This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Make gcloud run service and Android App use the same Firestore db

Posted 3 weeks ago
perissf
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

I want to connect a Cloud Run service to the same Firestore db used in my App (or viceversa). It looks like when selecting the Integration tab of the run Service, there is no way to select an existing Firestore db, hence it creates a new one. On the other side, in my Android App (but the question can be extended to other apps as well) I don't know how to use a Firestore db other than the default one.

Solved Solved
3 1 62
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

Connecting a Cloud Run service to an existing Firestore database, or configuring an app to use a non-default Firestore instance involves specific considerations and steps. Here's a refined guide:

1. Using Firestore in Cloud Run

  • Environment Variables: Setting environment variables such as GOOGLE_CLOUD_PROJECT is a highly recommended best practice. This clarifies the project context, particularly in multi-project environments, when using local emulators for development, and helps prevent accidental service interactions with the wrong project.

  • Client Initialization:

    • Default Behavior: The Firestore client in Cloud Run typically identifies the correct project ID automatically using the default credentials provided by the environment.
    • Explicit Project ID: If your Cloud Run service needs to access a Firestore instance in a different project, explicitly specify the project ID during client initialization:
     
    // Node.js Example
const {Firestore} = require('@google-cloud/firestore');
const firestore = new Firestore({ projectId: 'your-firestore-project-id' });
     

2. Using a Non-Default Firestore Database in an App

  • Initialization on Android and Other Platforms:
    • Custom Configuration: Use FirebaseOptions to explicitly specify the Firestore instance by setting the project ID and other necessary credentials. This is required when your Firebase project uses multiple Firestore instances, or when you need to target a specific instance other than the default one provided by the google-services.json file.
    • Documentation: Refer to the Firebase documentation for multi-project setups to ensure correct and secure implementations.

3. Ensuring Permissions and APIs are Enabled

  • Permissions: Confirm that the service account associated with your Cloud Run service or the API keys used by your app have the appropriate roles, such as roles/datastore.user (Firestore uses the same permissions as Cloud Datastore), which allow the necessary read and write access to Firestore.
  • API Management: Ensure the Firestore API is activated in the Google Cloud Console for all relevant projects. This is a critical requirement for operational connectivity.

4. Avoiding Automatic Creation of Resources

  • Deployment Configurations: Thoroughly examine deployment scripts (e.g., Terraform, Cloud Deployment Manager) and configuration files within your application code or frameworks (e.g., Firebase configuration files) to ensure they are configured to use existing Firestore instances and not create new ones.
  • Project Settings: If you encounter unexpected resource creation, revisit project settings and consult Google Cloud support for configuration corrections.

Additional Best Practices

  • Security: Implement Firestore Security Rules to finely control access based on user authentication and data handling needs. These rules are crucial for safeguarding data integrity and privacy. Apply the principle of least privilege by assigning granular IAM roles to various application components.
  • Monitoring: Leverage tools from the Google Cloud Operations Suite (formerly Stackdriver) to monitor Firestore usage and performance and to log significant events for auditing and troubleshooting.

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

Connecting a Cloud Run service to an existing Firestore database, or configuring an app to use a non-default Firestore instance involves specific considerations and steps. Here's a refined guide:

1. Using Firestore in Cloud Run

  • Environment Variables: Setting environment variables such as GOOGLE_CLOUD_PROJECT is a highly recommended best practice. This clarifies the project context, particularly in multi-project environments, when using local emulators for development, and helps prevent accidental service interactions with the wrong project.

  • Client Initialization:

    • Default Behavior: The Firestore client in Cloud Run typically identifies the correct project ID automatically using the default credentials provided by the environment.
    • Explicit Project ID: If your Cloud Run service needs to access a Firestore instance in a different project, explicitly specify the project ID during client initialization:
     
    // Node.js Example
const {Firestore} = require('@google-cloud/firestore');
const firestore = new Firestore({ projectId: 'your-firestore-project-id' });
     

2. Using a Non-Default Firestore Database in an App

  • Initialization on Android and Other Platforms:
    • Custom Configuration: Use FirebaseOptions to explicitly specify the Firestore instance by setting the project ID and other necessary credentials. This is required when your Firebase project uses multiple Firestore instances, or when you need to target a specific instance other than the default one provided by the google-services.json file.
    • Documentation: Refer to the Firebase documentation for multi-project setups to ensure correct and secure implementations.

3. Ensuring Permissions and APIs are Enabled

  • Permissions: Confirm that the service account associated with your Cloud Run service or the API keys used by your app have the appropriate roles, such as roles/datastore.user (Firestore uses the same permissions as Cloud Datastore), which allow the necessary read and write access to Firestore.
  • API Management: Ensure the Firestore API is activated in the Google Cloud Console for all relevant projects. This is a critical requirement for operational connectivity.

4. Avoiding Automatic Creation of Resources

  • Deployment Configurations: Thoroughly examine deployment scripts (e.g., Terraform, Cloud Deployment Manager) and configuration files within your application code or frameworks (e.g., Firebase configuration files) to ensure they are configured to use existing Firestore instances and not create new ones.
  • Project Settings: If you encounter unexpected resource creation, revisit project settings and consult Google Cloud support for configuration corrections.

Additional Best Practices

  • Security: Implement Firestore Security Rules to finely control access based on user authentication and data handling needs. These rules are crucial for safeguarding data integrity and privacy. Apply the principle of least privilege by assigning granular IAM roles to various application components.
  • Monitoring: Leverage tools from the Google Cloud Operations Suite (formerly Stackdriver) to monitor Firestore usage and performance and to log significant events for auditing and troubleshooting.
Jump to Solution