Deploy extensions with multiple projects
140 views
Skip to first unread message
Isaac Kriegman
Nov 13, 2022, 12:08:10 PM11/13/22
to Firebase Google Group
I'm trying to setup the Firebase CLI to work with multiple projects: "development" and "production".
In my "development" project, I have setup the Typesense Firebase extension to sync a Firestore collection to a Typesense instance. I would like my "production" project to have the same Firebase extension setup to sync with the same Typesense instance (but with a different collection on that instance).
I can deploy to my Firebase "development" project fine.
However, when I execute "firebase deploy -P production", I get:
Extensions deploy had errors:
- configure firestore-typesense-search
error while granting access secret role to service account "xxxxxxxx" and secret "projects/yyyyyyyyyyyyy/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063/versions/1": [secretmanager] GrantServiceAccountAccessSecretPermission: GetIamPolicy for Service Account ext-firestore-t...@xxxxxxx.iam.gserviceaccount.com and secret projects/yyyyyyyyyyyyy/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063 failed: Permission 'secretmanager.secrets.getIamPolicy' denied for resource 'projects/yyyyyyyyyyyyy/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063' (or it may not exist).
Error: Extensions deployment failed.
- configure firestore-typesense-search
error while granting access secret role to service account "xxxxxxxx" and secret "projects/yyyyyyyyyyyyy/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063/versions/1": [secretmanager] GrantServiceAccountAccessSecretPermission: GetIamPolicy for Service Account ext-firestore-t...@xxxxxxx.iam.gserviceaccount.com and secret projects/yyyyyyyyyyyyy/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063 failed: Permission 'secretmanager.secrets.getIamPolicy' denied for resource 'projects/yyyyyyyyyyyyy/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063' (or it may not exist).
Error: Extensions deployment failed.
I'm guessing that the secret that I setup for the extension in my original "development" project is not accessible in the "production" project.
How do I fix this, so I can just run "firebase deploy -P production" or "firebase deploy -P development" and have it work?
Thanks in advance for your advice.
Joe Hanley
Mar 1, 2023, 6:36:37 PM3/1/23
to Firebase Google Group
Hey Isaac,
I suspect that you just need to parameterize the secret name to fix this issue.
- In your Firebase project directory, there should be a file named something like extensions/firestore-typesense-search.env
- In this file, there is likely a line right now that reads: TYPESENSE_API_KEY=projects/YYYYYYY/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063/versions/1
- In this file, there is likely a line right now that reads: TYPESENSE_API_KEY=projects/YYYYYYY/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063/versions/1
- Change that line to be: TYPESENSE_API_KEY=projects/${PROJECT_NUMBER}/secrets/ext-firestore-typesense-search-TYPESENSE_API_KEY-063/versions/1
Hopefully this solves your use case - happy to help if you run into any other issues!
Hopefully this solves your use case - happy to help if you run into any other issues!
-Joe
Reply all
Reply to author
Forward
0 new messages