183 lines
4.6 KiB
HCL
183 lines
4.6 KiB
HCL
# Configure the Google Cloud provider
|
|
provider "google" {
|
|
project = var.project_id
|
|
billing_project = var.project_id
|
|
region = var.region
|
|
user_project_override = true
|
|
}
|
|
|
|
# Configure the google-beta provider for Firebase resources
|
|
provider "google-beta" {
|
|
project = var.project_id
|
|
billing_project = var.project_id
|
|
region = var.region
|
|
user_project_override = true
|
|
}
|
|
|
|
# Create a new Google Cloud Project
|
|
resource "google_project" "main_project" {
|
|
name = var.project_name
|
|
project_id = var.project_id
|
|
billing_account = var.billing_account
|
|
|
|
# Enable deletion policy to allow project deletion
|
|
deletion_policy = "DELETE"
|
|
}
|
|
|
|
# Enable required APIs for the project
|
|
resource "google_project_service" "project_services" {
|
|
project = google_project.main_project.project_id
|
|
service = "cloudresourcemanager.googleapis.com"
|
|
|
|
# Wait for the project to be created before enabling services
|
|
depends_on = [google_project.main_project]
|
|
}
|
|
|
|
# Enable required Firebase APIs
|
|
resource "google_project_service" "firebase_services" {
|
|
project = google_project.main_project.project_id
|
|
service = "firebase.googleapis.com"
|
|
|
|
# Wait for the project to be created before enabling services
|
|
depends_on = [google_project.main_project]
|
|
}
|
|
|
|
# Enable Firestore API (required for Firestore database)
|
|
resource "google_project_service" "firestore_service" {
|
|
project = google_project.main_project.project_id
|
|
service = "firestore.googleapis.com"
|
|
|
|
# Wait for Firebase services to be enabled before enabling Firestore
|
|
depends_on = [google_project_service.firebase_services]
|
|
}
|
|
|
|
resource "google_project_service" "auth_service" {
|
|
project = google_project.main_project.project_id
|
|
service = "identitytoolkit.googleapis.com"
|
|
|
|
# Wait for Firebase services to be enabled before enabling Firestore
|
|
depends_on = [google_project_service.firestore_service]
|
|
}
|
|
|
|
|
|
resource "google_firebase_project" "firebase_project" {
|
|
provider = google-beta
|
|
project = google_project.main_project.project_id
|
|
}
|
|
|
|
# Create Firebase Web App
|
|
resource "google_firebase_web_app" "main_app" {
|
|
provider = google-beta
|
|
# project = "${google_project.main_project.name}"
|
|
display_name = "Rothbard Law Group"
|
|
|
|
# Wait for Firebase services to be enabled before creating app
|
|
depends_on = [google_project_service.firebase_services]
|
|
}
|
|
|
|
# Create Firestore Database
|
|
resource "google_firestore_database" "main_firestore" {
|
|
provider = google-beta
|
|
project = google_project.main_project.project_id
|
|
name = "(default)"
|
|
location_id = var.region
|
|
type = "FIRESTORE_NATIVE"
|
|
concurrency_mode = "OPTIMISTIC"
|
|
|
|
# Wait for Firestore API to be enabled before creating database
|
|
depends_on = [google_project_service.firestore_service]
|
|
}
|
|
|
|
# Configure Identity Platform for Firebase Authentication
|
|
resource "google_identity_platform_config" "main_config" {
|
|
provider = google-beta
|
|
project = google_project.main_project.project_id
|
|
|
|
# Auto-deletes anonymous users
|
|
autodelete_anonymous_users = true
|
|
|
|
# Configures local sign-in methods, like anonymous, email/password, and phone authentication.
|
|
sign_in {
|
|
allow_duplicate_emails = true
|
|
|
|
anonymous {
|
|
enabled = true
|
|
}
|
|
|
|
email {
|
|
enabled = true
|
|
password_required = false
|
|
}
|
|
|
|
phone_number {
|
|
enabled = true
|
|
test_phone_numbers = {
|
|
"+11231231234" = "000000"
|
|
}
|
|
}
|
|
}
|
|
|
|
# Sets an SMS region policy.
|
|
sms_region_config {
|
|
allowlist_only {
|
|
allowed_regions = [
|
|
"US",
|
|
"CA",
|
|
]
|
|
}
|
|
}
|
|
|
|
# Configures authorized domains.
|
|
authorized_domains = [
|
|
"localhost",
|
|
"${google_project.main_project.project_id}.firebaseapp.com",
|
|
"${google_project.main_project.project_id}.web.app",
|
|
]
|
|
depends_on = [google_project_service.auth_service]
|
|
}
|
|
|
|
resource "google_firebaserules_ruleset" "primary" {
|
|
source {
|
|
files {
|
|
content = <<EOF
|
|
rules_version = '2';
|
|
service cloud.firestore {
|
|
match /databases/{database}/documents {
|
|
// Allow read/write access to user's own settings
|
|
match /users/{userId} {
|
|
allow read, write: if request.auth != null && request.auth.uid == userId;
|
|
}
|
|
|
|
// Deny access to all other documents
|
|
match /{document=**} {
|
|
allow read, write: if false;
|
|
}
|
|
}
|
|
}
|
|
|
|
EOF
|
|
name = "firestore.rules"
|
|
}
|
|
}
|
|
|
|
project = google_project.main_project.project_id
|
|
}
|
|
|
|
# Output the project ID and name
|
|
output "project_id" {
|
|
value = google_project.main_project.project_id
|
|
}
|
|
|
|
output "project_name" {
|
|
value = google_project.main_project.name
|
|
}
|
|
|
|
output "firebase_app_id" {
|
|
value = google_firebase_web_app.main_app.app_id
|
|
}
|
|
|
|
output "firestore_database_name" {
|
|
value = google_firestore_database.main_firestore.name
|
|
}
|
|
|