Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Constraint constraints/cloudfunctions.allowedIngressSettings violated for projects/project_id attempting CreateFunctionActionV1 with ingress_settings set to INGRESS_SETTINGS_UNSPECIFIED
See original GitHub issue[READ] Step 1: Are you in the right place?
Issues filed here should be about bugs for a specific extension in this repository. If you have a general question, need help debugging, or fall into some other category use one of these other channels:
- For general technical questions, post a question on StackOverflow with the firebase tag.
- For general Firebase discussion, use the firebase-talk google group.
- To file a bug against the Firebase Extensions platform, or for an issue affecting multiple extensions, please reach out to Firebase support directly.
[REQUIRED] Step 2: Describe your configuration
- Extension name: firestore-bigquery-export
- Extension version: 1.22 (latest)
- Configuration values (redact info where appropriate):
- _
- _
[REQUIRED] Step 3: Describe the problem
The default setting for “Ingress setting” in the extension seems to be not set. So, if an organization is restricting “Ingress settings = Allow all traffic”, then the installation fails. I am not sure what are the actual requirements for this extension are i.e. does it really need “Ingress settings = Allow all traffic”.
Steps to reproduce:
If your organization policy applies constraints/cloudfunctions.allowedIngressSettings and doesn’t allow “Ingress settings = Allow all traffic” for CloudFunctions, then the installation of this extension fails with the below error.
RESOURCE_ERROR at /deployments/firebase-ext-firestore-bigquery-export/resources/fsexportbigquery: {"ResourceType":"gcp-types/cloudfunctions-v1:projects.locations.functions","ResourceErrorCode":"400","ResourceErrorMessage":{"code":400,"message":"The request has violated one or more Org Policies. Please refer to the respective violations for more information.","status":"FAILED_PRECONDITION","details":[{"@type":"type.googleapis.com/google.rpc.PreconditionFailure","violations":[{"type":"constraints/cloudfunctions.allowedIngressSettings","subject":"orgpolicy:projects/project_id","description":"**Constraint constraints/cloudfunctions.allowedIngressSettings violated for projects/project_id attempting CreateFunctionActionV1 with ingress_settings set to INGRESS_SETTINGS_UNSPECIFIED**. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information."}]}],"statusMessage":"Bad Request","requestPath":"https://cloudfunctions.googleapis.com/v1/projects/project_id/locations/northamerica-northeast1/functions","httpMethod":"POST"}}
Expected result
Installation should work successfully.
Actual result
But it fails.
Recommendation: If the extension doesn’t need “Ingress settings = Allow all traffic”, then I think it would be good to set the default to “Allow internal traffic only”.
Issue Analytics
- State:
- Created a year ago
- Comments:25 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hmm… for some reason I wrongly assumed that for
ingressSettings: 'ALLOW_INTERNAL_ONLY'it required a VPC connector. This may be a much simpler fix than I expected. Let me investigate whether it’s safe to just always set it toALLOW_INTERNAL_ONLYfor functions used for event triggers. Obviously we will still need to setALLOW_ALLfor http endpoints and you won’t be able to install those extensions (bigquery export is not one of them), and that is exactly what we want.@eslamkarim, the fix is fully rolled out now.