search

firebase / firebase-functions-python

Apache License 2.0
138 stars 23 forks source link

firestore CREDENTIALS Error when deploying firebase cloud function written in python #126

Open Daxitdon opened 1 year ago

Daxitdon commented 1 year ago

[REQUIRED] Environment info firebase-tools:12.4.7

Platform: windows with python version of 3.11

[REQUIRED] Test case

i have code like below in for firebase cloud function in main.py. when i test function using firebase emulators:start --only functions it worked perfectly

now when i try to deploy it using firebase deploy --only functions it gave me below error while pointing to db = firestore.client() line in code

error """"""""" raise exceptions.DefaultCredentialsError(_CLOUD_SDK_MISSING_CREDENTIALS) google.auth.exceptions.DefaultCredentialsError: Your default credentials were not found. To set up Application Default Credentials, see https://cloud.google.com/docs/authentication/external/set-up-adc for more information.

""""""""" code """ from firebase_functions import https_fn, options import firebase_admin from firebase_admin import firestore app = firebase_admin.initialize_app() options.set_global_options(timeout_sec=1000)

db = firestore.client()

firebase function that write something to firestore database is written below

"""

[REQUIRED] Steps to reproduce

use above code in main.py inside functions folder and try to deploy functions you will get same error

[REQUIRED] Expected behavior

credential should be automatically added since i am logged into my account using firebase login and using correct Project ID. it did not ask for credential when i was tasing using firebase emulators:start --only functions and it was working perfectly.

[REQUIRED] Actual behavior

it's asking for credential

aalej commented 1 year ago

Hi @Daxitdon, thanks for filling this issue. I was able to replicate the behavior you mentioned. I tried to deploy the code snippet you provided and an error was raised. Let me notify our team about this issue so that we can provide more context about this and investigate this behavior.

mikeknapp commented 1 year ago

+1 I'm having the same issue on Windows.

I've set up GOOGLE_APPLICATION_CREDENTIALS, but still no luck. What's weird is that it was allowing me to deploy this morning without this issue.

Maybe related, maybe not, I think I was able to write to Firestore db from my local cloud function before I setup the credentials - at least, I'm fairly certain I hasn't set it up, unless something was set up automatically when I logged in Firebase via the browser auth workflow.

My Firestore rules look as follows:


rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;
    }
  }
}
mikeknapp commented 1 year ago

I've discovered if I move the db = firestore.client() into my cloud function, I'm able to deploy.

Daxitdon commented 1 year ago

I've discovered if I move the db = firestore.client() into my cloud function, I'm able to deploy.

Great find!. I guess we have to continue doing it until the issue is resolved.

colerogers commented 1 year ago

Hi folks, it looks like this issue is happening during our code discovery process. That process involves "running" your code and it looks like the creds aren't being passed to that process. For now, use the workaround above. I'm gonna move this issue over to the python sdk repo. thanks

LogansUA commented 1 year ago

Hey, I'm actually having the same issue during firebase deploy in GitHub actions. I'm using 2 different ways setting service account creds for the action:

  1. Using google-github-actions/auth@v1, like this: 
    - name: Authenticate to Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: '${{ secrets.SERVICE_ACCOUNT }}'
  2. Using GOOGLE_APPLICATION_CREDENTIALS, like this: 
    
- name: Build Cloud Functions
working-directory: functions
env:
SERVICE_ACCOUNT: ${{ secrets.SERVICE_ACCOUNT }}
run: |
echo $SERVICE_ACCOUNT >> ./config.json

127.0.0.1 - - [01/Oct/2023 20:34:52] "GET /__/functions.yaml HTTP/1.1" 500 -

[2023-10-01T20:34:52.253Z] Got response code 500; body <!doctype html>

500 Internal Server Error

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

127.0.0.1 - - [01/Oct/2023 20:34:52] "GET /__/quitquitquit HTTP/1.1" 200 - Terminated ``` The interesting thing is that the 1st approach works for functions written using Node.js, I have a different repo with proper deploy setup through GH actions, which I thought I would be able to reuse with Python 🤷 Before you ask, the `SERVICE_ACCOUNT` I'm using is properly generated in GCP Console with proper permissions. **(Updated)** Sorry, I just noticed that it's getting addressed in firebase/firebase-tools#6274, feel free to ignore the text above 🙂
Cazforshort commented 3 months ago

Can this be added to the docs as a warning so others don't spend a ton of time trying to figure out why its not working?

Bazina commented 2 months ago

I still have the same issue while using this

  uses: google-github-actions/auth@v1
  with:
    credentials_json: '${{ secrets.SERVICE_ACCOUNT }}'

while the env have all the variables required image

eliotc commented 1 month ago

Hi folks, it looks like this issue is happening during our code discovery process. That process involves "running" your code and it looks like the creds aren't being passed to that process. For now, use the workaround above. I'm gonna move this issue over to the python sdk repo. thanks

@colerogers , I can see your pull request for fixing this issue is not merged yet. Any update on this issue?

berkdilek commented 2 days ago

The issue still exists. Can the workaround above cause any cold-start problems?

@colerogers, the PR seems to have been open for more than a year now. Do you have any updates on this issue?