firebase-tools 9.21.0 → 9.23.2

package/lib/deploy/extensions/planner.js

@@ -0,0 +1,94 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveVersion = exports.want = exports.have = exports.getExtension = exports.getExtensionVersion = void 0;
+const semver = require("semver");
+const error_1 = require("../../error");
+const extensionsApi = require("../../extensions/extensionsApi");
+const extensionsHelper_1 = require("../../extensions/extensionsHelper");
+const refs = require("../../extensions/refs");
+const params_1 = require("./params");
+const logger_1 = require("../../logger");
+async function getExtensionVersion(i) {
+    if (!i.extensionVersion) {
+        if (!i.ref) {
+            throw new error_1.FirebaseError(`Can't get ExtensionVersion for ${i.instanceId} because it has no ref`);
+        }
+        i.extensionVersion = await extensionsApi.getExtensionVersion(refs.toExtensionVersionRef(i.ref));
+    }
+    return i.extensionVersion;
+}
+exports.getExtensionVersion = getExtensionVersion;
+async function getExtension(i) {
+    if (!i.ref) {
+        throw new error_1.FirebaseError(`Can't get Extensionfor ${i.instanceId} because it has no ref`);
+    }
+    if (!i.extension) {
+        i.extension = await extensionsApi.getExtension(refs.toExtensionRef(i.ref));
+    }
+    return i.extension;
+}
+exports.getExtension = getExtension;
+async function have(projectId) {
+    const instances = await extensionsApi.listInstances(projectId);
+    return instances.map((i) => {
+        const dep = {
+            instanceId: i.name.split("/").pop(),
+            params: i.config.params,
+        };
+        if (i.config.extensionRef) {
+            const ref = refs.parse(i.config.extensionRef);
+            dep.ref = ref;
+            dep.ref.version = i.config.extensionVersion;
+        }
+        return dep;
+    });
+}
+exports.have = have;
+async function want(args) {
+    const instanceSpecs = [];
+    const errors = [];
+    for (const e of Object.entries(args.extensions)) {
+        try {
+            const instanceId = e[0];
+            const ref = refs.parse(e[1]);
+            ref.version = await resolveVersion(ref);
+            const params = params_1.readParams({
+                projectDir: args.projectDir,
+                instanceId,
+                projectId: args.projectId,
+                projectNumber: args.projectNumber,
+                aliases: args.aliases,
+            });
+            const autoPopulatedParams = await extensionsHelper_1.getFirebaseProjectParams(args.projectId);
+            const subbedParams = extensionsHelper_1.substituteParams(params, autoPopulatedParams);
+            instanceSpecs.push({
+                instanceId,
+                ref,
+                params: subbedParams,
+            });
+        }
+        catch (err) {
+            logger_1.logger.debug(`Got error reading extensions entry ${e}: ${err}`);
+            errors.push(err);
+        }
+    }
+    if (errors.length) {
+        const messages = errors.map((err) => `- ${err.message}`).join("\n");
+        throw new error_1.FirebaseError(`Errors while reading 'extensions' in 'firebase.json'\n${messages}`);
+    }
+    return instanceSpecs;
+}
+exports.want = want;
+async function resolveVersion(ref) {
+    if (!ref.version || ref.version == "latest") {
+        return "latest";
+    }
+    const extensionRef = refs.toExtensionRef(ref);
+    const versions = await extensionsApi.listExtensionVersions(extensionRef);
+    const maxSatisfying = semver.maxSatisfying(versions.map((ev) => ev.spec.version), ref.version);
+    if (!maxSatisfying) {
+        throw new error_1.FirebaseError(`No version of ${extensionRef} matches requested version ${ref.version}`);
+    }
+    return maxSatisfying;
+}
+exports.resolveVersion = resolveVersion;

package/lib/deploy/extensions/prepare.js

@@ -0,0 +1,111 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.prepare = void 0;
