Firebase-tools: Firestore security rule emulator - get and getAfter throwing an exception on non existant doc
[REQUIRED] Environment info
firebase-tools:7.16.1
Platform:Windows
[REQUIRED] Test case
Just write a rule using a get or getAfter on a non existant doc.
For instance:
allow update: if get(/databases/$(database)/documents/doc/doesnot/exist) == null;
[REQUIRED] Steps to reproduce
See above
[REQUIRED] Expected behavior
As per the doc get and getAfter should return null. this is what the online simulator does.
[REQUIRED] Actual behavior
An exception is thrown
Service call error. Function: [get], Argument: [path_value {
...}
olivierkrener
All 13 comments
@olivierkrener thanks for reporting, @scottcrossen is looking into this.
samtstern
on 26 Mar 2020
@olivierkrener Thanks for reporting it! The fix for this is actually quite simple, but there's a lot of organizational complexity surrounding it which will delay the release of the fix by around 1-2 months.
scottcrossen
on 26 Mar 2020
Ok, thanks for the update, I am doing without for the time being
olivierkrener
on 27 Mar 2020
Okay! That's great to hear. I'm sorry you're experiencing this. Because the emulator mirrors the production experience, you may also encounter this in production. One workaround is to write a global function like this:
rules_version='2';
// Overload firestore-provided function at global scope.
function get(path) {
// You'll have to wait for the ternary operator to be released in the emulators
return exists(path) ? get(path) : null;
}
service cloud.firestore {
// Your code here.
}
It's not ideal because in production this may count as two data lookups instead of one, but it works. Also keep in mind that rules logic is 'short-circuiting' and that includes error handling. For example, `allow read: if get(/bad/path).boolean_field || true' would return true even though the first branch is an error.
Edit: It probably doesn't count as two rules lookups
scottcrossen
on 27 Mar 2020
And that's why I raised an issue for the ternary operator ;)
olivierkrener
on 28 Mar 2020
You say that
this will count as two data lookups instead of one
Can you elaborate? I thought that data lookup are counted by document reference. So doing 10x get(pathdoc) only counts as 1 data lookup in the end. I got this confirmed by one of your colleague on stackoverflow
https://stackoverflow.com/questions/60676202/firestore-security-rules-how-are-reads-counted-for-exists-get-getafter
olivierkrener
on 28 Mar 2020
Apparently this is no working in prod either, as you mention
olivierkrener
on 28 Mar 2020
Confirmed, through i could not use ternary operator with the emulator.
bumpmann
on 28 Mar 2020
Can you elaborate?
Doug would know better than me about the billing and limitations that are customer facing. What he says is generally canon.
scottcrossen
on 28 Mar 2020
Update: The first PR was merged on March 26th that will begin to fix this. It will take a few more months for it to be fully fixed because of deploy schedules.
scottcrossen
on 29 Mar 2020
@scottcrossen can you close this issue when the fix is rolled out? Also is there an internal bug I could follow?
samtstern
on 2 Jun 2020
@scottcrossen can you close this issue when the fix is rolled out? Also is there an internal bug I could follow?
In what release is this planned to be rolled out?
olivierkrener
on 3 Jun 2020
Not sure if I'm supposed to link internal bugs here, but YOLO for posterity: b/152525307
@samtstern
Unfortunately I haven't followed up with the current assignee for a while. I'm sorry about that. I'll start annoying him to work on it. This is pretty egregious and needs to be fixed.
scottcrossen
on 3 Jun 2020
Related issues
satishverma143
路
4Comments
chwzr
路
4Comments
roosi
路
3Comments
jkeys089
路
3Comments
laurenzlong
路
4Comments
Most helpful comment
And that's why I raised an issue for the ternary operator ;)