5

I'd like to know how storage rules deployment works in Firebase.

In Firebase Storage I have 2 buckets app.appspot.com and app-mybucket. On my local machine I have a storage.rules file which looks something like this:

service firebase.storage {
  match /b/app.appspot.com/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
  match /b/app-mybucket/o {
    match /{userId}/{allPaths=**} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

When I firebase deploy --only storage these rules get sent to the default app.appshpot.com bucket and nothing seems to get sent to app-mybucket. I'd like to know of a way I can deploy rules to all buckets.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
galki
  • 8,149
  • 7
  • 50
  • 62
  • What are you observing that suggest the rules aren't getting deployed they way you expect? Have you actually tried to test them using client code that verifies they work? – Doug Stevenson Dec 05 '18 at 19:52
  • No I didn't try to test them because I had a look at the Firebase console and the rules for `app.appshpot.com` were overwritten with the `storage.rules` rules, and the `app-mybucket` rules were untouched and didn't reflect what was written in `storage.rules` – galki Dec 05 '18 at 19:58
  • Could you verify that the rules on the other bucket don't actually work the way you expect (using client code that you write), even if the console doesn't look the way you expect? – Doug Stevenson Dec 05 '18 at 20:17
  • I tried a bunch of combinations to check whether it's really the uploaded rules that have an impact or not and it seems that yes, the console is displaying the actual rules. – galki Dec 05 '18 at 22:41

2 Answers2

24

In your firebase.json file, you can specify something like this:

  "storage": [{
    "rules": "my-appspot.rules",
    "bucket": "app.appspot.com"
  },
  {
    "rules": "my-bucket.rules",
    "bucket": "app-mybucket"
  }]

The example above uses different rules per bucket, you can use the same rules for each bucket as well if you'd like.

dvdmmc
  • 380
  • 2
  • 7
7

You can also use deploy targets. More info can be found here.

Example

  1. Apply new target (in this case "main") using CLI
firebase target:apply storage main myproject.appspot.com myproject-eu myproject-ja
  1. Update firebase.json
{
  "storage": [ {
      "target": "main",  // "main" is the applied target name for the group of Storage buckets
      "rules": "storage.main.rules"  // the file that contains the shared security rules
    }
  ]
}
  1. Use
firebase deploy --only storage:main
galki
  • 8,149
  • 7
  • 50
  • 62
Erik van den Hoorn
  • 563
  • 5
  • 16
  • This answer was more useful for me as I was dealing with multiple environments and I could use dynamic environment variables in my CI pipeline for the target and deploy commands. – saurabh Feb 09 '21 at 18:07