Firebase 即將開始支援 Terraform。 如果團隊成員想自動化及標準化建立 Firebase 方法是使用 Terraform 搭配 Firebase 是相當理想的選擇。
以下是搭配 Firebase 使用 Terraform 的基本工作流程:
建立及自訂 Terraform 設定檔 (
.tf
檔案), 會指定要佈建的基礎架構 (也就是 佈建及啟用的服務)。使用 gcloud CLI 指令介面搭配 Terraform 執行以下動作: 佈建
.tf
檔案中指定的基礎架構。
Terraform 和 Firebase 的用途
本指南中的一般工作流程範例 使用 Android 應用程式建立新的 Firebase 專案。但您可以做許多事 例如:
使用 Terraform 刪除及修改現有基礎架構。
使用 Terraform 管理產品專屬的設定和工作,例如:
- 正在啟用「Firebase Authentication」登入供應商。
- 建立及部署 Cloud Storage 個值區或資料庫執行個體 Firebase Security Rules。
您可以使用標準 Terraform 設定檔和指令完成所有 機器學習程式庫提供一系列預先編寫的程式碼 可用來執行機器學習工作為協助您解決這個問題 數種常見用途的 Terraform 設定檔範例 用途
搭配 Firebase 使用 Terraform 的一般化工作流程
必要條件
本指南介紹如何在 Firebase 中使用 Terraform,因此假設您具備基本的 Terraform 操作能力。請確認您已完成下列操作 。
安裝 Terraform ,並透過官方教學課程熟悉 Terraform。
安裝 Google Cloud CLI (gcloud CLI).使用 使用者帳戶 或 服務帳戶執行特定作業
查看使用者帳戶和服務帳戶的相關規定
- 如果是使用使用者帳戶,則須先接受《Firebase 條款》 服務 (Firebase 服務條款)。如果您可以在 Firebase 主控台中查看 Firebase 專案,表示您已接受 Firebase 服務條款。
- 如要讓 Terraform 執行特定動作 (例如建立專案),必須符合下列條件:
- 使用者或服務帳戶必須具備適當的 IAM 存取權 這些動作
- 如果使用者或服務帳戶隸屬於 Google Cloud 機構, 機構政策必須允許帳戶執行這些動作。
步驟 1:建立及自訂 Terraform 設定檔
Terraform 設定檔需要兩個主要部分 (詳情請見下文):
設定 provider
無論 Firebase 產品或服務為何,都需進行 provider
設定
相關知識
在本機中建立 Terraform 設定檔 (例如
main.tf
檔案) 目錄。在本指南中,您將使用這個設定檔來指定
provider
以及您要 Terraform 建立的所有基礎架構。注意: 不過,您可以選擇如何加入供應商設定。查看做法選項 納入
provider
設定您可以透過以下選項,將
provider
設定加入 其餘的 Terraform 設定:方法 1:在單一 Terraform
.tf
設定頂端加入這個 API 檔案 (如本指南所示)。- 如果您剛開始使用 Terraform,或只是想透過 Firebase 試用 Terraform,請使用這個選項。
方法 2:在獨立的
.tf
檔案 (例如provider.tf
) 中加入應用程式 檔案),再加上您指定基礎架構的.tf
檔案 建立 (例如main.tf
檔案)。- 如果您所屬的大型團隊有以下需求: 標準化設定
- 執行 Terraform 指令時,
provider.tf
檔案和main.tf
檔案必須位於相同目錄中。
在
main.tf
檔案頂端加入下列provider
設定。您必須使用
google-beta
供應商,因為這是下列應用程式的 Beta 版: 搭配 Terraform 運用 Firebase在實際工作環境中使用時,請務必謹慎。# Terraform configuration to set up providers by version. terraform { required_providers { google-beta = { source = "hashicorp/google-beta" version = "~> 5.0" } } } # Configures the provider to use the resource block's specified project for quota checks. provider "google-beta" { user_project_override = true } # Configures the provider to not use the resource block's specified project for quota checks. # This provider should only be used during project creation and initializing services. provider "google-beta" { alias = "no_user_project_override" user_project_override = false }
如想進一步瞭解來電目錄、轉接和錄音服務政策, 不同類型的專案相關屬性 (包括本指南稱之「配額檢查專案」的內容) Terraform 搭配 Firebase。
請繼續閱讀下一節,完成設定檔並指定要建立的基礎架構。
使用 resource
區塊指定要建立的基礎架構
在 Terraform 設定檔中 (在本指南中,您的 main.tf
檔案) 中:
指定您要 Terraform 建立的所有基礎架構 (也就是
和您要啟用的所有服務)。於
請參閱這份指南的完整清單
支援 Terraform 的 Firebase 資源。
開啟
main.tf
檔案。在
provider
設定下方,加入下列resource
設定 方塊。這個基本範例會建立新的 Firebase 專案,然後在該專案中建立 Firebase Android 應用程式。
# Terraform configuration to set up providers by version. ... # Configures the provider to use the resource block's specified project for quota checks. ... # Configures the provider to not use the resource block's specified project for quota checks. ... # Creates a new Google Cloud project. resource "google_project" "default" { provider = google-beta.no_user_project_override name = "Project Display Name" project_id = "project-id-for-new-project" # Required for any service that requires the Blaze pricing plan # (like Firebase Authentication with GCIP) billing_account = "000000-000000-000000" # Required for the project to display in any list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "default" { provider = google-beta.no_user_project_override project = google_project.default.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "firebase.googleapis.com", # Enabling the ServiceUsage API allows the new project to be quota checked from now on. "serviceusage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "default" { provider = google-beta project = google_project.default.project_id # Waits for the required APIs to be enabled. depends_on = [ google_project_service.default ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "default" { provider = google-beta project = google_project.default.project_id display_name = "My Awesome Android app" package_name = "awesome.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.default, ] }
查看概略 此範例設定檔的註解版本
如果不熟悉專案和應用程式基礎架構 請參閱下列說明文件:
- 瞭解 Firebase 專案
- 參考說明文件 Firebase 專案管理
# Terraform configuration to set up providers by version. ... # Configures the provider to use the resource block's specified project for quota checks. ... # Configures the provider to not use the resource block's specified project for quota checks. ... # Creates a new Google Cloud project. resource "google_project" "default" { # Use the provider that enables the setup of quota checks for a new project provider = google-beta.no_user_project_override name = "Project Display Name" // learn more about the project name project_id = "project-id-for-new-project" // learn more about the project ID # Required for any service that requires the Blaze pricing plan # (like Firebase Authentication with GCIP) billing_account = "000000-000000-000000" # Required for the project to display in any list of Firebase projects. labels = { "firebase" = "enabled" // learn more about the Firebase-enabled label } } # Enables required APIs. resource "google_project_service" "default" { # Use the provider without quota checks for enabling APIS provider = google-beta.no_user_project_override project = google_project.default.