firebase-tools 9.19.0 → 9.23.0

package/lib/emulator/auth/state.js

@@ -283,7 +283,13 @@ class ProjectState {
     createRefreshTokenFor(userInfo, provider, { extraClaims = {}, secondFactor, } = {}) {
         const localId = userInfo.localId;
         const refreshToken = utils_1.randomBase64UrlStr(204);
-        this.refreshTokens.set(refreshToken, { localId, provider, extraClaims, secondFactor });
+        this.refreshTokens.set(refreshToken, {
+            localId,
+            provider,
+            extraClaims,
+            secondFactor,
+            tenantId: userInfo.tenantId,
+        });
         let refreshTokens = this.refreshTokensForLocalId.get(localId);
         if (!refreshTokens) {
             refreshTokens = new Set();
@@ -416,9 +422,9 @@ exports.ProjectState = ProjectState;
 class AgentProjectState extends ProjectState {
     constructor(projectId) {
         super(projectId);
-        this.tenantForTenantId = new Map();
         this._oneAccountPerEmail = true;
         this._usageMode = UsageMode.DEFAULT;
+        this.tenantProjectForTenantId = new Map();
         this._authCloudFunction = new cloudFunctions_1.AuthCloudFunction(this.projectId);
     }
     get authCloudFunction() {
@@ -436,27 +442,84 @@ class AgentProjectState extends ProjectState {
     set usageMode(usageMode) {
         this._usageMode = usageMode;
     }
-    getTenant() {
-        throw new errors_1.NotImplementedError("getTenant is not implemented yet.");
+    get allowPasswordSignup() {
+        return true;
+    }
+    get disableAuth() {
+        return false;
+    }
+    get mfaConfig() {
+        return { state: "ENABLED", enabledProviders: ["PHONE_SMS"] };
+    }
+    get enableAnonymousUser() {
+        return true;
+    }
+    get enableEmailLinkSignin() {
+        return true;
+    }
+    getTenantProject(tenantId) {
+        if (!this.tenantProjectForTenantId.has(tenantId)) {
+            this.createTenantWithTenantId(tenantId, {
+                tenantId,
+                allowPasswordSignup: true,
+                disableAuth: false,
+                mfaConfig: {
+                    state: "ENABLED",
+                    enabledProviders: ["PHONE_SMS"],
+                },
+                enableAnonymousUser: true,
+                enableEmailLinkSignin: true,
+            });
+        }
+        return this.tenantProjectForTenantId.get(tenantId);
     }
-    listTenants() {
-        throw new errors_1.NotImplementedError("listTenants is not implemented yet.");
+    listTenants(startToken) {
+        const tenantProjects = [];
+        for (const tenantProject of this.tenantProjectForTenantId.values()) {
+            if (!startToken || tenantProject.tenantId > startToken) {
+                tenantProjects.push(tenantProject);
+            }
+        }
+        tenantProjects.sort((a, b) => {
+            if (a.tenantId < b.tenantId) {
+                return -1;
+            }
+            else if (a.tenantId > b.tenantId) {
+                return 1;
+            }
+            return 0;
+        });
+        return tenantProjects.map((tenantProject) => tenantProject.tenantConfig);
     }
-    createTenant() {
-        throw new errors_1.NotImplementedError("createTenant is not implemented yet.");
+    createTenant(tenant) {
+        for (let i = 0; i < 10; i++) {
+            const tenantId = utils_1.randomId(28);
+            const createdTenant = this.createTenantWithTenantId(tenantId, tenant);
+            if (createdTenant) {
+                return createdTenant;
+            }
+        }
+        throw new Error("Could not generate a random unique tenantId after 10 tries");
     }
-    updateTenant() {
-        throw new errors_1.NotImplementedError("updateTenant is not implemented yet.");
+    createTenantWithTenantId(tenantId, tenant) {
+        if (this.tenantProjectForTenantId.has(tenantId)) {
+            return undefined;
+        }
+        tenant.name = `projects/${this.projectId}/tenants/${tenantId}`;
+        tenant.tenantId = tenantId;
+        this.tenantProjectForTenantId.set(tenantId, new TenantProjectState(this.projectId, tenantId, tenant, this));
+        return tenant;
     }
-    deleteTenant() {
-        throw new errors_1.NotImplementedError("deleteTenant is not implemented yet.");
+    deleteTenant(tenantId) {
+        this.tenantProjectForTenantId.delete(tenantId);
     }
 }
 exports.AgentProjectState = AgentProjectState;
 class TenantProjectState extends ProjectState {
-    constructor(projectId, tenantId, parentProject) {
+    constructor(projectId, tenantId, _tenantConfig, parentProject) {
         super(projectId);
         this.tenantId = tenantId;
+        this._tenantConfig = _tenantConfig;
         this.parentProject = parentProject;
     }
     get oneAccountPerEmail() {
@@ -468,6 +531,81 @@ class TenantProjectState extends ProjectState {
     get usageMode() {
         return this.parentProject.usageMode;
     }
+    get tenantConfig() {
+        return this._tenantConfig;
+    }
+    get allowPasswordSignup() {
+        return this._tenantConfig.allowPasswordSignup;
+    }
+    get disableAuth() {
+        return this._tenantConfig.disableAuth;
+    }
+    get mfaConfig() {
+        return this._tenantConfig.mfaConfig;
+    }
+    get enableAnonymousUser() {
+        return this._tenantConfig.enableAnonymousUser;
+    }
+    get enableEmailLinkSignin() {
+        return this._tenantConfig.enableEmailLinkSignin;
+    }
+    delete() {
+        this.parentProject.deleteTenant(this.tenantId);
+    }
+    updateTenant(update, updateMask) {
+        var _a, _b, _c, _d, _e;
+        if (!updateMask) {
+            const mfaConfig = (_a = update.mfaConfig) !== null && _a !== void 0 ? _a : {};
+            if (!("state" in mfaConfig)) {
+                mfaConfig.state = "DISABLED";
+            }
+            if (!("enabledProviders" in mfaConfig)) {
+                mfaConfig.enabledProviders = [];
+            }
+            this._tenantConfig = {
+                tenantId: this.tenantId,
+                name: this.tenantConfig.name,
+                allowPasswordSignup: (_b = update.allowPasswordSignup) !== null && _b !== void 0 ? _b : false,
+                disableAuth: (_c = update.disableAuth) !== null && _c !== void 0 ? _c : false,
+                mfaConfig: mfaConfig,
+                enableAnonymousUser: (_d = update.enableAnonymousUser) !== null && _d !== void 0 ? _d : false,
+                enableEmailLinkSignin: (_e = update.enableEmailLinkSignin) !== null && _e !== void 0 ? _e : false,
+                displayName: update.displayName,
+            };
+            return this.tenantConfig;
+        }
+        const paths = updateMask.split(",");
+        for (const path of paths) {
+            const fields = path.split(".");
+            let updateField = update;
+            let existingField = this._tenantConfig;
+            let field;
+            for (let i = 0; i < fields.length - 1; i++) {
+                field = fields[i];
+                if (updateField[field] == null) {
+                    console.warn(`Unable to find field '${field}' in update '${updateField}`);
+                    break;
+                }
+                if (Array.isArray(updateField[field]) ||
+                    Object(updateField[field]) !== updateField[field]) {
+                    console.warn(`Field '${field}' is singular and cannot have sub-fields`);
+                    break;
+                }
+                if (!existingField[field]) {
+                    existingField[field] = {};
+                }
+                updateField = updateField[field];
+                existingField = existingField[field];
+            }
+            field = fields[fields.length - 1];
+            if (updateField[field] == null) {
+                console.warn(`Unable to find field '${field}' in update '${JSON.stringify(updateField)}`);
+                continue;
+            }
+            existingField[field] = updateField[field];
+        }
+        return this.tenantConfig;
+    }
 }
 exports.TenantProjectState = TenantProjectState;
 function getProviderEmailsForUser(user) {

