这是indexloc提供的服务,不要输入任何密码
Skip to content

Firebase apphosting deployment is looking for none existing service account instead of using provided one #8840

New issue
New issue
Open
Open
Firebase apphosting deployment is looking for none existing service account instead of using provided one#8840
Assignees
bkendall
Labels
api: apphostingIssues related to App Hostingtype: bug
@abdushkur

Description

@abdushkur
abdushkur
opened on Jul 12, 2025

[REQUIRED] Environment info

firebase-tools:
14.10.1

Platform:
maxOS

[REQUIRED] Test case

just need to provide service account as GOOGLE_APPLICATION_CREDENTIALS, then deploy apphosting using firebase tools cli.

[REQUIRED] Steps to reproduce

export GOOGLE_APPLICATION_CREDENTIALS=serviceAccountKey.json && firebase deploy --only apphosting --debug

[REQUIRED] Expected behavior

it should use provided service account.

[REQUIRED] Actual behavior

it is trying to use service account key with name: firebase-app-hosting-compute@[project_id].iam.gserviceaccount.com

➜ liver_client2 git:(master) ✗ export GOOGLE_APPLICATION_CREDENTIALS=serviceAccountKey.json && firebase deploy --only apphosting --debug
[2025-07-12T04:33:30.995Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2025-07-12T04:33:31.251Z] Running auto auth
[2025-07-12T04:33:31.252Z] [iam] checking project liver-2024 for permissions ["firebase.projects.get",null]
[2025-07-12T04:33:31.253Z] No OAuth tokens found
[2025-07-12T04:33:31.255Z] >>> [apiv2][query] POST https://cloudresourcemanager.googleapis.com/v1/projects/liver-2024:testIamPermissions [none]
[2025-07-12T04:33:31.255Z] >>> [apiv2][(partial)header] POST https://cloudresourcemanager.googleapis.com/v1/projects/liver-2024:testIamPermissions x-goog-quota-user=projects/liver-2024
[2025-07-12T04:33:31.255Z] >>> [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/liver-2024:testIamPermissions {"permissions":["firebase.projects.get",null]}
[2025-07-12T04:33:31.534Z] <<< [apiv2][status] POST https://cloudresourcemanager.googleapis.com/v1/projects/liver-2024:testIamPermissions 200
[2025-07-12T04:33:31.534Z] <<< [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/liver-2024:testIamPermissions {"permissions":["firebase.projects.get"]}
[2025-07-12T04:33:31.535Z] [iam] error while checking permissions, command may fail: Authorization failed. This account is missing the following required permissions on project liver-2024:

=== Deploying to 'liver-2024'...

i deploying apphosting
[2025-07-12T04:33:31.538Z] No OAuth tokens found
[2025-07-12T04:33:31.538Z] >>> [apiv2][query] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts/firebase-app-hosting-compute@liver-2024.iam.gserviceaccount.com:testIamPermissions [none]
[2025-07-12T04:33:31.538Z] >>> [apiv2][(partial)header] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts/firebase-app-hosting-compute@liver-2024.iam.gserviceaccount.com:testIamPermissions x-goog-quota-user=projects/liver-2024
[2025-07-12T04:33:31.538Z] >>> [apiv2][body] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts/firebase-app-hosting-compute@liver-2024.iam.gserviceaccount.com:testIamPermissions {"permissions":["iam.serviceAccounts.actAs"]}
[2025-07-12T04:33:31.892Z] <<< [apiv2][status] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts/firebase-app-hosting-compute@liver-2024.iam.gserviceaccount.com:testIamPermissions 200
[2025-07-12T04:33:31.893Z] <<< [apiv2][body] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts/firebase-app-hosting-compute@liver-2024.iam.gserviceaccount.com:testIamPermissions {"permissions":["iam.serviceAccounts.actAs"]}
[2025-07-12T04:33:31.894Z] No OAuth tokens found
[2025-07-12T04:33:31.894Z] >>> [apiv2][query] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts [none]
[2025-07-12T04:33:31.894Z] >>> [apiv2][body] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts {"accountId":"firebase-app-hosting-compute","serviceAccount":{"displayName":"Firebase App Hosting compute service account","description":"Default service account used to run builds and deploys for Firebase App Hosting"}}
[2025-07-12T04:33:32.077Z] <<< [apiv2][status] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts 403
[2025-07-12T04:33:32.077Z] <<< [apiv2][body] POST https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts [omitted]

Error: Request to https://iam.googleapis.com/v1/projects/liver-2024/serviceAccounts had HTTP Error: 403, Permission 'iam.serviceAccounts.create' denied on resource (or it may not exist).
[2025-07-12T04:33:32.080Z] Error Context: {
"body": {
"error": {
"code": 403,
"message": "Permission 'iam.serviceAccounts.create' denied on resource (or it may not exist).",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "IAM_PERMISSION_DENIED",
"domain": "iam.googleapis.com",
"metadata": {
"permission": "iam.serviceAccounts.create"
}
}
]
}
},
"response": {
"statusCode": 403
}
}

Metadata

Metadata

Assignees

Labels

api: apphostingIssues related to App Hostingtype: bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions