Bill
Reputation: 519
What rule will make my Firebase storage bucket accessible only to my Firebase Function in the same project?
My file upload to a Cloud Storage bucket only happen from the Firebase console. What Cloud Storage rule would allow only my Firebase function in the same project to read/write to the bucket?
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
???
}
}
}
Upvotes: 1
Views: 338
Answers (1)
Frank van Puffelen
Reputation: 599716
Cloud Functions run with administrative access to the project they're a part of. This means you can simply give no regular users access to the bucket, as Cloud Functions bypasses your rules anyway.
From the documentation:
// Access to files through Firebase Storage is completely disallowed. // Files may still be accessible through Google App Engine or GCS APIs. service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if false; } } }
Your access from Cloud Functions falls under the "GCS APIs" in the comments above.
Upvotes: 1
Related Questions
- Is it possible to scope Firebase functions to a folder inside a storage bucket?
- Access Firebase Storage from Firebase Functions
- Firebase Cloud Storage rules based on Firestore Data work around
- Firebase Cloud Function config to access other project db
- Firebase storage security rule for all buckets
- Can I use cloud function in storage rule?
- Firebase Storage Security Rules
- Assests folder use under Firebase Cloud Function project
- Firebase storage rules for bucket not allowing access
- Firebase permission for storage function