terraform-google-firebase-project-factory

What Is This Module

1. Enable required APIs
   • By adding it to api_services, it is added to the process that is enabled by default and is enabled in the same way.
   • ↓ Add Default APIs
     • cloudbilling.googleapis.com
     • cloudresourcemanager.googleapis.com
     • identitytoolkit.googleapis.com
     • firebase.googleapis.com
     • appengine.googleapis.com
     • firebasestorage.googleapis.com
     • firestore.googleapis.com
     • cloudfunctions.googleapis.com
     • cloudbuild.googleapis.com
     • artifactregistry.googleapis.com
     • eventarc.googleapis.com
     • cloudscheduler.googleapis.com
     • run.googleapis.com
2. Create the Storage Bucket that is created by default.
   • In the past, if you didn't do this, even if you created another bucket, you couldn't see it when you tried to check storage in the Firebase Console.
3. Add a web app and create a Hosting site.
   • If you pass an empty array to hosting_names, hosting will not be created.
4. Create a Storage Bucket for backing up Firestore data.
   • If you don't give firestore_backup_buckets, it will not be created.
   • If it is created, the lifecycle will be set to autoclass and deleted in 7 years.
   • also if you give export_platform = cloud_functions or export_platform = cloud_run add iam roles/datastore.importExportAdmin to [email protected] or PROJECT_NUMBER@[email protected]
   • ref: Create a Cloud Function and a Cloud Scheduler job
5. Create a bucket other than the above Storage Bucket.
   • If only the bucket name is given, the view permission will be set to public automatically. You can also make any settings by setting role and members. If you pass an empty array to iams, nothing will be set.

Usage:

module "firebase" {
  source          = "cilly-yllic/firebase-project-factory/google"
  version         = "{version}"
  organization_id = "xxxxxx-xxxxxx-xxxxxx"
  project_id      = "{project-id}"
  region          = "asia-northeast1"
  # if service_accounts is not empty put iam.googleapis.com
  # if deploy cloudtasks put cloudtasks.googleapis.com
  api_services    = ["cloudtasks.googleapis.com"]
  users = [{
    role   = "editor"
    email  = "[email protected]"
    deploy = true
  }]
  service_accounts = [{
    account_id   = "ci-deploy"
    display_name = "Continuous Integration Deployment Service Account"
    type         = "deploy"
    roles        = []
    args = {
      hosting   = true
      functions = true
      firestore = true
      storage   = true
      scheduler = false
      tasks     = false
      blocking  = false
    }
  }]
  hosting_names = ["{hosting-name}"]
  firestore_backup_buckets = [{
    bucket_name = "firestore-backups"
    soft_delete_policy = {
      retention_duration_seconds = 604800
    }
    export_platform = "cloud_run"
  }]
  storage_buckets = [
    { bucket_name = "user-icons" },
  ]
}

Requirements

Name	Version
terraform	~> 1.9.0
google	~> 5.41.0
google-beta	~> 5.41.0

Providers

No providers.

Modules

Name	Source	Version
google	./modules/google	n/a
google_firebase_defaults	./modules/google_firebase_defaults	n/a
google_firebase_hosting_site	./modules/google_firebase/hosting_site	n/a
google_firebase_storage_custom_bucket	./modules/google_firebase/storage_buckets/custom_bucket	n/a
google_firebase_storage_firestore_backup_bucket	./modules/google_firebase/storage_buckets/firestore_backup_bucket	n/a
google_initial	./modules/google_initial	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
api_services	if service_accounts is not empty put iam.googleapis.com if deploy cloudtasks put cloudtasks.googleapis.com	list(string)	[]	no
firestore_backup_buckets	Backups of Firestore.	list(object({ bucket_name = string soft_delete_policy = optional(object({ retention_duration_seconds = number }), { retention_duration_seconds : 0 }) export_platform = optional(string, "cloud_functions") }))	[]	no
hosting_names	Firebase project Hosting names.	list(string)	[]	no
organization_id	GCP organizationId.	string	n/a	yes
project_id	Firebase project id	string	n/a	yes
region	Firebase project region.	string	"asia-northeast1"	no
service_accounts	Firebase project Service Accounts list.	list(object({ account_id = string display_name = optional(string) type = string # deploy roles = optional(list(string), []) args = optional(any, {}) }))	[]	no
storage_buckets	Firebase project Hosting names.	list(object({ bucket_name = string // this to be -> {project-id}-{bucket_name} storage_class = optional(string, "REGIONAL") soft_delete_policy = optional(object({ retention_duration_seconds = number }), { retention_duration_seconds : 0 }) iams = optional(list(object({ role = string members = list(string) })), [{ role = "roles/storage.legacyObjectReader" members = ["allUsers"] }]) }))	[]	no
users	Firebase project Development member's emails.	list(object({ role = optional(string, "viewer") # viewer	editor	owner email = string deploy = optional(bool, false) }))

Outputs

Name	Description
app_id	Firebase Web Application ID.
custom_bucket_id	Firebase Backup Firestore Storage Bucket Id.
custom_bucket_location	Firebase Backup Firestore Storage Bucket Location.
custom_bucket_members	Firebase Backup Firestore Storage Bucket Members.
custom_bucket_name	Firebase Backup Firestore Storage Bucket Name.
custom_bucket_roles	Firebase Backup Firestore Storage Bucket Role.
default_bucket_id	Firebase Default Storage Bucket Id.
default_bucket_name	Firebase Default Storage Bucket Name.
default_bucket_release_ruleset_name	Firebase Default Storage Bucket Ruleset.
default_bucket_ruleset_source_content	Firebase Default Storage Bucket Rule.
display_name	Firebase Web Application Name.
firestore_backup_bucket_autoclass	Firebase Backup Firestore Storage Bucket Autoclass.
firestore_backup_bucket_id	Firebase Backup Firestore Storage Bucket.
firestore_backup_bucket_lifecycle_rule_action	Firebase Backup Firestore Storage Bucket Lifecycle Rule Action.
firestore_backup_bucket_lifecycle_rule_condition	Firebase Backup Firestore Storage Bucket Lifecycle Rule Condition.
firestore_backup_bucket_location	Firebase Backup Firestore Storage Bucket Location.
firestore_backup_bucket_name	Firebase Backup Firestore Storage Bucket Name.
firestore_backup_bucket_project_iam_member	Service Account That Is Granted The Permission To Back Up Firestore Data To Storage
firestore_backup_bucket_project_iam_member_role	Service Account Role That Is Granted The Permission To Back Up Firestore Data To Storage
firestore_backup_bucket_storage_bucket_iam_member	Service Account That Is Granted The Permission To Back Up Firestore Data To Storage
firestore_backup_bucket_storage_bucket_iam_member_role	Service Account Role That Is Granted The Permission To Back Up Firestore Data To Storage
gae_database_type	GAE Database (firestore).
gae_location_id	GAE Location.
google_project_service_api	GCP API Enables.
project_id	Firebase Project Id.
service_account_ids	Service Account Ids to configure service account
service_account_names	Service Account names
service_account_roles	Service Account Roles created
site_id	Firebase Hosting Site ID.
user_members	Firebase Editor User Members
user_roles	Firebase Editor User Roles