Firebase 即將開始支援 Terraform。 如果團隊成員想自動化及標準化建立 Firebase 方法是使用 Terraform 搭配 Firebase 是相當理想的選擇。
以下是搭配 Firebase 使用 Terraform 的基本工作流程:
建立及自訂 Terraform 設定檔 (
.tf檔案), 會指定要佈建的基礎架構 (也就是 佈建及啟用的服務)。透過介面與 Terraform 之間的 gcloud CLI 指令 佈建
.tf檔案中指定的基礎架構。
Terraform 和 Firebase 的用途
本指南中的一般工作流程範例 使用 Android 應用程式建立新的 Firebase 專案。但您可以做許多事 例如:
使用 Terraform 刪除及修改現有的基礎架構。
使用 Terraform 管理產品專屬的設定和工作,例如:
- 啟用 Firebase 驗證登入供應商。
- 建立及部署 Cloud Storage 值區或資料庫執行個體 適用的 Firebase 安全性規則。
您可以使用標準 Terraform 設定檔和指令完成所有 機器學習程式庫提供一系列預先編寫的程式碼 可用來執行機器學習工作為協助您解決這個問題 數種常見用途的 Terraform 設定檔範例 用途
搭配 Firebase 使用 Terraform 的通用工作流程
必要條件
本指南將介紹如何搭配 Firebase 使用 Terraform 熟悉 Terraform 的基本操作。請確認您已完成下列操作 。
安裝 Terraform ,並透過官方教學課程熟悉 Terraform。
安裝 Google Cloud CLI (gcloud CLI)。使用 使用者帳戶 或 服務帳戶
查看使用者帳戶和服務帳戶的相關規定
- 如果是使用使用者帳戶,則須先接受《Firebase 條款》 服務 (Firebase 服務條款)。如果您可以查看《Firebase 服務條款》,就表示您已接受《Firebase 服務條款》 已在 Google Cloud 控制台中 Firebase 控制台
- 為了讓 Terraform 執行特定動作 (例如建立專案),
以下為必要項目:
- 使用者或服務帳戶必須具備適當的 IAM 存取權 這些動作
- 如果使用者或服務帳戶隸屬於某個 Google Cloud 機構 機構政策必須允許帳戶執行這些動作。
步驟 1:建立及自訂 Terraform 設定檔
Terraform 設定檔需要兩個主要部分 (詳細說明請見) 以下欄位):
設定「provider」
無論 Firebase 產品或服務為何,都需進行 provider 設定
相關知識
在本機中建立 Terraform 設定檔 (例如
main.tf檔案) 目錄。在本指南中,您將使用這個設定檔來指定
provider以及您要 Terraform 建立的所有基礎架構。注意: 不過,您可以選擇如何加入供應商設定。查看做法選項 納入
provider設定您可以透過以下選項,將
provider設定加入 其餘的 Terraform 設定:方法 1:在單一 Terraform
.tf設定頂端加入這個 API 檔案 (如本指南所示)。- 如果您剛開始使用 Terraform,或是僅 嘗試搭配 Firebase 來試用 Terraform
方法 2:在獨立的
.tf檔案 (例如provider.tf) 中加入應用程式 檔案),再加上您指定基礎架構的.tf檔案 建立 (例如main.tf檔案)。- 如果您所屬的大型團隊有以下需求: 標準化設定
- 執行 Terraform 指令時,
provider.tf檔案和main.tf檔案必須位於相同目錄中。
在
main.tf檔案頂端加入下列provider設定。您必須使用
google-beta供應商,因為這是下列應用程式的 Beta 版: 搭配 Terraform 運用 Firebase在實際工作環境中使用時,請務必謹慎。# Terraform configuration to set up providers by version. terraform { required_providers { google-beta = { source = "hashicorp/google-beta" version = "~> 4.0" } } } # Configures the provider to use the resource block's specified project for quota checks. provider "google-beta" { user_project_override = true } # Configures the provider to not use the resource block's specified project for quota checks. # This provider should only be used during project creation and initializing services. provider "google-beta" { alias = "no_user_project_override" user_project_override = false }如想進一步瞭解來電目錄、轉接和錄音服務政策, 不同類型的專案相關屬性 (包括本指南稱之「配額檢查專案」的內容) Terraform 搭配 Firebase。
請繼續前往下一節,完成設定檔並指定內容 所需的基礎架構
使用 resource 區塊指定要建立的基礎架構
在 Terraform 設定檔中 (在本指南中,您的 main.tf 檔案) 中:
指定您要 Terraform 建立的所有基礎架構 (也就是
和您要啟用的所有服務)。於
請參閱這份指南的完整清單
支援 Terraform 的 Firebase 資源。
開啟
main.tf檔案。在
provider設定下方,加入下列resource設定 方塊。這個基本範例會先建立新的 Firebase 專案,然後建立 專案中的 Firebase Android 應用程式。
# Terraform configuration to set up providers by version. ... # Configures the provider to use the resource block's specified project for quota checks. ... # Configures the provider to not use the resource block's specified project for quota checks. ... # Creates a new Google Cloud project. resource "google_project" "default" { provider = google-beta.no_user_project_override name = "Project Display Name" project_id = "project-id-for-new-project" # Required for any service that requires the Blaze pricing plan # (like Firebase Authentication with GCIP) billing_account = "000000-000000-000000" # Required for the project to display in any list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "default" { provider = google-beta.no_user_project_override project = google_project.default.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "firebase.googleapis.com", # Enabling the ServiceUsage API allows the new project to be quota checked from now on. "serviceusage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "default" { provider = google-beta project = google_project.default.project_id # Waits for the required APIs to be enabled. depends_on = [ google_project_service.default ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "default" { provider = google-beta project = google_project.default.project_id display_name = "My Awesome Android app" package_name = "awesome.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.default, ] }
查看概略 此範例設定檔的註解版本
如果不熟悉專案和應用程式基礎架構 請參閱下列說明文件:
- 瞭解 Firebase 專案
- 參考說明文件 Firebase 專案管理
# Terraform configuration to set up providers by version.
...
# Configures the provider to use the resource block's specified project for quota checks.
...
# Configures the provider to not use the resource block's specified project for quota checks.
...
# Creates a new Google Cloud project.
resource "google_project" "default" {
# Use the provider that enables the setup of quota checks for a new project
provider = google-beta.no_user_project_override
name = "Project Display Name" // learn more about the project name
project_id = "project-id-for-new-project" // learn more about the project ID
# Required for any service that requires the Blaze pricing plan
# (like Firebase Authentication with GCIP)
billing_account = "000000-000000-000000"
# Required for the project to display in any list of Firebase projects.
labels = {
"firebase" = "enabled" // learn more about the Firebase-enabled label
}
}
# Enables required APIs.
resource "google_project_service" "default" {
# Use the provider without quota checks for enabling APIS
provider = google-beta.no_user_project_override
project = google_project.default.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebase.googleapis.com",
# Enabling the ServiceUsage API allows the new project to be quota checked from now on.
"serviceusage.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
# This action essentially "creates a Firebase project" and allows the project to use
# Firebase services (like Firebase Authentication) and
# Firebase tooling (like the Firebase console).
# Learn more about the relationship between Firebase projects and Google Cloud.
resource "google_firebase_project" "default" {
# Use the provider that performs quota checks from now on
provider = google-beta
project = google_project.default.project_id
# Waits for the required APIs to be enabled.
depends_on = [
google_project_service.default
]
}
# Creates a Firebase Android App in the new project created above.
# Learn more about the relationship between Firebase Apps and Firebase projects.
resource "google_firebase_android_app" "default" {
provider = google-beta
project = google_project.default.project_id
display_name = "My Awesome Android app" # learn more about an app's display name
package_name = "awesome.package.name" # learn more about an app's package name
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.default,
]
}
步驟 2:執行 Terraform 指令來建立指定的基礎架構
如要佈建資源並啟用 main.tf 中指定的服務
檔案,請在 main.tf 檔案所在的目錄中執行下列指令。
如要進一步瞭解這些指令,請參閱
Terraform 說明文件。
如果是第一次在叢集內執行 Terraform 指令 目錄,您需要初始化設定目錄並安裝 Google Terraform 供應商如要這麼做,請執行下列指令:
terraform init
請執行以下指令,建立
main.tf檔案中指定的基礎架構 以下指令:terraform apply
確認所有內容皆已按照預期完成佈建或啟用:
選項 1:執行 以下指令:
terraform show
方法 2:在以下位置查看 Firebase 專案: Firebase 控制台:
Terraform 支援 Firebase 資源
下列 Firebase 和 Google 資源支援 Terraform。我們 並且持續新增更多資源!假設您沒看到自己 並想使用 Terraform 管理,請稍後再返回查看該功能是否可用,或是 要求 在 GitHub 存放區中提交問題。
Firebase 專案和應用程式管理
google_firebase_project: 在現有的 Google Cloud 專案中啟用 Firebase 服務google_firebase_project_location: 設定專案預設 Google Cloud 資源的位置Firebase 應用程式
google_firebase_apple_app: 建立或管理 Firebase Apple 平台應用程式google_firebase_android_app: 建立或管理 Firebase Android 應用程式google_firebase_web_app: 建立或管理 Firebase 網頁應用程式
Firebase 驗證
google_identity_platform_config: 啟用 Google Cloud Identity Platform (GCIP),這是 Firebase 驗證功能的後端 並提供專案層級的驗證設定如要設定透過 Terraform 進行 Firebase 驗證,請啟用 GCIP。廠牌 請務必詳閱 有關如何設定 Firebase 驗證的
.tf範例檔案。Terraform 要在哪個專案啟用 GCIP 和/或 Firebase 驗證 必須採用 Blaze 定價方案 (也就是說,該專案必須具有 相關聯的 Cloud Billing 帳戶)。���可以透過程式輔助方式執行這項操作 設定
billing_account屬性。google_project這項資源可啟用更多設定,例如本機登入方法 例如匿名、電子郵件/密碼和電話驗證,以及 封鎖函式和授權網域
google_identity_platform_default_supported_idp_config: 設定常見的聯合識別資訊提供者,例如 Google、Facebook 或 Appleidentity_platform_oauth_idp_config: 設定任意 OAuth 識別資訊提供者 (IdP) 來源google_identity_platform_inbound_saml_config: 設定 SAML 整合
尚未支援:
- 透過 Terraform 設定多重驗證 (MFA)
Firebase 即時資料庫
