Authenticated Cloud Functions: Insufficient permission to access Firestore

0
votes

I am setting up authenticated Cloud Functions for a function-function call as per this doc. In my use case, the calling function is CF1 while the receiving function is CF2

I have set up and assign a service account ([email protected]) for CF1, and setup/assign the Cloud Functions Invoker role for CF2 to the said [email protected] service account. All is good, CF1 can call CF2 with no problem.

However in CF1, there are 2 workflows:

  1. Invoke CF2
  2. Read/Write to Firestore

After assigning the service account to CF1, CF1 lost permission to read/write Firestore (my firestore currently grants all read write access) and throws the 7 PERMISSION_DENIED: Missing or insufficient permissions. error.

Is there something I am missing?

1
node.jsgoogle-cloud-firestoregoogle-cloud-functions

1 Answers

0
votes

you probably just need to give service account #1 the correct role to access firestore [0]. i would check what roles are currently granted to the SA and see if it's missing what is required.

[0] https://cloud.google.com/firestore/docs/security/iam#roles