firebase-tools 10.5.0 → 10.6.0

package/lib/functions/secrets.js

@@ -1,11 +1,17 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.pruneSecrets = exports.of = exports.ensureSecret = exports.ensureValidKey = exports.labels = exports.isFirebaseManaged = void 0;
+exports.updateEndpointSecret = exports.pruneAndDestroySecrets = exports.pruneSecrets = exports.inUse = exports.of = exports.ensureSecret = exports.ensureValidKey = exports.labels = exports.isFirebaseManaged = void 0;
+const utils = require("../utils");
+const poller = require("../operation-poller");
+const gcf = require("../gcp/cloudfunctions");
 const secretManager_1 = require("../gcp/secretManager");
 const error_1 = require("../error");
 const utils_1 = require("../utils");
 const prompt_1 = require("../prompt");
 const env_1 = require("./env");
+const logger_1 = require("../logger");
+const api_1 = require("../api");
+const functional_1 = require("../functional");
 const FIREBASE_MANGED = "firebase-managed";
 function isFirebaseManaged(secret) {
     return Object.keys(secret.labels || []).includes(FIREBASE_MANGED);
@@ -17,8 +23,7 @@ function labels() {
 exports.labels = labels;
 function toUpperSnakeCase(key) {
     return key
-        .replace("-", "_")
-        .replace(".", "_")
+        .replace(/[.-]/g, "_")
         .replace(/([a-z])([A-Z])/g, "$1_$2")
         .toUpperCase();
 }
@@ -80,19 +85,40 @@ function of(endpoints) {
     return endpoints.reduce((envs, endpoint) => [...envs, ...(endpoint.secretEnvironmentVariables || [])], []);
 }
 exports.of = of;
+function inUse(projectInfo, secret, endpoint) {
+    const { projectId, projectNumber } = projectInfo;
+    for (const sev of of([endpoint])) {
+        if ((sev.projectId === projectId || sev.projectId === projectNumber) &&
+            sev.secret === secret.name) {
+            return true;
+        }
+    }
+    return false;
+}
+exports.inUse = inUse;
 async function pruneSecrets(projectInfo, endpoints) {
     const { projectId, projectNumber } = projectInfo;
     const pruneKey = (name, version) => `${name}@${version}`;
     const prunedSecrets = new Set();
     const haveSecrets = await (0, secretManager_1.listSecrets)(projectId, `labels.${FIREBASE_MANGED}=true`);
     for (const secret of haveSecrets) {
-        const versions = await (0, secretManager_1.listSecretVersions)(projectId, secret.name, `state: ENABLED`);
+        const versions = await (0, secretManager_1.listSecretVersions)(projectId, secret.name, `NOT state: DESTROYED`);
         for (const version of versions) {
             prunedSecrets.add(pruneKey(secret.name, version.versionId));
         }
     }
-    const sevs = of(endpoints).filter((sev) => sev.projectId === projectId || sev.projectId === projectNumber);
-    for (const sev of sevs) {
+    const secrets = [];
+    for (const secret of of(endpoints)) {
+        if (!secret.version) {
+            throw new error_1.FirebaseError(`Secret ${secret.secret} version is unexpectedly empty.`);
+        }
+        if (secret.projectId === projectId || secret.projectId === projectNumber) {
+            if (secret.version) {
+                secrets.push(Object.assign(Object.assign({}, secret), { version: secret.version }));
+            }
+        }
+    }
+    for (const sev of secrets) {
         let name = sev.secret;
         if (name.includes("/")) {
             const secret = (0, secretManager_1.parseSecretResourceName)(name);
@@ -110,3 +136,70 @@ async function pruneSecrets(projectInfo, endpoints) {
         .map(([secret, version]) => ({ projectId, version, secret, key: secret }));
 }
 exports.pruneSecrets = pruneSecrets;
+async function pruneAndDestroySecrets(projectInfo, endpoints) {
+    const { projectId, projectNumber } = projectInfo;
+    logger_1.logger.debug("Pruning secrets to find unused secret versions...");
+    const unusedSecrets = await module.exports.pruneSecrets({ projectId, projectNumber }, endpoints);
+    if (unusedSecrets.length === 0) {
+        return { destroyed: [], erred: [] };
+    }
+    const destroyed = [];
+    const erred = [];
+    const msg = unusedSecrets.map((s) => `${s.secret}@${s.version}`);
+    logger_1.logger.debug(`Found unused secret versions: ${msg}. Destroying them...`);
+    const destroyResults = await utils.allSettled(unusedSecrets.map(async (sev) => {
+        await (0, secretManager_1.destroySecretVersion)(sev.projectId, sev.secret, sev.version);
+        return sev;
+    }));
+    for (const result of destroyResults) {
+        if (result.status === "fulfilled") {
+            destroyed.push(result.value);
+        }
+        else {
+            erred.push(result.reason);
+        }
+    }
+    return { destroyed, erred };
+}
+exports.pruneAndDestroySecrets = pruneAndDestroySecrets;
+async function updateEndpointSecret(projectInfo, secretVersion, endpoint) {
+    const { projectId, projectNumber } = projectInfo;
+    if (!inUse(projectInfo, secretVersion.secret, endpoint)) {
+        return endpoint;
+    }
+    const updatedSevs = [];
+    for (const sev of of([endpoint])) {
+        const updatedSev = Object.assign({}, sev);
+        if ((updatedSev.projectId === projectId || updatedSev.projectId === projectNumber) &&
+            updatedSev.secret === secretVersion.secret.name) {
+            updatedSev.version = secretVersion.versionId;
+        }
+        updatedSevs.push(updatedSev);
+    }
+    if (endpoint.platform === "gcfv1") {
+        const fn = gcf.functionFromEndpoint(endpoint, "");
+        const op = await gcf.updateFunction({
+            name: fn.name,
+            runtime: fn.runtime,
+            entryPoint: fn.entryPoint,
+            secretEnvironmentVariables: updatedSevs,
+        });
+        const gcfV1PollerOptions = {
+            apiOrigin: api_1.functionsOrigin,
+            apiVersion: gcf.API_VERSION,
+            masterTimeout: 25 * 60 * 1000,
+            maxBackoff: 10000,
+            pollerName: `update-${endpoint.region}-${endpoint.id}`,
+            operationResourceName: op.name,
+        };
+        const cfn = await poller.pollOperation(gcfV1PollerOptions);
+        return gcf.endpointFromFunction(cfn);
+    }
+    else if (endpoint.platform === "gcfv2") {
+        throw new error_1.FirebaseError(`Unsupported platform ${endpoint.platform}`);
+    }
+    else {
+        (0, functional_1.assertExhaustive)(endpoint.platform);
+    }
+}
+exports.updateEndpointSecret = updateEndpointSecret;

package/lib/gcp/cloudfunctions.js

@@ -232,12 +232,7 @@ function endpointFromFunction(gcfFunction) {
         trigger = {
             eventTrigger: {
                 eventType: gcfFunction.eventTrigger.eventType,
-                eventFilters: [
-                    {
-                        attribute: "resource",
-                        value: gcfFunction.eventTrigger.resource,
-                    },
-                ],
+                eventFilters: { resource: gcfFunction.eventTrigger.resource },
                 retry: !!((_e = gcfFunction.eventTrigger.failurePolicy) === null || _e === void 0 ? void 0 : _e.retry),
             },
         };
@@ -254,7 +249,8 @@ function endpointFromFunction(gcfFunction) {
     if (securityLevel) {
         endpoint.securityLevel = securityLevel;
     }
-    proto.copyIfPresent(endpoint, gcfFunction, "serviceAccountEmail", "availableMemoryMb", "timeout", "minInstances", "maxInstances", "ingressSettings", "labels", "environmentVariables", "secretEnvironmentVariables", "sourceUploadUrl");
+    proto.copyIfPresent(endpoint, gcfFunction, "serviceAccountEmail", "availableMemoryMb", "minInstances", "maxInstances", "ingressSettings", "labels", "environmentVariables", "secretEnvironmentVariables", "sourceUploadUrl");
+    proto.renameIfPresent(endpoint, gcfFunction, "timeoutSeconds", "timeout", proto.secondsFromDuration);
     if (gcfFunction.vpcConnector) {
         endpoint.vpc = { connector: gcfFunction.vpcConnector };
         proto.renameIfPresent(endpoint.vpc, gcfFunction, "egressSettings", "vpcConnectorEgressSettings");
@@ -278,13 +274,9 @@ function functionFromEndpoint(endpoint, sourceUploadUrl) {
     };
     proto.copyIfPresent(gcfFunction, endpoint, "labels");
     if (backend.isEventTriggered(endpoint)) {
-        const resourceFilter = backend.findEventFilter(endpoint, "resource");
-        if (!resourceFilter) {
-            throw new error_1.FirebaseError("Invalid event trigger definition. Expected event filter with 'resource' attribute.");
-        }
         gcfFunction.eventTrigger = {
             eventType: endpoint.eventTrigger.eventType,
-            resource: resourceFilter.value,
+            resource: endpoint.eventTrigger.eventFilters.resource,
         };
         gcfFunction.eventTrigger.failurePolicy = endpoint.eventTrigger.retry
             ? { retry: {} }
@@ -311,7 +303,8 @@ function functionFromEndpoint(endpoint, sourceUploadUrl) {
             gcfFunction.httpsTrigger.securityLevel = endpoint.securityLevel;
         }
     }
-    proto.copyIfPresent(gcfFunction, endpoint, "serviceAccountEmail", "timeout", "availableMemoryMb", "minInstances", "maxInstances", "ingressSettings", "environmentVariables", "secretEnvironmentVariables");
+    proto.copyIfPresent(gcfFunction, endpoint, "serviceAccountEmail", "availableMemoryMb", "minInstances", "maxInstances", "ingressSettings", "environmentVariables", "secretEnvironmentVariables");
+    proto.renameIfPresent(gcfFunction, endpoint, "timeout", "timeoutSeconds", proto.durationFromSeconds);
     if (endpoint.vpc) {
         proto.renameIfPresent(gcfFunction, endpoint.vpc, "vpcConnector", "connector");
         proto.renameIfPresent(gcfFunction, endpoint.vpc, "vpcConnectorEgressSettings", "egressSettings");

package/lib/gcp/cloudfunctionsv2.js

@@ -166,9 +166,8 @@ function functionFromEndpoint(endpoint, source) {
         serviceConfig: {},
     };
     proto.copyIfPresent(gcfFunction, endpoint, "labels");
-    proto.copyIfPresent(gcfFunction.serviceConfig, endpoint, "environmentVariables", "serviceAccountEmail", "ingressSettings");
+    proto.copyIfPresent(gcfFunction.serviceConfig, endpoint, "environmentVariables", "serviceAccountEmail", "ingressSettings", "timeoutSeconds");
     proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "availableMemory", "availableMemoryMb", (mb) => `${mb}M`);
-    proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "timeoutSeconds", "timeout", proto.secondsFromDuration);
     proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "minInstanceCount", "minInstances");
     proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "maxInstanceCount", "maxInstances");
     if (endpoint.vpc) {
@@ -180,23 +179,19 @@ function functionFromEndpoint(endpoint, source) {
             eventType: endpoint.eventTrigger.eventType,
         };
         if (gcfFunction.eventTrigger.eventType === v2_1.PUBSUB_PUBLISH_EVENT) {
-            const pubsubFilter = backend.findEventFilter(endpoint, "topic");
-            if (!pubsubFilter) {
-                throw new error_1.FirebaseError("Invalid pubsub endpoint. Expected eventFilter with 'topic' attribute but found none.");
-            }
-            gcfFunction.eventTrigger.pubsubTopic = pubsubFilter.value;
-            for (const filter of endpoint.eventTrigger.eventFilters) {
-                if (filter.attribute === "topic") {
+            gcfFunction.eventTrigger.pubsubTopic = endpoint.eventTrigger.eventFilters.topic;
+            gcfFunction.eventTrigger.eventFilters = [];
+            for (const [attribute, value] of Object.entries(endpoint.eventTrigger.eventFilters)) {
+                if (attribute === "topic")
                     continue;
-                }
-                if (!gcfFunction.eventTrigger.eventFilters) {
-                    gcfFunction.eventTrigger.eventFilters = [];
-                }
-                gcfFunction.eventTrigger.eventFilters.push(filter);
+                gcfFunction.eventTrigger.eventFilters.push({ attribute, value });
             }
         }
         else {
-            gcfFunction.eventTrigger.eventFilters = endpoint.eventTrigger.eventFilters;
+            gcfFunction.eventTrigger.eventFilters = [];
+            for (const [attribute, value] of Object.entries(endpoint.eventTrigger.eventFilters)) {
+                gcfFunction.eventTrigger.eventFilters.push({ attribute, value });
+            }
         }
         proto.renameIfPresent(gcfFunction.eventTrigger, endpoint.eventTrigger, "triggerRegion", "region");
         if (endpoint.eventTrigger.retry) {
@@ -239,19 +234,16 @@ function endpointFromFunction(gcfFunction) {
         trigger = {
             eventTrigger: {
                 eventType: gcfFunction.eventTrigger.eventType,
-                eventFilters: [],
+                eventFilters: {},
                 retry: false,
             },
         };
         if (gcfFunction.eventTrigger.pubsubTopic) {
-            trigger.eventTrigger.eventFilters.push({
-                attribute: "topic",
-                value: gcfFunction.eventTrigger.pubsubTopic,
-            });
+            trigger.eventTrigger.eventFilters.topic = gcfFunction.eventTrigger.pubsubTopic;
         }
         else {
             for (const { attribute, value } of gcfFunction.eventTrigger.eventFilters || []) {
-                trigger.eventTrigger.eventFilters.push({ attribute, value });
+                trigger.eventTrigger.eventFilters[attribute] = value;
             }
         }
         proto.renameIfPresent(trigger.eventTrigger, gcfFunction.eventTrigger, "region", "triggerRegion");
@@ -265,9 +257,8 @@ function endpointFromFunction(gcfFunction) {
     const endpoint = Object.assign(Object.assign({ platform: "gcfv2", id,
         project,
         region }, trigger), { entryPoint: gcfFunction.buildConfig.entryPoint, runtime: gcfFunction.buildConfig.runtime, uri: gcfFunction.serviceConfig.uri });
-    proto.copyIfPresent(endpoint, gcfFunction.serviceConfig, "serviceAccountEmail", "ingressSettings", "environmentVariables");
+    proto.copyIfPresent(endpoint, gcfFunction.serviceConfig, "serviceAccountEmail", "ingressSettings", "environmentVariables", "timeoutSeconds");
     proto.renameIfPresent(endpoint, gcfFunction.serviceConfig, "availableMemoryMb", "availableMemory", megabytes);
-    proto.renameIfPresent(endpoint, gcfFunction.serviceConfig, "timeout", "timeoutSeconds", proto.durationFromSeconds);
     proto.renameIfPresent(endpoint, gcfFunction.serviceConfig, "minInstances", "minInstanceCount");
     proto.renameIfPresent(endpoint, gcfFunction.serviceConfig, "maxInstances", "maxInstanceCount");
     proto.copyIfPresent(endpoint, gcfFunction, "labels");

package/lib/gcp/cloudtasks.js

@@ -13,7 +13,6 @@ const client = new apiv2_1.Client({
 exports.DEFAULT_SETTINGS = {
     rateLimits: {
         maxConcurrentDispatches: 1000,
-        maxBurstSize: 100,
         maxDispatchesPerSecond: 500,
     },
     state: "RUNNING",
@@ -133,10 +132,13 @@ exports.queueNameForEndpoint = queueNameForEndpoint;
 function queueFromEndpoint(endpoint) {
     const queue = Object.assign(Object.assign({}, JSON.parse(JSON.stringify(exports.DEFAULT_SETTINGS))), { name: queueNameForEndpoint(endpoint) });
     if (endpoint.taskQueueTrigger.rateLimits) {
-        proto.copyIfPresent(queue.rateLimits, endpoint.taskQueueTrigger.rateLimits, "maxBurstSize", "maxConcurrentDispatches", "maxDispatchesPerSecond");
+        proto.copyIfPresent(queue.rateLimits, endpoint.taskQueueTrigger.rateLimits, "maxConcurrentDispatches", "maxDispatchesPerSecond");
     }
     if (endpoint.taskQueueTrigger.retryConfig) {
-        proto.copyIfPresent(queue.retryConfig, endpoint.taskQueueTrigger.retryConfig, "maxAttempts", "maxBackoff", "maxDoublings", "maxRetryDuration", "minBackoff");
+        proto.copyIfPresent(queue.retryConfig, endpoint.taskQueueTrigger.retryConfig, "maxAttempts", "maxDoublings");
+        proto.renameIfPresent(queue.retryConfig, endpoint.taskQueueTrigger.retryConfig, "maxRetryDuration", "maxRetrySeconds", proto.durationFromSeconds);
+        proto.renameIfPresent(queue.retryConfig, endpoint.taskQueueTrigger.retryConfig, "maxBackoff", "maxBackoffSeconds", proto.durationFromSeconds);
+        proto.renameIfPresent(queue.retryConfig, endpoint.taskQueueTrigger.retryConfig, "minBackoff", "minBackoffSeconds", proto.durationFromSeconds);
     }
     return queue;
 }

package/lib/gcp/secretManager.js

@@ -133,7 +133,7 @@ async function createSecret(projectId, name, labels) {
         },
         labels,
     }, { queryParams: { secretId: name } });
-    return parseSecretResourceName(createRes.body.name);
+    return Object.assign(Object.assign({}, parseSecretResourceName(createRes.body.name)), { labels });
 }
 exports.createSecret = createSecret;
 async function patchSecret(projectId, name, labels) {

package/lib/utils.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.groupBy = exports.assertIsStringOrUndefined = exports.assertIsNumber = exports.assertIsString = exports.assertDefined = exports.thirtyDaysFromNow = exports.isRunningInWSL = exports.isCloudEnvironment = exports.datetimeString = exports.createDestroyer = exports.promiseWithSpinner = exports.setupLoggers = exports.tryParse = exports.tryStringify = exports.promiseProps = exports.promiseWhile = exports.promiseAllSettled = exports.getFunctionsEventProvider = exports.endpoint = exports.makeActiveProject = exports.streamToString = exports.stringToStream = exports.explainStdin = exports.allSettled = exports.reject = exports.logLabeledError = exports.logLabeledWarning = exports.logWarning = exports.logLabeledBullet = exports.logBullet = exports.logLabeledSuccess = exports.logSuccess = exports.addSubdomain = exports.addDatabaseNamespace = exports.getDatabaseViewDataUrl = exports.getDatabaseUrl = exports.envOverride = exports.getInheritedOption = exports.consoleUrl = exports.envOverrides = void 0;
+exports.cloneDeep = exports.groupBy = exports.assertIsStringOrUndefined = exports.assertIsNumber = exports.assertIsString = exports.assertDefined = exports.thirtyDaysFromNow = exports.isRunningInWSL = exports.isCloudEnvironment = exports.datetimeString = exports.createDestroyer = exports.promiseWithSpinner = exports.setupLoggers = exports.tryParse = exports.tryStringify = exports.promiseProps = exports.promiseWhile = exports.promiseAllSettled = exports.getFunctionsEventProvider = exports.endpoint = exports.makeActiveProject = exports.streamToString = exports.stringToStream = exports.explainStdin = exports.allSettled = exports.reject = exports.logLabeledError = exports.logLabeledWarning = exports.logWarning = exports.logLabeledBullet = exports.logBullet = exports.logLabeledSuccess = exports.logSuccess = exports.addSubdomain = exports.addDatabaseNamespace = exports.getDatabaseViewDataUrl = exports.getDatabaseUrl = exports.envOverride = exports.getInheritedOption = exports.consoleUrl = exports.envOverrides = void 0;
 const _ = require("lodash");
 const url = require("url");
 const clc = require("cli-color");
@@ -406,3 +406,32 @@ function groupBy(arr, f) {
     }, {});
 }
 exports.groupBy = groupBy;
+function cloneArray(arr) {
+    return arr.map((e) => cloneDeep(e));
+}
+function cloneObject(obj) {
+    const clone = {};
+    for (const [k, v] of Object.entries(obj)) {
+        clone[k] = cloneDeep(v);
+    }
+    return clone;
+}
+function cloneDeep(obj) {
+    if (typeof obj !== "object" || !obj) {
+        return obj;
+    }
+    if (obj instanceof RegExp) {
+        return RegExp(obj, obj.flags);
+    }
+    if (obj instanceof Date) {
+        return new Date(obj);
+    }
+    if (Array.isArray(obj)) {
+        return cloneArray(obj);
+    }
+    if (obj instanceof Map) {
+        return new Map(obj.entries());
+    }
+    return cloneObject(obj);
+}
+exports.cloneDeep = cloneDeep;

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "firebase-tools",
-  "version": "10.5.0",
+  "version": "10.6.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "firebase-tools",
-      "version": "10.5.0",
+      "version": "10.6.0",
       "license": "MIT",
       "dependencies": {
         "@google-cloud/pubsub": "^2.18.4",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-tools",
-  "version": "10.5.0",
+  "version": "10.6.0",
   "description": "Command-Line Interface for Firebase",
   "main": "./lib/index.js",
   "bin": {