Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Permission denied error to reconfigure/uninstall the extension

See original GitHub issue

[READ] Step 1: Are you in the right place?

Yes, I tried raising this issue firebase support and got redirected to me github issue after making necessary checks from their end.

[REQUIRED] Step 2: Describe your configuration

  • Extension name: firebase/firestore-send-email
  • Extension version: 0.1.6-rc.1 / 0.1.12
  • Configuration values (redact info where appropriate): image

[REQUIRED] Step 3: Describe the problem

Steps to reproduce:

What happened? How can we make the problem occur? We tried updating the configuration and the update started throwing error. So we tried uninstalling the extension it didn’t work. So we tried installing new version of the extension, neither did it work. Now the extension is completely not working.

Today i managed to update the extension to latest version 0.1.12 Getting the following error while trying to reconfigure: ; RESOURCE_ERROR at /deployments/firebase-ext-firestore-send-email-6ns1/resources/mods-api-enable-iam: {"ResourceType":"deploymentmanager.v2.virtual.enableService","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"message":"Permission denied to enable service [iam.googleapis.com]\nHelp Token: <token>","status":"PERMISSION_DENIED","details":[{"@type":"type.googleapis.com/google.rpc.PreconditionFailure","violations":[{"type":"googleapis.com","subject":"110002"}]},{"@type":"type.googleapis.com/google.rpc.ErrorInfo","reason":"AUTH_PERMISSION_DENIED","domain":"serviceusage.googleapis.com"}],"statusMessage":"Forbidden","requestPath":"https://serviceusage.googleapis.com/v1/projects/prot-4dc6e/services/iam.googleapis.com:enable","httpMethod":"POST"}}; RESOURCE_ERROR at /deployments/firebase-ext-firestore-send-email-6ns1/resources/mods-api-enable-cloudfunctions: {"ResourceType":"deploymentmanager.v2.virtual.enableService","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"message":"Permission denied to enable service [cloudfunctions.googleapis.com]\nHelp Token: <token>","status":"PERMISSION_DENIED","details":[{"@type":"type.googleapis.com/google.rpc.PreconditionFailure","violations":[{"type":"googleapis.com","subject":"110002"}]},{"@type":"type.googleapis.com/google.rpc.ErrorInfo","reason":"AUTH_PERMISSION_DENIED","domain":"serviceusage.googleapis.com"}],"statusMessage":"Forbidden","requestPath":"https://serviceusage.googleapis.com/v1/projects/prot-4dc6e/services/cloudfunctions.googleapis.com:enable","httpMethod":"POST"}}; RESOURCE_ERROR at /deployments/firebase-ext-firestore-send-email-6ns1/resources/mods-api-enable-cloudbuild: {"ResourceType":"deploymentmanager.v2.virtual.enableService","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"message":"Permission denied to enable service [cloudbuild.googleapis.com]\nHelp Token: <token>","status":"PERMISSION_DENIED","details":[{"@type":"type.googleapis.com/google.rpc.PreconditionFailure","violations":[{"type":"googleapis.com","subject":"110002"}]},{"@type":"type.googleapis.com/google.rpc.ErrorInfo","reason":"AUTH_PERMISSION_DENIED","domain":"serviceusage.googleapis.com"}],"statusMessage":"Forbidden","requestPath":"https://serviceusage.googleapis.com/v1/projects/prot-4dc6e/services/cloudbuild.googleapis.com:enable","httpMethod":"POST"}}; RESOURCE_ERROR at /deployments/firebase-ext-firestore-send-email-6ns1/resources/mods-api-enable-firebase: {"ResourceType":"deploymentmanager.v2.virtual.enableService","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"message":"Permission denied to enable service [firebase.googleapis.com]\nHelp Token: <token>","status":"PERMISSION_DENIED","details":[{"@type":"type.googleapis.com/google.rpc.PreconditionFailure","violations":[{"type":"googleapis.com","subject":"110002"}]},{"@type":"type.googleapis.com/google.rpc.ErrorInfo","reason":"AUTH_PERMISSION_DENIED","domain":"serviceusage.googleapis.com"}],"statusMessage":"Forbidden","requestPath":"https://serviceusage.googleapis.com/v1/projects/prot-4dc6e/services/firebase.googleapis.com:enable","httpMethod":"POST"}}

Uninstallation error from the other version(0.1.6-rc.1): ; RESOURCE_ERROR at /deployments/firebase-ext-firestore-send-email/resources/processQueue: {"ResourceType":"gcp-types/cloudfunctions-v1:projects.locations.functions","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"message":"Permission 'cloudfunctions.functions.get' denied on resource 'projects/prot-4dc6e/locations/europe-west1/functions/ext-firestore-send-email-processQueue' (or resource may not exist).","status":"PERMISSION_DENIED","statusMessage":"Forbidden","requestPath":"https://cloudfunctions.googleapis.com/v1/projects/prot-4dc6e/locations/europe-west1/functions/ext-firestore-send-email-processQueue","httpMethod":"GET"}} The cloud function ext-firestore-send-email-processQueue already got deleted. I think this could be one reason for un-installation failure.

The extension service account has the following permission in IAM

  1. Cloud Datastore User
  2. Cloud Run Service Agent

I even tried adding Cloud Function Admin permission, but still didn’t work.

Tried both both firebase console as well as cli, getting the same error.

Expected result

Possible to reconfigure/uninstall the extension.

Actual result
  1. Unable to reconfigure the extension.
  2. Unable to uninstall the extension.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:17 (6 by maintainers)

github_iconTop GitHub Comments

2reactions
rbedemanncommented, Mar 15, 2022

In my case the cloud service account had not enough permissions anymore. Seems like they got somehow lost on the way…

Double check that your Google Cloud API Service Agent (<project-id>@cloudservices.gserviceaccount.com) has all required roles. By default it should have “Editor” (roles/editor)

1reaction
Jethro87commented, Jun 13, 2022

@rbedemann Thanks so much, your comment here solved the issue for me.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Visual Studio Code - access denied to unins000.exe
The workaround solution is to add the user to have Full Control on the %LOCALAPPDATA%\Programs\Microsoft VS Code folder. The following ...
Read more >
Visual Studio Installer Error: Access denied
I attempted to install the latest version of Visual Studio Community with the current version using the Visual Studio Installer but resulted in...
Read more >
Unable to remove Wordpress instance via Applications
Symptoms Unable to remove Wordpress instances via Domains > example.com ... DEBUG [extension/wp-toolkit] pm_Exception: Permission denied
Read more >
Fix “Access Denied, You Don't Have Permission To Access on ...
These easy-to-follow solutions will help you fix the "Access denied, you don't have permission to access on this server” error in Windows 10....
Read more >
Permission denied when installing real estate extension
Please set permissions with the command scripts provided in the manual and try to install the extension again. If you will get some...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

firestore-bigquery-export: Include path parameters as columns directly

Next page

[firestore-bigquery-export] Resources exceeded during query execution error