解決Firebase整合Next.js部屬(deploy)的permission問題

 

這是在轉移之前寫的next.js功能到其他firebase專案時發生的權限問題

摘要錯誤訊息如下:

i  functions: creating Node.js 18 (2nd Gen) function firebase-frameworks-***:ssr***(asia-east1)...

    Unable to retrieve the repository metadata for projects/***/locations/asia-east1/repositories/gcf-artifacts. Ensure that the Cloud Functions service account has 'artifactregistry.repositories.list' and 'artifactregistry.repositories.get' permissions. You can add the permissions by granting the role 'roles/artifactregistry.reader'.

    Functions deploy had errors with the following functions:

            firebase-frameworks-***:ssr***(asia-east1) 

該如何解決這個權限問題呢? 

1. 進入你的gcp console
2. 點上面選單切換到firebase專案名稱，或是你當初建立專案所選擇的gcp專案
3. 點擊左側選單進入iam列表
4. 找到firebase的service account(服務帳戶)，表格右側按編輯按鈕
   應該會是 PROJECT_ID@appspot.gserviceaccount.com，我是修改這個
5. 新增role(角色): "artifactregistry.reader" 給 firebase 的 service account
   gcp若顯示中文請見下圖新增 "Artifact Registry 讀取者" 角色 給 service account

參考:

• stackoverflow 如何知道firebase是用哪個service account
  https://stackoverflow.com/questions/56618350/which-service-account-is-used-when-running-firebase-cloud-functions
• GCP官方文件提到firebase所用的service account
  https://cloud.google.com/functions/docs/securing/function-identity