firebase-tools 10.1.2 → 10.2.0

package/lib/api.js

@@ -67,6 +67,7 @@ var _appendQueryData = function (path, data) {
     return path;
 };
 var api = {
+    authProxyOrigin: utils.envOverride("FIREBASE_AUTHPROXY_URL", "https://auth.firebase.tools"),
     clientId: utils.envOverride("FIREBASE_CLIENT_ID", "563584335869-fgrhgmd47bqnekij5i8b5pr03ho849e6.apps.googleusercontent.com"),
     clientSecret: utils.envOverride("FIREBASE_CLIENT_SECRET", "j9iVZfS8kkCEFUPaAeJV0sAi"),
     cloudbillingOrigin: utils.envOverride("FIREBASE_CLOUDBILLING_URL", "https://cloudbilling.googleapis.com"),

package/lib/apiv2.js

@@ -1,9 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Client = exports.setAccessToken = exports.setRefreshToken = void 0;
-const stream_1 = require("stream");
 const url_1 = require("url");
+const stream_1 = require("stream");
 const ProxyAgent = require("proxy-agent");
+const retry = require("retry");
 const abort_controller_1 = require("abort-controller");
 const node_fetch_1 = require("node-fetch");
 const util_1 = require("util");
@@ -151,6 +152,7 @@ class Client {
         return `${this.opts.urlPrefix}${versionPath}${options.path}`;
     }
     async doRequest(options) {
+        var _a;
         if (!options.path.startsWith("/")) {
             options.path = "/" + options.path;
         }
@@ -199,53 +201,95 @@ class Client {
         else if (options.body !== undefined) {
             fetchOptions.body = JSON.stringify(options.body);
         }
-        this.logRequest(options);
-        let res;
-        try {
-            res = await (0, node_fetch_1.default)(fetchURL, fetchOptions);
-        }
-        catch (thrown) {
-            const err = thrown instanceof Error ? thrown : new Error(thrown);
-            const isAbortError = err.name.includes("AbortError");
-            if (isAbortError) {
-                throw new error_1.FirebaseError(`Timeout reached making request to ${fetchURL}`, { original: err });
-            }
-            throw new error_1.FirebaseError(`Failed to make request to ${fetchURL}`, { original: err });
-        }
-        finally {
-            if (reqTimeout) {
-                clearTimeout(reqTimeout);
-            }
-        }
-        let body;
-        if (options.responseType === "json") {
-            const text = await res.text();
-            if (!text.length) {
-                body = undefined;
-            }
-            else {
-                body = JSON.parse(text);
-            }
-        }
-        else if (options.responseType === "stream") {
-            body = res.body;
-        }
-        else {
-            throw new error_1.FirebaseError(`Unable to interpret response. Please set responseType.`, {
-                exit: 2,
-            });
-        }
-        this.logResponse(res, body, options);
-        if (res.status >= 400) {
-            if (!options.resolveOnHTTPError) {
-                throw responseToError({ statusCode: res.status }, body);
-            }
-        }
-        return {
-            status: res.status,
-            response: res,
-            body,
+        const operationOptions = {
+            retries: ((_a = options.retryCodes) === null || _a === void 0 ? void 0 : _a.length) ? 1 : 2,
+            minTimeout: 1 * 1000,
+            maxTimeout: 5 * 1000,
         };
+        if (typeof options.retries === "number") {
+            operationOptions.retries = options.retries;
+        }
+        if (typeof options.retryMinTimeout === "number") {
+            operationOptions.minTimeout = options.retryMinTimeout;
+        }
+        if (typeof options.retryMaxTimeout === "number") {
+            operationOptions.maxTimeout = options.retryMaxTimeout;
+        }
+        const operation = retry.operation(operationOptions);
+        return await new Promise((resolve, reject) => {
+            operation.attempt(async (currentAttempt) => {
+                var _a;
+                let res;
+                let body;
+                try {
+                    if (currentAttempt > 1) {
+                        logger_1.logger.debug(`*** [apiv2] Attempting the request again. Attempt number ${currentAttempt}`);
+                    }
+                    this.logRequest(options);
+                    try {
+                        res = await (0, node_fetch_1.default)(fetchURL, fetchOptions);
+                    }
+                    catch (thrown) {
+                        const err = thrown instanceof Error ? thrown : new Error(thrown);
+                        const isAbortError = err.name.includes("AbortError");
+                        if (isAbortError) {
+                            throw new error_1.FirebaseError(`Timeout reached making request to ${fetchURL}`, {
+                                original: err,
+                            });
+                        }
+                        throw new error_1.FirebaseError(`Failed to make request to ${fetchURL}`, { original: err });
+                    }
+                    finally {
+                        if (reqTimeout) {
+                            clearTimeout(reqTimeout);
+                        }
+                    }
+                    if (options.responseType === "json") {
+                        const text = await res.text();
+                        if (!text.length) {
+                            body = undefined;
+                        }
+                        else {
+                            try {
+                                body = JSON.parse(text);
+                            }
+                            catch (err) {
+                                this.logResponse(res, text, options);
+                                throw new error_1.FirebaseError(`Unable to parse JSON: ${err}`);
+                            }
+                        }
+                    }
+                    else if (options.responseType === "stream") {
+                        body = res.body;
+                    }
+                    else {
+                        throw new error_1.FirebaseError(`Unable to interpret response. Please set responseType.`, {
+                            exit: 2,
+                        });
+                    }
+                }
+                catch (err) {
+                    return err instanceof error_1.FirebaseError ? reject(err) : reject(new error_1.FirebaseError(`${err}`));
+                }
+                this.logResponse(res, body, options);
+                if (res.status >= 400) {
+                    if ((_a = options.retryCodes) === null || _a === void 0 ? void 0 : _a.includes(res.status)) {
+                        const err = responseToError({ statusCode: res.status }, body) || undefined;
+                        if (operation.retry(err)) {
+                            return;
+                        }
+                    }
+                    if (!options.resolveOnHTTPError) {
+                        return reject(responseToError({ statusCode: res.status }, body));
+                    }
+                }
+                resolve({
+                    status: res.status,
+                    response: res,
+                    body,
+                });
+            });
+        });
     }
     logRequest(options) {
         var _a, _b;
@@ -282,7 +326,7 @@ class Client {
 }
 exports.Client = Client;
 function isLocalInsecureRequest(urlPrefix) {
-    const u = (0, url_1.parse)(urlPrefix);
+    const u = new url_1.URL(urlPrefix);
     return u.protocol === "http:";
 }
 function bodyToString(body) {

package/lib/archiveDirectory.js

@@ -1,18 +1,17 @@
 "use strict";
-const _ = require("lodash");
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.archiveDirectory = void 0;
 const archiver = require("archiver");
 const filesize = require("filesize");
 const fs = require("fs");
 const path = require("path");
 const tar = require("tar");
 const tmp = require("tmp");
-const { listFiles } = require("./listFiles");
-const { FirebaseError } = require("./error");
+const error_1 = require("./error");
+const listFiles_1 = require("./listFiles");
+const logger_1 = require("./logger");
 const fsAsync = require("./fsAsync");
-const { logger } = require("./logger");
-const utils = require("./utils");
-const archiveDirectory = (sourceDirectory, options) => {
-    options = options || {};
+async function archiveDirectory(sourceDirectory, options = {}) {
     let postfix = ".tar.gz";
     if (options.type === "zip") {
         postfix = ".zip";
@@ -26,105 +25,96 @@ const archiveDirectory = (sourceDirectory, options) => {
     }
     let makeArchive;
     if (options.type === "zip") {
-        makeArchive = _zipDirectory(sourceDirectory, tempFile, options);
+        makeArchive = zipDirectory(sourceDirectory, tempFile, options);
     }
     else {
-        makeArchive = _tarDirectory(sourceDirectory, tempFile, options);
+        makeArchive = tarDirectory(sourceDirectory, tempFile, options);
     }
-    return makeArchive
-        .then((archive) => {
-        logger.debug(`Archived ${filesize(archive.size)} in ${sourceDirectory}.`);
+    try {
+        const archive = await makeArchive;
+        logger_1.logger.debug(`Archived ${filesize(archive.size)} in ${sourceDirectory}.`);
         return archive;
-    })
-        .catch((err) => {
-        if (err instanceof FirebaseError) {
+    }
+    catch (err) {
+        if (err instanceof error_1.FirebaseError) {
             throw err;
         }
-        return utils.reject("Failed to create archive.", {
-            original: err,
-        });
-    });
-};
-const _tarDirectory = (sourceDirectory, tempFile, options) => {
-    const allFiles = listFiles(sourceDirectory, options.ignore);
+        throw new error_1.FirebaseError("Failed to create archive.", { original: err });
+    }
+}
+exports.archiveDirectory = archiveDirectory;
+async function tarDirectory(sourceDirectory, tempFile, options) {
+    const allFiles = (0, listFiles_1.listFiles)(sourceDirectory, options.ignore);
     try {
         fs.statSync(sourceDirectory);
     }
     catch (err) {
         if (err.code === "ENOENT") {
-            return utils.reject(`Could not read directory "${sourceDirectory}"`);
+            throw new error_1.FirebaseError(`Could not read directory "${sourceDirectory}"`);
         }
         throw err;
     }
     if (!allFiles.length) {
-        return utils.reject(`Cannot create a tar archive with 0 files from directory "${sourceDirectory}"`);
+        throw new error_1.FirebaseError(`Cannot create a tar archive with 0 files from directory "${sourceDirectory}"`);
     }
-    return tar
-        .create({
+    await tar.create({
         gzip: true,
         file: tempFile.name,
         cwd: sourceDirectory,
         follow: true,
         noDirRecurse: true,
         portable: true,
-    }, allFiles)
-        .then(() => {
-        const stats = fs.statSync(tempFile.name);
-        return {
-            file: tempFile.name,
-            stream: fs.createReadStream(tempFile.name),
-            manifest: allFiles,
-            size: stats.size,
-            source: sourceDirectory,
-        };
-    });
-};
-const _zipDirectory = (sourceDirectory, tempFile, options) => {
+    }, allFiles);
+    const stats = fs.statSync(tempFile.name);
+    return {
+        file: tempFile.name,
+        stream: fs.createReadStream(tempFile.name),
+        manifest: allFiles,
+        size: stats.size,
+        source: sourceDirectory,
+    };
+}
+async function zipDirectory(sourceDirectory, tempFile, options) {
     const archiveFileStream = fs.createWriteStream(tempFile.name, {
         flags: "w",
         encoding: "binary",
     });
     const archive = archiver("zip");
-    const archiveDone = _pipeAsync(archive, archiveFileStream);
+    const archiveDone = pipeAsync(archive, archiveFileStream);
     const allFiles = [];
-    return fsAsync
-        .readdirRecursive({ path: sourceDirectory, ignore: options.ignore })
-        .catch((err) => {
+    let files;
+    try {
+        files = await fsAsync.readdirRecursive({ path: sourceDirectory, ignore: options.ignore });
+    }
+    catch (err) {
         if (err.code === "ENOENT") {
-            return utils.reject(`Could not read directory "${sourceDirectory}"`, { original: err });
+            throw new error_1.FirebaseError(`Could not read directory "${sourceDirectory}"`, { original: err });
         }
         throw err;
-    })
-        .then(function (files) {
-        _.forEach(files, function (file) {
-            const name = path.relative(sourceDirectory, file.name);
-            allFiles.push(name);
-            archive.file(file.name, {
-                name,
-                mode: file.mode,
-            });
+    }
+    for (const file of files) {
+        const name = path.relative(sourceDirectory, file.name);
+        allFiles.push(name);
+        archive.file(file.name, {
+            name,
+            mode: file.mode,
         });
-        archive.finalize();
-        return archiveDone;
-    })
-        .then(() => {
-        const stats = fs.statSync(tempFile.name);
-        return {
-            file: tempFile.name,
-            stream: fs.createReadStream(tempFile.name),
-            manifest: allFiles,
-            size: stats.size,
-            source: sourceDirectory,
-        };
-    });
-};
-const _pipeAsync = function (from, to) {
-    return new Promise(function (resolve, reject) {
+    }
+    void archive.finalize();
+    await archiveDone;
+    const stats = fs.statSync(tempFile.name);
+    return {
+        file: tempFile.name,
+        stream: fs.createReadStream(tempFile.name),
+        manifest: allFiles,
+        size: stats.size,
+        source: sourceDirectory,
+    };
+}
+async function pipeAsync(from, to) {
+    return new Promise((resolve, reject) => {
         to.on("finish", resolve);
         to.on("error", reject);
         from.pipe(to);
     });
-};
-module.exports = {
-    archiveDirectory,
-};
+}

package/lib/auth.js

@@ -19,6 +19,10 @@ const logger_1 = require("./logger");
 const prompt_1 = require("./prompt");
 const scopes = require("./scopes");
 const defaultCredentials_1 = require("./defaultCredentials");
+const uuid_1 = require("uuid");
+const crypto_1 = require("crypto");
+const cli_color_1 = require("cli-color");
+const track_1 = require("./track");
 portfinder.basePort = 9005;
 function getGlobalDefaultAccount() {
     const user = configstore_1.configstore.get("user");
@@ -182,19 +186,23 @@ function getLoginUrl(callbackUrl, userHint) {
             login_hint: userHint,
         }));
 }
-async function getTokensFromAuthorizationCode(code, callbackUrl) {
+async function getTokensFromAuthorizationCode(code, callbackUrl, verifier) {
     var _a, _b;
     let res;
+    const params = {
+        code: code,
+        client_id: api.clientId,
+        client_secret: api.clientSecret,
+        redirect_uri: callbackUrl,
+        grant_type: "authorization_code",
+    };
+    if (verifier) {
+        params["code_verifier"] = verifier;
+    }
     try {
         res = await api.request("POST", "/o/oauth2/token", {
             origin: api.authOrigin,
-            form: {
-                code: code,
-                client_id: api.clientId,
-                client_secret: api.clientSecret,
-                redirect_uri: callbackUrl,
-                grant_type: "authorization_code",
-            },
+            form: params,
         });
     }
     catch (err) {
@@ -248,31 +256,58 @@ async function respondWithFile(req, res, statusCode, filename) {
     res.end(response);
     req.socket.destroy();
 }
-async function loginWithoutLocalhost(userHint) {
-    const callbackUrl = getCallbackUrl();
-    const authUrl = getLoginUrl(callbackUrl, userHint);
+function urlsafeBase64(base64string) {
+    return base64string.replace(/\+/g, "-").replace(/=+$/, "").replace(/\//g, "_");
+}
+async function loginRemotely(userHint) {
+    var _a;
+    const authProxyClient = new apiv2.Client({
+        urlPrefix: api.authProxyOrigin,
+        auth: false,
+    });
+    const sessionId = (0, uuid_1.v4)();
+    const codeVerifier = (0, crypto_1.randomBytes)(32).toString("hex");
+    const codeChallenge = urlsafeBase64((0, crypto_1.createHash)("sha256").update(codeVerifier).digest("base64"));
+    const attestToken = (_a = (await authProxyClient.post("/attest", {
+        session_id: sessionId,
+    })).body) === null || _a === void 0 ? void 0 : _a.token;
+    const loginUrl = `${api.authProxyOrigin}/login?code_challenge=${codeChallenge}&session=${sessionId}&attest=${attestToken}`;
+    logger_1.logger.info();
+    logger_1.logger.info("To sign in to the Firebase CLI:");
     logger_1.logger.info();
-    logger_1.logger.info("Visit this URL on any device to log in:");
-    logger_1.logger.info(clc.bold.underline(authUrl));
+    logger_1.logger.info("1. Take note of your session ID:");
+    logger_1.logger.info();
+    logger_1.logger.info(`   ${(0, cli_color_1.bold)(sessionId.substring(0, 5).toUpperCase())}`);
+    logger_1.logger.info();
+    logger_1.logger.info("2. Visit the URL below on any device and follow the instructions to get your code:");
+    logger_1.logger.info();
+    logger_1.logger.info(`   ${loginUrl}`);
+    logger_1.logger.info();
+    logger_1.logger.info("3. Paste or enter the authorization code below once you have it:");
     logger_1.logger.info();
-    open(authUrl);
     const code = await (0, prompt_1.promptOnce)({
         type: "input",
-        name: "code",
-        message: "Paste authorization code here:",
+        message: "Enter authorization code:",
     });
-    const tokens = await getTokensFromAuthorizationCode(code, callbackUrl);
-    return {
-        user: jwt.decode(tokens.id_token),
-        tokens: tokens,
-        scopes: SCOPES,
-    };
+    try {
+        const tokens = await getTokensFromAuthorizationCode(code, `${api.authProxyOrigin}/complete`, codeVerifier);
+        (0, track_1.track)("login", "google_remote");
+        return {
+            user: jwt.decode(tokens.id_token),
+            tokens: tokens,
+            scopes: SCOPES,
+        };
+    }
+    catch (e) {
+        throw new error_1.FirebaseError("Unable to authenticate using the provided code. Please try again.");
+    }
 }
 async function loginWithLocalhostGoogle(port, userHint) {
     const callbackUrl = getCallbackUrl(port);
     const authUrl = getLoginUrl(callbackUrl, userHint);
     const successTemplate = "../templates/loginSuccess.html";
     const tokens = await loginWithLocalhost(port, callbackUrl, authUrl, successTemplate, getTokensFromAuthorizationCode);
+    (0, track_1.track)("login", "google_localhost");
     return {
         user: jwt.decode(tokens.id_token),
         tokens: tokens,
@@ -283,7 +318,9 @@ async function loginWithLocalhostGitHub(port) {
     const callbackUrl = getCallbackUrl(port);
     const authUrl = getGithubLoginUrl(callbackUrl);
     const successTemplate = "../templates/loginSuccessGithub.html";
-    return loginWithLocalhost(port, callbackUrl, authUrl, successTemplate, getGithubTokensFromAuthorizationCode);
+    const tokens = await loginWithLocalhost(port, callbackUrl, authUrl, successTemplate, getGithubTokensFromAuthorizationCode);
+    (0, track_1.track)("login", "google_localhost");
+    return tokens;
 }
 async function loginWithLocalhost(port, callbackUrl, authUrl, successTemplate, getTokens) {
     return new Promise((resolve, reject) => {
@@ -331,10 +368,10 @@ async function loginGoogle(localhost, userHint) {
             return await loginWithLocalhostGoogle(port, userHint);
         }
         catch (_a) {
-            return await loginWithoutLocalhost(userHint);
+            return await loginRemotely(userHint);
         }
     }
-    return await loginWithoutLocalhost(userHint);
+    return await loginRemotely(userHint);
 }
 exports.loginGoogle = loginGoogle;
 async function loginGithub() {

package/lib/commands/ext-configure.js

@@ -27,6 +27,7 @@ exports.default = new command_1.Command("ext:configure <extensionInstanceId>")
     "firebaseextensions.instances.get",
 ])
     .before(checkMinRequiredVersion_1.checkMinRequiredVersion, "extMinVersion")
+    .before(extensionsHelper_1.diagnoseAndFixProject)
     .action(async (instanceId, options) => {
     const spinner = ora(`Configuring ${clc.bold(instanceId)}. This usually takes 3 to 5 minutes...`);
     try {

package/lib/commands/ext-dev-usage.js

@@ -58,14 +58,14 @@ module.exports = new command_1.Command("ext:dev:usage <publisherId>")
     }
     const profile = await (0, extensionsApi_1.getPublisherProfile)("-", publisherId);
     const projectNumber = (0, extensionsHelper_1.getPublisherProjectFromName)(profile.name);
-    const past30d = new Date();
-    past30d.setDate(past30d.getDate() - 30);
+    const past45d = new Date();
+    past45d.setDate(past45d.getDate() - 45);
     const query = {
         filter: `metric.type="firebaseextensions.googleapis.com/extension/version/active_instances" ` +
             `resource.type="firebaseextensions.googleapis.com/ExtensionVersion" ` +
             `resource.labels.extension="${extensionName}"`,
         "interval.endTime": new Date().toJSON(),
-        "interval.startTime": past30d.toJSON(),
+        "interval.startTime": past45d.toJSON(),
         view: cloudmonitoring_1.TimeSeriesView.FULL,
         "aggregation.alignmentPeriod": (60 * 60 * 24).toString() + "s",
         "aggregation.perSeriesAligner": cloudmonitoring_1.Aligner.ALIGN_MAX,
@@ -95,15 +95,10 @@ module.exports = new command_1.Command("ext:dev:usage <publisherId>")
     });
     utils.logLabeledBullet(extensionsHelper_1.logPrefix, `showing usage stats for ${clc.bold(extensionName)}:`);
     logger_1.logger.info(table.toString());
-    const link = await buildCloudMonitoringLink({
-        projectNumber: projectNumber,
-        extensionName,
-    });
     utils.logLabeledBullet(extensionsHelper_1.logPrefix, `How to read this table:`);
     logger_1.logger.info(`* Due to privacy considerations, numbers are reported as ranges.`);
     logger_1.logger.info(`* In the absence of significant changes, we will render a '-' symbol.`);
     logger_1.logger.info(`* You will need more than 10 installs over a period of more than 28 days to render sufficient data.`);
-    logger_1.logger.info(`For more detail, visit: ${link}`);
 });
 async function buildCloudMonitoringLink(args) {
     const pageState = {

package/lib/commands/ext-install.js

@@ -201,6 +201,7 @@ exports.default = new command_1.Command("ext:install [extensionName]")
     .before(requirePermissions_1.requirePermissions, ["firebaseextensions.instances.create"])
     .before(extensionsHelper_1.ensureExtensionsApiEnabled)
     .before(checkMinRequiredVersion_1.checkMinRequiredVersion, "extMinVersion")
+    .before(extensionsHelper_1.diagnoseAndFixProject)
     .action(async (extensionName, options) => {
     const projectId = (0, projectUtils_1.needProjectId)(options);
     const paramsEnvPath = options.params;

