I have a real time database and having multiple listeners on it. I would like to see a log entry in my audit logs when a read happens.(my listeners are reading out the database when some changes occur).
Google Cloud Audit logs are the best candidate for that so I have enabled all the entries related to Firebase Realtime Database API:
I am the owner of the project so I am not lacking of any permissions. I would like to see who has read my database. My listeners have read for sure but I can not see those events in the logs. I can see the following log entries but none of them are the ones I would like to see:
Could you please tell me how could I see the actual reading of my database?
Thanks Sai for the pointers on Data Access Logs (or Cloud Audit Logs) enablement.
Just want to chime in from Firebase Realtime Database's perspective.
You have already found our documentation page: https://firebase.google.com/support/guides/cloud-audit-logging/firebase-realtime-database#enabling_audit_logging
Note that there can be up to 1h of delay between audit logs IAM configs change and your databases picks up the change.
Also keep in mind that RTDB cloud audit logs only include listen registration event, update broadcast are omitted.
For more details, see compare audit logs with profiler documentation.
I would like to ask for the help of people familiar with Firebase functions. I am struggling with the problem that uploading the code via firebase cli fails. It was working a few days ago, I didn't change anything in the world, I mean through the configuration. And it gets stuck at a part where not even a code change was made. I have had this problem ever since the client set the editor role to the owner role. But in theory this shouldn't be a problem.
firebase deploy --debug returns this:
{"error":{"code":403,"message":"Unable to retrieve the repository metadata for projects/{projectname}/locations/us-central1/repositories/gcf-artifacts. Ensure that the Cloud Functions service account has 'artifactregistry.repositories.list' and 'artifactregistry.repositories.get' permissions. You can add the permissions by granting the role 'roles/artifactregistry.reader'.","status":"PERMISSION_DENIED"}}
I set it up but it still doesn't work. Maybe in the wrong place or I don't know. I only encountered similar problems on the net, but none of them helped. I do not know what to do. Artifactregistry api is also enabled.
firebase functions:log :
2022-11-09T22:15:55.891760Z E friendRequestNotification: {"#type":"type.googleapis.com/google.cloud.audit.AuditLog","status":{"code":7,"message":"Unable to retrieve the repository metadata for projects/{projectname}/locations/us-central1/repositories/gcf-artifacts. Ensure that the Cloud Functions service account has 'artifactregistry.repositories.list' and 'artifactregistry.repositories.get' permissions. You can add the permissions by granting the role 'roles/artifactregistry.reader'."},"authenticationInfo":{"principalEmail":"{email}"},"requestMetadata":{"callerIp":"{ip}","callerSuppliedUserAgent":"FirebaseCLI/11.16.0,gzip(gfe),gzip(gfe)","requestAttributes":{"time":"2022-11-09T22:15:56.055987Z","auth":{}},"destinationAttributes":{}},"serviceName":"cloudfunctions.googleapis.com","methodName":"google.cloud.functions.v1.CloudFunctionsService.CreateFunction","authorizationInfo":[{"resource":"projects/{projectname}/locations/us-central1/functions/friendRequestNotification","permission":"cloudfunctions.functions.create","granted":true,"authorizationLoggingOptions":{"permissionType":"ADMIN_WRITE"},"resourceAttributes":{}}],"resourceName":"projects/{projectname}/locations/us-central1/functions/friendRequestNotification","request":{"function":{"sourceUploadUrl":"https://storage.googleapis.com/uploads-760418412171.us-central1.cloudfunctions.appspot.com/6d1f7217-7899-484f-911c-1dbcb4512d8d.zip?GoogleAccessId=service-{}#gcf-admin-robot.iam.gserviceaccount.com&Expires={}","labels":{"deployment-tool":"cli-firebase","firebase-functions-hash":"{hash}"},"runtime":"nodejs16","dockerRegistry":"ARTIFACT_REGISTRY","entryPoint":"friendRequestNotification","name":"projects/{projectname}/locations/us-central1/functions/friendRequestNotification","eventTrigger":{"eventType":"providers/cloud.firestore/eventTypes/document.create","resource":"projects/{projectname}/databases/(default)/documents/users/{userId}/friends/{friendId}"}},"location":"projects/{projectname}/locations/us-central1","#type":"type.googleapis.com/google.cloud.functions.v1.CreateFunctionRequest"},"resourceLocation":{"currentLocations":["us-central1"]}}
I have already tried all options within the Google cloud iam&admin settings, but nothing.
Well, I solved the issue by updating my credit card. Basically, billing was disabled because my credit card was expired and all the permissions were disabled.
Try to enable the created artifacts for your project on Google Cloud Console
https://console.cloud.google.com/artifacts
i have my Firebase Storage 'located' at nam5, i reside in Singapore. My flutter project was working well up until yesterday. I started receiving this error
[VERBOSE-2:ui_dart_state.cc(198)] Unhandled Exception: [firebase_storage/unknown] An unknown error occurred, please check the server response.
i also realised that the imageUrl provided from firebase storage was no longer accessible for me. then, i decided to use a vpn and voila, it works. my question is, is there a restriction to firebase storage in terms of location access? do i have to set up a new project in order to change the region? or is some of my settings wrong? i apologise if i am not describing the problem well enough. am very new to flutter, firebase, etc.
firebaser here
We've seen multiple reports from users in Singapore being unable to access data in Cloud Storage through Firebase. We tracked the status of this issue here, and it has now been closed.
Update: We're working to get a status banner up on https://status.cloud.google.com/. I'll update here once that exists, as that may be a more direct way to track status.
Update: This is now reported as a service health issue on https://status.cloud.google.com/incidents/gAJbQsuZv3kiuNbjQHvP. I recommend checking there for the latest status.
Update: The Cloud Storage for Firebase connectivity issue has been resolved for all affected users as of Saturday, 2022-07-23 00:10 US/Pacific.
We've been seing some sudden strange behaviour of our service account in Google Cloud console these past few days. We're using this service account to authenticate our API with Firebase SDK - and without any warnings the usage of this account just drops to zero (see attached screenshot).
There are no warnings from Firebase SDK telling us that the service account is no longer valid, and in fact the service account is stated as "active" in the cloud console. From Firebase SDK logs we're actually seing the read/writes be completed, but they are not actual performed when viewing the data in Firebase console, which is why I expect the problem to be within the service account.
The temporarily solution has been to create a new service account and upload the associated key to our API. Then it starts working again without any additional actions required, but suddenly the usage drops to zero after 12hours++.
There are no alarms in Google Cloud Console and billing is activated with status OK.
Since the Firebase logs tells us "everything is OK", and Google Cloud console does not show any warnings, I don't understand where the problem might be. Anyone experienced something similar, and could point me in the right direction? Any help is much appreciated!
Metric graph of service account usage
Doing some Firebase tests with users I change to ownership to another user and revoke it soon after, and with that I got the two users with "Edit" permission only and nobody with "Owner" permissions.
I tried through GCP console and API scripting to change that (even try using cloud functions) but I got always the message that I don't have permission, which is the expected behaviour.
I have a Gsuite account a GCP domain and both users are part of it. Any way to get this solved?
Help is really appreciated,
Rui