Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can Firebase Security Rules be manages from separate files in Source Control #1

Open
FilledStacks opened this issue Jan 17, 2021 · 5 comments
Labels
requires research Some research and experimentation needed

Comments

@FilledStacks
Copy link
Owner

This question came up during technical planning. I wanted each of the 5 backend groups of serverless functions to manage their own firebase rules. This would make it more maintainable over the long run. This ticket is here in case anyone following the project want to help me answer or do the experiment for me. The way we would do the experiment is as follows.

  1. Setup two firebase folders on your machine connected to the same Firebase project.
  2. Init the security rules and make them different in both of those folders
  3. Deploy project ones rules, check that they are there.
  4. Deploy project two's rules, check if projects ones rules are still available.

This is most likely going to fail and the rules will be replaced by the second deploy. The next step of the experiment is to spend maximum an hour to see if there's a way that we can setup an npm script that will get all the rules from different folders, combine it and then deploy that. I'm not skilled in the npm management / setup but when I get to this point I'll probably check for it.

If that's not possible then we'll most likely have to maintain all the firebase security rules in one massive file which will be a maintenance nightmare. Comments will become our friend in there with clear separation between the groups and their functions.

If anyone will take this on please comment in here and i'll change the label to in progress, otherwise I'll keep it open until I get to this point.

@FilledStacks FilledStacks added the requires research Some research and experimentation needed label Jan 17, 2021
@DevSkiss
Copy link

Hi! I haven't tested it but you might want to read this.
https://stackoverflow.com/questions/35052400/concatenate-files-with-npm-as-build-tool

@jorgemndoza
Copy link

What about creating multiple firebase projects? Might be too complicated but it’s posible.
https://firebase.google.com/docs/projects/multiprojects

@FilledStacks
Copy link
Owner Author

@DevSkiss thanks. That looks like what I'm looking for.

@FilledStacks
Copy link
Owner Author

@jorgemndoza I use multiple firebase projects for different environments. I like the suggestion but maintaining 5 firebase projects with takes too much of a hit to maintenance capability for what you're getting back. I can simply just have 1 firestore rules file. Plus you also can't connect the Flutter app to multiple firebase projects at the same time which means we can't use that approach anyway.

@jorgemndoza
Copy link

I like @DevSkiss idea too.
@FilledStacks for sure. 5 firestore projects to maintain is going to be complicated.

I found this while searching the web.
https://github.com/lupas/firestore-rulez

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
requires research Some research and experimentation needed
Projects
None yet
Development

No branches or pull requests

3 participants