【发布时间】:2018-06-13 16:46:17
【问题描述】:
使用 firebase-tools v3.18.6,我的帐户中有 3 个不同的项目来模拟 dev/qa/prod 环境。部署到 dev 和 qa 工作正常,但部署到第三个项目失败,并显示以下调试输出(屏蔽可能的敏感信息):
firebase --debug --project=prod deploy --only functions
... lots of debug output ...
[2018-06-13T15:36:07.954Z] <<< HTTP RESPONSE 403 x-guploader-uploadid=AEnB2UoLPpYzpkSxyI2w-TCcJeZX8XvBvId1gEIMX1yoTBLqhEyNTR7whmnMV7z9gyVZ14T6QZj9I4GBXjBm_bj_FWgyc-v6hynRxROPl1sIQh_O1d8UWq0, content-type=application/xml; charset=UTF-8, content-length=297, vary=Origin, date=Wed, 13 Jun 2018 15:36:07 GMT, server=UploadServer, alt-svc=quic=":443"; ma=2592000; v="43,42,41,39,35", connection=close
[2018-06-13T15:36:07.955Z] <<< HTTP RESPONSE BODY <?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details>service-XXXXXXXXXXX@gcf-admin-robot.iam.gserviceaccount.com does not have storage.objects.create access to gcf-upload-us-central1-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX.</Details></Error>
我已经关注the google cloud docs 并确保:
- 所有需要的 api 都已启用
- 机器人的服务帐号具有 CloudFunctions.ServiceAgent 角色
- 我拥有项目的编辑/所有者权限
证明:
$ gcloud services list --project=prod | grep functions
cloudfunctions.googleapis.com Cloud Functions API
$ gcloud projects get-iam-policy prod | grep -B1 -A1 gcf
- members:
- serviceAccount:service-XXXXXXXXXXX@gcf-admin-robot.iam.gserviceaccount.com
role: roles/cloudfunctions.serviceAgent
$ gcloud projects get-iam-policy prod | grep -B1 -A1 jorgeg
- members:
- user:jorgeg@company.com
role: roles/owner
在这一点上,我相当确信在我的项目上启用 firebase 函数 api 时内部出现了问题,但想知道在我升级支持级别之前是否有人遇到过同样的问题。
TIA
【问题讨论】:
标签: firebase google-compute-engine google-cloud-functions