This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GCP - Firestore Collection & document create in default DB, not in expected DB

Posted on 10-03-2023 05:38 AM
Rahul2023
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello Techies, 

I am new in GCP world. I have a quick question regarding GCP- Firestore.

I have 2 databases ("default" and "CustomDBName") in Firestore, I am using very simple python script to transfer JSON files, But unfortunately, collection and documents created in default database, not in expected database. I am sure, missing something here. 

import json
import firebase_admin
from firebase_admin import credentials
from firebase_admin import firestore
cred = credentials.Certificate('GCP-Credentials_FireStoreLoader.json')

# This works but create collection within default database
firebase_admin.initialize_app(cred)

# Tried this, but same collection and documents created in default database
firebase_app = firebase_admin.initialize_app(name="edwdocuments", credential=cred, options=None)
db = firestore.client(firebase_app)

f = open(file.json)
data = json.load(f)
f.close()
db.collection("EDWDocs").add(data)

 

Thanks

Rahul

Solved Solved
0 4 3,955
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ms4446
Staff
In response to Rahul2023
Reply posted on --/--/---- --:-- AM

The Firestore service in Google Cloud Platform (GCP) does not support multiple databases within a single project in the same way that some other databases do. Instead, each GCP project has one Firestore database. 

To restrict a service account to a specific Firestore database, you would actually be restricting it to a specific GCP project. Each GCP project has one Firestore database. If you want to have multiple Firestore databases, you would typically create multiple GCP projects, each with its own Firestore database.

IAM conditions in Firestore do not currently support resource-level granularity like you've described. The condition you've mentioned (resource.name.startsWith("projects/YOUR_PROJECT_ID/databases/edwdocuments/")) is not valid for Firestore. Firestore does not currently support resource-level IAM conditions.

Here's what you can do:

  1. Create a New GCP Project (if needed): If you want to have a separate Firestore database, you should create a new GCP project and initialize Firestore in that project.

  2. Create a Service Account in the Desired Project: Create a service account in the project where you want to restrict access.

  3. Assign Roles to the Service Account: Assign the necessary Firestore roles to the service account. For example, if you want the service account to have full access to Firestore, you can assign it the roles/datastore.owner role.

  4. Use the Service Account's Credentials: When you initialize the Firestore client in your Python code, use the credentials of the service account you've created in the desired project. This will ensure that the client can only access the Firestore database in that project.

From the steps you've provided, it seems you've created a service account and granted it the datastore.owner role for the entire project. This means the service account has access to the Firestore database in that project. If you want to restrict the service account to a different Firestore database, you would need to create or choose a different GCP project and repeat the process there.

View solution in original post

Jump to Solution
0 Likes
4 REPLIES 4