8000 Can not deploy gen2 trigger cloud functions with custom service account · Issue #6814 · firebase/firebase-tools · GitHub
[go: up one dir, main page]
Skip to content

Can not deploy gen2 trigger cloud functions with custom service account #6814

New issue
New issue
Open
Open
Can not deploy gen2 trigger cloud functions with custom service account#6814
Assignees
taeold
Labels
api: functionstype: bug
@sconix

Description

@sconix
sconix
opened on Feb 25, 2024

Environment info

firebase-tools: 13.3.1

Platform: Debian

Test case

export const automatedBackupFromFirestoreV2 = onSchedule(
  {
    region: 'europe-west1',
    schedule: 'every 168 hours',
    serviceAccount: 'compute-engine-default@*****.iam.gserviceaccount.com',
  },
  async () => {});

This happens also with onDocument* firestore triggers, basically anything that uses EventArc. GCloud tool seems to have separate trigger-service-account input argument so it is at least possible to define the service account to 8000 be used, but can not get it to work with firebase cloud functions. Have tried using the setGlobalOptions as well, but no luck with that neither.

This used to be an issue with the onCall and onRequest as well, but those now work with the latest version of firebase-tools.

Steps to reproduce

Have any kind of trigger cloud function and configure it to use custom service account and have a project that does not have the default compute engine service account which EventArc uses when no service account is defined.

Expected behavior

Deploy works without the error about missing default compute engine service account and the defined service account is used.

Actual behavior

[2024-02-25T18:58:14.315Z] Functions deploy failed.
[2024-02-25T18:58:14.315Z] {
  "endpoint": {
    "id": "automatedBackupFromFirestoreV2",
    "project": "*****",
    "region": "europe-west1",
    "entryPoint": "automatedBackupFromFirestoreV2",
    "platform": "gcfv2",
    "runtime": "nodejs18",
    "scheduleTrigger": {
      "schedule": "every 168 hours",
      "timeZone": null,
      "retryConfig": {}
    },
    "labels": {
      "deployment-tool": "cli-firebase"
    },
    "ingressSettings": null,
    "availableMemoryMb": null,
    "serviceAccount": "compute-engine-default@*****.iam.gserviceaccount.com",
    "timeoutSeconds": null,
    "maxInstances": null,
    "minInstances": null,
    "concurrency": 80,
    "vpc": null,
    "environmentVariables": {
      "BACKUPS_BUCKET": "\"gs://*****",
      "FIREBASE_CONFIG": "{\"projectId\":\"*****\",\"databaseURL\":\"*****\",\"storageBucket\":\"*****\",\"locationId\":\"europe-west\"}",
      "GCLOUD_PROJECT": "*****",
      "EVENTARC_CLOUD_EVENT_SOURCE": "projects/*****/locations/europe-west1/services/automatedBackupFromFirestoreV2"
    },
    "codebase": "default",
    "cpu": 1,
    "securityLevel": "SECURE_ALWAYS",
    "targetedByOnly": true,
    "hash": "*****",
    "uri": "*****",
    "runServiceId": "automatedbackupfromfirestorev2"
  },
  "op": "set invoker",
  "original": {
    "name": "FirebaseError",
    "children": [],
    "exit": 1,
    "message": "Failed to set the IAM Policy on the Service projects/*****/locations/europe-west1/services/automatedbackupfromfirestorev2",
    "original": {
      "name": "FirebaseError",
      "children": [],
      "context": {
        "body": {
          "error": {
            "code": 400,
            "message": "Service account <PROJECTID>-compute@developer.gserviceaccount.com does not exist.",
            "status": "INVALID_ARGUMENT"
          }
        },
        "response": {
          "statusCode": 400
        }
      },
      "exit": 1,
      "message": "HTTP Error: 400, Service account <PROJECTID>-compute@developer.gserviceaccount.com does not exist.",
      "status": 400
    },
    "status": 400,
    "code": 400
  }
}

Metadata

Metadata

Assignees

Labels

api: functionstype: bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0