When tryin to create firebase resources using pulumi I get following error:
error: 1 error occurred:
Error creating Project: googleapi: Error 403: Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the firebase.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/.
As far as I understand this, the only way to use Pulumi with a Firebase project is to use the service account (with proper access) and it is not possible to use the gloud ... way to authenticate?
Related
I'm trying to deploy firebase rules using firebase cli. I want to achieve that using service account impersonation, which works for other operations that I perform, but surely not when using firebase cli.
I get the following error, despite setting auth/impersonate_service_account setting in my config.
Error: HTTP Error: 403, Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the firebaserules.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/. If you are getting this error with curl or similar tools, you may need to specify 'X-Goog-User-Project' HTTP header for quota and billing purposes. For more information regarding 'X-Goog-User-Project' header, please check https://cloud.google.com/apis/docs/system-parameters.
The solution that worked is the following:
firebase \
--token $(gcloud auth print-access-token --impersonate-service-account=<sa>) \
deploy --only firestore:rules
My Flutter app on web has been using Firebase Cloud Messaging for a long time without error. Today, with no changes, it is giving the following error:
Error: [firebase_messaging/failed-service-worker-registration] Messaging: We are unable to register the default service worker. Failed to register a ServiceWorker for scope ('http://localhost:50093/firebase-cloud-messaging-push-scope') with script ('http://localhost:50093/firebase-messaging-sw.js'): The Service Worker system has shutdown.
Can anyone explain why this error is occurring now? I suspect something must have changed on Firebase's end, because my code has not changed.
If you're using an older version of Firebase Cloud Messaging plugin, you might need to follow this setup guide to create a default app settings for web. On current version of FCM, you can follow this initialization guide to add the FCM plugin on your app.
I am facing an error while installing an Algolia extension into my firebase project.
Error-
When I click on the "Create secret" button, the error below is visible
Only admin can add Key. Check your project permission
When installing the extension it will ask you to enable the secrets API, what this does is enables the Secrets Manager API from google cloud (what firebase is built on top of). You can manually check this is enabled with the below URL, and if its not - enable it.
https://console.cloud.google.com/apis/api/secretmanager.googleapis.com/overview?project=YOUR_PROJECT_ID
As with all google cloud API's, when you enable them it takes a few minutes for the changes to propagate. Try again in ten minutes, and you will find your error is resolved, you're able to create the secret, and you can install the extension.
I have a React.js application powered by a number of Firebase functions and real time database standing behind them. It has been working without any issue for the past 2-3 months and now I am getting a warning on the functions logs which says that:
#firebase/database: FIREBASE WARNING: {"code":"app/invalid-credential","message":"Credential implementation provided to initializeApp() via the \"credential\" property failed to fetch a valid Google OAuth2 access token with the following error: \"Failed to parse access token response: Error: Server responded with status 404.\"."}
The way I initialize firebase from my React.js application looks like this:
I have double-checked everything standing behind process.env and it seems to be as expected. The website written in React.js in hosted under the Firebase hosting.
And this is how Firebase functions connect to Admin SDK:
I am not sure what would be the issue here. Nothing has changes in the code base from our side. Not sure if Firebase changed something internally that we need to consider.
What solved the issue for me was to go to the google cloud console (where Firebase functions are also available). Then I opened one of the failing cloud functions and I navigated to
My_Function_Name/Edit/RUNTIME, BUILD AND CONNECTIONS SETTINGS/RUNTIME SERVICE ACCOUNT/
And then I noticed there that for all of my functions it was selected App Engine Default Service Account instead of Firebase Admin SDK. I never explicitly set the runtime to this option. So, when I brought it back to Firebase Admin SDK the error was gone I was able to use the application once again.
I'm trying to deploy a Firebase hosted project with a Service Account (that I created myself, not one provided by Google/Firebase as default) via a pipeline (Gitlab, but that shouldn't matter for this issue).
When I run the following command locally (same happens in the pipeline):
GOOGLE_APPLICATION_CREDENTIALS="/path/to/serviceaccount.json" firebase deploy --only hosting
I'm getting the following error:
=== Deploying to 'my-firebase-project'...
i deploying hosting
Error: HTTP Error: 403, The caller does not have permission
The --debug does not provide any more details, other than the 403. I've set the following roles to the serviceaccount:
Firebase Hosting Admin
Firebase Rules Admin
API keys viewer
Deploying the rules (using --only firestore) works without issues. I've read the documentation about the roles of Firebase hosting, but assigning these don't work either.
Does anyone know which roles I'm missing?
Note: a service account is used here to do a deployment, so any firebase login / firebase logout actions won't have any effect. See Login to firebase using gcloud service account for details.
With the help of Firebase support, I was pointed to the Deploying to Firebase page, which provides an enumeration of all required roles. To sum it up here:
Cloud Build Service Account
Firebase Admin
API Keys Admin
I was missing the first one, which resulted in this error. Hope that this'll help others as well!
You have to add the role at the cluster level using oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:myproject:default