firebase-tools 13.5.2 → 13.6.1

package/lib/gcp/devConnect.js

@@ -1,32 +1,40 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.serviceAgentEmail = exports.getGitRepositoryLink = exports.createGitRepositoryLink = exports.fetchLinkableGitRepositories = exports.listConnections = exports.getConnection = exports.createConnection = exports.client = void 0;
+exports.generateP4SA = exports.serviceAgentEmail = exports.getGitRepositoryLink = exports.createGitRepositoryLink = exports.listAllLinkableGitRepositories = exports.listAllConnections = exports.getConnection = exports.deleteConnection = exports.createConnection = exports.client = void 0;
 const apiv2_1 = require("../apiv2");
 const api_1 = require("../api");
-const PAGE_SIZE_MAX = 100;
+const serviceusage_1 = require("./serviceusage");
+const PAGE_SIZE_MAX = 1000;
+const LOCATION_OVERRIDE = process.env.FIREBASE_DEVELOPERCONNECT_LOCATION_OVERRIDE;
 exports.client = new apiv2_1.Client({
-    urlPrefix: api_1.developerConnectOrigin,
+    urlPrefix: (0, api_1.developerConnectOrigin)(),
     auth: true,
     apiVersion: "v1",
 });
-async function createConnection(projectId, location, connectionId, githubConfig) {
+async function createConnection(projectId, location, connectionId, githubConfig = {}) {
     const config = Object.assign(Object.assign({}, githubConfig), { githubApp: "FIREBASE" });
-    const res = await exports.client.post(`projects/${projectId}/locations/${location}/connections`, {
+    const res = await exports.client.post(`projects/${projectId}/locations/${LOCATION_OVERRIDE !== null && LOCATION_OVERRIDE !== void 0 ? LOCATION_OVERRIDE : location}/connections`, {
         githubConfig: config,
     }, { queryParams: { connectionId } });
     return res.body;
 }
 exports.createConnection = createConnection;
+async function deleteConnection(projectId, location, connectionId) {
+    const name = `projects/${projectId}/locations/${LOCATION_OVERRIDE !== null && LOCATION_OVERRIDE !== void 0 ? LOCATION_OVERRIDE : location}/connections/${connectionId}`;
+    const res = await exports.client.delete(name, { queryParams: { force: "true" } });
+    return res.body;
+}
+exports.deleteConnection = deleteConnection;
 async function getConnection(projectId, location, connectionId) {
-    const name = `projects/${projectId}/locations/${location}/connections/${connectionId}`;
+    const name = `projects/${projectId}/locations/${LOCATION_OVERRIDE !== null && LOCATION_OVERRIDE !== void 0 ? LOCATION_OVERRIDE : location}/connections/${connectionId}`;
     const res = await exports.client.get(name);
     return res.body;
 }
 exports.getConnection = getConnection;
-async function listConnections(projectId, location) {
+async function listAllConnections(projectId, location) {
     const conns = [];
     const getNextPage = async (pageToken = "") => {
-        const res = await exports.client.get(`/projects/${projectId}/locations/${location}/connections`, {
+        const res = await exports.client.get(`/projects/${projectId}/locations/${LOCATION_OVERRIDE !== null && LOCATION_OVERRIDE !== void 0 ? LOCATION_OVERRIDE : location}/connections`, {
             queryParams: {
                 pageSize: PAGE_SIZE_MAX,
                 pageToken,
@@ -42,30 +50,45 @@ async function listConnections(projectId, location) {
     await getNextPage();
     return conns;
 }
-exports.listConnections = listConnections;
-async function fetchLinkableGitRepositories(projectId, location, connectionId, pageToken = "", pageSize = 1000) {
-    const name = `projects/${projectId}/locations/${location}/connections/${connectionId}:fetchLinkableRepositories`;
-    const res = await exports.client.get(name, {
-        queryParams: {
-            pageSize,
-            pageToken,
-        },
-    });
-    return res.body;
+exports.listAllConnections = listAllConnections;
+async function listAllLinkableGitRepositories(projectId, location, connectionId) {
+    const name = `projects/${projectId}/locations/${LOCATION_OVERRIDE !== null && LOCATION_OVERRIDE !== void 0 ? LOCATION_OVERRIDE : location}/connections/${connectionId}:fetchLinkableGitRepositories`;
+    const repos = [];
+    const getNextPage = async (pageToken = "") => {
+        const res = await exports.client.get(name, {
+            queryParams: {
+                pageSize: PAGE_SIZE_MAX,
+                pageToken,
+            },
+        });
+        if (Array.isArray(res.body.linkableGitRepositories)) {
+            repos.push(...res.body.linkableGitRepositories);
+        }
+        if (res.body.nextPageToken) {
+            await getNextPage(res.body.nextPageToken);
+        }
+    };
+    await getNextPage();
+    return repos;
 }
-exports.fetchLinkableGitRepositories = fetchLinkableGitRepositories;
+exports.listAllLinkableGitRepositories = listAllLinkableGitRepositories;
 async function createGitRepositoryLink(projectId, location, connectionId, gitRepositoryLinkId, cloneUri) {
-    const res = await exports.client.post(`projects/${projectId}/locations/${location}/connections/${connectionId}/gitRepositoryLinks`, { cloneUri }, { queryParams: { gitRepositoryLinkId } });
+    const res = await exports.client.post(`projects/${projectId}/locations/${LOCATION_OVERRIDE !== null && LOCATION_OVERRIDE !== void 0 ? LOCATION_OVERRIDE : location}/connections/${connectionId}/gitRepositoryLinks`, { cloneUri }, { queryParams: { gitRepositoryLinkId } });
     return res.body;
 }
 exports.createGitRepositoryLink = createGitRepositoryLink;
 async function getGitRepositoryLink(projectId, location, connectionId, gitRepositoryLinkId) {
-    const name = `projects/${projectId}/locations/${location}/connections/${connectionId}/gitRepositoryLinks/${gitRepositoryLinkId}`;
+    const name = `projects/${projectId}/locations/${LOCATION_OVERRIDE !== null && LOCATION_OVERRIDE !== void 0 ? LOCATION_OVERRIDE : location}/connections/${connectionId}/gitRepositoryLinks/${gitRepositoryLinkId}`;
     const res = await exports.client.get(name);
     return res.body;
 }
 exports.getGitRepositoryLink = getGitRepositoryLink;
 function serviceAgentEmail(projectNumber) {
-    return `service-${projectNumber}@${api_1.developerConnectP4SAOrigin}`;
+    return `service-${projectNumber}@${(0, api_1.developerConnectP4SAOrigin)()}`;
 }
 exports.serviceAgentEmail = serviceAgentEmail;
+async function generateP4SA(projectNumber) {
+    const devConnectOrigin = (0, api_1.developerConnectOrigin)();
+    await (0, serviceusage_1.generateServiceIdentityAndPoll)(projectNumber, new URL(devConnectOrigin).hostname, "apphosting");
+}
+exports.generateP4SA = generateP4SA;

package/lib/gcp/eventarc.js

@@ -7,7 +7,7 @@ const lodash_1 = require("lodash");
 const proto_1 = require("./proto");
 exports.API_VERSION = "v1";
 const client = new apiv2_1.Client({
-    urlPrefix: api_1.eventarcOrigin,
+    urlPrefix: (0, api_1.eventarcOrigin)(),
     auth: true,
     apiVersion: exports.API_VERSION,
 });

package/lib/gcp/firestore.js

@@ -9,12 +9,12 @@ const error_1 = require("../error");
 const prodOnlyClient = new apiv2_1.Client({
     auth: true,
     apiVersion: "v1",
-    urlPrefix: api_1.firestoreOrigin,
+    urlPrefix: (0, api_1.firestoreOrigin)(),
 });
 const emuOrProdClient = new apiv2_1.Client({
     auth: true,
     apiVersion: "v1",
-    urlPrefix: api_1.firestoreOriginOrEmulator,
+    urlPrefix: (0, api_1.firestoreOriginOrEmulator)(),
 });
 var DayOfWeek;
 (function (DayOfWeek) {

package/lib/gcp/iam.js

@@ -1,10 +1,18 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.testIamPermissions = exports.testResourceIamPermissions = exports.getRole = exports.listServiceAccountKeys = exports.deleteServiceAccount = exports.createServiceAccountKey = exports.getServiceAccount = exports.createServiceAccount = void 0;
+exports.testIamPermissions = exports.testResourceIamPermissions = exports.getRole = exports.listServiceAccountKeys = exports.deleteServiceAccount = exports.createServiceAccountKey = exports.getServiceAccount = exports.createServiceAccount = exports.getDefaultComputeEngineServiceAgent = exports.getDefaultCloudBuildServiceAgent = void 0;
 const api_1 = require("../api");
 const logger_1 = require("../logger");
 const apiv2_1 = require("../apiv2");
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.iamOrigin, apiVersion: "v1" });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.iamOrigin)(), apiVersion: "v1" });
+function getDefaultCloudBuildServiceAgent(projectNumber) {
+    return `${projectNumber}@cloudbuild.gserviceaccount.com`;
+}
+exports.getDefaultCloudBuildServiceAgent = getDefaultCloudBuildServiceAgent;
+function getDefaultComputeEngineServiceAgent(projectNumber) {
+    return `${projectNumber}-compute@developer.gserviceaccount.com`;
+}
+exports.getDefaultComputeEngineServiceAgent = getDefaultComputeEngineServiceAgent;
 async function createServiceAccount(projectId, accountId, description, displayName) {
     const response = await apiClient.post(`/projects/${projectId}/serviceAccounts`, {
         accountId,
@@ -71,6 +79,6 @@ async function testResourceIamPermissions(origin, apiVersion, resourceName, perm
 }
 exports.testResourceIamPermissions = testResourceIamPermissions;
 async function testIamPermissions(projectId, permissions) {
-    return testResourceIamPermissions(api_1.resourceManagerOrigin, "v1", `projects/${projectId}`, permissions, `projects/${projectId}`);
+    return testResourceIamPermissions((0, api_1.resourceManagerOrigin)(), "v1", `projects/${projectId}`, permissions, `projects/${projectId}`);
 }
 exports.testIamPermissions = testIamPermissions;

package/lib/gcp/identityPlatform.js

@@ -6,7 +6,7 @@ const api_1 = require("../api");
 const apiv2_1 = require("../apiv2");
 const API_VERSION = "v2";
 const adminApiClient = new apiv2_1.Client({
-    urlPrefix: api_1.identityOrigin + "/admin",
+    urlPrefix: (0, api_1.identityOrigin)() + "/admin",
     apiVersion: API_VERSION,
 });
 async function getBlockingFunctionsConfig(project) {

package/lib/gcp/pubsub.js

@@ -6,7 +6,7 @@ const api_1 = require("../api");
 const proto = require("./proto");
 const API_VERSION = "v1";
 const client = new apiv2_1.Client({
-    urlPrefix: api_1.pubsubOrigin,
+    urlPrefix: (0, api_1.pubsubOrigin)(),
     auth: true,
     apiVersion: API_VERSION,
 });

package/lib/gcp/resourceManager.js

@@ -6,13 +6,14 @@ const api_1 = require("../api");
 const apiv2_1 = require("../apiv2");
 const iam_1 = require("./iam");
 const API_VERSION = "v1";
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.resourceManagerOrigin, apiVersion: API_VERSION });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.resourceManagerOrigin)(), apiVersion: API_VERSION });
 exports.firebaseRoles = {
     apiKeysViewer: "roles/serviceusage.apiKeysViewer",
     authAdmin: "roles/firebaseauth.admin",
     functionsDeveloper: "roles/cloudfunctions.developer",
     hostingAdmin: "roles/firebasehosting.admin",
     runViewer: "roles/run.viewer",
+    serviceUsageConsumer: "roles/serviceusage.serviceUsageConsumer",
 };
 async function getIamPolicy(projectIdOrNumber) {
     const response = await apiClient.post(`/projects/${projectIdOrNumber}:getIamPolicy`);

package/lib/gcp/rules.js

@@ -6,7 +6,7 @@ const apiv2_1 = require("../apiv2");
 const logger_1 = require("../logger");
 const utils = require("../utils");
 const API_VERSION = "v1";
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.rulesOrigin, apiVersion: API_VERSION });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.rulesOrigin)(), apiVersion: API_VERSION });
 function _handleErrorResponse(response) {
     if (response.body && response.body.error) {
         return utils.reject(response.body.error, { code: 2 });

package/lib/gcp/run.js

@@ -9,7 +9,7 @@ const throttler_1 = require("../throttler/throttler");
 const logger_1 = require("../logger");
 const API_VERSION = "v1";
 const client = new apiv2_1.Client({
-    urlPrefix: api_1.runOrigin,
+    urlPrefix: (0, api_1.runOrigin)(),
     auth: true,
     apiVersion: API_VERSION,
 });

package/lib/gcp/runtimeconfig.js

@@ -6,7 +6,7 @@ const api_1 = require("../api");
 const apiv2_1 = require("../apiv2");
 const logger_1 = require("../logger");
 const API_VERSION = "v1beta1";
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.runtimeconfigOrigin, apiVersion: API_VERSION });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.runtimeconfigOrigin)(), apiVersion: API_VERSION });
 function listConfigs(projectId) {
     return apiClient
         .get(`/projects/${projectId}/configs`, {

package/lib/gcp/secretManager.js

@@ -1,10 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ensureServiceAgentRole = exports.setIamPolicy = exports.getIamPolicy = exports.addVersion = exports.deleteSecret = exports.patchSecret = exports.createSecret = exports.toSecretVersionResourceName = exports.parseSecretVersionResourceName = exports.parseSecretResourceName = exports.secretExists = exports.destroySecretVersion = exports.accessSecretVersion = exports.getSecretVersion = exports.listSecretVersions = exports.getSecretMetadata = exports.listSecrets = exports.getSecret = exports.secretManagerConsoleUri = void 0;
+exports.labels = exports.ensureApi = exports.isAppHostingManaged = exports.isFunctionsManaged = exports.FIREBASE_MANAGED = exports.ensureServiceAgentRole = exports.setIamPolicy = exports.getIamPolicy = exports.addVersion = exports.deleteSecret = exports.patchSecret = exports.createSecret = exports.toSecretVersionResourceName = exports.parseSecretVersionResourceName = exports.parseSecretResourceName = exports.secretExists = exports.destroySecretVersion = exports.accessSecretVersion = exports.getSecretVersion = exports.listSecretVersions = exports.getSecretMetadata = exports.listSecrets = exports.getSecret = exports.secretManagerConsoleUri = void 0;
 const utils_1 = require("../utils");
 const error_1 = require("../error");
 const apiv2_1 = require("../apiv2");
 const api_1 = require("../api");
+const ensureApiEnabled = require("../ensureApiEnabled");
+const projectUtils_1 = require("../projectUtils");
 const SECRET_NAME_REGEX = new RegExp("projects\\/" +
     "(?<project>(?:\\d+)|(?:[A-Za-z]+[A-Za-z\\d-]*[A-Za-z\\d]?))\\/" +
     "secrets\\/" +
@@ -13,17 +15,18 @@ const SECRET_VERSION_NAME_REGEX = new RegExp(SECRET_NAME_REGEX.source + "\\/vers
 const secretManagerConsoleUri = (projectId) => `https://console.cloud.google.com/security/secret-manager?project=${projectId}`;
 exports.secretManagerConsoleUri = secretManagerConsoleUri;
 const API_VERSION = "v1";
-const client = new apiv2_1.Client({ urlPrefix: api_1.secretManagerOrigin, apiVersion: API_VERSION });
+const client = new apiv2_1.Client({ urlPrefix: (0, api_1.secretManagerOrigin)(), apiVersion: API_VERSION });
 async function getSecret(projectId, name) {
-    var _a;
+    var _a, _b;
     const getRes = await client.get(`projects/${projectId}/secrets/${name}`);
     const secret = parseSecretResourceName(getRes.body.name);
     secret.labels = (_a = getRes.body.labels) !== null && _a !== void 0 ? _a : {};
+    secret.replication = (_b = getRes.body.replication) !== null && _b !== void 0 ? _b : {};
     return secret;
 }
 exports.getSecret = getSecret;
 async function listSecrets(projectId, filter) {
-    var _a;
+    var _a, _b;
     const secrets = [];
     const path = `projects/${projectId}/secrets`;
     const baseOpts = filter ? { queryParams: { filter } } : {};
@@ -34,7 +37,7 @@ async function listSecrets(projectId, filter) {
             : Object.assign(Object.assign({}, baseOpts), { queryParams: Object.assign(Object.assign({}, baseOpts === null || baseOpts === void 0 ? void 0 : baseOpts.queryParams), { pageToken }) });
         const res = await client.get(path, opts);
         for (const s of res.body.secrets || []) {
-            secrets.push(Object.assign(Object.assign({}, parseSecretResourceName(s.name)), { labels: (_a = s.labels) !== null && _a !== void 0 ? _a : {} }));
+            secrets.push(Object.assign(Object.assign({}, parseSecretResourceName(s.name)), { labels: (_a = s.labels) !== null && _a !== void 0 ? _a : {}, replication: (_b = s.replication) !== null && _b !== void 0 ? _b : {} }));
         }
         if (!res.body.nextPageToken) {
             break;
@@ -69,7 +72,7 @@ async function listSecretVersions(projectId, name, filter) {
             : Object.assign(Object.assign({}, baseOpts), { queryParams: Object.assign(Object.assign({}, baseOpts === null || baseOpts === void 0 ? void 0 : baseOpts.queryParams), { pageToken }) });
         const res = await client.get(path, opts);
         for (const s of res.body.versions || []) {
-            secrets.push(Object.assign(Object.assign({}, parseSecretVersionResourceName(s.name)), { state: s.state }));
+            secrets.push(Object.assign(Object.assign({}, parseSecretVersionResourceName(s.name)), { state: s.state, createTime: s.createTime }));
         }
         if (!res.body.nextPageToken) {
             break;
@@ -81,7 +84,7 @@ async function listSecretVersions(projectId, name, filter) {
 exports.listSecretVersions = listSecretVersions;
 async function getSecretVersion(projectId, name, version) {
     const getRes = await client.get(`projects/${projectId}/secrets/${name}/versions/${version}`);
-    return Object.assign(Object.assign({}, parseSecretVersionResourceName(getRes.body.name)), { state: getRes.body.state });
+    return Object.assign(Object.assign({}, parseSecretVersionResourceName(getRes.body.name)), { state: getRes.body.state, createTime: getRes.body.createTime });
 }
 exports.getSecretVersion = getSecretVersion;
 async function accessSecretVersion(projectId, name, version) {
@@ -118,6 +121,8 @@ function parseSecretResourceName(resourceName) {
     return {
         projectId: match.groups.project,
         name: match.groups.secret,
+        labels: {},
+        replication: {},
     };
 }
 exports.parseSecretResourceName = parseSecretResourceName;
@@ -130,8 +135,11 @@ function parseSecretVersionResourceName(resourceName) {
         secret: {
             projectId: match.groups.project,
             name: match.groups.secret,
+            labels: {},
+            replication: {},
         },
         versionId: match.groups.version,
+        createTime: "",
     };
 }
 exports.parseSecretVersionResourceName = parseSecretVersionResourceName;
@@ -139,21 +147,35 @@ function toSecretVersionResourceName(secretVersion) {
     return `projects/${secretVersion.secret.projectId}/secrets/${secretVersion.secret.name}/versions/${secretVersion.versionId}`;
 }
 exports.toSecretVersionResourceName = toSecretVersionResourceName;
-async function createSecret(projectId, name, labels) {
+async function createSecret(projectId, name, labels, location) {
+    let replication;
+    if (location) {
+        replication = {
+            userManaged: {
+                replicas: [
+                    {
+                        location,
+                    },
+                ],
+            },
+        };
+    }
+    else {
+        replication = { automatic: {} };
+    }
     const createRes = await client.post(`projects/${projectId}/secrets`, {
         name,
-        replication: {
-            automatic: {},
-        },
+        replication,
         labels,
     }, { queryParams: { secretId: name } });
-    return Object.assign(Object.assign({}, parseSecretResourceName(createRes.body.name)), { labels });
+    return Object.assign(Object.assign({}, parseSecretResourceName(createRes.body.name)), { labels,
+        replication });
 }
 exports.createSecret = createSecret;
 async function patchSecret(projectId, name, labels) {
     const fullName = `projects/${projectId}/secrets/${name}`;
     const res = await client.patch(fullName, { name: fullName, labels }, { queryParams: { updateMask: "labels" } });
-    return parseSecretResourceName(res.body.name);
+    return Object.assign(Object.assign({}, parseSecretResourceName(res.body.name)), { labels: res.body.labels, replication: res.body.replication });
 }
 exports.patchSecret = patchSecret;
 async function deleteSecret(projectId, name) {
@@ -167,7 +189,7 @@ async function addVersion(projectId, name, payloadData) {
             data: Buffer.from(payloadData).toString("base64"),
         },
     });
-    return Object.assign(Object.assign({}, parseSecretVersionResourceName(res.body.name)), { state: res.body.state });
+    return Object.assign(Object.assign({}, parseSecretVersionResourceName(res.body.name)), { state: res.body.state, createTime: "" });
 }
 exports.addVersion = addVersion;
 async function getIamPolicy(secret) {
@@ -205,3 +227,21 @@ async function ensureServiceAgentRole(secret, serviceAccountEmails, role) {
     (0, utils_1.logLabeledSuccess)("secretmanager", `Granted ${role} on projects/${secret.projectId}/secrets/${secret.name} to ${serviceAccountEmails.join(", ")}`);
 }
 exports.ensureServiceAgentRole = ensureServiceAgentRole;
+exports.FIREBASE_MANAGED = "firebase-managed";
+function isFunctionsManaged(secret) {
+    return (secret.labels[exports.FIREBASE_MANAGED] === "true" || secret.labels[exports.FIREBASE_MANAGED] === "functions");
+}
+exports.isFunctionsManaged = isFunctionsManaged;
+function isAppHostingManaged(secret) {
+    return secret.labels[exports.FIREBASE_MANAGED] === "apphosting";
+}
+exports.isAppHostingManaged = isAppHostingManaged;
+function ensureApi(options) {
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    return ensureApiEnabled.ensure(projectId, (0, api_1.secretManagerOrigin)(), "secretmanager", true);
+}
+exports.ensureApi = ensureApi;
+function labels(product = "functions") {
+    return { [exports.FIREBASE_MANAGED]: product };
+}
+exports.labels = labels;

package/lib/gcp/serviceusage.js

@@ -1,19 +1,27 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateServiceIdentity = void 0;
+exports.generateServiceIdentityAndPoll = exports.generateServiceIdentity = exports.apiClient = void 0;
 const colorette_1 = require("colorette");
 const api_1 = require("../api");
 const apiv2_1 = require("../apiv2");
 const error_1 = require("../error");
 const utils = require("../utils");
-const apiClient = new apiv2_1.Client({
-    urlPrefix: api_1.serviceUsageOrigin,
-    apiVersion: "v1beta1",
+const poller = require("../operation-poller");
+const API_VERSION = "v1beta1";
+const SERVICE_USAGE_ORIGIN = (0, api_1.serviceUsageOrigin)();
+exports.apiClient = new apiv2_1.Client({
+    urlPrefix: SERVICE_USAGE_ORIGIN,
+    apiVersion: API_VERSION,
 });
+const serviceUsagePollerOptions = {
+    apiOrigin: SERVICE_USAGE_ORIGIN,
+    apiVersion: API_VERSION,
+};
 async function generateServiceIdentity(projectNumber, service, prefix) {
     utils.logLabeledBullet(prefix, `generating the service identity for ${(0, colorette_1.bold)(service)}...`);
     try {
-        return await apiClient.post(`projects/${projectNumber}/services/${service}:generateServiceIdentity`);
+        const res = await exports.apiClient.post(`projects/${projectNumber}/services/${service}:generateServiceIdentity`);
+        return res.body;
     }
     catch (err) {
         throw new error_1.FirebaseError(`Error generating the service identity for ${service}.`, {
@@ -22,3 +30,11 @@ async function generateServiceIdentity(projectNumber, service, prefix) {
     }
 }
 exports.generateServiceIdentity = generateServiceIdentity;
+async function generateServiceIdentityAndPoll(projectNumber, service, prefix) {
+    const op = await generateServiceIdentity(projectNumber, service, prefix);
+    if (op.done) {
+        return;
+    }
+    await poller.pollOperation(Object.assign(Object.assign({}, serviceUsagePollerOptions), { operationResourceName: op.name }));
+}
+exports.generateServiceIdentityAndPoll = generateServiceIdentityAndPoll;

package/lib/gcp/storage.js

@@ -10,9 +10,12 @@ const logger_1 = require("../logger");
 const ensureApiEnabled_1 = require("../ensureApiEnabled");
 async function getDefaultBucket(projectId) {
     var _a;
-    await (0, ensureApiEnabled_1.ensure)(projectId, api_1.firebaseStorageOrigin, "storage", false);
+    await (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.firebaseStorageOrigin)(), "storage", false);
     try {
-        const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.firebaseStorageOrigin, apiVersion: "v1alpha" });
+        const localAPIClient = new apiv2_1.Client({
+            urlPrefix: (0, api_1.firebaseStorageOrigin)(),
+            apiVersion: "v1alpha",
+        });
         const response = await localAPIClient.get(`/projects/${projectId}/defaultBucket`);
         if (!((_a = response.body) === null || _a === void 0 ? void 0 : _a.bucket.name)) {
             logger_1.logger.debug("Default storage bucket is undefined.");
@@ -29,7 +32,7 @@ async function getDefaultBucket(projectId) {
     }
 }
 exports.getDefaultBucket = getDefaultBucket;
-async function upload(source, uploadUrl, extraHeaders) {
+async function upload(source, uploadUrl, extraHeaders, ignoreQuotaProject) {
     const url = new URL(uploadUrl);
     const localAPIClient = new apiv2_1.Client({ urlPrefix: url.origin, auth: false });
     const res = await localAPIClient.request({
@@ -40,6 +43,7 @@ async function upload(source, uploadUrl, extraHeaders) {
         headers: Object.assign({ "content-type": "application/zip" }, extraHeaders),
         body: source.stream,
         skipLog: { resBody: true },
+        ignoreQuotaProject,
     });
     return {
         generation: res.response.headers.get("x-goog-generation"),
@@ -50,7 +54,7 @@ async function uploadObject(source, bucketName) {
     if (path.extname(source.file) !== ".zip") {
         throw new error_1.FirebaseError(`Expected a file name ending in .zip, got ${source.file}`);
     }
-    const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+    const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
     const location = `/${bucketName}/${path.basename(source.file)}`;
     const res = await localAPIClient.request({
         method: "PUT",
@@ -69,13 +73,13 @@ async function uploadObject(source, bucketName) {
 }
 exports.uploadObject = uploadObject;
 function deleteObject(location) {
-    const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+    const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
     return localAPIClient.delete(location);
 }
 exports.deleteObject = deleteObject;
 async function getBucket(bucketName) {
     try {
-        const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+        const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
         const result = await localAPIClient.get(`/storage/v1/b/${bucketName}`);
         return result.body;
     }
@@ -89,7 +93,7 @@ async function getBucket(bucketName) {
 exports.getBucket = getBucket;
 async function listBuckets(projectId) {
     try {
-        const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+        const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
         const result = await localAPIClient.get(`/storage/v1/b?project=${projectId}`);
         return result.body.items.map((bucket) => bucket.name);
     }
@@ -103,7 +107,7 @@ async function listBuckets(projectId) {
 exports.listBuckets = listBuckets;
 async function getServiceAccount(projectId) {
     try {
-        const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+        const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
         const response = await localAPIClient.get(`/storage/v1/projects/${projectId}/serviceAccount`);
         return response.body;
     }

