1

I'm implementing some changes to an old somebody's project and I need to deploy a firebase function since its backend it's all on Firebase.

The thing is that I've got the Cloud Functions Admin role, but I'm still facing permissions issues. It looks like they've enabled the Firebase Extensions API so now it's asking me if i have "firebaseextensions.instances.list" permission (which i do not) when I'm trying to deploy new functions.

Is there something I'm doing that it is unnecesary? Or I just need to ask for more permissions? In that case, for which ones (just the strictly necesaries)?

[2025-02-13T00:41:06.406Z] >>> [apiv2][query] POST https://cloudresourcemanager.googleapis.com/v1/projects/xxx-123xxx-123:testIamPermissions [none]
[2025-02-13T00:41:06.406Z] >>> [apiv2][(partial)header] POST https://cloudresourcemanager.googleapis.com/v1/projects/xxx-123xxx-123:testIamPermissions x-goog-quota-user=projects/xxx-123xxx-123
[2025-02-13T00:41:06.407Z] >>> [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/xxx-123xxx-123:testIamPermissions {"permissions":["firebase.projects.get","firebaseextensions.instances.list"]}
[2025-02-13T00:41:07.222Z] <<< [apiv2][status] POST https://cloudresourcemanager.googleapis.com/v1/projects/xxx-123xxx-123:testIamPermissions 200
[2025-02-13T00:41:07.222Z] <<< [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/xxx-123xxx-123:testIamPermissions {"permissions":["firebase.projects.get"]}
[2025-02-13T00:41:07.223Z] [iam] error while checking permissions, command may fail: Authorization failed. This account is missing the following required permissions on project xxx-123xxx-123:

  firebaseextensions.instances.list
[2025-02-13T00:41:07.223Z] Checked if tokens are valid: true, expires at: 1739408440576
[2025-02-13T00:41:07.224Z] Checked if tokens are valid: true, expires at: 1739408440576
[2025-02-13T00:41:07.225Z] >>> [apiv2][query] GET https://firebaseextensions.googleapis.com/v1beta/projects/xxx-123xxx-123/instances pageSize=100&pageToken=
[2025-02-13T00:41:08.095Z] <<< [apiv2][status] GET https://firebaseextensions.googleapis.com/v1beta/projects/xxx-123xxx-123/instances 403
[2025-02-13T00:41:08.095Z] <<< [apiv2][body] GET https://firebaseextensions.googleapis.com/v1beta/projects/xxx-123xxx-123/instances {"error":{"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"}}

Error: Request to https://firebaseextensions.googleapis.com/v1beta/projects/xxx-123xxx-123/instances?pageSize=100&pageToken= had HTTP Error: 403, The caller does not have permission
[2025-02-13T00:41:08.189Z] Error Context: {
  "body": {
    "error": {
      "code": 403,
      "message": "The caller does not have permission",
      "status": "PERMISSION_DENIED"
    }
  },
  "response": {
    "statusCode": 403
  }
}`;
Improve this question
1

1 Answer 1

Reset to default
0

Or I just need to ask for more permissions?

Seems to me that minimally you should ask for the permissions that are listed in the error message. Either that, or choose to only deploy the things that you have permission to deploy. The Firebase CLI accepts a flag to deploy only certain products or certain functions that you are allowed to deploy. For example:

 firebase deploy --only functions

 firebase deploy --only functions:function1,function2

See the documentation for more details:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.