Is it possible to add a member to a Firebase project with Firebase CLI ? Or with a Firebase API ?
That's not possible with Firebase CLI or Firebase Management API but Google Cloud IAM API might be useful. I have not tried it myself but you can try adding a new principal with Firebase Admin or Firebase Viewer roles.
Related
I want to extend an existing GCP project with a Firebase Realtime Database.
According to the Firebase documentation,
all Firebase projects are internally hosted on GCP
it is possible to use Firebase features directly from a GCP project,
so I went to the Marketplace and found the corresponding product page there.
Unlike other product pages, this one doesn't have an "Enable" button on it but rather "Get started for free".
This button does nothing, no response at all. Any deas?
You can just go to the Firebase console and from there you will be able to use Firebase Realtime Database for the same project.
It is not possible to use all the features of Firebase directly on Google Cloud Platform, but you will find common products as Storage and Cloud Functions i.e. that are shared between Firebase and Cloud Platform
Permissions recommended for the Cloud Build service account in the official Google documentation and the Firebase CLI community builder docs are insufficient:
In the permissions table, locate the email ending with #cloudbuild.gserviceaccount.com, and click on the pencil icon.
Add Cloud Build Service Account, Firebase Admin and API Keys Admin roles.
I still get the following error in Cloud Build when I do firebase deploy:
Error: HTTP Error: 403, The caller does not have permission
What I've tried is different Firebase IAM roles, Editor, and Owner. So far only the Owner role works. That is way too much privilege for a Cloud Build service account, and violates the least-privilege model.
Everything is in the same Google Cloud project.
Anyone know how to troubleshoot this? Or know which role/permission is missing?
For our project (which uses Firestore, Functions, Hosting, and Storage extensively) here is the list we came up with. Critically I wanted to avoid "Firebase Admin" because I did not want this service account to have access to read/write my Firestore data:
Artifact Registry Administrator
Cloud Build Service Account
Cloud Datastore Index Admin
Cloud Functions Admin
Cloud RuntimeConfig Admin
Cloud Scheduler Admin
Firebase Hosting Admin
Firebase Rules Admin
Pub/Sub Admin
Service Account User
tl;dr seems like it was "an accidental permission expansion" that has been corrected.
I am able restrict the roles to:
Cloud Build Service Account
Firebase Admin
API Keys Admin
I can't figure it out which role/s do I need to have on one of my client's Google Cloud Platform, to do the following:
- Connect and Manage a Firestore database to their Firebase app.
- Use the Google Cloud Firestore API from an external app.
There are so many roles... Any help? :)
I have already Firebase Analytics Admin but when I tried to access the Firestore through Firebase I get the message "To manage Cloud Firestore, ask a project owner for the necessary permissions".
Thanks!
According to the Firebase product-category predefined roles documentation, the only role that has full read/write access to Cloud Firestore is:
Firebase Develop Admin - roles/firebase.developAdmin
Regarding the access to the API, the app will be able to access it using either a Firebase Authentication ID token or a Google Identity OAuth 2.0 token as per referenced on this documentation.
In order to set up Firebase Auth, this link might be of help and for OAuth check this link.
I know that I could setup Cloud Firestore and GCP Cloud Functions with infrastructure as a code, but I'm interested that it will be shown at the Firebase Console. I also can't find any way to deploy Firebase Auth and Realtime database with IaaC.
Any Cloud Functions deployed by either the Firebase CLI or gcloud will appear in both the Firebase console and the Cloud console.
Any data populated in Firestore will also appear in both consoles.
The Cloud console has no view into Firebase Auth or Realtime Database, as those services are unique to Firebase. You will have to use the Firebase console and its tools and SDKs to work with those products.
In fact, a Firebase project is just a Cloud project with extra APIs and services enabled on top. You might be helped by reading this blog series on the relationship between Firebase and Google Cloud.
https://medium.com/google-developers/whats-the-relationship-between-firebase-and-google-cloud-57e268a7ff6f
https://medium.com/google-developers/firebase-google-cloud-whats-different-with-cloud-functions-612d9e1e89cb
https://medium.com/google-developers/firebase-google-cloud-whats-different-with-cloud-firestore-40f1fc3e6d1e
https://medium.com/google-developers/firebase-google-cloud-whats-different-with-cloud-storage-a33fad7c2b80
I want to take a decision to use Firebase Admin SDK or Firebase Admin REST API.
I need to use it in the communication from Angular/Node.js to Firebase database.
Please let me know if you can share the comparison between this two.
Thanks.
For communicating from an Angular web app with the Firebase Database, use the Firebase Web SDK.
For communicating from a server-side Node.js process with the Firebase Database, use the Firebase Admin SDK.
For communicating with the Firebase Database from a platform for which there is no SDK, use the Firebase REST API.