package/lib/commands/ext-uninstall.js

@@ -33,6 +33,7 @@ exports.default = new command_1.Command("ext:uninstall <extensionInstanceId>")
     .before(requirePermissions_1.requirePermissions, ["firebaseextensions.instances.delete"])
     .before(extensionsHelper_1.ensureExtensionsApiEnabled)
     .before(checkMinRequiredVersion_1.checkMinRequiredVersion, "extMinVersion")
+    .before(extensionsHelper_1.diagnoseAndFixProject)
     .action(async (instanceId, options) => {
     const projectId = (0, projectUtils_1.needProjectId)(options);
     let instance;

package/lib/commands/ext-update.js

@@ -44,6 +44,7 @@ exports.default = new command_1.Command("ext:update <extensionInstanceId> [updat
 ])
     .before(extensionsHelper_1.ensureExtensionsApiEnabled)
     .before(checkMinRequiredVersion_1.checkMinRequiredVersion, "extMinVersion")
+    .before(extensionsHelper_1.diagnoseAndFixProject)
     .withForce()
     .option("--params <paramsFile>", "name of params variables file with .env format.")
     .action(async (instanceId, updateSource, options) => {

package/lib/commands/functions-secrets-access.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const command_1 = require("../command");
+const logger_1 = require("../logger");
+const projectUtils_1 = require("../projectUtils");
+const secretManager_1 = require("../gcp/secretManager");
+exports.default = new command_1.Command("functions:secrets:access <KEY>[@version]")
+    .description("Access secret value given secret and its version. Defaults to accessing the latest version.")
+    .action(async (key, options) => {
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    let [name, version] = key.split("@");
+    if (!version) {
+        version = "latest";
+    }
+    const value = await (0, secretManager_1.accessSecretVersion)(projectId, name, version);
+    logger_1.logger.info(value);
+});

package/lib/commands/functions-secrets-destroy.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const command_1 = require("../command");
+const logger_1 = require("../logger");
+const projectUtils_1 = require("../projectUtils");
+const secretManager_1 = require("../gcp/secretManager");
+const prompt_1 = require("../prompt");
+const secrets = require("../functions/secrets");
+exports.default = new command_1.Command("functions:secrets:destroy <KEY>[@version]")
+    .description("Destroy a secret. Defaults to destroying the latest version.")
+    .withForce("Destroys a secret without confirmation.")
+    .action(async (key, options) => {
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    let [name, version] = key.split("@");
+    if (!version) {
+        version = "latest";
+    }
+    const sv = await (0, secretManager_1.getSecretVersion)(projectId, name, version);
+    if (!options.force) {
+        const confirm = await (0, prompt_1.promptOnce)({
+            name: "destroy",
+            type: "confirm",
+            default: true,
+            message: `Are you sure you want to destroy ${sv.secret.name}@${sv.versionId}`,
+        }, options);
+        if (!confirm) {
+            return;
+        }
+    }
+    await (0, secretManager_1.destroySecretVersion)(projectId, name, version);
+    logger_1.logger.info(`Destroyed secret version ${name}@${sv.versionId}`);
+    const secret = await (0, secretManager_1.getSecret)(projectId, name);
+    if (secrets.isFirebaseManaged(secret)) {
+        const versions = await (0, secretManager_1.listSecretVersions)(projectId, name);
+        if (versions.filter((v) => v.state === "ENABLED").length === 0) {
+            logger_1.logger.info(`No active secret versions left. Destroying secret ${name}`);
+            await (0, secretManager_1.deleteSecret)(projectId, name);
+        }
+    }
+});

package/lib/commands/functions-secrets-get.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const Table = require("cli-table");
+const command_1 = require("../command");
+const logger_1 = require("../logger");
+const projectUtils_1 = require("../projectUtils");
+const secretManager_1 = require("../gcp/secretManager");
+exports.default = new command_1.Command("functions:secrets:get <KEY>")
+    .description("Get metadata for secret and its versions")
+    .action(async (key, options) => {
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    const versions = await (0, secretManager_1.listSecretVersions)(projectId, key);
+    const table = new Table({
+        head: ["Version", "State"],
+        style: { head: ["yellow"] },
+    });
+    for (const version of versions) {
+        table.push([version.versionId, version.state]);
+    }
+    logger_1.logger.info(table.toString());
+});