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "firebase.googleapis.com", # Enabling the ServiceUsage API allows the new project to be quota checked from now on. "serviceusage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. # This action essentially "creates a Firebase project" and allows the project to use # Firebase services (like Firebase Authentication) and # Firebase tooling (like the Firebase console). # Learn more about the relationship between Firebase projects and Google Cloud. resource "google_firebase_project" "default" { # Use the provider that performs quota checks from now on provider = google-beta project = google_project.default.project_id # Waits for the required APIs to be enabled. depends_on = [ google_project_service.default ] } # Creates a Firebase Android App in the new project created above. # Learn more about the relationship between Firebase Apps and Firebase projects. resource "google_firebase_android_app" "default" { provider = google-beta project = google_project.default.project_id display_name = "My Awesome Android app" # learn more about an app's display name package_name = "awesome.package.name" # learn more about an app's package name # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.default, ] }
步驟 2:執行 Terraform 指令來建立指定的基礎架構
如要佈建資源並啟用 main.tf
中指定的服務
檔案,請在 main.tf
檔案所在的目錄中執行下列指令。
如要進一步瞭解這些指令,請參閱
Terraform 說明文件。
如果是第一次在叢集內執行 Terraform 指令 目錄,您需要初始化設定目錄並安裝 Google Terraform 供應商如要這麼做,請執行下列指令:
terraform init
請執行以下指令,建立
main.tf
檔案中指定的基礎架構 以下指令:terraform apply
確認所有內容皆已按照預期完成佈建或啟用:
選項 1:執行 以下指令:
terraform show
方法 2:在以下位置查看 Firebase 專案: Firebase 控制台。
Terraform 支援 Firebase 資源
下列 Firebase 和 Google 資源支援 Terraform。我們 並且持續新增更多資源!假設您沒看到自己 並想使用 Terraform 管理,請稍後再返回查看該功能是否可用,或是 要求 在 GitHub 存放區中提交問題。
Firebase 專案和應用程式管理
google_firebase_project
:在現有的 Google Cloud 專案中啟用 Firebase 服務Firebase 應用程式
google_firebase_apple_app
: 建立或管理 Firebase Apple 平台應用程式google_firebase_android_app
: 建立或管理 Firebase Android 應用程式google_firebase_web_app
: 建立或管理 Firebase 網頁應用程式
Firebase Authentication
google_identity_platform_config
: 啟用 Google Cloud Identity Platform (GCIP),這是 Firebase Authentication 的後端 並提供專案層級的驗證設定如要透過 Terraform 設定 Firebase Authentication,請啟用 GCIP。廠牌 請務必詳閱 說明如何設定 Firebase Authentication 的
.tf
範例檔案。Terraform 要在哪個專案啟用 GCIP 和/或 Firebase Authentication 必須採用 Blaze 定價方案 (也就是說,該專案必須具有 相關聯的 Cloud Billing 帳戶)。您可以透過程式輔助方式執行這項操作 設定
billing_account
敬上 屬性中google_project
。這項資源可啟用更多設定,例如本機登入方法 例如匿名、電子郵件/密碼和電話驗證,以及 封鎖函式和授權網域
google_identity_platform_default_supported_idp_config
: 設定常見的聯合識別資訊提供者,例如 Google、Facebook 或 Appleidentity_platform_oauth_idp_config
:設定任意 OAuth 識別資訊提供者 (IdP) 來源google_identity_platform_inbound_saml_config
: 設定 SAML 整合
尚未支援:
- 透過 Terraform 設定多重驗證 (MFA)
Firebase Realtime Database
google_firebase_database_instance
: 建立 Realtime Database 執行個體
尚未支援:
- 透過 Terraform 部署 Firebase Realtime Database Security Rules (瞭解如何 部署這些Rules 使用其他工具,包括程式輔助選項)
Cloud Firestore
google_firestore_database
: 建立 Cloud Firestore 執行個體google_firestore_index
:啟用 Cloud Firestore 的效率查詢google_firestore_document
: 偵測到含有集合中特定文件的 Cloud Firestore 例項重要事項:請勿在這個種子中使用實際使用者或實際工作環境資料 文件。
Cloud Storage for Firebase
google_firebase_storage_bucket
: 為 Firebase SDK 授予現有 Cloud Storage 值區的存取權, 驗證和 Firebase Security Rules- 為 Firebase 專案設定預設 Cloud Storage 值區
必須先佈建
google_app_engine_application
。 請務必詳閱 說明如何佈建 Cloud Storage 值區的.tf
範例檔案。
- 為 Firebase 專案設定預設 Cloud Storage 值區
必須先佈建
google_storage_bucket_object
: 將物件加入 Cloud Storage 值區重要事項:請勿在這個檔案中使用使用者或正式環境資料。
Firebase Security Rules (適用於 Cloud Firestore和 Cloud Storage)
請注意,Firebase Realtime Database 使用不同的佈建系統 Firebase Security Rules。
google_firebaserules_ruleset
: 定義套用至 Cloud Firestore 執行個體的 Firebase Security Rules Cloud Storage 個值區google_firebaserules_release
: 將特定規則集部署至 Cloud Firestore 執行個體 Cloud Storage 個值區
Firebase App Check
google_firebase_app_check_service_config
:為服務啟用 App Check 強制執行google_firebase_app_check_app_attest_config
: 向 App Attest 供應商註冊 Apple 平台應用程式google_firebase_app_check_device_check_config
:向 DeviceCheck 供應商註冊 Apple 平台應用程式google_firebase_app_check_play_integrity_config
: 向 Play Integrity 供應商註冊 Android 應用程式google_firebase_app_check_recaptcha_enterprise_config
: 向 reCAPTCHA Enterprise 供應商註冊網頁應用程式google_firebase_app_check_recaptcha_v3_config
: 透過 reCAPTCHA v3 供應商註冊網頁應用程式google_firebase_app_check_debug_token
: 使用偵錯權杖進行測試
Firebase Extensions
google_firebase_extensions_instance
: 安裝或更新 Firebase Extension 的例項
常見用途的 Terraform 設定檔範例
使用以下帳戶設定「Firebase Authentication」: GCIP
這項設定會建立新的 Google Cloud 專案。 將專案連結至 Cloud Billing 帳戶 (Blaze 定價方案) 搭配 GCIP 的 Firebase Authentication 必須選取), 為專案啟用 Firebase 服務 透過 GCIP 設定Firebase Authentication 並在專案中註冊三種不同的應用程式類型
請注意,您必須啟用 GCIP,才能透過 Terraform 設定 Firebase Authentication。
# Creates a new Google Cloud project. resource "google_project" "auth" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Associates the project with a Cloud Billing account # (required for Firebase Authentication with GCIP). billing_account = "000000-000000-000000" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "auth" { provider = google-beta.no_user_project_override project = google_project.auth.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "serviceusage.googleapis.com", "identitytoolkit.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "auth" { provider = google-beta project = google_project.auth.project_id depends_on = [ google_project_service.auth, ] } # Creates an Identity Platform config. # Also enables Firebase Authentication with Identity Platform in the project if not. resource "google_identity_platform_config" "auth" { provider = google-beta project = google_project.auth.project_id # Auto-deletes anonymous users autodelete_anonymous_users = true # Configures local sign-in methods, like anonymous, email/password, and phone authentication. sign_in { allow_duplicate_emails = true anonymous { enabled = true } email { enabled = true password_required = false } phone_number { enabled = true test_phone_numbers = { "+11231231234" = "000000" } } } # Sets an SMS region policy. sms_region_config { allowlist_only { allowed_regions = [ "US", "CA", ] } } # Configures blocking functions. blocking_functions { triggers { event_type = "beforeSignIn" function_uri = "https://us-east1-${google_project.auth.project_id}.cloudfunctions.net/before-sign-in" } forward_inbound_credentials { refresh_token = true access_token = true id_token = true } } # Configures a temporary quota for new signups for anonymous, email/password, and phone number. quota { sign_up_quota_config { quota = 1000 start_time = "" quota_duration = "7200s" } } # Configures authorized domains. authorized_domains = [ "localhost", "${google_project.auth.project_id}.firebaseapp.com", "${google_project.auth.project_id}.web.app", ] # Wait for identitytoolkit.googleapis.com to be enabled before initializing Authentication. depends_on = [ google_project_service.auth, ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "auth" { provider = google-beta project = google_project.auth.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.auth, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "auth" { provider = google-beta project = google_project.auth.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.auth, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "auth" { provider = google-beta project = google_project.auth.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.auth, ] }
佈建 預設 Firebase Realtime Database 執行個體
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 佈建專案的預設 Realtime Database 執行個體 並在專案中註冊三種不同的應用程式類型
# Creates a new Google Cloud project. resource "google_project" "rtdb" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "rtdb" { provider = google-beta.no_user_project_override project = google_project.rtdb.project_id for_each = toset([ "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebasedatabase.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "rtdb" { provider = google-beta project = google_project.rtdb.project_id } # Provisions the default Realtime Database default instance. resource "google_firebase_database_instance" "database" { provider = google-beta project = google_project.rtdb.project_id # See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations region = "name-of-region" # This value will become the first segment of the database's URL. instance_id = "${google_project.rtdb.project_id}-default-rtdb" type = "DEFAULT_DATABASE" # Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database. depends_on = [ google_firebase_project.rtdb, ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "rtdb" { provider = google-beta project = google_project.rtdb.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "rtdb" { provider = google-beta project = google_project.rtdb.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "rtdb" { provider = google-beta project = google_project.rtdb.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb, ] }
佈建多個 Firebase Realtime Database 執行個體
這項設定會建立新的 Google Cloud 專案。 將專案連結至 Cloud Billing 帳戶 (Blaze 定價方案) 才能有多個 Realtime Database 執行個體 為專案啟用 Firebase 服務 佈建多個 Realtime Database 執行個體 (包括專案的預設 Realtime Database 執行個體)、 並在專案中註冊三種不同的應用程式類型
# Creates a new Google Cloud project. resource "google_project" "rtdb-multi" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Associate the project with a Cloud Billing account # (required for multiple Realtime Database instances). billing_account = "000000-000000-000000" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "rtdb-multi" { provider = google-beta.no_user_project_override project = google_project.rtdb-multi.project_id for_each = toset([ "cloudbilling.googleapis.com", "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebasedatabase.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "rtdb-multi" { provider = google-beta project = google_project.rtdb-multi.project_id } # Provisions the default Realtime Database default instance. resource "google_firebase_database_instance" "database-default" { provider = google-beta project = google_project.rtdb-multi.project_id # See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations region = "name-of-region" # This value will become the first segment of the database's URL. instance_id = "${google_project.rtdb-multi.project_id}-default-rtdb" type = "DEFAULT_DATABASE" # Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database. depends_on = [ google_firebase_project.rtdb-multi, ] } # Provisions an additional Realtime Database instance. resource "google_firebase_database_instance" "database-additional" { provider = google-beta project = google_project.rtdb-multi.project_id # See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations # This location doesn't need to be the same as the default database instance. region = "name-of-region" # This value will become the first segment of the database's URL. instance_id = "name-of-additional-database-instance" type = "USER_DATABASE" # Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database. depends_on = [ google_firebase_project.rtdb-multi, ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "rtdb-multi" { provider = google-beta project = google_project.rtdb-multi.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb-multi, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "rtdb-multi" { provider = google-beta project = google_project.rtdb-multi.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb-multi, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "rtdb-multi" { provider = google-beta project = google_project.rtdb-multi.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb-multi, ] }
佈建 Cloud Firestore 執行個體
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 佈建專案的 Cloud Firestore 執行個體 並在專案中註冊三種不同的應用程式類型
它也會為 Cloud Firestore 例項佈建 Firebase Security Rules、建立 Cloud Firestore 索引,並新增含有種子資料的 Cloud Firestore 文件。
,瞭解如何調查及移除這項存取權。# Creates a new Google Cloud project. resource "google_project" "firestore" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "firestore" { provider = google-beta.no_user_project_override project = google_project.firestore.project_id for_each = toset([ "cloudresourcemanager.googleapis.com", "serviceusage.googleapis.com", "firestore.googleapis.com", "firebaserules.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "firestore" { provider = google-beta project = google_project.firestore.project_id } # Provisions the Firestore database instance. resource "google_firestore_database" "firestore" { provider = google-beta project = google_project.firestore.project_id name = "(default)" # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location location_id = "name-of-region" # "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules. type = "FIRESTORE_NATIVE" concurrency_mode = "OPTIMISTIC" # Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore. depends_on = [ google_firebase_project.firestore, ] } # Creates a ruleset of Firestore Security Rules from a local file. resource "google_firebaserules_ruleset" "firestore" { provider = google-beta project = google_project.firestore.project_id source { files { name = "firestore.rules" # Write security rules in a local file named "firestore.rules". # Learn more: https://firebase.google.com/docs/firestore/security/get-started content = file("firestore.rules") } } # Wait for Firestore to be provisioned before creating this ruleset. depends_on = [ google_firestore_database.firestore, ] } # Releases the ruleset for the Firestore instance. resource "google_firebaserules_release" "firestore" { provider = google-beta name = "cloud.firestore" # must be cloud.firestore ruleset_name = google_firebaserules_ruleset.firestore.name project = google_project.firestore.project_id # Wait for Firestore to be provisioned before releasing the ruleset. depends_on = [ google_firestore_database.firestore, ] } # Adds a new Firestore index. resource "google_firestore_index" "indexes" { provider = google-beta project = google_project.firestore.project_id collection = "quiz" query_scope = "COLLECTION" fields { field_path = "question" order = "ASCENDING" } fields { field_path = "answer" order = "ASCENDING" } # Wait for Firestore to be provisioned before adding this index. depends_on = [ google_firestore_database.firestore, ] } # Adds a new Firestore document with seed data. # Don't use real end-user or production data in this seed document. resource "google_firestore_document" "doc" { provider = google-beta project = google_project.firestore.project_id collection = "quiz" document_id = "question-1" fields = "{\"question\":{\"stringValue\":\"Favorite Database\"},\"answer\":{\"stringValue\":\"Firestore\"}}" # Wait for Firestore to be provisioned before adding this document. depends_on = [ google_firestore_database.firestore, ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "firestore" { provider = google-beta project = google_project.firestore.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.firestore, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "firestore" { provider = google-beta project = google_project.firestore.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.firestore, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "firestore" { provider = google-beta project = google_project.firestore.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.firestore, ] }
這是應位於本機檔案中的 Cloud Firestore Security Rules 規則集
firestore.rules
。
rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { allow read: if request.auth != null; allow create: if request.auth != null; allow update: if request.auth != null; } }
佈建 預設 Cloud Storage 值區
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 佈建專案的預設 Cloud Storage 值區 並在專案中註冊三種不同的應用程式類型
也會為 Cloud Storage 值區佈建 Firebase Security Rules。 並將檔案上傳至值區
# Creates a new Google Cloud project. resource "google_project" "storage" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "storage" { provider = google-beta.no_user_project_override project = google_project.storage.project_id for_each = toset([ "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebaserules.googleapis.com", "firebasestorage.googleapis.com", "storage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "storage" { provider = google-beta project = google_project.storage.project_id } # Provisions the default Cloud Storage bucket for the project via Google App Engine. resource "google_app_engine_application" "default" { provider = google-beta project = google_project.storage.project_id # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location # This will set the location for the default Storage bucket and the App Engine App. location_id = "name-of-region-for-default-bucket" # If you use Firestore, uncomment this to make sure Firestore is provisioned first. # depends_on = [ # google_firestore_database.firestore # ] } # Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules. resource "google_firebase_storage_bucket" "default-bucket" { provider = google-beta project = google_project.storage.project_id bucket_id = google_app_engine_application.default.default_bucket } # Creates a ruleset of Cloud Storage Security Rules from a local file. resource "google_firebaserules_ruleset" "storage" { provider = google-beta project = google_project.storage.project_id source { files { # Write security rules in a local file named "storage.rules". # Learn more: https://firebase.google.com/docs/storage/security/get-started name = "storage.rules" content = file("storage.rules") } } # Wait for the default Storage bucket to be provisioned before creating this ruleset. depends_on = [ google_firebase_project.storage, ] } # Releases the ruleset to the default Storage bucket. resource "google_firebaserules_release" "default-bucket" { provider = google-beta name = "firebase.storage/${google_app_engine_application.default.default_bucket}" ruleset_name = "projects/${google_project.storage.project_id}/rulesets/${google_firebaserules_ruleset.storage.name}" project = google_project.storage.project_id } # Uploads a new file to the default Storage bucket. # Don't use real end-user or production data in this file. resource "google_storage_bucket_object" "cat-picture" { provider = google-beta name = "cat.png" source = "path/to/cat.png" bucket = google_app_engine_application.default.default_bucket } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "storage" { provider = google-beta project = google_project.storage.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "storage" { provider = google-beta project = google_project.storage.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "storage" { provider = google-beta project = google_project.storage.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage, ] }
這是 Cloud Storage Security Rules 的規則集,應位於名為 storage.rules
的本機檔案中。
rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if request.auth != null; } } }
佈建 多個 Cloud Storage 值區
這項設定會建立新的 Google Cloud 專案。 將專案連結至 Cloud Billing 帳戶 (Blaze 定價方案) 才能有多個值區 為專案啟用 Firebase 服務 佈建多個 Cloud Storage 值區 (包括專案的預設 Cloud Storage 值區)、 並在專案中註冊三種不同的應用程式類型
也會為 Cloud Storage 值區佈建 Firebase Security Rules。 並將檔案上傳至預設的 Cloud Storage 值區。
,瞭解如何調查及移除這項存取權。# Creates a new Google Cloud project. resource "google_project" "storage-multi" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Associates the project with a Cloud Billing account # (required for multiple Cloud Storage buckets). billing_account = "000000-000000-000000" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "storage-multi" { provider = google-beta.no_user_project_override project = google_project.storage-multi.project_id for_each = toset([ "cloudbilling.googleapis.com", "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebaserules.googleapis.com", "firebasestorage.googleapis.com", "storage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id } # Provisions the default Cloud Storage bucket for the project via Google App Engine. resource "google_app_engine_application" "default-multi" { provider = google-beta project = google_project.storage-multi.project_id # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location # This will set the location for the default Storage bucket and the App Engine App. location_id = "name-of-region-for-default-bucket" # If you use Firestore, uncomment this to make sure Firestore is provisioned first. # depends_on = [ # google_firestore_database.firestore # ] } # Provisions an additional Cloud Storage bucket. # Additional Cloud Storage buckets are not provisioned via App Engine. resource "google_storage_bucket" "bucket-multi" { provider = google-beta project = google_project.storage-multi.project_id name = "name-of-additional-storage-bucket" # See available locations: https://cloud.google.com/storage/docs/locations#available-locations # This location does not need to be the same as the default Storage bucket. location = "name-of-region-for-additional-bucket" } # Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules. resource "google_firebase_storage_bucket" "default-bucket-multi" { provider = google-beta project = google_project.storage-multi.project_id bucket_id = google_app_engine_application.default-multi.default_bucket } # Makes the additional Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules. resource "google_firebase_storage_bucket" "bucket-multi" { provider = google-beta project = google_project.storage-multi.project_id bucket_id = google_storage_bucket.bucket-multi.name } # Creates a ruleset of Firebase Security Rules from a local file. resource "google_firebaserules_ruleset" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id source { files { # Write security rules in a local file named "storage.rules" # Learn more: https://firebase.google.com/docs/storage/security/get-started name = "storage.rules" content = file("storage.rules") } } # Wait for the Storage buckets to be provisioned before creating this ruleset. depends_on = [ google_firebase_project.storage-multi, ] } # Releases the ruleset to the default Storage bucket. resource "google_firebaserules_release" "default-bucket-multi" { provider = google-beta name = "firebase.storage/${google_app_engine_application.default-multi.default_bucket}" ruleset_name = "projects/${google_project.storage-multi.project_id}/rulesets/${google_firebaserules_ruleset.storage-multi.name}" project = google_project.storage-multi.project_id } # Releases the ruleset to the additional Storage bucket. resource "google_firebaserules_release" "bucket-multi" { provider = google-beta name = "firebase.storage/${google_storage_bucket.bucket-multi.name}" ruleset_name = "projects/${google_project.storage-multi.project_id}/rulesets/${google_firebaserules_ruleset.storage-multi.name}" project = google_project.storage-multi.project_id } # Uploads a new file to the default Storage bucket. # Do not use real end-user or production data in this file. resource "google_storage_bucket_object" "cat-picture-multi" { provider = google-beta name = "cat.png" source = "path/to/cat.png" bucket = google_app_engine_application.default-multi.default_bucket } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage-multi, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage-multi, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage-multi, ] }
這是應位於本機檔案中的 Cloud Storage Security Rules 規則集
storage.rules
。
rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if request.auth != null; } } }
佈建 Cloud Firestore 執行個體和預設 Cloud Storage 值區
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 佈建 Cloud Firestore 例項,且 然後佈建預設的 Cloud Storage 值區
也會為 Cloud Firestore 執行個體和預設值佈建 Firebase Security Rules Cloud Storage 值區。
,瞭解如何調查及移除這項存取權。# Creates a new Google Cloud project. resource "google_project" "fs" { # fs = Firestore + Storage provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "fs" { provider = google-beta.no_user_project_override project = google_project.fs.project_id for_each = toset([ "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebaserules.googleapis.com", "firebasestorage.googleapis.com", "storage.googleapis.com", "firestore.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "fs" { provider = google-beta project = google_project.fs.project_id } #### Set up Firestore before default Cloud Storage bucket #### # Provisions the Firestore database instance. resource "google_firestore_database" "firestore-fs" { provider = google-beta project = google_project.fs.project_id name = "(default)" # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location location_id = "name-of-region" # "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules. type = "FIRESTORE_NATIVE" concurrency_mode = "OPTIMISTIC" # Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore. depends_on = [ google_firebase_project.fs, ] } # Creates a ruleset of Firestore Security Rules from a local file. resource "google_firebaserules_ruleset" "firestore-fs" { provider = google-beta project = google_project.fs.project_id source { files { # Write security rules in a local file named "firestore.rules". # Learn more: https://firebase.google.com/docs/firestore/security/get-started name = "firestore.rules" content = file("firestore.rules") } } # Wait for Firestore to be provisioned before creating this ruleset. depends_on = [ google_firestore_database.firestore-fs ] } # Releases the ruleset for the Firestore instance. resource "google_firebaserules_release" "firestore-fs" { provider = google-beta name = "cloud.firestore" # must be cloud.firestore ruleset_name = google_firebaserules_ruleset.firestore-fs.name