错误:无法加载默认凭据.上下文:firebase登录:ci和firebase auth:导出 [英] Error: Could not load the default credentials. context: firebase login:ci AND firebase auth:export
问题描述
免责声明:有很多类似的问题提到同一条错误消息,但我读了很多,但都没有涉及到我的上下文.
Disclaimer: There are lots of similar questions mentioning the same error message but I read many and none of them pertained to my context.
我正在尝试使用命令 firebase自动导出Firebase身份验证数据库-调试auth:export
.该命令在我的本地计算机上完美执行.但是,当我尝试在CI上运行它时,它失败并显示以下错误消息:
I am trying to automate exporting the Firebase Authentication database using the command firebase --debug auth:export
. The command executes flawlessly on my local machine. But when I try to run it on CI it fails with the following error message:
[2021-04-27T20:48:23.188Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2021-04-27T20:48:26.208Z] Error: Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.
at GoogleAuth.getApplicationDefaultAsync (/home/node/.npm-global/lib/node_modules/firebase-tools/node_modules/google-auth-library/build/src/auth/googleauth.js:160:19)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at runNextTicks (internal/process/task_queues.js:66:3)
at listOnTimeout (internal/timers.js:518:9)
at processTimers (internal/timers.js:492:7)
at async GoogleAuth.getClient (/home/node/.npm-global/lib/node_modules/firebase-tools/node_modules/google-auth-library/build/src/auth/googleauth.js:502:17)
at async GoogleAuth.getAccessToken (/home/node/.npm-global/lib/node_modules/firebase-tools/node_modules/google-auth-library/build/src/auth/googleauth.js:524:24)
Error: An unexpected error has occurred.
我正在尝试在 Gitlab预定管道使用.gitlab-ci.yml文件.为此,我了解我需要使用 firebase登录进行身份验证:ci
命令.我这样做是因为我的.gitlab-ci.yml工作中的其他 firebase
命令(例如 firebase use
和 firebase deploy )知道令牌是有效的,代码>.
I am trying to run this command in a Gitlab Scheduled Pipeline using a .gitlab-ci.yml file. For that to work I understand I need to authenticate using the firebase login:ci
command. I did that and I know the token is valid because other firebase
commands in my .gitlab-ci.yml work, for instance firebase use
and firebase deploy
.
这是我的.gitlab-ci.yml的简化版:
Here is a simplified version of my .gitlab-ci.yml:
stages:
- stg_backups
jb_auth_backup:
stage: stg_backups
image: devillex/docker-firebase
only:
- schedules
script:
- firebase use --token $MY_CI_FIREBASE_DEPLOY_KEY $MY_FIREBASE_PROJECT
- mkdir backups
- firebase --debug auth:export backups/my-auth-backup.json --format=JSON
artifacts:
paths:
- backups
将环境变量正确设置为 Gitlab项目变量.
The environment variables are set correctly as Gitlab Project variables.
我尝试刷新我的Firebase身份验证令牌,但这没有用.我曾尝试阅读以下类似帖子中的错误消息,但由于他们谈论的是Google Cloud Platform服务帐户,因此我不确定与Firebase身份验证令牌有什么关系或与之相关.
I have tried refreshing my firebase authentication token but that didn't work. I have tried reading about the error message in posts like the following, but since they talk about Google Cloud Platform service accounts, I am not sure how or if that's related to firebase authentication tokens.
我还分析了分配给我的Google用户角色的权限.我的Google用户具有所有者"在IAM中.我在IAM中发现了另一个似乎相关的角色:"Firebase身份验证管理员".该角色具有15个权限,我确认为所有者"也具有以下权限:
I have also analyzed the permissions assigned to the role my Google user has. My Google user has "Owner" in the IAM. I found another role in the IAM that seems relevant: "Firebase Authentication Admin". That role has 15 permissions I confirmed "Owner" also has these permissions:
- firebase.clients.get
- firebase.clients.list
- firebase.projects.get
- firebaseauth.configs.create
- firebaseauth.configs.get
- firebaseauth.configs.getHashConfig
- firebaseauth.configs.update
- firebaseauth.users.create
- firebaseauth.users.createSession
- firebaseauth.users.delete
- firebaseauth.users.get
- firebaseauth.users.sendEmail
- firebaseauth.users.update
- resourcemanager.projects.get
- resourcemanager.projects.list
但是,错误消息说它需要范围".是范围"吗?和权限"不同的?我还没有看到有关范围"的任何文档.在IAM文档中.所以我不确定我是否在寻找正确的文档.
