firebase-tools 9.20.0 → 9.21.0

package/lib/emulator/auth/apiSpec.js

@@ -3580,6 +3580,37 @@ exports.default = {
                 tags: ["emulator"],
             },
         },
+        "/emulator/v1/projects/{targetProjectId}/tenants/{tenantId}/accounts": {
+            parameters: [
+                {
+                    name: "targetProjectId",
+                    in: "path",
+                    description: "The ID of the Google Cloud project that the accounts belong to.",
+                    required: true,
+                    schema: { type: "string" },
+                },
+                {
+                    name: "tenantId",
+                    in: "path",
+                    description: "The ID of the Identity Platform tenant the accounts belongs to. If not specified, accounts on the Identity Platform project are returned.",
+                    required: true,
+                    schema: { type: "string" },
+                },
+            ],
+            servers: [{ url: "" }],
+            delete: {
+                description: "Remove all accounts in the project, regardless of state.",
+                operationId: "emulator.projects.accounts.delete",
+                responses: {
+                    200: {
+                        description: "Successful response",
+                        content: { "application/json": { schema: { type: "object" } } },
+                    },
+                },
+                security: [],
+                tags: ["emulator"],
+            },
+        },
         "/emulator/v1/projects/{targetProjectId}/config": {
             parameters: [
                 {
@@ -4978,7 +5009,7 @@ exports.default = {
                         type: "string",
                     },
                     postBody: {
-                        description: "If the user is signing in with an authorization response obtained via a previous CreateAuthUri authorization request, this is the body of the HTTP POST callback from the IdP, if present. Otherwise, if the user is signing in with a manually provided IdP credential, this should be a URL-encoded form that contains the credential (e.g. an ID token or access token for OAuth 2.0 IdPs) and the provider ID of the IdP that issued the credential. For example, if the user is signing in to the Google provider using a Google ID token, this should be set to `id_token=[GOOGLE_ID_TOKEN]&providerId=google.com`, where `[GOOGLE_ID_TOKEN]` should be replaced with the Google ID token. If the user is signing in to the Facebook provider using a Facebook access token, this should be set to `access_token=[FACEBOOK_ACCESS_TOKEN]&providerId=facebook.com`, where `[FACEBOOK_ACCESS_TOKEN]` should be replaced with the Facebook access token. If the user is signing in to the Twitter provider using a Twitter OAuth 1.0 credential, this should be set to `access_token=[TWITTER_ACCESS_TOKEN]&oauth_token_secret=[TWITTER_TOKEN_SECRET]&providerId=twitter.com`, where `[TWITTER_ACCESS_TOKEN]` and `[TWITTER_TOKEN_SECRET]` should be replaced with the Twitter OAuth access token and Twitter OAuth token secret respectively.",
+                        description: "If the user is signing in with an authorization response obtained via a previous CreateAuthUri authorization request, this is the body of the HTTP POST callback from the IdP, if present. Otherwise, if the user is signing in with a manually provided IdP credential, this should be a URL-encoded form that contains the credential (e.g. an ID token or access token for OAuth 2.0 IdPs) and the provider ID of the IdP that issued the credential. For example, if the user is signing in to the Google provider using a Google ID token, this should be set to `id_token=[GOOGLE_ID_TOKEN]&providerId=google.com`, where `[GOOGLE_ID_TOKEN]` should be replaced with the Google ID token. If the user is signing in to the Facebook provider using a Facebook authentication token, this should be set to `id_token=[FACEBOOK_AUTHENTICATION_TOKEN]&providerId=facebook.com&nonce= [NONCE]`, where `[FACEBOOK_AUTHENTICATION_TOKEN]` should be replaced with the Facebook authentication token. Nonce is required for validating the token. The request will fail if no nonce is provided. If the user is signing in to the Facebook provider using a Facebook access token, this should be set to `access_token=[FACEBOOK_ACCESS_TOKEN]&providerId=facebook.com`, where `[FACEBOOK_ACCESS_TOKEN]` should be replaced with the Facebook access token. If the user is signing in to the Twitter provider using a Twitter OAuth 1.0 credential, this should be set to `access_token=[TWITTER_ACCESS_TOKEN]&oauth_token_secret=[TWITTER_TOKEN_SECRET]&providerId=twitter.com`, where `[TWITTER_ACCESS_TOKEN]` and `[TWITTER_TOKEN_SECRET]` should be replaced with the Twitter OAuth access token and Twitter OAuth token secret respectively.",
                         type: "string",
                     },
                     requestUri: {
@@ -6665,16 +6696,16 @@ exports.default = {
                 type: "object",
             },
             GoogleIamV1Binding: {
-                description: "Associates `members` with a `role`.",
+                description: "Associates `members`, or principals, with a `role`.",
                 properties: {
                     condition: { $ref: "#/components/schemas/GoogleTypeExpr" },
                     members: {
-                        description: "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+                        description: "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
                         items: { type: "string" },
                         type: "array",
                     },
                     role: {
-                        description: "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
+                        description: "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
                         type: "string",
                     },
                 },
@@ -6697,7 +6728,7 @@ exports.default = {
                 type: "object",
             },
             GoogleIamV1Policy: {
-                description: 'An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp(\'2020-10-01T00:00:00.000Z\')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp(\'2020-10-01T00:00:00.000Z\') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).',
+                description: 'An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp(\'2020-10-01T00:00:00.000Z\')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp(\'2020-10-01T00:00:00.000Z\') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).',
                 properties: {
                     auditConfigs: {
                         description: "Specifies cloud audit logging configuration for this policy.",
@@ -6705,7 +6736,7 @@ exports.default = {
                         type: "array",
                     },
                     bindings: {
-                        description: "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.",
+                        description: "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
                         items: { $ref: "#/components/schemas/GoogleIamV1Binding" },
                         type: "array",
                     },

package/lib/emulator/auth/operations.js

@@ -160,8 +160,8 @@ function signUp(state, reqBody, ctx) {
             generateEnrollmentIds: true,
         });
     }
-    if (reqBody.tenantId) {
-        updates.tenantId = reqBody.tenantId;
+    if (state instanceof state_1.TenantProjectState) {
+        updates.tenantId = state.tenantId;
     }
     let user;
     if (reqBody.idToken) {
@@ -267,6 +267,8 @@ function batchCreate(state, reqBody) {
             };
             if (userInfo.tenantId) {
                 errors_1.assert(state instanceof state_1.TenantProjectState && state.tenantId === userInfo.tenantId, "Tenant id in userInfo does not match the tenant id in request.");
+            }
+            if (state instanceof state_1.TenantProjectState) {
                 fields.tenantId = state.tenantId;
             }
             if (userInfo.passwordHash) {
@@ -921,7 +923,7 @@ function signInWithCustomToken(state, reqBody) {
     else {
         const decoded = jsonwebtoken_1.decode(reqBody.token, { complete: true });
         if (state instanceof state_1.TenantProjectState) {
-            errors_1.assert((decoded === null || decoded === void 0 ? void 0 : decoded.payload.tenantId) === state.tenantId, "TENANT_ID_MISMATCH");
+            errors_1.assert((decoded === null || decoded === void 0 ? void 0 : decoded.payload.tenant_id) === state.tenantId, "TENANT_ID_MISMATCH");
         }
         errors_1.assert(decoded, "INVALID_CUSTOM_TOKEN : Invalid assertion format");
         if (decoded.header.alg !== "none") {
@@ -1798,16 +1800,24 @@ function parsePendingCredential(state, pendingCredential) {
     return { user, signInProvider };
 }
 function createTenant(state, reqBody) {
+    var _a, _b, _c, _d, _e;
     if (!(state instanceof state_1.AgentProjectState)) {
         throw new errors_1.InternalError("INTERNAL_ERROR: Can only create tenant in agent project", "INTERNAL");
     }
+    const mfaConfig = (_a = reqBody.mfaConfig) !== null && _a !== void 0 ? _a : {};
+    if (!("state" in mfaConfig)) {
+        mfaConfig.state = "DISABLED";
+    }
+    if (!("enabledProviders" in mfaConfig)) {
+        mfaConfig.enabledProviders = [];
+    }
     const tenant = {
         displayName: reqBody.displayName,
-        allowPasswordSignup: reqBody.allowPasswordSignup,
-        enableEmailLinkSignin: reqBody.enableEmailLinkSignin,
-        enableAnonymousUser: reqBody.enableAnonymousUser,
-        disableAuth: reqBody.disableAuth,
-        mfaConfig: reqBody.mfaConfig,
+        allowPasswordSignup: (_b = reqBody.allowPasswordSignup) !== null && _b !== void 0 ? _b : false,
+        enableEmailLinkSignin: (_c = reqBody.enableEmailLinkSignin) !== null && _c !== void 0 ? _c : false,
+        enableAnonymousUser: (_d = reqBody.enableAnonymousUser) !== null && _d !== void 0 ? _d : false,
+        disableAuth: (_e = reqBody.disableAuth) !== null && _e !== void 0 ? _e : false,
+        mfaConfig: mfaConfig,
         tenantId: "",
     };
     return state.createTenant(tenant);

package/lib/emulator/auth/server.js

@@ -17,6 +17,7 @@ const lodash_1 = require("lodash");
 const handlers_1 = require("./handlers");
 const bodyParser = require("body-parser");
 const url_1 = require("url");
+const jsonwebtoken_1 = require("jsonwebtoken");
 const apiSpec = apiSpec_1.default;
 const API_SPEC_PATH = "/emulator/openapi.json";
 const AUTH_HEADER_PREFIX = "bearer ";
@@ -70,6 +71,10 @@ async function createApp(defaultProjectId, projectStateForId = new Map()) {
     const app = express();
     app.set("json spaces", 2);
     app.use(cors({ origin: true }));
+    app.delete("*", (req, _, next) => {
+        delete req.headers["content-type"];
+        next();
+    });
     app.get("/", (req, res) => {
         return res.json({
             authEmulator: {
@@ -334,7 +339,7 @@ function toExegesisController(ops, getProjectStateById) {
     }
     function toExegesisOperation(operation) {
         return (ctx) => {
-            var _a, _b, _c, _d, _e;
+            var _a, _b, _c, _d, _e, _f, _g;
             let targetProjectId = ctx.params.path.targetProjectId || ((_a = ctx.requestBody) === null || _a === void 0 ? void 0 : _a.targetProjectId);
             if (targetProjectId) {
                 if ((_b = ctx.api.operationObject.security) === null || _b === void 0 ? void 0 : _b.some((sec) => sec.Oauth2)) {
@@ -344,10 +349,19 @@ function toExegesisController(ops, getProjectStateById) {
             else {
                 targetProjectId = ctx.user;
             }
+            let targetTenantId = undefined;
             if (ctx.params.path.tenantId && ((_d = ctx.requestBody) === null || _d === void 0 ? void 0 : _d.tenantId)) {
                 errors_2.assert(ctx.params.path.tenantId === ctx.requestBody.tenantId, "TENANT_ID_MISMATCH");
             }
-            const targetTenantId = ctx.params.path.tenantId || ((_e = ctx.requestBody) === null || _e === void 0 ? void 0 : _e.tenantId);
+            targetTenantId = ctx.params.path.tenantId || ((_e = ctx.requestBody) === null || _e === void 0 ? void 0 : _e.tenantId);
+            if ((_f = ctx.requestBody) === null || _f === void 0 ? void 0 : _f.idToken) {
+                const idToken = (_g = ctx.requestBody) === null || _g === void 0 ? void 0 : _g.idToken;
+                const decoded = jsonwebtoken_1.decode(idToken, { complete: true });
+                if ((decoded === null || decoded === void 0 ? void 0 : decoded.payload.firebase.tenant) && targetTenantId) {
+                    errors_2.assert((decoded === null || decoded === void 0 ? void 0 : decoded.payload.firebase.tenant) === targetTenantId, "TENANT_ID_MISMATCH");
+                }
+                targetTenantId = targetTenantId || (decoded === null || decoded === void 0 ? void 0 : decoded.payload.firebase.tenant);
+            }
             return operation(getProjectStateById(targetProjectId, targetTenantId), ctx.requestBody, ctx);
         };
     }

package/lib/emulator/auth/state.js

@@ -459,7 +459,17 @@ class AgentProjectState extends ProjectState {
     }
     getTenantProject(tenantId) {
         if (!this.tenantProjectForTenantId.has(tenantId)) {
-            this.createTenantWithTenantId(tenantId, { tenantId });
+            this.createTenantWithTenantId(tenantId, {
+                tenantId,
+                allowPasswordSignup: true,
+                disableAuth: false,
+                mfaConfig: {
+                    state: "ENABLED",
+                    enabledProviders: ["PHONE_SMS"],
+                },
+                enableAnonymousUser: true,
+                enableEmailLinkSignin: true,
+            });
         }
         return this.tenantProjectForTenantId.get(tenantId);
     }
@@ -525,34 +535,43 @@ class TenantProjectState extends ProjectState {
         return this._tenantConfig;
     }
     get allowPasswordSignup() {
-        var _a;
-        return (_a = this._tenantConfig.allowPasswordSignup) !== null && _a !== void 0 ? _a : true;
+        return this._tenantConfig.allowPasswordSignup;
     }
     get disableAuth() {
-        var _a;
-        return (_a = this._tenantConfig.disableAuth) !== null && _a !== void 0 ? _a : false;
+        return this._tenantConfig.disableAuth;
     }
     get mfaConfig() {
-        var _a;
-        return ((_a = this._tenantConfig.mfaConfig) !== null && _a !== void 0 ? _a : {
-            state: "ENABLED",
-            enabledProviders: ["PHONE_SMS"],
-        });
+        return this._tenantConfig.mfaConfig;
     }
     get enableAnonymousUser() {
-        var _a;
-        return (_a = this._tenantConfig.enableAnonymousUser) !== null && _a !== void 0 ? _a : true;
+        return this._tenantConfig.enableAnonymousUser;
     }
     get enableEmailLinkSignin() {
-        var _a;
-        return (_a = this._tenantConfig.enableEmailLinkSignin) !== null && _a !== void 0 ? _a : true;
+        return this._tenantConfig.enableEmailLinkSignin;
     }
     delete() {
         this.parentProject.deleteTenant(this.tenantId);
     }
     updateTenant(update, updateMask) {
+        var _a, _b, _c, _d, _e;
         if (!updateMask) {
-            this._tenantConfig = Object.assign(Object.assign({}, update), { tenantId: this.tenantId, name: this.tenantConfig.name });
+            const mfaConfig = (_a = update.mfaConfig) !== null && _a !== void 0 ? _a : {};
+            if (!("state" in mfaConfig)) {
+                mfaConfig.state = "DISABLED";
+            }
+            if (!("enabledProviders" in mfaConfig)) {
+                mfaConfig.enabledProviders = [];
+            }
+            this._tenantConfig = {
+                tenantId: this.tenantId,
+                name: this.tenantConfig.name,
+                allowPasswordSignup: (_b = update.allowPasswordSignup) !== null && _b !== void 0 ? _b : false,
+                disableAuth: (_c = update.disableAuth) !== null && _c !== void 0 ? _c : false,
+                mfaConfig: mfaConfig,
+                enableAnonymousUser: (_d = update.enableAnonymousUser) !== null && _d !== void 0 ? _d : false,
+                enableEmailLinkSignin: (_e = update.enableEmailLinkSignin) !== null && _e !== void 0 ? _e : false,
+                displayName: update.displayName,
+            };
             return this.tenantConfig;
         }
         const paths = updateMask.split(",");

package/lib/emulator/downloadableEmulators.js

@@ -50,15 +50,15 @@ exports.DownloadDetails = {
         },
     },
     ui: {
-        version: "1.6.3",
-        downloadPath: path.join(CACHE_DIR, "ui-v1.6.3.zip"),
-        unzipDir: path.join(CACHE_DIR, "ui-v1.6.3"),
-        binaryPath: path.join(CACHE_DIR, "ui-v1.6.3", "server.bundle.js"),
+        version: "1.6.4",
+        downloadPath: path.join(CACHE_DIR, "ui-v1.6.4.zip"),
+        unzipDir: path.join(CACHE_DIR, "ui-v1.6.4"),
+        binaryPath: path.join(CACHE_DIR, "ui-v1.6.4", "server.bundle.js"),
         opts: {
             cacheDir: CACHE_DIR,
-            remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/ui-v1.6.3.zip",
-            expectedSize: 3757268,
-            expectedChecksum: "153090a46072545aadeb307397cc8f45",
+            remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/ui-v1.6.4.zip",
+            expectedSize: 3757300,
+            expectedChecksum: "20d4ee71e4ff7527b1843b6a8636142e",
             namePrefix: "ui",
         },
     },

package/lib/emulator/functionsEmulator.js

@@ -123,10 +123,22 @@ class FunctionsEmulator {
             });
         };
         const multicastHandler = (req, res) => {
-            const reqBody = req.rawBody;
-            const proto = JSON.parse(reqBody.toString());
-            const triggers = this.multicastTriggers[`${this.args.projectId}:${proto.eventType}`] || [];
+            var _a;
             const projectId = req.params.project_id;
+            const reqBody = req.rawBody;
+            let proto = JSON.parse(reqBody.toString());
+            let triggerKey;
+            if ((_a = req.headers["content-type"]) === null || _a === void 0 ? void 0 : _a.includes("cloudevent")) {
+                triggerKey = `${this.args.projectId}:${proto.type}`;
+                if (types_2.EventUtils.isBinaryCloudEvent(req)) {
+                    proto = types_2.EventUtils.extractBinaryCloudEventContext(req);
+                    proto.data = req.body;
+                }
+            }
+            else {
+                triggerKey = `${this.args.projectId}:${proto.eventType}`;
+            }
+            const triggers = this.multicastTriggers[triggerKey] || [];
             triggers.forEach((triggerId) => {
                 this.workQueue.submit(() => {
                     this.logger.log("DEBUG", `Accepted multicast request ${req.method} ${req.url} --> ${triggerId}`);

package/lib/emulator/storage/cloudFunctions.js

@@ -6,6 +6,12 @@ const types_1 = require("../types");
 const emulatorLogger_1 = require("../emulatorLogger");
 const metadata_1 = require("./metadata");
 const apiv2_1 = require("../../apiv2");
+const STORAGE_V2_ACTION_MAP = {
+    finalize: "finalized",
+    metadataUpdate: "metadataUpdated",
+    delete: "deleted",
+    archive: "archived",
+};
 class StorageCloudFunctions {
     constructor(projectId) {
         this.projectId = projectId;
@@ -19,26 +25,37 @@ class StorageCloudFunctions {
             this.functionsEmulatorInfo = functionsEmulator.getInfo();
             this.multicastOrigin = `http://${registry_1.EmulatorRegistry.getInfoHostString(this.functionsEmulatorInfo)}`;
             this.multicastPath = `/functions/projects/${projectId}/trigger_multicast`;
+            this.client = new apiv2_1.Client({ urlPrefix: this.multicastOrigin, auth: false });
         }
     }
     async dispatch(action, object) {
-        if (!this.enabled)
+        if (!this.enabled) {
             return;
-        const multicastEventBody = this.createEventRequestBody(action, object);
-        const c = new apiv2_1.Client({ urlPrefix: this.multicastOrigin, auth: false });
-        let res;
+        }
+        const errStatus = [];
         let err;
         try {
-            res = await c.post(this.multicastPath, multicastEventBody);
+            const eventBody = this.createLegacyEventRequestBody(action, object);
+            const eventRes = await this.client.post(this.multicastPath, eventBody);
+            if (eventRes.status !== 200) {
+                errStatus.push(eventRes.status);
+            }
+            const cloudEventBody = this.createCloudEventRequestBody(action, object);
+            const cloudEventRes = await this.client.post(this.multicastPath, cloudEventBody, {
+                headers: { "Content-Type": "application/cloudevents+json; charset=UTF-8" },
+            });
+            if (cloudEventRes.status !== 200) {
+                errStatus.push(cloudEventRes.status);
+            }
         }
         catch (e) {
             err = e;
         }
-        if (err || (res === null || res === void 0 ? void 0 : res.status) != 200) {
+        if (err || errStatus.length > 0) {
             this.logger.logLabeled("WARN", "functions", `Firebase Storage function was not triggered due to emulation error. Please file a bug.`);
         }
     }
-    createEventRequestBody(action, objectMetadataPayload) {
+    createLegacyEventRequestBody(action, objectMetadataPayload) {
         const timestamp = new Date();
         return JSON.stringify({
             eventId: `${timestamp.getTime()}`,
@@ -52,5 +69,18 @@ class StorageCloudFunctions {
             data: objectMetadataPayload,
         });
     }
+    createCloudEventRequestBody(action, objectMetadataPayload) {
+        const ceAction = STORAGE_V2_ACTION_MAP[action];
+        if (!ceAction) {
+            throw new Error("Action is not definied as a CloudEvents action");
+        }
+        const data = objectMetadataPayload;
+        return JSON.stringify({
+            specVersion: 1,
+            type: `google.cloud.storage.object.v1.${ceAction}`,
+            source: `//storage.googleapis.com/projects/_/buckets/${objectMetadataPayload.bucket}/objects/${objectMetadataPayload.name}`,
+            data,
+        });
+    }
 }
 exports.StorageCloudFunctions = StorageCloudFunctions;

