firebase-tools 13.5.2 → 13.6.1

package/lib/commands/apphosting-secrets-set.js

@@ -0,0 +1,102 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.command = void 0;
+const tty = require("tty");
+const clc = require("colorette");
+const path_1 = require("path");
+const command_1 = require("../command");
+const projectUtils_1 = require("../projectUtils");
+const requireAuth_1 = require("../requireAuth");
+const fs = require("fs");
+const gcsm = require("../gcp/secretManager");
+const apphosting = require("../gcp/apphosting");
+const requirePermissions_1 = require("../requirePermissions");
+const prompt_1 = require("../prompt");
+const secrets = require("../apphosting/secrets");
+const dialogs = require("../apphosting/secrets/dialogs");
+const config = require("../apphosting/config");
+const utils_1 = require("../utils");
+exports.command = new command_1.Command("apphosting:secrets:set <secretName>")
+    .description("grant service accounts permissions to the provided secret")
+    .option("-l, --location <location>", "optional location to retrict secret replication")
+    .withForce("Automatically create a secret, grant permissions, and add to YAML.")
+    .before(requireAuth_1.requireAuth)
+    .before(gcsm.ensureApi)
+    .before(apphosting.ensureApiEnabled)
+    .before(requirePermissions_1.requirePermissions, [
+    "secretmanager.secrets.create",
+    "secretmanager.secrets.get",
+    "secretmanager.secrets.update",
+    "secretmanager.versions.add",
+    "secretmanager.secrets.getIamPolicy",
+    "secretmanager.secrets.setIamPolicy",
+])
+    .option("--data-file <dataFile>", 'File path from which to read secret data. Set to "-" to read the secret data from stdin.')
+    .action(async (secretName, options) => {
+    var _a;
+    const howToAccess = `You can access the contents of the secret's latest value with ${clc.bold(`firebase apphosting:secrets:access ${secretName}`)}`;
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    const projectNumber = await (0, projectUtils_1.needProjectNumber)(options);
+    const created = secrets.upsertSecret(projectId, secretName, options.location);
+    if (created === null) {
+        return;
+    }
+    let secretValue;
+    if ((!options.dataFile || options.dataFile === "-") && tty.isatty(0)) {
+        secretValue = await (0, prompt_1.promptOnce)({
+            type: "password",
+            message: `Enter a value for ${secretName}`,
+        });
+    }
+    else {
+        let dataFile = 0;
+        if (options.dataFile && options.dataFile !== "-") {
+            dataFile = options.dataFile;
+        }
+        secretValue = fs.readFileSync(dataFile, "utf-8");
+    }
+    if (!created) {
+        const version = await gcsm.addVersion(projectId, secretName, secretValue);
+        (0, utils_1.logSuccess)(`Created new secret version ${gcsm.toSecretVersionResourceName(version)}`);
+        (0, utils_1.logSuccess)(howToAccess);
+        return;
+    }
+    (0, utils_1.logSuccess)(`Created new secret projects/${projectId}/secrets/${secretName}`);
+    (0, utils_1.logSuccess)(howToAccess);
+    const accounts = await dialogs.selectBackendServiceAccounts(projectNumber, projectId, options);
+    if (!accounts.buildServiceAccounts.length && !accounts.runServiceAccounts.length) {
+        (0, utils_1.logWarning)(`To use this secret your backend, you must grant access. You can do so in the future with ${clc.bold("firebase apphosting:secrets:grantAccess")}`);
+    }
+    else {
+        await secrets.grantSecretAccess(projectId, secretName, accounts);
+    }
+    let path = config.yamlPath(process.cwd());
+    let yaml = {};
+    if (path) {
+        yaml = config.load(path);
+        if ((_a = yaml.env) === null || _a === void 0 ? void 0 : _a.find((env) => env.variable === secretName)) {
+            return;
+        }
+    }
+    const addToYaml = await (0, prompt_1.confirm)({
+        message: "Would you like to add this secret to apphosting.yaml?",
+        default: true,
+    });
+    if (!addToYaml) {
+        return;
+    }
+    if (!path) {
+        path = await (0, prompt_1.promptOnce)({
+            message: "It looks like you don't have an apphosting.yaml yet. Where would you like to store it?",
+            default: process.cwd(),
+        });
+        path = (0, path_1.join)(path, "apphosting.yaml");
+    }
+    const envName = await dialogs.envVarForSecret(secretName);
+    yaml.env = yaml.env || [];
+    yaml.env.push({
+        variable: envName,
+        secret: secretName,
+    });
+    config.store(path, yaml);
+});

package/lib/commands/functions-secrets-access.js

@@ -6,11 +6,11 @@ const logger_1 = require("../logger");
 const projectUtils_1 = require("../projectUtils");
 const secretManager_1 = require("../gcp/secretManager");
 const requireAuth_1 = require("../requireAuth");
-const secrets = require("../functions/secrets");
+const secretManager = require("../gcp/secretManager");
 exports.command = new command_1.Command("functions:secrets:access <KEY>[@version]")
     .description("Access secret value given secret and its version. Defaults to accessing the latest version.")
     .before(requireAuth_1.requireAuth)
-    .before(secrets.ensureApi)
+    .before(secretManager.ensureApi)
     .action(async (key, options) => {
     const projectId = (0, projectUtils_1.needProjectId)(options);
     let [name, version] = key.split("@");

package/lib/commands/functions-secrets-describe.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.command = void 0;
+const requireAuth_1 = require("../requireAuth");
+const command_1 = require("../command");
+const requirePermissions_1 = require("../requirePermissions");
+const secretManager = require("../gcp/secretManager");
+const secrets = require("../functions/secrets");
+exports.command = new command_1.Command("functions:secrets:describe <KEY>")
+    .description("Get metadata for secret and its versions. Alias for functions:secrets:get to align with gcloud")
+    .before(requireAuth_1.requireAuth)
+    .before(secretManager.ensureApi)
+    .before(requirePermissions_1.requirePermissions, ["secretmanager.secrets.get"])
+    .action(secrets.describeSecret);

package/lib/commands/functions-secrets-destroy.js

@@ -13,7 +13,7 @@ exports.command = new command_1.Command("functions:secrets:destroy <KEY>[@versio
     .description("Destroy a secret. Defaults to destroying the latest version.")
     .withForce("Destroys a secret without confirmation.")
     .before(requireAuth_1.requireAuth)
-    .before(secrets.ensureApi)
+    .before(secretManager_1.ensureApi)
     .action(async (key, options) => {
     const projectId = (0, projectUtils_1.needProjectId)(options);
     const projectNumber = await (0, projectUtils_1.needProjectNumber)(options);
@@ -54,7 +54,7 @@ exports.command = new command_1.Command("functions:secrets:destroy <KEY>[@versio
     await (0, secretManager_1.destroySecretVersion)(projectId, name, version);
     (0, utils_1.logBullet)(`Destroyed secret version ${name}@${sv.versionId}`);
     const secret = await (0, secretManager_1.getSecret)(projectId, name);
-    if (secrets.isFirebaseManaged(secret)) {
+    if ((0, secretManager_1.isFunctionsManaged)(secret)) {
         const versions = await (0, secretManager_1.listSecretVersions)(projectId, name);
         if (versions.filter((v) => v.state === "ENABLED").length === 0) {
             (0, utils_1.logBullet)(`No active secret versions left. Destroying secret ${name}`);

package/lib/commands/functions-secrets-get.js

@@ -1,28 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.command = void 0;
-const Table = require("cli-table");
 const requireAuth_1 = require("../requireAuth");
 const command_1 = require("../command");
-const logger_1 = require("../logger");
-const projectUtils_1 = require("../projectUtils");
-const secretManager_1 = require("../gcp/secretManager");
 const requirePermissions_1 = require("../requirePermissions");
+const secretManager = require("../gcp/secretManager");
 const secrets = require("../functions/secrets");
 exports.command = new command_1.Command("functions:secrets:get <KEY>")
     .description("Get metadata for secret and its versions")
     .before(requireAuth_1.requireAuth)
-    .before(secrets.ensureApi)
+    .before(secretManager.ensureApi)
     .before(requirePermissions_1.requirePermissions, ["secretmanager.secrets.get"])
-    .action(async (key, options) => {
-    const projectId = (0, projectUtils_1.needProjectId)(options);
-    const versions = await (0, secretManager_1.listSecretVersions)(projectId, key);
-    const table = new Table({
-        head: ["Version", "State"],
-        style: { head: ["yellow"] },
-    });
-    for (const version of versions) {
-        table.push([version.versionId, version.state]);
-    }
-    logger_1.logger.info(table.toString());
-});
+    .action(secrets.describeSecret);

