firebase-tools 13.15.4 → 13.17.0

package/lib/api.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.cloudRunApiOrigin = exports.hostingApiOrigin = exports.firebaseStorageOrigin = exports.storageOrigin = exports.runtimeconfigOrigin = exports.rulesOrigin = exports.resourceManagerOrigin = exports.remoteConfigApiOrigin = exports.rtdbMetadataOrigin = exports.rtdbManagementOrigin = exports.realtimeOrigin = exports.extensionsTOSOrigin = exports.extensionsPublisherOrigin = exports.extensionsOrigin = exports.iamOrigin = exports.identityOrigin = exports.hostingOrigin = exports.googleOrigin = exports.pubsubOrigin = exports.cloudTasksOrigin = exports.cloudschedulerOrigin = exports.cloudbuildOrigin = exports.functionsDefaultRegion = exports.runOrigin = exports.functionsV2Origin = exports.functionsOrigin = exports.firestoreOrigin = exports.firestoreOriginOrEmulator = exports.firedataOrigin = exports.firebaseExtensionsRegistryOrigin = exports.firebaseApiOrigin = exports.eventarcOrigin = exports.dynamicLinksKey = exports.dynamicLinksOrigin = exports.consoleOrigin = exports.authOrigin = exports.apphostingGitHubAppInstallationURL = exports.apphostingP4SADomain = exports.apphostingOrigin = exports.appDistributionOrigin = exports.artifactRegistryDomain = exports.developerConnectP4SADomain = exports.developerConnectOrigin = exports.containerRegistryDomain = exports.cloudMonitoringOrigin = exports.cloudloggingOrigin = exports.cloudbillingOrigin = exports.clientSecret = exports.clientId = exports.authProxyOrigin = void 0;
-exports.setScopes = exports.getScopes = exports.vertexAIOrigin = exports.cloudSQLAdminOrigin = exports.dataConnectLocalConnString = exports.dataconnectOrigin = exports.githubClientSecret = exports.githubClientId = exports.computeOrigin = exports.secretManagerOrigin = exports.githubApiOrigin = exports.githubOrigin = exports.serviceUsageOrigin = void 0;
+exports.setScopes = exports.getScopes = exports.vertexAIOrigin = exports.cloudSQLAdminOrigin = exports.dataConnectLocalConnString = exports.dataconnectP4SADomain = exports.dataconnectOrigin = exports.githubClientSecret = exports.githubClientId = exports.computeOrigin = exports.secretManagerOrigin = exports.githubApiOrigin = exports.githubOrigin = exports.serviceUsageOrigin = void 0;
 const constants_1 = require("./emulator/constants");
 const logger_1 = require("./logger");
 const scopes = require("./scopes");
@@ -128,6 +128,8 @@ const githubClientSecret = () => utils.envOverride("GITHUB_CLIENT_SECRET", "3330
 exports.githubClientSecret = githubClientSecret;
 const dataconnectOrigin = () => utils.envOverride("FIREBASE_DATACONNECT_URL", "https://firebasedataconnect.googleapis.com");
 exports.dataconnectOrigin = dataconnectOrigin;
+const dataconnectP4SADomain = () => utils.envOverride("FIREBASE_DATACONNECT_P4SA_DOMAIN", "gcp-sa-firebasedataconnect.iam.gserviceaccount.com");
+exports.dataconnectP4SADomain = dataconnectP4SADomain;
 const dataConnectLocalConnString = () => utils.envOverride("FIREBASE_DATACONNECT_POSTGRESQL_STRING", "");
 exports.dataConnectLocalConnString = dataConnectLocalConnString;
 const cloudSQLAdminOrigin = () => utils.envOverride("CLOUD_SQL_URL", "https://sqladmin.googleapis.com");

package/lib/apphosting/index.js

@@ -33,7 +33,8 @@ async function tlsReady(url) {
     }
     catch (err) {
         const maybeNodeError = err;
-        if (/HANDSHAKE_FAILURE/.test((_a = maybeNodeError === null || maybeNodeError === void 0 ? void 0 : maybeNodeError.cause) === null || _a === void 0 ? void 0 : _a.code)) {
+        if (/HANDSHAKE_FAILURE/.test((_a = maybeNodeError === null || maybeNodeError === void 0 ? void 0 : maybeNodeError.cause) === null || _a === void 0 ? void 0 : _a.code) ||
+            "EPROTO" === (maybeNodeError === null || maybeNodeError === void 0 ? void 0 : maybeNodeError.code)) {
             return false;
         }
         return true;

package/lib/commands/dataconnect-sql-diff.js

@@ -17,9 +17,10 @@ exports.command = new command_1.Command("dataconnect:sql:diff [serviceId]")
 ])
     .before(requireAuth_1.requireAuth)
     .action(async (serviceId, options) => {
+    var _a;
     const projectId = (0, projectUtils_1.needProjectId)(options);
     await (0, ensureApis_1.ensureApis)(projectId);
     const serviceInfo = await (0, fileUtils_1.pickService)(projectId, options.config, serviceId);
-    const diffs = await (0, schemaMigration_1.diffSchema)(serviceInfo.schema);
+    const diffs = await (0, schemaMigration_1.diffSchema)(serviceInfo.schema, (_a = serviceInfo.dataConnectYaml.schema.datasource.postgresql) === null || _a === void 0 ? void 0 : _a.schemaValidation);
     return { projectId, serviceId, diffs };
 });

package/lib/commands/dataconnect-sql-migrate.js

@@ -17,7 +17,6 @@ exports.command = new command_1.Command("dataconnect:sql:migrate [serviceId]")
     "firebasedataconnect.schemas.list",
     "firebasedataconnect.schemas.update",
     "cloudsql.instances.connect",
-    "cloudsql.users.create",
 ])
     .before(requireAuth_1.requireAuth)
     .withForce("Execute any required database changes without prompting")

package/lib/commands/firestore-databases-restore.js

@@ -8,12 +8,17 @@ const logger_1 = require("../logger");
 const requirePermissions_1 = require("../requirePermissions");
 const types_1 = require("../emulator/types");
 const commandUtils_1 = require("../emulator/commandUtils");
+const options_1 = require("../firestore/options");
 const pretty_print_1 = require("../firestore/pretty-print");
 const error_1 = require("../error");
 exports.command = new command_1.Command("firestore:databases:restore")
     .description("Restore a Firestore database in your Firebase project.")
     .option("-d, --database <databaseID>", "ID of the database to restore into")
     .option("-b, --backup <backup>", "Backup from which to restore")
+    .option("-e, --encryption-type <encryptionType>", `Encryption method of the restored database; one of ${options_1.EncryptionType.USE_SOURCE_ENCRYPTION} (default), ` +
+    `${options_1.EncryptionType.CUSTOMER_MANAGED_ENCRYPTION}, ${options_1.EncryptionType.GOOGLE_DEFAULT_ENCRYPTION}`)
+    .option("-k, --kms-key-name <kmsKeyName>", "Resource ID of the Cloud KMS key to encrypt the restored database. This " +
+    "feature is allowlist only in initial launch.")
     .before(requirePermissions_1.requirePermissions, ["datastore.backups.restoreDatabase"])
     .before(commandUtils_1.warnEmulatorNotSupported, types_1.Emulators.FIRESTORE)
     .action(async (options) => {
@@ -28,7 +33,28 @@ exports.command = new command_1.Command("firestore:databases:restore")
         throw new error_1.FirebaseError(`Missing required flag --backup. ${helpCommandText}`);
     }
     const backupName = options.backup;
-    const databaseResp = await api.restoreDatabase(options.project, databaseId, backupName);
+    let encryptionConfig = undefined;
+    switch (options.encryptionType) {
+        case options_1.EncryptionType.GOOGLE_DEFAULT_ENCRYPTION:
+            throwIfKmsKeyNameIsSet(options.kmsKeyName);
+            encryptionConfig = { googleDefaultEncryption: {} };
+            break;
+        case options_1.EncryptionType.USE_SOURCE_ENCRYPTION:
+            throwIfKmsKeyNameIsSet(options.kmsKeyName);
+            encryptionConfig = { useSourceEncryption: {} };
+            break;
+        case options_1.EncryptionType.CUSTOMER_MANAGED_ENCRYPTION:
+            encryptionConfig = {
+                customerManagedEncryption: { kmsKeyName: getKmsKeyOrThrow(options.kmsKeyName) },
+            };
+            break;
+        case undefined:
+            throwIfKmsKeyNameIsSet(options.kmsKeyName);
+            break;
+        default:
+            throw new error_1.FirebaseError(`Invalid value for flag --encryption-type. ${helpCommandText}`);
+    }
+    const databaseResp = await api.restoreDatabase(options.project, databaseId, backupName, encryptionConfig);
     if (options.json) {
         logger_1.logger.info(JSON.stringify(databaseResp, undefined, 2));
     }
@@ -40,4 +66,16 @@ exports.command = new command_1.Command("firestore:databases:restore")
         logger_1.logger.info(`Once the restore is complete, your database may be viewed at ${printer.firebaseConsoleDatabaseUrl(options.project, databaseId)}`);
     }
     return databaseResp;
+    function throwIfKmsKeyNameIsSet(kmsKeyName) {
+        if (kmsKeyName) {
+            throw new error_1.FirebaseError("--kms-key-name can only be set when specifying an --encryption-type " +
+                `of ${options_1.EncryptionType.CUSTOMER_MANAGED_ENCRYPTION}.`);
+        }
+    }
+    function getKmsKeyOrThrow(kmsKeyName) {
+        if (kmsKeyName)
+            return kmsKeyName;
+        throw new error_1.FirebaseError("--kms-key-name must be provided when specifying an --encryption-type " +
+            `of ${options_1.EncryptionType.CUSTOMER_MANAGED_ENCRYPTION}.`);
+    }
 });

package/lib/dataconnect/client.js

@@ -123,13 +123,14 @@ async function deleteConnector(name) {
     return;
 }
 exports.deleteConnector = deleteConnector;
-async function listConnectors(serviceName) {
+async function listConnectors(serviceName, fields = []) {
     const connectors = [];
     const getNextPage = async (pageToken = "") => {
         const res = await dataconnectClient().get(`${serviceName}/connectors`, {
             queryParams: {
                 pageSize: PAGE_SIZE_MAX,
                 pageToken,
+                fields: fields.join(","),
             },
         });
         connectors.push(...(res.body.connectors || []));

package/lib/dataconnect/schemaMigration.js

@@ -6,23 +6,41 @@ const sql_formatter_1 = require("sql-formatter");
 const types_1 = require("./types");
 const client_1 = require("./client");
 const connect_1 = require("../gcp/cloudsql/connect");
+const permissions_1 = require("../gcp/cloudsql/permissions");
 const prompt_1 = require("../prompt");
 const logger_1 = require("../logger");
 const error_1 = require("../error");
-const projectUtils_1 = require("../projectUtils");
 const utils_1 = require("../utils");
 const experiments = require("../experiments");
 const errors = require("./errors");
-async function diffSchema(schema) {
+async function diffSchema(schema, schemaValidation) {
     const { serviceName, instanceName, databaseId } = getIdentifiers(schema);
     await ensureServiceIsConnectedToCloudSql(serviceName, instanceName, databaseId, false);
-    setCompatibleMode(schema, databaseId, instanceName);
+    let diffs = [];
+    let validationMode = "STRICT";
+    if (experiments.isEnabled("fdccompatiblemode")) {
+        if (!schemaValidation) {
+            validationMode = "COMPATIBLE";
+        }
+        else {
+            validationMode = schemaValidation;
+        }
+    }
+    setSchemaValidationMode(schema, validationMode);
     try {
+        if (!schemaValidation && experiments.isEnabled("fdccompatiblemode")) {
+            (0, utils_1.logLabeledBullet)("dataconnect", `generating required schema changes...`);
+        }
         await (0, client_1.upsertSchema)(schema, true);
-        (0, utils_1.logLabeledSuccess)("dataconnect", `Database schema is up to date.`);
+        if (validationMode === "STRICT") {
+            (0, utils_1.logLabeledSuccess)("dataconnect", `Database schema is up to date.`);
+        }
+        else {
+            (0, utils_1.logLabeledSuccess)("dataconnect", `Database schema is compatible.`);
+        }
     }
     catch (err) {
-        if (err.status !== 400) {
+        if ((err === null || err === void 0 ? void 0 : err.status) !== 400) {
             throw err;
         }
         const invalidConnectors = errors.getInvalidConnectors(err);
@@ -34,24 +52,56 @@ async function diffSchema(schema) {
             displayInvalidConnectors(invalidConnectors);
         }
         if (incompatible) {
-            displaySchemaChanges(incompatible);
-            return incompatible.diffs;
+            displaySchemaChanges(incompatible, validationMode, instanceName, databaseId);
+            diffs = incompatible.diffs;
         }
     }
-    return [];
+    if (experiments.isEnabled("fdccompatiblemode")) {
+        if (!schemaValidation) {
+            validationMode = "STRICT";
+            setSchemaValidationMode(schema, validationMode);
+            try {
+                (0, utils_1.logLabeledBullet)("dataconnect", `generating schema changes, including optional changes...`);
+                await (0, client_1.upsertSchema)(schema, true);
+                (0, utils_1.logLabeledSuccess)("dataconnect", `no additional optional changes`);
+            }
+            catch (err) {
+                if ((err === null || err === void 0 ? void 0 : err.status) !== 400) {
+                    throw err;
+                }
+                const incompatible = errors.getIncompatibleSchemaError(err);
+                if (incompatible) {
+                    if (!diffsEqual(diffs, incompatible.diffs)) {
+                        if (diffs.length === 0) {
+                            displaySchemaChanges(incompatible, "STRICT_AFTER_COMPATIBLE", instanceName, databaseId);
+                        }
+                        else {
+                            displaySchemaChanges(incompatible, validationMode, instanceName, databaseId);
+                        }
+                        diffs = incompatible.diffs;
+                    }
+                    else {
+                        (0, utils_1.logLabeledSuccess)("dataconnect", `no additional optional changes`);
+                    }
+                }
+            }
+        }
+    }
+    return diffs;
 }
 exports.diffSchema = diffSchema;
 async function migrateSchema(args) {
     const { options, schema, validateOnly } = args;
     const { serviceName, instanceId, instanceName, databaseId } = getIdentifiers(schema);
     await ensureServiceIsConnectedToCloudSql(serviceName, instanceName, databaseId, true);
-    setCompatibleMode(schema, databaseId, instanceName);
+    const validationMode = experiments.isEnabled("fdccompatiblemode") ? "COMPATIBLE" : "STRICT";
+    setSchemaValidationMode(schema, validationMode);
     try {
         await (0, client_1.upsertSchema)(schema, validateOnly);
         logger_1.logger.debug(`Database schema was up to date for ${instanceId}:${databaseId}`);
     }
     catch (err) {
-        if (err.status !== 400) {
+        if ((err === null || err === void 0 ? void 0 : err.status) !== 400) {
             throw err;
         }
         const incompatible = errors.getIncompatibleSchemaError(err);
@@ -59,7 +109,7 @@ async function migrateSchema(args) {
         if (!incompatible && !invalidConnectors.length) {
             throw err;
         }
-        const migrationMode = await promptForSchemaMigration(options, databaseId, incompatible, validateOnly);
+        const migrationMode = await promptForSchemaMigration(options, instanceName, databaseId, incompatible, validateOnly, validationMode);
         const shouldDeleteInvalidConnectors = await promptForInvalidConnectorError(options, serviceName, invalidConnectors, validateOnly);
         let diffs = [];
         if (incompatible) {
@@ -82,24 +132,23 @@ async function migrateSchema(args) {
     return [];
 }
 exports.migrateSchema = migrateSchema;
-function setCompatibleMode(schema, databaseId, instanceName) {
-    var _a;
-    if (experiments.isEnabled("fdccompatiblemode")) {
-        if ((_a = schema.primaryDatasource.postgresql) === null || _a === void 0 ? void 0 : _a.schemaValidation) {
-            schema.primaryDatasource.postgresql.schemaValidation = "COMPATIBLE";
-        }
-        else {
-            schema.primaryDatasource = {
-                postgresql: {
-                    database: databaseId,
-                    cloudSql: {
-                        instance: instanceName,
-                    },
-                    schemaValidation: "COMPATIBLE",
-                },
-            };
+function diffsEqual(x, y) {
+    if (x.length !== y.length) {
+        return false;
+    }
+    for (let i = 0; i < x.length; i++) {
+        if (x[i].description !== y[i].description ||
+            x[i].destructive !== y[i].destructive ||
+            x[i].sql !== y[i].sql) {
+            return false;
         }
     }
+    return true;
+}
+function setSchemaValidationMode(schema, schemaValidation) {
+    if (experiments.isEnabled("fdccompatiblemode") && schema.primaryDatasource.postgresql) {
+        schema.primaryDatasource.postgresql.schemaValidation = schemaValidation;
+    }
 }
 function getIdentifiers(schema) {
     var _a, _b;
@@ -131,8 +180,6 @@ async function handleIncompatibleSchemaError(args) {
     if (incompatibleSchemaError.destructive && choice === "safe") {
         throw new error_1.FirebaseError("This schema migration includes potentially destructive changes. If you'd like to execute it anyway, rerun this command with --force");
     }
-    const projectId = (0, projectUtils_1.needProjectId)(options);
-    const iamUser = await (0, connect_1.setupIAMUser)(instanceId, databaseId, options);
     const commandsToExecute = incompatibleSchemaError.diffs
         .filter((d) => {
         switch (choice) {
@@ -146,25 +193,36 @@ async function handleIncompatibleSchemaError(args) {
     })
         .map((d) => d.sql);
     if (commandsToExecute.length) {
-        await (0, connect_1.execute)([
-            `SET ROLE "${(0, connect_1.firebaseowner)(databaseId)}"`,
-            ...commandsToExecute,
-            `GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA "public" TO PUBLIC`,
-        ], {
-            projectId,
-            instanceId,
-            databaseId,
-            username: iamUser,
-        });
-        return incompatibleSchemaError.diffs;
+        const commandsToExecuteBySuperUser = commandsToExecute.filter((sql) => sql.startsWith("CREATE EXTENSION") || sql.startsWith("CREATE SCHEMA"));
+        const commandsToExecuteByOwner = commandsToExecute.filter((sql) => !commandsToExecuteBySuperUser.includes(sql));
+        const userIsCSQLAdmin = await (0, permissions_1.iamUserIsCSQLAdmin)(options);
+        if (!userIsCSQLAdmin && commandsToExecuteBySuperUser.length) {
+            throw new error_1.FirebaseError(`Some SQL commands required for this migration require Admin permissions.\n 
+        Please ask a user with 'roles/cloudsql.admin' to apply the following commands.\n
+        ${commandsToExecuteBySuperUser.join("\n")}`);
+        }
+        if (userIsCSQLAdmin) {
+            await (0, connect_1.setupIAMUsers)(instanceId, databaseId, options);
+        }
+        if (!(await (0, permissions_1.checkSQLRoleIsGranted)(options, instanceId, databaseId, (0, permissions_1.firebaseowner)(databaseId), (await (0, connect_1.getIAMUser)(options)).user))) {
+            throw new error_1.FirebaseError(`Command aborted. Only users granted firebaseowner SQL role can run migrations.`);
+        }
+        if (commandsToExecuteBySuperUser.length) {
+            logger_1.logger.info(`The diffs require CloudSQL superuser permissions, attempting to apply changes as superuser.`);
+            await (0, connect_1.executeSqlCmdsAsSuperUser)(options, instanceId, databaseId, commandsToExecuteBySuperUser, false);
+        }
+        if (commandsToExecuteByOwner.length) {
+            await (0, connect_1.executeSqlCmdsAsIamUser)(options, instanceId, databaseId, [`SET ROLE "${(0, permissions_1.firebaseowner)(databaseId)}"`, ...commandsToExecuteByOwner], false);
+            return incompatibleSchemaError.diffs;
+        }
     }
     return [];
 }
-async function promptForSchemaMigration(options, databaseName, err, validateOnly) {
+async function promptForSchemaMigration(options, instanceName, databaseId, err, validateOnly, schemaValidation) {
     if (!err) {
         return "none";
     }
-    displaySchemaChanges(err);
+    displaySchemaChanges(err, schemaValidation, instanceName, databaseId);
     if (!options.nonInteractive) {
         if (validateOnly && options.force) {
             return "all";
@@ -179,7 +237,7 @@ async function promptForSchemaMigration(options, databaseName, err, validateOnly
                 { name: "Abort changes", value: "none" },
             ];
         return await (0, prompt_1.promptOnce)({
-            message: `Would you like to execute these changes against ${databaseName}?`,
+            message: `Would you like to execute these changes against ${databaseId}?`,
             type: "list",
             choices,
         });
@@ -264,19 +322,47 @@ async function ensureServiceIsConnectedToCloudSql(serviceName, instanceId, datab
         await (0, client_1.upsertSchema)(currentSchema, false);
     }
     catch (err) {
-        if (err.status >= 500) {
+        if ((err === null || err === void 0 ? void 0 : err.status) >= 500) {
             throw err;
         }
         logger_1.logger.debug(err);
     }
 }
-function displaySchemaChanges(error) {
+function displaySchemaChanges(error, schemaValidation, instanceName, databaseId) {
     switch (error.violationType) {
         case "INCOMPATIBLE_SCHEMA":
             {
-                const message = "Your new schema is incompatible with the schema of your CloudSQL database. " +
-                    "The following SQL statements will migrate your database schema to match your new Data Connect schema.\n" +
-                    error.diffs.map(toString).join("\n");
+                let message;
+                if (schemaValidation === "COMPATIBLE") {
+                    message =
+                        "Your new application schema is incompatible with the schema of your PostgreSQL database " +
+                            databaseId +
+                            " in your CloudSQL instance " +
+                            instanceName +
+                            ". " +
+                            "The following SQL statements will migrate your database schema to be compatible with your new Data Connect schema.\n" +
+                            error.diffs.map(toString).join("\n");
+                }
+                else if (schemaValidation === "STRICT_AFTER_COMPATIBLE") {
+                    message =
+                        "Your new application schema is compatible with the schema of your PostgreSQL database " +
+                            databaseId +
+                            " in your CloudSQL instance " +
+                            instanceName +
+                            ", but contains unused tables or columns. " +
+                            "The following optional SQL statements will migrate your database schema to match your new Data Connect schema.\n" +
+                            error.diffs.map(toString).join("\n");
+                }
+                else {
+                    message =
+                        "Your new application schema does not match the schema of your PostgreSQL database " +
+                            databaseId +
+                            " in your CloudSQL instance " +
+                            instanceName +
+                            ". " +
+                            "The following SQL statements will migrate your database schema to match your new Data Connect schema.\n" +
+                            error.diffs.map(toString).join("\n");
+                }
                 (0, utils_1.logLabeledWarning)("dataconnect", message);
             }
             break;

package/lib/dataconnect/types.js

@@ -22,6 +22,7 @@ function toDatasource(projectId, locationId, ds) {
                 cloudSql: {
                     instance: `projects/${projectId}/locations/${locationId}/instances/${ds.postgresql.cloudSql.instanceId}`,
                 },
+                schemaValidation: ds.postgresql.schemaValidation,
             },
         };
     }

package/lib/deploy/functions/prepare.js

@@ -27,7 +27,6 @@ const serviceusage_1 = require("../../gcp/serviceusage");
 const applyHash_1 = require("./cache/applyHash");
 const backend_1 = require("./backend");
 const functional_1 = require("../../functional");
-const prepare_1 = require("../extensions/prepare");
 exports.EVENTARC_SOURCE_ENV = "EVENTARC_CLOUD_EVENT_SOURCE";
 async function prepare(context, options, payload) {
     var _a, _b;
@@ -56,13 +55,6 @@ async function prepare(context, options, payload) {
     }
     context.codebaseDeployEvents = {};
     const wantBuilds = await loadCodebases(context.config, options, firebaseConfig, runtimeConfig, context.filters);
-    if (Object.values(wantBuilds).some((b) => b.extensions)) {
-        const extContext = {};
-        const extPayload = {};
-        await (0, prepare_1.prepareDynamicExtensions)(extContext, options, extPayload, wantBuilds);
-        context.extensions = extContext;
-        payload.extensions = extPayload;
-    }
     const codebaseUsesEnvs = [];
     const wantBackends = {};
     for (const [codebase, wantBuild] of Object.entries(wantBuilds)) {

package/lib/deploy/functions/release/planner.js

@@ -207,7 +207,8 @@ function checkForIllegalUpdate(want, have) {
 exports.checkForIllegalUpdate = checkForIllegalUpdate;
 function checkForV2Upgrade(want, have) {
     if (want.platform === "gcfv2" && have.platform === "gcfv1") {
-        throw new error_1.FirebaseError(`[${(0, functionsDeployHelper_1.getFunctionLabel)(have)}] Upgrading from GCFv1 to GCFv2 is not yet supported. Please delete your old function or wait for this feature to be ready.`);
+        throw new error_1.FirebaseError(`[${(0, functionsDeployHelper_1.getFunctionLabel)(have)}] Upgrading from 1st Gen to 2nd Gen is not yet supported. ` +
+            "See https://firebase.google.com/docs/functions/2nd-gen-upgrade before migrating to 2nd Gen.");
     }
 }
 exports.checkForV2Upgrade = checkForV2Upgrade;

package/lib/emulator/apphosting/index.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppHostingEmulator = void 0;
+const emulatorLogger_1 = require("../emulatorLogger");
+const types_1 = require("../types");
+const serve_1 = require("./serve");
+class AppHostingEmulator {
+    constructor(args) {
+        this.args = args;
+        this.logger = emulatorLogger_1.EmulatorLogger.forEmulator(types_1.Emulators.APPHOSTING);
+    }
+    async start() {
+        this.args.options.host = this.args.host;
+        this.args.options.port = this.args.port;
+        this.logger.logLabeled("INFO", types_1.Emulators.APPHOSTING, "starting apphosting emulator");
+        const { port } = await (0, serve_1.start)(this.args.options);
+        this.logger.logLabeled("INFO", types_1.Emulators.APPHOSTING, `serving on port ${port}`);
+    }
+    connect() {
+        this.logger.logLabeled("INFO", types_1.Emulators.APPHOSTING, "connecting apphosting emulator");
+        return Promise.resolve();
+    }
+    stop() {
+        this.logger.logLabeled("INFO", types_1.Emulators.APPHOSTING, "stopping apphosting emulator");
+        return Promise.resolve();
+    }
+    getInfo() {
+        return {
+            name: types_1.Emulators.APPHOSTING,
+            host: this.args.host,
+            port: this.args.port,
+        };
+    }
+    getName() {
+        return types_1.Emulators.APPHOSTING;
+    }
+}
+exports.AppHostingEmulator = AppHostingEmulator;

package/lib/emulator/apphosting/serve.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serve = exports.start = void 0;
+const net_1 = require("net");
+const portUtils_1 = require("../portUtils");
+const spawn_1 = require("../../init/spawn");
+async function start(options) {
+    let port = options.port;
+    while (!(await availablePort(options.host, port))) {
+        port += 1;
+    }
+    serve(options, port);
+    return { port };
+}
+exports.start = start;
+function availablePort(host, port) {
+    return (0, portUtils_1.checkListenable)({
+        address: host,
+        port,
+        family: (0, net_1.isIPv4)(host) ? "IPv4" : "IPv6",
+    });
+}
+async function serve(options, port) {
+    await (0, spawn_1.wrapSpawn)("npm", ["run", "dev", "--", "-H", options.host, "-p", port], process.cwd());
+}
+exports.serve = serve;

package/lib/emulator/auth/handlers.js

@@ -131,6 +131,33 @@ function registerHandlers(app, getProjectStateByApiKey) {
                     }
                 }
             }
+            case "verifyAndChangeEmail": {
+                try {
+                    const { newEmail } = (0, operations_1.setAccountInfoImpl)(state, { oobCode });
+                    if (continueUrl) {
+                        return res.redirect(303, continueUrl);
+                    }
+                    else {
+                        return res.status(200).json({
+                            authEmulator: { success: `The email has been successfully changed.`, newEmail },
+                        });
+                    }
+                }
+                catch (e) {
+                    if (e instanceof errors_1.NotImplementedError ||
+                        (e instanceof errors_1.BadRequestError && e.message === "INVALID_OOB_CODE")) {
+                        return res.status(400).json({
+                            authEmulator: {
+                                error: `Your request to change your email has expired or the link has already been used.`,
+                                instructions: `Try changing your email again.`,
+                            },
+                        });
+                    }
+                    else {
+                        throw e;
+                    }
+                }
+            }
             case "signIn": {
                 if (!continueUrl) {
                     return res.status(400).json({