package/lib/extensions/extensionsHelper.js

@@ -307,7 +307,7 @@ async function publishExtensionVersionFromLocalSource(args) {
     else if (extension &&
         extension.latestVersion &&
         semver.eq(extensionSpec.version, extension.latestVersion)) {
-        throw new error_1.FirebaseError(`The version you are trying to publish (${clc.bold(extensionSpec.version)}) already exists for the extension '${clc.bold(`${args.publisherId}/${args.extensionId}`)}'. Please increment the version inside of extension.yaml.\n`);
+        throw new error_1.FirebaseError(`The version you are trying to publish (${clc.bold(extensionSpec.version)}) already exists for the extension '${clc.bold(`${args.publisherId}/${args.extensionId}`)}'. Please increment the version inside of extension.yaml.\n`, { exit: 103 });
     }
     const ref = `${args.publisherId}/${args.extensionId}@${extensionSpec.version}`;
     let packageUri;

package/lib/gcp/cloudfunctions.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.functionFromEndpoint = exports.endpointFromFunction = exports.functionFromSpec = exports.specFromFunction = exports.listAllFunctions = exports.listFunctions = exports.deleteFunction = exports.updateFunction = exports.setInvokerUpdate = exports.setInvokerCreate = exports.getIamPolicy = exports.setIamPolicy = exports.createFunction = exports.generateUploadUrl = exports.API_VERSION = void 0;
+exports.functionFromEndpoint = exports.endpointFromFunction = exports.listAllFunctions = exports.listFunctions = exports.deleteFunction = exports.updateFunction = exports.setInvokerUpdate = exports.setInvokerCreate = exports.getIamPolicy = exports.setIamPolicy = exports.createFunction = exports.generateUploadUrl = exports.API_VERSION = void 0;
 const clc = require("cli-color");
 const error_1 = require("../error");
 const logger_1 = require("../logger");
@@ -214,73 +214,6 @@ async function listAllFunctions(projectId) {
     return list(projectId, "-");
 }
 exports.listAllFunctions = listAllFunctions;
-function specFromFunction(gcfFunction) {
-    var _a;
-    const [, project, , region, , id] = gcfFunction.name.split("/");
-    let trigger;
-    let uri;
-    if (gcfFunction.httpsTrigger) {
-        trigger = {};
-        uri = gcfFunction.httpsTrigger.url;
-    }
-    else {
-        trigger = {
-            eventType: gcfFunction.eventTrigger.eventType,
-            eventFilters: {
-                resource: gcfFunction.eventTrigger.resource,
-            },
-            retry: !!((_a = gcfFunction.eventTrigger.failurePolicy) === null || _a === void 0 ? void 0 : _a.retry),
-        };
-    }
-    if (!runtimes.isValidRuntime(gcfFunction.runtime)) {
-        logger_1.logger.debug("GCFv1 function has a deprecated runtime:", JSON.stringify(gcfFunction, null, 2));
-    }
-    const cloudFunction = {
-        platform: "gcfv1",
-        id,
-        project,
-        region,
-        trigger,
-        entryPoint: gcfFunction.entryPoint,
-        runtime: gcfFunction.runtime,
-    };
-    if (uri) {
-        cloudFunction.uri = uri;
-    }
-    proto.copyIfPresent(cloudFunction, gcfFunction, "serviceAccountEmail", "availableMemoryMb", "timeout", "minInstances", "maxInstances", "vpcConnector", "vpcConnectorEgressSettings", "ingressSettings", "labels", "environmentVariables", "sourceUploadUrl");
-    return cloudFunction;
-}
-exports.specFromFunction = specFromFunction;
-function functionFromSpec(cloudFunction, sourceUploadUrl) {
-    if (cloudFunction.platform != "gcfv1") {
-        throw new error_1.FirebaseError("Trying to create a v1 CloudFunction with v2 API. This should never happen");
-    }
-    if (!runtimes.isValidRuntime(cloudFunction.runtime)) {
-        throw new error_1.FirebaseError("Failed internal assertion. Trying to deploy a new function with a deprecated runtime." +
-            " This should never happen");
-    }
-    const gcfFunction = {
-        name: backend.functionName(cloudFunction),
-        sourceUploadUrl: sourceUploadUrl,
-        entryPoint: cloudFunction.entryPoint,
-        runtime: cloudFunction.runtime,
-    };
-    if (backend.isEventTrigger(cloudFunction.trigger)) {
-        gcfFunction.eventTrigger = {
-            eventType: cloudFunction.trigger.eventType,
-            resource: cloudFunction.trigger.eventFilters.resource,
-        };
-        gcfFunction.eventTrigger.failurePolicy = cloudFunction.trigger.retry
-            ? { retry: {} }
-            : undefined;
-    }
-    else {
-        gcfFunction.httpsTrigger = {};
-    }
-    proto.copyIfPresent(gcfFunction, cloudFunction, "serviceAccountEmail", "timeout", "availableMemoryMb", "minInstances", "maxInstances", "vpcConnector", "vpcConnectorEgressSettings", "ingressSettings", "labels", "environmentVariables");
-    return gcfFunction;
-}
-exports.functionFromSpec = functionFromSpec;
 function endpointFromFunction(gcfFunction) {
     var _a, _b;
     const [, project, , region, , id] = gcfFunction.name.split("/");

package/lib/gcp/cloudfunctionsv2.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.endpointFromFunction = exports.functionFromEndpoint = exports.specFromFunction = exports.functionFromSpec = exports.deleteFunction = exports.updateFunction = exports.listAllFunctions = exports.listFunctions = exports.getFunction = exports.createFunction = exports.generateUploadUrl = exports.PUBSUB_PUBLISH_EVENT = exports.API_VERSION = void 0;
+exports.endpointFromFunction = exports.functionFromEndpoint = exports.deleteFunction = exports.updateFunction = exports.listAllFunctions = exports.listFunctions = exports.getFunction = exports.createFunction = exports.generateUploadUrl = exports.PUBSUB_PUBLISH_EVENT = exports.API_VERSION = void 0;
 const clc = require("cli-color");
 const apiv2_1 = require("../apiv2");
 const error_1 = require("../error");
@@ -115,99 +115,6 @@ async function deleteFunction(cloudFunction) {
     }
 }
 exports.deleteFunction = deleteFunction;
-function functionFromSpec(cloudFunction, source) {
-    if (cloudFunction.platform != "gcfv2") {
-        throw new error_1.FirebaseError("Trying to create a v2 CloudFunction with v1 API. This should never happen");
-    }
-    if (!runtimes.isValidRuntime(cloudFunction.runtime)) {
-        throw new error_1.FirebaseError("Failed internal assertion. Trying to deploy a new function with a deprecated runtime." +
-            " This should never happen");
-    }
-    const gcfFunction = {
-        name: backend.functionName(cloudFunction),
-        buildConfig: {
-            runtime: cloudFunction.runtime,
-            entryPoint: cloudFunction.entryPoint,
-            source: {
-                storageSource: source,
-            },
-            environmentVariables: {},
-        },
-        serviceConfig: {},
-    };
-    proto.copyIfPresent(gcfFunction.serviceConfig, cloudFunction, "availableMemoryMb", "environmentVariables", "vpcConnector", "vpcConnectorEgressSettings", "serviceAccountEmail", "ingressSettings");
-    proto.renameIfPresent(gcfFunction.serviceConfig, cloudFunction, "timeoutSeconds", "timeout", proto.secondsFromDuration);
-    proto.renameIfPresent(gcfFunction.serviceConfig, cloudFunction, "minInstanceCount", "minInstances");
-    proto.renameIfPresent(gcfFunction.serviceConfig, cloudFunction, "maxInstanceCount", "maxInstances");
-    if (backend.isEventTrigger(cloudFunction.trigger)) {
-        gcfFunction.eventTrigger = {
-            eventType: cloudFunction.trigger.eventType,
-        };
-        if (cloudFunction.trigger.region) {
-            gcfFunction.eventTrigger.triggerRegion = cloudFunction.trigger.region;
-        }
-        if (gcfFunction.eventTrigger.eventType === exports.PUBSUB_PUBLISH_EVENT) {
-            gcfFunction.eventTrigger.pubsubTopic = cloudFunction.trigger.eventFilters.resource;
-        }
-        else {
-            gcfFunction.eventTrigger.eventFilters = [];
-            for (const [attribute, value] of Object.entries(cloudFunction.trigger.eventFilters)) {
-                gcfFunction.eventTrigger.eventFilters.push({ attribute, value });
-            }
-        }
-        if (cloudFunction.trigger.retry) {
-            logger_1.logger.warn("Cannot set a retry policy on Cloud Function", cloudFunction.id);
-        }
-    }
-    proto.copyIfPresent(gcfFunction, cloudFunction, "labels");
-    return gcfFunction;
-}
-exports.functionFromSpec = functionFromSpec;
-function specFromFunction(gcfFunction) {
-    const [, project, , region, , id] = gcfFunction.name.split("/");
-    let trigger;
-    if (gcfFunction.eventTrigger) {
-        trigger = {
-            eventType: gcfFunction.eventTrigger.eventType,
-            eventFilters: {},
-            retry: false,
-        };
-        if (gcfFunction.eventTrigger.triggerRegion) {
-            trigger.region = gcfFunction.eventTrigger.triggerRegion;
-        }
-        if (gcfFunction.eventTrigger.pubsubTopic) {
-            trigger.eventFilters.resource = gcfFunction.eventTrigger.pubsubTopic;
-        }
-        else {
-            for (const { attribute, value } of gcfFunction.eventTrigger.eventFilters || []) {
-                trigger.eventFilters[attribute] = value;
-            }
-        }
-    }
-    else {
-        trigger = {};
-    }
-    if (!runtimes.isValidRuntime(gcfFunction.buildConfig.runtime)) {
-        logger_1.logger.debug("GCFv2 function has a deprecated runtime:", JSON.stringify(gcfFunction, null, 2));
-    }
-    const cloudFunction = {
-        platform: "gcfv2",
-        id,
-        project,
-        region,
-        trigger,
-        entryPoint: gcfFunction.buildConfig.entryPoint,
-        runtime: gcfFunction.buildConfig.runtime,
-        uri: gcfFunction.serviceConfig.uri,
-    };
-    proto.copyIfPresent(cloudFunction, gcfFunction.serviceConfig, "serviceAccountEmail", "availableMemoryMb", "vpcConnector", "vpcConnectorEgressSettings", "ingressSettings", "environmentVariables");
-    proto.renameIfPresent(cloudFunction, gcfFunction.serviceConfig, "timeout", "timeoutSeconds", proto.durationFromSeconds);
-    proto.renameIfPresent(cloudFunction, gcfFunction.serviceConfig, "minInstances", "minInstanceCount");
-    proto.renameIfPresent(cloudFunction, gcfFunction.serviceConfig, "maxInstances", "maxInstanceCount");
-    proto.copyIfPresent(cloudFunction, gcfFunction, "labels");
-    return cloudFunction;
-}
-exports.specFromFunction = specFromFunction;
 function functionFromEndpoint(endpoint, source) {
     if (endpoint.platform != "gcfv2") {
         throw new error_1.FirebaseError("Trying to create a v2 CloudFunction with v1 API. This should never happen");
@@ -281,6 +188,7 @@ function endpointFromFunction(gcfFunction) {
                 trigger.eventTrigger.eventFilters[attribute] = value;
             }
         }
+        proto.renameIfPresent(trigger.eventTrigger, gcfFunction.eventTrigger, "region", "triggerRegion");
     }
     else {
         trigger = { httpsTrigger: {} };