firebase-tools 10.1.5 → 10.2.2

package/lib/deploy/functions/functionsDeployHelper.js

@@ -10,7 +10,7 @@ function functionMatchesAnyGroup(func, filterGroups) {
 exports.functionMatchesAnyGroup = functionMatchesAnyGroup;
 function functionMatchesGroup(func, groupChunks) {
     const functionNameChunks = func.id.split("-").slice(0, groupChunks.length);
-    if (functionNameChunks.length != groupChunks.length) {
+    if (functionNameChunks.length !== groupChunks.length) {
         return false;
     }
     for (let i = 0; i < groupChunks.length; i += 1) {
@@ -28,7 +28,7 @@ function getFilterGroups(options) {
     const only = options.only.split(",");
     const onlyFunctions = only.filter((filter) => {
         const opts = filter.split(":");
-        return opts[0] == "functions" && opts[1];
+        return opts[0] === "functions" && opts[1];
     });
     return onlyFunctions.map((filter) => {
         return filter.split(":")[1].split(/[.-]/);

package/lib/deploy/functions/prepare.js

@@ -2,20 +2,19 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.inferDetailsFromExisting = exports.prepare = void 0;
 const clc = require("cli-color");
-const ensureCloudBuildEnabled_1 = require("./ensureCloudBuildEnabled");
-const functionsDeployHelper_1 = require("./functionsDeployHelper");
-const utils_1 = require("../../utils");
-const prepareFunctionsUpload_1 = require("./prepareFunctionsUpload");
-const prompts_1 = require("./prompts");
 const backend = require("./backend");
 const ensureApiEnabled = require("../../ensureApiEnabled");
 const functionsConfig = require("../../functionsConfig");
 const functionsEnv = require("../../functions/env");
-const previews_1 = require("../../previews");
-const projectUtils_1 = require("../../projectUtils");
-const track_1 = require("../../track");
 const runtimes = require("./runtimes");
 const validate = require("./validate");
+const ensure = require("./ensure");
+const functionsDeployHelper_1 = require("./functionsDeployHelper");
+const utils_1 = require("../../utils");
+const prepareFunctionsUpload_1 = require("./prepareFunctionsUpload");
+const prompts_1 = require("./prompts");
+const projectUtils_1 = require("../../projectUtils");
+const track_1 = require("../../track");
 const logger_1 = require("../../logger");
 const triggerRegionHelper_1 = require("./triggerRegionHelper");
 const checkIam_1 = require("./checkIam");
@@ -24,14 +23,7 @@ function hasUserConfig(config) {
     return Object.keys(config).length > 1;
 }
 function hasDotenv(opts) {
-    return previews_1.previews.dotenv && functionsEnv.hasUserEnvs(opts);
-}
-async function maybeEnableAR(projectId) {
-    if (!previews_1.previews.artifactregistry) {
-        return ensureApiEnabled.check(projectId, "artifactregistry.googleapis.com", "functions", true);
-    }
-    await ensureApiEnabled.ensure(projectId, "artifactregistry.googleapis.com", "functions");
-    return true;
+    return functionsEnv.hasUserEnvs(opts);
 }
 async function prepare(context, options, payload) {
     const projectId = (0, projectUtils_1.needProjectId)(options);
@@ -54,8 +46,8 @@ async function prepare(context, options, payload) {
     const checkAPIsEnabled = await Promise.all([
         ensureApiEnabled.ensure(projectId, "cloudfunctions.googleapis.com", "functions"),
         ensureApiEnabled.check(projectId, "runtimeconfig.googleapis.com", "runtimeconfig", true),
-        (0, ensureCloudBuildEnabled_1.ensureCloudBuildEnabled)(projectId),
-        maybeEnableAR(projectId),
+        ensure.cloudBuildEnabled(projectId),
+        ensure.maybeEnableAR(projectId),
     ]);
     context.runtimeConfigEnabled = checkAPIsEnabled[1];
     context.artifactRegistryEnabled = checkAPIsEnabled[3];
@@ -77,7 +69,7 @@ async function prepare(context, options, payload) {
         : usedDotenv
             ? "dotenv"
             : "none";
-    await (0, track_1.track)("functions_codebase_deploy_env_method", tag);
+    void (0, track_1.track)("functions_codebase_deploy_env_method", tag);
     logger_1.logger.debug(`Analyzing ${runtimeDelegate.name} backend spec`);
     const wantBackend = await runtimeDelegate.discoverSpec(runtimeConfig, firebaseEnvs);
     wantBackend.environmentVariables = Object.assign(Object.assign({}, userEnvs), firebaseEnvs);
@@ -110,7 +102,7 @@ async function prepare(context, options, payload) {
     for (const endpoint of backend.allEndpoints(wantBackend)) {
         endpoint.environmentVariables = wantBackend.environmentVariables;
     }
-    await Promise.all(Object.values(wantBackend.requiredAPIs).map((api) => {
+    await Promise.all(Object.values(wantBackend.requiredAPIs).map(({ api }) => {
         return ensureApiEnabled.ensure(projectId, api, "functions", false);
     }));
     validate.endpointsAreValid(wantBackend);
@@ -125,6 +117,8 @@ async function prepare(context, options, payload) {
     await (0, prompts_1.promptForFailurePolicies)(options, matchingBackend, haveBackend);
     await (0, prompts_1.promptForMinInstances)(options, matchingBackend, haveBackend);
     await backend.checkAvailability(context, wantBackend);
+    await validate.secretsAreValid(projectId, matchingBackend);
+    await ensure.secretAccess(projectId, matchingBackend, haveBackend);
 }
 exports.prepare = prepare;
 function inferDetailsFromExisting(want, have, usedDotenv) {
@@ -140,6 +134,7 @@ function inferDetailsFromExisting(want, have, usedDotenv) {
         if (!wantE.availableMemoryMb && haveE.availableMemoryMb) {
             wantE.availableMemoryMb = haveE.availableMemoryMb;
         }
+        wantE.securityLevel = haveE.securityLevel ? haveE.securityLevel : "SECURE_ALWAYS";
         maybeCopyTriggerRegion(wantE, haveE);
     }
 }

package/lib/deploy/functions/pricing.js

@@ -106,7 +106,7 @@ function canCalculateMinInstanceCost(endpoint) {
     if (!endpoint.minInstances) {
         return true;
     }
-    if (endpoint.platform == "gcfv1") {
+    if (endpoint.platform === "gcfv1") {
         if (!MB_TO_GHZ[endpoint.availableMemoryMb || 256]) {
             return false;
         }

package/lib/deploy/functions/prompts.js

@@ -21,7 +21,7 @@ async function promptForFailurePolicies(options, want, have) {
         const existing = (_a = have.endpoints[endpoint.region]) === null || _a === void 0 ? void 0 : _a[endpoint.id];
         return !(existing && backend.isEventTriggered(existing) && existing.eventTrigger.retry);
     });
-    if (newRetryEndpoints.length == 0) {
+    if (newRetryEndpoints.length === 0) {
         return;
     }
     const warnMessage = "The following functions will newly be retried in case of failure: " +
@@ -137,7 +137,7 @@ async function promptForMinInstances(options, want, have) {
         costLine = `With these options, your minimum bill will be $${cost} in a 30-day month`;
     }
     let cudAnnotation = "";
-    if (backend.someEndpoint(want, (fn) => fn.platform == "gcfv2" && !!fn.minInstances)) {
+    if (backend.someEndpoint(want, (fn) => fn.platform === "gcfv2" && !!fn.minInstances)) {
         cudAnnotation =
             "\nThis bill can be lowered with a one year commitment. See https://cloud.google.com/run/cud for more";
     }

package/lib/deploy/functions/release/fabricator.js

@@ -216,12 +216,12 @@ class Fabricator {
             })
                 .catch(rethrowAs(endpoint, "create topic"));
         }
-        const resultFunction = (await this.functionExecutor
+        const resultFunction = await this.functionExecutor
             .run(async () => {
             const op = await gcfV2.createFunction(apiFunction);
             return await poller.pollOperation(Object.assign(Object.assign({}, gcfV2PollerOptions), { pollerName: `create-${endpoint.region}-${endpoint.id}`, operationResourceName: op.name }));
         })
-            .catch(rethrowAs(endpoint, "create")));
+            .catch(rethrowAs(endpoint, "create"));
         endpoint.uri = resultFunction.serviceConfig.uri;
         const serviceName = resultFunction.serviceConfig.service;
         if (backend.isHttpsTriggered(endpoint)) {
@@ -243,7 +243,7 @@ class Fabricator {
             }
         }
         const mem = endpoint.availableMemoryMb || backend.DEFAULT_MEMORY;
-        if (mem >= backend.MIN_MEMORY_FOR_CONCURRENCY && endpoint.concurrency != 1) {
+        if (mem >= backend.MIN_MEMORY_FOR_CONCURRENCY && endpoint.concurrency !== 1) {
             await this.setConcurrency(endpoint, serviceName, endpoint.concurrency || DEFAULT_GCFV2_CONCURRENCY);
         }
     }

package/lib/deploy/functions/release/index.js

@@ -56,7 +56,7 @@ async function release(context, options, payload) {
     await containerCleaner.cleanupBuildImages(haveEndpoints, deletedEndpoints, opts);
     const allErrors = summary.results.filter((r) => r.error).map((r) => r.error);
     if (allErrors.length) {
-        const opts = allErrors.length == 1 ? { original: allErrors[0] } : { children: allErrors };
+        const opts = allErrors.length === 1 ? { original: allErrors[0] } : { children: allErrors };
         throw new error_1.FirebaseError("There was an error deploying functions", Object.assign(Object.assign({}, opts), { exit: 2 }));
     }
 }

package/lib/deploy/functions/release/planner.js

@@ -74,10 +74,10 @@ function upgradedToGCFv2WithoutSettingConcurrency(want, have) {
 }
 exports.upgradedToGCFv2WithoutSettingConcurrency = upgradedToGCFv2WithoutSettingConcurrency;
 function changedTriggerRegion(want, have) {
-    if (want.platform != "gcfv2") {
+    if (want.platform !== "gcfv2") {
         return false;
     }
-    if (have.platform != "gcfv2") {
+    if (have.platform !== "gcfv2") {
         return false;
     }
     if (!backend.isEventTriggered(want)) {
@@ -86,7 +86,7 @@ function changedTriggerRegion(want, have) {
     if (!backend.isEventTriggered(have)) {
         return false;
     }
-    return want.eventTrigger.region != have.eventTrigger.region;
+    return want.eventTrigger.region !== have.eventTrigger.region;
 }
 exports.changedTriggerRegion = changedTriggerRegion;
 function changedV2PubSubTopic(want, have) {
@@ -102,13 +102,13 @@ function changedV2PubSubTopic(want, have) {
     if (!backend.isEventTriggered(have)) {
         return false;
     }
-    if (want.eventTrigger.eventType != gcfv2.PUBSUB_PUBLISH_EVENT) {
+    if (want.eventTrigger.eventType !== gcfv2.PUBSUB_PUBLISH_EVENT) {
         return false;
     }
     if (have.eventTrigger.eventType !== gcfv2.PUBSUB_PUBLISH_EVENT) {
         return false;
     }
-    return have.eventTrigger.eventFilters["resource"] != want.eventTrigger.eventFilters["resource"];
+    return have.eventTrigger.eventFilters["resource"] !== want.eventTrigger.eventFilters["resource"];
 }
 exports.changedV2PubSubTopic = changedV2PubSubTopic;
 function upgradedScheduleFromV1ToV2(want, have) {
@@ -132,6 +132,9 @@ function checkForIllegalUpdate(want, have) {
         if (backend.isHttpsTriggered(e)) {
             return "an HTTPS";
         }
+        else if (backend.isCallableTriggered(e)) {
+            return "a callable";
+        }
         else if (backend.isEventTriggered(e)) {
             return "a background triggered";
         }
@@ -145,17 +148,17 @@ function checkForIllegalUpdate(want, have) {
     };
     const wantType = triggerType(want);
     const haveType = triggerType(have);
-    if (wantType != haveType) {
+    if (wantType !== haveType) {
         throw new error_1.FirebaseError(`[${(0, functionsDeployHelper_2.getFunctionLabel)(want)}] Changing from ${haveType} function to ${wantType} function is not allowed. Please delete your function and create a new one instead.`);
     }
-    if (want.platform == "gcfv1" && have.platform == "gcfv2") {
+    if (want.platform === "gcfv1" && have.platform === "gcfv2") {
         throw new error_1.FirebaseError(`[${(0, functionsDeployHelper_2.getFunctionLabel)(want)}] Functions cannot be downgraded from GCFv2 to GCFv1`);
     }
     exports.checkForV2Upgrade(want, have);
 }
 exports.checkForIllegalUpdate = checkForIllegalUpdate;
 function checkForV2Upgrade(want, have) {
-    if (want.platform == "gcfv2" && have.platform == "gcfv1") {
+    if (want.platform === "gcfv2" && have.platform === "gcfv1") {
         throw new error_1.FirebaseError(`[${(0, functionsDeployHelper_2.getFunctionLabel)(have)}] Upgrading from GCFv1 to GCFv2 is not yet supported. Please delete your old function or wait for this feature to be ready.`);
     }
 }

package/lib/deploy/functions/release/reporter.js

@@ -162,6 +162,9 @@ function triggerTag(endpoint) {
     if (backend.isTaskQueueTriggered(endpoint)) {
         return `${prefix}.taskQueue`;
     }
+    if (backend.isCallableTriggered(endpoint)) {
+        return `${prefix}.callable`;
+    }
     if (backend.isHttpsTriggered(endpoint)) {
         if ((_a = endpoint.labels) === null || _a === void 0 ? void 0 : _a["deployment-callable"]) {
             return `${prefix}.callable`;

package/lib/deploy/functions/runtimes/discovery/index.js

@@ -29,18 +29,18 @@ exports.yamlToBackend = yamlToBackend;
 async function detectFromYaml(directory, project, runtime) {
     let text;
     try {
-        text = await exports.readFileAsync(path.join(directory, "backend.yaml"), "utf8");
+        text = await exports.readFileAsync(path.join(directory, "functions.yaml"), "utf8");
     }
     catch (err) {
         if (err.code === "ENOENT") {
-            logger_1.logger.debug("Could not find backend.yaml. Must use http discovery");
+            logger_1.logger.debug("Could not find functions.yaml. Must use http discovery");
         }
         else {
-            logger_1.logger.debug("Unexpected error looking for backend.yaml file:", err);
+            logger_1.logger.debug("Unexpected error looking for functions.yaml file:", err);
         }
         return;
     }
-    logger_1.logger.debug("Found backend.yaml. Got spec:", text);
+    logger_1.logger.debug("Found functions.yaml. Got spec:", text);
     const parsed = yaml.load(text);
     return yamlToBackend(parsed, project, api.functionsDefaultRegion, runtime);
 }
@@ -54,7 +54,7 @@ async function detectFromPort(port, project, runtime, timeout = 30000) {
     });
     while (true) {
         try {
-            res = await Promise.race([(0, node_fetch_1.default)(`http://localhost:${port}/backend.yaml`), timedOut]);
+            res = await Promise.race([(0, node_fetch_1.default)(`http://localhost:${port}/__/functions.yaml`), timedOut]);
             break;
         }
         catch (err) {
@@ -65,7 +65,7 @@ async function detectFromPort(port, project, runtime, timeout = 30000) {
         }
     }
     const text = await res.text();
-    logger_1.logger.debug("Got response from /backend.yaml", text);
+    logger_1.logger.debug("Got response from /__/functions.yaml", text);
     let parsed;
     try {
         parsed = yaml.load(text);

package/lib/deploy/functions/runtimes/discovery/parsing.js

@@ -21,7 +21,7 @@ function assertKeyTypes(prefix, yaml, schema) {
         const key = keyAsString;
         const fullKey = prefix ? prefix + "." + key : key;
         if (!schema[key] || schema[key] === "omit") {
-            throw new error_1.FirebaseError(`Unexpected key ${fullKey}. You may need to install a newer version of the Firebase CLI`);
+            throw new error_1.FirebaseError(`Unexpected key ${fullKey}. You may need to install a newer version of the Firebase CLI.`);
         }
         if (schema[key] === "string") {
             if (typeof value !== "string") {

package/lib/deploy/functions/runtimes/discovery/v1alpha1.js

@@ -12,7 +12,7 @@ function backendFromV1Alpha1(yaml, project, region, runtime) {
     (0, parsing_1.requireKeys)("", manifest, "endpoints");
     (0, parsing_1.assertKeyTypes)("", manifest, {
         specVersion: "string",
-        requiredAPIs: "object",
+        requiredAPIs: "array",
         endpoints: "object",
     });
     for (const id of Object.keys(manifest.endpoints)) {
@@ -25,15 +25,14 @@ function backendFromV1Alpha1(yaml, project, region, runtime) {
 }
 exports.backendFromV1Alpha1 = backendFromV1Alpha1;
 function parseRequiredAPIs(manifest) {
-    const requiredAPIs = {};
-    if (typeof manifest !== "object" || Array.isArray(manifest)) {
-        throw new error_1.FirebaseError("Expected requiredApis to be a map of string to string");
-    }
-    for (const [api, reason] of Object.entries(manifest.requiredAPIs || {})) {
+    const requiredAPIs = manifest.requiredAPIs || [];
+    for (const { api, reason } of requiredAPIs) {
+        if (typeof api !== "string") {
+            throw new error_1.FirebaseError(`Invalid api "${JSON.stringify(api)}. Expected string`);
+        }
         if (typeof reason !== "string") {
             throw new error_1.FirebaseError(`Invalid reason "${JSON.stringify(reason)} for API ${api}. Expected string`);
         }
-        requiredAPIs[api] = reason;
     }
     return requiredAPIs;
 }
@@ -51,12 +50,13 @@ function parseEndpoints(manifest, id, project, defaultRegion, runtime) {
         concurrency: "number",
         serviceAccountEmail: "string",
         timeout: "string",
-        vpcConnector: "string",
-        vpcConnectorEgressSettings: "string",
+        vpc: "object",
         labels: "object",
         ingressSettings: "string",
         environmentVariables: "object",
+        secretEnvironmentVariables: "array",
         httpsTrigger: "object",
+        callableTrigger: "object",
         eventTrigger: "object",
         scheduleTrigger: "object",
         taskQueueTrigger: "object",
@@ -65,6 +65,9 @@ function parseEndpoints(manifest, id, project, defaultRegion, runtime) {
     if (ep.httpsTrigger) {
         triggerCount++;
     }
+    if (ep.callableTrigger) {
+        triggerCount++;
+    }
     if (ep.eventTrigger) {
         triggerCount++;
     }
@@ -75,7 +78,7 @@ function parseEndpoints(manifest, id, project, defaultRegion, runtime) {
         triggerCount++;
     }
     if (!triggerCount) {
-        throw new error_1.FirebaseError("Expected trigger in endpoint" + id);
+        throw new error_1.FirebaseError("Expected trigger in endpoint " + id);
     }
     if (triggerCount > 1) {
         throw new error_1.FirebaseError("Multiple triggers defined for endpoint" + id);
@@ -100,6 +103,9 @@ function parseEndpoints(manifest, id, project, defaultRegion, runtime) {
             triggered = { httpsTrigger: {} };
             (0, proto_1.copyIfPresent)(triggered.httpsTrigger, ep.httpsTrigger, "invoker");
         }
+        else if (backend.isCallableTriggered(ep)) {
+            triggered = { callableTrigger: {} };
+        }
         else if (backend.isScheduleTriggered(ep)) {
             (0, parsing_1.assertKeyTypes)(prefix + ".scheduleTrigger", ep.scheduleTrigger, {
                 schedule: "string",
@@ -148,7 +154,7 @@ function parseEndpoints(manifest, id, project, defaultRegion, runtime) {
             region,
             project,
             runtime, entryPoint: ep.entryPoint }, triggered);
-        (0, proto_1.copyIfPresent)(parsed, ep, "availableMemoryMb", "maxInstances", "minInstances", "concurrency", "serviceAccountEmail", "timeout", "vpcConnector", "vpcConnectorEgressSettings", "labels", "ingressSettings", "environmentVariables");
+        (0, proto_1.copyIfPresent)(parsed, ep, "availableMemoryMb", "maxInstances", "minInstances", "concurrency", "serviceAccountEmail", "timeout", "vpc", "labels", "ingressSettings", "environmentVariables");
         allParsed.push(parsed);
     }
     return allParsed;

package/lib/deploy/functions/runtimes/golang/index.js

@@ -71,7 +71,7 @@ class Delegate {
             },
             stdio: ["ignore", "pipe", "pipe"],
         });
-        if (genBinary.status != 0) {
+        if (genBinary.status !== 0) {
             throw new error_1.FirebaseError("Failed to run codegen", {
                 children: [new Error(genBinary.stderr.toString())],
             });
@@ -96,7 +96,7 @@ class Delegate {
                 childProcess.once("exit", resolve);
                 childProcess.once("error", reject);
             });
-            await (0, node_fetch_1.default)(`http://localhost:${adminPort}/quitquitquit`);
+            await (0, node_fetch_1.default)(`http://localhost:${adminPort}/__/quitquitquit`);
             setTimeout(() => {
                 if (!childProcess.killed) {
                     childProcess.kill("SIGKILL");

package/lib/deploy/functions/runtimes/node/index.js

@@ -4,6 +4,8 @@ exports.Delegate = exports.tryCreateDelegate = void 0;
 const util_1 = require("util");
 const fs = require("fs");
 const path = require("path");
+const spawn = require("cross-spawn");
+const node_fetch_1 = require("node-fetch");
 const error_1 = require("../../../../error");
 const parseRuntimeAndValidateSDK_1 = require("./parseRuntimeAndValidateSDK");
 const logger_1 = require("../../../../logger");
@@ -50,6 +52,30 @@ class Delegate {
     watch() {
         return Promise.resolve(() => Promise.resolve());
     }
+    serve(port, envs) {
+        var _a;
+        const childProcess = spawn("./node_modules/.bin/firebase-functions", [this.sourceDir], {
+            env: Object.assign(Object.assign({}, envs), { PORT: port.toString(), FUNCTIONS_CONTROL_API: "true", HOME: process.env.HOME, PATH: process.env.PATH }),
+            cwd: this.sourceDir,
+            stdio: ["ignore", "pipe", "inherit"],
+        });
+        (_a = childProcess.stdout) === null || _a === void 0 ? void 0 : _a.on("data", (chunk) => {
+            logger_1.logger.debug(chunk.toString());
+        });
+        return Promise.resolve(async () => {
+            const p = new Promise((resolve, reject) => {
+                childProcess.once("exit", resolve);
+                childProcess.once("error", reject);
+            });
+            await (0, node_fetch_1.default)(`http://localhost:${port}/__/quitquitquit`);
+            setTimeout(() => {
+                if (!childProcess.killed) {
+                    childProcess.kill("SIGKILL");
+                }
+            }, 10000);
+            return p;
+        });
+    }
     async discoverSpec(config, env) {
         return parseTriggers.discoverBackend(this.projectId, this.sourceDir, this.runtime, config, env);
     }

package/lib/deploy/functions/runtimes/node/parseRuntimeAndValidateSDK.js

@@ -46,11 +46,11 @@ function getRuntimeChoice(sourceDir, runtimeFromConfig) {
         ? exports.UNSUPPORTED_NODE_VERSION_FIREBASE_JSON_MSG
         : exports.UNSUPPORTED_NODE_VERSION_PACKAGE_JSON_MSG) + exports.DEPRECATED_NODE_VERSION_INFO;
     if (!runtime || !ENGINE_RUNTIMES_NAMES.includes(runtime)) {
-        track("functions_runtime_notices", "package_missing_runtime");
+        void track("functions_runtime_notices", "package_missing_runtime");
         throw new error_1.FirebaseError(errorMessage, { exit: 1 });
     }
     if (runtimes.isDeprecatedRuntime(runtime) || !runtimes.isValidRuntime(runtime)) {
-        track("functions_runtime_notices", `${runtime}_deploy_prohibited`);
+        void track("functions_runtime_notices", `${runtime}_deploy_prohibited`);
         throw new error_1.FirebaseError(errorMessage, { exit: 1 });
     }
     return runtime;

package/lib/deploy/functions/runtimes/node/parseTriggers.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = void 0;
+exports.addResourcesToBackend = exports.mergeRequiredAPIs = exports.discoverBackend = exports.useStrategy = void 0;
 const path = require("path");
 const _ = require("lodash");
 const child_process_1 = require("child_process");
@@ -58,17 +58,34 @@ async function discoverBackend(projectId, sourceDir, runtime, configValues, envs
     return want;
 }
 exports.discoverBackend = discoverBackend;
+function mergeRequiredAPIs(backend) {
+    const apiToReasons = {};
+    for (const { api, reason } of backend.requiredAPIs) {
+        const reasons = apiToReasons[api] || new Set();
+        reasons.add(reason);
+        apiToReasons[api] = reasons;
+    }
+    const merged = [];
+    for (const [api, reasons] of Object.entries(apiToReasons)) {
+        merged.push({ api, reason: Array.from(reasons).join(" ") });
+    }
+    backend.requiredAPIs = merged;
+}
+exports.mergeRequiredAPIs = mergeRequiredAPIs;
 function addResourcesToBackend(projectId, runtime, annotation, want) {
     Object.freeze(annotation);
     for (const region of annotation.regions || [api.functionsDefaultRegion]) {
         let triggered;
         const triggerCount = +!!annotation.httpsTrigger + +!!annotation.eventTrigger + +!!annotation.taskQueueTrigger;
-        if (triggerCount != 1) {
+        if (triggerCount !== 1) {
             throw new error_1.FirebaseError("Unexpected annotation generated by the Firebase Functions SDK. This should never happen.");
         }
         if (annotation.taskQueueTrigger) {
             triggered = { taskQueueTrigger: annotation.taskQueueTrigger };
-            want.requiredAPIs["cloudtasks"] = "cloudtasks.googleapis.com";
+            want.requiredAPIs.push({
+                api: "cloudtasks.googleapis.com",
+                reason: "Needed for task queue functions.",
+            });
         }
         else if (annotation.httpsTrigger) {
             const trigger = {};
@@ -79,8 +96,10 @@ function addResourcesToBackend(projectId, runtime, annotation, want) {
             triggered = { httpsTrigger: trigger };
         }
         else if (annotation.schedule) {
-            want.requiredAPIs["pubsub"] = "pubsub.googleapis.com";
-            want.requiredAPIs["scheduler"] = "cloudscheduler.googleapis.com";
+            want.requiredAPIs.push({
+                api: "cloudscheduler.googleapis.com",
+                reason: "Needed for scheduled functions.",
+            });
             triggered = { scheduleTrigger: annotation.schedule };
         }
         else {
@@ -105,11 +124,25 @@ function addResourcesToBackend(projectId, runtime, annotation, want) {
             if (maybeId && !maybeId.includes("/")) {
                 maybeId = `projects/${projectId}/locations/${region}/connectors/${maybeId}`;
             }
-            endpoint.vpcConnector = maybeId;
+            endpoint.vpc = { connector: maybeId };
+            proto.renameIfPresent(endpoint.vpc, annotation, "egressSettings", "vpcConnectorEgressSettings");
+        }
+        if (annotation.secrets) {
+            const secretEnvs = [];
+            for (const secret of annotation.secrets) {
+                const secretEnv = {
+                    secret,
+                    projectId,
+                    key: secret,
+                };
+                secretEnvs.push(secretEnv);
+            }
+            endpoint.secretEnvironmentVariables = secretEnvs;
         }
-        proto.copyIfPresent(endpoint, annotation, "concurrency", "serviceAccountEmail", "labels", "vpcConnectorEgressSettings", "ingressSettings", "timeout", "maxInstances", "minInstances", "availableMemoryMb");
+        proto.copyIfPresent(endpoint, annotation, "concurrency", "serviceAccountEmail", "labels", "ingressSettings", "timeout", "maxInstances", "minInstances", "availableMemoryMb");
         want.endpoints[region] = want.endpoints[region] || {};
         want.endpoints[region][endpoint.id] = endpoint;
+        mergeRequiredAPIs(want);
     }
 }
 exports.addResourcesToBackend = addResourcesToBackend;

package/lib/deploy/functions/runtimes/node/versioning.js

@@ -52,7 +52,7 @@ exports.getLatestSDKVersion = getLatestSDKVersion;
 function checkFunctionsSDKVersion(currentVersion) {
     try {
         if (semver.lt(currentVersion, MIN_SDK_VERSION)) {
-            track("functions_runtime_notices", "functions_sdk_too_old");
+            void track("functions_runtime_notices", "functions_sdk_too_old");
             utils.logWarning(exports.FUNCTIONS_SDK_VERSION_TOO_OLD_WARNING);
         }
         const latest = exports.getLatestSDKVersion();
@@ -63,7 +63,7 @@ function checkFunctionsSDKVersion(currentVersion) {
             return;
         }
         utils.logWarning(clc.bold.yellow("functions: ") +
-            "package.json indicates an outdated version of firebase-functions.\nPlease upgrade using " +
+            "package.json indicates an outdated version of firebase-functions. Please upgrade using " +
             clc.bold("npm install --save firebase-functions@latest") +
             " in your functions directory.");
         if (semver.major(currentVersion) < semver.major(latest)) {

package/lib/deploy/functions/validate.js

@@ -1,16 +1,20 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.functionIdsAreValid = exports.functionsDirectoryExists = exports.endpointsAreValid = void 0;
+exports.secretsAreValid = exports.functionIdsAreValid = exports.functionsDirectoryExists = exports.endpointsAreValid = void 0;
 const path = require("path");
 const clc = require("cli-color");
 const error_1 = require("../../error");
+const secretManager_1 = require("../../gcp/secretManager");
+const logger_1 = require("../../logger");
 const fsutils = require("../../fsutils");
 const backend = require("./backend");
+const utils = require("../../utils");
+const secrets = require("../../functions/secrets");
 function endpointsAreValid(wantBackend) {
     functionIdsAreValid(backend.allEndpoints(wantBackend));
     const gcfV1WithConcurrency = backend
         .allEndpoints(wantBackend)
-        .filter((endpoint) => (endpoint.concurrency || 1) != 1 && endpoint.platform == "gcfv1")
+        .filter((endpoint) => (endpoint.concurrency || 1) !== 1 && endpoint.platform === "gcfv1")
         .map((endpoint) => endpoint.id);
     if (gcfV1WithConcurrency.length) {
         const msg = `Cannot set concurrency on the functions ${gcfV1WithConcurrency.join(",")} because they are GCF gen 1`;
@@ -19,7 +23,7 @@ function endpointsAreValid(wantBackend) {
     const tooSmallForConcurrency = backend
         .allEndpoints(wantBackend)
         .filter((endpoint) => {
-        if ((endpoint.concurrency || 1) == 1) {
+        if ((endpoint.concurrency || 1) === 1) {
             return false;
         }
         const mem = endpoint.availableMemoryMb || backend.DEFAULT_MEMORY;
@@ -62,3 +66,54 @@ function functionIdsAreValid(functions) {
     }
 }
 exports.functionIdsAreValid = functionIdsAreValid;
+async function secretsAreValid(projectId, wantBackend) {
+    const endpoints = backend
+        .allEndpoints(wantBackend)
+        .filter((e) => e.secretEnvironmentVariables && e.secretEnvironmentVariables.length > 0);
+    validatePlatformTargets(endpoints);
+    await validateSecretVersions(projectId, endpoints);
+}
+exports.secretsAreValid = secretsAreValid;
+function validatePlatformTargets(endpoints) {
+    const supportedPlatforms = ["gcfv1"];
+    const unsupported = endpoints.filter((e) => !supportedPlatforms.includes(e.platform));
+    if (unsupported.length > 0) {
+        const errs = unsupported.map((e) => `${e.id}[platform=${e.platform}]`);
+        throw new error_1.FirebaseError(`Tried to set secret environment variables on ${errs.join(", ")}. ` +
+            `Only ${supportedPlatforms.join(", ")} support secret environments.`);
+    }
+}
+async function validateSecretVersions(projectId, endpoints) {
+    const toResolve = new Set();
+    for (const s of secrets.of(endpoints)) {
+        toResolve.add(s.secret);
+    }
+    const results = await utils.allSettled(Array.from(toResolve).map(async (secret) => {
+        const sv = await (0, secretManager_1.getSecretVersion)(projectId, secret, "latest");
+        logger_1.logger.debug(`Resolved secret version of ${clc.bold(secret)} to ${clc.bold(sv.versionId)}.`);
+        return sv;
+    }));
+    const secretVersions = {};
+    const errs = [];
+    for (const result of results) {
+        if (result.status === "fulfilled") {
+            const sv = result.value;
+            if (sv.state !== "ENABLED") {
+                errs.push(new error_1.FirebaseError(`Expected secret ${sv.secret.name}@${sv.versionId} to be in state ENABLED not ${sv.state}.`));
+            }
+            secretVersions[sv.secret.name] = sv;
+        }
+        else {
+            errs.push(new error_1.FirebaseError(result.reason.message));
+        }
+    }
+    if (errs.length) {
+        throw new error_1.FirebaseError("Failed to validate secret versions", { children: errs });
+    }
+    for (const s of secrets.of(endpoints)) {
+        s.version = secretVersions[s.secret].versionId;
+        if (!s.version) {
+            throw new error_1.FirebaseError("Secret version is unexpectedly undefined. This should never happen.");
+        }
+    }
+}