I would like to ask for the help of people familiar with Firebase functions. I am struggling with the problem that uploading the code via firebase cli fails. It was working a few days ago, I didn't change anything in the world, I mean through the configuration. And it gets stuck at a part where not even a code change was made. I have had this problem ever since the client set the editor role to the owner role. But in theory this shouldn't be a problem.
firebase deploy --debug returns this:
{"error":{"code":403,"message":"Unable to retrieve the repository metadata for projects/{projectname}/locations/us-central1/repositories/gcf-artifacts. Ensure that the Cloud Functions service account has 'artifactregistry.repositories.list' and 'artifactregistry.repositories.get' permissions. You can add the permissions by granting the role 'roles/artifactregistry.reader'.","status":"PERMISSION_DENIED"}}
I set it up but it still doesn't work. Maybe in the wrong place or I don't know. I only encountered similar problems on the net, but none of them helped. I do not know what to do. Artifactregistry api is also enabled.
firebase functions:log :
2022-11-09T22:15:55.891760Z E friendRequestNotification: {"#type":"type.googleapis.com/google.cloud.audit.AuditLog","status":{"code":7,"message":"Unable to retrieve the repository metadata for projects/{projectname}/locations/us-central1/repositories/gcf-artifacts. Ensure that the Cloud Functions service account has 'artifactregistry.repositories.list' and 'artifactregistry.repositories.get' permissions. You can add the permissions by granting the role 'roles/artifactregistry.reader'."},"authenticationInfo":{"principalEmail":"{email}"},"requestMetadata":{"callerIp":"{ip}","callerSuppliedUserAgent":"FirebaseCLI/11.16.0,gzip(gfe),gzip(gfe)","requestAttributes":{"time":"2022-11-09T22:15:56.055987Z","auth":{}},"destinationAttributes":{}},"serviceName":"cloudfunctions.googleapis.com","methodName":"google.cloud.functions.v1.CloudFunctionsService.CreateFunction","authorizationInfo":[{"resource":"projects/{projectname}/locations/us-central1/functions/friendRequestNotification","permission":"cloudfunctions.functions.create","granted":true,"authorizationLoggingOptions":{"permissionType":"ADMIN_WRITE"},"resourceAttributes":{}}],"resourceName":"projects/{projectname}/locations/us-central1/functions/friendRequestNotification","request":{"function":{"sourceUploadUrl":"https://storage.googleapis.com/uploads-760418412171.us-central1.cloudfunctions.appspot.com/6d1f7217-7899-484f-911c-1dbcb4512d8d.zip?GoogleAccessId=service-{}#gcf-admin-robot.iam.gserviceaccount.com&Expires={}","labels":{"deployment-tool":"cli-firebase","firebase-functions-hash":"{hash}"},"runtime":"nodejs16","dockerRegistry":"ARTIFACT_REGISTRY","entryPoint":"friendRequestNotification","name":"projects/{projectname}/locations/us-central1/functions/friendRequestNotification","eventTrigger":{"eventType":"providers/cloud.firestore/eventTypes/document.create","resource":"projects/{projectname}/databases/(default)/documents/users/{userId}/friends/{friendId}"}},"location":"projects/{projectname}/locations/us-central1","#type":"type.googleapis.com/google.cloud.functions.v1.CreateFunctionRequest"},"resourceLocation":{"currentLocations":["us-central1"]}}
I have already tried all options within the Google cloud iam&admin settings, but nothing.
Well, I solved the issue by updating my credit card. Basically, billing was disabled because my credit card was expired and all the permissions were disabled.
Try to enable the created artifacts for your project on Google Cloud Console
https://console.cloud.google.com/artifacts
Related
I have an issue related to Firestore, Hosting, and Cloud functions. I deployed a Nextjs application using the just-released experimental web framework support. I'm using Nextjs's Image API, and as expected, the Firebase CLI creates a cloud function for the project. Everything works fine at the start, but when I try to open a page in the application that reads some data from Firestore, it redirects to an auth page, which is unexpected.
Even when I auth with my Google account (since that's the logged-in user to the application), it returns a forbidden error and logs me out.
When I go back and try again, it returns a different error (most likely because I was logged out automatically).
