KEMBAR78
FirestoreOptions.setHost causes PERMISSION_DENIED errors from Firestore Emulator · Issue #190 · googleapis/java-firestore · GitHub
Skip to content

FirestoreOptions.setHost causes PERMISSION_DENIED errors from Firestore Emulator #190

New issue
New issue
Closed
Closed
FirestoreOptions.setHost causes PERMISSION_DENIED errors from Firestore Emulator#190
Assignees
BenWhitehead
Labels
api: firestoreIssues related to the googleapis/java-firestore API.priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@icoloma

Description

@icoloma
icoloma
opened on Apr 16, 2020

I'm seeing a PERMISSION DENIED message when trying to clean my test data using collection.listDocuments():

io.grpc.StatusRuntimeException: PERMISSION_DENIED: Metadata operations require admin authentication.
com.google.cloud.firestore.FirestoreException: io.grpc.StatusRuntimeException: PERMISSION_DENIED: Metadata operations require admin authentication.
	at com.google.cloud.firestore.FirestoreException.apiException(FirestoreException.java:94)
	at com.google.cloud.firestore.CollectionReference.listDocuments(CollectionReference.java:141)
	at MyTest.deleteCollections(MyTest.java:21)

This error has been reported before as firebase-tools#1363. The workaround that is mentioned in the referenced issue is not working for me. I have tried three variants of the same thing: setCredentials(), setCredentialsProvider() and setHeaderProvider().

Firestore firestore = FirestoreOptions.getDefaultInstance()
    .toBuilder()
    .setProjectId(Config.PROJECT_ID)
    .setHost("localhost:9000")
    .setChannelProvider(
      InstantiatingGrpcChannelProvider.newBuilder().setEndpoint(Config.FIRESTORE_EMULATOR_URL)
        .setChannelConfigurator(input -> {
          input.usePlaintext();
          return input;
        }).build())
    .setCredentialsProvider(FixedCredentialsProvider.create(new FakeCredentials()))
    .setCredentials(new FakeCredentials())
    .setHeaderProvider(() -> ImmutableMap.of("Authorization", "Bearer owner"))
    .build().getService();

firestore.collection("mycollection").listDocuments();


    public static class FakeCredentials extends Credentials {
        private final Map<String, List<String>> HEADERS =
                ImmutableMap.of("Authorization", Arrays.asList("Bearer owner"));

        @Override
        public String getAuthenticationType() {
            throw new IllegalArgumentException("Not supported");
        }

        @Override
        public Map<String, List<String>> getRequestMetadata(URI uri) {
            return HEADERS;
        }

        @Override
        public boolean hasRequestMetadata() {
            return true;
        }

        @Override
        public boolean hasRequestMetadataOnly() {
            return true;
        }

        @Override
        public void refresh() {
        }
    }

It seems that some of these settings are being ignored by com.google.cloud.firestore.spi.v1.GrpcFirestoreRpc when the URL points to localhost.

The expected behavior would be a documented way to get admin permissions on the emulator, preferably through the Options object. Failing that, this workaround should work, and maybe make public static FirestoreOptions.FakeCredentials instead of just public (as is now), so it can be used by others.

OS: Ubuntu 18.04.4 LTS
Java 11
gcloud version 289.0.0
compile "com.google.firebase:firebase-admin:6.12.2"

Metadata

Metadata

Assignees

Labels

api: firestoreIssues related to the googleapis/java-firestore API.priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions