Firebase 存储模拟器不支持 getSignedUrl
Firebase Storage emulator does't support getSignedUrl
我有线
onst [url] = await blob.getSignedUrl({ action: 'read', expires: Date.now() + 60 * 1000, contentType: mimetype })
当我 运行 使用 Firebase 存储模拟器进行单元测试时,出现错误:
Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information
如何将 getSignedUrl 与 Firebase 模拟器一起使用?
使用签名 url 的 blob 时,使用服务帐户凭据而不是默认的 ADC。话虽如此,您有两个选择:
- 您可以创建 service account that will use the command using the Cloud SDK:
gcloud iam service-accounts keys create FILE_NAME.json --iam-account=NAME@PROJECT_ID.iam.gserviceaccount.com; which you can use to call Firebase server APIs from your app server or trusted environment. After creating your service account, you must initialize with a service account key file。
下面是一个 java 初始化代码示例:
FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccountKey.json");
FirebaseOptions options = FirebaseOptions.builder()
.setCredentials(GoogleCredentials.fromStream(serviceAccount))
.setDatabaseUrl("https://<DATABASE_NAME>.firebaseio.com/")
.build();
FirebaseApp.initializeApp(options);
You can also check the Firebase Service Accounts to help you identify which service account you will use in your project.
- 另一种选择是在 environment variables 中设置服务帐户密钥。
对于 Linux 或 macOS:
导出 GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
例子是:
导出 GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"
对于 Windows(使用 powershell):
$env:GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
例子是:
$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\service-account-file.json"
Just note that this variable only applies to your current shell session, so if you open a new session, set the variable again.
更新:
在 Google Cloud Platform 环境中,例如 Cloud Functions 和 App Engine,您通常不会在实例化期间提供 keyFilename 或凭据。在这些环境中,我们调用 signBlob API 来创建一个带符号的 URL。如前所述 here。在这种情况下,使用的服务帐户必须具有 Service Account Token Creator Role.
Service Account Token Creator Role 允许模拟服务帐户以创建 OAuth2 访问令牌、签署 blob 或签署 JWT。初始化客户端时提供您的服务帐户。如果使用默认凭据,请确保 Cloud Functions 服务帐户必须具有 Service Account Token Creator Role,因为如果应用程序部署在 GCP 中,则在调用 signBlob API 时需要它。
You can further check this github issues comment.
我有线
onst [url] = await blob.getSignedUrl({ action: 'read', expires: Date.now() + 60 * 1000, contentType: mimetype })
当我 运行 使用 Firebase 存储模拟器进行单元测试时,出现错误:
Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information
如何将 getSignedUrl 与 Firebase 模拟器一起使用?
使用签名 url 的 blob 时,使用服务帐户凭据而不是默认的 ADC。话虽如此,您有两个选择:
- 您可以创建 service account that will use the command using the Cloud SDK:
gcloud iam service-accounts keys create FILE_NAME.json --iam-account=NAME@PROJECT_ID.iam.gserviceaccount.com; which you can use to call Firebase server APIs from your app server or trusted environment. After creating your service account, you must initialize with a service account key file。
下面是一个 java 初始化代码示例:
FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccountKey.json");
FirebaseOptions options = FirebaseOptions.builder()
.setCredentials(GoogleCredentials.fromStream(serviceAccount))
.setDatabaseUrl("https://<DATABASE_NAME>.firebaseio.com/")
.build();
FirebaseApp.initializeApp(options);
You can also check the Firebase Service Accounts to help you identify which service account you will use in your project.
- 另一种选择是在 environment variables 中设置服务帐户密钥。
对于 Linux 或 macOS: 导出 GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
例子是: 导出 GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"
对于 Windows(使用 powershell): $env:GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
例子是: $env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\service-account-file.json"
Just note that this variable only applies to your current shell session, so if you open a new session, set the variable again.
更新:
在 Google Cloud Platform 环境中,例如 Cloud Functions 和 App Engine,您通常不会在实例化期间提供 keyFilename 或凭据。在这些环境中,我们调用 signBlob API 来创建一个带符号的 URL。如前所述 here。在这种情况下,使用的服务帐户必须具有 Service Account Token Creator Role.
Service Account Token Creator Role 允许模拟服务帐户以创建 OAuth2 访问令牌、签署 blob 或签署 JWT。初始化客户端时提供您的服务帐户。如果使用默认凭据,请确保 Cloud Functions 服务帐户必须具有 Service Account Token Creator Role,因为如果应用程序部署在 GCP 中,则在调用 signBlob API 时需要它。
You can further check this github issues comment.