如何更新 storage.getSignedUrl() 函数中的 Firebase 权限

如何解决如何更新 storage.getSignedUrl() 函数中的 Firebase 权限

错误

Error: The caller does not have permission
at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:127:23)
at processticksAndRejections (internal/process/task_queues.js:97:5)
at async Compute.requestAsync (/workspace/node_modules/google-auth-library/build/src/auth/oauth2client.js:343:18)
at async GoogleAuth.sign (/workspace/node_modules/google-auth-library/build/src/auth/googleauth.js:628:21)
at async sign (/workspace/node_modules/@google-cloud/storage/build/src/signer.js:97:35)

我的尝试

我已尝试更新 IAM 角色。从 firebaseSA.json 文件看来，关联的电子邮件具有以下角色：Firebase Admin SDK Administrator Service Agent Service Account Token Creator Pub/Sub Publisher Storage Admin

其他信息

之前通过以下错误，我启用了这个 api：

Error: IAM Service Account Credentials API has not been used in project <PROJECT_NUM> before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iamcredentials.googleapis.com/overview?project=<PROJECT_NUM> then retry. If you enabled this API recently,wait a few minutes for the action to propagate to our systems and retry.

代码

exports.getSignedUrl = async function (gsUri) {
  const [bucket,path,filename] = explode(gsUri);
  console.log('requesting signed url from ',bucket,filename);
  const signedUrl = await storage
    .bucket(bucket)
    .file(`${path}/${filename}`)
    .getSignedUrl({
      expires: Date.Now() + 24 * 60 * 60 * 1000,// 1 day
      action: 'read',});
  console.log('Signed url: ',signedUrl);
  return signedUrl[0];
};

async function retrieveUrl(req,res){
  console.log('==== /api Called');
  const { gsUri } = req.body;
  console.log('==== getting signed url ');
  const url = await getSignedUrl(gsUri);
  console.log('==== done');
}

和 index.ts 有以下代码

export const api = functions.https.onRequest((req: any,res: any) => {
  cors(req,res,async () => {
    return await retrieveUrl(req,res);
  });
});

使用 admin.initializeApp().storage() 和 GOOGLE_APPLICATION_CREDENTIALS=/path/to/creds.json 进行存储设置