-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using Auth Client with Emulator without Credentials Doesn't Work #609
Comments
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight. |
Hey @dgildeh could you share a bit more on how you set up your environment? Below is what I tried and it seems to be working for me.
|
Hi sure:
I setup remote debugging on the backend service inside the container, which after stepping through the request I saw it failing at that line above and raised this issue. If you read the code comment for the method I highlighted, its supposed to fall back to environment variables to get the project-id if it can't get local credentials - but because its catching the wrong exception type - its basically crashing the request each time. I may try to detect if running in Emulator and do firebase_admin.initialize_app() to set the project ID manually as a work around (haven't tried it yet) but ideally my code should just work without any authentication to use the emulator in local dev/test environments. What I'm aiming for is dev/test don't require any authentication and just use a local emulator, pushing out via Github actions with tests using the emulator too and no authentication, and in Google Cloud Run (where I'm deploying) it just picks up the instance service account metadata to make calls to Google Identity Platform/FireStore without any code changes so I don't accidentially put authentication workarounds for local development/testing that cause security issues in prod. When I run pyTest on the backend service running locally with the emulator container, they all pass because I assume it was silently picking up the default credentials using my local gcloud CLI, as soon as I put it inside a container without any credentials it fails. Hope that helps! |
I can confirm if I pass in a default projectID when initializing firebase_admin my backend service now works without raising the exception:
Please change the except line I highlighted in the issue to DefaultCredentialsError and this bug can be closed. This will also make it work as specified in the method comments above that line. |
After a lot of debugging, it looks like this is the line that is the bug - instead of catching a google.auth.exceptions.DefaultCredentialsError and passing, its trying to catch an AttributeError:
firebase-admin-python/firebase_admin/__init__.py
Line 260 in 5e88d92
This is crashing my requests to get a user via a Rest API using the library on a local environment with the emulator running but no local credentials installed/local SDK.
Please make sure tests for using the emulator assume no credentials are on the machine or they will break CI/CD pipelines. Any work arounds before a fix is released appreciated!
The text was updated successfully, but these errors were encountered: