I wish to run an App Maker application as a specific user and have created an account specifically for deploying with "run as the developer".
Using my normal account I have no issues deploying but when using the new account I do not get any options presented for Cloud SQL. As this user is not able to choose either option then it is impossible to deploy the app.
The following has been checked already
The new user has the same application rights as my normal user within the G-Suite admin console.
The new user has editor rights to the App Maker project (is owner).
The new user has owner rights to the GCP project that hosts the default Cloud SQL instance.
The default Cloud SQL instance is the same for both users.
Is there anything I am missing that could cause this behaviour?
Related
I'm trying to add the needed roles for a CI pipeline to automatically deploy to firebase (by running firebase deploy.
The roles I've added so far are:
API Keys viewer
Artifact registry writer
Cloud build Service Account
Cloud Functions Admin
Cloud Run Viewer
Firebase App distribution admin
Firebase Authentication admin
firebase hosting admin
firebase rules admin
service account user
service usage admin
Honnestly at this point I'm just adding what sounds good, as the error message is not helpful:
There was an issue deploying your functions. Verify that your project
has a Google App Engine instance setup at
https://console.cloud.google.com/appengine and try again. If this
issue persists, please contact support.
It works when adding the Owner permission, so this is a permission issue.
As you want to deploy the entire project, the most applicable role would be Firebase Admin.
I use it in portuguese, so the translation in english may be different.
For deploying the hosting app IAM role must be either an Owner or Editor. Sometimes updating the latest version of a Node Package/Firebase tool will resolve the issue as per my experience.
npm install -g firebase-tools
It will provide the globally accessible firebase command.
For reference: https://firebase.google.com/docs/projects/iam/roles
For any deployments, you need the first Firebase token which is GCP_SA_key for whatever you want to deploy or update.
There are different scenarios let me elaborate with reference
Cloud Functions Developer IAM role for deploying functions
Cloud Scheduler Admin IAM role for scheduling your functions
Service Account User IAM role By default service account using the APP engine for the deployments process required a service account user role.
You need more roles for Updating Firestore to update rules, indexes, and files.
Firebase Rules Admin role for updating Firestore rules.
Cloud Datastore Index Admin role for updating firestore Indexes.
Firebase Hosting Admin role for updating files.
Further details reference added :GitHub Integration/deployments roles
As per the Firebase documentation, the contents of google-services.json are considered public. These can be easily retrieved by decompiling the apk.
If so, is there a way to prevent apps from registering with my Firebase project?
I understand that the registration works on the basis of package name. While it's not possible to publish an app with a duplicate package name, for development it is very much possible.
I created a dummy app, and my dummy app successfully registered with my production project. So, looking for a way to prevent that from happening.
You should be connecting your app to Firebase Emulator for local development.
You can go to Firebase console -> Authentication tab -> Sign-in Method tab, and remove localhost from Authorized domain, that way your app will never connect to production DB.
Here's the situation: I have an account in the azure active directory of my company with several subscriptions. I am building an ASP.NET Framework application for a client. This application is going to be hosted in their own azure environment, so to set this up, they added my email address to their azure active directory. Now in the azure portal I can use the button "change active directory" to either view my company's resources or my client's.
I set up a keyvault in my client's azure environment and I added keyvault as connected service to my application using these instructions. My application is running locally in local IIS, so I set up the application pool to use my user account so it has access to my azure subscriptions.
The issue here is that I still get an error when I try to run the application. The ysod says that azure gives a 401 response when trying to access the keyvault. I see that it's trying to use the guid that is associated with my company's azure active directory (I don't know what the name of this guid is). Obviously, I can't access resources from my client's azure environment with my company's azure active directory.
As an attempt to get more information, I built a small console application and used the same procedure to add keyvault as a connected service, since the internet says that the console application gives more details than the ASP.NET application. However, when I run my console application, I don't get any errors at all and I can access my client's keyvault just fine.
This makes me believe that there is some setting in my user account or IIS that I need to change to make this work, but I can't find what it is.
How can I make my ASP.NET Framework application, running locally in IIS, access a keyvault as connected service in my client's azure environment?
This should work, try to follow this to re-login your user account in VS and make sure you have modified your ASP.NET Framework project.
If it still not work, you could ask your client to create a work account for you in their Azure AD tenant and add it to the keyvault access policy, then use the account to login VS and test.
I had created app for iOS and android in Appcenter.ms.
1) Integrated the SDK
2) Added the event.
3) I can see the events and log flow in the appcenter.ms
But not in the Application insights on Portal.azure.com.
As show in this i did followed the steps : https://learn.microsoft.com/en-us/appcenter/analytics/export
Adding an Azure Subscription
App belonging to an organization: If you are the organization admin, go to the Manage section under the organization where the app belongs to.
App belonging to a user: If you are the app owner, follow these steps.
Login to Appcenter portal
Go to user settings.
Under Azure, click Add subscription
Select an existing Azure subscription or create a new one.
Also this :
On the Appcenter Portal, choose the App.
Go to the App Settings.
Click on Export and select the New Export option.
Select blog storage or Application Insights based on your app needs.
Select the type of configuration . I had click the customization and added the instrumentation key for the application.
We are bringing in a new developer for our Firebase web app project, who will start out by just learning the code in his local environment.
Since the new developer will be running Firebase CLI in the local env., is there a way to set up his initial role on the project such that he is [not able] to run firebase deploy commands?
~~~~~~~~~~~~~~~~~~~~~~~~~
I did find this doc from Google:
https://cloud.google.com/iam/docs/understanding-roles?_ga=2.49153190.-1888993.1468450573#curated_roles
It discusses deploy access in section: App Engine Roles .. not sure if that is for Firebase as well.
If so, are there any additional references for how to go about applying these kinds of roles to a Firebase project?
Anyone who has the "editor" or "owner" role for a project will be able to deploy (and generally make any other changes to the project). If you don't want an account to be able to deploy, don't give either of those roles.