package/lib/hosting/api.js

@@ -28,7 +28,7 @@ function normalizeName(s) {
 }
 exports.normalizeName = normalizeName;
 const apiClient = new apiv2_1.Client({
-    urlPrefix: api_1.hostingApiOrigin,
+    urlPrefix: (0, api_1.hostingApiOrigin)(),
     apiVersion: "v1beta1",
     auth: true,
 });
@@ -122,7 +122,7 @@ async function cloneVersion(site, versionName, finalize = false) {
     });
     const { name: operationName } = res.body;
     const pollRes = await operationPoller.pollOperation({
-        apiOrigin: api_1.hostingApiOrigin,
+        apiOrigin: (0, api_1.hostingApiOrigin)(),
         apiVersion: "v1beta1",
         operationResourceName: operationName,
         masterTimeout: 600000,

package/lib/hosting/cloudRunProxy.js

@@ -7,7 +7,7 @@ const error_1 = require("../error");
 const logger_1 = require("../logger");
 const projectUtils_1 = require("../projectUtils");
 const cloudRunCache = {};
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.cloudRunApiOrigin, apiVersion: "v1" });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.cloudRunApiOrigin)(), apiVersion: "v1" });
 async function getCloudRunUrl(rewrite, projectId) {
     var _a;
     const alreadyFetched = cloudRunCache[`${rewrite.run.region}/${rewrite.run.serviceId}`];

package/lib/init/features/database.js

@@ -71,7 +71,7 @@ async function doSetup(setup, config) {
     setup.config = setup.config || {};
     let instanceDetails;
     if (setup.projectId) {
-        await (0, ensureApiEnabled_1.ensure)(setup.projectId, api_1.rtdbManagementOrigin, "database", false);
+        await (0, ensureApiEnabled_1.ensure)(setup.projectId, (0, api_1.rtdbManagementOrigin)(), "database", false);
         logger_1.logger.info();
         setup.instance =
             setup.instance || (await (0, getDefaultDatabaseInstance_1.getDefaultDatabaseInstance)({ project: setup.projectId }));

package/lib/init/features/extensions/index.js

@@ -10,7 +10,7 @@ async function doSetup(setup, config, options) {
     const projectId = (_b = (_a = setup === null || setup === void 0 ? void 0 : setup.rcfile) === null || _a === void 0 ? void 0 : _a.projects) === null || _b === void 0 ? void 0 : _b.default;
     if (projectId) {
         await (0, requirePermissions_1.requirePermissions)(Object.assign(Object.assign({}, options), { project: projectId }));
-        await Promise.all([(0, ensureApiEnabled_1.ensure)(projectId, api_1.extensionsOrigin, "unused", true)]);
+        await Promise.all([(0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.extensionsOrigin)(), "unused", true)]);
     }
     return manifest.writeEmptyManifest(config, options);
 }

package/lib/init/features/functions/index.js

@@ -16,8 +16,8 @@ async function doSetup(setup, config, options) {
     if (projectId) {
         await (0, requirePermissions_1.requirePermissions)(Object.assign(Object.assign({}, options), { project: projectId }));
         await Promise.all([
-            (0, ensureApiEnabled_1.ensure)(projectId, api_1.functionsOrigin, "unused", true),
-            (0, ensureApiEnabled_1.ensure)(projectId, api_1.runtimeconfigOrigin, "unused", true),
+            (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.functionsOrigin)(), "unused", true),
+            (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.runtimeconfigOrigin)(), "unused", true),
         ]);
     }
     setup.functions = {};

