firebase-tools 10.3.1 → 10.4.2

package/lib/emulator/functionsEmulatorShared.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getSecretLocalPath = exports.getSignatureType = exports.formatHost = exports.findModuleRoot = exports.waitForBody = exports.getServiceFromEventType = exports.getFunctionService = exports.getTemporarySocketPath = exports.getEmulatedTriggersFromDefinitions = exports.emulatedFunctionsByRegion = exports.emulatedFunctionsFromEndpoints = exports.EmulatedTrigger = exports.HttpConstants = void 0;
+exports.toBackendInfo = exports.getSecretLocalPath = exports.getSignatureType = exports.formatHost = exports.findModuleRoot = exports.waitForBody = exports.getServiceFromEventType = exports.getFunctionService = exports.getTemporarySocketPath = exports.getEmulatedTriggersFromDefinitions = exports.emulatedFunctionsByRegion = exports.emulatedFunctionsFromEndpoints = exports.EmulatedTrigger = exports.HttpConstants = void 0;
 const _ = require("lodash");
 const os = require("os");
 const path = require("path");
@@ -10,6 +10,7 @@ const constants_1 = require("./constants");
 const proto_1 = require("../gcp/proto");
 const logger_1 = require("../logger");
 const manifest_1 = require("../extensions/manifest");
+const extensionsHelper_1 = require("../extensions/extensionsHelper");
 const memoryLookup = {
     "128MB": 128,
     "256MB": 256,
@@ -65,6 +66,10 @@ function emulatedFunctionsFromEndpoints(endpoints) {
         if (backend.isHttpsTriggered(endpoint)) {
             def.httpsTrigger = endpoint.httpsTrigger;
         }
+        else if (backend.isCallableTriggered(endpoint)) {
+            def.httpsTrigger = {};
+            def.labels = Object.assign(Object.assign({}, def.labels), { "deployment-callable": "true" });
+        }
         else if (backend.isEventTriggered(endpoint)) {
             const eventTrigger = endpoint.eventTrigger;
             if (endpoint.platform === "gcfv1") {
@@ -238,3 +243,28 @@ function getSecretLocalPath(backend, projectDir) {
     return path.join(secretDirectory, secretsFile);
 }
 exports.getSecretLocalPath = getSecretLocalPath;
+function toBackendInfo(e, cf3Triggers) {
+    var _a;
+    const envWithSecrets = Object.assign({}, e.env);
+    for (const s of e.secretEnv) {
+        envWithSecrets[s.key] = backend.secretVersionName(s);
+    }
+    let extensionVersion = e.extensionVersion;
+    if (extensionVersion) {
+        extensionVersion = (0, extensionsHelper_1.substituteParams)(extensionVersion, e.env);
+    }
+    let extensionSpec = e.extensionSpec;
+    if (extensionSpec) {
+        extensionSpec = (0, extensionsHelper_1.substituteParams)(extensionSpec, e.env);
+    }
+    return JSON.parse(JSON.stringify({
+        directory: e.functionsDir,
+        env: envWithSecrets,
+        extensionInstanceId: e.extensionInstanceId,
+        extension: e.extension,
+        extensionVersion: extensionVersion,
+        extensionSpec: extensionSpec,
+        functionTriggers: (_a = e.predefinedTriggers) !== null && _a !== void 0 ? _a : cf3Triggers,
+    }));
+}
+exports.toBackendInfo = toBackendInfo;

package/lib/emulator/storage/apis/firebase.js

@@ -52,8 +52,10 @@ function createFirebaseEndpoints(emulator) {
             next();
         });
     }
-    firebaseStorageAPI.use((req, res, next) => {
-        if (!emulator.rules) {
+    firebaseStorageAPI.use(/.*\/b\/(.+?)\/.*/, (req, res, next) => {
+        const bucketId = req.params[0];
+        storageLayer.createBucket(bucketId);
+        if (!emulator.rulesManager.getRuleset(bucketId)) {
             emulatorLogger_1.EmulatorLogger.forEmulator(types_1.Emulators.STORAGE).log("WARN", "Permission denied because no Storage ruleset is currently loaded, check your rules for syntax errors.");
             return res.status(403).json({
                 error: {
@@ -64,10 +66,6 @@ function createFirebaseEndpoints(emulator) {
         }
         next();
     });
-    firebaseStorageAPI.use(/.*\/b\/(.+?)\/.*/, (req, res, next) => {
-        storageLayer.createBucket(req.params[0]);
-        next();
-    });
     firebaseStorageAPI.get("/b/:bucketId/o/:objectId", async (req, res) => {
         var _a;
         let metadata;

package/lib/emulator/storage/files.js

@@ -72,7 +72,7 @@ class StorageLayer {
         const hasValidDownloadToken = ((metadata === null || metadata === void 0 ? void 0 : metadata.downloadTokens) || []).includes((_a = request.downloadToken) !== null && _a !== void 0 ? _a : "");
         let authorized = skipAuth || hasValidDownloadToken;
         if (!authorized) {
-            authorized = await this._rulesValidator.validate(["b", request.bucketId, "o", request.decodedObjectId].join("/"), types_1.RulesetOperationMethod.GET, { before: metadata === null || metadata === void 0 ? void 0 : metadata.asRulesResource() }, request.authorization);
+            authorized = await this._rulesValidator.validate(["b", request.bucketId, "o", request.decodedObjectId].join("/"), request.bucketId, types_1.RulesetOperationMethod.GET, { before: metadata === null || metadata === void 0 ? void 0 : metadata.asRulesResource() }, request.authorization);
         }
         if (!authorized) {
             throw new errors_1.ForbiddenError("Failed auth");
@@ -102,7 +102,7 @@ class StorageLayer {
     async handleDeleteObject(request, skipAuth = false) {
         const storedMetadata = this.getMetadata(request.bucketId, request.decodedObjectId);
         const authorized = skipAuth ||
-            (await this._rulesValidator.validate(["b", request.bucketId, "o", request.decodedObjectId].join("/"), types_1.RulesetOperationMethod.DELETE, { before: storedMetadata === null || storedMetadata === void 0 ? void 0 : storedMetadata.asRulesResource() }, request.authorization));
+            (await this._rulesValidator.validate(["b", request.bucketId, "o", request.decodedObjectId].join("/"), request.bucketId, types_1.RulesetOperationMethod.DELETE, { before: storedMetadata === null || storedMetadata === void 0 ? void 0 : storedMetadata.asRulesResource() }, request.authorization));
         if (!authorized) {
             throw new errors_1.ForbiddenError();
         }
@@ -134,7 +134,7 @@ class StorageLayer {
     async handleUpdateObjectMetadata(request, skipAuth = false) {
         const storedMetadata = this.getMetadata(request.bucketId, request.decodedObjectId);
         const authorized = skipAuth ||
-            (await this._rulesValidator.validate(["b", request.bucketId, "o", request.decodedObjectId].join("/"), types_1.RulesetOperationMethod.UPDATE, {
+            (await this._rulesValidator.validate(["b", request.bucketId, "o", request.decodedObjectId].join("/"), request.bucketId, types_1.RulesetOperationMethod.UPDATE, {
                 before: storedMetadata === null || storedMetadata === void 0 ? void 0 : storedMetadata.asRulesResource(),
                 after: storedMetadata === null || storedMetadata === void 0 ? void 0 : storedMetadata.asRulesResource(request.metadata),
             }, request.authorization));
@@ -163,7 +163,7 @@ class StorageLayer {
             customMetadata: upload.metadata.metadata,
         }, this._cloudFunctions, this._persistence.readBytes(upload.path, upload.size));
         const authorized = skipAuth ||
-            (await this._rulesValidator.validate(["b", upload.bucketId, "o", upload.objectId].join("/"), types_1.RulesetOperationMethod.CREATE, { after: metadata === null || metadata === void 0 ? void 0 : metadata.asRulesResource() }, upload.authorization));
+            (await this._rulesValidator.validate(["b", upload.bucketId, "o", upload.objectId].join("/"), upload.bucketId, types_1.RulesetOperationMethod.CREATE, { after: metadata === null || metadata === void 0 ? void 0 : metadata.asRulesResource() }, upload.authorization));
         if (!authorized) {
             this._persistence.deleteFile(upload.path);
             throw new errors_1.ForbiddenError();
@@ -210,7 +210,7 @@ class StorageLayer {
     async handleListObjects(request, skipAuth = false) {
         var _a, _b, _c;
         const authorized = skipAuth ||
-            (await this._rulesValidator.validate(["b", request.bucketId, "o", request.prefix].join("/"), types_1.RulesetOperationMethod.LIST, {}, request.authorization));
+            (await this._rulesValidator.validate(["b", request.bucketId, "o", request.prefix].join("/"), request.bucketId, types_1.RulesetOperationMethod.LIST, {}, request.authorization));
         if (!authorized) {
             throw new errors_1.ForbiddenError();
         }

package/lib/emulator/storage/index.js

@@ -18,9 +18,9 @@ class StorageEmulator {
         this.args = args;
         this._logger = emulatorLogger_1.EmulatorLogger.forEmulator(types_1.Emulators.STORAGE);
         this._rulesRuntime = new runtime_1.StorageRulesRuntime();
-        this._rulesManager = new manager_1.StorageRulesManager(this._rulesRuntime);
+        this._rulesManager = (0, manager_1.createStorageRulesManager)(this.args.rules, this._rulesRuntime);
         this._persistence = new persistence_1.Persistence(this.getPersistenceTmpDir());
-        this._storageLayer = new files_1.StorageLayer(args.projectId, (0, utils_1.getRulesValidator)(() => this.rules), (0, utils_1.getAdminCredentialValidator)(), this._persistence);
+        this._storageLayer = new files_1.StorageLayer(args.projectId, (0, utils_1.getRulesValidator)((resource) => this._rulesManager.getRuleset(resource)), (0, utils_1.getAdminCredentialValidator)(), this._persistence);
         this._uploadService = new upload_1.UploadService(this._persistence);
     }
     get storageLayer() {
@@ -29,8 +29,8 @@ class StorageEmulator {
     get uploadService() {
         return this._uploadService;
     }
-    get rules() {
-        return this._rulesManager.ruleset;
+    get rulesManager() {
+        return this._rulesManager;
     }
     get logger() {
         return this._logger;
@@ -43,19 +43,16 @@ class StorageEmulator {
     async start() {
         const { host, port } = this.getInfo();
         await this._rulesRuntime.start(this.args.auto_download);
-        await this._rulesManager.setSourceFile(this.args.rules[0].rules);
+        await this._rulesManager.start();
         this._app = await (0, server_1.createApp)(this.args.projectId, this);
         const server = this._app.listen(port, host);
         this.destroyServer = utils.createDestroyer(server);
     }
     async connect() {
     }
-    async setRules(rules) {
-        return this._rulesManager.setSourceFile(rules);
-    }
     async stop() {
         await this._persistence.deleteAll();
-        await this._rulesManager.close();
+        await this._rulesManager.stop();
         return this.destroyServer ? this.destroyServer() : Promise.resolve();
     }
     getInfo() {

package/lib/emulator/storage/rules/config.js

@@ -2,8 +2,10 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getStorageRulesConfig = void 0;
 const error_1 = require("../../../error");
-function getAbsoluteRulesPath(rules, options) {
-    return options.config.path(rules);
+const fsutils_1 = require("../../../fsutils");
+function getSourceFile(rules, options) {
+    const path = options.config.path(rules);
+    return { name: path, content: (0, fsutils_1.readFile)(path) };
 }
 function getStorageRulesConfig(projectId, options) {
     const storageConfig = options.config.data.storage;
@@ -14,8 +16,7 @@ function getStorageRulesConfig(projectId, options) {
         if (!storageConfig.rules) {
             throw new error_1.FirebaseError("Cannot start the Storage emulator without rules file specified in firebase.json: run 'firebase init' and set up your Storage configuration");
         }
-        const resource = "default";
-        return [{ resource, rules: getAbsoluteRulesPath(storageConfig.rules, options) }];
+        return getSourceFile(storageConfig.rules, options);
     }
     const results = [];
     const { rc } = options;
@@ -25,7 +26,7 @@ function getStorageRulesConfig(projectId, options) {
         }
         rc.requireTarget(projectId, "storage", targetConfig.target);
         rc.target(projectId, "storage", targetConfig.target).forEach((resource) => {
-            results.push({ resource, rules: getAbsoluteRulesPath(targetConfig.rules, options) });
+            results.push({ resource, rules: getSourceFile(targetConfig.rules, options) });
         });
     }
     return results;

package/lib/emulator/storage/rules/manager.js

@@ -1,39 +1,37 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.StorageRulesManager = void 0;
+exports.createStorageRulesManager = void 0;
 const chokidar = require("chokidar");
-const fs = require("fs");
 const emulatorLogger_1 = require("../../emulatorLogger");
 const types_1 = require("../../types");
-const error_1 = require("../../../error");
-class StorageRulesManager {
-    constructor(_runtime) {
+const runtime_1 = require("./runtime");
+function createStorageRulesManager(rules, runtime) {
+    return Array.isArray(rules)
+        ? new ResourceBasedStorageRulesManager(rules, runtime)
+        : new DefaultStorageRulesManager(rules, runtime);
+}
+exports.createStorageRulesManager = createStorageRulesManager;
+class DefaultStorageRulesManager {
+    constructor(_rules, _runtime) {
         this._runtime = _runtime;
         this._watcher = new chokidar.FSWatcher();
         this._logger = emulatorLogger_1.EmulatorLogger.forEmulator(types_1.Emulators.STORAGE);
+        this._rules = _rules;
+    }
+    start() {
+        return this.updateSourceFile(this._rules);
     }
-    get ruleset() {
+    getRuleset() {
         return this._ruleset;
     }
-    async setSourceFile(rules) {
-        var _a;
-        const prevRulesFile = (_a = this._sourceFile) === null || _a === void 0 ? void 0 : _a.name;
-        let rulesFile;
-        if (typeof rules === "string") {
-            this._sourceFile = { name: rules, content: readSourceFile(rules) };
-            rulesFile = rules;
-        }
-        else {
-            this._sourceFile = rules;
-            rulesFile = rules.name;
-        }
+    async updateSourceFile(rules) {
+        const prevRulesFile = this._rules.name;
+        this._rules = rules;
         const issues = await this.loadRuleset();
-        this.updateWatcher(rulesFile, prevRulesFile);
+        this.updateWatcher(rules.name, prevRulesFile);
         return issues;
     }
-    async close() {
-        delete this._sourceFile;
-        delete this._ruleset;
+    async stop() {
         await this._watcher.close();
     }
     updateWatcher(rulesFile, prevRulesFile) {
@@ -49,12 +47,11 @@ class StorageRulesManager {
         });
     }
     async loadRuleset() {
-        const { ruleset, issues } = await this._runtime.loadRuleset({ files: [this._sourceFile] });
+        const { ruleset, issues } = await this._runtime.loadRuleset({ files: [this._rules] });
         if (ruleset) {
             this._ruleset = ruleset;
             return issues;
         }
-        delete this._ruleset;
         issues.all.forEach((issue) => {
             try {
                 const parsedIssue = JSON.parse(issue);
@@ -67,15 +64,35 @@ class StorageRulesManager {
         return issues;
     }
 }
-exports.StorageRulesManager = StorageRulesManager;
-function readSourceFile(fileName) {
-    try {
-        return fs.readFileSync(fileName).toString();
+class ResourceBasedStorageRulesManager {
+    constructor(_rulesConfig, _runtime) {
+        this._runtime = _runtime;
+        this._rulesManagers = new Map();
+        for (const { resource, rules } of _rulesConfig) {
+            this.createRulesManager(resource, rules);
+        }
     }
-    catch (error) {
-        if (error.code === "ENOENT") {
-            throw new error_1.FirebaseError(`File not found: ${fileName}`);
+    async start() {
+        const allIssues = new runtime_1.StorageRulesIssues();
+        for (const rulesManager of this._rulesManagers.values()) {
+            allIssues.extend(await rulesManager.start());
         }
-        throw error;
+        return allIssues;
+    }
+    getRuleset(resource) {
+        var _a;
+        return (_a = this._rulesManagers.get(resource)) === null || _a === void 0 ? void 0 : _a.getRuleset();
+    }
+    updateSourceFile(rules, resource) {
+        const rulesManager = this._rulesManagers.get(resource) || this.createRulesManager(resource, rules);
+        return rulesManager.updateSourceFile(rules);
+    }
+    async stop() {
+        await Promise.all(Array.from(this._rulesManagers.values(), async (rulesManager) => await rulesManager.stop()));
+    }
+    createRulesManager(resource, rules) {
+        const rulesManager = new DefaultStorageRulesManager(rules, this._runtime);
+        this._rulesManagers.set(resource, rulesManager);
+        return rulesManager;
     }
 }

package/lib/emulator/storage/rules/runtime.js

@@ -49,6 +49,10 @@ class StorageRulesIssues {
     exist() {
         return !!(this.errors.length || this.warnings.length);
     }
+    extend(other) {
+        this.errors.push(...other.errors);
+        this.warnings.push(...other.warnings);
+    }
 }
 exports.StorageRulesIssues = StorageRulesIssues;
 class StorageRulesRuntime {

package/lib/emulator/storage/rules/utils.js

@@ -5,9 +5,9 @@ const emulatorLogger_1 = require("../../emulatorLogger");
 const types_1 = require("../../types");
 function getRulesValidator(rulesetProvider) {
     return {
-        validate: async (path, method, variableOverrides, authorization) => {
+        validate: async (path, bucketId, method, variableOverrides, authorization) => {
             return await isPermitted({
-                ruleset: rulesetProvider(),
+                ruleset: rulesetProvider(bucketId),
                 file: variableOverrides,
                 path,
                 method,

package/lib/emulator/storage/server.js

@@ -58,7 +58,7 @@ function createApp(defaultProjectId, emulator) {
         }
         const name = file.name;
         const content = file.content;
-        const issues = await emulator.setRules({ name, content });
+        const issues = await emulator.rulesManager.updateSourceFile({ name, content }, req.params.bucketId);
         if (issues.errors.length > 0) {
             res.status(400).json({
                 message: "There was an error updating rules, see logs for more details",

package/lib/extensions/askUserForParam.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getInquirerDefault = exports.promptCreateSecret = exports.askForParam = exports.ask = exports.checkResponse = void 0;
+exports.getInquirerDefault = exports.promptCreateSecret = exports.askForParam = exports.ask = exports.checkResponse = exports.SecretLocation = void 0;
 const _ = require("lodash");
 const clc = require("cli-color");
 const { marked } = require("marked");
@@ -12,10 +12,16 @@ const utils_1 = require("./utils");
 const logger_1 = require("../logger");
 const prompt_1 = require("../prompt");
 const utils = require("../utils");
+const projectUtils_1 = require("../projectUtils");
+var SecretLocation;
+(function (SecretLocation) {
+    SecretLocation[SecretLocation["CLOUD"] = 1] = "CLOUD";
+    SecretLocation[SecretLocation["LOCAL"] = 2] = "LOCAL";
+})(SecretLocation = exports.SecretLocation || (exports.SecretLocation = {}));
 var SecretUpdateAction;
 (function (SecretUpdateAction) {
-    SecretUpdateAction[SecretUpdateAction["LEAVE"] = 0] = "LEAVE";
-    SecretUpdateAction[SecretUpdateAction["SET_NEW"] = 1] = "SET_NEW";
+    SecretUpdateAction[SecretUpdateAction["LEAVE"] = 1] = "LEAVE";
+    SecretUpdateAction[SecretUpdateAction["SET_NEW"] = 2] = "SET_NEW";
 })(SecretUpdateAction || (SecretUpdateAction = {}));
 function checkResponse(response, spec) {
     let valid = true;
@@ -55,21 +61,21 @@ function checkResponse(response, spec) {
     return valid;
 }
 exports.checkResponse = checkResponse;
-async function ask(projectId, instanceId, paramSpecs, firebaseProjectParams, reconfiguring) {
-    if (_.isEmpty(paramSpecs)) {
+async function ask(args) {
+    if (_.isEmpty(args.paramSpecs)) {
         logger_1.logger.debug("No params were specified for this extension.");
         return {};
     }
     utils.logLabeledBullet(extensionsHelper_1.logPrefix, "answer the questions below to configure your extension:");
-    const substituted = (0, extensionsHelper_1.substituteParams)(paramSpecs, firebaseProjectParams);
+    const substituted = (0, extensionsHelper_1.substituteParams)(args.paramSpecs, args.firebaseProjectParams);
     const result = {};
     const promises = _.map(substituted, (paramSpec) => {
         return async () => {
             result[paramSpec.param] = await askForParam({
-                projectId,
-                instanceId,
-                paramSpec,
-                reconfiguring,
+                projectId: args.projectId,
+                instanceId: args.instanceId,
+                paramSpec: paramSpec,
+                reconfiguring: args.reconfiguring,
             });
         };
     });
@@ -82,6 +88,8 @@ async function askForParam(args) {
     const paramSpec = args.paramSpec;
     let valid = false;
     let response = "";
+    let responseForLocal;
+    let secretLocations = [];
     const description = paramSpec.description || "";
     const label = paramSpec.label.trim();
     logger_1.logger.info(`\n${clc.bold(label)}${clc.bold(paramSpec.required ? "" : " (Optional)")}: ${marked(description).trim()}`);
@@ -116,16 +124,24 @@ async function askForParam(args) {
                         }
                     },
                     message: "Which options do you want enabled for this parameter? " +
-                        "Press Space to select, then Enter to confirm your choices. " +
-                        "You may select multiple options.",
+                        "Press Space to select, then Enter to confirm your choices. ",
                     choices: (0, utils_1.convertExtensionOptionToLabeledList)(paramSpec.options),
                 });
                 valid = checkResponse(response, paramSpec);
                 break;
             case extensionsApi_1.ParamType.SECRET:
-                response = args.reconfiguring
-                    ? await promptReconfigureSecret(args.projectId, args.instanceId, paramSpec)
-                    : await promptCreateSecret(args.projectId, args.instanceId, paramSpec);
+                do {
+                    secretLocations = await promptSecretLocations(paramSpec);
+                } while (!isValidSecretLocations(secretLocations, paramSpec));
+                if (secretLocations.includes(SecretLocation.CLOUD.toString())) {
+                    const projectId = (0, projectUtils_1.needProjectId)({ projectId: args.projectId });
+                    response = args.reconfiguring
+                        ? await promptReconfigureSecret(projectId, args.instanceId, paramSpec)
+                        : await promptCreateSecret(projectId, args.instanceId, paramSpec);
+                }
+                if (secretLocations.includes(SecretLocation.LOCAL.toString())) {
+                    responseForLocal = await promptLocalSecret(args.instanceId, paramSpec);
+                }
                 valid = true;
                 break;
             default:
@@ -138,9 +154,64 @@ async function askForParam(args) {
                 valid = checkResponse(response, paramSpec);
         }
     }
-    return { baseValue: response };
+    return Object.assign({ baseValue: response }, (responseForLocal ? { local: responseForLocal } : {}));
 }
 exports.askForParam = askForParam;
+function isValidSecretLocations(secretLocations, paramSpec) {
+    if (paramSpec.required) {
+        return !!secretLocations.length;
+    }
+    return true;
+}
+async function promptSecretLocations(paramSpec) {
+    if (paramSpec.required) {
+        return await (0, prompt_1.promptOnce)({
+            name: "input",
+            type: "checkbox",
+            message: "Where would you like to store your secrets? You must select at least one value",
+            choices: [
+                {
+                    checked: true,
+                    name: "Google Cloud Secret Manager",
+                    value: SecretLocation.CLOUD.toString(),
+                },
+                {
+                    checked: false,
+                    name: "Local file (Only used by Firebase Emulator)",
+                    value: SecretLocation.LOCAL.toString(),
+                },
+            ],
+        });
+    }
+    return await (0, prompt_1.promptOnce)({
+        name: "input",
+        type: "checkbox",
+        message: "Where would you like to store your secrets? " +
+            "If you don't want to set this optional secret, leave both options unselected to skip it",
+        choices: [
+            {
+                checked: false,
+                name: "Google Cloud Secret Manager",
+                value: SecretLocation.CLOUD.toString(),
+            },
+            {
+                checked: false,
+                name: "Local file (Only used by Firebase Emulator)",
+                value: SecretLocation.LOCAL.toString(),
+            },
+        ],
+    });
+}
+async function promptLocalSecret(instanceId, paramSpec) {
+    utils.logLabeledBullet(extensionsHelper_1.logPrefix, "Configure a local secret value for Extensions Emulator");
+    const value = await (0, prompt_1.promptOnce)({
+        name: paramSpec.param,
+        type: "input",
+        message: `This secret will be stored in ./extensions/${instanceId}.secret.local.\n` +
+            `Enter value for "${paramSpec.label.trim()}" to be used by Extensions Emulator:`,
+    });
+    return value;
+}
 async function promptReconfigureSecret(projectId, instanceId, paramSpec) {
     const action = await (0, prompt_1.promptOnce)({
         type: "list",

package/lib/extensions/extensionsHelper.js

@@ -80,6 +80,9 @@ function getDBInstanceFromURL(databaseUrl = "") {
 exports.getDBInstanceFromURL = getDBInstanceFromURL;
 async function getFirebaseProjectParams(projectId, emulatorMode = false) {
     var _a, _b;
+    if (!projectId) {
+        return {};
+    }
     const body = emulatorMode
         ? await (0, adminSdkConfig_1.getProjectAdminSdkConfigOrCached)(projectId)
         : await (0, functionsConfig_1.getFirebaseConfig)({ project: projectId });
@@ -263,7 +266,10 @@ async function promptForValidInstanceId(instanceId) {
 }
 exports.promptForValidInstanceId = promptForValidInstanceId;
 async function ensureExtensionsApiEnabled(options) {
-    const projectId = (0, projectUtils_1.needProjectId)(options);
+    const projectId = (0, projectUtils_1.getProjectId)(options);
+    if (!projectId) {
+        return;
+    }
     return await (0, ensureApiEnabled_1.ensure)(projectId, "firebaseextensions.googleapis.com", "extensions", options.markdown);
 }
 exports.ensureExtensionsApiEnabled = ensureExtensionsApiEnabled;
@@ -519,7 +525,10 @@ async function confirm(args) {
 }
 exports.confirm = confirm;
 async function diagnoseAndFixProject(options) {
-    const projectId = (0, projectUtils_1.needProjectId)(options);
+    const projectId = (0, projectUtils_1.getProjectId)(options);
+    if (!projectId) {
+        return;
+    }
     const ok = await (0, diagnose_1.diagnose)(projectId);
     if (!ok) {
         throw new error_1.FirebaseError("Unable to proceed until all issues are resolved.");

