Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Firebase mulai mendukung Terraform.
Jika Anda berada dalam tim yang ingin mengotomatiskan dan menstandarkan pembuatan project Firebase dengan menyediakan resource dan mengaktifkan layanan tertentu, penggunaan Terraform dengan Firebase merupakan pilihan tepat.
Alur kerja dasar untuk menggunakan Terraform dengan Firebase mencakup langkah berikut:
Membuat dan menyesuaikan file konfigurasi Terraform (file .tf) yang menentukan infrastruktur yang ingin Anda sediakan (yakni, resource yang ingin disediakan dan layanan yang ingin diaktifkan).
Menggunakan perintah gCloud CLI yang berantarmuka dengan Terraform untuk menyediakan infrastruktur yang ditentukan dalam file .tf.
Apa yang dapat Anda lakukan dengan Terraform dan Firebase?
Contoh alur kerja umum dalam panduan ini akan membuat project Firebase baru dengan aplikasi Android. Namun, Anda dapat menggunakan Terraform untuk banyak hal lainnya, seperti:
Menghapus dan memodifikasi infrastruktur yang ada.
Mengelola tugas dan konfigurasi spesifik per produk, seperti:
Membuat bucket Cloud Storage atau instance database dan men-deploy Aturan Keamanan Firebase untuk keduanya.
Anda dapat menggunakan perintah dan file konfigurasi Terraform standar untuk menyelesaikan semua tugas ini. Untuk memudahkan Anda, kami juga telah menyediakan contoh file konfigurasi Terraform untuk beberapa kasus penggunaan umum.
Alur kerja umum untuk menggunakan Terraform dengan Firebase
Prasyarat
Panduan ini merupakan pengantar penggunaan Terraform dengan Firebase, sehingga diasumsikan bahwa Anda telah memiliki pemahaman dasar tentang Terraform. Pastikan Anda telah menyelesaikan prasyarat berikut sebelum memulai alur kerja ini.
Lihat persyaratan untuk akun pengguna dan akun layanan
Jika menggunakan akun pengguna, Anda harus telah menyetujui Persyaratan Layanan (ToS) Firebase. Sebelum menyetujui ToS Firebase, Anda tidak akan dapat melihat project Firebase di Firebase console
Agar Terraform dapat melakukan tindakan tertentu (misalnya membuat project), hal berikut harus terpenuhi:
Akun pengguna atau akun layanan harus memiliki akses IAM yang berlaku untuk tindakan tersebut.
Jika akun pengguna atau akun layanan merupakan bagian dari organisasi Google Cloud, kebijakan organisasi harus mengizinkan akun tersebut untuk melakukan tindakan itu.
Langkah 1: Membuat dan menyesuaikan file konfigurasi Terraform
File konfigurasi Terraform memerlukan dua bagian utama (yang dijelaskan secara mendetail di bawah):
Penyiapan provider diperlukan, apa pun produk atau layanan Firebase yang digunakan.
Buat file konfigurasi Terraform (seperti file main.tf) di direktori lokal.
Dalam panduan ini, Anda akan menggunakan file konfigurasi ini untuk menentukan penyiapan provider dan semua infrastruktur yang Anda inginkan untuk dibuat oleh Terraform. Namun, perlu diperhatikan bahwa ada beberapa opsi terkait cara menyertakan penyiapan provider.
Lihat opsi cara menyertakan penyiapan provider
Opsi berikut tersedia untuk menyertakan penyiapan provider pada konfigurasi Terraform lainnya:
Opsi 1: Menyertakan penyiapan provider di bagian atas sebuah file konfigurasi .tf Terraform (seperti yang ditunjukkan dalam panduan ini).
Gunakan opsi ini jika Anda baru mulai menggunakan Terraform atau baru mencoba Terraform dengan Firebase.
Opsi 2: Menyertakan penyiapan provider dalam file .tf tersendiri (seperti file provider.tf), yang terpisah dari file .tf tempat Anda menentukan infrastruktur yang akan dibuat (seperti file main.tf).
Gunakan opsi ini jika Anda adalah bagian dari tim yang lebih besar yang perlu menstandarkan penyiapan.
Saat menjalankan perintah Terraform, baik file provider.tf maupun file main.tf harus berada di direktori yang sama.
Sertakan penyiapan provider berikut di bagian atas file main.tf.
Anda harus menggunakan provider google-beta karena ini adalah rilis beta dari penggunaan Firebase dengan Terraform. Berhati-hatilah saat menggunakannya dalam produksi.
# Terraform configuration to set up providers by version.
terraform {
required_providers {
google-beta = {
source = "hashicorp/google-beta"
version = "~> 4.0"
}
}
}
# Configures the provider to use the resource block's specified project for quota checks.
provider "google-beta" {
user_project_override = true
}
# Configures the provider to not use the resource block's specified project for quota checks.
# This provider should only be used during project creation and initializing services.
provider "google-beta" {
alias = "no_user_project_override"
user_project_override = false
}
Pelajari lebih lanjut berbagai jenis atribut terkait project (termasuk yang dalam panduan ini disebut sebagai "quota-check project") saat menggunakan Terraform dengan Firebase.
Lanjutkan ke bagian berikutnya untuk menyelesaikan file konfigurasi dan menentukan infrastruktur yang akan dibuat.
Menentukan infrastruktur yang akan dibuat menggunakan blok resource
Dalam file konfigurasi Terraform (untuk panduan ini, file main.tf), Anda harus menentukan semua infrastruktur yang Anda inginkan untuk dibuat oleh Terraform (artinya, semua resource yang ingin disediakan dan semua layanan yang ingin diaktifkan). Dalam panduan ini, temukan daftar lengkap semua resource Firebase yang mendukung Terraform.
Buka file main.tf.
Pada penyiapan provider, sertakan konfigurasi blok resource berikut.
Contoh dasar ini akan membuat project Firebase baru, lalu membuat Aplikasi Android Firebase di dalam project tersebut.
# Terraform configuration to set up providers by version.
...
# Configures the provider to use the resource block's specified project for quota checks.
...
# Configures the provider to not use the resource block's specified project for quota checks.
...
# Creates a new Google Cloud project.
resource "google_project" "default" {
provider = google-beta.no_user_project_override
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for any service that requires the Blaze pricing plan
# (like Firebase Authentication with GCIP)
billing_account = "000000-000000-000000"
# Required for the project to display in any list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "default" {
provider = google-beta.no_user_project_override
project = google_project.default.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebase.googleapis.com",
# Enabling the ServiceUsage API allows the new project to be quota checked from now on.
"serviceusage.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "default" {
provider = google-beta
project = google_project.default.project_id
# Waits for the required APIs to be enabled.
depends_on = [
google_project_service.default
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "default" {
provider = google-beta
project = google_project.default.project_id
display_name = "My Awesome Android app"
package_name = "awesome.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.default,
]
}
Melihat versi yang sangat teranotasi dari contoh file konfigurasi ini
Jika Anda belum familier dengan infrastruktur project dan aplikasi sebagai resource, pelajari dokumentasi berikut:
# Terraform configuration to set up providers by version.
...
# Configures the provider to use the resource block's specified project for quota checks.
...
# Configures the provider to not use the resource block's specified project for quota checks.
...
# Creates a new Google Cloud project.
resource "google_project" "default" {
# Use the provider that enables the setup of quota checks for a new project
provider = google-beta.no_user_project_override
name = "Project Display Name" // learn more about the project name
project_id = "project-id-for-new-project" // learn more about the project ID
# Required for any service that requires the Blaze pricing plan
# (like Firebase Authentication with GCIP)
billing_account = "000000-000000-000000"
# Required for the project to display in any list of Firebase projects.
labels = {
"firebase" = "enabled" // learn more about the Firebase-enabled label
}
}
# Enables required APIs.
resource "google_project_service" "default" {
# Use the provider without quota checks for enabling APIS
provider = google-beta.no_user_project_override
project = google_project.default.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebase.googleapis.com",
# Enabling the ServiceUsage API allows the new project to be quota checked from now on.
"serviceusage.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
# This action essentially "creates a Firebase project" and allows the project to use
# Firebase services (like Firebase Authentication) and
# Firebase tooling (like the Firebase console).
# Learn more about the relationship between Firebase projects and Google Cloud.
resource "google_firebase_project" "default" {
# Use the provider that performs quota checks from now on
provider = google-beta
project = google_project.default.project_id
# Waits for the required APIs to be enabled.
depends_on = [
google_project_service.default
]
}
# Creates a Firebase Android App in the new project created above.
# Learn more about the relationship between Firebase Apps and Firebase projects.
resource "google_firebase_android_app" "default" {
provider = google-beta
project = google_project.default.project_id
display_name = "My Awesome Android app" # learn more about an app's display name
package_name = "awesome.package.name" # learn more about an app's package name
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.default,
]
}
Langkah 2: Menjalankan perintah Terraform untuk membuat infrastruktur yang ditentukan
Untuk menyediakan resource dan mengaktifkan layanan yang ditentukan dalam file main.tf, jalankan perintah berikut dari direktori yang sama dengan file main.tf Anda.
Untuk mendapatkan informasi selengkapnya tentang perintah ini, lihat dokumentasi Terraform.
Jika ini adalah pertama kalinya Anda menjalankan perintah Terraform di direktori, Anda harus menginisialisasi direktori konfigurasi dan menginstal provider Google Terraform. Lakukan hal ini dengan menjalankan perintah berikut:
terraform init
Buat infrastruktur yang ditentukan dalam file main.tf dengan menjalankan perintah berikut:
terraform apply
Pastikan bahwa segala sesuatunya telah disediakan atau diaktifkan seperti yang diharapkan:
Opsi 1: Lihat konfigurasi yang tercetak di terminal dengan menjalankan perintah berikut:
Resource Firebase yang memiliki dukungan Terraform
Resource Firebase dan Google berikut memiliki dukungan Terraform. Kami juga menambahkan lebih banyak resource dari waktu ke waktu. Jadi, jika Anda belum menemukan resource yang ingin dikelola dengan Terraform, segera periksa kembali untuk mengetahui apakah resource tersebut telah tersedia, atau kirimkan permintaan dengan melaporkan masalah di repo GitHub.
google_identity_platform_config — mengaktifkan Google Cloud Identity Platform (GCIP) (yang merupakan backend untuk Firebase Authentication) dan menyediakan setelan autentikasi level project
Project tempat Terraform akan mengaktifkan GCIP dan/atau Firebase Authentication harus menggunakan paket harga Blaze (artinya, project tersebut harus memiliki akun Penagihan Cloud yang terkait). Anda dapat menjalankan langkah ini secara terprogram dengan menetapkan atribut billing_account di resource google_project.
Men-deploy Aturan Keamanan Firebase Realtime Database melalui Terraform (pelajari cara men-deploy Aturan ini menggunakan alat lain, termasuk opsi terprogram)
Penting: Jangan gunakan data produksi atau pengguna akhir sebenarnya dalam file ini.
Aturan Keamanan Firebase (untuk Cloud Firestore dan Cloud Storage)
Perlu diperhatikan bahwa Firebase Realtime Database menggunakan sistem penyediaan yang berbeda untuk Aturan Keamanan Firebase-nya.
google_firebaserules_ruleset — menentukan Aturan Keamanan Firebase yang berlaku untuk instance Cloud Firestore atau bucket Cloud Storage
google_firebaserules_release — men-deploy kumpulan aturan tertentu ke instance Cloud Firestore atau bucket Cloud Storage
Contoh file konfigurasi Terraform untuk kasus penggunaan umum
Menyiapkan Firebase Authentication dengan GCIP
Konfigurasi ini akan membuat project Google Cloud baru, mengaitkan project dengan akun Penagihan Cloud (diperlukan paket harga Blaze untuk Firebase Authentication dengan GCIP), mengaktifkan layanan Firebase untuk project, menyiapkan Firebase Authentication dengan GCIP, dan mendaftarkan tiga jenis aplikasi berbeda ke project tersebut.
Perhatikan bahwa GCIP harus diaktifkan untuk menyiapkan Firebase Authentication melalui Terraform.
# Creates a new Google Cloud project.
resource "google_project" "auth" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Associates the project with a Cloud Billing account
# (required for Firebase Authentication with GCIP).
billing_account = "000000-000000-000000"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "auth" {
provider = google-beta.no_user_project_override
project = google_project.auth.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"cloudresourcemanager.googleapis.com",
"serviceusage.googleapis.com",
"identitytoolkit.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "auth" {
provider = google-beta
project = google_project.auth.project_id
depends_on = [
google_project_service.auth,
]
}
# Creates an Identity Platform config.
# Also enables Firebase Authentication with Identity Platform in the project if not.
resource "google_identity_platform_config" "auth" {
provider = google-beta
project = google_project.auth.project_id
# For example, you can configure to auto-delete Anonymous users.
autodelete_anonymous_users = true
# Wait for identitytoolkit.googleapis.com to be enabled before initializing Authentication.
depends_on = [
google_project_service.auth,
]
}
# Adds more configurations, like for the email/password sign-in provider.
resource "google_identity_platform_project_default_config" "auth" {
provider = google-beta
project = google_project.auth.project_id
sign_in {
allow_duplicate_emails = false
anonymous {
enabled = true
}
email {
enabled = true
password_required = false
}
}
# Wait for Authentication to be initialized before enabling email/password.
depends_on = [
google_identity_platform_config.auth
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "auth" {
provider = google-beta
project = google_project.auth.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.auth,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "auth" {
provider = google-beta
project = google_project.auth.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.auth,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "auth" {
provider = google-beta
project = google_project.auth.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.auth,
]
}
Menyediakan instance Firebase Realtime Database default
Konfigurasi ini akan membuat project Google Cloud baru, mengaktifkan layanan Firebase untuk project itu, menyediakan instance Realtime Database default project, dan mendaftarkan tiga jenis aplikasi berbeda ke project tersebut.
# Creates a new Google Cloud project.
resource "google_project" "rtdb" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "rtdb" {
provider = google-beta.no_user_project_override
project = google_project.rtdb.project_id
for_each = toset([
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebasedatabase.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "rtdb" {
provider = google-beta
project = google_project.rtdb.project_id
}
# Provisions the default Realtime Database default instance.
resource "google_firebase_database_instance" "database" {
provider = google-beta
project = google_project.rtdb.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations
region = "name-of-region"
# This value will become the first segment of the database's URL.
instance_id = "${google_project.rtdb.project_id}-default-rtdb"
type = "DEFAULT_DATABASE"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database.
depends_on = [
google_firebase_project.rtdb,
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "rtdb" {
provider = google-beta
project = google_project.rtdb.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "rtdb" {
provider = google-beta
project = google_project.rtdb.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "rtdb" {
provider = google-beta
project = google_project.rtdb.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb,
]
}
Menyediakan beberapa instance Firebase Realtime Database
Konfigurasi ini akan membuat project Google Cloud baru, mengaitkan project dengan akun Penagihan Cloud (diperlukan paket harga Blaze untuk menyediakan beberapa instance Realtime Database), mengaktifkan layanan Firebase untuk project, menyediakan beberapa instance Realtime Database (termasuk instance Realtime Database default project), dan mendaftarkan tiga jenis aplikasi berbeda ke project tersebut.
# Creates a new Google Cloud project.
resource "google_project" "rtdb-multi" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Associate the project with a Cloud Billing account
# (required for multiple Realtime Database instances).
billing_account = "000000-000000-000000"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "rtdb-multi" {
provider = google-beta.no_user_project_override
project = google_project.rtdb-multi.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebasedatabase.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "rtdb-multi" {
provider = google-beta
project = google_project.rtdb-multi.project_id
}
# Provisions the default Realtime Database default instance.
resource "google_firebase_database_instance" "database-default" {
provider = google-beta
project = google_project.rtdb-multi.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations
region = "name-of-region"
# This value will become the first segment of the database's URL.
instance_id = "${google_project.rtdb-multi.project_id}-default-rtdb"
type = "DEFAULT_DATABASE"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
# Provisions an additional Realtime Database instance.
resource "google_firebase_database_instance" "database-additional" {
provider = google-beta
project = google_project.rtdb-multi.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations
# This location doesn't need to be the same as the default database instance.
region = "name-of-region"
# This value will become the first segment of the database's URL.
instance_id = "name-of-additional-database-instance"
type = "USER_DATABASE"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "rtdb-multi" {
provider = google-beta
project = google_project.rtdb-multi.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "rtdb-multi" {
provider = google-beta
project = google_project.rtdb-multi.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "rtdb-multi" {
provider = google-beta
project = google_project.rtdb-multi.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.rtdb-multi,
]
}
Menyediakan instance Cloud Firestore
Konfigurasi ini akan membuat project Google Cloud baru, mengaktifkan layanan Firebase untuk project, menyediakan instance Cloud Firestore project, dan mendaftarkan tiga jenis aplikasi berbeda ke project tersebut.
Konfigurasi ini juga akan menyediakan Aturan Keamanan Firebase untuk instance Cloud Firestore, membuat indeks Cloud Firestore, dan menambahkan dokumen Cloud Firestore dengan data seed.
# Creates a new Google Cloud project.
resource "google_project" "firestore" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "firestore" {
provider = google-beta.no_user_project_override
project = google_project.firestore.project_id
for_each = toset([
"cloudresourcemanager.googleapis.com",
"serviceusage.googleapis.com",
"firestore.googleapis.com",
"firebaserules.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
}
# Provisions the Firestore database instance.
resource "google_firestore_database" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
name = "(default)"
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
location_id = "name-of-region"
# "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules.
type = "FIRESTORE_NATIVE"
concurrency_mode = "OPTIMISTIC"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore.
depends_on = [
google_firebase_project.firestore,
]
}
# Creates a ruleset of Firestore Security Rules from a local file.
resource "google_firebaserules_ruleset" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
source {
files {
name = "firestore.rules"
# Write security rules in a local file named "firestore.rules".
# Learn more: https://firebase.google.com/docs/firestore/security/get-started
content = file("firestore.rules")
}
}
# Wait for Firestore to be provisioned before creating this ruleset.
depends_on = [
google_firestore_database.firestore,
]
}
# Releases the ruleset for the Firestore instance.
resource "google_firebaserules_release" "firestore" {
provider = google-beta
name = "cloud.firestore" # must be cloud.firestore
ruleset_name = google_firebaserules_ruleset.firestore.name
project = google_project.firestore.project_id
# Wait for Firestore to be provisioned before releasing the ruleset.
depends_on = [
google_firestore_database.firestore,
]
}
# Adds a new Firestore index.
resource "google_firestore_index" "indexes" {
provider = google-beta
project = google_project.firestore.project_id
collection = "quiz"
query_scope = "COLLECTION"
fields {
field_path = "question"
order = "ASCENDING"
}
fields {
field_path = "answer"
order = "ASCENDING"
}
# Wait for Firestore to be provisioned before adding this index.
depends_on = [
google_firestore_database.firestore,
]
}
# Adds a new Firestore document with seed data.
# Don't use real end-user or production data in this seed document.
resource "google_firestore_document" "doc" {
provider = google-beta
project = google_project.firestore.project_id
collection = "quiz"
document_id = "question-1"
fields = "{\"question\":{\"stringValue\":\"Favorite Database\"},\"answer\":{\"stringValue\":\"Firestore\"}}"
# Wait for Firestore to be provisioned before adding this document.
depends_on = [
google_firestore_database.firestore,
]
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.firestore,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.firestore,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "firestore" {
provider = google-beta
project = google_project.firestore.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.firestore,
]
}
Ini adalah kumpulan aturan untuk Aturan Keamanan Cloud Firestore yang harus ada dalam file lokal yang bernama firestore.rules.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
allow read: if request.auth != null;
allow create: if request.auth != null;
allow update: if request.auth != null;
}
}
Menyediakan bucket Cloud Storage default
Konfigurasi ini akan membuat project Google Cloud baru, mengaktifkan layanan Firebase untuk project, menyediakan bucket Cloud Storage default project, dan mendaftarkan tiga jenis aplikasi berbeda ke project tersebut.
Konfigurasi ini juga akan menyediakan Aturan Keamanan Firebase untuk bucket Cloud Storage dan mengupload file ke bucket itu.
# Creates a new Google Cloud project.
resource "google_project" "storage" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "storage" {
provider = google-beta.no_user_project_override
project = google_project.storage.project_id
for_each = toset([
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebaserules.googleapis.com",
"firebasestorage.googleapis.com",
"storage.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "storage" {
provider = google-beta
project = google_project.storage.project_id
}
# Provisions the default Cloud Storage bucket for the project via Google App Engine.
resource "google_app_engine_application" "default" {
provider = google-beta
project = google_project.storage.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
# This will set the location for the default Storage bucket and the App Engine App.
location_id = "name-of-region-for-default-bucket"
# If you use Firestore, uncomment this to make sure Firestore is provisioned first.
# depends_on = [
# google_firestore_database.firestore
# ]
}
# Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
resource "google_firebase_storage_bucket" "default-bucket" {
provider = google-beta
project = google_project.storage.project_id
bucket_id = google_app_engine_application.default.default_bucket
}
# Creates a ruleset of Cloud Storage Security Rules from a local file.
resource "google_firebaserules_ruleset" "storage" {
provider = google-beta
project = google_project.storage.project_id
source {
files {
# Write security rules in a local file named "storage.rules".
# Learn more: https://firebase.google.com/docs/storage/security/get-started
name = "storage.rules"
content = file("storage.rules")
}
}
# Wait for the default Storage bucket to be provisioned before creating this ruleset.
depends_on = [
google_firebase_project.storage,
]
}
# Releases the ruleset to the default Storage bucket.
resource "google_firebaserules_release" "default-bucket" {
provider = google-beta
name = "firebase.storage/${google_app_engine_application.default.default_bucket}"
ruleset_name = "projects/${google_project.storage.project_id}/rulesets/${google_firebaserules_ruleset.storage.name}"
project = google_project.storage.project_id
}
# Uploads a new file to the default Storage bucket.
# Don't use real end-user or production data in this file.
resource "google_storage_bucket_object" "cat-picture" {
provider = google-beta
name = "cat.png"
source = "path/to/cat.png"
bucket = google_app_engine_application.default.default_bucket
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "storage" {
provider = google-beta
project = google_project.storage.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "storage" {
provider = google-beta
project = google_project.storage.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "storage" {
provider = google-beta
project = google_project.storage.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage,
]
}
Ini adalah kumpulan aturan untuk Aturan Keamanan Cloud Storage yang harus ada dalam file lokal yang bernama storage.rules.
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
Menyediakan beberapa bucket Cloud Storage
Konfigurasi ini akan membuat project Google Cloud baru, mengaitkan project dengan akun Penagihan Cloud (diperlukan paket harga Blaze untuk menyediakan beberapa bucket), mengaktifkan layanan Firebase untuk project, menyediakan beberapa bucket Cloud Storage (termasuk bucket Cloud Storage default project), dan mendaftarkan tiga jenis aplikasi berbeda ke project tersebut.
Konfigurasi ini juga akan menyediakan Aturan Keamanan Firebase untuk bucket Cloud Storage dan mengupload file ke bucket Cloud Storage default.
# Creates a new Google Cloud project.
resource "google_project" "storage-multi" {
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Associates the project with a Cloud Billing account
# (required for multiple Cloud Storage buckets).
billing_account = "000000-000000-000000"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "storage-multi" {
provider = google-beta.no_user_project_override
project = google_project.storage-multi.project_id
for_each = toset([
"cloudbilling.googleapis.com",
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebaserules.googleapis.com",
"firebasestorage.googleapis.com",
"storage.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident.
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
}
# Provisions the default Cloud Storage bucket for the project via Google App Engine.
resource "google_app_engine_application" "default-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
# This will set the location for the default Storage bucket and the App Engine App.
location_id = "name-of-region-for-default-bucket"
# If you use Firestore, uncomment this to make sure Firestore is provisioned first.
# depends_on = [
# google_firestore_database.firestore
# ]
}
# Provisions an additional Cloud Storage bucket.
# Additional Cloud Storage buckets are not provisioned via App Engine.
resource "google_storage_bucket" "bucket-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
name = "name-of-additional-storage-bucket"
# See available locations: https://cloud.google.com/storage/docs/locations#available-locations
# This location does not need to be the same as the default Storage bucket.
location = "name-of-region-for-additional-bucket"
}
# Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
resource "google_firebase_storage_bucket" "default-bucket-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
bucket_id = google_app_engine_application.default-multi.default_bucket
}
# Makes the additional Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
resource "google_firebase_storage_bucket" "bucket-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
bucket_id = google_storage_bucket.bucket-multi.name
}
# Creates a ruleset of Firebase Security Rules from a local file.
resource "google_firebaserules_ruleset" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
source {
files {
# Write security rules in a local file named "storage.rules"
# Learn more: https://firebase.google.com/docs/storage/security/get-started
name = "storage.rules"
content = file("storage.rules")
}
}
# Wait for the Storage buckets to be provisioned before creating this ruleset.
depends_on = [
google_firebase_project.storage-multi,
]
}
# Releases the ruleset to the default Storage bucket.
resource "google_firebaserules_release" "default-bucket-multi" {
provider = google-beta
name = "firebase.storage/${google_app_engine_application.default-multi.default_bucket}"
ruleset_name = "projects/${google_project.storage-multi.project_id}/rulesets/${google_firebaserules_ruleset.storage-multi.name}"
project = google_project.storage-multi.project_id
}
# Releases the ruleset to the additional Storage bucket.
resource "google_firebaserules_release" "bucket-multi" {
provider = google-beta
name = "firebase.storage/${google_storage_bucket.bucket-multi.name}"
ruleset_name = "projects/${google_project.storage-multi.project_id}/rulesets/${google_firebaserules_ruleset.storage-multi.name}"
project = google_project.storage-multi.project_id
}
# Uploads a new file to the default Storage bucket.
# Do not use real end-user or production data in this file.
resource "google_storage_bucket_object" "cat-picture-multi" {
provider = google-beta
name = "cat.png"
source = "path/to/cat.png"
bucket = google_app_engine_application.default-multi.default_bucket
}
# Creates a Firebase Android App in the new project created above.
resource "google_firebase_android_app" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
display_name = "My Android app"
package_name = "android.package.name"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage-multi,
]
}
# Creates a Firebase Apple-platforms App in the new project created above.
resource "google_firebase_apple_app" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
display_name = "My Apple app"
bundle_id = "apple.app.12345"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage-multi,
]
}
# Creates a Firebase Web App in the new project created above.
resource "google_firebase_web_app" "storage-multi" {
provider = google-beta
project = google_project.storage-multi.project_id
display_name = "My Web app"
# The other App types (Android and Apple) use "DELETE" by default.
# Web apps don't use "DELETE" by default due to backward-compatibility.
deletion_policy = "DELETE"
# Wait for Firebase to be enabled in the Google Cloud project before creating this App.
depends_on = [
google_firebase_project.storage-multi,
]
}
Ini adalah kumpulan aturan untuk Aturan Keamanan Cloud Storage yang harus ada dalam file lokal yang bernama storage.rules.
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
Menyediakan instance Cloud Firestore dan bucket Cloud Storage default
Konfigurasi ini akan membuat project Google Cloud baru, mengaktifkan layanan Firebase untuk project, menyediakan instance Cloud Firestore, lalu menyediakan bucket Cloud Storage default.
Konfigurasi ini juga akan menyediakan Aturan Keamanan Firebase untuk instance Cloud Firestore dan bucket Cloud Storage default.
# Creates a new Google Cloud project.
resource "google_project" "fs" { # fs = Firestore + Storage
provider = google-beta.no_user_project_override
folder_id = "folder-id-for-new-project"
name = "Project Display Name"
project_id = "project-id-for-new-project"
# Required for the project to display in a list of Firebase projects.
labels = {
"firebase" = "enabled"
}
}
# Enables required APIs.
resource "google_project_service" "fs" {
provider = google-beta.no_user_project_override
project = google_project.fs.project_id
for_each = toset([
"serviceusage.googleapis.com",
"cloudresourcemanager.googleapis.com",
"firebaserules.googleapis.com",
"firebasestorage.googleapis.com",
"storage.googleapis.com",
"firestore.googleapis.com",
])
service = each.key
# Don't disable the service if the resource block is removed by accident
disable_on_destroy = false
}
# Enables Firebase services for the new project created above.
resource "google_firebase_project" "fs" {
provider = google-beta
project = google_project.fs.project_id
}
#### Set up Firestore before default Cloud Storage bucket ####
# Provisions the Firestore database instance.
resource "google_firestore_database" "firestore-fs" {
provider = google-beta
project = google_project.fs.project_id
name = "(default)"
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
location_id = "name-of-region"
# "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules.
type = "FIRESTORE_NATIVE"
concurrency_mode = "OPTIMISTIC"
# Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore.
depends_on = [
google_firebase_project.fs,
]
}
# Creates a ruleset of Firestore Security Rules from a local file.
resource "google_firebaserules_ruleset" "firestore-fs" {
provider = google-beta
project = google_project.fs.project_id
source {
files {
# Write security rules in a local file named "firestore.rules".
# Learn more: https://firebase.google.com/docs/firestore/security/get-started
name = "firestore.rules"
content = file("firestore.rules")
}
}
# Wait for Firestore to be provisioned before creating this ruleset.
depends_on = [
google_firestore_database.firestore-fs
]
}
# Releases the ruleset for the Firestore instance.
resource "google_firebaserules_release" "firestore-fs" {
provider = google-beta
name = "cloud.firestore" # must be cloud.firestore
ruleset_name = google_firebaserules_ruleset.firestore-fs.name
project = google_project.fs.project_id
# Wait for Firestore to be provisioned before releasing the ruleset.
depends_on = [
google_firestore_database.firestore-fs,
]
}
#### Set up default Cloud Storage default bucket after Firestore ####
# Provisions the default Cloud Storage bucket for the project via Google App Engine.
resource "google_app_engine_application" "default-bucket-fs" {
provider = google-beta
project = google_project.fs.project_id
# See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location
# This will set the location for the default Storage bucket and the App Engine App.
location_id = "name-of-region" # Must be in the same location as Firestore (above)
# Wait for Firestore to be provisioned first.
# Otherwise, the Firestore instance will be provisioned in Datastore mode (unusable by Firebase).
depends_on = [
google_firestore_database.firestore-fs,
]
}
# Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
resource "google_firebase_storage_bucket" "default-bucket-fs" {
provider = google-beta
project = google_project.fs.project_id
bucket_id = google_app_engine_application.default-bucket-fs.default_bucket
}
# Creates a ruleset of Cloud Storage Security Rules from a local file.
resource "google_firebaserules_ruleset" "default-bucket-fs" {
provider = google-beta
project = google_project.fs.project_id
source {
files {
# Write security rules in a local file named "storage.rules".
# Learn more: https://firebase.google.com/docs/storage/security/get-started
name = "storage.rules"
content = file("storage.rules")
}
}
# Wait for the Cloud Storage bucket to be provisioned before creating this ruleset.
depends_on = [
google_firebase_project.fs,
]
}
# Releases the ruleset to the default Storage bucket.
resource "google_firebaserules_release" "default-bucket-fs" {
provider = google-beta
name = "firebase.storage/${google_app_engine_application.default-bucket-fs.default_bucket}"
ruleset_name = "projects/${google_project.fs.project_id}/rulesets/${google_firebaserules_ruleset.default-bucket-fs.name}"
project = google_project.fs.project_id
}
Ini adalah kumpulan aturan untuk Aturan Keamanan Cloud Firestore yang harus ada dalam file lokal yang bernama firestore.rules.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
allow read: if request.auth != null;
allow create: if request.auth != null;
allow update: if request.auth != null;
}
}
Ini adalah kumpulan aturan untuk Aturan Keamanan Cloud Storage yang harus ada dalam file lokal yang bernama storage.rules.
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
Pemecahan masalah dan pertanyaan umum (FAQ)
Anda ingin mempelajari lebih lanjut berbagai atribut terkait project (seperti project, user_project_override, dan )
Panduan ini menggunakan atribut Terraform berikut saat menangani "project".
project dalam blok resource
Direkomendasikan: jika memungkinkan, sertakan atribut project dalam setiap blok resource
Dengan menyertakan atribut project, Terraform akan membuat infrastruktur yang ditentukan di blok resource dalam project yang ditentukan. Panduan ini dan contoh file konfigurasi kami semuanya menggunakan praktik ini.
Lihat dokumentasi Terraform resmi tentang project.
user_project_override dalam blok provider
Untuk menyediakan sebagian besar resource, Anda harus menggunakan user_project_override = true, yang berarti memeriksa kuota terhadap project Firebase Anda sendiri. Namun, untuk menyiapkan project baru agar dapat menerima pemeriksaan kuota, Anda harus menggunakan user_project_override = false terlebih dahulu.
Anda mendapatkan error ini: generic::permission_denied: Firebase Tos Not Accepted.
Pastikan akun pengguna yang digunakan untuk menjalankan perintah gCloud CLI telah menyetujui Persyaratan Layanan (ToS) Firebase.
Anda dapat melakukan pemeriksaan ini dengan menggunakan browser yang telah login ke akun pengguna tersebut dan mencoba melihat project Firebase yang ada di Firebase console. Jika Anda dapat melihat project Firebase yang ada, berarti akun pengguna itu telah menyetujui ToS Firebase.
