-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
securityRules() methods to release rulesets cannot be used on clean project #1198
Comments
I found a few problems with this issue:
|
I believe the release resource is created automatically upon enabling Firestore. But this happens asynchronously, and therefore there's no guarantee as to when it will be available. @rachelmyers do you have any insights on this? Does it make sense for the SDK to try and create the release if an update fails? |
We are enabling the appengine.googleapis.com, firestore.googleapis.com and firebaserules.googleapis.com services on the project through terraform. I have tried to build my own workaround to first do a POST to the releases to create the initial release (much like firebase-tools does). To detect if a release already existed I was trying to use the methods from firebase-admin securityRules tools, but they throw an error on getting an empty object {} when listing the existing releases. That’s the error I am catching now to then first create a release through the REST API before attempting again to use the firebase-admin securityRules tools. Those tools are much more convenient than trying to figure out to update the rules via the REST API as that does not seem to be documented. |
Thanks for your patience on this. How to terraform Firebase projects is an interesting case. In the immediate term, if you enable both APIs, firestore.googleapis.com and firebaserules.googleapis.com, and then create the first release via the CLI (or API, as you did) that should work. The initial release is normally created when the project is provisioned; before we change And I can also work on getting the Rules API documented. 📝 |
If updating the release fails with a NOT_FOUND error, create a new release instead. Fixes: #1198
Describe your environment
Describe the problem
The
securityRules
within firebase-admin offer a number of methods to change the security rules of your firebase project. However, they fail with an error "Requested entity was not found." when invoked on a freshly created project. The problem resolves itself if you create an initial set of rules through the console or CLI.Requested entity was not found.
Steps to reproduce:
We are creating our projects through infrastructure as code (terraform) and create an AppEngine that way (to enable firestore) and then enable the firebaserules.googleapis.com service. We then try to programmatically deploy rules (as there is no terraform support for rules) using firebase-admin:
Relevant Code:
I feel the problem lies in
firebase-admin-node/src/security-rules/security-rules-api-client-internal.ts
Line 165 in 2f6da89
That always does a PATCH assuming a ruleset already exists.
All the methods in firebase-admin.securityRules to change the ruleset eventually end up in that
updateRelease
method.If I look at the source code of
firebase-tools
you can see it has a method to first create a release: https://github.com/firebase/firebase-tools/blob/1633f4fccbbc1bcbc6216fe13b8e888c8940bde4/src/gcp/rules.ts#L232It would be nice if firebase-admin detects that no rules release exists yet, and create one first using a POST, before attempting the PATCH. Alternative would be to catch the "Requested entity was not found" error, then do a POST followed by a retry of the PATCH.
The text was updated successfully, but these errors were encountered: