firestore CREDENTIALS Error when deploying firebase cloud function written in python

[Daxitdon]

[REQUIRED] Environment info firebase-tools:12.4.7

Platform: windows with python version of 3.11

[REQUIRED] Test case

i have code like below in for firebase cloud function in main.py. when i test function using firebase emulators:start --only functions it worked perfectly

now when i try to deploy it using firebase deploy --only functions it gave me below error while pointing to db = firestore.client() line in code

error """"""""" raise exceptions.DefaultCredentialsError(_CLOUD_SDK_MISSING_CREDENTIALS) google.auth.exceptions.DefaultCredentialsError: Your default credentials were not found. To set up Application Default Credentials, see https://cloud.google.com/docs/authentication/external/set-up-adc for more information.

""""""""" code """ from firebase_functions import https_fn, options import firebase_admin from firebase_admin import firestore app = firebase_admin.initialize_app() options.set_global_options(timeout_sec=1000)

db = firestore.client()

firebase function that write something to firestore database is written below

"""

[REQUIRED] Steps to reproduce

use above code in main.py inside functions folder and try to deploy functions you will get same error

[REQUIRED] Expected behavior

credential should be automatically added since i am logged into my account using firebase login and using correct Project ID. it did not ask for credential when i was tasing using firebase emulators:start --only functions and it was working perfectly.

[REQUIRED] Actual behavior

it's asking for credential

[aalej]

Hi @Daxitdon, thanks for filling this issue. I was able to replicate the behavior you mentioned. I tried to deploy the code snippet you provided and an error was raised. Let me notify our team about this issue so that we can provide more context about this and investigate this behavior.

[mikeknapp]

+1 I'm having the same issue on Windows.

I've set up GOOGLE_APPLICATION_CREDENTIALS, but still no luck. What's weird is that it was allowing me to deploy this morning without this issue.

Maybe related, maybe not, I think I was able to write to Firestore db from my local cloud function before I setup the credentials - at least, I'm fairly certain I hasn't set it up, unless something was set up automatically when I logged in Firebase via the browser auth workflow.

My Firestore rules look as follows:

rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;
    }
  }
}

[mikeknapp]

I've discovered if I move the db = firestore.client() into my cloud function, I'm able to deploy.

[Daxitdon]

I've discovered if I move the db = firestore.client() into my cloud function, I'm able to deploy.

Great find!. I guess we have to continue doing it until the issue is resolved.

[colerogers]

Hi folks, it looks like this issue is happening during our code discovery process. That process involves "running" your code and it looks like the creds aren't being passed to that process. For now, use the workaround above. I'm gonna move this issue over to the python sdk repo. thanks

[LogansUA]

Hey, I'm actually having the same issue during firebase deploy in GitHub actions. I'm using 2 different ways setting service account creds for the action:

1. Using google-github-actions/auth@v1, like this:

   - name: Authenticate to Google Cloud
   uses: google-github-actions/auth@v1
   with:
   credentials_json: '${{ secrets.SERVICE_ACCOUNT }}'

2. Using GOOGLE_APPLICATION_CREDENTIALS, like this:

   
   - name: Build Cloud Functions
   working-directory: functions
   env:
   SERVICE_ACCOUNT: ${{ secrets.SERVICE_ACCOUNT }}
   run: |
   echo $SERVICE_ACCOUNT >> ./config.json

• name: Deploy Cloud Functions working-directory: . env: GOOGLE_APPLICATION_CREDENTIALS: './functions/config.json' run: npx firebase-tools deploy --only functions --debug

  In both ways I'm getting the same error:

  File "/home/runner/work/family-finance/family-finance/functions/venv/lib/python3.11/site-packages/google/auth/_default.py", line 691, in default raise exceptions.DefaultCredentialsError(_CLOUD_SDK_MISSING_CREDENTIALS) google.auth.exceptions.DefaultCredentialsError: Your default credentials were not found. To set up Application Default Credentials, see https://cloud.google.com/docs/authentication/external/set-up-adc for more information.

127.0.0.1 - - [01/Oct/2023 20:34:52] "GET /__/functions.yaml HTTP/1.1" 500 -

[2023-10-01T20:34:52.253Z] Got response code 500; body <!doctype html>

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

127.0.0.1 - - [01/Oct/2023 20:34:52] "GET /__/quitquitquit HTTP/1.1" 200 - Terminated ``` The interesting thing is that the 1st approach works for functions written using Node.js, I have a different repo with proper deploy setup through GH actions, which I thought I would be able to reuse with Python 🤷 Before you ask, the `SERVICE_ACCOUNT` I'm using is properly generated in GCP Console with proper permissions. **(Updated)** Sorry, I just noticed that it's getting addressed in firebase/firebase-tools#6274, feel free to ignore the text above 🙂

[Cazforshort]

Can this be added to the docs as a warning so others don't spend a ton of time trying to figure out why its not working?