Reputation: 2499
Firebase - lacks IAM permission "cloudscheduler.jobs.update"
After implementing firebase function as below code, deploy failed.
generateDailyStat: functions.pubsub.schedule('every day 00:00').timeZone('Asia/Seoul').onRun(generateDailyStat),
Error messages are as below.
i functions: creating Node.js 8 function generateDailyStat(us-central1)...
i scheduler: ensuring necessary APIs are enabled...
i pubsub: ensuring necessary APIs are enabled...
✔ scheduler: all necessary APIs are enabled
✔ pubsub: all necessary APIs are enabled
Error: HTTP Error: 403, The principal (user or service account) lacks IAM permission "cloudscheduler.jobs.update" for the resource "projects/MY_PROJECT/locations/asia-northeast2/jobs/firebase-schedule-generateDailyStat-us-central1" (or the resource may not exist).
My account is 'owner' role, and I give owner role of cloudscheduler to firebase service account. But still failed.
What did I miss?
Upvotes: 1
Views: 1797
Answers (3)
Reputation: 2111
I was having the same issue on Gen 2 Firebase Functions.
I needed to add the role Cloud Scheduler Admin on both the Firebase Functions service account ([email protected]) and the user who is deploying the functions.
The service account needs it to create the function, but without also adding it to the user account deploying the functions it will deploy without any Cloud Schedulers. So nothing will run at the times you want. You need it on both of them for it to work correctly.
Note: PROJECT_NUMBER is different to PROJECT_ID. You can find it in Google Console > Cloud Overview > Dashboard.
Upvotes: 1
Reputation: 400
I had the same problem. I gave my user all the permissions that could be related to the cloud schedule, and I didn't understand why I was getting this error. Finally, I realized that the region I was trying to deploy to europe-west4, and it seems that in this region, you cannot create a cloud scheduler; there is no option to create it in this region. But I got an error about the permission. (The cloud function was created without a problem)
I ran the same code in another region, and it worked perfectly.
Upvotes: 1
Reputation: 4670
Searching about it, it seems that this error might be related to the fact that the permission cloudscheduler.jobs.update - as per the documentation Support level for permissions in custom roles - it's not supported for use yet, it's still in the Testing status, which means that some exceptions and errors are expected.
In another post on the community, a user informed that removing all the permissions and adding again, fixed the case "magically", so it might be an option for you to give a try. You can find more information on this solved case here: The principal (user or service account) lacks IAM permission “cloudtasks.tasks.create” for the resource.
Let me know if the information clarified and helped you!
Upvotes: 1
Related Questions
- HTTP Error: 403, Permission denied to enable service [cloudfunctions.googleapis.com]
- Unable to set publicly accessible IAM policy on the following functions:
- Unable to deploy a firebase cloud function due to permission error
- Unable to Deploy Cloud Functions - Permission denied to enable service [artifactregistry.googleapis.com]
- Failed to create scheduler job, Schedule or time zone is invalid
- Google Cloud Platform & Firebase - Cloud Scheduler Unauthenticated
- Error 7: Missing or insufficient permissions cloud functions/firestore
- Firebase schedule data exports PERMISSION_DENIED: The caller does not have permission
- Google Cloud Function error (Permission Denied) when updating IoT device configs
- Firebase Cloud Functions : Failed to read credentials from file