When looking at the docs for cloud functions it shows an option to deploy the function using a service account instead of having it run with the default service account:
gcloud functions deploy <function> --service-account <service_account_email>
Is there is a way in firebase to configure it to deploy a function using a service account when running firebase deploy
?
I've tried doing a straight-forward dumb approach of adding it to the .firebaserc
file, but I don't know if that is supported or what the correct syntax would be:
{
"projects": {
"default": "<project>"
},
"targets": {
"<project>": {
"functions": {
"service-account": "<...>@<project>.iam.gserviceaccount.com"
},
}
}
You can change the service account the firebase function is deployed with using the RunTime options interface. For example:
import * as functions from "firebase-functions";
export const myfunc = functions.runWith({serviceAccount:"sa@goog.com"}).https.onCall(async (request, context) => {
}
When you use the firebase cli without any additional parameters, the function should be deployed with the specified service account.
firebase deploy --only functions:myfunc
If done correctly, you will see that the Service Account in the details section of the function is changed to the specified service account.