Login/Register
google function: accessing firestore database of another project
Asked Answered
javascriptgoogle-cloud-firestoregoogle-cloud-functionsfirebase-admin
M

2

10

I would like a Google Cloud project A (project-a-id) to access the firestore data of another Google Cloud project B (project-b-id). For the same I added project A default service account viz. [email protected] in the IAM of project B and set the role to Cloud Filestore Editor.

In the cloud function of project A, I am trying to access both project A's (its own) firestore as well as project B's firestore but it keeps showing project A default database for both Apps. The code is:

var primaryAppConfig = {
  databaseURL: 'https://project-a-id.firebaseio.com'
};
var primaryApp = admin.initializeApp(primaryAppConfig, 'primary');
var primarydb = admin.firestore(primaryApp);

var secondaryAppConfig = {
  databaseURL: 'https://project-b-id.firebaseio.com'
};
var secondaryApp = admin.initializeApp(secondaryAppConfig, 'secondary');
var secondarydb = admin.firestore(secondaryApp);

I was under the impression if the default service account of project-a is given rights in project-b it should automatically get rights. At least I found it applicable when I am accessing google cloud storage buckets in this manner.

Is something else to be done? Thanks

Mantooth answered 9/3, 2019 at 13:5 Comment(8)
"but it keeps showing project A default database for both Apps". I don't know what this means. What specifically are you observing here? Do you have code that reproduces the behavior you don't understand?Puri
Try setting the projectId option in the app options (especially in the secondaryAppConfig).Tamqrah
@DougStevenson: what I meant by showing same database is: that if I console log the primarydb and secondarydb, the resulting object shows project-id as the same viz. project-a-idMantooth
Thanks @HiranyaJayathilaka: when I add projectId:project-b-id in secondaryAppConfig I get a permission error. I must mention that if I download the private key of the default service account from the project-b settings from firebase console it works by passing it as credentials in secondaryAppConfig. But fail to understand why when I set the project-a default service account in IAM of project-b it does not work.Mantooth
This is the error: Error: 7 PERMISSION_DENIED: Missing or insufficient permissions.Mantooth
Sounds like Cloud Firestore Editor role is insufficient to access the required endpoints. Try giving is a broader set of privileges (I understand it's not a best practice, but at least it will help us understand the problem a little better). I'd say start with the Editor role on the project.Tamqrah
Cloud Filestore Editor is different from Cloud Firestore Editor. In fact, there is no Cloud Firestore Editor as of now... which makes me wonder if Firestore isn't included in all this. FYI I also tried Firebase Admin and Firebase Rules Viewer to no avail.Bridlewise
Firestore permissions are listed under the namespace Cloud Datastore rather than Cloud Firestore. The permission that was required here is Cloud Datastore User.Murphree
M
2

I have a cloud-native firestore as opposed to a real-time database in project-a. However, was facing the same issue when I tried to access it from project-b.
Was able to solve it by generating a service account with access to project-a firestore, downloading the credentials and accessing the same from project-b with the following:

credential_path = "pathTo/xxxxx.json"
db = firestore.Client.from_service_account_json(credential_path)
Martinmas answered 15/10, 2019 at 13:14 Comment(0)
H
0

You need to create apps within current firebase project.

Firebase Console -> Project Setting -> General -> Add App

These apps will have access to same firestore but will be deployed seperately under different subdomains(under firebaseapp.com).

Helsie answered 18/2, 2020 at 18:24 Comment(1)
OP question is about another project not application so it won't help as much.Delighted

© 2022 - 2024 — McMap. All rights reserved.