Skip to content

Commit ce52fd6

Browse files
modular-magicianmodular-magician
authored
Add lifecycle hook and updated samples for firebaserules_release (#7779) (#5611)
Signed-off-by: Modular Magician <[email protected]>
1 parent 8372ec3 commit ce52fd6

File tree

3 files changed

+95
-75
lines changed

3 files changed

+95
-75
lines changed

.changelog/7779.txt

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
```release-note:none
2+
```

google-beta/resource_firebaserules_release_generated_test.go

Lines changed: 53 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ import (
2929
transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
3030
)
3131

32-
func TestAccFirebaserulesRelease_BasicRelease(t *testing.T) {
32+
func TestAccFirebaserulesRelease_FirestoreReleaseHandWritten(t *testing.T) {
3333
t.Parallel()
3434

3535
context := map[string]interface{}{
@@ -43,15 +43,15 @@ func TestAccFirebaserulesRelease_BasicRelease(t *testing.T) {
4343
CheckDestroy: testAccCheckFirebaserulesReleaseDestroyProducer(t),
4444
Steps: []resource.TestStep{
4545
{
46-
Config: testAccFirebaserulesRelease_BasicRelease(context),
46+
Config: testAccFirebaserulesRelease_FirestoreReleaseHandWritten(context),
4747
},
4848
{
4949
ResourceName: "google_firebaserules_release.primary",
5050
ImportState: true,
5151
ImportStateVerify: true,
5252
},
5353
{
54-
Config: testAccFirebaserulesRelease_BasicReleaseUpdate0(context),
54+
Config: testAccFirebaserulesRelease_FirestoreReleaseHandWrittenUpdate0(context),
5555
},
5656
{
5757
ResourceName: "google_firebaserules_release.primary",
@@ -61,11 +61,12 @@ func TestAccFirebaserulesRelease_BasicRelease(t *testing.T) {
6161
},
6262
})
6363
}
64-
func TestAccFirebaserulesRelease_MinimalRelease(t *testing.T) {
64+
func TestAccFirebaserulesRelease_StorageReleaseHandWritten(t *testing.T) {
6565
t.Parallel()
6666

6767
context := map[string]interface{}{
6868
"project_name": acctest.GetTestProjectFromEnv(),
69+
"region": acctest.GetTestRegionFromEnv(),
6970
"random_suffix": RandString(t, 10),
7071
}
7172

@@ -75,7 +76,7 @@ func TestAccFirebaserulesRelease_MinimalRelease(t *testing.T) {
7576
CheckDestroy: testAccCheckFirebaserulesReleaseDestroyProducer(t),
7677
Steps: []resource.TestStep{
7778
{
78-
Config: testAccFirebaserulesRelease_MinimalRelease(context),
79+
Config: testAccFirebaserulesRelease_StorageReleaseHandWritten(context),
7980
},
8081
{
8182
ResourceName: "google_firebaserules_release.primary",
@@ -86,29 +87,21 @@ func TestAccFirebaserulesRelease_MinimalRelease(t *testing.T) {
8687
})
8788
}
8889

89-
func testAccFirebaserulesRelease_BasicRelease(context map[string]interface{}) string {
90+
func testAccFirebaserulesRelease_FirestoreReleaseHandWritten(context map[string]interface{}) string {
9091
return Nprintf(`
9192
resource "google_firebaserules_release" "primary" {
92-
name = "tf-test-release%{random_suffix}"
93-
ruleset_name = "projects/%{project_name}/rulesets/${google_firebaserules_ruleset.basic.name}"
93+
name = "cloud.firestore"
94+
ruleset_name = "projects/%{project_name}/rulesets/${google_firebaserules_ruleset.firestore.name}"
9495
project = "%{project_name}"
95-
}
96-
97-
resource "google_firebaserules_ruleset" "basic" {
98-
source {
99-
files {
100-
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }"
101-
name = "firestore.rules"
102-
fingerprint = ""
103-
}
10496
105-
language = ""
97+
lifecycle {
98+
replace_triggered_by = [
99+
google_firebaserules_ruleset.firestore
100+
]
106101
}
107-
108-
project = "%{project_name}"
109102
}
110103
111-
resource "google_firebaserules_ruleset" "minimal" {
104+
resource "google_firebaserules_ruleset" "firestore" {
112105
source {
113106
files {
114107
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }"
@@ -119,67 +112,79 @@ resource "google_firebaserules_ruleset" "minimal" {
119112
project = "%{project_name}"
120113
}
121114
122-
123115
`, context)
124116
}
125117

126-
func testAccFirebaserulesRelease_BasicReleaseUpdate0(context map[string]interface{}) string {
118+
func testAccFirebaserulesRelease_FirestoreReleaseHandWrittenUpdate0(context map[string]interface{}) string {
127119
return Nprintf(`
128120
resource "google_firebaserules_release" "primary" {
129-
name = "tf-test-release%{random_suffix}"
130-
ruleset_name = "projects/%{project_name}/rulesets/${google_firebaserules_ruleset.minimal.name}"
121+
name = "cloud.firestore"
122+
ruleset_name = "projects/%{project_name}/rulesets/${google_firebaserules_ruleset.firestore.name}"
131123
project = "%{project_name}"
132-
}
133124
134-
resource "google_firebaserules_ruleset" "basic" {
135-
source {
136-
files {
137-
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }"
138-
name = "firestore.rules"
139-
fingerprint = ""
140-
}
141-
142-
language = ""
125+
lifecycle {
126+
replace_triggered_by = [
127+
google_firebaserules_ruleset.firestore
128+
]
143129
}
144-
145-
project = "%{project_name}"
146130
}
147131
148-
resource "google_firebaserules_ruleset" "minimal" {
132+
resource "google_firebaserules_ruleset" "firestore" {
149133
source {
150134
files {
151-
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }"
135+
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if request.auth != null; } } }"
152136
name = "firestore.rules"
153137
}
154138
}
155139
156140
project = "%{project_name}"
157141
}
158142
159-
160143
`, context)
161144
}
162145

163-
func testAccFirebaserulesRelease_MinimalRelease(context map[string]interface{}) string {
146+
func testAccFirebaserulesRelease_StorageReleaseHandWritten(context map[string]interface{}) string {
164147
return Nprintf(`
165148
resource "google_firebaserules_release" "primary" {
166-
name = "prod/tf-test-release%{random_suffix}"
167-
ruleset_name = "projects/%{project_name}/rulesets/${google_firebaserules_ruleset.minimal.name}"
149+
name = "firebase.storage/${google_storage_bucket.bucket.name}"
150+
ruleset_name = "projects/%{project_name}/rulesets/${google_firebaserules_ruleset.storage.name}"
168151
project = "%{project_name}"
152+
153+
lifecycle {
154+
replace_triggered_by = [
155+
google_firebaserules_ruleset.storage
156+
]
157+
}
158+
}
159+
160+
# Provision a non-default Cloud Storage bucket.
161+
resource "google_storage_bucket" "bucket" {
162+
project = "%{project_name}"
163+
name = "tf-test-bucket%{random_suffix}"
164+
location = "%{region}"
169165
}
170166
171-
resource "google_firebaserules_ruleset" "minimal" {
167+
# Make the Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
168+
resource "google_firebase_storage_bucket" "bucket" {
169+
project = "%{project_name}"
170+
bucket_id = google_storage_bucket.bucket.name
171+
}
172+
173+
# Create a ruleset of Firebase Security Rules from a local file.
174+
resource "google_firebaserules_ruleset" "storage" {
175+
project = "%{project_name}"
172176
source {
173177
files {
174-
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }"
175-
name = "firestore.rules"
178+
name = "storage.rules"
179+
content = "service firebase.storage {match /b/{bucket}/o {match /{allPaths=**} {allow read, write: if request.auth != null;}}}"
176180
}
177181
}
178182
179-
project = "%{project_name}"
183+
depends_on = [
184+
google_firebase_storage_bucket.bucket
185+
]
180186
}
181187
182-
183188
`, context)
184189
}
185190

website/docs/r/firebaserules_release.html.markdown

Lines changed: 40 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -24,30 +24,22 @@ description: |-
2424

2525
For more information, see:
2626
* [Get started with Firebase Security Rules](https://firebase.google.com/docs/rules/get-started)
27-
## Example Usage - basic_release
28-
Creates a basic Firebase Rules Release
27+
## Example Usage - firestore_release
28+
Creates a Firebase Rules Release to Cloud Firestore
2929
```hcl
3030
resource "google_firebaserules_release" "primary" {
31-
name = "release"
32-
ruleset_name = "projects/my-project-name/rulesets/${google_firebaserules_ruleset.basic.name}"
31+
name = "cloud.firestore"
32+
ruleset_name = "projects/my-project-name/rulesets/${google_firebaserules_ruleset.firestore.name}"
3333
project = "my-project-name"
34-
}
35-
36-
resource "google_firebaserules_ruleset" "basic" {
37-
source {
38-
files {
39-
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }"
40-
name = "firestore.rules"
41-
fingerprint = ""
42-
}
4334
44-
language = ""
35+
lifecycle {
36+
replace_triggered_by = [
37+
google_firebaserules_ruleset.firestore
38+
]
4539
}
46-
47-
project = "my-project-name"
4840
}
4941
50-
resource "google_firebaserules_ruleset" "minimal" {
42+
resource "google_firebaserules_ruleset" "firestore" {
5143
source {
5244
files {
5345
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }"
@@ -58,29 +50,50 @@ resource "google_firebaserules_ruleset" "minimal" {
5850
project = "my-project-name"
5951
}
6052
61-
6253
```
63-
## Example Usage - minimal_release
64-
Creates a minimal Firebase Rules Release
54+
## Example Usage - storage_release
55+
Creates a Firebase Rules Release for a Storage bucket
6556
```hcl
6657
resource "google_firebaserules_release" "primary" {
67-
name = "prod/release"
68-
ruleset_name = "projects/my-project-name/rulesets/${google_firebaserules_ruleset.minimal.name}"
58+
name = "firebase.storage/${google_storage_bucket.bucket.name}"
59+
ruleset_name = "projects/my-project-name/rulesets/${google_firebaserules_ruleset.storage.name}"
6960
project = "my-project-name"
61+
62+
lifecycle {
63+
replace_triggered_by = [
64+
google_firebaserules_ruleset.storage
65+
]
66+
}
7067
}
7168
72-
resource "google_firebaserules_ruleset" "minimal" {
69+
# Provision a non-default Cloud Storage bucket.
70+
resource "google_storage_bucket" "bucket" {
71+
project = "my-project-name"
72+
name = "bucket"
73+
location = "us-west1"
74+
}
75+
76+
# Make the Storage bucket accessible for Firebase SDKs, authentication, and Firebase Security Rules.
77+
resource "google_firebase_storage_bucket" "bucket" {
78+
project = "my-project-name"
79+
bucket_id = google_storage_bucket.bucket.name
80+
}
81+
82+
# Create a ruleset of Firebase Security Rules from a local file.
83+
resource "google_firebaserules_ruleset" "storage" {
84+
project = "my-project-name"
7385
source {
7486
files {
75-
content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }"
76-
name = "firestore.rules"
87+
name = "storage.rules"
88+
content = "service firebase.storage {match /b/{bucket}/o {match /{allPaths=**} {allow read, write: if request.auth != null;}}}"
7789
}
7890
}
7991
80-
project = "my-project-name"
92+
depends_on = [
93+
google_firebase_storage_bucket.bucket
94+
]
8195
}
8296
83-
8497
```
8598

8699
## Argument Reference

0 commit comments

Comments
 (0)