1

Now this is a bit bizarre. But I am getting a permissions error for running an update query to my Firestore database. I have set up a service account (with owner permissions) and it won't allow me to access my own database. I do have the credentials working for other services (speech-to-text), however I am getting problem writing (and reading) to the DB.

In addition to having the role as owner, I also gave it 'Firebase Rule System' access. The roles are: Firebase Rules System, Owner.

Any tips would be appreciated. 

Traceback (most recent call last):
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/grpc_helpers.py", line 57, in error_remapped_callable
    return callable_(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/grpc/_channel.py", line 565, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "/home/vagrant/.local/lib/python3.6/site-packages/grpc/_channel.py", line 467, in _end_unary_response_blocking
    raise _Rendezvous(state, None, None, deadline)
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
    status = StatusCode.PERMISSION_DENIED
    details = "Missing or insufficient permissions."
    debug_error_string = "{"created":"***","description":"Error received from peer ipv4:****","file":"src/core/lib/surface/call.cc","file_line":1052,"grpc_message":"Missing or insufficient permissions.","grpc_status":7}"
>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "sendToDB.py", line 23, in <module>
    update_create_if_missing(args.uid, args.words)
  File "sendToDB.py", line 11, in update_create_if_missing
    item.update({'text': firestore.ArrayUnion([words])})
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/document.py", line 382, in update
    write_results = batch.commit()
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/batch.py", line 147, in commit
    metadata=self._client._rpc_metadata,
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/gapic/firestore_client.py", line 1042, in commit
    request, retry=retry, timeout=timeout, metadata=metadata
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/gapic_v1/method.py", line 143, in __call__
    return wrapped_func(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/retry.py", line 273, in retry_wrapped_func
    on_error=on_error,
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/retry.py", line 182, in retry_target
    return target()
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/timeout.py", line 214, in func_with_timeout
    return func(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/grpc_helpers.py", line 59, in error_remapped_callable
    six.raise_from(exceptions.from_grpc_error(exc), exc)
  File "<string>", line 3, in raise_from
google.api_core.exceptions.PermissionDenied: 403 Missing or insufficient permissions.
Matt Bart
  • 809
  • 1
  • 7
  • 26
  • Can you share the rules you have set up in firebase? In the console, within your project for Firestore click Usage. – Thingamajig Sep 20 '19 at 02:26
  • `Missing or insufficient permissions` could be due to the security rules as the user above suggested. Please check out [Security Rules for Firestore](https://firebase.google.com/docs/firestore/security/rules-conditions) for more information about how to add permissions to update your Firestore DB. – sllopis Sep 20 '19 at 14:34
  • I have set up a Firestore before from the Firebase console with no problems. However I am not in a new project and we are doing it fro the GCP console. I don't see any options about security rules or permissions like I've seen on the Firebase console. I feel a bit lost right now. – Matt Bart Sep 20 '19 at 15:55
  • I just tried to access the database from Firebase console instead, but it doesn't seem to be there (makes sense, I would assume they are different). Where is the security rules for Firestore if hosted on GCP (rather than Firebase)? – Matt Bart Sep 20 '19 at 15:57
  • 1
    Requests from the the Python client library for Cloud Firestore do not go through the security rules: https://cloud.google.com/firestore/docs/reference/libraries#server_client_libraries – Juan Lara Sep 21 '19 at 01:15
  • How are you providing the client library the service account credentials? Double check that your code is using the correct service account key: https://cloud.google.com/firestore/docs/quickstart-servers#set_up_authentication – Juan Lara Sep 21 '19 at 01:17
  • I placed all my new information in a new question here, as the question has slightly changed. https://stackoverflow.com/questions/58068277/gcp-firestore-python-credentials – Matt Bart Sep 23 '19 at 18:35
  • Answered this question here, https://stackoverflow.com/questions/58068277/gcp-firestore-python-credentials – Kunal Deo Sep 24 '19 at 08:24
  • Does this answer your question? [GCP Firestore Python Credentials](https://stackoverflow.com/questions/58068277/gcp-firestore-python-credentials) – Nick Reed Nov 01 '19 at 15:39

0 Answers0