I tried doing some research, and some people suggested adding an allUsers principal permission to Cloud functions, but that didn't work (Error: Principals of type allUsers and allAuthenticatedUsers cannot be added to this resource), and that's even insecure permission. Only authenticated users should be able to read data from the page as already configured in my Firestore security rules. So it's unclear what I need to do since Firebase created the Cloud function automatically or if this is related to my security rules and cloud functions.
What could be wrong? Everything works fine in my existing deployment setup to Netlify (where Edge functions are created automatically using their Nextjs plugin). I'm only trying to test the new Firebase web framework hosting features. Please let me know if you'd need me to provide some more context or debug files to better help you help me.
Thank you!
The message “ App requesting permission to access your google account “ pops up if the function runs in any region other than us-central1.
Currently, Firebase Hosting does not support Cloud Functions in any other regions, Except us-central1.
You can refer to this StackOverflow thread.
Doing some Firebase tests with users I change to ownership to another user and revoke it soon after, and with that I got the two users with "Edit" permission only and nobody with "Owner" permissions.
I tried through GCP console and API scripting to change that (even try using cloud functions) but I got always the message that I don't have permission, which is the expected behaviour.
I have a Gsuite account a GCP domain and both users are part of it. Any way to get this solved?
Help is really appreciated,
Rui
I realized that my service account credentials were posted to github so I decommissioned them and now I am no longer able to update my firebase functions.
This is the error I get:
functions: failed to create function functionName
HTTP Error: 400, Default service account '<APP_ID>#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.
I've tried numerous solutions to no avail.
disabling and enabling the Cloud Functions API
re initializing the sdk - using a newly generated service account. The firebase cli seems to still be using the old account which no longer exists.
I've contacted firebase support who suggested the second solution above and have been entirely unresponsive for days.
In case anyone has a similar issue I figured out how to fix it:
The key that was leaked was created here:
I assumed that I had to delete the entire account once that key was leaked, and didn't realize I could just delete that key from the same page:
Because I deleted the service account less than 30 days ago I was able to Restore the default service account
If you are outside of the 30-day window I don't think anyone can help you.
The deployment of your Cloud Function failed:
Missing necessary permission resourcemanager.projects.getIamPolicy for service-1044193269753#gcf-admin-robot.iam.gserviceaccount.com on resource projects/ourcafe-mucqxq. Please grant service-1044193269753#gcf-admin-robot.iam.gserviceaccount.com the Cloud Functions Service Agent role. You can do that by running 'gcloud iam service-accounts add-iam-policy-binding projects/ourcafe-mucqxq --member=service-1044193269753#gcf-admin-robot.iam.gserviceaccount.com --role=Cloud Functions Service Agent'
I bumped into this problem in Dialogflow Fulfillment. However, I didn't know how to figure it out, did someone know how to do that?
This picture is IAM
This picture is Service Account
I stumbled over the same message. It appears there's a typo in the gcloud command they give you: the role argument is missing the "roles/" prefix. This version worked for me:
gcloud projects add-iam-policy-binding ourcafe-mucqxq \
--member=serviceAccount:service-1044193269753#gcf-admin-robot.iam.gserviceaccount.com \
--role=roles/cloudfunctions.serviceAgent
Maybe you need to log out and back in.
Check all the small boxes in the login interface.
I feel like the answer is given to you. But I'm not sure. Have you tried running the command provided from the google cloud shell.
From your images the service account that is actually mentioned (service-1044193269753)does not have the role needed.
Read more on the Cloud functions service account here
I have a Firebase app, and I want to know if it's possible to restrict a Firebase Console user to access only to the "Authorizations" tab. (to CRUD users). The access must be by the Firebase (regular) Web Console
Especially, I don't want the user to see the database data via the web console. Is that possible? I've managed to give him access to the entire project, and he can do anything I can do (is an Admin).
I haven't found nothing about this in the docs / searching.
firebaser here
Collaborators on a project currently have access to the entire Firebase Console. You can limit to having read-only access, but you currently can't limit what panels they have access to.
We've heard the request before and know this would expand the usefulness of the Firebase Console. I recommend that your file a feature request, to add your vote.