project = google_project.fs.project_id # Wait for Firestore to be provisioned before releasing the ruleset. depends_on = [ google_firestore_database.firestore-fs, ] } #### Set up default Cloud Storage default bucket after Firestore #### # Provisions the default Cloud Storage bucket for the project via Google App Engine. resource "google_app_engine_application" "default-bucket-fs" { provider = google-beta project = google_project.fs.project_id # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location # This will set the location for the default Storage bucket and the App Engine App. location_id = "name-of-region" # Must be in the same location as Firestore (above) # Wait for Firestore to be provisioned first. # Otherwise, the Firestore instance will be provisioned in Datastore mode (unusable by Firebase). depends_on = [ google_firestore_database.firestore-fs, ] } # Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules. resource "google_firebase_storage_bucket" "default-bucket-fs" { provider = google-beta project = google_project.fs.project_id bucket_id = google_app_engine_application.default-bucket-fs.default_bucket } # Creates a ruleset of Cloud Storage Security Rules from a local file. resource "google_firebaserules_ruleset" "default-bucket-fs" { provider = google-beta project = google_project.fs.project_id source { files { # Write security rules in a local file named "storage.rules". # Learn more: https://firebase.google.com/docs/storage/security/get-started name = "storage.rules" content = file("storage.rules") } } # Wait for the Cloud Storage bucket to be provisioned before creating this ruleset. depends_on = [ google_firebase_project.fs, ] } # Releases the ruleset to the default Storage bucket. resource "google_firebaserules_release" "default-bucket-fs" { provider = google-beta name = "firebase.storage/${google_app_engine_application.default-bucket-fs.default_bucket}" ruleset_name = "projects/${google_project.fs.project_id}/rulesets/${google_firebaserules_ruleset.default-bucket-fs.name}" project = google_project.fs.project_id }
這是應位於本機檔案中的 Cloud Firestore Security Rules 規則集
firestore.rules
。
rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { allow read: if request.auth != null; allow create: if request.auth != null; allow update: if request.auth != null; } }
這是應位於本機檔案中的 Cloud Storage Security Rules 規則集
storage.rules
。
rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if request.auth != null; } } }
保護 API 資源 合作頻道:Firebase App Check
這個設定會建立新的 Google Cloud 專案,為專案啟用 Firebase 服務,並設定並啟用 Firebase App Check 的 Cloud Firestore 強制執行機制,讓使用者只能透過 Android 應用程式存取。
# Creates a new Google Cloud project. resource "google_project" "appcheck" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "services" { provider = google-beta.no_user_project_override project = google_project.appcheck.project_id for_each = toset([ "cloudresourcemanager.googleapis.com", "firebase.googleapis.com", "firebaseappcheck.googleapis.com", "firestore.googleapis.com", "serviceusage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created earlier. resource "google_firebase_project" "appcheck" { provider = google-beta project = google_project.appcheck.project_id depends_on = [google_project_service.services] } # Provisions the Firestore database instance. resource "google_firestore_database" "database" { provider = google-beta project = google_firebase_project.appcheck.project name = "(default)" # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location location_id = "name-of-region" # "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules. type = "FIRESTORE_NATIVE" concurrency_mode = "OPTIMISTIC" # Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore. depends_on = [ google_firebase_project.appcheck, ] } # Creates a Firebase Android App in the new project created earlier. resource "google_firebase_android_app" "appcheck" { provider = google-beta project = google_firebase_project.appcheck.project display_name = "Play Integrity app" package_name = "package.name.playintegrity" sha256_hashes = [ # TODO: insert your Android app's SHA256 certificate ] } # It takes a while for App Check to recognize the new app # If your app already exists, you don't have to wait 30 seconds. resource "time_sleep" "wait_30s" { depends_on = [google_firebase_android_app.appcheck] create_duration = "30s" } # Register the Android app with the Play Integrity provider resource "google_firebase_app_check_play_integrity_config" "appcheck" { provider = google-beta project = google_firebase_project.appcheck.project app_id = google_firebase_android_app.appcheck.app_id depends_on = [time_sleep.wait_30s, google_firestore_database.database] lifecycle { precondition { condition = length(google_firebase_android_app.appcheck.sha256_hashes) > 0 error_message = "Provide a SHA-256 certificate on the Android App to use App Check" } } } # Enable enforcement of App Check for Firestore resource "google_firebase_app_check_service_config" "firestore" { provider = google-beta project = google_firebase_project.appcheck.project service_id = "firestore.googleapis.com" depends_on = [google_project_service.services] }
安裝 Firebase Extension 的執行個體
