Firestore

The Firestore connector lets you perform the supported operations on Firestore.

Before you begin

Before using the Firestore connector, do the following tasks:

  • In your Google Cloud project:
    • Ensure that network connectivity is set up. For information about network patterns, see Network connectivity.
    • Grant the roles/connectors.admin IAM role to the user configuring the connector.
    • Grant the following IAM roles to the service account that you want to use for the connector:
      • roles/secretmanager.viewer
      • roles/secretmanager.secretAccessor

      A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. If you don't have a service account, you must create a service account. For more information, see Creating a service account.

    • Enable the following services:
      • secretmanager.googleapis.com (Secret Manager API)
      • connectors.googleapis.com (Connectors API)

      To understand how to enable services, see Enabling services.

    If these services or permissions have not been enabled for your project previously, you are prompted to enable them when configuring the connector.

  • If you are using the service account authentication instead of OAuth 2.0 authentication, ensure that appropriate permissions are given to the service account. For more information, see IAM roles and permissions.

Configure the connector

Configuring the connector requires you to create a connection to your data source (backend system). A connection is specific to a data source. It means that if you have many data sources, you must create a separate connection for each data source. To create a connection, do the following steps:

  1. In the Cloud console, go to the Integration Connectors > Connections page and then select or create a Google Cloud project.

    Go to the Connections page

  2. Click + Create new to open the Create Connection page.
  3. In the Location section, choose the location for the connection.
    1. Region: Select a location from the drop-down list.

      For the list of all the supported regions, see Locations.

    2. Click Next.
  • In the Connection Details section, set the following fields:
    1. Connector: Select Firestore from the drop down list of available connectors.
    2. Connector version: Select the connector version from the drop down list of available versions.
    3. In the Connection Name field, enter a name for the connection instance.

      Connection names must meet the following criteria:

      • Connection names can use letters, numbers, or hyphens.
      • Letters must be lower-case.
      • Connection names must begin with a letter and end with a letter or number.
      • Connection names cannot exceed 63 characters.
    4. Optionally, enter a Description for the connection instance.
    5. Optionally, select Enable cloud logging if you want to log the connector execution details.
    6. Service Account: Select a service account that has the required roles.
    7. Optionally, configure the Connection node settings:

      • Minimum number of nodes: Enter the minimum number of connection nodes.
      • Maximum number of nodes: Enter the maximum number of connection nodes.

      A node is a unit (or replica) of a connection that processes transactions. More nodes are required to process more transactions for a connection and conversely, fewer nodes are required to process fewer transactions. To understand how the nodes affect your connector pricing, see Pricing for connection nodes. If you don't enter any values, by default the minimum nodes are set to 2 (for better availability) and the maximum nodes are set to 50.

    8. Optionally, click + Add label to add a label to the connection in the form of a key-value pair.
    9. Click Next.
    10. In the Authentication section, enter the authentication details.
      1. Select an Authentication type and enter the relevant details.

        You can choose any of the following authentication types:

        • OAuth 2.0
        • Service account
      2. To understand how to configure these authentication types, see Configure authentication.

      3. Click Next.
    11. Review: Review your connection and authentication details.
    12. Click Create.

    Configure authentication

    Enter the details based on the authentication you want to use.

    • OAuth 2.0
      • Client ID: The client ID required to connect to your backend Google service.
      • Scopes: Select the required OAuth 2.0 scopes from the drop-down. To view all the supported OAuth 2.0 scopes for your required Google service, see the relevant section in the OAuth 2.0 Scopes for Google APIs page.
      • Client Secret: Select the Secret Manager secret containing the password associated with the client secret.
      • Secret version: Select the secret version.
    • Service account

      Select this option to authenticate using the service account that you provided in the preceding steps when configuring this connection. Ensure that you have provided the service account that has the relevant IAM roles and permissions required for authentication.

      • Scopes: Select the required OAuth 2.0 scopes from the drop-down. For more information, see Access scopes.

    Actions

    This connector provides a layer of abstraction for the objects of the connected backend service. You can access the backend's objects only through this abstraction. The abstraction is exposed to you as actions. An Action is a first class function that is made available to the integration through the connector interface. An action lets you make changes to an entity or entities, and varies from connector to connector. However, it is possible that a connector doesn't support any action, in which case the Actions list will be empty.

    Use the Firestore connection in an integration

    After you create the connection, it becomes available in Application Integration. You can use the connection in an integration through the Connectors task.

    Get help from the Google Cloud community

    You can post your questions and discuss this connector in the Google Cloud community at Cloud Forums.

    What's next