From what I can tell, when i change the ruleset that is referred to by resource_firebaserules_release in ruleset_name, it deletes and recreates the release in Firebase. After deleting and before creating the new one, it seems like that creates a dangerous situation in which there are no security rules because the release has been deleted. In normal circumstances the time in which that state exists could be very short and maybe the rules get replaced before the deletion actually propagates to the point where it affects clients, but if somehow Terraform fails after deleting the old one and before creating the new one, it looks to me like the release could just get deleted and then not get recreated. The API has patch function to update the ruleset so it looks to me like the provider should just use that.
If the answer to my question is “no”, then it’s fine and I can just use the the provider as is. If answer is “yes” then it would be a security issue to have the security ruleset temporarily non-existent.
