Firebase 開始支援Terraform 。如果您所在的團隊想要自動化和標準化建立 Firebase 專案並配置特定資源並啟用服務,那麼將 Terraform 與 Firebase 結合使用可能非常適合您。
將 Terraform 與 Firebase 結合使用的基本工作流程包括以下內容:
建立和自訂 Terraform 設定檔(
.tf
檔案),該檔案指定要設定的基礎架構(即要設定的資源和要啟用的服務)。使用與 Terraform 互動的 gCloud CLI 指令來設定
.tf
檔案中指定的基礎架構。
您可以使用 Terraform 和 Firebase 做什麼?
本指南中的範例通用工作流程是使用 Android 應用程式建立一個新的 Firebase 專案。但您可以使用 Terraform 做更多事情,例如:
使用 Terraform 刪除和修改現有基礎設施。
使用 Terraform 管理特定於產品的配置和任務,例如:
- 啟用 Firebase 驗證登入提供者。
- 建立 Cloud Storage 儲存桶或資料庫執行個體並為其部署 Firebase 安全性規則。
您可以使用標準 Terraform 設定檔和命令來完成所有這些任務。為了幫助您解決此問題,我們為幾個常見用例提供了範例 Terraform 設定檔。
將 Terraform 與 Firebase 結合使用的通用工作流程
先決條件
本指南介紹如何將 Terraform 與 Firebase 結合使用,因此假設您已基本熟悉 Terraform。在開始此工作流程之前,請確保您已完成以下先決條件。
安裝 Terraform並使用其官方教程熟悉 Terraform。
安裝 Google Cloud CLI (gCloud CLI)。使用使用者帳戶或服務帳號登入。
- 如果使用使用者帳戶,您必須接受 Firebase 服務條款 (Firebase ToS)。如果您可以在Firebase 控制台中查看 Firebase 項目,則表示您已接受 Firebase ToS
- 若要讓 Terraform 執行某些操作(例如,建立專案),必須滿足以下條件:
- 使用者或服務帳戶必須具有適用於這些操作的 IAM 存取權限。
- 如果使用者或服務帳號屬於 Google Cloud 組織,則組織政策必須允許該帳號執行這些操作。
步驟 1:建立並自訂 Terraform 設定文件
Terraform 設定檔需要兩個主要部分(下面詳細描述):
設定您的provider
無論涉及哪種 Firebase 產品或服務,都需要provider
程式設定。
在本機目錄中建立 Terraform 設定檔(如
main.tf
檔案)。在本指南中,您將使用此設定檔來指定
provider
設定以及您希望 Terraform 建立的所有基礎架構。但請注意,您可以選擇如何包含提供者設定。對於如何將
provider
設定包含到 Terraform 配置的其餘部分,您有以下選項:選項 1:將其包含在單一 Terraform
.tf
設定檔的頂部(如本指南所示)。- 如果您剛開始使用 Terraform 或只是嘗試使用 Firebase 進行 Terraform,請使用此選項。
選項 2:將其包含在一個單獨的
.tf
檔案(如provider.tf
檔案)中,除了您指定要建立的基礎結構的.tf
檔案(如main.tf
檔案)。- 如果您是需要標準化設定的大型團隊的一員,請使用此選項。
- 執行 Terraform 指令時,
provider.tf
檔案和main.tf
檔案必須位於同一目錄中。
在
main.tf
檔案頂部包含以下provider
設定。您必須使用
google-beta
提供程序,因為這是將 Firebase 與 Terraform 結合使用的測試版。生產中使用時請務必小心。# Terraform configuration to set up providers by version. terraform { required_providers { google-beta = { source = "hashicorp/google-beta" version = "~> 4.0" } } } # Configures the provider to use the resource block's specified project for quota checks. provider "google-beta" { user_project_override = true } # Configures the provider to not use the resource block's specified project for quota checks. # This provider should only be used during project creation and initializing services. provider "google-beta" { alias = "no_user_project_override" user_project_override = false }
詳細了解將 Terraform 與 Firebase 結合使用時不同類型的項目相關屬性(包括本指南所稱的「配額檢查項目」)。
繼續下一部分以完成設定檔並指定要建立的基礎架構。
使用resource
區塊指定要建立的基礎設施
在您的 Terraform 設定檔(對於本指南,您的main.tf
檔案)中,您需要指定您希望Terraform 建立的所有基礎架構(表示您想要設定的所有資源以及您想要啟用的所有服務) 。在本指南中,找到支援 Terraform 的所有 Firebase 資源的完整清單。
開啟您的
main.tf
檔案。在
provider
設定下,包括以下resource
區塊配置。此基本範例建立一個新的 Firebase 項目,然後在該專案中建立一個 Firebase Android 應用程式。
# Terraform configuration to set up providers by version. ... # Configures the provider to use the resource block's specified project for quota checks. ... # Configures the provider to not use the resource block's specified project for quota checks. ... # Creates a new Google Cloud project. resource "google_project" "default" { provider = google-beta.no_user_project_override name = "Project Display Name" project_id = "project-id-for-new-project" # Required for any service that requires the Blaze pricing plan # (like Firebase Authentication with GCIP) billing_account = "000000-000000-000000" # Required for the project to display in any list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "default" { provider = google-beta.no_user_project_override project = google_project.default.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "firebase.googleapis.com", # Enabling the ServiceUsage API allows the new project to be quota checked from now on. "serviceusage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "default" { provider = google-beta project = google_project.default.project_id # Waits for the required APIs to be enabled. depends_on = [ google_project_service.default ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "default" { provider = google-beta project = google_project.default.project_id display_name = "My Awesome Android app" package_name = "awesome.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.default, ] }
如果您不熟悉作為資源的專案和應用程式的基礎架構,請查看以下文件:
- 了解 Firebase 項目
- Firebase 專案管理的參考文檔
# Terraform configuration to set up providers by version. ... # Configures the provider to use the resource block's specified project for quota checks. ... # Configures the provider to not use the resource block's specified project for quota checks. ... # Creates a new Google Cloud project. resource "google_project" "default" { # Use the provider that enables the setup of quota checks for a new project provider = google-beta.no_user_project_override name = "Project Display Name" // learn more about the project name project_id = "project-id-for-new-project" // learn more about the project ID # Required for any service that requires the Blaze pricing plan # (like Firebase Authentication with GCIP) billing_account = "000000-000000-000000" # Required for the project to display in any list of Firebase projects. labels = { "firebase" = "enabled" // learn more about the Firebase-enabled label } } # Enables required APIs. resource "google_project_service" "default" { # Use the provider without quota checks for enabling APIS provider = google-beta.no_user_project_override project = google_project.default.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "firebase.googleapis.com", # Enabling the ServiceUsage API allows the new project to be quota checked from now on. "serviceusage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. # This action essentially "creates a Firebase project" and allows the project to use # Firebase services (like Firebase Authentication) and # Firebase tooling (like the Firebase console). # Learn more about the relationship between Firebase projects and Google Cloud. resource "google_firebase_project" "default" { # Use the provider that performs quota checks from now on provider = google-beta project = google_project.default.project_id # Waits for the required APIs to be enabled. depends_on = [ google_project_service.default ] } # Creates a Firebase Android App in the new project created above. # Learn more about the relationship between Firebase Apps and Firebase projects. resource "google_firebase_android_app" "default" { provider = google-beta project = google_project.default.project_id display_name = "My Awesome Android app" # learn more about an app's display name package_name = "awesome.package.name" # learn more about an app's package name # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.default, ] }
步驟 2:執行 Terraform 指令來建立指定的基礎設施
若要設定資源並啟用main.tf
檔案中指定的服務,請從main.tf
檔案所在的目錄執行以下命令。有關這些命令的詳細信息,請參閱Terraform 文件。
如果這是您第一次在該目錄中執行 Terraform 命令,則需要初始化配置目錄並安裝 Google Terraform 提供者。透過執行以下命令來執行此操作:
terraform init
透過執行以下命令建立
main.tf
檔案中指定的基礎架構:terraform apply
確認所有內容均按預期配置或啟用:
選項 1:透過執行以下命令查看終端機中列印的配置:
terraform show
選項 2:在Firebase 控制台中檢視您的 Firebase 專案。
具有 Terraform 支援的 Firebase 資源
以下 Firebase 和 Google 資源具有 Terraform 支援。我們一直在添加更多資源!因此,如果您沒有看到想要使用 Terraform 管理的資源,請盡快回來查看它是否可用,或者透過在 GitHub 儲存庫中提交問題來請求它。
Firebase 專案與應用程式管理
google_firebase_project
— 在現有 Google Cloud 專案上啟用 Firebase 服務google_firebase_project_location
— 設定專案預設 Google Cloud 資源的位置Firebase 應用程式
google_firebase_apple_app
— 建立或管理 Firebase Apple 平台應用程式google_firebase_android_app
— 建立或管理 Firebase Android 應用程式google_firebase_web_app
— 建立或管理 Firebase Web 應用程式
Firebase 身份驗證
google_identity_platform_config
— 啟用 Google Cloud Identity Platform (GCIP)(Firebase 驗證的後端)並提供專案級身份驗證設置透過 Terraform 設定 Firebase 驗證需要啟用 GCIP。請務必查看範例
.tf
檔案以了解如何設定 Firebase 身份驗證。Terraform 將啟用 GCIP 和/或 Firebase 驗證的項目必須位於 Blaze 定價方案中(即該項目必須具有關聯的 Cloud Billing 帳戶)。您可以透過在
google_project
資源中設定billing_account
屬性以程式設計方式執行此操作。此資源還支援更多配置,例如本機登入方法,例如匿名、電子郵件/密碼和電話身份驗證,以及封鎖功能和授權網域。
google_identity_platform_default_supported_idp_config
— 設定常見的聯合身分提供者,例如 Google、Facebook 或 Appleidentity_platform_oauth_idp_config
— 設定任意 OAuth 身分提供者 (IdP) 來源google_identity_platform_inbound_saml_config
— 設定 SAML 集成
尚不支持:
- 透過 Terraform 配置多重驗證 (MFA)
Firebase 即時資料庫
google_firebase_database_instance
— 建立即時資料庫實例
尚不支持:
- 透過 Terraform 部署 Firebase 即時資料庫安全規則(了解如何使用其他工具(包括程式選項)部署這些規則)
雲端Firestore
google_firestore_database
— 建立 Cloud Firestore 實例google_firestore_index
— 為 Cloud Firestore 啟用高效查詢google_firestore_document
— 使用集合中的特定文件為 Cloud Firestore 實例播種重要提示:請勿在此種子文件中使用真實的最終使用者或生產資料。
Firebase 雲端儲存
google_firebase_storage_bucket
— 讓現有的 Cloud Storage 儲存分區可供 Firebase SDK、身份驗證和 Firebase 安全規則存取- 為 Firebase 專案設定預設 Cloud Storage 儲存桶需要先設定
google_app_engine_application
。請務必查看範例.tf
文件,以了解如何配置 Cloud Storage 儲存桶。
- 為 Firebase 專案設定預設 Cloud Storage 儲存桶需要先設定
google_storage_bucket_object
— 將物件新增至 Cloud Storage 儲存分區重要提示:請勿在此文件中使用真實的最終使用者或生產資料。
Firebase 安全性規則(適用於 Cloud Firestore 和 Cloud Storage)
請注意,Firebase 即時資料庫對其 Firebase 安全性規則使用不同的設定係統。
google_firebaserules_ruleset
— 定義適用於 Cloud Firestore 實例或 Cloud Storage 儲存分區的 Firebase 安全性規則google_firebaserules_release
— 將特定規則集部署到 Cloud Firestore 實例或 Cloud Storage 儲存桶
Firebase 應用程式檢查
google_firebase_app_check_service_config
— 為服務啟用應用程式檢查google_firebase_app_check_app_attest_config
— 向 App Attest 提供者註冊 Apple 平台應用google_firebase_app_check_device_check_config
— 向 DeviceCheck 提供者註冊 Apple 平台應用google_firebase_app_check_play_integrity_config
— 向 Play Integrity 提供者註冊 Android 應用google_firebase_app_check_recaptcha_enterprise_config
— 向 reCAPTCHA Enterprise 提供者註冊 Web 應用程式google_firebase_app_check_recaptcha_v3_config
— 向 reCAPTCHA v3 提供者註冊網路應用google_firebase_app_check_debug_token
— 使用偵錯令牌進行測試
Firebase 擴充
google_firebase_extensions_instance
— 安裝或更新 Firebase 擴充實例
常見用例的 Terraform 設定檔範例
此配置會建立新的Google Cloud 項目,將該項目與Cloud Billing 帳號關聯(使用GCIP 的Firebase 驗證需要Blaze 定價計畫),為該項目啟用Firebase 服務,設定使用GCIP 的Firebase 驗證,並註冊三個不同的應用類型與項目。
請注意,需要啟用 GCIP 才能透過 Terraform 設定 Firebase 身份驗證。
# Creates a new Google Cloud project. resource "google_project" "auth" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Associates the project with a Cloud Billing account # (required for Firebase Authentication with GCIP). billing_account = "000000-000000-000000" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "auth" { provider = google-beta.no_user_project_override project = google_project.auth.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "serviceusage.googleapis.com", "identitytoolkit.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "auth" { provider = google-beta project = google_project.auth.project_id depends_on = [ google_project_service.auth, ] } # Creates an Identity Platform config. # Also enables Firebase Authentication with Identity Platform in the project if not. resource "google_identity_platform_config" "auth" { provider = google-beta project = google_project.auth.project_id # Auto-deletes anonymous users autodelete_anonymous_users = true # Configures local sign-in methods, like anonymous, email/password, and phone authentication. sign_in { allow_duplicate_emails = true anonymous { enabled = true } email { enabled = true password_required = false } phone_number { enabled = true test_phone_numbers = { "+11231231234" = "000000" } } } # Sets an SMS region policy. sms_region_config { allowlist_only { allowed_regions = [ "US", "CA", ] } } # Configures blocking functions. blocking_functions { triggers { event_type = "beforeSignIn" function_uri = "https://us-east1-${google_project.auth.project_id}.cloudfunctions.net/before-sign-in" } forward_inbound_credentials { refresh_token = true access_token = true id_token = true } } # Configures a temporary quota for new signups for anonymous, email/password, and phone number. quota { sign_up_quota_config { quota = 1000 start_time = "" quota_duration = "7200s" } } # Configures authorized domains. authorized_domains = [ "localhost", "${google_project.auth.project_id}.firebaseapp.com", "${google_project.auth.project_id}.web.app", ] # Wait for identitytoolkit.googleapis.com to be enabled before initializing Authentication. depends_on = [ google_project_service.auth, ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "auth" { provider = google-beta project = google_project.auth.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.auth, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "auth" { provider = google-beta project = google_project.auth.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.auth, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "auth" { provider = google-beta project = google_project.auth.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.auth, ] }
此配置會建立一個新的 Google Cloud 項目,為該項目啟用 Firebase 服務,配置該項目的預設即時資料庫實例,並向該項目註冊三種不同的應用程式類型。
# Creates a new Google Cloud project. resource "google_project" "rtdb" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "rtdb" { provider = google-beta.no_user_project_override project = google_project.rtdb.project_id for_each = toset([ "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebasedatabase.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "rtdb" { provider = google-beta project = google_project.rtdb.project_id } # Provisions the default Realtime Database default instance. resource "google_firebase_database_instance" "database" { provider = google-beta project = google_project.rtdb.project_id # See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations region = "name-of-region" # This value will become the first segment of the database's URL. instance_id = "${google_project.rtdb.project_id}-default-rtdb" type = "DEFAULT_DATABASE" # Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database. depends_on = [ google_firebase_project.rtdb, ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "rtdb" { provider = google-beta project = google_project.rtdb.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "rtdb" { provider = google-beta project = google_project.rtdb.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "rtdb" { provider = google-beta project = google_project.rtdb.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb, ] }
此配置會建立一個新的Google Cloud 項目,將該項目與Cloud Billing 帳號關聯(多個即時資料庫執行個體需要Blaze 定價方案),為該項目啟用Firebase 服務,配置多個即時資料庫實例(包括項目的預設即時資料庫)實例),並向專案註冊三種不同的應用程式類型。
# Creates a new Google Cloud project. resource "google_project" "rtdb-multi" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Associate the project with a Cloud Billing account # (required for multiple Realtime Database instances). billing_account = "000000-000000-000000" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "rtdb-multi" { provider = google-beta.no_user_project_override project = google_project.rtdb-multi.project_id for_each = toset([ "cloudbilling.googleapis.com", "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebasedatabase.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "rtdb-multi" { provider = google-beta project = google_project.rtdb-multi.project_id } # Provisions the default Realtime Database default instance. resource "google_firebase_database_instance" "database-default" { provider = google-beta project = google_project.rtdb-multi.project_id # See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations region = "name-of-region" # This value will become the first segment of the database's URL. instance_id = "${google_project.rtdb-multi.project_id}-default-rtdb" type = "DEFAULT_DATABASE" # Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database. depends_on = [ google_firebase_project.rtdb-multi, ] } # Provisions an additional Realtime Database instance. resource "google_firebase_database_instance" "database-additional" { provider = google-beta project = google_project.rtdb-multi.project_id # See available locations: https://firebase.google.com/docs/projects/locations#rtdb-locations # This location doesn't need to be the same as the default database instance. region = "name-of-region" # This value will become the first segment of the database's URL. instance_id = "name-of-additional-database-instance" type = "USER_DATABASE" # Wait for Firebase to be enabled in the Google Cloud project before initializing Realtime Database. depends_on = [ google_firebase_project.rtdb-multi, ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "rtdb-multi" { provider = google-beta project = google_project.rtdb-multi.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb-multi, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "rtdb-multi" { provider = google-beta project = google_project.rtdb-multi.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb-multi, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "rtdb-multi" { provider = google-beta project = google_project.rtdb-multi.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.rtdb-multi, ] }
此配置會建立一個新的 Google Cloud 項目,為該項目啟用 Firebase 服務,配置該項目的 Cloud Firestore 實例,並向該項目註冊三種不同的應用程式類型。
它還為 Cloud Firestore 執行個體配置 Firebase 安全性規則、建立 Cloud Firestore 索引並新增包含種子資料的 Cloud Firestore 文件。
# Creates a new Google Cloud project. resource "google_project" "firestore" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "firestore" { provider = google-beta.no_user_project_override project = google_project.firestore.project_id for_each = toset([ "cloudresourcemanager.googleapis.com", "serviceusage.googleapis.com", "firestore.googleapis.com", "firebaserules.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "firestore" { provider = google-beta project = google_project.firestore.project_id } # Provisions the Firestore database instance. resource "google_firestore_database" "firestore" { provider = google-beta project = google_project.firestore.project_id name = "(default)" # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location location_id = "name-of-region" # "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules. type = "FIRESTORE_NATIVE" concurrency_mode = "OPTIMISTIC" # Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore. depends_on = [ google_firebase_project.firestore, ] } # Creates a ruleset of Firestore Security Rules from a local file. resource "google_firebaserules_ruleset" "firestore" { provider = google-beta project = google_project.firestore.project_id source { files { name = "firestore.rules" # Write security rules in a local file named "firestore.rules". # Learn more: https://firebase.google.com/docs/firestore/security/get-started content = file("firestore.rules") } } # Wait for Firestore to be provisioned before creating this ruleset. depends_on = [ google_firestore_database.firestore, ] } # Releases the ruleset for the Firestore instance. resource "google_firebaserules_release" "firestore" { provider = google-beta name = "cloud.firestore" # must be cloud.firestore ruleset_name = google_firebaserules_ruleset.firestore.name project = google_project.firestore.project_id # Wait for Firestore to be provisioned before releasing the ruleset. depends_on = [ google_firestore_database.firestore, ] } # Adds a new Firestore index. resource "google_firestore_index" "indexes" { provider = google-beta project = google_project.firestore.project_id collection = "quiz" query_scope = "COLLECTION" fields { field_path = "question" order = "ASCENDING" } fields { field_path = "answer" order = "ASCENDING" } # Wait for Firestore to be provisioned before adding this index. depends_on = [ google_firestore_database.firestore, ] } # Adds a new Firestore document with seed data. # Don't use real end-user or production data in this seed document. resource "google_firestore_document" "doc" { provider = google-beta project = google_project.firestore.project_id collection = "quiz" document_id = "question-1" fields = "{\"question\":{\"stringValue\":\"Favorite Database\"},\"answer\":{\"stringValue\":\"Firestore\"}}" # Wait for Firestore to be provisioned before adding this document. depends_on = [ google_firestore_database.firestore, ] } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "firestore" { provider = google-beta project = google_project.firestore.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.firestore, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "firestore" { provider = google-beta project = google_project.firestore.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.firestore, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "firestore" { provider = google-beta project = google_project.firestore.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.firestore, ] }
這是 Cloud Firestore 安全性規則的規則集,應位於名為firestore.rules
的本機檔案中。
rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { allow read: if request.auth != null; allow create: if request.auth != null; allow update: if request.auth != null; } }