However, the error message says it "requires scopes". Are "scopes" and "permissions" different? I haven't seen any documentation about "scopes" in the IAM documentation. So I'm not sure if I'm looking at the right documentation.
有人知道如何运行 firebase --debug auth:export
来自 Gitlab计划的管道?
推荐答案
,应将-token< token>
传递给每个 firebase
命令:
As implied by the Firebase CLI reference section "Use the CLI with CI systems", the --token <token>
should be passed to every firebase
command:
-
在运行firebase命令时使用此令牌.您可以使用以下两个选项:
Use this token when running firebase commands. You can use either of the following two options:
-
将令牌存储为环境变量FIREBASE_TOKEN.你的系统将自动使用令牌.
Store the token as the environment variable FIREBASE_TOKEN. Your system will automatically use the token.
在CI中运行带有--token标志的所有firebase命令系统.令牌加载的优先顺序是标志,环境变量,所需的Firebase项目.
Run all firebase commands with the --token flag in your CI system. The order of precedence for token loading is flag, environment variable, desired Firebase project.
尽管.codelab--ci.yml脚本中的-token< token>
传递给了 firebase use
命令,但并未传递给 firebase auth:export
命令.不要以为 firebase use
不仅可以保存活动项目选择,还可以保存令牌.根据 firebase帮助使用
,其唯一目的是为您的工作目录设置一个活动的Firebase项目".关于设置活动令牌,它什么也没说.
Although --token <token>
is passed to the firebase use
command in the .gitlab-ci.yml script, it is not being passed to the firebase auth:export
command. Don't assume that firebase use
saves not only the active project selection but also the token. According to firebase help use
, its only purpose is to "set an active Firebase project for your working directory". It says nothing about setting an active token.
我已经确认以下.gitlab-ci.yml脚本确实成功导出了Firebase身份验证数据库:
I have confirmed the following .gitlab-ci.yml script does, in fact, export the Firebase authentication database successfully:
stages:
- stg_backups
jb_auth_backup:
stage: stg_backups
image: devillex/docker-firebase
only:
- schedules
script:
- firebase --token $MY_CI_FIREBASE_DEPLOY_KEY use $MY_FIREBASE_PROJECT
- mkdir backups
- firebase --token $MY_CI_FIREBASE_DEPLOY_KEY auth:export backups/my-auth-backup.json --format=JSON
artifacts:
paths:
- backups
请注意, firebase use
和 firebase auth:export
命令的语法均已从原始.gitlab-ci.yml进行了更改.现在,他们都将-token< token>
放在 firebase
可执行命令之后.根据 firebase帮助
,此方法可以更好地遵守已记录的语法.那里说正确的语法是 firebase [options] [command]
,其中-token
是选项之一.
Note that the syntax of both the firebase use
and firebase auth:export
commands have been changed from the original .gitlab-ci.yml. They now both put the --token <token>
right after the firebase
executable command. This adheres better to the documented syntax according to firebase help
. There it says the correct syntax is firebase [options] [command]
where --token
is one of the options.
事实上,甚至还不清楚 firebase是否使用--token< my_token>< my_project>
甚至对令牌都格外注意,因为它是在之后而不是之前使用 use
命令.Firebase使用--token 太糟糕了,不仅仅是抛出一个错误让用户知道-token
属于 [options]
是 firebase
而不是 [options]
用于 use
.
In fact, it's not even clear whether firebase use --token <my_token> <my_project>
even paid any attention to the token since it's after instead of before the use
command. It's too bad firebase use --token
doesn't just throw an error to let the user know that --token
belongs to the [options]
for firebase
not the [options]
for use
.
这篇关于错误:无法加载默认凭据.上下文:firebase登录:ci和firebase auth:导出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!