Google-cloud-go: firestore: can read but not write, internal error, using examples from google documentation, golang

Created on 14 Sep 2020  路  7Comments  路  Source: googleapis/google-cloud-go

Client

Local with Golang, Gin, using this example from Google

Environment

Mac OS, Locally run on docker, shared volume

FROM golang

WORKDIR /app
COPY . /app

ENV GOOGLE_APPLICATION_CREDENTIALS /app/xxxxxxxx.json

CMD ["go", "run", "hello.go"]

Go Environment

go version go1.15.1 linux/amd64

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/app/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build863804294=/tmp/go-build -gno-record-gcc-switches"

Code

func GetPage(c *gin.Context) {
    ctx := context.Background()
    client, err := firestore.NewClient(ctx, "xxxxxxxxx")
    if err != nil {
        log.Fatalf("client failure: %v", err)
    }

    // THIS WORKS (Manually added data in firestore)
    iter := client.Collection("users").Documents(ctx)
    for {
        doc, err := iter.Next()
        if err == iterator.Done {
            break
        }
        if err != nil {
            log.Fatalf("Failed to iterate: %v", err)
        }
        fmt.Println(doc.Data())
    }

    // THIS FAILS: 
    _, _, err = client.Collection("users").Add(ctx, map[string]interface{}{
        "first":  "someone",
        "middle": "else",
        "last":   "toadd",
        "born":   2020,
    })
    if err != nil {
        log.Fatalf("Failed adding aturing: %v", err)
    }

    c.JSON(200, gin.H{"result": "success"})
}

Expected behavior

When I hit the correct URL to trigger this code I will read and write data to my firestore

Actual behavior

I can only read data from firestore. I get the following error:

[GIN-debug] Listening and serving HTTP on :8080

map[born:1912 first:Alan last:turing middle:Mathison]
2020/09/14 04:44:19 Failed adding aturing: rpc error: code = Internal desc = An internal error occurred.
exit status 1
root@aadcd602156f:/app#

Additional context
GOOGLE_APPLICATION_CREDENTIALS is set as an env var. For this testing example the secret JSON file is inside the /app directory

firestore question
Source
picture jasonsemko

Most helpful comment

And @jasonsemko , thanks for reporting and glad that you are unblocked!

picture tritone on 21 Sep 2020
🎉1 👍1

All 7 comments

I determined what it was. Permissions.

I'm leaving this open now for visibility and can follow up as needed if you have any questions because I feel like I should have rec'd a Permissions error not an internal error

jasonsemko picture jasonsemko on 15 Sep 2020

@benwhitehead any thoughts on how this error came about from a permissions issue? Flagging in case you want to escalate.

tritone picture tritone on 21 Sep 2020

And @jasonsemko , thanks for reporting and glad that you are unblocked!

tritone picture tritone on 21 Sep 2020
🎉1 👍1

I'm not sure. @jasonsemko When you were receiving the error, did the service account in use only have Datastore Viewer role (and thus I assume you added Datastore Editor or Datastore Owner to get the write permissions?

BenWhitehead picture BenWhitehead on 21 Sep 2020

@BenWhitehead I reused a service account that didn't have anything firestore related from what I can recall. I _think_ I created the original service account from this tutorial here: https://github.com/GoogleCloudPlatform/github-actions/tree/master/example-workflows/cloud-run

jasonsemko picture jasonsemko on 23 Sep 2020

That's probably what did it. The Project Viewer role has read permission for Datastore/Firestore databases which allows any read operations.

I think we can go ahead and close this issue since we were able to get you unblocked and understand what most likely lead to the error message. But I'll pass along this issue to the backend team and see if they can do anything to improve the error message returned.

BenWhitehead picture BenWhitehead on 23 Sep 2020

Thanks @BenWhitehead for the follow up. I'll go ahead and close this.

tritone picture tritone on 24 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

purohit picture purohit  路  4Comments
deelienardy picture deelienardy  路  3Comments
3cham picture 3cham  路  3Comments
dragan-cikic-shortcut picture dragan-cikic-shortcut  路  3Comments
eriklott picture eriklott  路  4Comments