package/lib/emulator/download.js

@@ -1,23 +1,21 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.downloadEmulator = void 0;
-const url_1 = require("url");
 const crypto = require("crypto");
 const fs = require("fs-extra");
 const path = require("path");
-const ProgressBar = require("progress");
 const tmp = require("tmp");
 const unzipper = require("unzipper");
-const apiv2_1 = require("../apiv2");
 const emulatorLogger_1 = require("./emulatorLogger");
 const error_1 = require("../error");
 const downloadableEmulators = require("./downloadableEmulators");
+const downloadUtils = require("../downloadUtils");
 tmp.setGracefulCleanup();
 async function downloadEmulator(name) {
     const emulator = downloadableEmulators.getDownloadDetails(name);
     emulatorLogger_1.EmulatorLogger.forEmulator(name).logLabeled("BULLET", name, `downloading ${path.basename(emulator.downloadPath)}...`);
     fs.ensureDirSync(emulator.opts.cacheDir);
-    const tmpfile = await downloadToTmp(emulator.opts.remoteUrl);
+    const tmpfile = await downloadUtils.downloadToTmp(emulator.opts.remoteUrl);
     if (!emulator.opts.skipChecksumAndSize) {
         await validateSize(tmpfile, emulator.opts.expectedSize);
         await validateChecksum(tmpfile, emulator.opts.expectedChecksum);
@@ -58,33 +56,6 @@ function removeOldFiles(name, emulator, removeAllVersions = false) {
         }
     }
 }
-async function downloadToTmp(remoteUrl) {
-    const u = new url_1.URL(remoteUrl);
-    const c = new apiv2_1.Client({ urlPrefix: u.origin, auth: false });
-    const tmpfile = tmp.fileSync();
-    const writeStream = fs.createWriteStream(tmpfile.name);
-    const res = await c.request({
-        method: "GET",
-        path: u.pathname,
-        queryParams: u.searchParams,
-        responseType: "stream",
-        resolveOnHTTPError: true,
-    });
-    if (res.status !== 200) {
-        throw new error_1.FirebaseError(`download failed, status ${res.status}`, { exit: 1 });
-    }
-    const total = parseInt(res.response.headers.get("content-length") || "0", 10);
-    const totalMb = Math.ceil(total / 1000000);
-    const bar = new ProgressBar(`Progress: :bar (:percent of ${totalMb}MB)`, { total, head: ">" });
-    res.body.on("data", (chunk) => {
-        bar.tick(chunk.length);
-    });
-    await new Promise((resolve) => {
-        writeStream.on("finish", resolve);
-        res.body.pipe(writeStream);
-    });
-    return tmpfile.name;
-}
 function validateSize(filepath, expectedSize) {
     return new Promise((resolve, reject) => {
         const stat = fs.statSync(filepath);

package/lib/emulator/downloadableEmulators.js

@@ -50,15 +50,15 @@ exports.DownloadDetails = {
         },
     },
     ui: {
-        version: "1.6.3",
-        downloadPath: path.join(CACHE_DIR, "ui-v1.6.3.zip"),
-        unzipDir: path.join(CACHE_DIR, "ui-v1.6.3"),
-        binaryPath: path.join(CACHE_DIR, "ui-v1.6.3", "server.bundle.js"),
+        version: "1.6.4",
+        downloadPath: path.join(CACHE_DIR, "ui-v1.6.4.zip"),
+        unzipDir: path.join(CACHE_DIR, "ui-v1.6.4"),
+        binaryPath: path.join(CACHE_DIR, "ui-v1.6.4", "server.bundle.js"),
         opts: {
             cacheDir: CACHE_DIR,
-            remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/ui-v1.6.3.zip",
-            expectedSize: 3757268,
-            expectedChecksum: "153090a46072545aadeb307397cc8f45",
+            remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/ui-v1.6.4.zip",
+            expectedSize: 3757300,
+            expectedChecksum: "20d4ee71e4ff7527b1843b6a8636142e",
             namePrefix: "ui",
         },
     },

package/lib/emulator/functionsEmulator.js

@@ -123,10 +123,22 @@ class FunctionsEmulator {
             });
         };
         const multicastHandler = (req, res) => {
-            const reqBody = req.rawBody;
-            const proto = JSON.parse(reqBody.toString());
-            const triggers = this.multicastTriggers[`${this.args.projectId}:${proto.eventType}`] || [];
+            var _a;
             const projectId = req.params.project_id;
+            const reqBody = req.rawBody;
+            let proto = JSON.parse(reqBody.toString());
+            let triggerKey;
+            if ((_a = req.headers["content-type"]) === null || _a === void 0 ? void 0 : _a.includes("cloudevent")) {
+                triggerKey = `${this.args.projectId}:${proto.type}`;
+                if (types_2.EventUtils.isBinaryCloudEvent(req)) {
+                    proto = types_2.EventUtils.extractBinaryCloudEventContext(req);
+                    proto.data = req.body;
+                }
+            }
+            else {
+                triggerKey = `${this.args.projectId}:${proto.eventType}`;
+            }
+            const triggers = this.multicastTriggers[triggerKey] || [];
             triggers.forEach((triggerId) => {
                 this.workQueue.submit(() => {
                     this.logger.log("DEBUG", `Accepted multicast request ${req.method} ${req.url} --> ${triggerId}`);
@@ -514,6 +526,8 @@ class FunctionsEmulator {
         const envs = {};
         envs.FUNCTIONS_EMULATOR = "true";
         envs.TZ = "UTC";
+        envs.FIREBASE_DEBUG_MODE = "true";
+        envs.FIREBASE_DEBUG_FEATURES = JSON.stringify({ skipTokenVerification: true });
         const firestoreEmulator = this.getEmulatorInfo(types_1.Emulators.FIRESTORE);
         if (firestoreEmulator != null) {
             envs[constants_1.Constants.FIRESTORE_EMULATOR_HOST] = functionsEmulatorShared_1.formatHost(firestoreEmulator);
@@ -718,7 +732,7 @@ class FunctionsEmulator {
         const reqBody = req.rawBody;
         const isCallable = trigger.labels && trigger.labels["deployment-callable"] === "true";
         const authHeader = req.header("Authorization");
-        if (authHeader && isCallable) {
+        if (authHeader && isCallable && trigger.platform !== "gcfv2") {
             const token = this.tokenFromAuthHeader(authHeader);
             if (token) {
                 const contextAuth = {

package/lib/emulator/functionsEmulatorRuntime.js

@@ -259,13 +259,35 @@ async function initializeFirebaseFunctionsStubs(frb) {
     };
     const onCallInnerMethodName = "_onCallWithOptions";
     const onCallMethodOriginal = httpsProvider[onCallInnerMethodName];
-    httpsProvider[onCallInnerMethodName] = (handler, opts) => {
-        const wrapped = wrapCallableHandler(handler);
-        const cf = onCallMethodOriginal(wrapped, opts);
-        return cf;
-    };
-    httpsProvider.onCall = (handler) => {
-        return httpsProvider[onCallInnerMethodName](handler, {});
+    if (onCallMethodOriginal.length === 3) {
+        httpsProvider[onCallInnerMethodName] = (opts, handler, deployOpts) => {
+            const wrapped = wrapCallableHandler(handler);
+            const cf = onCallMethodOriginal(opts, wrapped, deployOpts);
+            return cf;
+        };
+    }
+    else {
+        httpsProvider[onCallInnerMethodName] = (handler, opts) => {
+            const wrapped = wrapCallableHandler(handler);
+            const cf = onCallMethodOriginal(wrapped, opts);
+            return cf;
+        };
+    }
+    httpsProvider.onCall = function (optsOrHandler, handler) {
+        if (onCallMethodOriginal.length === 3) {
+            let opts;
+            if (arguments.length === 1) {
+                opts = {};
+                handler = optsOrHandler;
+            }
+            else {
+                opts = optsOrHandler;
+            }
+            return httpsProvider[onCallInnerMethodName](opts, handler, {});
+        }
+        else {
+            return httpsProvider[onCallInnerMethodName](optsOrHandler, {});
+        }
     };
 }
 function wrapCallableHandler(handler) {

package/lib/emulator/storage/cloudFunctions.js

@@ -6,6 +6,12 @@ const types_1 = require("../types");
 const emulatorLogger_1 = require("../emulatorLogger");
 const metadata_1 = require("./metadata");
 const apiv2_1 = require("../../apiv2");
+const STORAGE_V2_ACTION_MAP = {
+    finalize: "finalized",
+    metadataUpdate: "metadataUpdated",
+    delete: "deleted",
+    archive: "archived",
+};
 class StorageCloudFunctions {
     constructor(projectId) {
         this.projectId = projectId;
@@ -19,26 +25,37 @@ class StorageCloudFunctions {
             this.functionsEmulatorInfo = functionsEmulator.getInfo();
             this.multicastOrigin = `http://${registry_1.EmulatorRegistry.getInfoHostString(this.functionsEmulatorInfo)}`;
             this.multicastPath = `/functions/projects/${projectId}/trigger_multicast`;
+            this.client = new apiv2_1.Client({ urlPrefix: this.multicastOrigin, auth: false });
         }
     }
     async dispatch(action, object) {
-        if (!this.enabled)
+        if (!this.enabled) {
             return;
-        const multicastEventBody = this.createEventRequestBody(action, object);
-        const c = new apiv2_1.Client({ urlPrefix: this.multicastOrigin, auth: false });
-        let res;
+        }
+        const errStatus = [];
         let err;
         try {
-            res = await c.post(this.multicastPath, multicastEventBody);
+            const eventBody = this.createLegacyEventRequestBody(action, object);
+            const eventRes = await this.client.post(this.multicastPath, eventBody);
+            if (eventRes.status !== 200) {
+                errStatus.push(eventRes.status);
+            }
+            const cloudEventBody = this.createCloudEventRequestBody(action, object);
+            const cloudEventRes = await this.client.post(this.multicastPath, cloudEventBody, {
+                headers: { "Content-Type": "application/cloudevents+json; charset=UTF-8" },
+            });
+            if (cloudEventRes.status !== 200) {
+                errStatus.push(cloudEventRes.status);
+            }
         }
         catch (e) {
             err = e;
         }
-        if (err || (res === null || res === void 0 ? void 0 : res.status) != 200) {
+        if (err || errStatus.length > 0) {
             this.logger.logLabeled("WARN", "functions", `Firebase Storage function was not triggered due to emulation error. Please file a bug.`);
         }
     }
-    createEventRequestBody(action, objectMetadataPayload) {
+    createLegacyEventRequestBody(action, objectMetadataPayload) {
         const timestamp = new Date();
         return JSON.stringify({
             eventId: `${timestamp.getTime()}`,
@@ -52,5 +69,18 @@ class StorageCloudFunctions {
             data: objectMetadataPayload,
         });
     }
+    createCloudEventRequestBody(action, objectMetadataPayload) {
+        const ceAction = STORAGE_V2_ACTION_MAP[action];
+        if (!ceAction) {
+            throw new Error("Action is not definied as a CloudEvents action");
+        }
+        const data = objectMetadataPayload;
+        return JSON.stringify({
+            specVersion: 1,
+            type: `google.cloud.storage.object.v1.${ceAction}`,
+            source: `//storage.googleapis.com/projects/_/buckets/${objectMetadataPayload.bucket}/objects/${objectMetadataPayload.name}`,
+            data,
+        });
+    }
 }
 exports.StorageCloudFunctions = StorageCloudFunctions;

package/lib/extensions/askUserForConsent.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.promptForPublisherTOS = exports.displayRoles = exports.retrieveRoleInfo = exports.formatDescription = void 0;
+exports.promptForPublisherTOS = exports.displayApis = exports.displayRoles = exports.retrieveRoleInfo = exports.formatDescription = void 0;
 const _ = require("lodash");
 const clc = require("cli-color");
 const marked = require("marked");
@@ -35,6 +35,19 @@ async function displayRoles(extensionName, projectId, roles) {
     utils.logLabeledBullet(extensionsHelper_1.logPrefix, message);
 }
 exports.displayRoles = displayRoles;
+function displayApis(extensionName, projectId, apis) {
+    if (!apis.length) {
+        return;
+    }
+    const question = `${clc.bold(extensionName)} will enable the following APIs for project ${clc.bold(projectId)}`;
+    const results = apis.map((api) => {
+        return `- ${api.apiName}: ${api.reason}`;
+    });
+    results.unshift(question);
+    const message = results.join("\n");
+    utils.logLabeledBullet(extensionsHelper_1.logPrefix, message);
+}
+exports.displayApis = displayApis;
 async function promptForPublisherTOS() {
     const termsOfServiceMsg = "By registering as a publisher, you confirm that you have read the Firebase Extensions Publisher Terms and Conditions (linked below) and you, on behalf of yourself and the organization you represent, agree to comply with it.  Here is a brief summary of the highlights of our terms and conditions:\n" +
         "  - You ensure extensions you publish comply with all laws and regulations; do not include any viruses, spyware, Trojan horses, or other malicious code; and do not violate any person’s rights, including intellectual property, privacy, and security rights.\n" +

package/lib/extensions/askUserForParam.js

@@ -1,15 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ask = exports.getInquirerDefault = exports.askForParam = exports.checkResponse = void 0;
+exports.ask = exports.getInquirerDefault = exports.promptCreateSecret = exports.askForParam = exports.checkResponse = void 0;
 const _ = require("lodash");
 const clc = require("cli-color");
 const marked = require("marked");
 const extensionsApi_1 = require("./extensionsApi");
+const secretManagerApi = require("../gcp/secretManager");
+const secretsUtils = require("./secretsUtils");
 const extensionsHelper_1 = require("./extensionsHelper");
 const utils_1 = require("./utils");
 const logger_1 = require("../logger");
 const prompt_1 = require("../prompt");
 const utils = require("../utils");
+var SecretUpdateAction;
+(function (SecretUpdateAction) {
+    SecretUpdateAction[SecretUpdateAction["LEAVE"] = 0] = "LEAVE";
+    SecretUpdateAction[SecretUpdateAction["SET_NEW"] = 1] = "SET_NEW";
+})(SecretUpdateAction || (SecretUpdateAction = {}));
 function checkResponse(response, spec) {
     let valid = true;
     let responses;
@@ -48,7 +55,7 @@ function checkResponse(response, spec) {
     return valid;
 }
 exports.checkResponse = checkResponse;
-async function askForParam(paramSpec) {
+async function askForParam(projectId, instanceId, paramSpec, reconfiguring) {
     let valid = false;
     let response = "";
     const description = paramSpec.description || "";
@@ -89,6 +96,11 @@ async function askForParam(paramSpec) {
                     choices: utils_1.convertExtensionOptionToLabeledList(paramSpec.options),
                 });
                 break;
+            case extensionsApi_1.ParamType.SECRET:
+                response = reconfiguring
+                    ? await promptReconfigureSecret(projectId, instanceId, paramSpec)
+                    : await promptCreateSecret(projectId, instanceId, paramSpec);
+                break;
             default:
                 response = await prompt_1.promptOnce({
                     name: paramSpec.param,
@@ -102,6 +114,71 @@ async function askForParam(paramSpec) {
     return response;
 }
 exports.askForParam = askForParam;
+async function promptReconfigureSecret(projectId, instanceId, paramSpec) {
+    const action = await prompt_1.promptOnce({
+        type: "list",
+        message: `Choose what you would like to do with this secret:`,
+        choices: [
+            { name: "Leave unchanged", value: SecretUpdateAction.LEAVE },
+            { name: "Set new value", value: SecretUpdateAction.SET_NEW },
+        ],
+    });
+    switch (action) {
+        case SecretUpdateAction.SET_NEW:
+            let secret;
+            let secretName;
+            if (paramSpec.default) {
+                secret = secretManagerApi.parseSecretResourceName(paramSpec.default);
+                secretName = secret.name;
+            }
+            else {
+                secretName = await generateSecretName(projectId, instanceId, paramSpec.param);
+            }
+            const secretValue = await prompt_1.promptOnce({
+                name: paramSpec.param,
+                type: "password",
+                message: `This secret will be stored in Cloud Secret Manager as ${secretName}.\nEnter new value for ${paramSpec.label.trim()}:`,
+            });
+            if (!secret) {
+                secret = await secretManagerApi.createSecret(projectId, secretName, secretsUtils.getSecretLabels(instanceId));
+            }
+            return addNewSecretVersion(projectId, instanceId, secret, paramSpec, secretValue);
+        case SecretUpdateAction.LEAVE:
+        default:
+            return paramSpec.default || "";
+    }
+}
+async function promptCreateSecret(projectId, instanceId, paramSpec, secretName) {
+    const name = secretName !== null && secretName !== void 0 ? secretName : (await generateSecretName(projectId, instanceId, paramSpec.param));
+    const secretValue = await prompt_1.promptOnce({
+        name: paramSpec.param,
+        type: "password",
+        default: paramSpec.default,
+        message: `This secret will be stored in Cloud Secret Manager (https://cloud.google.com/secret-manager/pricing) as ${name} and managed by Firebase Extensions (Firebase Extensions Service Agent will be granted Secret Admin role on this secret).\nEnter a value for ${paramSpec.label.trim()}:`,
+    });
+    if (secretValue === "" && paramSpec.required) {
+        logger_1.logger.info(`Secret value cannot be empty for required param ${paramSpec.param}`);
+        return await promptCreateSecret(projectId, instanceId, paramSpec, name);
+    }
+    else if (secretValue !== "") {
+        const secret = await secretManagerApi.createSecret(projectId, name, secretsUtils.getSecretLabels(instanceId));
+        return addNewSecretVersion(projectId, instanceId, secret, paramSpec, secretValue);
+    }
+    return secretValue;
+}
+exports.promptCreateSecret = promptCreateSecret;
+async function generateSecretName(projectId, instanceId, paramName) {
+    let secretName = `ext-${instanceId}-${paramName}`;
+    while (await secretManagerApi.secretExists(projectId, secretName)) {
+        secretName += `-${utils_1.getRandomString(3)}`;
+    }
+    return secretName;
+}
+async function addNewSecretVersion(projectId, instanceId, secret, paramSpec, secretValue) {
+    const version = await secretManagerApi.addVersion(secret, secretValue);
+    await secretsUtils.grantFirexServiceAgentSecretAdminRole(secret);
+    return `projects/${version.secret.projectId}/secrets/${version.secret.name}/versions/${version.versionId}`;
+}
 function getInquirerDefault(options, def) {
     const defaultOption = _.find(options, (option) => {
         return option.value === def;
@@ -109,7 +186,7 @@ function getInquirerDefault(options, def) {
     return defaultOption ? defaultOption.label || defaultOption.value : "";
 }
 exports.getInquirerDefault = getInquirerDefault;
-async function ask(paramSpecs, firebaseProjectParams) {
+async function ask(projectId, instanceId, paramSpecs, firebaseProjectParams, reconfiguring) {
     if (_.isEmpty(paramSpecs)) {
         logger_1.logger.debug("No params were specified for this extension.");
         return {};
@@ -119,7 +196,7 @@ async function ask(paramSpecs, firebaseProjectParams) {
     const result = {};
     const promises = _.map(substituted, (paramSpec) => {
         return async () => {
-            result[paramSpec.param] = await askForParam(paramSpec);
+            result[paramSpec.param] = await askForParam(projectId, instanceId, paramSpec, reconfiguring);
         };
     });
     await promises.reduce((prev, cur) => prev.then(cur), Promise.resolve());

