I'm trying to access firestore from ruby. Everything's setup and working, except if I enforce read/write rules on documents. Permission denied.
Using the ruby firestore gem
Authenticated the client:
creds = Rails.application.credentials.firestore
Google::Cloud::Firestore.configure do |config|
config.project_id = creds[:config][:projectId]
config.credentials = creds[:service_account].to_h
config.emulator_host = "localhost:8888" if Rails.env.development?
end
```rb
@client = Google::Cloud::Firestore.new
@client.col(collection_name).get
This will return permission denied. If I allow read/write on all documents, firestore returns the documents fine... so it's a firestore rules issue.
So, how do I authenticate a user using firestore ruby? I can do token creation in ruby firestore admin... but there's no api in firestore ruby to log them in (right?).
Can firestore ruby authenticate a user? If so how?
Any help appreciated.
Update:
The error is:
GRPC::PermissionDenied: 7:
false for 'list' @ L83. debug_error_string:{UNKNOWN:Error received from peer ipv4:127.0.0.1:8888 {created_time:"2022-11-18T17:44:53.265761-08:00", grpc_status:7, grpc_message:"\nfalse for \'list\' @ L83"}}
As @orangesoda previously posted in the comments, there's an emulator issue based on this Github link . When deployed in production, everything is working as intended.
Additionally, authentication for server libraries is managed through IAM. When using a service account, the service account must have the appropriate permissions/roles to access the Firestore database (and "bypass" the security rules).
This is only detailed in (what I think is the older) documentation.
Here is the list of permission/roles and their matching Firestore operations. This is also where most of the Ruby documentation is.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.