package/lib/init/features/functions/python.js

@@ -7,6 +7,7 @@ const path = require("path");
 const python_1 = require("../../../deploy/functions/runtimes/python");
 const python_2 = require("../../../functions/python");
 const prompt_1 = require("../../../prompt");
+const supported_1 = require("../../../deploy/functions/runtimes/supported");
 const TEMPLATE_ROOT = path.resolve(__dirname, "../../../../templates/init/functions/python");
 const MAIN_TEMPLATE = fs.readFileSync(path.join(TEMPLATE_ROOT, "main.py"), "utf8");
 const REQUIREMENTS_TEMPLATE = fs.readFileSync(path.join(TEMPLATE_ROOT, "requirements.txt"), "utf8");
@@ -15,9 +16,9 @@ async function setup(setup, config) {
     await config.askWriteProjectFile(`${setup.functions.source}/requirements.txt`, REQUIREMENTS_TEMPLATE);
     await config.askWriteProjectFile(`${setup.functions.source}/.gitignore`, GITIGNORE_TEMPLATE);
     await config.askWriteProjectFile(`${setup.functions.source}/main.py`, MAIN_TEMPLATE);
-    config.set("functions.runtime", python_1.LATEST_VERSION);
+    config.set("functions.runtime", (0, supported_1.latest)("python"));
     config.set("functions.ignore", ["venv", "__pycache__"]);
-    const venvProcess = spawn((0, python_1.getPythonBinary)(python_1.LATEST_VERSION), ["-m", "venv", "venv"], {
+    const venvProcess = spawn((0, python_1.getPythonBinary)((0, supported_1.latest)("python")), ["-m", "venv", "venv"], {
         shell: true,
         cwd: config.path(setup.functions.source),
         stdio: ["pipe", "pipe", "pipe", "pipe"],
@@ -38,7 +39,7 @@ async function setup(setup, config) {
             upgradeProcess.on("exit", resolve);
             upgradeProcess.on("error", reject);
         });
-        const installProcess = (0, python_2.runWithVirtualEnv)([(0, python_1.getPythonBinary)(python_1.LATEST_VERSION), "-m", "pip", "install", "-r", "requirements.txt"], config.path(setup.functions.source), {}, { stdio: ["inherit", "inherit", "inherit"] });
+        const installProcess = (0, python_2.runWithVirtualEnv)([(0, python_1.getPythonBinary)((0, supported_1.latest)("python")), "-m", "pip", "install", "-r", "requirements.txt"], config.path(setup.functions.source), {}, { stdio: ["inherit", "inherit", "inherit"] });
         await new Promise((resolve, reject) => {
             installProcess.on("exit", resolve);
             installProcess.on("error", reject);

package/lib/init/features/hosting/github.js

@@ -28,7 +28,7 @@ const YML_MERGE_FILENAME = "firebase-hosting-merge.yml";
 const CHECKOUT_GITHUB_ACTION_NAME = "actions/checkout@v4";
 const HOSTING_GITHUB_ACTION_NAME = "FirebaseExtended/action-hosting-deploy@v0";
 const SERVICE_ACCOUNT_MAX_KEY_NUMBER = 10;
-const githubApiClient = new apiv2_1.Client({ urlPrefix: api_1.githubApiOrigin, auth: false });
+const githubApiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.githubApiOrigin)(), auth: false });
 async function initGitHub(setup) {
     if (!setup.projectId) {
         return (0, utils_1.reject)("Could not determine Project ID, can't set up GitHub workflow.", { exit: 1 });
@@ -109,7 +109,7 @@ async function initGitHub(setup) {
     }
     logger_1.logger.info();
     (0, utils_1.logLabeledBullet)("Action required", `Visit this URL to revoke authorization for the Firebase CLI GitHub OAuth App:`);
-    logger_1.logger.info((0, colorette_1.bold)((0, colorette_1.underline)(`https://github.com/settings/connections/applications/${api_1.githubClientId}`)));
+    logger_1.logger.info((0, colorette_1.bold)((0, colorette_1.underline)(`https://github.com/settings/connections/applications/${(0, api_1.githubClientId)()}`)));
     (0, utils_1.logLabeledBullet)("Action required", `Push any new workflow file(s) to your repo`);
 }
 exports.initGitHub = initGitHub;
@@ -260,7 +260,7 @@ async function promptForRepo(options, ghAccessToken) {
                         (0, utils_1.logWarning)("The provided authorization cannot be used with this repository. If this repository is in an organization, did you remember to grant access?", "error");
                         logger_1.logger.info();
                         (0, utils_1.logLabeledBullet)("Action required", `Visit this URL to ensure access has been granted to the appropriate organization(s) for the Firebase CLI GitHub OAuth App:`);
-                        logger_1.logger.info((0, colorette_1.bold)((0, colorette_1.underline)(`https://github.com/settings/connections/applications/${api_1.githubClientId}`)));
+                        logger_1.logger.info((0, colorette_1.bold)((0, colorette_1.underline)(`https://github.com/settings/connections/applications/${(0, api_1.githubClientId)()}`)));
                         logger_1.logger.info();
                     }
                     return false;
@@ -378,6 +378,7 @@ async function createServiceAccountAndKey(options, repo, accountId) {
     }
     const requiredRoles = [
         resourceManager_1.firebaseRoles.authAdmin,
+        resourceManager_1.firebaseRoles.serviceUsageConsumer,
         resourceManager_1.firebaseRoles.apiKeysViewer,
         resourceManager_1.firebaseRoles.hostingAdmin,
         resourceManager_1.firebaseRoles.runViewer,