這項設定會建立新的 Google Cloud 專案。 為專案啟用 Firebase 服務 會安裝新的 Firebase Extension 例項 專案。如果執行個體已存在 其參數會根據設定中提供的值進行更新。
# Creates a new Google Cloud project. resource "google_project" "extensions" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Associates the project with a Cloud Billing account # (required to use Firebase Extensions). billing_account = "000000-000000-000000" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "extensions" { provider = google-beta.no_user_project_override project = google_project.extensions.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "serviceusage.googleapis.com", "firebase.googleapis.com", "firebaseextensions.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "extensions" { provider = google-beta project = google_project.extensions.project_id depends_on = [ google_project_service.extensions, ] } # Installs an instance of the "Translate Text in Firestore" extension. # Or updates the extension if the specified instance already exists. resource "google_firebase_extensions_instance" "translation" { provider = google-beta project = google_project.extensions.project_id instance_id = "translate-text-in-firestore" config { extension_ref = "firebase/firestore-translate-text" params = { COLLECTION_PATH = "posts/comments/translations" DO_BACKFILL = true LANGUAGES = "ar,en,es,de,fr" INPUT_FIELD_NAME = "input" LANGUAGES_FIELD_NAME = "languages" OUTPUT_FIELD_NAME = "translated" } system_params = { "firebaseextensions.v1beta.function/location" = "us-central1" "firebaseextensions.v1beta.function/memory" = "256" "firebaseextensions.v1beta.function/minInstances" = "0" "firebaseextensions.v1beta.function/vpcConnectorEgressSettings" = "VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED" } } }
疑難排解與常見問題
您想要
進一步瞭解各種與專案相關的屬性 (例如
project
和user_project_override
)
本指南會在處理「專案」時使用下列 Terraform 屬性。
resource
區塊中的project
建議:盡可能在每個屬性中加入
project
屬性resource
區塊加入專案屬性後,Terraform 就會建立基礎架構 指定專案內資源區塊中的主機名稱本指南和 範例設定檔全都使用這種做法
請參閱官方 Terraform 說明文件,瞭解
project
。provider
區塊中的「user_project_override
」如要佈建大多數資源,建議您使用
user_project_override = true
,也就是要自行檢查配額 Firebase 專案。不過,設定新專案使其能夠接受 配額檢查,您必須先使用user_project_override = false
。請參閱
user_project_override
的官方 Terraform 說明文件。
您會收到以下錯誤:
generic::permission_denied: Firebase Tos Not Accepted
。
請確認您用來執行 gcloud CLI 的使用者帳戶 指令已接受 Firebase 服務條款 (Firebase 服務條款)。
您可以使用已登入使用者帳戶的瀏覽器,嘗試在 Firebase 控制台中查看現有的 Firebase 專案,藉此進行檢查。如果您可以 表示使用者帳戶已接受 Firebase 服務條款。
如果您無法查看任何現有的 Firebase 專案,表示使用者帳戶可能尚未接受 Firebase 服務條款。如要解決這個問題,請建立新的資源 透過 Firebase 控制台並接受 建立專案時一併建立 Firebase 服務條款。您可以立即透過控制台的「專案設定」刪除這個專案。
執行 terraform apply
後,您會收到以下錯誤訊息:generic::permission_denied: IAM authority does not have the
permission
。
請稍候片刻,然後再次嘗試執行 terraform apply
。
建立資源失敗,但再次執行 terraform apply
時,會顯示 ALREADY_EXISTS
。
這可能是因為各種系統發生傳播延遲。嘗試解決這個問題
方法是將資源匯入 Terraform 狀態
terraform import
。然後再次嘗試執行 terraform apply
。
如要瞭解如何匯入各項資源,請前往「匯入」部分的 Terraform 說明文件 (例如 「匯入」Cloud Firestore 說明文件)。
使用
Cloud Firestore,系統會顯示以下錯誤訊息:Error creating Index: googleapi:
Error 409;...Concurrent access -- try again
如錯誤所示,Terraform 可能會嘗試佈建多個索引
和/或同時建立文件,但發生並行錯誤
請嘗試再次執行 terraform apply
。
您會獲得:
這個錯誤:
"you may need to specify 'X-Goog-User-Project' HTTP header for quota and
billing purposes"
。
這個錯誤表示 Terraform 不知道哪個專案要檢查配額
下定決心如要排解問題,請在 resource
區塊中檢查下列項目:
- 確認您已指定
project
屬性的值。 - 請確認您是透過
user_project_override = true
使用該供應商 (無別名),Firebase 範例中的值為google-beta
。
建立 Deployment 新的 Google Cloud 專案就會顯示錯誤訊息 新專案已存在
以下是專案 ID 可能已存在的可能原因:
與該 ID 相關聯的專案屬於其他使用者。
- 如要解析:請選擇其他專案 ID。
與該 ID 相關聯的專案最近已遭刪除 (處於軟刪除狀態)。
- 解決方法:如果您認為與 ID 相關聯的專案屬於您,請使用
projects.get
REST API 檢查專案狀態。
- 解決方法:如果您認為與 ID 相關聯的專案屬於您,請使用
與該 ID 相關聯的專案正確存在目前的使用者底下。發生這項錯誤的可能原因可能是先前的
terraform apply
遭到中斷。- 如要解決問題:請執行下列指令:
terraform import google_project.default PROJECT_ID
之後
terraform import google_firebase_project.default PROJECT_ID
- 如要解決問題:請執行下列指令:
時間
正在嘗試佈建 Cloud Firestore,然後依序為 Cloud Storage (透過
google_app_engine_application
),系統會顯示以下錯誤訊息:
Error: Error creating App Engine application: googleapi: Error 409:
Cannot create Firestore database resource <resource-name> since it
already exists at location <location-id>, alreadyExists
。
App Engine 應用程式需要 Cloud Firestore 執行個體,但您只能 每項專案都有一個 Cloud Firestore 執行個體因此,如同錯誤訊息所示,如果您已在某個位置佈建專案的 Cloud Firestore 執行個體,嘗試在其他位置佈建 Cloud Firestore 執行個體時,App Engine 就會發生錯誤。「App Engine」認為你正在嘗試 「重新佈建」現有的 Cloud Firestore 執行個體。
如要解決這個錯誤,請將 Cloud Firestore 和 App Engine 應用程式。如果您需要 Cloud Storage 值區 與 Cloud Firestore 位於不同位置,您可以佈建更多值區 (請參閱 建立多個 Cloud Storage 的範例設定 值區)。
時間
正在嘗試佈建 Cloud Storage (透過
google_app_engine_application
) 和 Cloud Firestore,即可獲得
這個錯誤:
Error: Error creating Database: googleapi: Error 409: Database already
exists. Please use another database_id
。
佈建專案的預設 Cloud Storage 值區時 (透過
google_app_engine_application
),且專案還沒有
Cloud Firestore 個執行個體,之後會自動 google_app_engine_application
佈建專案的 Cloud Firestore 執行個體。
如果專案的 Cloud Firestore 執行個體已佈建完畢,
google_firestore_database
如果您嘗試明確佈建
Cloud Firestore 執行個體。
專案的 Cloud Firestore 執行個體佈建完畢之後,就無法
「重新佈建」或變更其位置。為防止錯誤發生
從設定檔中移除 google_firestore_database
資源區塊。
請注意,我們建議在Cloud Firestore
專案的預設 Cloud Storage 值區 (原因請見下文)。