firebasegoogle-cloud-functions

Configure firebase functions to use a service account for deploying


When looking at the docs for cloud functions it shows an option to deploy the function using a service account instead of having it run with the default service account:

gcloud functions deploy <function> --service-account <service_account_email>

Is there is a way in firebase to configure it to deploy a function using a service account when running firebase deploy?

I've tried doing a straight-forward dumb approach of adding it to the .firebaserc file, but I don't know if that is supported or what the correct syntax would be:

{
  "projects": {
    "default": "<project>"
  },
  "targets": {
    "<project>": {
      "functions": {
        "service-account": "<...>@<project>.iam.gserviceaccount.com"
      },
  }
}

Solution

  • You can change the service account the firebase function is deployed with using the RunTime options interface. For example:

    import * as functions from "firebase-functions";
    
    export const myfunc = functions.runWith({serviceAccount:"sa@goog.com"}).https.onCall(async (request, context) => {
    }
    

    When you use the firebase cli without any additional parameters, the function should be deployed with the specified service account.

    firebase deploy --only functions:myfunc

    If done correctly, you will see that the Service Account in the details section of the function is changed to the specified service account.