firebase-tools icon indicating copy to clipboard operation
firebase-tools copied to clipboard

Published 20 hours ago verified publisher icon firebase

Support binary-authorization org constraints when deploying functions

Open alexcibotari opened this issue 1 year ago • 2 comments

[REQUIRED] Environment info

firebase-tools: 13.19.0

Platform: ANY

[REQUIRED] Test case

Deploy new firebase function in a project with binary-authorization enabled

[REQUIRED] Steps to reproduce

Deploy new firebase function in a project with binary-authorization enabled

[REQUIRED] Expected behavior

the function to be deployed

[REQUIRED] Actual behavior

Step #3 - "firebase-deploy": ⚠  functions: HTTP Error: 400, Could not create Cloud Run service user-list. Constraint constraints/run.allowedBinaryAuthorizationPolicies violated for attempting CreateService with annotation "run.googleapis.com/binary-authorization" set to null. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information.
Step #3 - "firebase-deploy": ⚠  functions:  failed to create function projects/--/locations/europe-west6/functions/user-list
Step #3 - "firebase-deploy": Failed to create function projects/--/locations/europe-west6/functions/user-list
Step #3 - "firebase-deploy": ⚠  functions: HTTP Error: 400, Could not create Cloud Run service user-delete. Constraint constraints/run.allowedBinaryAuthorizationPolicies violated for attempting CreateService with annotation "run.googleapis.com/binary-authorization" set to null. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information.
Step #3 - "firebase-deploy": ⚠  functions:  failed to create function projects/--/locations/europe-west6/functions/user-delete
Step #3 - "firebase-deploy": Failed to create function projects/--/locations/europe-west6/functions/user-delete
Step #3 - "firebase-deploy": ⚠  functions: HTTP Error: 400, Could not create Cloud Run service user-update. Constraint constraints/run.allowedBinaryAuthorizationPolicies violated for attempting CreateService with annotation "run.googleapis.com/binary-authorization" set to null. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information.
Step #3 - "firebase-deploy": ⚠  functions:  failed to create function projects/--/locations/europe-west6/functions/user-update
Step #3 - "firebase-deploy": Failed to create function projects/--/locations/europe-west6/functions/user-update

alexcibotari avatar Sep 24 '24 09:09 alexcibotari

Hey @alexcibotari - this looks like the binaryAuthorization org constraint is working as intended, and Cloud Functions for Firebase doesn't yet work with that constraint. For now, you'll need to disable that constraint to deploy functions

@colerogers Could you take a look at this constraint and see if it makes sense for us to handle?

joehan avatar Sep 24 '24 17:09 joehan

Are there any updates on this? Is our understanding correct that setting binary authorization policy is not supported by firebase deploy and no workarounds are available (other than disabling the bin auth policy)? Thanks!

gojanpaolo avatar May 08 '25 02:05 gojanpaolo