We are trying to create a new storage bucket where its name would be dynamically created. The firebase web interface provides this capability. It appears as the admin sdk (node.js) does not.
This screen capture shows the web interface behaviour. As you hit "add bucket", a new unique bucket name is dynamically generated.
This feature could be useful in creating buckets dynamically without having the need to reuse/develop a mechanic to generate a unique names and also prevent using uids (which is usually not recommended).
Can anyone confirm our understanding is right? Any insight whether this will be release (or at least in preview) in the upcoming releases of the admin sdk?
The sdk should at least have feature parity with the web interface.
If not, I am willing to open a feature request with the Firebase team.
Related
I'm trying to query the Adobe Analytics API, but I'm unsure that we have the right permissions in place.
I've received confirmation thata our account has "Web service access" enabled -- however, Adobe Analytics does not appear as an option when I try to "create a project" on API via Adobe I/O. As a result, I'm blocked from actually trying out the API in that environment.
Are there any other permissions I need to request from the Admin?
Do I need to have some sort of Developer Access in place in addition to "Web service access"? Is it possible to have one without the other?
Any guidance would be a big help -- thanks
You need two things before being able to create an Analytics project and query the API: the Role of Developer (or higher), and, at a minimum, permissions for Report Suites, Metrics, and Dimensions groups.
If you're able to create a project before getting both of these, the API credentials you get (API key, Client key, etc...) won't work; you'll need to create a new project again.
This document has more detail about what's required.
I want to make an app where parents can buy a subscription for their children (one subscription per child) but I wonder how the corresponding accounts in Firebase would look like (buying the subscriptions themselves is out of scope of this question).
Are there best practises I should follow here?
I'll have a parent account in Firebase I guess
how can I create the children's accounts and how do I communicate their (generated?) credentials to them?
Thanks in advance for your insights!
Firebase Authentication maintains a flat list of accounts per project. There is no built-in relations between any of the accounts, unless they are linked (which is not what you want here).
The best I can think of for the structure is to add a custom claim to the child accounts identifying their parent (and vice versa if needed). This needs to be done from a trusted environment (such as your development machine, a server you control, or Cloud Functions/Cloud Run). A local (Node.js, or other supported language) script or this extension that sets claims based on a Firestore document are probably the easiest way to get started with this.
If you choose to create the kid's accounts in a trusted environment with an Admin SDK too, you might as well add the custom claim there.
My organization set up Cloud SQL as the default for Google App Maker about one month ago. In the last week, we have been unable to preview or publish apps that use Cloud SQL data sources, including the sample applications which worked perfectly before. The failure occurs during the authorization process. When previewing or publishing an app, Google App Maker displays a dialog stating "Deploying this app requires authorization". Next it prompts the user for their Google account and then requests approval for the necessary authorizations (e.g., "Manage the data in your Google SQL Service instances"). After approving the authorization, the prompts to authorize begin over with the dialog stating "Deploying this app requires authorization".
Observations:
We have repeated this problem on multiple different computers, networks, and four different user accounts.
In the SQL cloud console, our Cloud SQL instance shows new databases being created for each app along with new database-specific user accounts
All of the databases appear as expected when I log directly into the Cloud SQL database using phpMyAdmin
Other apps which don't use a Cloud SQL datasource work fine, including an app that uses a calculated data source which is hosted in the same Cloud SQL instance
The only errors in the Stack driver logs for the Cloud SQL database showed "INFO" level communication errors with the database (aborted connection...Got an error reading communication packets)
I'm unable to find Stack driver logs for the apps because I cannot preview or publish them (either option would provide a link to the Stack driver logs)
There are now approximately 20 databases in our SQL instance (mostly associated with simple app tests) and we have only used 1 GB of 10 GB of space in our SQL instance
I haven't seen any related problems on the Google Issue Tracker for Google App Maker
I'd appreciate any help or suggestions on what to check in order to resolve this issue.
I posted an issue to Google Issue Tracker and Google corrected the problem. They also provided a workaround if this problem happens again.
Here is the response from the Google development team posted on Google Issue Tracker: https://issuetracker.google.com/issues/145345198
It's great to hear your up and working again! We are aware of this issue and are working through a longer term fix. The specific bug appears to be related to some changes made in the Google Cloud session policy control that may have rolled out to your domain recently interacting with AppMaker in a way that was not expected. We've spent time diagnosing the underlying issue and we beleive we know the root cause. I suspect your domain admin did a version of the workaround below.
Without getting too far into the details, the specific bug is that for a Deployer of an AppMaker application, if the Google Cloud Session policy is set with any expiration time, the returned token AppMaker sees is invalid, triggering a loop in AppMaker trying to generate a valid security token. Historically, these session tokens never expired but recently there was beta feature launch that allowed domain admins to set them to expire. We strongly suspect your domain recently set this expiration policy explicitly and that's what is causing the bug.
