joehan
commented
1 year ago Hey @Illidanek, thanks for reporting this. I believe that this is not actually done by the extension itself, but rather by the firebase-tools CLI (specifically, this bit https://github.com/firebase/firebase-tools/blob/master/src/deploy/extensions/deploy.ts#L15) to check if billing is enabled before deploying. In my opinion, this is a reasonable and intended use of the Cloud Billing API, but we could change this check to be best effort.
It is recommended for projects to have the Billing API disabled if not needed, and in most cases there's no reason to turn it on.Could you share where you found this guidance? I wasn't aware of this, and would love to make the CLI behavior match best practice if this is the case.
google-oss-bot
[REQUIRED] Step 2: Describe your configuration
Any configuration
[REQUIRED] Step 3: Describe the problem
The firestore-bigquery-export extension uses various GCP tools, however it also requires the Cloud BIlling API to be enabled, even though it never uses it.
I understand that the extension needs billing to be enabled for it to work, but billing can be enabled without the Billing API being enabled. It is recommended for projects to have the Billing API disabled if not needed, and in most cases there's no reason to turn it on.
This causes a situation where a GCP Project needs to turn on an API that is never used by anyone - a security bad practice.
Steps to reproduce:
Install the extension via a GCP Project that has cloudbilling.googleapis.com turned off
Expected result
The extension is installed
Actual result
The firebase cli throws an error: