I have a test Android app using Amplify Auth. Everything works as expected.
I then tried updating the Auth category to add user pool groups and an admin
queries API. When running push, the build hangs at "Creating API models..." So
I closed Android Studio and tried again, with the same result.
I then removed Auth (and user pool groups, the lambda function and API) and
added Auth again (amplify add auth).
Here are the options I selected for the API:
Do you want to add User Pool Groups? Yes
? Provide a name for your user pool group: admin
? Do you want to add another User Pool Group Yes
? Provide a name for your user pool group: users
? Do you want to add another User Pool Group No
√ Sort the user pool groups in order of preference · admin, users
Do you want to add an admin queries API? Yes
? Do you want to restrict access to the admin queries API to a specific Group Yes
? Select the group to restrict access with: admin
When running push, it again hangs at:
Creating API models...
/ Updating resources in the cloud. This may take a few minutes...
After more than 2 hours I closed Android Studio.
Appreciate any help in solving this problem. Thanks.
Related
I'm developing a backend microservice app with node.js along with #google-cloud/firestore and i'm trying to access my firebase project locally with gcloud-sdk. I've run gcloud init so i can log in and chose the project i need to connect to in order to access the db.
The problem is that, i keep getting 7 PERMISSION_DENIED: Missing or insufficient permissions when i try to make any type of interaction with the db even though i already have all permissions in the project. At the beginning i thought that maybe i was having that problem because i was using a different account that did not have permissions to access these projects, but that didn't make sense because i do not see that account in my list of accounts in the sdk
But, when i gave permissions to the other account that i thought maybe logged in in my sdk, i could access the db, so it was weird, it is like it's stuck with the other account that maybe i added when i first install the sdk.
So, i've tried everything to correct this, i've deleted all accounts from my gcloud sdk, i've deleted the list of configurations, i've uninstalled (twice) the sdk and installed it again (since people that i work with told me that they did this and worked for them, since they had same issue), i've run g cloud init to log in again and all that stuff, and still, when i try to connect to my firebase db, it still says that i still do not have permissions, it's like the account that i'm logging in is not the one that is being saved/used to access my project.
What can i do to make this work ?
EDIT #1 -> How i'm connecting to firebase and sdk commands to connect to the project
Connecting to my project on firestore
import 'reflect-metadata';
import { Firestore } from '#google-cloud/firestore';
import { GCP_PROJECT } from '#util';
export const firestore = new Firestore({ projectId: GCP_PROJECT });
Commands to connect to my project by sdk
-> gcloud init
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [coordinadora-work] are:
core:
account: diego.cifuentes#coordinadora.com
disable_usage_reporting: 'True'
project: cm-reparto-dev
Pick configuration to use:
[1] Re-initialize this configuration [coordinadora-work] with new settings
[2] Create a new configuration
Please enter your numeric choice: 1
Your current configuration has been set to: [coordinadora-work]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Choose the account you would like to use to perform operations for this configuration:
[1] diego.cifuentes#coordinadora.com
[2] Log in with a new account
-> Please enter your numeric choice: 1
You are logged in as: [...my account that is having problems...].
Pick cloud project to use:
...
-> Please enter numeric choice or text value (must exactly match list item): 21
Your current project has been set to: [...project that i'm having problems with...].
-> Do you want to configure a default Compute Region and Zone? (Y/n)? n
Your Google Cloud SDK is configured and ready to use!
The Google Cloud Client libraries use the Application Default Credentials, not the current credentials setup using gcloud auth login.
To setup your Application Default Credentials for local development, simple execute gcloud auth application-default login. This will open a browser window and allow you to select the account to use as default credentials.
Another method is setting the environment variable GOOGLE_APPLICATION_CREDENTIALS to point to a service account key file.
Read more here : https://cloud.google.com/docs/authentication/application-default-credentials
When running in GCP, your credentials will get picked up from the environment, i.e. the service account your Cloud Function is running with.
https://cloud.google.com/docs/authentication/client-libraries
I am trying to figure out a problem I currently have. I have a software platform where restaurant owners can make and publish their own mobile apps. Menu access, reservation control, etc etc. I am using Firebase as my backend.
For each restaurant app I make, requires a customer login. The problem is that the customer can download another app from my restaurant client and has the ability to log in with the same credentials because I am using the same Firebase project for multiple apps, under the same company.
This is not what I want.. can I make multiple instances of Firebase Authentication? Or when the user registers, do I hardcode the username and password into the database, and check that, upon registration and signing in? If I did that, I would lose the power of third party log ins.
Please let me know of any ideas you guys might have..
Thanks!
Jorge
Firebase Auth can't have multiple instances per project. You would need to create multiple projects to in order to get more instances.
However, what you're talking about could be called "multi-tenancy", where you have multiple organizations each sandboxed from each other in a single project. For that, you will need to adopt Google Cloud Identity Platform and work with it using the Firebase APIs as described by the documentation.
A project that we are building uses the Google cloud identity toolkit multi-tenant feature. We have two tenants that we are actively using. We interact with all of this through Firebase's authentication suite.
I've noticed that when using this the user accounts do not show up in Firestore's UI anymore. The same goes for the local emulator.
I know the user has been created because when I log in I get back the correct uid matching the user profile created in firestore that I can see in the local emulator.
I'd like to know if anyone can help me with one of the following:
Is there a way to manage the users created for a multi-tenant setup through the emulator?