package/lib/commands/functions-secrets-prune.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.command = void 0;
 const backend = require("../deploy/functions/backend");
 const secrets = require("../functions/secrets");
+const secretManager = require("../gcp/secretManager");
 const command_1 = require("../command");
 const projectUtils_1 = require("../projectUtils");
 const requirePermissions_1 = require("../requirePermissions");
@@ -15,7 +16,7 @@ exports.command = new command_1.Command("functions:secrets:prune")
     .withForce("Destroys unused secrets without prompt")
     .description("Destroys unused secrets")
     .before(requireAuth_1.requireAuth)
-    .before(secrets.ensureApi)
+    .before(secretManager.ensureApi)
     .before(requirePermissions_1.requirePermissions, [
     "cloudfunctions.functions.list",
     "secretmanager.secrets.list",

package/lib/commands/functions-secrets-set.js

@@ -20,7 +20,7 @@ exports.command = new command_1.Command("functions:secrets:set <KEY>")
     .description("Create or update a secret for use in Cloud Functions for Firebase.")
     .withForce("Automatically updates functions to use the new secret.")
     .before(requireAuth_1.requireAuth)
-    .before(secrets.ensureApi)
+    .before(secretManager_1.ensureApi)
     .before(requirePermissions_1.requirePermissions, [
     "secretmanager.secrets.create",
     "secretmanager.secrets.get",
@@ -50,7 +50,7 @@ exports.command = new command_1.Command("functions:secrets:set <KEY>")
     }
     const secretVersion = await (0, secretManager_1.addVersion)(projectId, key, secretValue);
     (0, utils_1.logSuccess)(`Created a new secret version ${(0, secretManager_1.toSecretVersionResourceName)(secretVersion)}`);
-    if (!secrets.isFirebaseManaged(secret)) {
+    if (!(0, secretManager_1.isFunctionsManaged)(secret)) {
         (0, utils_1.logBullet)("Please deploy your functions for the change to take effect by running:\n\t" +
             clc.bold("firebase deploy --only functions"));
         return;

package/lib/commands/hosting-disable.js

@@ -25,7 +25,7 @@ exports.command = new command_1.Command("hosting:disable")
     if (!confirm) {
         return;
     }
-    const c = new apiv2_1.Client({ urlPrefix: api_1.hostingApiOrigin, apiVersion: "v1beta1", auth: true });
+    const c = new apiv2_1.Client({ urlPrefix: (0, api_1.hostingApiOrigin)(), apiVersion: "v1beta1", auth: true });
     await c.post(`/sites/${siteToDisable}/releases`, { type: "SITE_DISABLE" });
     utils.logSuccess(`Hosting has been disabled for ${clc.bold(siteToDisable)}. Deploy a new version to re-enable.`);
 });

package/lib/commands/index.js

@@ -129,6 +129,7 @@ function load(client) {
     client.functions.secrets.access = loadCommand("functions-secrets-access");
     client.functions.secrets.destroy = loadCommand("functions-secrets-destroy");
     client.functions.secrets.get = loadCommand("functions-secrets-get");
+    client.functions.secrets.describe = loadCommand("functions-secrets-describe");
     client.functions.secrets.prune = loadCommand("functions-secrets-prune");
     client.functions.secrets.set = loadCommand("functions-secrets-set");
     client.help = loadCommand("help");
@@ -164,6 +165,10 @@ function load(client) {
         client.apphosting.builds = {};
         client.apphosting.builds.get = loadCommand("apphosting-builds-get");
         client.apphosting.builds.create = loadCommand("apphosting-builds-create");
+        client.apphosting.secrets = {};
+        client.apphosting.secrets.set = loadCommand("apphosting-secrets-set");
+        client.apphosting.secrets.grantaccess = loadCommand("apphosting-secrets-grantaccess");
+        client.apphosting.secrets.describe = loadCommand("apphosting-secrets-describe");
         client.apphosting.rollouts = {};
         client.apphosting.rollouts.create = loadCommand("apphosting-rollouts-create");
         client.apphosting.rollouts.list = loadCommand("apphosting-rollouts-list");

package/lib/commands/open.js

@@ -82,7 +82,7 @@ exports.command = new command_1.Command("open [link]")
         url = link.url;
     }
     else if (link.arg === "hosting:site") {
-        url = utils.addSubdomain(api.hostingOrigin, options.site);
+        url = utils.addSubdomain(api.hostingOrigin(), options.site);
     }
     else if (link.arg === "functions:log") {
         url = `https://console.developers.google.com/logs/viewer?resource=cloudfunctions.googleapis.com&project=${options.project}`;

package/lib/database/metadata.js

@@ -14,7 +14,7 @@ function handleErrorResponse(response) {
         code: 2,
     });
 }
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.rtdbMetadataOrigin });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.rtdbMetadataOrigin)() });
 async function listAllRulesets(databaseName) {
     const response = await apiClient.get(`/namespaces/${databaseName}/rulesets`, { resolveOnHTTPError: true });
     if (response.status === 200) {
@@ -43,7 +43,7 @@ async function getRulesetLabels(databaseName) {
 exports.getRulesetLabels = getRulesetLabels;
 async function createRuleset(databaseName, source) {
     const localApiClient = new apiv2_1.Client({
-        urlPrefix: utils.addSubdomain(api_1.realtimeOrigin, databaseName),
+        urlPrefix: utils.addSubdomain((0, api_1.realtimeOrigin)(), databaseName),
     });
     const response = await localApiClient.post(`/.settings/rulesets.json`, source, { resolveOnHTTPError: true });
     if (response.status === 200) {
@@ -54,7 +54,7 @@ async function createRuleset(databaseName, source) {
 exports.createRuleset = createRuleset;
 async function setRulesetLabels(databaseName, labels) {
     const localApiClient = new apiv2_1.Client({
-        urlPrefix: utils.addSubdomain(api_1.realtimeOrigin, databaseName),
+        urlPrefix: utils.addSubdomain((0, api_1.realtimeOrigin)(), databaseName),
     });
     const response = await localApiClient.put(`/.settings/ruleset_labels.json`, labels, {
         resolveOnHTTPError: true,

package/lib/defaultCredentials.js

@@ -43,8 +43,8 @@ exports.clearCredentials = clearCredentials;
 function getCredential(tokens) {
     if (tokens.refresh_token) {
         return {
-            client_id: api_1.clientId,
-            client_secret: api_1.clientSecret,
+            client_id: (0, api_1.clientId)(),
+            client_secret: (0, api_1.clientSecret)(),
             refresh_token: tokens.refresh_token,
             type: "authorized_user",
         };

package/lib/deploy/extensions/v2FunctionHelper.js

@@ -17,7 +17,7 @@ async function checkSpecForV2Functions(i) {
 exports.checkSpecForV2Functions = checkSpecForV2Functions;
 async function ensureNecessaryV2ApisAndRoles(options) {
     const projectId = (0, projectUtils_1.needProjectId)(options);
-    await (0, ensureApiEnabled_1.ensure)(projectId, api_1.computeOrigin, "extensions", options.markdown);
+    await (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.computeOrigin)(), "extensions", options.markdown);
     await ensureComputeP4SARole(projectId);
 }
 exports.ensureNecessaryV2ApisAndRoles = ensureNecessaryV2ApisAndRoles;

package/lib/deploy/functions/build.js

@@ -171,7 +171,7 @@ function toBackend(build, paramValues) {
         }
         let regions = [];
         if (!bdEndpoint.region) {
-            regions = [api.functionsDefaultRegion];
+            regions = [api.functionsDefaultRegion()];
         }
         else if (Array.isArray(bdEndpoint.region)) {
             regions = params.resolveList(bdEndpoint.region, paramValues);

package/lib/deploy/functions/checkIam.js

@@ -1,12 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ensureServiceAgentRoles = exports.mergeBindings = exports.obtainDefaultComputeServiceAgentBindings = exports.obtainPubSubServiceAgentBindings = exports.getDefaultComputeServiceAgent = exports.checkHttpIam = exports.checkServiceAccountIam = exports.EVENTARC_EVENT_RECEIVER_ROLE = exports.RUN_INVOKER_ROLE = exports.SERVICE_ACCOUNT_TOKEN_CREATOR_ROLE = void 0;
+exports.ensureServiceAgentRoles = exports.mergeBindings = exports.obtainDefaultComputeServiceAgentBindings = exports.obtainPubSubServiceAgentBindings = exports.checkHttpIam = exports.checkServiceAccountIam = exports.EVENTARC_EVENT_RECEIVER_ROLE = exports.RUN_INVOKER_ROLE = exports.SERVICE_ACCOUNT_TOKEN_CREATOR_ROLE = void 0;
 const colorette_1 = require("colorette");
 const logger_1 = require("../../logger");
 const functionsDeployHelper_1 = require("./functionsDeployHelper");
 const error_1 = require("../../error");
 const functional_1 = require("../../functional");
 const iam = require("../../gcp/iam");
+const gce = require("../../gcp/computeEngine");
 const backend = require("./backend");
 const track_1 = require("../../track");
 const utils = require("../../utils");
@@ -73,10 +74,6 @@ exports.checkHttpIam = checkHttpIam;
 function getPubsubServiceAgent(projectNumber) {
     return `service-${projectNumber}@gcp-sa-pubsub.iam.gserviceaccount.com`;
 }
-function getDefaultComputeServiceAgent(projectNumber) {
-    return `${projectNumber}-compute@developer.gserviceaccount.com`;
-}
-exports.getDefaultComputeServiceAgent = getDefaultComputeServiceAgent;
 function reduceEventsToServices(services, endpoint) {
     const service = (0, services_1.serviceForEndpoint)(endpoint);
     if (service.requiredProjectBindings && !services.find((s) => s.name === service.name)) {
@@ -93,7 +90,7 @@ function obtainPubSubServiceAgentBindings(projectNumber) {
 }
 exports.obtainPubSubServiceAgentBindings = obtainPubSubServiceAgentBindings;
 function obtainDefaultComputeServiceAgentBindings(projectNumber) {
-    const defaultComputeServiceAgent = `serviceAccount:${getDefaultComputeServiceAgent(projectNumber)}`;
+    const defaultComputeServiceAgent = `serviceAccount:${gce.getDefaultServiceAccount(projectNumber)}`;
     const runInvokerBinding = {
         role: exports.RUN_INVOKER_ROLE,
         members: [defaultComputeServiceAgent],

package/lib/deploy/functions/containerCleaner.js

@@ -49,7 +49,7 @@ async function cleanupBuildImages(haveFunctions, deletedFunctions, cleaners = {}
     }));
     cleanup.push(...deletedFunctions.map(async (func) => {
         try {
-            await Promise.all([arCleaner.cleanupFunction(func), arCleaner.cleanupFunctionCache(func)]);
+            await arCleaner.cleanupFunction(func);
         }
         catch (err) {
             const path = `${func.project}/${func.region}/gcf-artifacts`;
@@ -106,17 +106,10 @@ class ArtifactRegistryCleaner {
         }
         await poller.pollOperation(Object.assign(Object.assign({}, ArtifactRegistryCleaner.POLLER_OPTIONS), { pollerName: `cleanup-${func.region}-${func.id}`, operationResourceName: op.name }));
     }
-    async cleanupFunctionCache(func) {
-        const op = await artifactregistry.deletePackage(`${ArtifactRegistryCleaner.packagePath(func)}%2Fcache`);
-        if (op.done) {
-            return;
-        }
-        await poller.pollOperation(Object.assign(Object.assign({}, ArtifactRegistryCleaner.POLLER_OPTIONS), { pollerName: `cleanup-cache-${func.region}-${func.id}`, operationResourceName: op.name }));
-    }
 }
 exports.ArtifactRegistryCleaner = ArtifactRegistryCleaner;
 ArtifactRegistryCleaner.POLLER_OPTIONS = {
-    apiOrigin: api_1.artifactRegistryDomain,
+    apiOrigin: (0, api_1.artifactRegistryDomain)(),
     apiVersion: artifactregistry.API_VERSION,
     masterTimeout: 5 * 60 * 1000,
 };
@@ -124,9 +117,6 @@ class NoopArtifactRegistryCleaner extends ArtifactRegistryCleaner {
     cleanupFunction() {
         return Promise.resolve();
     }
-    cleanupFunctionCache() {
-        return Promise.resolve();
-    }
 }
 exports.NoopArtifactRegistryCleaner = NoopArtifactRegistryCleaner;
 class ContainerRegistryCleaner {
@@ -136,7 +126,7 @@ class ContainerRegistryCleaner {
     helper(location) {
         const subdomain = docker.GCR_SUBDOMAIN_MAPPING[location] || "us";
         if (!this.helpers[subdomain]) {
-            const origin = `https://${subdomain}.${api_1.containerRegistryDomain}`;
+            const origin = `https://${subdomain}.${(0, api_1.containerRegistryDomain)()}`;
             this.helpers[subdomain] = new DockerHelper(origin);
         }
         return this.helpers[subdomain];
@@ -168,7 +158,7 @@ class ContainerRegistryCleaner {
 exports.ContainerRegistryCleaner = ContainerRegistryCleaner;
 function getHelper(cache, subdomain) {
     if (!cache[subdomain]) {
-        cache[subdomain] = new DockerHelper(`https://${subdomain}.${api_1.containerRegistryDomain}`);
+        cache[subdomain] = new DockerHelper(`https://${subdomain}.${(0, api_1.containerRegistryDomain)()}`);
     }
     return cache[subdomain];
 }
@@ -212,7 +202,7 @@ async function listGcfPaths(projectId, locations, dockerHelpers = {}) {
         throw new error_1.FirebaseError(`Failed to search the following subdomains: ${failedSubdomains.join(",")}`);
     }
     return gcfDirs.map((loc) => {
-        return `${docker.GCR_SUBDOMAIN_MAPPING[loc]}.${api_1.containerRegistryDomain}/${projectId}/gcf/${loc}`;
+        return `${docker.GCR_SUBDOMAIN_MAPPING[loc]}.${(0, api_1.containerRegistryDomain)()}/${projectId}/gcf/${loc}`;
     });
 }
 exports.listGcfPaths = listGcfPaths;