The good news is that these policies are overridable per Organizational Unit and we have tested that OUs which have the original classic Never Expire setting do, in fact, allow AppMaker to work.
My suspicion is that your domain admin has reverted recent, local changes to your organizational policy under the admin.google.com console, specifically under Security > Google Cloud session control (Beta).
If this happens again, here the workaround we would recommend. Note you don't need to do this if you're currently up and working. You will need the help of someone with admin.gogole.com powers, specifically User and Organizational Unit powers at your organization. It is a slight increase in security risk but it restores some classic behavior that was standard until recently.
The summary of the workaround is to override the Google Cloud session control expiration setting such that individuals who need access to AppMaker deployments can have it. To mitigate systemic security risk, this is best done by creating a limited purpose Organizational Unit with just that setting different than the parent OU settings.
The workaround is to:
Contact someone in your domain with Admin powers for your Google for Business license.
Have your admin proceed to https://admin.google.com. The actions below need to be performed by a domain admin.
Under the Users section, identify the specific user account that needs the ability to deploy AppMaker Apps.
Identify the Organizational Unit of that Appmaker dev user and make a note of it.
Under the Organization Units settings, locate the Organization Unit you identified above.
Create a new Organization Unit underneath that user's current Organizational Unit with some descriptive identifying it as special w.r.t AppMaker. So for Developers, make something like DevelopersWhoAreAlsoAppMakerDevs.
Back under the Users tab, locate the user from step 3. Move this user into the new Organizational Unit you've just created. This change can take a while to propagate.
-Interlude- At this point, you've made a new Organizational Unit for just that individual and added them to it. You can certainly add multiple people to that OU, especially if they're already in the same parent OU. Use your discretion as to what amount of Organizational rework you wish to pursue. You may not be using OUs at all or you may decide to just turn off this control for the whole domain. It's up to you.
Under admin.google.com's Security settings, locate the Google Cloud session control (beta) settings.
Under this panel, from the dropdown menu on the left, locate the Organization Unit you just created.
Be sure to select ONLY the OU you intend to change.
Change the "Google Cloud Console and Google Cloud SDK session control" from expiring to "Session Never Expires".
Save your changes.
The account you selected in step 3 should now be able to deploy AppMaker apps.
It appears this OU change is only necessary for the deployer of an AppMaker app, not an individual user. Note also that if you have multiple AppMaker developers who all have different current OU settings, you may need to create multiple daughter OUs to avoid a sudden radical shift in OU settings for an individual account.
I'm developing a mobile application which I would like to distribute globally. The app is targeted for managers who want their employees to update data as they are on-the-go, while the manager has a web dashboard that collects and dices the data.
The architecture I would like to implement, is that the manager logs in to the product's website, creates an account, and gets a code. Employees are then asked to download the app, and enter that code upon initial setup.
My question is about the back-end implementation of the setup - I would like for each new customer to have their own firebase instance, which is automatically set up and registered when the account is created.
It seems like the API does not support creating new accounts or new repositories/instances.
Is there a way to create an account/instance using a script? If not, would one instance be able to hold potentially a very large number of tables, each table being a root for a specific customer and their data?
Thanks!
Use case: the app I built on app.foo.com, and an instance of telescope on community.foo.com, on separate application servers. The only collection they'd share is users. I would give the same mongo url and oplog url to both apps, and make sure that other than users, collection names did not overlap between the two apps.
Should this work fine? Any performance concerns?
The problem with this is you have to share the collection names.
If you use your databases you're also insured against Telescope suddenly using a collection name that your other app uses on a future version too.
What you can do is only share the users collection if you want.
Server side code (not needed on client)
Accounts.connection = DDP.connect("https://<telescope app url>");
Meteor.users = new Mongo.Collection("users", {
_preventAutopublish: true,
connection: Accounts.connection
});
Or more directly (not preferable if you're allowing OAuth logins)
var database = new MongoInternals.RemoteCollectionDriver("<mongo url of telescope app>");
Meteor.users = new Mongo.Collection("users", { _driver: database });
So this app now uses the Telescope app's user's collection.
There would be no problem with this at all. For example it's a common use case to have a user-facing app and an admin app, both using the same db.
This shouldn't be done at the database level:
When any of the two apps evolve, they could break themselves or the other one.
That's the kind of feature that belong in an API layer, or a separate service.
This way you have one user identity service that handles authentication (even cross-domain) and basic user data, and leave each app-specific user information in it's own part of your ecosystem. No risk of meltdown.
I can recommend a few :
Firebase
Parse
Hull.io (disclaimer : I'm a founder)
Auth0
LoginRadius
Most of these have client-side libs that you use to handle authentication and just pass back the currently logged-in user's ID to your app.
Some also offer to have one app being the Master, and authenticating users, then telling the service who's logged in, so you can retrieve data from your other app (at hull we call this Bring your own Users)