Jika Anda tidak dapat melihat project Firebase yang ada, akun pengguna tersebut kemungkinan belum menyetujui ToS Firebase. Untuk mengatasi masalah ini, buat project Firebase baru melalui Firebase console dan setujui ToS Firebase sebagai bagian dari pembuatan project. Anda dapat langsung menghapus project ini melalui Project Settings di Firebase console.
Setelah menjalankan terraform apply, Anda mendapatkan error ini: generic::permission_denied: IAM authority does not have the
permission.
Tunggu beberapa menit, lalu coba jalankan terraform apply lagi.
Pembuatan resource gagal, tetapi saat Anda menjalankan terraform apply lagi, muncul pesan ALREADY_EXISTS.
Hal ini kemungkinan disebabkan oleh keterlambatan penerapan di berbagai sistem. Coba selesaikan masalah ini dengan mengimpor resource ke status Terraform dengan menjalankan terraform import. Lalu, coba jalankan terraform apply lagi.
Saat menggunakan Cloud Firestore, Anda mendapatkan error ini: Error creating Index: googleapi:
Error 409;...Concurrent access -- try again.
Error ini menunjukkan bahwa Terraform mungkin mencoba menyediakan beberapa indeks dan/atau membuat dokumen secara bersamaan, lalu mengalami error serentak.
Coba jalankan terraform apply lagi.
Anda mendapatkan error ini: "you may need to specify 'X-Goog-User-Project' HTTP header for quota and
billing purposes".
Error ini berarti bahwa Terraform tidak mengetahui project mana yang akan diperiksa kuotanya. Untuk memecahkan masalah, periksa hal-hal berikut di blok resource:
Pastikan Anda telah menentukan nilai untuk atribut project.
Pastikan Anda menggunakan penyedia dengan user_project_override = true (tanpa alias), yang dalam contoh Firebase adalah google-beta.
Saat membuat project Google Cloud baru, Anda mendapatkan error bahwa project ID yang ditentukan untuk project baru tersebut sudah ada.
Berikut kemungkinan alasan project ID mungkin sudah ada:
Project yang terkait dengan ID tersebut adalah milik orang lain.
Untuk mengatasi: Pilih project ID lain.
Project yang terkait dengan ID tersebut baru saja dihapus (dalam status penghapusan sementara).
Untuk mengatasi: Jika menurut Anda project yang terkait dengan ID tersebut adalah milik Anda, periksa statusnya menggunakan REST API projects.get.
Project yang terkait dengan ID tersebut ada dengan benar di bawah pengguna saat ini. Kemungkinan penyebab error ini adalah karena terraform apply sebelumnya terganggu.
Untuk mengatasi: Jalankan perintah berikut: terraform import google_project.default PROJECT_ID
lalu terraform import google_firebase_project.default PROJECT_ID
Saat mencoba menyediakan Cloud Firestore, lalu Cloud Storage (melalui google_app_engine_application), Anda mendapatkan error ini: Error: Error creating App Engine application: googleapi: Error 409:
Cannot create Firestore database resource <resource-name> since it
already exists at location <location-id>, alreadyExists.
Aplikasi App Engine memerlukan instance Cloud Firestore, tetapi Anda hanya dapat memiliki satu instance Cloud Firestore per project. Jadi, seperti yang ditunjukkan oleh pesan error ini, jika Anda telah menyediakan instance Cloud Firestore project di satu lokasi, App Engine akan mengalami error jika Anda mencoba menyediakan instance Cloud Firestore di lokasi lain. App Engine merasa bahwa Anda mencoba "menyediakan ulang" instance Cloud Firestore yang sudah ada.
Untuk mengatasi error ini, gunakan lokasi yang sama, baik untuk aplikasi Cloud Firestore maupun App Engine. Jika memerlukan bucket Cloud Storage di lokasi yang berbeda dengan Cloud Firestore, Anda dapat menyediakan bucket tambahan (lihat contoh konfigurasi untuk membuat beberapa bucket Cloud Storage).
Saat mencoba menyediakan Cloud Storage (melalui google_app_engine_application), lalu Cloud Firestore, Anda mendapatkan error ini: Error: Error creating Database: googleapi: Error 409: Database already
exists. Please use another database_id.
Saat Anda menyediakan bucket Cloud Storage default project (melalui google_app_engine_application) dan project belum memiliki instance Cloud Firestore, google_app_engine_application akan otomatis menyediakan instance Cloud Firestore project.
Jadi, jika instance Cloud Firestore project Anda sudah disediakan, google_firestore_database akan mengalami error jika Anda mencoba menyediakan instance Cloud Firestore secara eksplisit.
Setelah instance Cloud Firestore project disediakan, Anda tidak dapat "menyediakannya ulang" atau mengubah lokasinya. Agar error ini tidak terulang, hapus blok resource google_firestore_database dari file konfigurasi Anda.
Namun, perlu diperhatikan bahwa sebaiknya sediakan Cloud Firestore sebelum bucket Cloud Storage default project (lihat alasannya di bawah).