+const planner = require("./planner");
+const deploymentSummary = require("./deploymentSummary");
+const prompt = require("../../prompt");
+const refs = require("../../extensions/refs");
+const projectUtils_1 = require("../../projectUtils");
+const logger_1 = require("../../logger");
+const error_1 = require("../../error");
+const requirePermissions_1 = require("../../requirePermissions");
+const extensionsHelper_1 = require("../../extensions/extensionsHelper");
+const secretsUtils_1 = require("../../extensions/secretsUtils");
+const secrets_1 = require("./secrets");
+const warnings_1 = require("../../extensions/warnings");
+async function prepare(context, options, payload) {
+    var _a;
+    const projectId = projectUtils_1.needProjectId(options);
+    const projectNumber = await projectUtils_1.needProjectNumber(options);
+    const aliases = projectUtils_1.getAliases(options, projectId);
+    await extensionsHelper_1.ensureExtensionsApiEnabled(options);
+    await requirePermissions_1.requirePermissions(options, ["firebaseextensions.instances.list"]);
+    context.have = await planner.have(projectId);
+    context.want = await planner.want({
+        projectId,
+        projectNumber,
+        aliases,
+        projectDir: options.config.projectDir,
+        extensions: options.config.get("extensions"),
+    });
+    const usingSecrets = await Promise.all((_a = context.have) === null || _a === void 0 ? void 0 : _a.map(secrets_1.checkSpecForSecrets));
+    if (usingSecrets.some((i) => i)) {
+        await secretsUtils_1.ensureSecretManagerApiEnabled(options);
+    }
+    payload.instancesToCreate = context.want.filter((i) => { var _a; return !((_a = context.have) === null || _a === void 0 ? void 0 : _a.some(matchesInstanceId(i))); });
+    payload.instancesToConfigure = context.want.filter((i) => { var _a; return (_a = context.have) === null || _a === void 0 ? void 0 : _a.some(isConfigure(i)); });
+    payload.instancesToUpdate = context.want.filter((i) => { var _a; return (_a = context.have) === null || _a === void 0 ? void 0 : _a.some(isUpdate(i)); });
+    payload.instancesToDelete = context.have.filter((i) => { var _a; return !((_a = context.want) === null || _a === void 0 ? void 0 : _a.some(matchesInstanceId(i))); });
+    if (await warnings_1.displayWarningsForDeploy(payload.instancesToCreate)) {
+        if (!options.force && options.nonInteractive) {
+            throw new error_1.FirebaseError("Pass the --force flag to acknowledge these terms in non-interactive mode");
+        }
+        else if (!options.force &&
+            !options.nonInteractive &&
+            !(await prompt.promptOnce({
+                type: "confirm",
+                message: `Do you wish to continue deploying these extensions?`,
+                default: true,
+            }))) {
+            throw new error_1.FirebaseError("Deployment cancelled");
+        }
+    }
+    if (await warnings_1.displayWarningsForDeploy(payload.instancesToCreate)) {
+        if (!options.force && options.nonInteractive) {
+            throw new error_1.FirebaseError("Pass the --force flag to acknowledge these terms in non-interactive mode");
+        }
+        else if (!options.force &&
+            !options.nonInteractive &&
+            !(await prompt.promptOnce({
+                type: "confirm",
+                message: `Do you wish to continue deploying these extensions?`,
+                default: true,
+            }))) {
+            throw new error_1.FirebaseError("Deployment cancelled");
+        }
+    }
+    const permissionsNeeded = [];
+    if (payload.instancesToCreate.length) {
+        permissionsNeeded.push("firebaseextensions.instances.create");
+        logger_1.logger.info(deploymentSummary.createsSummary(payload.instancesToCreate));
+    }
+    if (payload.instancesToUpdate.length) {
+        permissionsNeeded.push("firebaseextensions.instances.update");
+        logger_1.logger.info(deploymentSummary.updatesSummary(payload.instancesToUpdate, context.have));
+    }
+    if (payload.instancesToConfigure.length) {
+        permissionsNeeded.push("firebaseextensions.instances.update");
+        logger_1.logger.info(deploymentSummary.configuresSummary(payload.instancesToConfigure));
+    }
+    if (payload.instancesToDelete.length) {
+        logger_1.logger.info(deploymentSummary.deletesSummary(payload.instancesToDelete));
+        if (!options.force && options.nonInteractive) {
+            throw new error_1.FirebaseError("Pass the --force flag to use this command in non-interactive mode");
+        }
+        else if (!options.force &&
+            !options.nonInteractive &&
+            !(await prompt.promptOnce({
+                type: "confirm",
+                message: `Would you like to delete ${payload.instancesToDelete
+                    .map((i) => i.instanceId)
+                    .join(", ")}?`,
+                default: false,
+            }))) {
+            payload.instancesToDelete = [];
+        }
+        else {
+            permissionsNeeded.push("firebaseextensions.instances.delete");
+        }
+    }
+    await requirePermissions_1.requirePermissions(options, permissionsNeeded);
+}
+exports.prepare = prepare;
+const matchesInstanceId = (dep) => (test) => {
+    return dep.instanceId === test.instanceId;
+};
+const isUpdate = (dep) => (test) => {
+    return dep.instanceId === test.instanceId && !refs.equal(dep.ref, test.ref);
+};
+const isConfigure = (dep) => (test) => {
+    return dep.instanceId === test.instanceId && refs.equal(dep.ref, test.ref);
+};

package/lib/deploy/extensions/release.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.release = void 0;
+const queue_1 = require("../../throttler/queue");
+const tasks = require("./tasks");
+const error_1 = require("../../error");
+const errors_1 = require("./errors");
+const projectUtils_1 = require("../../projectUtils");
+async function release(context, options, payload) {
+    var _a, _b, _c, _d;
+    const projectId = projectUtils_1.needProjectId(options);
+    const errorHandler = new errors_1.ErrorHandler();
+    const deploymentQueue = new queue_1.default({
+        retries: 5,
+        concurrency: 5,
+        handler: tasks.extensionsDeploymentHandler(errorHandler),
+    });
+    for (const creation of (_a = payload.instancesToCreate) !== null && _a !== void 0 ? _a : []) {
+        const task = tasks.createExtensionInstanceTask(projectId, creation);
+        void deploymentQueue.run(task);
+    }
+    for (const update of (_b = payload.instancesToUpdate) !== null && _b !== void 0 ? _b : []) {
+        const task = tasks.updateExtensionInstanceTask(projectId, update);
+        void deploymentQueue.run(task);
+    }
+    for (const update of (_c = payload.instancesToConfigure) !== null && _c !== void 0 ? _c : []) {
+        const task = tasks.configureExtensionInstanceTask(projectId, update);
+        void deploymentQueue.run(task);
+    }
+    for (const deletion of (_d = payload.instancesToDelete) !== null && _d !== void 0 ? _d : []) {
+        const task = tasks.deleteExtensionInstanceTask(projectId, deletion);
+        void deploymentQueue.run(task);
+    }
+    const deploymentPromise = deploymentQueue.wait();
+    deploymentQueue.process();
+    deploymentQueue.close();
+    await deploymentPromise;
+    if (errorHandler.hasErrors()) {
+        errorHandler.print();
+        throw new error_1.FirebaseError(`Extensions deployment failed.`);
+    }
+}
+exports.release = release;

package/lib/deploy/extensions/secrets.js

@@ -0,0 +1,150 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSpecForSecrets = exports.handleSecretParams = void 0;
+const clc = require("cli-color");
+const secretUtils = require("../../extensions/secretsUtils");
+const secretManager = require("../../gcp/secretManager");
+const planner_1 = require("./planner");
+const askUserForParam_1 = require("../../extensions/askUserForParam");
+const extensionsApi_1 = require("../../extensions/extensionsApi");
+const error_1 = require("../../error");
+const logger_1 = require("../../logger");
+const utils_1 = require("../../utils");
+async function handleSecretParams(payload, have, nonInteractive) {
+    var _a, _b, _c;
+    for (const i of (_a = payload.instancesToCreate) !== null && _a !== void 0 ? _a : []) {
+        if (await checkSpecForSecrets(i)) {
+            utils_1.logLabeledBullet("extensions", `Verifying secret params for ${clc.bold(i.instanceId)}`);
+            await handleSecretsCreateInstance(i, nonInteractive);
+        }
+    }
+    const updates = [...((_b = payload.instancesToUpdate) !== null && _b !== void 0 ? _b : []), ...((_c = payload.instancesToConfigure) !== null && _c !== void 0 ? _c : [])];
+    for (const i of updates) {
+        if (await checkSpecForSecrets(i)) {
+            utils_1.logLabeledBullet("extensions", `Verifying secret params for ${clc.bold(i.instanceId)}`);
+            const previousSpec = have.find((h) => h.instanceId === i.instanceId);
+            await handleSecretsUpdateInstance(i, previousSpec, nonInteractive);
+        }
+    }
+}
+exports.handleSecretParams = handleSecretParams;
+async function checkSpecForSecrets(i) {
+    const extensionVersion = await planner_1.getExtensionVersion(i);
+    return secretUtils.usesSecrets(extensionVersion.spec);
+}
+exports.checkSpecForSecrets = checkSpecForSecrets;
+const secretsInSpec = (spec) => {
+    return spec.params.filter((p) => p.type === extensionsApi_1.ParamType.SECRET);
+};
+async function handleSecretsCreateInstance(i, nonInteractive) {
+    const extensionVersion = await planner_1.getExtensionVersion(i);
+    const secretParams = secretsInSpec(extensionVersion.spec);
+    for (const s of secretParams) {
+        await handleSecretParamForCreate(s, i, nonInteractive);
+    }
+}
+async function handleSecretsUpdateInstance(i, prevSpec, nonInteractive) {
+    const extensionVersion = await planner_1.getExtensionVersion(i);
+    const prevExtensionVersion = await planner_1.getExtensionVersion(prevSpec);
+    const secretParams = secretsInSpec(extensionVersion.spec);
+    for (const s of secretParams) {
+        const prevParam = prevExtensionVersion.spec.params.find((p) => p.param === s.param);
+        if ((prevParam === null || prevParam === void 0 ? void 0 : prevParam.type) === extensionsApi_1.ParamType.SECRET && prevSpec.params[prevParam === null || prevParam === void 0 ? void 0 : prevParam.param]) {
+            await handleSecretParamForUpdate(s, i, prevSpec.params[prevParam === null || prevParam === void 0 ? void 0 : prevParam.param], nonInteractive);
+        }
+        else {
+            await handleSecretParamForCreate(s, i, nonInteractive);
+        }
+    }
+}
+async function handleSecretParamForCreate(secretParam, i, nonInteractive) {
+    var _a;
+    const providedValue = i.params[secretParam.param];
+    if (!providedValue) {
+        return;
+    }
+    const [, projectId, , secretName, , version] = providedValue.split("/");
+    if (!projectId || !secretName || !version) {
+        throw new error_1.FirebaseError(`${clc.bold(i.instanceId)}: Found '${providedValue}' for secret param ${secretParam.param}, but expected a secret version.`);
+    }
+    const secretInfo = await getSecretInfo(projectId, secretName, version);
+    if (!secretInfo.secret) {
+        await promptForCreateSecret({
+            projectId,
+            secretName,
+            instanceId: i.instanceId,
+            secretParam,
+            nonInteractive,
+        });
+        return;
+    }
+    else if (!secretInfo.secretVersion) {
+        throw new error_1.FirebaseError(`${clc.bold(i.instanceId)}: Found '${providedValue}' for secret param ${secretParam.param}. ` +
+            `projects/${projectId}/secrets/${secretName} exists, but version ${version} does not. ` +
+            `See more information about this secret at ${secretManager.secretManagerConsoleUri(projectId)}`);
+    }
+    if (!!((_a = secretInfo === null || secretInfo === void 0 ? void 0 : secretInfo.secret) === null || _a === void 0 ? void 0 : _a.labels) &&
+        !!(secretInfo === null || secretInfo === void 0 ? void 0 : secretInfo.secret.labels[secretUtils.SECRET_LABEL]) &&
+        secretInfo.secret.labels[secretUtils.SECRET_LABEL] !== i.instanceId) {
+        throw new error_1.FirebaseError(`${clc.bold(i.instanceId)}: Found '${providedValue}' for secret param ${secretParam.param}. ` +
+            `projects/${projectId}/secrets/${secretName} is managed by a different extension instance (${secretInfo.secret.labels[secretUtils.SECRET_LABEL]}), so reusing it here can lead to unexpected behavior. ` +
+            "Please choose a different name for this secret, and rerun this command.");
+    }
+    await secretUtils.grantFirexServiceAgentSecretAdminRole(secretInfo.secret);
+}
+async function handleSecretParamForUpdate(secretParam, i, prevValue, nonInteractive) {
+    const providedValue = i.params[secretParam.param];
+    if (!providedValue) {
+        return;
+    }
+    const [, projectId, , secretName, , version] = providedValue.split("/");
+    if (!projectId || !secretName || !version) {
+        throw new error_1.FirebaseError(`${clc.bold(i.instanceId)}: Found '${providedValue}' for secret param ${secretParam.param}, but expected a secret version.`);
+    }
+    const [, prevProjectId, , prevSecretName] = prevValue.split("/");
+    if (prevSecretName !== secretName) {
+        throw new error_1.FirebaseError(`${clc.bold(i.instanceId)}: Found '${providedValue}' for secret param ${secretParam.param}, ` +
+            `but this instance was previously using a different secret projects/${prevProjectId}/secrets/${prevSecretName}.\n` +
+            `Changing secrets is not supported. If you want to change the value of this secret, ` +
+            `use a new version of projects/${prevProjectId}/secrets/${prevSecretName}.` +
+            `You can create a new version at ${secretManager.secretManagerConsoleUri(projectId)}`);
+    }
+    const secretInfo = await getSecretInfo(projectId, secretName, version);
+    if (!secretInfo.secret) {
+        i.params[secretParam.param] = await promptForCreateSecret({
+            projectId,
+            secretName,
+            instanceId: i.instanceId,
+            secretParam,
+            nonInteractive,
+        });
+        return;
+    }
+    else if (!secretInfo.secretVersion) {
+        throw new error_1.FirebaseError(`${clc.bold(i.instanceId)}: Found '${providedValue}' for secret param ${secretParam.param}. ` +
+            `projects/${projectId}/secrets/${secretName} exists, but version ${version} does not. ` +
+            `See more information about this secret at ${secretManager.secretManagerConsoleUri(projectId)}`);
+    }
+    i.params[secretParam.param] = secretManager.toSecretVersionResourceName(secretInfo.secretVersion);
+    await secretUtils.grantFirexServiceAgentSecretAdminRole(secretInfo.secret);
+}
+async function getSecretInfo(projectId, secretName, version) {
+    const secretInfo = {};
+    try {
+        secretInfo.secret = await secretManager.getSecret(projectId, secretName);
+        secretInfo.secretVersion = await secretManager.getSecretVersion(projectId, secretName, version);
+    }
+    catch (err) {
+        if (err.status !== 404) {
+            throw err;
+        }
+    }
+    return secretInfo;
+}
+async function promptForCreateSecret(args) {
+    logger_1.logger.info(`${clc.bold(args.instanceId)}: Secret ${args.projectId}/${args.secretName} doesn't exist yet.`);
+    if (args.nonInteractive) {
+        throw new error_1.FirebaseError(`To create this secret, run this command in interactive mode, or go to ${secretManager.secretManagerConsoleUri(args.projectId)}`);
+    }
+    return askUserForParam_1.promptCreateSecret(args.projectId, args.instanceId, args.secretParam, args.secretName);
+}

package/lib/deploy/extensions/tasks.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deleteExtensionInstanceTask = exports.configureExtensionInstanceTask = exports.updateExtensionInstanceTask = exports.createExtensionInstanceTask = exports.extensionsDeploymentHandler = void 0;
+const clc = require("cli-color");
+const extensionsApi = require("../../extensions/extensionsApi");
+const refs = require("../../extensions/refs");
+const utils = require("../../utils");
+const isRetryable = (err) => err.status == 429 || err.status == 409;
+function extensionsDeploymentHandler(errorHandler) {
+    return async (task) => {
+        var _a, _b, _c, _d;
+        let result;
+        try {
+            result = await task.run();
+        }
+        catch (err) {
+            if (isRetryable(err)) {
+                throw err;
+            }
+            errorHandler.record(task.spec.instanceId, task.type, (_d = (_c = (_b = (_a = err.context) === null || _a === void 0 ? void 0 : _a.body) === null || _b === void 0 ? void 0 : _b.error) === null || _c === void 0 ? void 0 : _c.message) !== null && _d !== void 0 ? _d : err);
+        }
+        return result;
+    };
+}
+exports.extensionsDeploymentHandler = extensionsDeploymentHandler;
+function createExtensionInstanceTask(projectId, instanceSpec, validateOnly = false) {
+    const run = async () => {
+        const res = await extensionsApi.createInstance({
+            projectId,
+            instanceId: instanceSpec.instanceId,
+            params: instanceSpec.params,
+            extensionVersionRef: refs.toExtensionVersionRef(instanceSpec.ref),
+            validateOnly,
+        });
+        printSuccess(instanceSpec.instanceId, "create", validateOnly);
+        return;
+    };
+    return {
+        run,
+        spec: instanceSpec,
+        type: "create",
+    };
+}
+exports.createExtensionInstanceTask = createExtensionInstanceTask;
+function updateExtensionInstanceTask(projectId, instanceSpec, validateOnly = false) {
+    const run = async () => {
+        const res = await extensionsApi.updateInstanceFromRegistry({
+            projectId,
+            instanceId: instanceSpec.instanceId,
+            extRef: refs.toExtensionVersionRef(instanceSpec.ref),
+            params: instanceSpec.params,
+            validateOnly,
+        });
+        printSuccess(instanceSpec.instanceId, "update", validateOnly);
+        return;
+    };
+    return {
+        run,
+        spec: instanceSpec,
+        type: "update",
+    };
+}
+exports.updateExtensionInstanceTask = updateExtensionInstanceTask;
+function configureExtensionInstanceTask(projectId, instanceSpec, validateOnly = false) {
+    const run = async () => {
+        const res = await extensionsApi.configureInstance({
+            projectId,
+            instanceId: instanceSpec.instanceId,
+            params: instanceSpec.params,
+            validateOnly,
+        });
+        printSuccess(instanceSpec.instanceId, "configure", validateOnly);
+        return;
+    };
+    return {
+        run,
+        spec: instanceSpec,
+        type: "configure",
+    };
+}
+exports.configureExtensionInstanceTask = configureExtensionInstanceTask;
+function deleteExtensionInstanceTask(projectId, instanceSpec) {
+    const run = async () => {
+        const res = await extensionsApi.deleteInstance(projectId, instanceSpec.instanceId);
+        printSuccess(instanceSpec.instanceId, "delete", false);
+        return;
+    };
+    return {
+        run,
+        spec: instanceSpec,
+        type: "delete",
+    };
+}
+exports.deleteExtensionInstanceTask = deleteExtensionInstanceTask;
+function printSuccess(instanceId, type, validateOnly) {
