I have a Google Cloud Platform (GCP) project where I operate multiple Firestore databases. The default database is in Datastore mode, and I have an additional database in Firestore Native mode. I’m trying to set security rules for the Firestore Native database, but I’m facing challenges:
When I use the Firebase Console, I get an error indicating that the project is set up to use Cloud Firestore in Datastore mode and that this mode can only be accessed from the Google Cloud Console.
In the Google Cloud Console, I can view the Firestore rules, but there’s no option to edit them.
I tried using Terraform to deploy the rules. While Terraform indicates that the rules have been applied successfully, the rules in the Google Cloud Console remain unchanged.
When attempting to use the Firebase CLI, I receive an error stating that the Firebase CLI can only manage projects using Cloud Firestore in Native mode.
Here’s the error from the Firebase CLI:
Error: It looks like this project is using Cloud Datastore or Cloud Firestore in Datastore mode. The Firebase CLI can only manage projects using Cloud Firestore in Native mode.
Firestore Rules I try to apply for testing my frontend
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
Firestore Rules displayed in my GCP Console
Terraform code
resource "google_project_service" "firestore" {
project = local.project
service = "firestore.googleapis.com"
}
resource "google_firestore_database" "database" {
project = local.project
name = "name of the database"
location_id = local.location
type = "FIRESTORE_NATIVE"
concurrency_mode = "PESSIMISTIC"
app_engine_integration_mode = "DISABLED"
#point_in_time_recovery_enablement = "POINT_IN_TIME_RECOVERY_ENABLED"
depends_on = [google_project_service.firestore]
}
resource "google_firebaserules_release" "primary" {
name = "cloud.firestore"
ruleset_name = "projects/${local.project}/rulesets/${google_firebaserules_ruleset.firestore.name}"
project = local.project
lifecycle {
replace_triggered_by = [
google_firebaserules_ruleset.firestore
]
}
}
resource "google_firebaserules_ruleset" "firestore" {
source {
files {
content = file("firestore.rules")
name = "firestore.rules"
}
}
project = local.project
}
I cannot separate this into different GCP projects because I run integration services in this project, and one of the services uses Firebase primarily. I need to add a frontend on top of this service to view some Firestore documents.
Has anyone faced a similar issue, and is there a workaround to set Firestore rules for the Firestore Native database in such a scenario?
2
Answers
firebaser here
The Firebase console has not yet been updated for projects with multiple databases. You’re hitting a particularly hairy edge-case as Datastore mode is unlikely to be ever supported in Firebase.
That pretty much leaves setting the rules through the API (or CLI?) as the only option.
I’m facing with the same issue. I don’t see any option for setting security rules for the new database. I’ve tried with firebase cli, firebase/gcloud console, gcloud cli, firebase api, firebase admin sdk… and impossible. All related to the new alpha is working except this. I can’t even find how to do it anywhere in the docs 😖.