node.js - How do i give permissions from GCP to Firebase Functions to access resources? (like GCE)

Question

does anyone know how do i give permission from my project in GCP to a function created and deployed in firebase? Because what i'm doing is the following:

1. From a site (deployed also in firebase) y call to the backend (Firebase Function)
2. The function itself, tries to get resources from my GCP project (in specific what instances are currently running)
3. Then, i receive them and show on the front.

The step 2 is causing my problems, currently when i'm trying to run it, it gives me the error: Error: could not handle the request and in the log from firebase function i got: GaxiosError: Required 'compute.instances.list' permission for 'projects/projectID' so i know for sure that's a problem of authorization.

All this project worked just well 2 months ago, but my free trial expired and we tried to move to another GCP account and try to finish this project (With this i know the code works just right, the problem is for sure GCP because also, when i use others API ENDPOINTS not related to GCP resources, they work just well).

Any recomendation would be amazing, and if i didn't gave enough info just tell me. Thanks u for your time

Answer 1

Add an IAM role containing the required permission to the Cloud Function service account.

For example the role roles/compute.viewer has the permission compute.instances.list.

Review this page to learn more about Compute Engine IAM roles:

Compute Engine IAM roles and permissions

Firebase Functions are Cloud Functions. Cloud Functions uses the App Engine default service account for access control. The format of the service account's name is: PROJECT_ID@appspot.gserviceaccount.com. Find that service account under IAM and add the role mentioned above.

Cloud Functions Access Control