+    const action = validateOnly ? `validated ${type} for` : `${type}d`;
+    utils.logSuccess(clc.bold.green("extensions") + ` Successfully ${action} ${instanceId}`);
+}

package/lib/deploy/extensions/validate.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkBilling = void 0;
+const cloudbilling_1 = require("../../gcp/cloudbilling");
+const checkProjectBilling_1 = require("../../extensions/checkProjectBilling");
+const error_1 = require("../../error");
+async function checkBilling(projectId, nonInteractive) {
+    const enabled = await cloudbilling_1.checkBillingEnabled(projectId);
+    if (!enabled && nonInteractive) {
+        throw new error_1.FirebaseError(`Extensions require the Blaze plan, but project ${projectId} is not on the Blaze plan. ` +
+            `Please visit https://console.cloud.google.com/billing/linkedaccount?project=${projectId} to upgrade your project.`);
+    }
+    else if (!enabled) {
+        await checkProjectBilling_1.enableBilling(projectId);
+    }
+}
+exports.checkBilling = checkBilling;

package/lib/deploy/functions/backend.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.compareFunctions = exports.missingEndpoint = exports.hasEndpoint = exports.regionalEndpoints = exports.matchingBackend = exports.someEndpoint = exports.allEndpoints = exports.checkAvailability = exports.existingBackend = exports.scheduleIdForFunction = exports.functionName = exports.isEmptyBackend = exports.of = exports.empty = exports.isScheduleTriggered = exports.isEventTriggered = exports.isHttpsTriggered = exports.SCHEDULED_FUNCTION_LABEL = exports.memoryOptionDisplayName = exports.endpointTriggerType = void 0;
+exports.compareFunctions = exports.missingEndpoint = exports.hasEndpoint = exports.regionalEndpoints = exports.matchingBackend = exports.someEndpoint = exports.allEndpoints = exports.checkAvailability = exports.existingBackend = exports.scheduleIdForFunction = exports.functionName = exports.isEmptyBackend = exports.of = exports.empty = exports.isTaskQueueTriggered = exports.isScheduleTriggered = exports.isEventTriggered = exports.isHttpsTriggered = exports.SCHEDULED_FUNCTION_LABEL = exports.memoryOptionDisplayName = exports.endpointTriggerType = void 0;
 const gcf = require("../../gcp/cloudfunctions");
 const gcfV2 = require("../../gcp/cloudfunctionsv2");
 const utils = require("../../utils");
@@ -16,6 +16,9 @@ function endpointTriggerType(endpoint) {
     else if (isEventTriggered(endpoint)) {
         return endpoint.eventTrigger.eventType;
     }
+    else if (isTaskQueueTriggered(endpoint)) {
+        return "taskQueue";
+    }
     else {
         throw new Error("Unexpected trigger type for endpoint " + JSON.stringify(endpoint));
     }
@@ -46,6 +49,10 @@ function isScheduleTriggered(triggered) {
     return {}.hasOwnProperty.call(triggered, "scheduleTrigger");
 }
 exports.isScheduleTriggered = isScheduleTriggered;
+function isTaskQueueTriggered(triggered) {
+    return {}.hasOwnProperty.call(triggered, "taskQueueTrigger");
+}
+exports.isTaskQueueTriggered = isTaskQueueTriggered;
 function empty() {
     return {
         requiredAPIs: {},

package/lib/deploy/functions/checkIam.js

@@ -1,19 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkHttpIam = exports.checkServiceAccountIam = void 0;
+exports.ensureServiceAgentRoles = exports.mergeBindings = exports.checkHttpIam = exports.checkServiceAccountIam = void 0;
 const cli_color_1 = require("cli-color");
 const logger_1 = require("../../logger");
 const functionsDeployHelper_1 = require("./functionsDeployHelper");
 const error_1 = require("../../error");
-const iam_1 = require("../../gcp/iam");
+const iam = require("../../gcp/iam");
 const backend = require("./backend");
 const track = require("../../track");
+const utils = require("../../utils");
+const resourceManager_1 = require("../../gcp/resourceManager");
+const services_1 = require("./services");
