I read many GCP documents relating to credentials for using Cloud Firestore from Google App Engine Standard Environment, but I'm very confused now.
According to the following pages, I assume there can be two service accounts from Google App Engine and Firebase. So there are two credentials from each of them, right?
https://firebase.google.com/docs/admin/setup#initialize_the_sdk
https://cloud.google.com/docs/authentication/production
The documentation recommends to use the environment variable for a credential like the following,
export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
but which credential should I use in my case?
Related
My straight question is: since I am not interested in other Google Services, only Firestore, what is the difference between Firebase Cli and gcloud? Can I do all I need only with Firebase Cli or should I learn also gcloud?
I can easilly see that gcloud can handle more services than Firebase Cli. Also I can see Firebase Cli remenber me a lot the purpose of npm+ng cli when working with NodeJs/Angular (a simple analogy about scaffold/initialize/deploy). Nevertheless, our company will only use Firestore to take advantage of its Realtime Database pushing events to our mobile application.
I use Firebase Cli to type in my Windows command line and create a project in Firebase. I can see the result in Firebase Console and I also can see it in Console Cloud Plataform.
For me, who is total beginner with Google Cloud Plataform, it is a bit confused when prefer one over other. For instance, let's say I want to query data from Firebase Crashlytics from command line instead of logging from my Browser. Is it possible to use either Firebase Cli or gcloud? If both, which one is recommended for some company only interested in Firestore project?
This week I am struggling to figure out how to extract metrics regard my Firestore project and if I don't know what is the recommended tool for reach this task it make even harder to find the first steps. By extracting I don't mean see a beatifull dash in Google Console. I mean consume an endpoint providing me Firestore Metrics or, even better, subscribe my endpoint to Firestore project which will be called every time some issue happens (Other question asking exactly about getting Firestore metrics)
It is confusing and is partly the result of Google's acquisition of Firebase, the creation of what's now called Firestore (which is the unification of the original Firebase backend technology and Google Cloud Datastore), and that Google provides the Firestore service to both its Firebase and Google Cloud developer audiences.
As you've gathered, Google Cloud's CLI (Cloud SDK aka gcloud) and the Firebase CLI overlap in functionality. However, importantly:
both CLIs interact with a shared set of Google services (e.g. Firestore, identity, logging etc.).
there are some Google Cloud services not part of Firebase and vice versa
If you're focused on Firebase, you should be to able to stick with the Firebase CLI and continue to interact with Google's services through this Firebase lens.
If you include Google Cloud Platform services that aren't part of Firebase, you'll need to then consider using gcloud but importantly, you can either:
continue to use the Firebase CLI for the Firebase services;
use gcloud to interact with some (not all!) of the Firebase services (e.g. Firestore).
Over time, I assume (!) the remain discord between these 2 platforms will diminish.
If you consider both platforms as the result of (an ongoing?) unification since the acquisition, hopefully, these discrepancies will be more understandable and less frustrating.
Where you do find inconsistencies and frustrations, ensure Google knows by submitting feature requests and bugs.
I am running scripts to interact with Firestore (e.g. creating a doc). I've provided a service account key file to do so (tried with key files from Firebase and GCloud) - scripts run the same.
I am aware that Firebase is now built / closely linked to GCloud so I am expecting the key files to be similar.
However, the docs recommend initializing the sdk with a key from Firebase console when adding Firebase admin to your server and from GCloud Console for unit testing.
So here are my questions:
Why recommend 2 different ways to generate them? Is one more appropriate than the other?
Do service account key files generated in Firebase (1) and GCloud (2) consoles differ in terms of scope? Do they allow the same operations? Are they granted equivalent permissions?
