I have a cloud function calling exportDocuments that looks like this:
client = googleapiclient.discovery.build('firestore', 'v1beta1')
client.projects().databases().exportDocuments(name=name, body=body).execute()
It is crashing due to an authentication error:
HttpError 403 "The caller does not have permission"
The cloud function is crashing when triggered using Pub/Sub. But if I run the same code from Cloud Shell, it works.
My questions are:
Am I doing it wrong? Should't the auth be handled automagically since I'm executing in a cloud function? I mean it's working from Cloud Shell.
What can I do? Example code more than welcome as I cannot wrap my head around authenticating manually.
The Cloud Function service account has the project Editor role by default. This role does not include permissions to start Cloud Firestore exports.
You can follow steps 3 and 4 here to give the default service account, [email protected], permissions to start Cloud Datastore/Firestore exports and to access your designated Cloud Storage bucket.