google_firebase_database_instance: 建立即時資料庫執行個體
尚未支援:
- 透過 Terraform 部署 Firebase 即時資料庫安全性規則 (瞭解如何 部署這些規則 使用其他工具,包括程式輔助選項)
Cloud Firestore
google_firestore_database: 建立 Cloud Firestore 執行個體google_firestore_index: 在 Cloud Firestore 中啟用高效率查詢功能google_firestore_document: 顯示了含有集合中特定文件的 Cloud Firestore 執行個體重要事項:請勿在這個種子中使用實際使用者或實際工作環境資料 文件。
Cloud Storage for Firebase
google_firebase_storage_bucket: 為 Firebase SDK 授予現有 Cloud Storage 值區的存取權 驗證和 Firebase 安全性規則- 為 Firebase 專案設定預設 Cloud Storage 值區
必須先佈建
google_app_engine_application. 請務必詳閱 說明如何佈建 Cloud Storage 值區的.tf範例檔案。
- 為 Firebase 專案設定預設 Cloud Storage 值區
必須先佈建
google_storage_bucket_object: 將物件加入 Cloud Storage 值區重要事項:請勿在這個檔案中使用使用者或正式環境資料。
Firebase 安全性規則 (適用於 Cloud Firestore 和 Cloud Storage)
請注意,Firebase 即時資料庫使用的佈建系統不同 Firebase 安全性規則。
google_firebaserules_ruleset: 定義要套用至 Cloud Firestore 執行個體或 Cloud Firestore 執行個體 Cloud Storage 值區google_firebaserules_release: 將特定規則集部署至 Cloud Firestore 執行個體 Cloud Storage 值區
Firebase App Check
google_firebase_app_check_service_config: 為特定服務啟用 App Check 強制執行功能google_firebase_app_check_app_attest_config: 向 App Attest 供應商註冊 Apple 平台應用程式google_firebase_app_check_device_check_config: 向 DeviceCheck 供應商註冊 Apple 平台應用程式google_firebase_app_check_play_integrity_config: 向 Play Integrity 供應商註冊 Android 應用程式google_firebase_app_check_recaptcha_enterprise_config: 向 reCAPTCHA Enterprise 供應商註冊網頁應用程式google_firebase_app_check_recaptcha_v3_config: 透過 reCAPTCHA v3 供應商註冊網頁應用程式google_firebase_app_check_debug_token: 使用偵錯權杖進行測試
Firebase Extensions
google_firebase_extensions_instance: 安裝或更新 Firebase 擴充功能的執行個體
常見用途的 Terraform 設定檔範例
設定 Firebase 驗證: GCIP
這項設定會建立新的 Google Cloud 專案。 將專案連結至 Cloud Billing 帳戶 (Blaze 定價方案) 才能透過 GCIP 進行 Firebase 驗證) 為專案啟用 Firebase 服務 使用 GCIP 設定 Firebase 驗證 並在專案中註冊三種不同的應用程式類型
請注意,您必須啟用 GCIP,才能透過 Terraform 設定 Firebase 驗證。
# Creates a new Google Cloud project.
resource "google_project" "auth" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Associates the project with a Cloud Billing account
# (required for Firebase Authentication with GCIP).
billing_account = "000000-000000-000000"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "auth" {
provider = google-beta.no_user_project_override
project = google_project.auth.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"cloudresourcemanager.googleapis.com",
"serviceusage.googleapis.com",
"identitytoolkit.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "auth" {
provider = google-beta
project = google_project.auth.project_id
depends_on = [
google_project_service.auth,
]
}
# Creates an Identity Platform config.
# Also enables Firebase Authentication with Identity Platform in the project if not.
resource "google_identity_platform_config" "auth" {
provider = google-beta
project = google_project.auth.project_id
# Auto-deletes anonymous users
autodelete_anonymous_users = true
# Configures local sign-in methods, like anonymous, email/password, and phone authentication.
sign_in {
allow_duplicate_emails = true
anonymous {
enabled = true
}
email {
enabled = true
password_required = false
}
phone_number {
enabled = true
test_phone_numbers = {
"+11231231234" = "000000"
}
}
}
# Sets an SMS region policy.
sms_region_config {
allowlist_only {
allowed_regions = [
"US",
"CA",
]
}
}
# Configures blocking functions.
blocking_functions {
triggers {
event_type = "beforeSignIn"
function_uri = "https://us-east1-${google_project.auth.project_id}.cloudfunctions.net/before-sign-in"
}
forward_inbound_credentials {
refresh_token = true
access_token = true
id_token = true
}
}
# Configures a temporary quota for new signups for anonymous, email/password, and phone number.
quota {
sign_up_quota_config {
quota = 1000
start_time = ""
quota_duration = "7200s"
}
}
# Configures authorized domains.
authorized_domains = [
"localhost",
"${google_project.auth.project_id}.firebaseapp.com",
"${google_project.auth.project_id}.web.app",
]
# Wait for identitytoolkit.googleapis.com to be enabled before initializing Authentication.
depends_on = [
google_project_service.auth,
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "auth" {
provider = google-beta
project = google_project.auth.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.auth,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "auth" {
provider = google-beta
project = google_project.auth.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.auth,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "auth" {
provider = google-beta
project = google_project.auth.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.auth,
]
}
佈建 預設 Firebase 即時資料庫執行個體
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 佈建專案的預設即時資料庫執行個體 並在專案中註冊三種不同的應用程式類型
# Creates a new Google Cloud project.
resource "google_project" "rtdb" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "rtdb" {
provider = google-beta.no_user_project_override
project = google_project.rtdb.project_id
for_each = toset([
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebasedatabase.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "rtdb" {
provider = google-beta
project = google_project.rtdb.project_id
}
# Provisions the default Realtime Database default instance.
resource "google_firebase_database_instance" "database" {
provider = google-beta
project = google_project.rtdb.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations
region = "name-of-region"
# This value will become the first segment of the database's URL.
instance_id = "${google_project.rtdb.project_id}-default-rtdb"
type = "DEFAULT_DATABASE"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database.
depends_on = [
google_firebase_project.rtdb,
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "rtdb" {
provider = google-beta
project = google_project.rtdb.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "rtdb" {
provider = google-beta
project = google_project.rtdb.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "rtdb" {
provider = google-beta
project = google_project.rtdb.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb,
]
}
佈建多個 Firebase 即時資料庫執行個體
這項設定會建立新的 Google Cloud 專案。 將專案連結至 Cloud Billing 帳戶 (Blaze 定價方案) 才能定義多個即時資料庫執行個體) 為專案啟用 Firebase 服務 佈建多個即時資料庫執行個體 (包括專案的預設即時資料庫執行個體) 並在專案中註冊三種不同的應用程式類型
# Creates a new Google Cloud project.
resource "google_project" "rtdb-multi" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Associate the project with a Cloud Billing account
# (required for multiple Realtime Database instances).
billing_account = "000000-000000-000000"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "rtdb-multi" {
provider = google-beta.no_user_project_override
project = google_project.rtdb-multi.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebasedatabase.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "rtdb-multi" {
provider = google-beta
project = google_project.rtdb-multi.project_id
}
# Provisions the default Realtime Database default instance.
resource "google_firebase_database_instance" "database-default" {
provider = google-beta
project = google_project.rtdb-multi.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations
region = "name-of-region"
# This value will become the first segment of the database's URL.
instance_id = "${google_project.rtdb-multi.project_id}-default-rtdb"
type = "DEFAULT_DATABASE"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
# Provisions an additional Realtime Database instance.
resource "google_firebase_database_instance" "database-additional" {
provider = google-beta
project = google_project.rtdb-multi.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations
# This location doesn't need to be the same as the default database instance.
region = "name-of-region"
# This value will become the first segment of the database's URL.
instance_id = "name-of-additional-database-instance"
type = "USER_DATABASE"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "rtdb-multi" {
provider = google-beta
project = google_project.rtdb-multi.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "rtdb-multi" {
provider = google-beta
project = google_project.rtdb-multi.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "rtdb-multi" {
provider = google-beta
project = google_project.rtdb-multi.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
佈建 Cloud Firestore 執行個體
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 佈建專案的 Cloud Firestore 執行個體 並在專案中註冊三種不同的應用程式類型
也會為 Cloud Firestore 執行個體佈建 Firebase 安全性規則。 建立 Cloud Firestore 索引 並新增含有種子資料的 Cloud Firestore 文件。
# Creates a new Google Cloud project.
resource "google_project" "firestore" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "firestore" {
provider = google-beta.no_user_project_override
project = google_project.firestore.project_id
for_each = toset([
"cloudresourcemanager.googleapis.com",
"serviceusage.googleapis.com",
"firestore.googleapis.com",
"firebaserules.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
}
# Provisions the Firestore database instance.
resource "google_firestore_database" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
name = "(default)"
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
location_id = "name-of-region"
# "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules.
type = "FIRESTORE_NATIVE"
concurrency_mode = "OPTIMISTIC"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore.
depends_on = [
google_firebase_project.firestore,
]
}
# Creates a ruleset of Firestore Security Rules from a local file.
resource "google_firebaserules_ruleset" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
source {
files {
name = "firestore.rules"
# Write security rules in a local file named "firestore.rules".
# Learn more: https://firebase.google.com/docs/firestore/security/get-started
content = file("firestore.rules")
}
}
# Wait for Firestore to be provisioned before creating this ruleset.
depends_on = [
google_firestore_database.firestore,
]
}
# Releases the ruleset for the Firestore instance.
resource "google_firebaserules_release" "firestore" {
provider = google-beta
name = "cloud.firestore" # must be cloud.firestore
ruleset_name = google_firebaserules_ruleset.firestore.name
project = google_project.firestore.project_id
# Wait for Firestore to be provisioned before releasing the ruleset.
depends_on = [
google_firestore_database.firestore,
]
}
# Adds a new Firestore index.
resource "google_firestore_index" "indexes" {
provider = google-beta
project = google_project.firestore.project_id
collection = "quiz"
query_scope = "COLLECTION"
fields {
field_path = "question"
order = "ASCENDING"
}
fields {
field_path = "answer"
order = "ASCENDING"
}
# Wait for Firestore to be provisioned before adding this index.
depends_on = [
google_firestore_database.firestore,
]
}
# Adds a new Firestore document with seed data.
# Don't use real end-user or production data in this seed document.
resource "google_firestore_document" "doc" {
provider = google-beta
project = google_project.firestore.project_id
collection = "quiz"
document_id = "question-1"
fields = "{\"question\":{\"stringValue\":\"Favorite Database\"},\"answer\":{\"stringValue\":\"Firestore\"}}"
# Wait for Firestore to be provisioned before adding this document.
depends_on = [
google_firestore_database.firestore,
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.firestore,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.firestore,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.firestore,
]
}
這是應在本機檔案中的 Cloud Firestore 安全性規則規則集
名為 firestore.rules。
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
allow read: if request.auth != null;
allow create: if request.auth != null;
allow update: if request.auth != null;
}
}
佈建 預設 Cloud Storage 值區
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 佈建專案的預設 Cloud Storage 值區 並在專案中註冊三種不同的應用程式類型
並佈建 Cloud Storage 值區的 Firebase 安全性規則。 並將檔案上傳至值區
# Creates a new Google Cloud project.
resource "google_project" "storage" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "storage" {
provider = google-beta.no_user_project_override
project = google_project.storage.project_id
for_each = toset([
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebaserules.googleapis.com",
"firebasestorage.googleapis.com",
"storage.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "storage" {
provider = google-beta
project = google_project.storage.project_id
}
# Provisions the default Cloud Storage bucket for the project via Google App Engine.
resource "google_app_engine_application" "default" {
provider = google-beta
project = google_project.storage.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
# This will set the location for the default Storage bucket and the App Engine App.
location_id = "name-of-region-for-default-bucket"
# If you use Firestore, uncomment this to make sure Firestore is provisioned first.
# depends_on = [
# google_firestore_database.firestore
# ]
}
# Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
resource "google_firebase_storage_bucket" "default-bucket" {
provider = google-beta
project = google_project.storage.project_id
bucket_id = google_app_engine_application.default.default_bucket
}
# Creates a ruleset of Cloud Storage Security Rules from a local file.
resource "google_firebaserules_ruleset" "storage" {
provider = google-beta
project = google_project.storage.project_id
source {
files {
# Write security rules in a local file named "storage.rules".
# Learn more: https://firebase.google.com/docs/storage/security/get-started
name = "storage.rules"
content = file("storage.rules")
}
}
# Wait for the default Storage bucket to be provisioned before creating this ruleset.
depends_on = [
google_firebase_project.storage,
]
}
# Releases the ruleset to the default Storage bucket.
resource "google_firebaserules_release" "default-bucket" {
provider = google-beta
name = "firebase.storage/${google_app_engine_application.default.default_bucket}"
ruleset_name = "projects/${google_project.storage.project_id}/rulesets/${google_firebaserules_ruleset.storage.name}"
project = google_project.storage.project_id
}
# Uploads a new file to the default Storage bucket.
# Don't use real end-user or production data in this file.
resource "google_storage_bucket_object" "cat-picture" {
provider = google-beta
name = "cat.png"
source = "path/to/cat.png"
bucket = google_app_engine_application.default.default_bucket
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "storage" {
provider = google-beta
project = google_project.storage.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "storage" {
provider = google-beta
project = google_project.storage.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "storage" {
provider = google-beta
project = google_project.storage.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage,
]
}
這是應在本機檔案中的 Cloud Storage 安全性規則規則集
名為 storage.rules。
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
佈建 多個 Cloud Storage 值區
這項設定會建立新的 Google Cloud 專案。 將專案連結至 Cloud Billing 帳戶 (Blaze 定價方案) 才能有多個值區 為專案啟用 Firebase 服務 佈建多個 Cloud Storage 值區 (包括專案的預設 Cloud Storage 值區)、 並在專案中註冊三種不同的應用程式類型
並佈建 Cloud Storage 值區的 Firebase 安全性規則。 並將檔案上傳至預設的 Cloud Storage 值區
# Creates a new Google Cloud project.
resource "google_project" "storage-multi" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Associates the project with a Cloud Billing account
# (required for multiple Cloud Storage buckets).
billing_account = "000000-000000-000000"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "storage-multi" {
provider = google-beta.no_user_project_override
project = google_project.storage-multi.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebaserules.googleapis.com",
"firebasestorage.googleapis.com",
"storage.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
}
# Provisions the default Cloud Storage bucket for the project via Google App Engine.
resource "google_app_engine_application" "default-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
# This will set the location for the default Storage bucket and the App Engine App.
location_id = "name-of-region-for-default-bucket"
# If you use Firestore, uncomment this to make sure Firestore is provisioned first.
# depends_on = [
# google_firestore_database.firestore
# ]
}
# Provisions an additional Cloud Storage bucket.
# Additional Cloud Storage buckets are not provisioned via App Engine.
resource "google_storage_bucket" "bucket-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
name = "name-of-additional-storage-bucket"
# See available locations: https://cloud.google.com/storage/docs/locations#available-locations
# This location does not need to be the same as the default Storage bucket.
location = "name-of-region-for-additional-bucket"
}
# Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
resource "google_firebase_storage_bucket" "default-bucket-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
bucket_id = google_app_engine_application.default-multi.default_bucket
}
# Makes the additional Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
resource "google_firebase_storage_bucket" "bucket-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
bucket_id = google_storage_bucket.bucket-multi.name
}
# Creates a ruleset of Firebase Security Rules from a local file.
resource "google_firebaserules_ruleset" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
source {
files {
# Write security rules in a local file named "storage.rules"
# Learn more: https://firebase.google.com/docs/storage/security/get-started
name = "storage.rules"
content = file("storage.rules")
}
}
# Wait for the Storage buckets to be provisioned before creating this ruleset.
depends_on = [
google_firebase_project.storage-multi,
]
}
# Releases the ruleset to the default Storage bucket.
resource "google_firebaserules_release" "default-bucket-multi" {
provider = google-beta
name = "firebase.storage/${google_app_engine_application.default-multi.default_bucket}"
ruleset_name = "projects/${google_project.storage-multi.project_id}/rulesets/${google_firebaserules_ruleset.storage-multi.name}"
project = google_project.storage-multi.project_id
}
# Releases the ruleset to the additional Storage bucket.
resource "google_firebaserules_release" "bucket-multi" {
provider = google-beta
name = "firebase.storage/${google_storage_bucket.bucket-multi.name}"
ruleset_name = "projects/${google_project.storage-multi.project_id}/rulesets/${google_firebaserules_ruleset.storage-multi.name}"
project = google_project.storage-multi.project_id
}
# Uploads a new file to the default Storage bucket.
# Do not use real end-user or production data in this file.
resource "google_storage_bucket_object" "cat-picture-multi" {
provider = google-beta
name = "cat.png"
source = "path/to/cat.png"
bucket = google_app_engine_application.default-multi.default_bucket
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage-multi,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage-multi,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage-multi,
]
}
這是應在本機檔案中的 Cloud Storage 安全性規則規則集
名為 storage.rules。
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
佈建 Cloud Firestore 執行個體和預設的 Cloud Storage 值區
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 佈建 Cloud Firestore 執行個體 然後佈建預設的 Cloud Storage 值區
也會佈建 Cloud Firestore 執行個體和預設的 Firebase 安全性規則 Cloud Storage 值區
# Creates a new Google Cloud project.
resource "google_project" "fs" { # fs = Firestore + Storage
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "fs" {
provider = google-beta.no_user_project_override
project = google_project.fs.project_id
for_each = toset([
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebaserules.googleapis.com",
"firebasestorage.googleapis.com",
"storage.googleapis.com",
"firestore.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "fs" {
provider = google-beta
project = google_project.fs.project_id
}
#### Set up Firestore before default Cloud Storage bucket ####
# Provisions the Firestore database instance.
resource "google_firestore_database" "firestore-fs" {
provider = google-beta
project = google_project.fs.project_id
name = "(default)"
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
location_id = "name-of-region"
# "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules.
type = "FIRESTORE_NATIVE"
concurrency_mode = "OPTIMISTIC"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore.
depends_on = [
google_firebase_project.fs,
]
}
# Creates a ruleset of Firestore Security Rules from a local file.
resource "google_firebaserules_ruleset" "firestore-fs" {
provider = google-beta
project = google_project.fs.project_id
source {
files {
# Write security rules in a local file named "firestore.rules".
# Learn more: https://firebase.google.com/docs/firestore/security/get-started
name = "firestore.rules"
content = file("firestore.rules")
}
}
# Wait for Firestore to be provisioned before creating this ruleset.
depends_on = [
google_firestore_database.firestore-fs
]
}
# Releases the ruleset for the Firestore instance.
resource "google_firebaserules_release" "firestore-fs" {
provider = google-beta
name = "cloud.firestore" # must be cloud.firestore
ruleset_name = google_firebaserules_ruleset.firestore-fs.name
project = google_project.fs.project_id
# Wait for Firestore to be provisioned before releasing the ruleset.
depends_on = [
google_firestore_database.firestore-fs,
]
}
#### Set up default Cloud Storage default bucket after Firestore ####
# Provisions the default Cloud Storage bucket for the project via Google App Engine.
resource "google_app_engine_application" "default-bucket-fs" {
provider = google-beta
project = google_project.fs.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
# This will set the location for the default Storage bucket and the App Engine App.
location_id = "name-of-region" # Must be in the same location as Firestore (above)
# Wait for Firestore to be provisioned first.
# Otherwise, the Firestore instance will be provisioned in Datastore mode (unusable by Firebase).
depends_on = [
google_firestore_database.firestore-fs,
]
}
# Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
resource "google_firebase_storage_bucket" "default-bucket-fs" {
provider = google-beta
project = google_project.fs.project_id
bucket_id = google_app_engine_application.default-bucket-fs.default_bucket
}
# Creates a ruleset of Cloud Storage Security Rules from a local file.
resource "google_firebaserules_ruleset" "default-bucket-fs" {
provider = google-beta
project = google_project.fs.project_id
source {
files {
# Write security rules in a local file named "storage.rules".
# Learn more: https://firebase.google.com/docs/storage/security/get-started
name = "storage.rules"
content = file("storage.rules")
}
}
# Wait for the Cloud Storage bucket to be provisioned before creating this ruleset.
depends_on = [
google_firebase_project.fs,
]
}
# Releases the ruleset to the default Storage bucket.
resource "google_firebaserules_release" "default-bucket-fs" {
provider = google-beta
name = "firebase.storage/${google_app_engine_application.default-bucket-fs.default_bucket}"
ruleset_name = "projects/${google_project.fs.project_id}/rulesets/${google_firebaserules_ruleset.default-bucket-fs.name}"
project = google_project.fs.project_id
}
這是應在本機檔案中的 Cloud Firestore 安全性規則規則集
名為 firestore.rules。
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
allow read: if request.auth != null;
allow create: if request.auth != null;
allow update: if request.auth != null;
}
}
這是應在本機檔案中的 Cloud Storage 安全性規則規則集
名為 storage.rules。
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
保護 API 資源 使用 Firebase App Check
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 設定並啟用 Cloud Firestore 適用的 Firebase App Check 改成只能透過 Android 應用程式存取。
# Creates a new Google Cloud project.
resource "google_project" "appcheck" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "services" {
provider = google-beta.no_user_project_override
project = google_project.appcheck.project_id
for_each = toset([
"cloudresourcemanager.googleapis.com",
"firebase.googleapis.com",
"firebaseappcheck.googleapis.com",
"firestore.googleapis.com",
"serviceusage.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created earlier.
resource "google_firebase_project" "appcheck" {
provider = google-beta
project = google_project.appcheck.project_id
depends_on = [google_project_service.services]
}
# Provisions the Firestore database instance.
resource "google_firestore_database" "database" {
provider = google-beta
project = google_firebase_project.appcheck.project
name = "(default)"
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
location_id = "name-of-region"
# "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules.
type = "FIRESTORE_NATIVE"
concurrency_mode = "OPTIMISTIC"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore.
depends_on = [
google_firebase_project.appcheck,
]
}
# Creates a Firebase Android App in the new project created earlier.
resource "google_firebase_android_app" "appcheck" {
provider = google-beta
project = google_firebase_project.appcheck.project
display_name = "Play Integrity app"
package_name = "package.name.playintegrity"
sha256_hashes = [
# TODO: insert your Android app's SHA256 certificate
]
}
# It takes a while for App Check to recognize the new app
# If your app already exists, you don't have to wait 30 seconds.
resource "time_sleep" "wait_30s" {
depends_on = [google_firebase_android_app.appcheck]
create_duration = "30s"
}
# Register the Android app with the Play Integrity provider
resource "google_firebase_app_check_play_integrity_config" "appcheck" {
provider = google-beta
project = google_firebase_project.appcheck.project
app_id = google_firebase_android_app.appcheck.app_id
depends_on = [time_sleep.wait_30s, google_firestore_database.database]
lifecycle {
precondition {
condition = length(google_firebase_android_app.appcheck.sha256_hashes) > 0
error_message = "Provide a SHA-256 certificate on the Android App to use App Check"
}
}
}
# Enable enforcement of App Check for Firestore
resource "google_firebase_app_check_service_config" "firestore" {
provider = google-beta
project = google_firebase_project.appcheck.project
service_id = "firestore.googleapis.com"
depends_on = [google_project_service.services]
}
安裝 Firebase 擴充功能的執行個體
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 安裝新的 Firebase 擴充功能執行個體 專案。如果執行個體已存在 其參數會根據設定中提供的值進行更新。
# Creates a new Google Cloud project.
resource "google_project" "extensions" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Associates the project with a Cloud Billing account
# (required to use Firebase Extensions).
billing_account = "000000-000000-000000"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "extensions" {
provider = google-beta.no_user_project_override
project = google_project.extensions.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"cloudresourcemanager.googleapis.com",
"serviceusage.googleapis.com",
"firebase.googleapis.com",
"firebaseextensions.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "extensions" {
provider = google-beta
project = google_project.extensions.project_id
depends_on = [
google_project_service.extensions,
]
}
# Installs an instance of the "Translate Text in Firestore" extension.
# Or updates the extension if the specified instance already exists.
resource "google_firebase_extensions_instance" "translation" {
provider = google-beta
project = google_project.extensions.project_id
instance_id = "translate-text-in-firestore"
config {
extension_ref = "firebase/firestore-translate-text"
params = {
COLLECTION_PATH = "posts/comments/translations"
DO_BACKFILL = true
LANGUAGES = "ar,en,es,de,fr"
INPUT_FIELD_NAME = "input"
LANGUAGES_FIELD_NAME = "languages"
OUTPUT_FIELD_NAME = "translated"
}
system_params = {
"firebaseextensions.v1beta.function/location" = "us-central1"
"firebaseextensions.v1beta.function/memory" = "256"
"firebaseextensions.v1beta.function/minInstances" = "0"
"firebaseextensions.v1beta.function/vpcConnectorEgressSettings" = "VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED"
}
}
}
疑難排解與常見問題
您想要
進一步瞭解各種與專案相關的屬性 (例如
project和user_project_override)
本指南會在處理「專案」時使用下列 Terraform 屬性。
resource區塊中的project建議:盡可能在每個屬性中加入
project屬性resource區塊加入專案屬性後,Terraform 就會建立基礎架構 指定專案內資源區塊中的主機名稱本指南和 範例設定檔全都使用這種做法
請參閱官方 Terraform 說明文件,瞭解
project.provider區塊中的「user_project_override」如要佈建大多數資源,建議您使用
user_project_override = true,也就是要自行檢查配額 Firebase 專案。不過,設定新專案使其能夠接受 配額檢查,您必須先使用user_project_override = false。請參閱官方 Terraform 說明文件,瞭解
user_project_override.
系統會顯示下列錯誤訊息:
generic::permission_denied: Firebase Tos Not Accepted。
請確認您目前用於執行 gcloud CLI 的使用者帳戶 指令已接受 Firebase 服務條款 (Firebase 服務條款)。
只要使用登入使用者帳戶的瀏覽器,並 嘗試查看 Firebase 控制台:如果您可以 表示使用者帳戶已接受 Firebase 服務條款。
如果您看不到任何現有的 Firebase 專案,則代表使用者帳戶 可能尚未接受 Firebase 服務條款。如要解決這個問題,請建立新的資源 透過 Firebase 主控台並接受 建立專案時一併建立 Firebase 服務條款。您可以直接刪除這個資料庫 專案。
跑步後
terraform apply,系統會顯示以下錯誤訊息:
generic::permission_denied: IAM authority does not have the
permission。
請稍候片刻,然後再次嘗試執行 terraform apply。
無法建立資源,不過執行 terraform apply 時
系統再次顯示「ALREADY_EXISTS」。
這可能是因為各種系統發生傳播延遲。嘗試解決這個問題
方法是將資源匯入 Terraform 狀態
terraform import。然後再次嘗試執行 terraform apply。
如要瞭解如何匯入各項資源,請前往「匯入」部分的 Terraform 說明文件 (例如 「匯入」Cloud Firestore 說明文件)。
使用
Cloud Firestore,系統會顯示以下錯誤訊息:Error creating Index: googleapi:
Error 409;...Concurrent access -- try again
如錯誤所示,Terraform 可能會嘗試佈建多個索引
和/或同時建立文件,但發生並行錯誤
請嘗試再次執行 terraform apply。
您會獲得:
這個錯誤:
"you may need to specify 'X-Goog-User-Project' HTTP header for quota and
billing purposes"。
這個錯誤表示 Terraform 不知道哪個專案要檢查配額
下定決心如要排解問題,請在 resource 區塊中檢查下列項目:
- 確認您已指定
project屬性的值。 - 請確認您是透過
user_project_override = true使用該供應商 (無別名),Firebase 範例中的值為google-beta。
建立 Deployment 建立新的 Google Cloud 專案時,系統會顯示錯誤訊息 新專案已存在
以下是專案 ID 已存在的可能原因:
與該 ID 相關聯的專案為他人所有。
- 如要解析:請選擇其他專案 ID。
最近才刪除與該 ID 相關聯的專案 (虛刪除中) 時間)。
- 解決方法:如果您認為與 ID 相關聯的專案同屬一個,
然後使用
projects.getREST API。
- 解決方法:如果您認為與 ID 相關聯的專案同屬一個,
然後使用
與該 ID 相關聯的專案正確存在目前的使用者底下。A 罩杯 這個錯誤的可能原因可能是先前的
terraform apply收到 已中斷。- 如要解決問題:請執行下列指令:
terraform import google_project.default PROJECT_ID之後
terraform import google_firebase_project.default PROJECT_ID
- 如要解決問題:請執行下列指令:
時間
嘗試佈建 Cloud Firestore 和 Cloud Storage (透過
google_app_engine_application),系統會顯示以下錯誤訊息:
Error: Error creating App Engine application: googleapi: Error 409:
Cannot create Firestore database resource <resource-name> since it
already exists at location <location-id>, alreadyExists。
App Engine 應用程式需要 Cloud Firestore 執行個體,但您只能 每項專案各有一個 Cloud Firestore 執行個體如錯誤訊息所示 如果您已經在一個區域中佈建專案的 Cloud Firestore 執行個體 如果您嘗試佈建 Cloud Firestore 不同位置的執行個體App Engine 認為您正嘗試 「重新佈建」現有 Cloud Firestore 執行個體
如要解決這個錯誤,請將 Cloud Firestore 和 App Engine 應用程式如果您需要 Cloud Storage 值區 如果 Cloud Firestore 位於不同位置,您可以佈建額外的值區 (請參閱 建立多個 Cloud Storage 的範例設定 值區)。
時間
嘗試佈建 Cloud Storage (透過
google_app_engine_application),然後透過 Cloud Firestore
這個錯誤:
Error: Error creating Database: googleapi: Error 409: Database already
exists. Please use another database_id。
佈建專案的預設 Cloud Storage 值區時 (透過
google_app_engine_application),且專案還沒有
Cloud Firestore 執行個體,之後會自動google_app_engine_application
佈建專案的 Cloud Firestore 執行個體
如果專案的 Cloud Firestore 執行個體已佈建完成
如果您嘗試明確佈建google_firestore_database
Cloud Firestore 執行個體
專案的 Cloud Firestore 執行個體佈建完畢之後,就無法
「重新佈建」或變更其位置。為防止錯誤發生
從設定檔中移除 google_firestore_database 資源區塊。
請注意,我們建議您先佈建 Cloud Firestore
專案的預設 Cloud Storage 值區 (原因請見下文)。