I'm trying to write tests for my Firebase Cloud Functions, specifically the HTTPS ones. The app uses a permissions system in which each signed-up user of the app has their own entry in Firestore storing the list of permissions they have, indexed by their uid. When these functions are called from the client, the function checks context.auth to determine if the user is authenticated, then uses context.auth.uid to find the entry for the user in Firestore and determine if they have permissions to run this function.
I am now trying to write tests for these functions using the online mode, as recommended in Google's documentation. However, there does not seem to be a way (at least in this mode) to control the context.auth.uid or mock it for the test. As a result, it seems like it might be impossible to tests these functions in this mode.
Is there any way to do this I'm missing, or some workaround?
You may use the signInAnonymously method this can create and use temporary anonymous accounts to authenticate with Firebase anonymously. According to Firebase Test SDK online mode means that other Google SDKs used in your function will work as well. Install both firebase-functions-test and Mocha, a testing framework, by running the following commands in your functions folder:
npm install --save-dev firebase-functions-test
npm install --save-dev mocha
Make sure to follow test setup and used the Authenticate with Firebase Anonymously.
Related
Following the Firebase examples to create and deploy a function, I keep failing at the deploy phase.
The error, with --debug enabled, shows:
<<< [apiv2][body] POST
https://cloudfunctions.googleapis.com/v1/projects/actus-poc2/locations/us-central1/functions
{"error":{"code":403,"message":"Cloud Functions uses Artifact Registry
to store function docker images. Artifact Registry API is not enabled
in your project. To enable the API, visit
https://console.developers.google.com/apis/api/artifactregistry.googleapis.com/overview?project=...
Now I was expecting to be able to stay within the confines of the firebase console but this message seems to imply I need to open the Google Cloud Console to enable additional permissions.
Should the code samples better document this?
Or is this a recent change in firebase functions that breaks many of the existing examples?
I need to open the Google Cloud Console to enable additional permissions.
The reason why you need to use the Google Cloud Console is because Cloud Functions for Firebase relies on some Google Cloud services. See.
Function deployments with Firebase CLI 11.2.0 and higher rely on Cloud Build and Artifact Registry.
is this a recent change in firebase functions that breaks many of the existing examples?
Deployments to older versions also do rely on some Google Cloud services. Deployments to older versions use Cloud Build in the same way, but rely on Container Registry and Cloud Storage for storage instead of Artifact Registry.
Should the code samples better document this?
If you do think an update to said documentation could be helpful, here is more about opening Feature requests.
When configuring CI for a Firebase project, I often see references to either a FIREBASE_TOKEN generated with firebase login:ci or a service account key that (I think) is generated by default for each project.
For my particular use case, I want to do the following:
run online tests (with Firestore) against my test project when running npm run test during my CI build
deploy that code to a different prod project if tests pass
Which one should I use?
I would recommend you to use the FIREBASE_TOKEN. As usually, tokens are better to use, as you can quickly cancel or renew in any issue that you might have it, as well it's easier to manage them a service account and to insert them in the code.
Besides that, the official Firebase documentation - Use the CLI with CI systems - indicates and teaches how to use it with the token, so it seems that indeed, using the token is the best and easier option for you to implement.
I want to use Firebase cloud functions but when I try to init exists project I get error.
This is the error "Error: HTTP Error: 403, The caller does not have permission"
I created project before and then I moved project folder. When I had tried deploy, it wasn't work. I don't remember which error I got. And then I tried init same project but I got this error.
I tried logout and login again but it wasn't work.
I deleted "firebase-tools" but it wasn't work too.
And after I tried on different computer and I got same error.
And also I have Firebase Admin permission.
The firebase init command initializes/enables the project to use Cloud Functions for Firebase. Owners or Editors should use this command. Owners/Editors have higher permissions which allows APIs to be enabled (e.g. allowing the project to create VMs, Cloud Functions, or create a NoSQL Database).
Therefore I think you should perform this operation with Owner/Editor role.
You need to have Owner or Editor IAM permission on the GCP project to use firebase init command.
The firebase init command initializes/enables the project to use Cloud Functions/Hosting for Firebase. Owners/Editors have higher permissions that allow APIs to be enabled etc.
it is a first-time task when you starting the development, and then init command can be avoided if you have set up your cloud functions code in VCS for multiple developers or you.
i.e, Usually after writing code, you will replicate the project to other developers, who will then also write code and use firebase use yourprojectid further.
I have an open-source project that uses two separate Firebase projects for a test environment and the production one.
Ultimately, I want to have other developers be able to pull down the project and actually be able to run it WITHOUT me needing to give each individual developer access.
I see a number of solutions in this question: How to add collaborators to a Firebase app?. Those all seem to require each person's email.
I understand why it maybe isn't a thing, but I am wondering if there is a way to just give access to everyone for only the test project so that contributing is super low-friction. Something similar to Firestore database rules that allow read/write in a public fashion to get started for testing.
I've tried making a new IAM account in the Google Cloud Console, and I think that partially worked for the Firebase Cloud Functions access to Admin SDK, but my collaborators get hung up trying to run firebase use <test-firebase-project> saying that they don't have access.
I see a lot of other config options for IAM, but nothing sticking out to me for this public access scenario.
Can anyone confirm this either is or isn't a thing?
Thanks!
EDIT
To add some more detail to my project...
I am using Authentication, Firestore, and Cloud Functions. The only js package I will use is the Auth one, which will be loaded from a CDN (so I believe that doesn't apply to my question).
I want to give access to people to run the Cloud Functions locally. There is a pre-build step that I have made in vanilla Node that calls a Cloud Function (running locally), which uses the Firebase Admin SDK to call my Firestore database. I then write that response to a JSON file that my front end uses.
When my collaborators pull down the project, and install the Firebase CLI, when they try to serve the Cloud Functions locally, they get hit with a "no access" type of error. I was trying to resolve this by adding a service account into the /functions directory, but apparently that didn't help.
My collaborators don't need access to the console at all. I basically just need them to be able to run the Cloud Function locally (and make sure they can't access my production Firebase project).
I am happy to add more detail, but I kind of feel like I am just rambling. Thanks again.
There is no way to grant everyone contributor access to your Firebase console. You will either have add each individual user, or create your own dashboard that uses the API to show the relevant data.
I'm trying to create a function to delete all users from the Database and write it on index.ts file and deploy it. Now, how can I run it?? I don't want my clients to run it from their mobile app, I need some admin tool to run the management functions. When I see cloud functions on Firebase console there's no option to run the functions, just to view their logs.
Cloud Functions isn't for running one-time scripts. You should do that on your local machine. Cloud Functions is for running code that responds to HTTP requests, or events that occur within other products in your project.
You may want to read this article: https://firebase.googleblog.com/2017/03/how-to-schedule-cron-jobs-with-cloud.html - it suggests using App Engine cron job for that purpose. Relevant project on github: https://github.com/FirebaseExtended/functions-cron
Also there's an example on similar topic in Firebase docs: https://github.com/firebase/functions-samples/tree/master/delete-unused-accounts-cron