package/lib/extensions/manifest.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.showPreviewWarning = exports.showDeprecationWarning = exports.readInstanceParam = exports.getInstanceRef = exports.instanceExists = exports.loadConfig = exports.removeFromManifest = exports.writeToManifest = exports.ENV_DIRECTORY = void 0;
+exports.showPreviewWarning = exports.showDeprecationWarning = exports.readInstanceParam = exports.getInstanceRef = exports.instanceExists = exports.loadConfig = exports.removeFromManifest = exports.writeLocalSecrets = exports.writeToManifest = exports.ENV_DIRECTORY = void 0;
 const clc = require("cli-color");
 const path = require("path");
 const refs = require("./refs");
@@ -11,6 +11,7 @@ const paramHelper_1 = require("./paramHelper");
 const error_1 = require("../error");
 const utils = require("../utils");
 const extensionsHelper_1 = require("./extensionsHelper");
+const extensionsApi_1 = require("./extensionsApi");
 exports.ENV_DIRECTORY = "extensions";
 async function writeToManifest(specs, config, options, allowOverwrite = false) {
     if (config.has("extensions") &&
@@ -36,8 +37,33 @@ async function writeToManifest(specs, config, options, allowOverwrite = false) {
     }
     writeExtensionsToFirebaseJson(specs, config);
     await writeEnvFiles(specs, config, options.force);
+    await writeLocalSecrets(specs, config, options.force);
 }
 exports.writeToManifest = writeToManifest;
+async function writeLocalSecrets(specs, config, force) {
+    for (const spec of specs) {
+        if (!spec.paramSpecs) {
+            continue;
+        }
+        const writeBuffer = {};
+        const locallyOverridenSecretParams = spec.paramSpecs.filter((p) => p.type === extensionsApi_1.ParamType.SECRET && spec.params[p.param].local);
+        for (const paramSpec of locallyOverridenSecretParams) {
+            const key = paramSpec.param;
+            const localValue = spec.params[key].local;
+            writeBuffer[key] = localValue;
+        }
+        const content = Object.entries(writeBuffer)
+            .sort((a, b) => {
+            return a[0].localeCompare(b[0]);
+        })
+            .map((r) => `${r[0]}=${r[1]}`)
+            .join("\n");
+        if (content) {
+            await config.askWriteProjectFile(`extensions/${spec.instanceId}.secret.local`, content, force);
+        }
+    }
+}
+exports.writeLocalSecrets = writeLocalSecrets;
 function removeFromManifest(instanceId, config) {
     if (!instanceExists(instanceId, config)) {
         throw new error_1.FirebaseError(`Extension instance ${instanceId} not found in firebase.json.`);
@@ -49,8 +75,14 @@ function removeFromManifest(instanceId, config) {
     logger_1.logger.info(`Removed extension instance ${instanceId} from firebase.json`);
     config.deleteProjectFile(`extensions/${instanceId}.env`);
     logger_1.logger.info(`Removed extension instance environment config extensions/${instanceId}.env`);
-    config.deleteProjectFile(`extensions/${instanceId}.env.local`);
-    logger_1.logger.info(`Removed extension instance environment config extensions/${instanceId}.env.local`);
+    if (config.projectFileExists(`extensions/${instanceId}.env.local`)) {
+        config.deleteProjectFile(`extensions/${instanceId}.env.local`);
+        logger_1.logger.info(`Removed extension instance local environment config extensions/${instanceId}.env.local`);
+    }
+    if (config.projectFileExists(`extensions/${instanceId}.secret.local`)) {
+        config.deleteProjectFile(`extensions/${instanceId}.secret.local`);
+        logger_1.logger.info(`Removed extension instance local secret config extensions/${instanceId}.secret.local`);
+    }
 }
 exports.removeFromManifest = removeFromManifest;
 function loadConfig(options) {
@@ -88,7 +120,7 @@ async function writeEnvFiles(specs, config, force) {
             .sort((a, b) => {
             return a[0].localeCompare(b[0]);
         })
-            .map((r) => `${r[0]}=${r[1]}`)
+            .map((r) => `${r[0]}=${r[1].baseValue}`)
             .join("\n");
         await config.askWriteProjectFile(`extensions/${spec.instanceId}.env`, content, force);
     }