init should not change database security rules

[tamalsaha]

I have an existing Firebase app that I upgraded to the new console. Then in an empty folder I ran firebase init and completed the prompts. In the end, I get a database.rules.json file with globally read-write enable rules.
{ ".read": true, ".write": true }
But I actually have configured more restrictive security rules from the old console. Those rules are still present in the new console. I think the init command should use existing security rules for an app. Please look into this.

Thanks.

[mbleigh]

Hmm, this is a bit of a pickle. We're trying to sever the project-specific parts of firebase init, but I agree that this is potentially dangerous behavior. Maybe after you pick a project, if you're initializing Database, it should prompt to download your existing rules.

What do you think?

[tamalsaha]

I think if my Firebase has non-default security rules, then cli should consider it already initialized. I think it can be like git merge. Which ever side has non-default rules, wins. If both sides have non-default non-matching rules, then a conflict is the right behavior. In case of a conflict, cli can ask use to take either remote or local rules. This is what I can think off of the top of my head.

[jobsamuel]

Hey @mbleigh, I think by default firebase init should let existing rules untouched and be explicit when let you set new ones.

Sounds great to prompt to download your existing rules by It would be awesome to have a rollback feature for rules that have been set/configure by the CLI.

[katowulf]

@jobsamuel great ideas here! Could you submit the rollback feature as a separate request?

[jobsamuel]

Done @katowulf 😎

[mhalle]

Also note that that the database rules get overwritten even if you choose "hosting" when doing a "firebase init". So you can wipe out your handwritten rules for the database side of your project just by configuring hosting.

This bug wiped out hundreds of lines of custom rules for us.

It isn't clear to me how to safely set up a new developer machine using the firebase CLI tools in a way that is assured not to bash an existing configuration. Maybe something like "firebase pull" that would copy an existing config to a local dir.

[laurenzlong]

The pull request has now been merged into Master (see above). @tamalsaha let me know if this addresses concerns that you have, and whether there are unresolved concerns that would warrant another issue.