堆栈内存溢出
  简体   繁体   English

Firebase Admin Storage:调用者没有权限

[英]Firebase Admin Storage: The caller does not have permission

 原文  2021-09-22 17:20:06       javascript/ firebase/ google-cloud-storage

问题描述

I have a project that uses the default bucket on Firebase Admin.我有一个项目使用 Firebase Admin 上的默认存储桶。

I have the following line:我有以下行:

const [url] = await blob.getSignedUrl({ action: 'read', expires: Date.now() + 60 * 1000, contentType: mimetype })

When my HTTPS callable function is called, the line above throws the error bellow:当调用我的 HTTPS callable function 时,上面的行抛出以下错误:

Unhandled error Error: The caller does not have permission
    at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:129:23)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async Compute.requestAsync (/workspace/node_modules/google-auth-library/build/src/auth/oauth2client.js:368:18)
    at async GoogleAuth.signBlob (/workspace/node_modules/google-auth-library/build/src/auth/googleauth.js:655:21)
    at async sign (/workspace/node_modules/@google-cloud/storage/build/src/signer.js:97:35) {
  name: 'SigningError'
}

What I am doing wrong?我做错了什么?

1 个解决方案

解决方案1
 9 已采纳  2021-10-10 16:54:58

  • There is already an open GitHub issue on this.已经有一个开放的GitHub 问题 If this is exactly what you are looking for, you can go through the solution listed on GitHub issue which is:如果这正是您要查找的内容,您可以通过 GitHub 问题上列出的解决方案 go,即:

    Go to your project's Cloud Console > IAM & admin > IAM , Find the App Engine default service account and add the Service Account Token Creator role to that member. Go 到您项目的Cloud Console > IAM & admin > IAM ,找到App Engine default service account并将Service Account Token Creator角色添加到该成员。 This will allow your app to create signed public URLs to the images.这将允许您的应用程序创建图像的签名公共 URL。

  • If it did not work for you, try updating IAM roles.如果它对您不起作用,请尝试更新 IAM 角色。 From the firebaseSA.json file look if the associated email has these roles:从 firebaseSA.json 文件中查看关联的 email 是否具有以下角色:

     Firebase Admin SDK Administrator,Service Agent, Service Account Token Creator,Pub/Sub Publisher, Storage Admin

  • If still it didn't work for you, try running your application with another Service account that has all possible Cloud Storage permissions, does it work?如果它仍然不适合您,请尝试使用另一个具有所有可能的云存储权限的服务帐户运行您的应用程序,它是否有效? If yes, it would mean that your current Service requires additional permissions to execute the function. You can check what permissions to give in the Cloud Storage IAM Roles如果是,则意味着您当前的服务需要额外的权限才能执行 function。您可以在Cloud Storage IAM Roles中查看要授予的权限

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 403 调用者没有 Firebase 管理 API addFirebase 的权限 - 403 The caller does not have permission for Firebase Management API addFirebase Firebase 初始化函数返回 403 调用者没有权限 - Firebase init functions returns 403 caller does not have permission Firebase 存储:用户无权访问 - Firebase Storage: User does not have permission to access Firebase function 尝试写入 firebase 存储“Firebase 存储:用户无权访问”时出错 - Firebase function getting error when trying to write to firebase storage "Firebase Storage: User does not have permission to access" Firebase 存储异常:用户无权访问此 object - Firebase Storage Exception: User does not have permission to access this object 来电者没有 DOCUMENT AI 的权限 - Caller does not have permission for DOCUMENT AI Bitrise Firebase 应用程序分发错误:上传版本失败。 HTTP 错误:403,调用者没有权限 - Bitrise Firebase App Distribution Error: failed to upload release. HTTP Error: 403, The caller does not have permission 调用者没有权限。 行动 API - The caller does not have permission. Actions API GCP 403 调用方没有 create_transfer_config 的权限 - GCP 403 The caller does not have permission for create_transfer_config BigQuery - 计划查询错误“PermissionDenied: 403 The caller does not have permission” - BigQuery - Scheduled Query Error "PermissionDenied: 403 The caller does not have permission"
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM