I have a web app which I've deployed to multiple Firebase projects (i.e. dev, staging, production). It uses Cloud Functions for Firebase for its back-end functionality.
Recently, after deploying to a new environment, I started getting a CORS error for one of the functions. After some searching I found that the Authentication settings in the Cloud Functions panel can affect this, and in this case making the Function accessible to allUsers solved my CORS issue.
While in the Functions console, I noticed that most, but not all, of my Firebase functions had Authentication set to "Allow unauthenticated" by default. What was strange, however, is that in different environments (i.e. dev vs staging) a function might be set to allow unauthenticated, but in others would not (even though I never manually altered any of these settings).
Essentially, my question is, how are these settings determined? I only every deployed my functions via firebase deploy or firebase deploy --only functions. What is the expected behavior here? Are Cloud Functions deployed via Firebase expected to be set to "Allow unauthenticated" by default, and those that aren't simply experienced some kind of error during deployment?
Are Cloud Functions deployed via Firebase expected to be set to "Allow unauthenticated" by default?
Yes, that's what the Firebase CLI does, and that allows the function to be invoked without Google IAM. That's the expectation for code that backs a mobile or web app, since they won't use IAM.
That setting has nothing to do with CORS. CORS is fully under your control in the code of the function.
Related
Following the Firebase examples to create and deploy a function, I keep failing at the deploy phase.
The error, with --debug enabled, shows:
<<< [apiv2][body] POST
https://cloudfunctions.googleapis.com/v1/projects/actus-poc2/locations/us-central1/functions
{"error":{"code":403,"message":"Cloud Functions uses Artifact Registry
to store function docker images. Artifact Registry API is not enabled
in your project. To enable the API, visit
https://console.developers.google.com/apis/api/artifactregistry.googleapis.com/overview?project=...
Now I was expecting to be able to stay within the confines of the firebase console but this message seems to imply I need to open the Google Cloud Console to enable additional permissions.
Should the code samples better document this?
Or is this a recent change in firebase functions that breaks many of the existing examples?
I need to open the Google Cloud Console to enable additional permissions.
The reason why you need to use the Google Cloud Console is because Cloud Functions for Firebase relies on some Google Cloud services. See.
Function deployments with Firebase CLI 11.2.0 and higher rely on Cloud Build and Artifact Registry.
is this a recent change in firebase functions that breaks many of the existing examples?
Deployments to older versions also do rely on some Google Cloud services. Deployments to older versions use Cloud Build in the same way, but rely on Container Registry and Cloud Storage for storage instead of Artifact Registry.
Should the code samples better document this?
If you do think an update to said documentation could be helpful, here is more about opening Feature requests.
I want to use Firebase cloud functions but when I try to init exists project I get error.
This is the error "Error: HTTP Error: 403, The caller does not have permission"
I created project before and then I moved project folder. When I had tried deploy, it wasn't work. I don't remember which error I got. And then I tried init same project but I got this error.
I tried logout and login again but it wasn't work.
I deleted "firebase-tools" but it wasn't work too.
And after I tried on different computer and I got same error.
And also I have Firebase Admin permission.
The firebase init command initializes/enables the project to use Cloud Functions for Firebase. Owners or Editors should use this command. Owners/Editors have higher permissions which allows APIs to be enabled (e.g. allowing the project to create VMs, Cloud Functions, or create a NoSQL Database).
Therefore I think you should perform this operation with Owner/Editor role.
You need to have Owner or Editor IAM permission on the GCP project to use firebase init command.
The firebase init command initializes/enables the project to use Cloud Functions/Hosting for Firebase. Owners/Editors have higher permissions that allow APIs to be enabled etc.
it is a first-time task when you starting the development, and then init command can be avoided if you have set up your cloud functions code in VCS for multiple developers or you.
i.e, Usually after writing code, you will replicate the project to other developers, who will then also write code and use firebase use yourprojectid further.
I'm migrating a Firebase Function to Cloud Run. Everything is working as expected so far, including the Firebase Hosting link (which is great!). I'm just not sure how I should read the environment variables I've configured for this project (via https://firebase.google.com/docs/functions/config-env).
You'll have to find a different way to configure Cloud Run. You won't be able to access your environment variables set for Cloud Functions when deployed with the Firebase CLI. Those variables are only accessible for code running in Cloud Functions that uses the "firebase-functions" module.
Instead, you should set your Cloud Run environment with gcloud as documented here.
What's the best way to work with multiple environments/projects on firebase?
I can switch between firebase projects using the the CLI.
I see here how to add environment variables to a firebase project and access them through firebase-functions's .config() method.
Is there a way to do something similar on the client-side when using firebase hosting.
For example: I'm using Algolia to run searches. I have firebase-functions to keep the indexes up to date, and run the searches from the client. Both functions and the hosted content need to point to the right Algolia project depending on the environment. I'd like to tie both configs to the same switch; firebase use staging vs firebase use production, for example. What's the best way to go about that?
I've built an app with polymer 2.0 and polymerfire and deployed it into firebase hosting. This part is smooth.
But I wanted to maintain all my cloud functions as separate modules / separate projects and deploy them independently into firebase hosting. As per the Google IO 2017 talks, it is advised to go microservice style for the cloud functions.
The problem I am facing:
Whenever I deploy an individual module, it erases all the previously deployed cloud functions. Meaning firebase deploy from a project with only firebase functions enabled, will erase all the other cloud functions and deploy the ones declared in this project.
In a nutshell, it looks like I need to create a single monolith with the complete web application, all the cloud functions all in one single fat project and deploy the whole thing. This defeats the point of being microservice style!
Please advise if I am missing something important in the whole setup procedure?
You can deploy/undeploy individual functions with the Firebase tools/CLI version 3.8 or higher by specifying what function(s) to update: firebase deploy --only functions:function1,function2. It will still deploy all the code in your project, since the CLI doesn't "know" what file(s) are needed for each specific function. But it will then only update the function(s) that you specify.