package/lib/deploy/functions/deploy.js

@@ -24,9 +24,12 @@ async function uploadSourceV1(projectId, source, wantBackend) {
         file: source.functionsSourceV1,
         stream: fs.createReadStream(source.functionsSourceV1),
     };
+    if (process.env.GOOGLE_CLOUD_QUOTA_PROJECT) {
+        (0, utils_1.logLabeledWarning)("functions", "GOOGLE_CLOUD_QUTOA_PROJECT is not usable when uploading source for Cloud Functions.");
+    }
     await gcs.upload(uploadOpts, uploadUrl, {
         "x-goog-content-length-range": "0,104857600",
-    });
+    }, true);
     return uploadUrl;
 }
 async function uploadSourceV2(projectId, source, wantBackend) {
@@ -40,7 +43,10 @@ async function uploadSourceV2(projectId, source, wantBackend) {
         file: source.functionsSourceV2,
         stream: fs.createReadStream(source.functionsSourceV2),
     };
-    await gcs.upload(uploadOpts, res.uploadUrl);
+    if (process.env.GOOGLE_CLOUD_QUOTA_PROJECT) {
+        (0, utils_1.logLabeledWarning)("functions", "GOOGLE_CLOUD_QUTOA_PROJECT is not usable when uploading source for Cloud Functions.");
+    }
+    await gcs.upload(uploadOpts, res.uploadUrl, undefined, true);
     return res.storageSource;
 }
 async function uploadCodebase(context, codebase, wantBackend) {

package/lib/deploy/functions/ensure.js

@@ -54,7 +54,7 @@ function isPermissionError(e) {
 }
 async function cloudBuildEnabled(projectId) {
     try {
-        await (0, ensureApiEnabled_1.ensure)(projectId, api_1.cloudbuildOrigin, "functions");
+        await (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.cloudbuildOrigin)(), "functions");
     }
     catch (e) {
         if ((0, error_1.isBillingError)(e)) {

package/lib/deploy/functions/params.js

@@ -8,7 +8,7 @@ const functional_1 = require("../../functional");
 const secretManager = require("../../gcp/secretManager");
 const storage_1 = require("../../gcp/storage");
 const cel_1 = require("./cel");
-const secrets_1 = require("../../functions/secrets");
+const secretManager_1 = require("../../gcp/secretManager");
 function dependenciesCEL(expr) {
     const deps = [];
     const paramCapture = /{{ params\.(\w+) }}/g;
@@ -222,7 +222,7 @@ async function handleSecret(secretParam, projectId) {
             type: "password",
             message: `This secret will be stored in Cloud Secret Manager (https://cloud.google.com/secret-manager/pricing) as ${secretParam.name}. Enter a value for ${secretParam.label || secretParam.name}:`,
         });
-        await secretManager.createSecret(projectId, secretParam.name, (0, secrets_1.labels)());
+        await secretManager.createSecret(projectId, secretParam.name, (0, secretManager_1.labels)());
         await secretManager.addVersion(projectId, secretParam.name, secretValue);
         return secretValue;
     }

package/lib/deploy/functions/prepare.js

@@ -8,6 +8,7 @@ const ensureApiEnabled = require("../../ensureApiEnabled");
 const functionsConfig = require("../../functionsConfig");
 const functionsEnv = require("../../functions/env");
 const runtimes = require("./runtimes");
+const supported = require("./runtimes/supported");
 const validate = require("./validate");
 const ensure = require("./ensure");
 const api_1 = require("../../api");
@@ -41,10 +42,10 @@ async function prepare(context, options, payload) {
         (0, utils_1.logLabeledBullet)("functions", `preparing codebase ${clc.bold(codebase)} for deployment`);
     }
     const checkAPIsEnabled = await Promise.all([
-        ensureApiEnabled.ensure(projectId, api_1.functionsOrigin, "functions"),
-        ensureApiEnabled.check(projectId, api_1.runtimeconfigOrigin, "runtimeconfig", true),
+        ensureApiEnabled.ensure(projectId, (0, api_1.functionsOrigin)(), "functions"),
+        ensureApiEnabled.check(projectId, (0, api_1.runtimeconfigOrigin)(), "runtimeconfig", true),
         ensure.cloudBuildEnabled(projectId),
-        ensureApiEnabled.ensure(projectId, api_1.artifactRegistryDomain, "artifactregistry"),
+        ensureApiEnabled.ensure(projectId, (0, api_1.artifactRegistryDomain)(), "artifactregistry"),
     ]);
     const firebaseConfig = await functionsConfig.getFirebaseConfig(options);
     context.firebaseConfig = firebaseConfig;
@@ -158,7 +159,7 @@ async function prepare(context, options, payload) {
         return ensureApiEnabled.ensure(projectId, api, "functions", false);
     }));
     if (backend.someEndpoint(wantBackend, (e) => e.platform === "gcfv2")) {
-        const V2_APIS = [api_1.cloudRunApiOrigin, api_1.eventarcOrigin, api_1.pubsubOrigin, api_1.storageOrigin];
+        const V2_APIS = [(0, api_1.cloudRunApiOrigin)(), (0, api_1.eventarcOrigin)(), (0, api_1.pubsubOrigin)(), (0, api_1.storageOrigin)()];
         const enablements = V2_APIS.map((api) => {
             return ensureApiEnabled.ensure(context.projectId, api, "functions");
         });
@@ -284,12 +285,20 @@ async function loadCodebases(config, options, firebaseConfig, runtimeConfig, fil
             projectId,
             sourceDir,
             projectDir: options.config.projectDir,
-            runtime: codebaseConfig.runtime || "",
         };
+        const firebaseJsonRuntime = codebaseConfig.runtime;
+        if (firebaseJsonRuntime && !supported.isRuntime(firebaseJsonRuntime)) {
+            throw new error_1.FirebaseError(`Functions codebase ${codebase} has invalid runtime ` +
+                `${firebaseJsonRuntime} specified in firebase.json. Valid values are: ` +
+                Object.keys(supported.RUNTIMES)
+                    .map((s) => `- ${s}`)
+                    .join("\n"));
+        }
         const runtimeDelegate = await runtimes.getRuntimeDelegate(delegateContext);
-        logger_1.logger.debug(`Validating ${runtimeDelegate.name} source`);
+        logger_1.logger.debug(`Validating ${runtimeDelegate.language} source`);
+        supported.guardVersionSupport(runtimeDelegate.runtime);
         await runtimeDelegate.validate();
-        logger_1.logger.debug(`Building ${runtimeDelegate.name} source`);
+        logger_1.logger.debug(`Building ${runtimeDelegate.language} source`);
         await runtimeDelegate.build();
         const firebaseEnvs = functionsEnv.loadFirebaseEnvs(firebaseConfig, projectId);
         (0, utils_1.logLabeledBullet)("functions", `Loading and analyzing source code for codebase ${codebase} to determine what to deploy`);

package/lib/deploy/functions/release/fabricator.js

@@ -7,7 +7,7 @@ const error_1 = require("../../../error");
 const sourceTokenScraper_1 = require("./sourceTokenScraper");
 const timer_1 = require("./timer");
 const functional_1 = require("../../../functional");
-const runtimes_1 = require("../runtimes");
+const supported_1 = require("../runtimes/supported");
 const api_1 = require("../../../api");
 const logger_1 = require("../../../logger");
 const backend = require("../backend");
@@ -25,22 +25,22 @@ const scheduler = require("../../../gcp/cloudscheduler");
 const utils = require("../../../utils");
 const services = require("../services");
 const v1_1 = require("../../../functions/events/v1");
-const checkIam_1 = require("../checkIam");
+const gce = require("../../../gcp/computeEngine");
 const functionsDeployHelper_1 = require("../functionsDeployHelper");
 const gcfV1PollerOptions = {
-    apiOrigin: api_1.functionsOrigin,
+    apiOrigin: (0, api_1.functionsOrigin)(),
     apiVersion: gcf.API_VERSION,
     masterTimeout: 25 * 60 * 1000,
     maxBackoff: 10000,
 };
 const gcfV2PollerOptions = {
-    apiOrigin: api_1.functionsV2Origin,
+    apiOrigin: (0, api_1.functionsV2Origin)(),
     apiVersion: gcfV2.API_VERSION,
     masterTimeout: 25 * 60 * 1000,
     maxBackoff: 10000,
 };
 const eventarcPollerOptions = {
-    apiOrigin: api_1.eventarcOrigin,
+    apiOrigin: (0, api_1.eventarcOrigin)(),
     apiVersion: "v1",
     masterTimeout: 25 * 60 * 1000,
     maxBackoff: 10000,
@@ -332,7 +332,7 @@ class Fabricator {
         else if (backend.isScheduleTriggered(endpoint)) {
             const invoker = endpoint.serviceAccount
                 ? [endpoint.serviceAccount]
-                : [(0, checkIam_1.getDefaultComputeServiceAgent)(this.projectNumber)];
+                : [gce.getDefaultServiceAccount(this.projectNumber)];
             await this.executor
                 .run(() => run.setInvokerCreate(endpoint.project, serviceName, invoker))
                 .catch(rethrowAs(endpoint, "set invoker"));
@@ -415,7 +415,7 @@ class Fabricator {
         else if (backend.isScheduleTriggered(endpoint)) {
             invoker = endpoint.serviceAccount
                 ? [endpoint.serviceAccount]
-                : [(0, checkIam_1.getDefaultComputeServiceAgent)(this.projectNumber)];
+                : [gce.getDefaultServiceAccount(this.projectNumber)];
         }
         if (invoker) {
             await this.executor
@@ -562,7 +562,7 @@ class Fabricator {
             .catch(rethrowAs(endpoint, "unregister blocking trigger"));
     }
     logOpStart(op, endpoint) {
-        const runtime = (0, runtimes_1.getHumanFriendlyRuntimeName)(endpoint.runtime);
+        const runtime = supported_1.RUNTIMES[endpoint.runtime].friendly;
         const platform = (0, functionsDeployHelper_1.getHumanFriendlyPlatformName)(endpoint.platform);
         const label = helper.getFunctionLabel(endpoint);
         utils.logLabeledBullet("functions", `${op} ${runtime} (${platform}) function ${clc.bold(label)}...`);

package/lib/deploy/functions/runtimes/discovery/index.js

@@ -42,7 +42,7 @@ async function detectFromYaml(directory, project, runtime) {
     }
     logger_1.logger.debug("Found functions.yaml. Got spec:", text);
     const parsed = yaml.load(text);
-    return yamlToBuild(parsed, project, api.functionsDefaultRegion, runtime);
+    return yamlToBuild(parsed, project, api.functionsDefaultRegion(), runtime);
 }
 exports.detectFromYaml = detectFromYaml;
 async function detectFromPort(port, project, runtime, timeout = 10000) {
@@ -80,6 +80,6 @@ async function detectFromPort(port, project, runtime, timeout = 10000) {
         logger_1.logger.debug("Failed to parse functions.yaml", err);
         throw new error_1.FirebaseError(`Failed to load function definition from source: ${text}`);
     }
-    return yamlToBuild(parsed, project, api.functionsDefaultRegion, runtime);
+    return yamlToBuild(parsed, project, api.functionsDefaultRegion(), runtime);
 }
 exports.detectFromPort = detectFromPort;