package/lib/extensions/checkProjectBilling.js

@@ -33,13 +33,13 @@ async function openBillingAccount(projectId, url, open) {
     });
     return cloudbilling.checkBillingEnabled(projectId);
 }
-async function chooseBillingAccount(projectId, extensionName, accounts) {
+async function chooseBillingAccount(projectId, accounts) {
     const choices = accounts.map((m) => m.displayName);
     choices.push(ADD_BILLING_ACCOUNT);
     const answer = await prompt.promptOnce({
         name: "billing",
         type: "list",
-        message: `The extension ${clc.underline(extensionName)} requires your project to be upgraded to the Blaze plan. You have access to the following billing accounts.
+        message: `Extensions require your project to be upgraded to the Blaze plan. You have access to the following billing accounts.
 Please select the one that you would like to associate with this project:`,
         choices: choices,
     });
@@ -54,10 +54,10 @@ Please select the one that you would like to associate with this project:`,
     }
     return logBillingStatus(billingEnabled, projectId);
 }
-async function setUpBillingAccount(projectId, extensionName) {
+async function setUpBillingAccount(projectId) {
     const billingURL = `https://console.cloud.google.com/billing/linkedaccount?project=${projectId}`;
     logger_1.logger.info();
-    logger_1.logger.info(`The extension ${clc.bold(extensionName)} requires your project to be upgraded to the Blaze plan. Please visit the following link to add a billing account:`);
+    logger_1.logger.info(`Extension require your project to be upgraded to the Blaze plan. Please visit the following link to add a billing account:`);
     logger_1.logger.info();
     logger_1.logger.info(clc.bold.underline(billingURL));
     logger_1.logger.info();
@@ -70,13 +70,13 @@ async function setUpBillingAccount(projectId, extensionName) {
     const billingEnabled = await openBillingAccount(projectId, billingURL, open);
     return logBillingStatus(billingEnabled, projectId);
 }
-async function enableBilling(projectId, extensionName) {
+async function enableBilling(projectId) {
     const billingAccounts = await cloudbilling.listBillingAccounts();
     if (billingAccounts) {
         const accounts = billingAccounts.filter((account) => account.open);
         return accounts.length > 0
-            ? chooseBillingAccount(projectId, extensionName, accounts)
-            : setUpBillingAccount(projectId, extensionName);
+            ? chooseBillingAccount(projectId, accounts)
+            : setUpBillingAccount(projectId);
     }
 }
 exports.enableBilling = enableBilling;