Firebase-functions: Deploy Error: Insufficient permissions to (re)configure a trigger

Created on 20 Apr 2017  路  11Comments  路  Source: firebase/firebase-functions

Version info

firebase-functions:
0.5.5
firebase-tools:
3.6.1
firebase-admin:
4.2.1

Test case

Uploading the following index.js file to functions:

const functions = require('firebase-functions');

exports.discoverText = functions.storage.object().onChange(event => {
  const object = event.data;
  console.log('The object is', object);
});

Steps to reproduce

This is a brand new project, just created -- I took a function that I've been testing and did a firebase deploy --only functions

UPDATE
Created a brand new project, tried to deploy, got the same error.

Were you able to successfully deploy your functions?

!  functions[discoverText]: Deploy Error: Insufficient permissions to (re)configure a trigger (permission denied for bucket functions-test-7f0c5.appspot.com). Please, give owner permissions to
 the editor role of the bucket and try again.

Expected behavior

I expect this function to deploy normally as it did not 10 minutes before. With zero code changes, it suddenly stopped deploying properly

Actual behavior

Deployment failed.

picture markgoho

Most helpful comment

Argh, I'm dumb... you actually need to run:

gsutil -m acl ch -p owners-<PROJECT-ID>:O gs://<BUCKET-ID>
gsutil -m acl ch -p editors-<PROJECT-ID>:O gs://<BUCKET-ID>
gsutil -m acl ch -p viewers-<PROJECT-ID>:R gs://<BUCKET-ID>

Note: no -r. Turns out that flag doesn't set the bucket ACLs, even though it recursively adds ACLs to all objects. Turns out defacl doesn't set the default bucket ACLs either :/

That should do it for you.

picture asciimike on 20 Apr 2017
🎉2 👍2

All 11 comments

Did you check auth status in firebase cli env using 'firebase login' ?

Ogulcan-Ozdemir picture Ogulcan-Ozdemir on 20 Apr 2017

@Ogulcan-Ozdemir Already logged in as [email protected]

markgoho picture markgoho on 20 Apr 2017

We're seeing the same behavior in some cases and are troubleshooting. Please reach out to Firebase support for personalized help in troubleshooting.

puf picture puf on 20 Apr 2017
👍1

Hey folks,

It's possible that the ACLs for your buckets aren't set up properly. We're working on ways to automagically fix them if we notice they're wrong, but it may take a little to roll that out.

In the mean time, install the latest Cloud SDK: https://cloud.google.com/sdk/docs/ and run these in your favorite terminal:

gsutil defacl ch -p viewers-<PROJECT-ID>:R gs://<BUCKET-ID>
gsutil defacl ch -p editors-<PROJECT-ID>:O gs://<BUCKET-ID>
gsutil defacl ch -p owners-<PROJECT-ID>:O gs://<BUCKET-ID>
gsutil -m acl -r ch -p owners-<PROJECT-ID>:O gs://<BUCKET-ID>
gsutil -m acl -r ch -p viewers-<PROJECT-ID>:R gs://<BUCKET-ID>
gsutil -m acl -r ch -p editors-<PROJECT-ID>:O gs://<BUCKET-ID>

It's likely you'll only need to run the top three to set the default ACLs, rather than the per object ACLs (as per the bottom three).

asciimike picture asciimike on 20 Apr 2017

First three commands went through, last three gave this error:
Encountered a problem: CommandException: No URLs matched: gs://functionsproject-b93f8.appspot.com/*

Retried deploying the function -- same error:
! functions[discoverText]: Deploy Error: Insufficient permissions to (re)configure a trigger (permission denied for bucket functionsproject-b93f8.appspot.com). Please, give owner permissions to the editor role of the bucket and try again.

markgoho picture markgoho on 20 Apr 2017
😕1

Argh, I'm dumb... you actually need to run:

gsutil -m acl ch -p owners-<PROJECT-ID>:O gs://<BUCKET-ID>
gsutil -m acl ch -p editors-<PROJECT-ID>:O gs://<BUCKET-ID>
gsutil -m acl ch -p viewers-<PROJECT-ID>:R gs://<BUCKET-ID>

Note: no -r. Turns out that flag doesn't set the bucket ACLs, even though it recursively adds ACLs to all objects. Turns out defacl doesn't set the default bucket ACLs either :/

That should do it for you.

asciimike picture asciimike on 20 Apr 2017
🎉2 👍2

More info is available here: https://github.com/firebase/functions-samples/issues/107#issuecomment-295865335, including a handy-dandy bash script

asciimike picture asciimike on 20 Apr 2017

+ functions: all functions deployed successfully!'

Yay!

markgoho picture markgoho on 20 Apr 2017

For what its worth I encountered this issue after I updated the CORS configuration as instructed in the firebase download file documentation.

mmccall10 picture mmccall10 on 27 Apr 2017

@mcdonamp I assume this is true now. It's from the storage permissions section on the Cloud console

You can no longer set ACLs in the console to manage access.

rtmalone picture rtmalone on 1 Sep 2017

@rtmalone I'm not sure what you're referencing... GCS changed from their legacy ACLs to IAM permissions, which may be what that's referring to? Either way, I don't know if it's related to this any longer.

asciimike picture asciimike on 1 Sep 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

piuccio picture piuccio  路  4Comments
ChromeQ picture ChromeQ  路  4Comments
h36ahmed picture h36ahmed  路  5Comments
nico75005 picture nico75005  路  4Comments
alexbjorlig picture alexbjorlig  路  3Comments