Firebase Console > Project Settings > Service Accounts > Firebase Admin SDK > Create new private key
https://console.firebase.google.com/project/[my-project-id]/settings/serviceaccounts/adminsdk
Google Cloud Console > IAM & Admin > Service Accounts > App Engine default service account > Create key
https://console.cloud.google.com/iam-admin/serviceaccounts?project=[my-project-id]
The service account and credentials provided by the Firebase console are no different than one that you'd create in the Cloud console. Firebase is just making it easier to get started, so you don't have to learn the Cloud console. If you want to use the one provided by Firebase, fine. If you want to use one you create and configure in the Cloud console, fine. The Firebase service account should be visible in the Cloud console just like any other. When it comes to assigning permissions to individual products, you can still choose either one to work with. It's up to you.
I'm familiar with using Cloud Firestore when created through Firebase, but I've created a Cloud Firestore as a service within Cloud Platform and I can't figure out how to have a client access that database. I was expecting there would be someway to generate a GoogleService-Info.plist so that my iOS app can access Firestore.
How is Cloud Firestore different when created from GCP, and how can clients access it?
If you want to access Firestore from iOS, you will still have to go through the Firebase console to add your app to the project and generate that plist file.
What you probably don't realize is that a Firebase project is just like a GCP project. Every Firebase project IS a GCP project, just pre-configured with some services and APIs enabled. Read this blog for a full discussion. If you created your project via the Cloud console, you can just as easily access the very same project from the Firebase console.
Your Firstore instance is 100% the same, no matter how you access it. All the same data and scaling behavior that you expect from Firestore. The only differences lie in how Firebase client apps add special mobile functionality. Read this blog for a full discussion specific to Firestore.
Bottom line is that, for use with mobile apps, you should still use the Firebase console to set that up. You can use both console together at the same time. They show almost entirely the same data, but Firebase is simplified for mobile-centric use.
I have a backend in golang and was wondering how I can connect to Firebase storage to create/delete buckets and add/delete files. Can I use the Admin sdk. I found the client storage lib in golang for google cloud storage. Can I use that? And whats the difference between firebase storage and google cloud storage?
The app I'm working on connects to Firebase Storage Buckets via the Admin SDK, but we're using Firebase Functions in Node.js. However, it looks like the Admin SDK in Go offers the same Storage access, and it's documented (with example code in Go) here:
https://firebase.google.com/docs/storage/admin/start
I like using Admin in Firebase, because you don't have to worry about project configuration and authentication to the various services. Firebase storage is google cloud storage, but with a nice wrapper and well-integrated into other aspects of your Firebase project. You get some limitations as a trade-off for all of that convenience, but unless you run into a feature of Google Cloud that you absolutely need and doesn't exist in Firebase, I'd stick with the Firebase (and Admin) version.
I am trying to create a REST API for my app using Firebase Cloud Functions. I know how to use Admin SDK in Cloud Functions. It does have API to createUser. My front end app lets users sign in using Google and Facebook but I am not sure how to put it all together.
My app has successfully implemented Sign in with Google and Sign in with Facebook but how and what data do I transfer over to Cloud Functions (or any REST API Server for that matter) so that it could create a user in Firebase with appropriate provider.
Update for more explanation
I am creating an app for iOS and Android with some sort of cloud based backend. Right now I am experimenting with Firebase but I do not intend to tightly couple my apps to Firebase and hence do not want to pull Firebase-iOS and Firebase-Android SDKs into my app code. I want the ability and freedom to switch my backend over to AWS or Azure without changing frontend code.
The one (and only?) way is to create a server that will expose REST API endpoints and do the work on my behalf that usually SDK does. To achieve this, I am using Cloud Functions but that shouldn't matter as long as I have API to talk to actual cloud.
After putting that explanation, now my question is how do I let my users login to app using external providers like Google and Facebook and still achieve what I am trying to do. When I let users sign in with providers, I do not have their password to send to backend to create a new email/password user.
The sample code that best illustrates what you want to do here on GitHub.
It shows how to create an Express app that handles HTTP request pages. Learn more about Express to configure it for wildcards are needed.
It accepts and checks authentication tokens in HTTP requests from Firebase Authentication to validate the end user responsible for the request.