Use Admin AuthTokenProvider when targeting Emulator #3228
Conversation
schmidt-sebastian
changed the title
Binary Size ReportAffected SDKs
Test Logs |
|
I'll be brief here. I believe this will break two use cases:
Feel free to correct me if I'm wrong, but I may be overly cautious since we had a similar change before that broke admin and firebase-testing. If you can correct me by testing admin, production auth, and |
|
@yuchenshi Thanks for your comment. I am kind of stuck here now, but will try to come up with a way to address your concerns. I hope we can do more than just silence the logs. |
|
@schmidt-sebastian did you perhaps come across a workaround that could be used meanwhile? It looks like this fix ended up being a bit more complicated than it looked like. I'm happy enough working around it on my side for the time being, if that's an option. |
|
I haven't been able to come up with a way to solve this - as far as I can tell, we might just have to disable the log output. Does anything actually break on your end, or are you mostly (and rightfully) concerned about the log output? |
|
Anything that involves using recent emulator version with RTDB and without having GOOGLE_APPLICATION_CREDENTIALS set will fail. It's not logging, it's that RTDB doesn't work at all. In the original repro in #3144, the cloud fn times out with RTDB, but not with Firestore, because of this problem. On our setup we're stuck on |
|
@schmidt-sebastian do we have any way to detect if we're in an Admin or Client context? If so the behavior matrix looks like this:
|
🦋 Changeset is good to goLatest commit: 004f58d We got this. This PR includes changesets to release 8 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
schmidt-sebastian
force-pushed
the
mrschmidt/tokenprovider
branch
2 times, most recently
from
191af58 to
d67005b
Compare
schmidt-sebastian
force-pushed
the
mrschmidt/tokenprovider
branch
from
d67005b to
84a9b29
Compare
schmidt-sebastian
changed the title
| @@ -116,6 +123,11 @@ export class RepoManager { | |||
| dbUrl = `http://${dbEmulatorHost}?ns=${repoInfo.namespace}`; | |||
There was a problem hiding this comment.
Does this branch if (dbEmulatorHost) { } trigger only if the emulator connection is made via env var? What about if the user does this:
firebase.initializeApp({
databaseURL: 'http://localhost:9000?ns=namespace'
})You might consider using the EmulatorAdminTokenProvider any time Constants.NODE_ADMIN is true and the database is http:// (not https://). That's what we do in the Firebase CLI, it catches more cases and it also has the nice side benefit of not allowing someone's admin credentials to ever go to an insecure host.
…e-js-sdk into mrschmidt/tokenprovider
| dbUrl = `http://${dbEmulatorHost}?ns=${repoInfo.namespace}`; | ||
| parsedUrl = parseRepoInfo(dbUrl); | ||
| repoInfo = parsedUrl.repoInfo; | ||
| } else { | ||
| isEmulator = | ||
| parsedUrl.repoInfo.host === 'localhost' && !parsedUrl.repoInfo.secure; |
There was a problem hiding this comment.
We do see people running their emulator on non-localhost hosts. Like 0.0.0.0. I think just anything non-secure (http://) is the right condition.
There was a problem hiding this comment.
Done. I will verify this manually on Monday, which should allow us to release this next week.
|
@schmidt-sebastian if there's a snapshot build somewhere that I can pull in via npm I can test on my setup too. |
|
I manually verified using Sam's testing matrix. @filipesilva We will publish a prerelease version on NPM, likely tomorrow. |
|
So it looks like |
|
@samtstern |
Fixes #3144