此配置會建立一個新的 Google Cloud 項目,為該項目啟用 Firebase 服務,配置該項目的預設 Cloud Storage 儲存桶,並向該項目註冊三種不同的應用程式類型。
它還為 Cloud Storage 儲存桶配置 Firebase 安全性規則,並將檔案上傳到該儲存桶。
# Creates a new Google Cloud project. resource "google_project" "storage" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "storage" { provider = google-beta.no_user_project_override project = google_project.storage.project_id for_each = toset([ "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebaserules.googleapis.com", "firebasestorage.googleapis.com", "storage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "storage" { provider = google-beta project = google_project.storage.project_id } # Provisions the default Cloud Storage bucket for the project via Google App Engine. resource "google_app_engine_application" "default" { provider = google-beta project = google_project.storage.project_id # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location # This will set the location for the default Storage bucket and the App Engine App. location_id = "name-of-region-for-default-bucket" # If you use Firestore, uncomment this to make sure Firestore is provisioned first. # depends_on = [ # google_firestore_database.firestore # ] } # Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules. resource "google_firebase_storage_bucket" "default-bucket" { provider = google-beta project = google_project.storage.project_id bucket_id = google_app_engine_application.default.default_bucket } # Creates a ruleset of Cloud Storage Security Rules from a local file. resource "google_firebaserules_ruleset" "storage" { provider = google-beta project = google_project.storage.project_id source { files { # Write security rules in a local file named "storage.rules". # Learn more: https://firebase.google.com/docs/storage/security/get-started name = "storage.rules" content = file("storage.rules") } } # Wait for the default Storage bucket to be provisioned before creating this ruleset. depends_on = [ google_firebase_project.storage, ] } # Releases the ruleset to the default Storage bucket. resource "google_firebaserules_release" "default-bucket" { provider = google-beta name = "firebase.storage/${google_app_engine_application.default.default_bucket}" ruleset_name = "projects/${google_project.storage.project_id}/rulesets/${google_firebaserules_ruleset.storage.name}" project = google_project.storage.project_id } # Uploads a new file to the default Storage bucket. # Don't use real end-user or production data in this file. resource "google_storage_bucket_object" "cat-picture" { provider = google-beta name = "cat.png" source = "path/to/cat.png" bucket = google_app_engine_application.default.default_bucket } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "storage" { provider = google-beta project = google_project.storage.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "storage" { provider = google-beta project = google_project.storage.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "storage" { provider = google-beta project = google_project.storage.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage, ] }
這是雲端儲存安全規則的規則集,應位於名為storage.rules
的本機檔案中。
rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if request.auth != null; } } }
此配置會建立一個新的Google Cloud 項目,將該項目與Cloud Billing 帳號關聯(多個儲存桶需要Blaze 定價計畫),為該項目啟用Firebase 服務,配置多個Cloud Storage 儲存桶(包括項目的預設Cloud Storage 儲存桶) ,並在專案中註冊三種不同的應用程式類型。
它還為 Cloud Storage 儲存桶配置 Firebase 安全性規則,並將檔案上傳到預設的 Cloud Storage 儲存桶。
# Creates a new Google Cloud project. resource "google_project" "storage-multi" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Associates the project with a Cloud Billing account # (required for multiple Cloud Storage buckets). billing_account = "000000-000000-000000" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "storage-multi" { provider = google-beta.no_user_project_override project = google_project.storage-multi.project_id for_each = toset([ "cloudbilling.googleapis.com", "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebaserules.googleapis.com", "firebasestorage.googleapis.com", "storage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id } # Provisions the default Cloud Storage bucket for the project via Google App Engine. resource "google_app_engine_application" "default-multi" { provider = google-beta project = google_project.storage-multi.project_id # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location # This will set the location for the default Storage bucket and the App Engine App. location_id = "name-of-region-for-default-bucket" # If you use Firestore, uncomment this to make sure Firestore is provisioned first. # depends_on = [ # google_firestore_database.firestore # ] } # Provisions an additional Cloud Storage bucket. # Additional Cloud Storage buckets are not provisioned via App Engine. resource "google_storage_bucket" "bucket-multi" { provider = google-beta project = google_project.storage-multi.project_id name = "name-of-additional-storage-bucket" # See available locations: https://cloud.google.com/storage/docs/locations#available-locations # This location does not need to be the same as the default Storage bucket. location = "name-of-region-for-additional-bucket" } # Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules. resource "google_firebase_storage_bucket" "default-bucket-multi" { provider = google-beta project = google_project.storage-multi.project_id bucket_id = google_app_engine_application.default-multi.default_bucket } # Makes the additional Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules. resource "google_firebase_storage_bucket" "bucket-multi" { provider = google-beta project = google_project.storage-multi.project_id bucket_id = google_storage_bucket.bucket-multi.name } # Creates a ruleset of Firebase Security Rules from a local file. resource "google_firebaserules_ruleset" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id source { files { # Write security rules in a local file named "storage.rules" # Learn more: https://firebase.google.com/docs/storage/security/get-started name = "storage.rules" content = file("storage.rules") } } # Wait for the Storage buckets to be provisioned before creating this ruleset. depends_on = [ google_firebase_project.storage-multi, ] } # Releases the ruleset to the default Storage bucket. resource "google_firebaserules_release" "default-bucket-multi" { provider = google-beta name = "firebase.storage/${google_app_engine_application.default-multi.default_bucket}" ruleset_name = "projects/${google_project.storage-multi.project_id}/rulesets/${google_firebaserules_ruleset.storage-multi.name}" project = google_project.storage-multi.project_id } # Releases the ruleset to the additional Storage bucket. resource "google_firebaserules_release" "bucket-multi" { provider = google-beta name = "firebase.storage/${google_storage_bucket.bucket-multi.name}" ruleset_name = "projects/${google_project.storage-multi.project_id}/rulesets/${google_firebaserules_ruleset.storage-multi.name}" project = google_project.storage-multi.project_id } # Uploads a new file to the default Storage bucket. # Do not use real end-user or production data in this file. resource "google_storage_bucket_object" "cat-picture-multi" { provider = google-beta name = "cat.png" source = "path/to/cat.png" bucket = google_app_engine_application.default-multi.default_bucket } # Creates a Firebase Android App in the new project created above. resource "google_firebase_android_app" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id display_name = "My Android app" package_name = "android.package.name" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage-multi, ] } # Creates a Firebase Apple-platforms App in the new project created above. resource "google_firebase_apple_app" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id display_name = "My Apple app" bundle_id = "apple.app.12345" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage-multi, ] } # Creates a Firebase Web App in the new project created above. resource "google_firebase_web_app" "storage-multi" { provider = google-beta project = google_project.storage-multi.project_id display_name = "My Web app" # The other App types (Android and Apple) use "DELETE" by default. # Web apps don't use "DELETE" by default due to backward-compatibility. deletion_policy = "DELETE" # Wait for Firebase to be enabled in the Google Cloud project before creating this App. depends_on = [ google_firebase_project.storage-multi, ] }
這是雲端儲存安全規則的規則集,應位於名為storage.rules
的本機檔案中。
rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if request.auth != null; } } }
此配置建立一個新的 Google Cloud 項目,為該項目啟用 Firebase 服務,配置 Cloud Firestore 實例,然後配置預設的 Cloud Storage 儲存桶。
它還為 Cloud Firestore 實例和預設 Cloud Storage 儲存桶配置 Firebase 安全性規則。
# Creates a new Google Cloud project. resource "google_project" "fs" { # fs = Firestore + Storage provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "fs" { provider = google-beta.no_user_project_override project = google_project.fs.project_id for_each = toset([ "serviceusage.googleapis.com", "cloudresourcemanager.googleapis.com", "firebaserules.googleapis.com", "firebasestorage.googleapis.com", "storage.googleapis.com", "firestore.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "fs" { provider = google-beta project = google_project.fs.project_id } #### Set up Firestore before default Cloud Storage bucket #### # Provisions the Firestore database instance. resource "google_firestore_database" "firestore-fs" { provider = google-beta project = google_project.fs.project_id name = "(default)" # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location location_id = "name-of-region" # "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules. type = "FIRESTORE_NATIVE" concurrency_mode = "OPTIMISTIC" # Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore. depends_on = [ google_firebase_project.fs, ] } # Creates a ruleset of Firestore Security Rules from a local file. resource "google_firebaserules_ruleset" "firestore-fs" { provider = google-beta project = google_project.fs.project_id source { files { # Write security rules in a local file named "firestore.rules". # Learn more: https://firebase.google.com/docs/firestore/security/get-started name = "firestore.rules" content = file("firestore.rules") } } # Wait for Firestore to be provisioned before creating this ruleset. depends_on = [ google_firestore_database.firestore-fs ] } # Releases the ruleset for the Firestore instance. resource "google_firebaserules_release" "firestore-fs" { provider = google-beta name = "cloud.firestore" # must be cloud.firestore ruleset_name = google_firebaserules_ruleset.firestore-fs.name project = google_project.fs.project_id # Wait for Firestore to be provisioned before releasing the ruleset. depends_on = [ google_firestore_database.firestore-fs, ] } #### Set up default Cloud Storage default bucket after Firestore #### # Provisions the default Cloud Storage bucket for the project via Google App Engine. resource "google_app_engine_application" "default-bucket-fs" { provider = google-beta project = google_project.fs.project_id # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location # This will set the location for the default Storage bucket and the App Engine App. location_id = "name-of-region" # Must be in the same location as Firestore (above) # Wait for Firestore to be provisioned first. # Otherwise, the Firestore instance will be provisioned in Datastore mode (unusable by Firebase). depends_on = [ google_firestore_database.firestore-fs, ] } # Makes the default Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules. resource "google_firebase_storage_bucket" "default-bucket-fs" { provider = google-beta project = google_project.fs.project_id bucket_id = google_app_engine_application.default-bucket-fs.default_bucket } # Creates a ruleset of Cloud Storage Security Rules from a local file. resource "google_firebaserules_ruleset" "default-bucket-fs" { provider = google-beta project = google_project.fs.project_id source { files { # Write security rules in a local file named "storage.rules". # Learn more: https://firebase.google.com/docs/storage/security/get-started name = "storage.rules" content = file("storage.rules") } } # Wait for the Cloud Storage bucket to be provisioned before creating this ruleset. depends_on = [ google_firebase_project.fs, ] } # Releases the ruleset to the default Storage bucket. resource "google_firebaserules_release" "default-bucket-fs" { provider = google-beta name = "firebase.storage/${google_app_engine_application.default-bucket-fs.default_bucket}" ruleset_name = "projects/${google_project.fs.project_id}/rulesets/${google_firebaserules_ruleset.default-bucket-fs.name}" project = google_project.fs.project_id }
這是 Cloud Firestore 安全性規則的規則集,應位於名為firestore.rules
的本機檔案中。
rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { allow read: if request.auth != null; allow create: if request.auth != null; allow update: if request.auth != null; } }
這是雲端儲存安全規則的規則集,應位於名為storage.rules
的本機檔案中。
rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if request.auth != null; } } }
此配置會建立一個新的 Google Cloud 項目,為該項目啟用 Firebase 服務,並為 Cloud Firestore 設定並啟用 Firebase 應用程式檢查,以便只能從您的 Android 應用程式存取它。
# Creates a new Google Cloud project. resource "google_project" "appcheck" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "services" { provider = google-beta.no_user_project_override project = google_project.appcheck.project_id for_each = toset([ "cloudresourcemanager.googleapis.com", "firebase.googleapis.com", "firebaseappcheck.googleapis.com", "firestore.googleapis.com", "serviceusage.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created earlier. resource "google_firebase_project" "appcheck" { provider = google-beta project = google_project.appcheck.project_id depends_on = [google_project_service.services] } # Provisions the Firestore database instance. resource "google_firestore_database" "database" { provider = google-beta project = google_firebase_project.appcheck.project name = "(default)" # See available locations: https://firebase.google.com/docs/projects/locations#default-cloud-location location_id = "name-of-region" # "FIRESTORE_NATIVE" is required to use Firestore with Firebase SDKs, authentication, and Firebase Security Rules. type = "FIRESTORE_NATIVE" concurrency_mode = "OPTIMISTIC" # Wait for Firebase to be enabled in the Google Cloud project before initializing Firestore. depends_on = [ google_firebase_project.appcheck, ] } # Creates a Firebase Android App in the new project created earlier. resource "google_firebase_android_app" "appcheck" { provider = google-beta project = google_firebase_project.appcheck.project display_name = "Play Integrity app" package_name = "package.name.playintegrity" sha256_hashes = [ # TODO: insert your Android app's SHA256 certificate ] } # It takes a while for App Check to recognize the new app # If your app already exists, you don't have to wait 30 seconds. resource "time_sleep" "wait_30s" { depends_on = [google_firebase_android_app.appcheck] create_duration = "30s" } # Register the Android app with the Play Integrity provider resource "google_firebase_app_check_play_integrity_config" "appcheck" { provider = google-beta project = google_firebase_project.appcheck.project app_id = google_firebase_android_app.appcheck.app_id depends_on = [time_sleep.wait_30s, google_firestore_database.database] lifecycle { precondition { condition = length(google_firebase_android_app.appcheck.sha256_hashes) > 0 error_message = "Provide a SHA-256 certificate on the Android App to use App Check" } } } # Enable enforcement of App Check for Firestore resource "google_firebase_app_check_service_config" "firestore" { provider = google-beta project = google_firebase_project.appcheck.project service_id = "firestore.googleapis.com" depends_on = [google_project_service.services] }
此配置會建立一個新的 Google Cloud 項目,為該項目啟用 Firebase 服務,並在專案中安裝 Firebase 擴充功能的新實例。如果實例已存在,則其參數將根據配置中提供的值進行更新。
# Creates a new Google Cloud project. resource "google_project" "extensions" { provider = google-beta.no_user_project_override folder_id = "folder-id-for-new-project" name = "Project Display Name" project_id = "project-id-for-new-project" # Associates the project with a Cloud Billing account # (required to use Firebase Extensions). billing_account = "000000-000000-000000" # Required for the project to display in a list of Firebase projects. labels = { "firebase" = "enabled" } } # Enables required APIs. resource "google_project_service" "extensions" { provider = google-beta.no_user_project_override project = google_project.extensions.project_id for_each = toset([ "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "serviceusage.googleapis.com", "firebase.googleapis.com", "firebaseextensions.googleapis.com", ]) service = each.key # Don't disable the service if the resource block is removed by accident. disable_on_destroy = false } # Enables Firebase services for the new project created above. resource "google_firebase_project" "extensions" { provider = google-beta project = google_project.extensions.project_id depends_on = [ google_project_service.extensions, ] } # Installs an instance of the "Translate Text in Firestore" extension. # Or updates the extension if the specified instance already exists. resource "google_firebase_extensions_instance" "translation" { provider = google-beta project = google_project.extensions.project_id instance_id = "translate-text-in-firestore" config { extension_ref = "firebase/firestore-translate-text" params = { COLLECTION_PATH = "posts/comments/translations" DO_BACKFILL = true LANGUAGES = "ar,en,es,de,fr" INPUT_FIELD_NAME = "input" LANGUAGES_FIELD_NAME = "languages" OUTPUT_FIELD_NAME = "translated" } system_params = { "firebaseextensions.v1beta.function/location" = "us-central1" "firebaseextensions.v1beta.function/memory" = "256" "firebaseextensions.v1beta.function/minInstances" = "0" "firebaseextensions.v1beta.function/vpcConnectorEgressSettings" = "VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED" } } }
故障排除和常見問題解答
本指南在處理「專案」時使用以下 Terraform 屬性。
-
resource
區塊內的project
建議:只要有可能,在每個
resource
區塊中包含project
屬性透過包含專案屬性,Terraform 將在指定專案內的資源區塊中建立指定的基礎架構。本指南和我們的範例設定檔都使用這種做法。
請參閱有關
project
的官方 Terraform 文件。-
provider
區塊內的user_project_override
為了配置大多數資源,您應該使用
user_project_override = true
,這表示根據您自己的 Firebase 專案檢查配額。但是,要設定新項目以使其接受配額檢查,您首先需要使用user_project_override = false
。請參閱有關
user_project_override
的官方 Terraform 文件。
確保您用於執行 gCloud CLI 命令的使用者帳戶已接受 Firebase 服務條款 (Firebase ToS)。
您可以使用登入使用者帳戶的瀏覽器並嘗試在Firebase 控制台中查看現有 Firebase 專案來執行此檢查。如果您可以查看現有的 Firebase 項目,則表示該使用者帳戶已接受 Firebase ToS。
如果您無法查看任何現有的 Firebase 項目,則該使用者帳戶可能尚未接受 Firebase ToS。若要解決此問題,請透過Firebase 控制台建立新的 Firebase 項目,並在專案建立過程中接受 Firebase ToS。您可以透過控制台中的「項目設定」立即刪除該項目。
等待幾分鐘,然後再嘗試執行terraform apply
。
這可能是由於各種系統中的傳播延遲造成的。嘗試透過執行terraform import
將資源匯入 Terraform 狀態來解決此問題。然後再嘗試執行terraform apply
。
您可以在 Terraform 文件的「導入」部分中了解如何匯入每個資源(例如Cloud Firestore 的「導入」文件)。
如錯誤所示,Terraform 可能會嘗試同時配置多個索引和/或建立文件並遇到並發錯誤。嘗試再次執行terraform apply
。
此錯誤表示 Terraform 不知道要檢查哪個項目的配額。若要排除故障,請檢查resource
區塊中的以下內容:
- 確保您已指定
project
屬性的值。 - 確保您使用的提供者為
user_project_override = true
(無別名),在 Firebase 範例中為google-beta
。
以下是項目 ID 已存在的可能原因:
與該 ID 關聯的項目屬於其他人。
- 解決方法:選擇另一個項目 ID。
與該 ID 關聯的項目最近已被刪除(處於軟刪除狀態)。
- 解決方法:如果您認為與該 ID 關聯的項目屬於您,請使用
projects.get
REST API檢查項目的狀態。
- 解決方法:如果您認為與該 ID 關聯的項目屬於您,請使用
與該 ID 關聯的項目在目前使用者下正確存在。導致該錯誤的可能原因可能是先前的
terraform apply
中斷。- 解決方法:執行以下命令:
terraform import google_project.default PROJECT_ID
進而terraform import google_firebase_project.default PROJECT_ID
- 解決方法:執行以下命令:
App Engine 應用程式需要一個 Cloud Firestore 實例,但每個專案只能有一個 Cloud Firestore 實例。因此,如錯誤訊息所示,如果您已在一個位置配置了專案的 Cloud Firestore 實例,那麼當您嘗試在其他位置設定 Cloud Firestore 實例時,App Engine 將會出錯。 App Engine 認為您正在嘗試「重新配置」現有的 Cloud Firestore 執行個體。
若要解決此錯誤,請對 Cloud Firestore 和 App Engine 應用程式使用相同的位置。如果您需要位於 Cloud Firestore 不同位置的 Cloud Storage 儲存桶,您可以設定其他儲存桶(請參閱建立多個 Cloud Storage 儲存桶的範例設定)。
當您設定專案的預設 Cloud Storage 儲存桶(透過google_app_engine_application
)且專案尚未確定 Cloud Firestore 執行個體時, google_app_engine_application
會自動設定專案的 Cloud Firestore 執行個體。
因此,如果您的專案的 Cloud Firestore 實例已預配,那麼當您嘗試明確預配 Cloud Firestore 實例時, google_firestore_database
將會出錯。
配置專案的 Cloud Firestore 執行個體後,您無法「重新配置」它或變更其位置。若要阻止錯誤發生,請從設定檔中刪除google_firestore_database
資源塊。但請注意,我們建議在專案的預設 Cloud Storage 儲存桶之前預配 Cloud Firestore(請參閱下面的旁注了解原因)。