moritz
/
haumdaucher_de
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
haumdaucher_de/terraform/firebase.tf

146 lines
3.9 KiB
HCL
Raw Blame History

# Enable foundational APIs required for Terraform to manage other services
resource "google_project_service" "cloudresourcemanager" {
provider = google-beta
project = var.project_id
service = "cloudresourcemanager.googleapis.com"
disable_on_destroy = false
}
resource "google_project_service" "serviceusage" {
provider = google-beta
project = var.project_id
service = "serviceusage.googleapis.com"
disable_on_destroy = false
}
# Enable required APIs
resource "google_project_service" "firebase" {
provider = google-beta
project = var.project_id
service = "firebase.googleapis.com"
disable_on_destroy = false
depends_on = [
google_project_service.cloudresourcemanager,
google_project_service.serviceusage
]
}
resource "google_project_service" "identitytoolkit" {
provider = google-beta
project = var.project_id
service = "identitytoolkit.googleapis.com"
disable_on_destroy = false
}
resource "google_project_service" "firestore" {
provider = google-beta
project = var.project_id
service = "firestore.googleapis.com"
disable_on_destroy = false
}
# Firebase Project
resource "google_firebase_project" "default" {
provider = google-beta
project = var.project_id
depends_on = [
google_project_service.firebase,
]
}
# Firebase Web App
resource "google_firebase_web_app" "default" {
provider = google-beta
project = var.project_id
display_name = "Haumdaucher Web"
depends_on = [google_firebase_project.default]
}
data "google_firebase_web_app_config" "default" {
provider = google-beta
web_app_id = google_firebase_web_app.default.app_id
project = var.project_id
}
# Identity Platform (Auth)
resource "google_identity_platform_config" "default" {
provider = google-beta
project = var.project_id
# Authorized Domains for OAuth
authorized_domains = [
"localhost",
"${var.project_id}.firebaseapp.com",
"${var.project_id}.web.app",
]
# Enable Google Sign-In (and others if needed, but keeping it simple)
sign_in {
allow_duplicate_emails = false
anonymous {
enabled = false
}
email {
enabled = false # We only want Google Sign-In
}
}
depends_on = [google_project_service.identitytoolkit]
}
# Enable Google Default Identity Provider
resource "google_identity_platform_default_supported_idp_config" "google" {
provider = google-beta
project = var.project_id
enabled = true
idp_id = "google.com"
client_id = data.google_secret_manager_secret_version.oauth_client_id.secret_data
client_secret = data.google_secret_manager_secret_version.oauth_client_secret.secret_data
depends_on = [google_project_service.identitytoolkit]
}
# NOTE: OAuth Client ID usually needs to be configured in console for Identity Platform
# or imported. Terraform support for *creating* the OAuth client for IAP/Identity is limited/complex.
# We will assume the default one created by Firebase is used or documented.
# Firestore Database (Native)
resource "google_firestore_database" "database" {
provider = google-beta
project = var.project_id
name = "(default)"
location_id = var.region
type = "FIRESTORE_NATIVE"
concurrency_mode = "OPTIMISTIC"
app_engine_integration_mode = "DISABLED"
depends_on = [google_project_service.firestore]
}
# Allowlist Configuration Document
resource "google_firestore_document" "allowlist" {
provider = google-beta
project = var.project_id
database = google_firestore_database.database.name
collection = "config"
document_id = "allowlist"
# Serialize the list of emails into a JSON string map for the fields
fields = jsonencode({
emails = {
arrayValue = {
values = [
for email in var.allowed_users : {
stringValue = email
}
]
}
}
})
}
Reference in New Issue View Git Blame Copy Permalink