivery working smoothly between Pub/Sub and Cloud Function—regardless of which projects they’re in.

内容的提问来源于stack exchange，提问作者Forrest