Firebase Cloud Functions Firestore 触发器产生:错误:7 PERMISSION_DENIED:缺少权限或权限不足 [英] Firebase Cloud Functions Firestore Trigger produces: Error: 7 PERMISSION_DENIED: Missing or insufficient permissions
问题描述
当我的一个文档已使用触发器更新时,我正在尝试使用 Firebase 云函数来更新我的 Firestore 数据库中的文档.触发器被调用并且工作正常,但是当我使用 firebase 管理实例获取我想要更新的另一个文档时,我收到以下错误.
I'm trying to use a Firebase Cloud Function to update a document within my Firestore database, when one of my documents has been updated using a trigger. The trigger is called and working fine, but when I'm using the firebase admin instance to get the other document which I want to update, I'm getting the following error.
Error: 7 PERMISSION_DENIED: Missing or insufficient permissions.
at Object.exports.createStatusError (/user_code/node_modules/firebase-admin/node_modules/grpc/src/common.js:87:15)
at ClientReadableStream._emitStatusIfDone (/user_code/node_modules/firebase-admin/node_modules/grpc/src/client.js:235:26)
at ClientReadableStream._receiveStatus (/user_code/node_modules/firebase-admin/node_modules/grpc/src/client.js:213:8)
at Object.onReceiveStatus (/user_code/node_modules/firebase-admin/node_modules/grpc/src/client_interceptors.js:1256:15)
at InterceptingListener._callNext (/user_code/node_modules/firebase-admin/node_modules/grpc/src/client_interceptors.js:564:42)
at InterceptingListener.onReceiveStatus (/user_code/node_modules/firebase-admin/node_modules/grpc/src/client_interceptors.js:614:8)
at /user_code/node_modules/firebase-admin/node_modules/grpc/src/client_interceptors.js:1019:24
功能代码:
import * as functions from "firebase-functions";
import * as admin from "firebase-admin";
admin.initializeApp();
const settings = { timestampsInSnapshots: true };
admin.firestore().settings(settings);
export const onDocUpdate = functions.firestore
.document("documents/{documentId}")
.onUpdate((snapshot, context) => {
console.log("onDocUpdate called ", context.params.documentId);
const document = snapshot.after.data();
console.log("Document: ", document);
if (document.screw) {
console.log("Document screw exists. ", document.screw);
const docRef = admin
.firestore()
.collection("screws")
.doc(document.screw);
return docRef
.get()
.then(doc => {
if (doc.exists) {
console.log("Screw for document exists.");
} else {
console.error(
"Screw for document not found! ",
document.screw
);
}
})
.catch(error => {
// Here I get the permission error :(
console.error(
"Screw for document doc load error!! ",
error
);
});
} else {
console.error("Document is not bound to a screw! ", document.id);
}
return null;
});
package.json
package.json
{
"name": "functions",
"scripts": {
"lint": "tslint --project tsconfig.json",
"build": "tsc",
"serve": "npm run build && firebase serve --only functions",
"shell": "npm run build && firebase functions:shell",
"start": "npm run shell",
"deploy": "firebase deploy --only functions",
"logs": "firebase functions:log"
},
"main": "lib/index.js",
"dependencies": {
"@google-cloud/firestore": "^0.16.0",
"firebase-admin": "^6.0.0",
"firebase-functions": "^2.0.4",
"protobufjs": "^6.8.8"
},
"devDependencies": {
"tslint": "~5.8.0",
"typescript": "~2.8.3"
},
"private": true
}
我认为它与管理员实例的权限有关,但不知道错误可能是什么,我只是按照 youtube 上的文档和 firebase 视频中的步骤进行操作.
I assume that it has something to do with the permission of the admin instance, but no idea what the error could be, I've just followed the steps from the docs and the firebase videos on youtube.
我的帐户仍处于免费计划中,并且我在日志中收到一条通知,我应该配置结算帐户,但如果正确理解文档,我应该能够访问 Google Cloud Platform 中的服务等读取同一数据库中的其他节点应该不是问题.
My account is still on a Free Plan and I'm getting a notice in the logs the that I should configure the billing account, but if understand the documentation correct I should be able to access services within the Google Cloud Platform and so reading other nodes within the same database should not be a problem.
我已经在 stackoverflow 上发现了两个类似的问题,但没有找到解决方案.也许其他人同时也遇到了这个问题并且能够解决它?
I've already found two similar issues here on stackoverflow, but did not find a solution there. Maybe someone else also faced this issue in the meantime and was able to solve it?
PERMISSION_DENIED Firestore CloudFunction TypeScript 和Firebase 通过函数写入 Firestore 时出错: 7 PERMISSION_DENIED: 权限缺失或不足"
更新 1: 新的 timestampsInSnapshots 设置存在另一个问题.这已得到修复,上面的代码已更新.主要问题权限被拒绝仍然存在.
Update 1: Had another issue with the new timestampsInSnapshots setting. This has been fixed and the code above updated. The main issue permission denied is still present.
更新 2:关于下面@RonRoyston 的回答.这是一个云函数,它使用 firebase-admin 包中的 Admin SDK 来读取节点.因此,它不应受 Firestore 安全规则的影响.已经有评论@DougStevenson 提到的相关问题.根据 Admin SDK 文档,通过调用初始化它就足够了admin.initializeApp(),但不幸的是在我的情况下它不是.我没有读到在使用 Cloud Functions 时需要在服务帐户或安全规则中应用任何特殊 IAM 设置的地方,因此我没有触及任何这些设置.
Update 2: Regarding the answer by @RonRoyston below. This is a Cloud Function and its using the Admin SDK from firebase-admin package to read the node. Hence it should not be effected by the firestore security rules. There's already a comment on one of the linked questions by @DougStevenson mentioning this. Based on the Admin SDK documentation it should be enough to initialize it by calling admin.initializeApp(), but unfortunately in my case it isn't. I've read no where that there is any need to apply any special IAM settings within the service accounts or security rules when using Cloud Functions, and so I didn't touch any of these settings.
干杯,拉尔斯
推荐答案
我终于搞定了.我没有更改任何 Firestore 安全规则,也没有更改任何 IAM 内容.我删除了在 us-central1 上运行的功能.再次创建了相同的 Cloud Function 项目,复制了我现有的代码,但这次我将它部署到 europe-west1,它开箱即用.
I've finally got it working. I didn't change any firestore security rules nor any IAM stuff. I deleted the function which was running on us-central1. Created the same Cloud Function project again, copied over my existing code, but this time I deployed it to europe-west1 and it worked out of the box.
我假设在第一次部署到 us-central1 时可能会出现问题,之后即使我多次删除并重新部署该功能,我的项目仍会出现错误.不确定到底发生了什么,因为没有显示明显的错误.也许了解内部工作流程的 Firebase 团队中的某个人可以告诉我们是否会发生这样的事情,如果会,如何处理.
I assume that something might failed during the first initial deployment to us-central1 and after that my project stuck with the error even if I had deleted and redeployed the function several times. Not sure what happened exactly, because no obvious error has been displayed. Maybe someone of the firebase team who knows the internal workflows can tell us if something like this can happen and if yes, how to deal with it.
目前上述步骤解决了我的问题.
For now the above steps solved my issue.
这篇关于Firebase Cloud Functions Firestore 触发器产生:错误:7 PERMISSION_DENIED:缺少权限或权限不足的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
