search

FilledStacks / boxtout

An open source food delivery product and service that will be developed on the FilledStacks YouTube channel
MIT License
417 stars 166 forks source link

Can Firebase Security Rules be manages from separate files in Source Control #1

Open FilledStacks opened 3 years ago

FilledStacks commented 3 years ago

This question came up during technical planning. I wanted each of the 5 backend groups of serverless functions to manage their own firebase rules. This would make it more maintainable over the long run. This ticket is here in case anyone following the project want to help me answer or do the experiment for me. The way we would do the experiment is as follows.

  1. Setup two firebase folders on your machine connected to the same Firebase project.
  2. Init the security rules and make them different in both of those folders
  3. Deploy project ones rules, check that they are there.
  4. Deploy project two's rules, check if projects ones rules are still available.

This is most likely going to fail and the rules will be replaced by the second deploy. The next step of the experiment is to spend maximum an hour to see if there's a way that we can setup an npm script that will get all the rules from different folders, combine it and then deploy that. I'm not skilled in the npm management / setup but when I get to this point I'll probably check for it.

If that's not possible then we'll most likely have to maintain all the firebase security rules in one massive file which will be a maintenance nightmare. Comments will become our friend in there with clear separation between the groups and their functions.

If anyone will take this on please comment in here and i'll change the label to in progress, otherwise I'll keep it open until I get to this point.

DevSkiss commented 3 years ago

Hi! I haven't tested it but you might want to read this. https://stackoverflow.com/questions/35052400/concatenate-files-with-npm-as-build-tool

jorgemndoza commented 3 years ago

What about creating multiple firebase projects? Might be too complicated but it’s posible. https://firebase.google.com/docs/projects/multiprojects

FilledStacks commented 3 years ago

@DevSkiss thanks. That looks like what I'm looking for.

FilledStacks commented 3 years ago

@jorgemndoza I use multiple firebase projects for different environments. I like the suggestion but maintaining 5 firebase projects with takes too much of a hit to maintenance capability for what you're getting back. I can simply just have 1 firestore rules file. Plus you also can't connect the Flutter app to multiple firebase projects at the same time which means we can't use that approach anyway.

jorgemndoza commented 3 years ago

I like @DevSkiss idea too. @FilledStacks for sure. 5 firestore projects to maintain is going to be complicated.

I found this while searching the web. https://github.com/lupas/firestore-rulez