search

firebase / firebase-tools

The Firebase Command Line Tools
MIT License
4.01k stars 930 forks source link

Support binary-authorization org constraints when deploying functions #7723

Open alexcibotari opened 1 week ago

alexcibotari commented 1 week ago

[REQUIRED] Environment info

firebase-tools: 13.19.0

Platform: ANY

[REQUIRED] Test case

Deploy new firebase function in a project with binary-authorization enabled

[REQUIRED] Steps to reproduce

Deploy new firebase function in a project with binary-authorization enabled

[REQUIRED] Expected behavior

the function to be deployed

[REQUIRED] Actual behavior

Step #3 - "firebase-deploy": ⚠  functions: HTTP Error: 400, Could not create Cloud Run service user-list. Constraint constraints/run.allowedBinaryAuthorizationPolicies violated for attempting CreateService with annotation "run.googleapis.com/binary-authorization" set to null. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information.
Step #3 - "firebase-deploy": ⚠  functions:  failed to create function projects/--/locations/europe-west6/functions/user-list
Step #3 - "firebase-deploy": Failed to create function projects/--/locations/europe-west6/functions/user-list
Step #3 - "firebase-deploy": ⚠  functions: HTTP Error: 400, Could not create Cloud Run service user-delete. Constraint constraints/run.allowedBinaryAuthorizationPolicies violated for attempting CreateService with annotation "run.googleapis.com/binary-authorization" set to null. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information.
Step #3 - "firebase-deploy": ⚠  functions:  failed to create function projects/--/locations/europe-west6/functions/user-delete
Step #3 - "firebase-deploy": Failed to create function projects/--/locations/europe-west6/functions/user-delete
Step #3 - "firebase-deploy": ⚠  functions: HTTP Error: 400, Could not create Cloud Run service user-update. Constraint constraints/run.allowedBinaryAuthorizationPolicies violated for attempting CreateService with annotation "run.googleapis.com/binary-authorization" set to null. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information.
Step #3 - "firebase-deploy": ⚠  functions:  failed to create function projects/--/locations/europe-west6/functions/user-update
Step #3 - "firebase-deploy": Failed to create function projects/--/locations/europe-west6/functions/user-update
joehan commented 1 week ago

Hey @alexcibotari - this looks like the binaryAuthorization org constraint is working as intended, and Cloud Functions for Firebase doesn't yet work with that constraint. For now, you'll need to disable that constraint to deploy functions

@colerogers Could you take a look at this constraint and see if it makes sense for us to handle?