Closed
Description
I am in project A and would like to access firestore data in project B.
I have added in Project B IAM, project A's base account (project-a@appspot.gserviceaccount.com) as a service account and assigned it roles of cloud firestore editor.
The rule set for firestore in project B is:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}
In my app, when I try to access project B firestore I receive a permission error. The code is:
let secondaryAppConfig = {
projectId: project-b,
databaseURL: let dbURL = 'https://project-b.firebaseio.com';
};
// create the App
let secondaryApp = admin.initializeApp(secondaryAppConfig, project-b);
// get the database object
secondarydb = admin.firestore(secondaryApp);
However, if I create a private key of the firestore of project B and share it with project A it works. Thus, the following works:
let serviceAccount = require(.. path to key json file ..)
let secondaryAppConfig = {
credential: admin.credential.cert(serviceAccount),
databaseURL: let dbURL = 'https://project-b.firebaseio.com';
};
// create the App
let secondaryApp = admin.initializeApp(secondaryAppConfig, project-b);
// get the database object
secondarydb = admin.firestore(secondaryApp);
What do I need to set in project B to get this working without sharing of the private key? Thanks