使用 firebase-tools v3.18.6,我的帐户中有 3 个不同的项目模拟 dev/qa/prod 环境。部署到 dev 和 qa 工作得很好,但部署到第三个项目失败,并显示以下调试输出(屏蔽了可能的敏感信息):
firebase --debug --project=prod deploy --only functions
... lots of debug output ...
[2018-06-13T15:36:07.954Z] <<< HTTP RESPONSE 403 x-guploader-uploadid=AEnB2UoLPpYzpkSxyI2w-TCcJeZX8XvBvId1gEIMX1yoTBLqhEyNTR7whmnMV7z9gyVZ14T6QZj9I4GBXjBm_bj_FWgyc-v6hynRxROPl1sIQh_O1d8UWq0, content-type=application/xml; charset=UTF-8, content-length=297, vary=Origin, date=Wed, 13 Jun 2018 15:36:07 GMT, server=UploadServer, alt-svc=quic=":443"; ma=2592000; v="43,42,41,39,35", connection=close
[2018-06-13T15:36:07.955Z] <<< HTTP RESPONSE BODY <?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details><a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="76051304001f15135b2e2e2e2e2e2e2e2e2e2e2e361115105b17121b1f185b0419141902581f171b5811051304001f1513171515190318025815191b" rel="noreferrer noopener nofollow">[email protected]</a> does not have storage.objects.create access to gcf-upload-us-central1-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX.</Details></Error>
我已经关注了the google cloud docs并确保:
- 所有需要的 API 均已启用
- 机器人的服务帐号具有 CloudFunctions.ServiceAgent 角色
- 我拥有该项目的编辑者/所有者权限
证明:
$ gcloud services list --project=prod | grep functions
cloudfunctions.googleapis.com Cloud Functions API
$ gcloud projects get-iam-policy prod | grep -B1 -A1 gcf
- members:
- serviceAccount:<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="cbb8aeb9bda2a8aee693939393939393939393938baca8ade6aaafa6a2a5e6b9a4a9a4bfe5a2aaa6e5acb8aeb9bda2a8aeaaa8a8a4bea5bfe5a8a4a6" rel="noreferrer noopener nofollow">[email protected]</a>
role: roles/cloudfunctions.serviceAgent
$ gcloud projects get-iam-policy prod | grep -B1 -A1 jorgeg
- members:
- user:<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2b4144594c4e4c6b4844465b4a455205484446" rel="noreferrer noopener nofollow">[email protected]</a>
role: roles/owner
此时,我相当确信在我的项目上启用 Firebase 函数 api 时内部出现了问题,但想知道在我升级支持级别之前是否有人遇到过同样的问题。
TIA
最佳答案
我们遇到了同样的问题并通过以下方式解决了它:
- 在 gcloud 存储中创建一个存储桶,名为 foo
- 使用该存储桶通过 gcloud beta 部署函数:
gcloud beta 函数部署 myFunction --trigger-http --stage-bucket foo
- 这修复了权限,然后常规的 Firebase 部署开始工作
关于Firebase 功能部署失败并拒绝访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50842382/