I have an Angular client that uploads files using Firebase Functions (configured as Express App). This all works fine.
I've now created a new 'prod' environment (new Firebase project) and setup the same as the 'dev' environment.
For some reason uploading files in this environment does not work, failing with the error
[email protected] does not have storage.objects.create access to the Google Cloud Storage object. Permission 'storage.objects.create' denied on resource (or it may not exist).
- The resource does exist
- the service account has required permissions (same as dev project)
- The permissions at the bucket level also appear to be the same
- The Firebase app is initialised with the Service Account
However, the upload does work if called from gcloud cli after logging in and calling:
gcloud config set account [email protected]
Why would it work from command line, but not when called from a Firebase function?
To reiterate, this does work in my 'dev' project, created last year, so I know the code is OK, the problem lies somewhere with permissions.
I've tried various Roles and removing all and adding back again.
Took a while to discover, but the issue was that Firebase was still being configured to use the dev storage account. So there was a mismatch between the (valid) PROD permissions (service key) and the invalid DEV storage bucket ID.