 const PERMISSION = "cloudfunctions.functions.setIamPolicy";
 async function checkServiceAccountIam(projectId) {
     const saEmail = `${projectId}@appspot.gserviceaccount.com`;
     let passed = false;
     try {
-        const iamResult = await iam_1.testResourceIamPermissions("https://iam.googleapis.com", "v1", `projects/${projectId}/serviceAccounts/${saEmail}`, ["iam.serviceAccounts.actAs"]);
+        const iamResult = await iam.testResourceIamPermissions("https://iam.googleapis.com", "v1", `projects/${projectId}/serviceAccounts/${saEmail}`, ["iam.serviceAccounts.actAs"]);
         passed = iamResult.passed;
     }
     catch (err) {
@@ -41,7 +44,7 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found", newHttpsEndpoints.length, "new HTTP functions, testing setIamPolicy permission...");
     let passed = true;
     try {
-        const iamResult = await iam_1.testIamPermissions(context.projectId, [PERMISSION]);
+        const iamResult = await iam.testIamPermissions(context.projectId, [PERMISSION]);
         passed = iamResult.passed;
     }
     catch (e) {
@@ -57,3 +60,61 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found setIamPolicy permission, proceeding with deploy");
 }
 exports.checkHttpIam = checkHttpIam;
+function reduceEventsToServices(services, endpoint) {
+    const service = services_1.serviceForEndpoint(endpoint);
+    if (service.requiredProjectBindings && !services.find((s) => s.name === service.name)) {
+        services.push(service);
+    }
+    return services;
+}
+function mergeBindings(policy, allRequiredBindings) {
+    for (const requiredBindings of allRequiredBindings) {
+        if (requiredBindings.length === 0) {
+            continue;
+        }
+        for (const requiredBinding of requiredBindings) {
+            const ndx = policy.bindings.findIndex((policyBinding) => policyBinding.role === requiredBinding.role);
+            if (ndx === -1) {
+                policy.bindings.push(requiredBinding);
+                continue;
+            }
+            requiredBinding.members.forEach((updatedMember) => {
+                if (!policy.bindings[ndx].members.find((member) => member === updatedMember)) {
+                    policy.bindings[ndx].members.push(updatedMember);
+                }
+            });
+        }
+    }
+}
+exports.mergeBindings = mergeBindings;
+async function ensureServiceAgentRoles(projectId, want, have) {
+    const wantServices = backend.allEndpoints(want).reduce(reduceEventsToServices, []);
+    const haveServices = backend.allEndpoints(have).reduce(reduceEventsToServices, []);
+    const newServices = wantServices.filter((wantS) => !haveServices.find((haveS) => wantS.name === haveS.name));
+    if (newServices.length === 0) {
+        return;
+    }
+    let policy;
+    try {
+        policy = await resourceManager_1.getIamPolicy(projectId);
+    }
+    catch (err) {
+        utils.logLabeledBullet("functions", "Could not verify the necessary IAM configuration for the following newly-integrated services: " +
+            `${newServices.map((service) => service.api).join(", ")}` +
+            ". Deployment may fail.", "warn");
+        return;
+    }
+    const findRequiredBindings = [];
+    newServices.forEach((service) => findRequiredBindings.push(service.requiredProjectBindings(projectId, policy)));
+    const allRequiredBindings = await Promise.all(findRequiredBindings);
+    mergeBindings(policy, allRequiredBindings);
+    try {
+        await resourceManager_1.setIamPolicy(projectId, policy, "bindings");
+    }
+    catch (err) {
+        throw new error_1.FirebaseError("We failed to modify the IAM policy for the project. The functions " +
+            "deployment requires specific roles to be granted to service agents," +
+            " otherwise the deployment will fail.", { original: err });
+    }
+}
+exports.ensureServiceAgentRoles = ensureServiceAgentRoles;