progress

main.tf

@@ -2,7 +2,7 @@
 provider "google" {
   project = var.project_id
   billing_project =  var.project_id
-  region  = var.region
+  region  = var.region 
   user_project_override = true
 }
 
@@ -79,7 +79,7 @@ resource "google_firebase_web_app" "main_app" {
 resource "google_firestore_database" "main_firestore" {
   provider       = google-beta
   project        = google_project.main_project.project_id
-  name           = "${google_project.main_project.name}"
+  name           = "(default)"
   location_id    = var.region
   type           = "FIRESTORE_NATIVE"
   concurrency_mode = "OPTIMISTIC"
@@ -136,6 +136,33 @@ resource "google_identity_platform_config" "main_config" {
   depends_on = [google_project_service.auth_service]
 }
 
+resource "google_firebaserules_ruleset" "primary" {
+  source {
+    files {
+      content = <<EOF
+rules_version = '2';
+service cloud.firestore {
+  match /databases/{database}/documents {
+    // Allow read/write access to user's own settings
+    match /users/{userId} {
+      allow read, write: if request.auth != null && request.auth.uid == userId;
+    }
+
+    // Deny access to all other documents
+    match /{document=**} {
+      allow read, write: if false;
+    }
+  }
+}
+
+EOF
+      name    = "firestore.rules"
+    }
+  }
+
+  project = google_project.main_project.project_id
+}
+
 # Output the project ID and name
 output "project_id" {
   value = google_project.main_project.project_id
@@ -152,3 +179,4 @@ output "firebase_app_id" {
 output "firestore_database_name" {
   value = google_firestore_database.main_firestore.name
 }
+