This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Trying to take a Firestore backup from one project and restore it into another...

Posted on 11-11-2022 08:14 AM
ipmcc
New Member
Reply posted on --/--/---- --:-- AM

Although it was no small feat, I have a Cloud Firestore database backing up using a Firebase cloud function, periodically, into a Cloud Storage Bucket. I then created another Firebase Project, activated Firestore on it, and activated Billing. I've added my account/principal to the new Firebase Project (it was already on the old Firebase Project).

Per this URL: https://cloud.google.com/datastore/docs/export-import-entities#permissions I have added "Datastore Owner" and "Datastore Import Export Admin" roles to my account on NewProject. But when I run:

`gcloud firestore import gs://bucket-in-old-project/backups/2022-11-11T14:38:34.810Z`it says: 

`ERROR: (gcloud.firestore.import) PERMISSION_DENIED: Service account does not have access to Google Cloud Storage file: /bucket-in-old-project/backups/2022-11-11T14:38:34.810Z.overall_export_metadata. See https://cloud.google.com/datastore/docs/export-import-entities#permissions for a list of permissions needed. Error details: service-573661466501@gcp-sa-firestore.iam.gserviceaccount.com does not have storage.buckets.get access to the Google Cloud Storage bucket. Permission 'storage.buckets.get' denied on resource (or it may not exist).`

OK, so I go over to OldProject and attempt to add the project default service account, `new-project@appspot.gserviceaccount.com`, to the bucket's permissions, and I get this error message: `Error: Email addresses and domains must be associated with an active Google Account, Google Workspace account, or Cloud Identity account.`

I'm literally copying this out of NewProject's GCP console, so I'm very confident that I'm getting the principal name correct. It doesn't seem to recognize it. Could this be related to public access prevention? I am using the same account, that has the same roles in both projects, and belong to the same organization, so it doesn't feel like "public access" to me, but maybe I'm wrong? I certainly don't want to open my database backups to the public.

What am I missing? How can one export a database from one project and re-import it into a database in another project? 

And just as a follow-on question: why is it SO unbelievably difficult to do backups and restores of Cloud Firestore databases? This is basic stuff that every database I've ever used in the past has had, right out of the box. The number of hoops I've had to jump through to even create the backup in the first place was truly stunning, and I've flushed an entire day fighting for the ability to restore. Not really inspiring to think about how a true DR situation would play out.

 

 

2 2 2,684
Topic Labels
2 REPLIES 2
Top Labels in this Space