I've updated my Google App Engine application to write some settings in a newly created firestore instance within the same project.
I get emails from firestore/firebase saying that my firestore is insecure and open to anybody to read/write.
When I look the documentation, all sample points to a Firebase utilisation, while I'm writing to firestore with the Google App Engine service Account via "google/cloud" PHP library.
Do you have any sample ? I just need to allow the service account to read write a single collection.
It sounds like you're using an Admin SDK or otherwise server-side API to access Cloud Firestore. In that case your code accesses Firestore with administrative credentials, and bypasses the security rules.
If this is the only way you access Cloud Firestore, you can simply set the security rules to disallow all access from client-side SDKs with. According to the Firebase documentation on locking down the database those rules are:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}