Hi,
I have a firebase project with firestore db and I'm trying to deploy a function.
I've used the cli to create the project. I've logged-in using my google account.
When running deploy, I always hit this error:
Could not build the function due to missing permissions. generic::permission_denied: Caller does not have required permission to use project <REDUCTED>. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=<REDUCTED> and then retry. Propagation of the new permission may take a few minutes.
Functions deploy had errors with the following functions:
api(us-central1)
i functions: cleaning up build files...
⚠ functions: Unhandled error cleaning up build images. This could result in a small monthly bill if not corrected. You can attempt to delete these images by redeploying or you can delete them manually at https://console.cloud.google.com/gcr/images/<REDUCTED>/us/gcf
Error: There was an error deploying functions
I went to IAM and made sure that my user has the "Service Usage Consumer" role, although it already had the "owner" role, so I'm not sure it's even needed.
Even after adding this role explicitly, the error persisted.
I've tried many things, including using gcloud cli instead of firebase.
I also tried using a service account and granting it all the needed roles.
To use a service account I've downloaded the service account json. I've logged out by running
firebase logout
firebase use --add
(and then selecting my project)
and then I'm deploying by running
export GOOGLE_APPLICATION_CREDENTIALS="./cred.json" && firebase deploy --only functions:api
The service account had a few other roles that were missing. When I added them it moved on to the new missing role, but eventually ended up with the same missing role "Service Usage Consume", which I've added, but keep getting the same issue.
While using the service account I also got an error that the billing API wasn't enabled on the project, so I've enabled it.
The list of roles that my personal user has:
Cloud Build Editor
Cloud Datastore Import Export Admin
Cloud Functions Admin
Cloud Run Admin
Cloud Run Source Developer
Firebase Admin
Owner
Service Account Token Creator
Service Account User
Service Usage Consumer
Storage Admin
The list of roles that my service account has:
Cloud Build Editor
Cloud Functions Admin
Cloud Functions Developer
Firebase Admin SDK Administrator Service Agent
Firebase Extensions Developer
Service Account User
Service Extensions Admin
Service Usage Consumer
Storage Admin
Below is the full log. Any help will be appreciated
% firebase deploy --only functions:api
=== Deploying to '<REDUCTED>'...
i deploying functions
✔ functions: Finished running predeploy script.
i functions: preparing codebase default for deployment
i functions: ensuring required API cloudfunctions.googleapis.com is enabled...
i functions: ensuring required API cloudbuild.googleapis.com is enabled...
i artifactregistry: ensuring required API artifactregistry.googleapis.com is enabled...
✔ functions: required API cloudbuild.googleapis.com is enabled
✔ functions: required API cloudfunctions.googleapis.com is enabled
✔ artifactregistry: required API artifactregistry.googleapis.com is enabled
i functions: Loading and analyzing source code for codebase default to determine what to deploy
Serving at port 8676
i extensions: ensuring required API firebaseextensions.googleapis.com is enabled...
✔ extensions: required API firebaseextensions.googleapis.com is enabled
i functions: preparing . directory for uploading...
i functions: packaged <REDUCTED> (43.15 KB) for uploading
i functions: ensuring required API run.googleapis.com is enabled...
i functions: ensuring required API eventarc.googleapis.com is enabled...
i functions: ensuring required API pubsub.googleapis.com is enabled...
i functions: ensuring required API storage.googleapis.com is enabled...
✔ functions: required API run.googleapis.com is enabled
✔ functions: required API storage.googleapis.com is enabled
✔ functions: required API eventarc.googleapis.com is enabled
✔ functions: required API pubsub.googleapis.com is enabled
i functions: generating the service identity for pubsub.googleapis.com...
i functions: generating the service identity for eventarc.googleapis.com...
✔ functions: . folder uploaded successfully
i functions: updating Node.js 20 (2nd Gen) function api(us-central1)...
Could not build the function due to missing permissions. generic::permission_denied: Caller does not have required permission to use project <REDUCTED>. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=<REDUCTED> and then retry. Propagation of the new permission may take a few minutes.
Functions deploy had errors with the following functions:
api(us-central1)
i functions: cleaning up build files...
⚠ functions: Unhandled error cleaning up build images. This could result in a small monthly bill if not corrected. You can attempt to delete these images by redeploying or you can delete them manually at https://console.cloud.google.com/gcr/images/<REDUCTED>/us/gcf
Error: There was an error deploying functions