Is there a way for me to use gcloud cli locally to manage the users that I have created locally?
Good news! The updated version of the emulator will show you tenants. Once you run the emulator, attempt to login as a user through a tenant, and your "auth" page will magically get a "Tenant" dropdown.
Bad news! The non-default-tenant users don't seem to persist by any export method I have discovered so far.
As for seeing those users in the firebase console, it's pretty easy, but an extra step. Under "authentication" in the firebase console, you should see a tenant dropdown.
If you open that, there will be a link "Other tenants can be managed in the Google Cloud Console". Click it, then click "users" on the left. Finally choose your tenant in the "Tenant" dropdown.
I am using Firebase Authentication in my app. I used method like setDisplayName in my app so that user can change the user's name himself through the app. But, the problem is that I can't access this name through my console. I can't edit it. There are simple columns in Firebase console like,
identifiers,providers,UID,Providers,Signed In.
There is no column for User Name. How can I access this information through console?
The Firebase console shows only limited information about each user profile. The rest of the information is only available when you access the profile through a Firebase API, or export the data.
Keep in mind that Firebase provides Admin SDKs, which you can run on your development machine to accomplish simple administrative tasks such as this.
I am trying to run instrumented tests using the glcoud CLI as a service account in CircleCi. When I run:
gcloud config set project project-name-12345
gcloud auth activate-service-account firebase-testlab-serviceuser#project-name-12345.iam.gserviceaccount.com --key-file ${HOME}/client-secret.json
gcloud firebase test android run --type instrumentation --app debug-app.apk --test debug-test.apk --device model=Nexus6P,version=27,locale=en,orientation=portrait --environment-variables coverage=true,coverageFile=/sdcard/tmp/code-coverage/connected/coverage.ec --directories-to-pull=/sdcard/tmp --timeout 20m
I get:
ERROR: (gcloud.firebase.test.android.run) Could not copy [debug-app.apk] to [gs://test-lab-xxxxxxxx-yyyyyyyy/2018-01-18_17:14:09.964449_zPAw/] ResponseError 403: firebase-testlab-serviceuser#project-name-12345.iam.gserviceaccount.com does not have storage.objects.create access to bucket test-lab-xxxxxxxx-yyyyyyyy..
Using the API Console (https://console.cloud.google.com/iam-admin/iam/project) I've given my service user all the permission I can think would be relevant:
Firebase Crash Symbol Uploader
Firebase Test Lab Admin
Storage Admin
Storage Object Admin
Storage Object Creator
Storage Object Viewer
Firebase Rules System
Any help would be greatly appreciate. Thanks.
You should be able to use a service account created in the Google Cloud Console. Did your service account have the required project Editor role? (as noted in this doc: https://firebase.google.com/docs/test-lab/continuous)
After lots of clicking through the Firebase console and the Google Cloud Console, reading SO, asking for help on Slack, and more trial and error than I care to admit, I discovered that the Firebase console has a service account page:
https://console.firebase.google.com/u/0/project/project-name-12345/settings/serviceaccounts/adminsdk
That is different from the service accounts page in the Google Cloud Console
https://console.cloud.google.com/iam-admin/serviceaccounts/project?project-name-12345
It turns out you want the Firebase service account, you can not create one via the cloud console. Super, super annoying.
The steps I took to create the key is as follow:
1. Firebase Console https://console.firebase.google.com/
2. Project Settings
3. "Service Accounts" tab
4. Inside "Service Accounts" panel, Firebase Admin SDK
5. At the bottom of "Firebase Admin SDK" panel, "Generate new private key"
This is what Etherton answered
https://stackoverflow.com/a/48327579/2353939
Even after that, I still had some errors. So, I added a bunch of roles as follows.
Firebase Test Lab Admin
Firebase Service Management Service Agent
Firebase Admin SDK Administrator Service Agent
Service Account Token Creator
Storage Object Creator
That also didn't fix. So, finally, I applied P. Davis answer by adding Editor role to the service account.
https://stackoverflow.com/a/48331465/2353939
Steps to add Editor role is as follows
1. Go to google cloud console https://console.cloud.google.com/iam-admin/iam
2. Go into "IAM"
3. Use "client_email" from the json file downloaded from firebase console to find the service account you need to edit
4. Click the "Edit" icon on the right
5. Scroll down and "Add Another Role"
6. Click the input field and type in "Editor" to search
7. Choose the one with subtitle "Edit access to all resource"
8. Save
9. Now you should be able to use it
This is the list of the roles that I put in to my service account :
Firebase - Firebase admin ( I think this is overkill. I might update it later )
Project - Editor
Storage - Storage Object Creator
It does not matter whether you create the service account from Firebase or google cloud console. As long as you have these roles in your service account then you should be able run the Firebase test lab.
For people who stumble upon this and don't want to use the all powerful Project Editor role, here are the roles I'm using for my service account:
Firebase Test Lab Roles
I think the Firebase Analytics Viewer role is not necessary, because it mostly just execute the tests. To view the result we use the developer accounts instead but haven't tried removing it.
We ran into the same permissions issue with storage.objects.create. We have added all the roles that were mentioned here, except for the Editor role which we wanted to avoid, but it still failed. We were using a Service Account and it definitely had the proper permissions.
In the end our workaround was to setup a cloud storage bucket manually and then use it in the --results-bucket argument for gcloud. See the documentation here. That finally fixed it for us.