Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
ApiError: Forbidden
See original GitHub issueI want to use cloud functions for various image operations (metadata, thumbnails, watermarking). Unfortunately, in all image-related samples I encounter error:
ApiError: Forbidden
at new util.ApiError (/user_code/node_modules/@google-cloud/storage/node_modules/@google-cloud/common/src/util.js:107:10)
at Object.parseHttpRespMessage (/user_code/node_modules/@google-cloud/storage/node_modules/@google-cloud/common/src/util.js:149:33)
at Object.handleResp (/user_code/node_modules/@google-cloud/storage/node_modules/@google-cloud/common/src/util.js:124:18)
at Duplexify.<anonymous> (/user_code/node_modules/@google-cloud/storage/src/file.js:711:21)
at emitOne (events.js:96:13)
at Duplexify.emit (events.js:188:7)
at emitOne (events.js:96:13)
at DestroyableTransform.emit (events.js:188:7)
at emitOne (events.js:96:13)
at Request.emit (events.js:188:7)
Storage rules
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
allow write: if request.auth != null;
}
}
}
I tried samples:
- exif-images
- convert-images
- generate-thumbnail
I’m copy pasting index.js and package.json content without changes.
Storage triggers are working, there is no error if image operations will not be executed ( in case of deletion event, or if image is already jpg in convert-images sample), but it will crash when line
return bucket.file(filePath).download({destination: tempLocalFile}).then(() => {
is reached.
Thanks in Advance.
Issue Analytics
- State:
- Created 6 years ago
- Comments:8 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hello, I’m going to describe in detail the problems you face so that you and other people do not go through it and the firebase team can fix the bugs.
I used “Image resizing using Node.js Stream and Sharp - Cloud Storage trigger” - link here.
It worked fine in the standard bucket. But when… I created a non-default Storage bucket (multiple storage buckets), in which the firebase functions did not work.
You have the following message: Code:
ApiError: uplak-dev-a8ddc@appspot.gserviceaccount.com does not have storage.objects.get access to uplak-dev-photoup/profile/aEeQlUlW7adhDapiiUcFqXuncss1/photo.jpg. at Object.parseHttpRespMessage (/user_code/node_modules/@google-cloud/storage/node_modules/@google-cloud/common/src/util.js:161:33) at Object.handleResp (/user_code/node_modules/@google-cloud/storage/node_modules/@google-cloud/common/src/util.js:136:18) at Duplexify.self.requestStream.on.on.res (/user_code/node_modules/@google-cloud/storage/src/file.js:542:21) at emitOne (events.js:96:13) at Duplexify.emit (events.js:188:7) at emitOne (events.js:96:13) at DestroyableTransform.emit (events.js:188:7) at onResponse (/user_code/node_modules/@google-cloud/storage/node_modules/retry-request/index.js:189:19) at Request.<anonymous> (/user_code/node_modules/@google-cloud/storage/node_modules/retry-request/index.js:144:11) at emitOne (events.js:96:13)Image:
I’ve accessed google cloud storage to check the default and non-default bucke pemissions. Image of the default bucket permissions:
Image of non-default bucket permissions:
I added the “firebase-storage@system.gserviceaccount.com” permission to the “Storage Legacy Bucket Owner” but the problem continued.
I added “rebase-adminsdk-cbdca @ <Project-ID> .iam.gserviceaccount.com” to the “Storage Legacy Bucket Owner” but the problem continued.
I added “<Project-ID> @ appspot.gserviceaccount.com” to the “Storage Legacy Bucket Owner” but the problem continued.
The problem was solved when I added “<Project-ID> @ appspot.gserviceaccount.com” to the “Storage Admin”.
With this action happened another problem: The thumbnail created with firebase functions is not accessible in the firebase storage console.
When trying to see the thumbnail I see the following error in the browser console: Image:
When trying to see the thumbnail when trying to download another error: Image:
I solved the problem by adding “Owners of project: <Project-ID>” to “Storage Admin”.
I believe that when I used the “Storage Admin” permission for the firebase functions to execute, the function created a file with access allowed only for users with “Storage Admin” permission, and after I added “Storage Admin” permissions to <Project -ID> he got that access.
I believe it should work as follows: When user add a non-default bucket (multiple storage), it should receive the same permissions as the default bucket.
Sorry if I was not clear or I put a lot of information, but I’m just trying to help.
To edit the storage permissions you go to: https://cloud.google.com/storage/?hl=en or https://console.cloud.google.com/storage/browser?hl=en&project=*ProjectID*
