You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running firebase init functions results in "Error: HTTP Error: 403, The caller does not have permission" when the user has following roles:
Firebase Develop Admin
Cloud Functions Admin
Service Account User
And there is no information which permission is missing either in the firebase documentation nor in the output of firebase CLI.
Also, it still fails even though the APIs (cloudfunctions.googleapis.com & runtimeconfig.googleapis.com) are already enabled for the project.
[REQUIRED] Steps to reproduce
Create a firebase project
Invite another user and assign him Firebase Develop Admin, Cloud Functions Admin & Service Account User roles.
Login with this new user in firebase login
Run firebase init functions
Use existing project and select this project.
[REQUIRED] Expected behavior
firebase init functions should run successfully if they required APIs are enabled already, and otherwise fail if the current user doesn't have required permission to enable the required APIs.
But even in case of failure there must be enough information for the user to solve the issue. i.e. giving user details about required APIs so that he can ask the project Owner to enable them, also informing user which permission/role is require to automatically enable the APIs.
[REQUIRED] Actual behavior
It fails with "Error: HTTP Error: 403, The caller does not have permission", which tells almost nothing about actual issue and how to resolve the problem.
[2020-08-26T13:58:09.436Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2020-08-26T13:58:09.678Z] > authorizing via signed-in user
######## #### ######## ######## ######## ### ###### ########
## ## ## ## ## ## ## ## ## ## ##
###### ## ######## ###### ######## ######### ###### ######
## ## ## ## ## ## ## ## ## ## ##
## #### ## ## ######## ######## ## ## ###### ########
You're about to initialize a Firebase project in this directory:
C:\Users\abdul\OneDrive\Documents\Work\firebase-test
? Are you ready to proceed? Yes
=== Project Setup
First, let's associate this project directory with a Firebase project.
You can create multiple project aliases by running firebase use --add,
but for now we'll just set up a default project.
? Please select an option: Use an existing project
[2020-08-26T13:58:20.684Z] >>> HTTP REQUEST GET https://firebase.googleapis.com/v1beta1/projects?pageSize=100
[2020-08-26T13:58:21.351Z] <<< HTTP RESPONSE 200 {"content-type":"application/json; charset=UTF-8","vary":"X-Origin, Referer, Origin,Accept-Encoding","date":"Wed, 26 Aug 2020 13:58:22 GMT","server":"ESF","cache-control":"private","x-xss-protection":"0","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","alt-svc":"h3-29=\":443\"; ma=2592000,h3-27=\":443\"; ma=2592000,h3-T050=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"","accept-ranges":"none","transfer-encoding":"chunked"}
? Select a default Firebase project for this directory: exceeders-app-staging (Exceeders App Staging)
i Using project exceeders-app-staging (Exceeders App Staging)
=== Functions Setup
A functions directory will be created in your project with a Node.js
package pre-configured. Functions can be deployed with firebase deploy.
[2020-08-26T13:58:23.956Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2020-08-26T13:58:23.980Z] > authorizing via signed-in user
[2020-08-26T13:58:23.985Z] [iam] checking project exceeders-app-staging for permissions ["firebase.projects.get"]
[2020-08-26T13:58:24.016Z] >>> HTTP REQUEST POST https://cloudresourcemanager.googleapis.com/v1/projects/exceeders-app-staging:testIamPermissions
{"permissions":["firebase.projects.get"]}
[2020-08-26T13:58:25.578Z] <<< HTTP RESPONSE 200 {"content-type":"application/json; charset=UTF-8","vary":"X-Origin, Referer, Origin,Accept-Encoding","date":"Wed, 26 Aug 2020 13:58:26 GMT","server":"ESF","cache-control":"private","x-xss-protection":"0","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","server-timing":"gfet4t7; dur=1190","alt-svc":"h3-29=\":443\"; ma=2592000,h3-27=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-T050=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"","accept-ranges":"none","transfer-encoding":"chunked"}
[2020-08-26T13:58:25.604Z] >>> HTTP REQUEST POST https://serviceusage.googleapis.com/v1/projects/exceeders-app-staging/services/cloudfunctions.googleapis.com:enable
[2020-08-26T13:58:25.611Z] >>> HTTP REQUEST POST https://serviceusage.googleapis.com/v1/projects/exceeders-app-staging/services/runtimeconfig.googleapis.com:enable
[2020-08-26T13:58:27.347Z] <<< HTTP RESPONSE 403 {"vary":"X-Origin, Referer, Origin,Accept-Encoding","content-type":"application/json; charset=UTF-8","date":"Wed, 26 Aug 2020 13:58:28 GMT","server":"ESF","cache-control":"private","x-xss-protection":"0","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","alt-svc":"h3-29=\":443\"; ma=2592000,h3-27=\":443\"; ma=2592000,h3-T050=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"","accept-ranges":"none","transfer-encoding":"chunked"}
[2020-08-26T13:58:27.355Z] <<< HTTP RESPONSE BODY {"error":{"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"}}
[2020-08-26T13:58:27.446Z] <<< HTTP RESPONSE 403 {"vary":"X-Origin, Referer, Origin,Accept-Encoding","content-type":"application/json; charset=UTF-8","date":"Wed, 26 Aug 2020 13:58:28 GMT","server":"ESF","cache-control":"private","x-xss-protection":"0","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","alt-svc":"h3-29=\":443\"; ma=2592000,h3-27=\":443\"; ma=2592000,h3-T050=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"","accept-ranges":"none","transfer-encoding":"chunked"}
[2020-08-26T13:58:27.464Z] <<< HTTP RESPONSE BODY {"error":{"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"}}
Error: HTTP Error: 403, The caller does not have permission
[2020-08-26T13:58:27.702Z] Error Context: {
"body": {
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
},
"response": {
"statusCode": 403,
"body": {
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
},
"headers": {
"vary": "X-Origin, Referer, Origin,Accept-Encoding",
"content-type": "application/json; charset=UTF-8",
"date": "Wed, 26 Aug 2020 13:58:28 GMT",
"server": "ESF",
"cache-control": "private",
"x-xss-protection": "0",
"x-frame-options": "SAMEORIGIN",
"x-content-type-options": "nosniff",
"alt-svc": "h3-29=\":443\"; ma=2592000,h3-27=\":443\"; ma=2592000,h3-T050=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"accept-ranges": "none",
"transfer-encoding": "chunked"
},
"request": {
"uri": {
"protocol": "https:",
"slashes": true,
"auth": null,
"host": "serviceusage.googleapis.com",
"port": 443,
"hostname": "serviceusage.googleapis.com",
"hash": null,
"search": null,
"query": null,
"pathname": "/v1/projects/exceeders-app-staging/services/runtimeconfig.googleapis.com:enable",
"path": "/v1/projects/exceeders-app-staging/services/runtimeconfig.googleapis.com:enable",
"href": "https://serviceusage.googleapis.com/v1/projects/exceeders-app-staging/services/runtimeconfig.googleapis.com:enable"
},
"method": "POST"
}
}
}
The text was updated successfully, but these errors were encountered:
Was having the same issue today. Another developer with the same permission list as described by OP, calling firebase init functions in a project that had functions configured previously. We were getting the same 403 error. Solved, if I can say that, by making another dev the "Owner" of the Firebase project in the firebase dashboard.
[REQUIRED] Environment info
firebase-tools:
8.9.0
Platform:
Windows
[REQUIRED] Test case
Running
firebase init functions
results in "Error: HTTP Error: 403, The caller does not have permission" when the user has following roles:And there is no information which permission is missing either in the firebase documentation nor in the output of firebase CLI.
Also, it still fails even though the APIs (cloudfunctions.googleapis.com & runtimeconfig.googleapis.com) are already enabled for the project.
[REQUIRED] Steps to reproduce
Firebase Develop Admin
,Cloud Functions Admin
&Service Account User
roles.firebase login
firebase init functions
[REQUIRED] Expected behavior
firebase init functions
should run successfully if they required APIs are enabled already, and otherwise fail if the current user doesn't have required permission to enable the required APIs.But even in case of failure there must be enough information for the user to solve the issue. i.e. giving user details about required APIs so that he can ask the project Owner to enable them, also informing user which permission/role is require to automatically enable the APIs.
[REQUIRED] Actual behavior
It fails with "Error: HTTP Error: 403, The caller does not have permission", which tells almost nothing about actual issue and how to resolve the problem.
The text was updated successfully, but these errors were encountered: