firebase-tools 9.22.0 → 9.23.3

package/CHANGELOG.md

@@ -1,3 +1 @@
-- Adds `firebase ext:export` command, and adds `extensions` to `firebase deploy`. See https://firebase.google.com/docs/extensions/reuse-project-config for more infomation on how to manage your extensions with these commands.
-- Fixes issue where `init` would crash with multiple Hosting items selected (#3742).
-- Adds a command (`crashlytics:symbols:upload`) to upload native symbol files, used in Android NDK crash symbolication.
+- Upgrades Database Emulator to v4.7.3, removing log4j dependency.

package/lib/commands/functions-delete.js

@@ -8,6 +8,7 @@ const projectUtils_1 = require("../projectUtils");
 const prompt_1 = require("../prompt");
 const functional_1 = require("../functional");
 const requirePermissions_1 = require("../requirePermissions");
+const ensure = require("../ensureApiEnabled");
 const helper = require("../deploy/functions/functionsDeployHelper");
 const utils = require("../utils");
 const backend = require("../deploy/functions/backend");
@@ -84,5 +85,10 @@ exports.default = new command_1.Command("functions:delete [filters...]")
             exit: 1,
         });
     }
-    await containerCleaner.cleanupBuildImages([], allEpToDelete);
+    const opts = {};
+    const arEnabled = await ensure.check(projectUtils_1.needProjectId(options), "artifactregistry.googleapis.com", "functions", true);
+    if (!arEnabled) {
+        opts.ar = new containerCleaner.NoopArtifactRegistryCleaner();
+    }
+    await containerCleaner.cleanupBuildImages([], allEpToDelete, opts);
 });

package/lib/commands/remoteconfig-get.js

@@ -11,13 +11,14 @@ const utils = require("../utils");
 const Table = require("cli-table");
 const fs = require("fs");
 const util = require("util");
+const error_1 = require("../error");
 const tableHead = ["Entry Name", "Value"];
 const MAX_DISPLAY_ITEMS = 20;
-function checkValidNumber(versionNumber) {
-    if (typeof Number(versionNumber) == "number") {
+function checkValidOptionalNumber(versionNumber) {
+    if (!versionNumber || typeof Number(versionNumber) == "number") {
         return versionNumber;
     }
-    return "null";
+    throw new error_1.FirebaseError(`Could not interpret "${versionNumber}" as a valid number.`);
 }
 module.exports = new command_1.Command("remoteconfig:get")
     .description("get a Firebase project's Remote Config template")
@@ -26,8 +27,8 @@ module.exports = new command_1.Command("remoteconfig:get")
     .before(requireAuth_1.requireAuth)
     .before(requirePermissions_1.requirePermissions, ["cloudconfig.configs.get"])
     .action(async (options) => {
-    utils.assertIsString(options.versionNumber);
-    const template = await rcGet.getTemplate(projectUtils_1.needProjectId(options), checkValidNumber(options.versionNumber));
+    utils.assertIsStringOrUndefined(options.versionNumber);
+    const template = await rcGet.getTemplate(projectUtils_1.needProjectId(options), checkValidOptionalNumber(options.versionNumber));
     const table = new Table({ head: tableHead, style: { head: ["green"] } });
     if (template.conditions) {
         let updatedConditions = template.conditions

package/lib/deploy/extensions/params.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readParams = void 0;
+const path = require("path");
+const logger_1 = require("../../logger");
+const paramHelper_1 = require("../../extensions/paramHelper");
+const error_1 = require("../../error");
+const ENV_DIRECTORY = "extensions";
+function readParams(args) {
+    const filesToCheck = [
+        `${args.instanceId}.env`,
+        ...args.aliases.map((alias) => `${args.instanceId}.env.${alias}`),
+        `${args.instanceId}.env.${args.projectNumber}`,
+        `${args.instanceId}.env.${args.projectId}`,
+    ];
+    let noFilesFound = true;
+    const combinedParams = {};
+    for (const fileToCheck of filesToCheck) {
+        try {
+            const params = readParamsFile(args.projectDir, fileToCheck);
+            logger_1.logger.debug(`Successfully read params from ${fileToCheck}`);
+            noFilesFound = false;
+            Object.assign(combinedParams, params);
+        }
+        catch (err) {
+            logger_1.logger.debug(`${err}`);
+        }
+    }
+    if (noFilesFound) {
+        throw new error_1.FirebaseError(`No params file found for ${args.instanceId}`);
+    }
+    return combinedParams;
+}
+exports.readParams = readParams;
+function readParamsFile(projectDir, fileName) {
+    const paramPath = path.join(projectDir, ENV_DIRECTORY, fileName);
+    const params = paramHelper_1.readEnvFile(paramPath);
+    return params;
+}

package/lib/deploy/extensions/planner.js

@@ -1,13 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveVersion = exports.want = exports.have = exports.getExtension = exports.getExtensionVersion = void 0;
-const path = require("path");
 const semver = require("semver");
 const error_1 = require("../../error");
 const extensionsApi = require("../../extensions/extensionsApi");
 const extensionsHelper_1 = require("../../extensions/extensionsHelper");
 const refs = require("../../extensions/refs");
-const paramHelper_1 = require("../../extensions/paramHelper");
+const params_1 = require("./params");
 const logger_1 = require("../../logger");
 async function getExtensionVersion(i) {
     if (!i.extensionVersion) {
@@ -29,7 +28,6 @@ async function getExtension(i) {
     return i.extension;
 }
 exports.getExtension = getExtension;
-const ENV_DIRECTORY = "extensions";
 async function have(projectId) {
     const instances = await extensionsApi.listInstances(projectId);
     return instances.map((i) => {
@@ -46,16 +44,22 @@ async function have(projectId) {
     });
 }
 exports.have = have;
-async function want(projectId, projectDir, extensions) {
+async function want(args) {
     const instanceSpecs = [];
     const errors = [];
-    for (const e of Object.entries(extensions)) {
+    for (const e of Object.entries(args.extensions)) {
         try {
             const instanceId = e[0];
             const ref = refs.parse(e[1]);
             ref.version = await resolveVersion(ref);
-            const params = readParams(projectDir, instanceId);
-            const autoPopulatedParams = await extensionsHelper_1.getFirebaseProjectParams(projectId);
+            const params = params_1.readParams({
+                projectDir: args.projectDir,
+                instanceId,
+                projectId: args.projectId,
+                projectNumber: args.projectNumber,
+                aliases: args.aliases,
+            });
+            const autoPopulatedParams = await extensionsHelper_1.getFirebaseProjectParams(args.projectId);
             const subbedParams = extensionsHelper_1.substituteParams(params, autoPopulatedParams);
             instanceSpecs.push({
                 instanceId,
@@ -88,8 +92,3 @@ async function resolveVersion(ref) {
     return maxSatisfying;
 }
 exports.resolveVersion = resolveVersion;
-function readParams(projectDir, instanceId) {
-    const paramPath = path.join(projectDir, ENV_DIRECTORY, `${instanceId}.env`);
-    const params = paramHelper_1.readEnvFile(paramPath);
-    return params;
-}

package/lib/deploy/extensions/prepare.js

@@ -16,10 +16,18 @@ const warnings_1 = require("../../extensions/warnings");
 async function prepare(context, options, payload) {
     var _a;
     const projectId = projectUtils_1.needProjectId(options);
+    const projectNumber = await projectUtils_1.needProjectNumber(options);
+    const aliases = projectUtils_1.getAliases(options, projectId);
     await extensionsHelper_1.ensureExtensionsApiEnabled(options);
     await requirePermissions_1.requirePermissions(options, ["firebaseextensions.instances.list"]);
     context.have = await planner.have(projectId);
-    context.want = await planner.want(projectId, options.config.projectDir, options.config.get("extensions"));
+    context.want = await planner.want({
+        projectId,
+        projectNumber,
+        aliases,
+        projectDir: options.config.projectDir,
+        extensions: options.config.get("extensions"),
+    });
     const usingSecrets = await Promise.all((_a = context.have) === null || _a === void 0 ? void 0 : _a.map(secrets_1.checkSpecForSecrets));
     if (usingSecrets.some((i) => i)) {
         await secretsUtils_1.ensureSecretManagerApiEnabled(options);

package/lib/deploy/functions/checkIam.js

@@ -1,19 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkHttpIam = exports.checkServiceAccountIam = void 0;
+exports.ensureServiceAgentRoles = exports.mergeBindings = exports.checkHttpIam = exports.checkServiceAccountIam = void 0;
 const cli_color_1 = require("cli-color");
 const logger_1 = require("../../logger");
 const functionsDeployHelper_1 = require("./functionsDeployHelper");
 const error_1 = require("../../error");
-const iam_1 = require("../../gcp/iam");
+const iam = require("../../gcp/iam");
 const backend = require("./backend");
 const track = require("../../track");
+const utils = require("../../utils");
+const resourceManager_1 = require("../../gcp/resourceManager");
+const services_1 = require("./services");
 const PERMISSION = "cloudfunctions.functions.setIamPolicy";
 async function checkServiceAccountIam(projectId) {
     const saEmail = `${projectId}@appspot.gserviceaccount.com`;
     let passed = false;
     try {
-        const iamResult = await iam_1.testResourceIamPermissions("https://iam.googleapis.com", "v1", `projects/${projectId}/serviceAccounts/${saEmail}`, ["iam.serviceAccounts.actAs"]);
+        const iamResult = await iam.testResourceIamPermissions("https://iam.googleapis.com", "v1", `projects/${projectId}/serviceAccounts/${saEmail}`, ["iam.serviceAccounts.actAs"]);
         passed = iamResult.passed;
     }
     catch (err) {
@@ -41,7 +44,7 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found", newHttpsEndpoints.length, "new HTTP functions, testing setIamPolicy permission...");
     let passed = true;
     try {
-        const iamResult = await iam_1.testIamPermissions(context.projectId, [PERMISSION]);
+        const iamResult = await iam.testIamPermissions(context.projectId, [PERMISSION]);
         passed = iamResult.passed;
     }
     catch (e) {
@@ -57,3 +60,61 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found setIamPolicy permission, proceeding with deploy");
 }
 exports.checkHttpIam = checkHttpIam;
+function reduceEventsToServices(services, endpoint) {
+    const service = services_1.serviceForEndpoint(endpoint);
+    if (service.requiredProjectBindings && !services.find((s) => s.name === service.name)) {
+        services.push(service);
+    }
+    return services;
+}
+function mergeBindings(policy, allRequiredBindings) {
+    for (const requiredBindings of allRequiredBindings) {
+        if (requiredBindings.length === 0) {
+            continue;
+        }
+        for (const requiredBinding of requiredBindings) {
+            const ndx = policy.bindings.findIndex((policyBinding) => policyBinding.role === requiredBinding.role);
+            if (ndx === -1) {
+                policy.bindings.push(requiredBinding);
+                continue;
+            }
+            requiredBinding.members.forEach((updatedMember) => {
+                if (!policy.bindings[ndx].members.find((member) => member === updatedMember)) {
+                    policy.bindings[ndx].members.push(updatedMember);
+                }
+            });
+        }
+    }
+}
+exports.mergeBindings = mergeBindings;
+async function ensureServiceAgentRoles(projectId, want, have) {
+    const wantServices = backend.allEndpoints(want).reduce(reduceEventsToServices, []);
+    const haveServices = backend.allEndpoints(have).reduce(reduceEventsToServices, []);
+    const newServices = wantServices.filter((wantS) => !haveServices.find((haveS) => wantS.name === haveS.name));
+    if (newServices.length === 0) {
+        return;
+    }
+    let policy;
+    try {
+        policy = await resourceManager_1.getIamPolicy(projectId);
+    }
+    catch (err) {
+        utils.logLabeledBullet("functions", "Could not verify the necessary IAM configuration for the following newly-integrated services: " +
+            `${newServices.map((service) => service.api).join(", ")}` +
+            ". Deployment may fail.", "warn");
+        return;
+    }
+    const findRequiredBindings = [];
+    newServices.forEach((service) => findRequiredBindings.push(service.requiredProjectBindings(projectId, policy)));
+    const allRequiredBindings = await Promise.all(findRequiredBindings);
+    mergeBindings(policy, allRequiredBindings);
+    try {
+        await resourceManager_1.setIamPolicy(projectId, policy, "bindings");
+    }
+    catch (err) {
+        throw new error_1.FirebaseError("We failed to modify the IAM policy for the project. The functions " +
+            "deployment requires specific roles to be granted to service agents," +
+            " otherwise the deployment will fail.", { original: err });
+    }
+}
+exports.ensureServiceAgentRoles = ensureServiceAgentRoles;

package/lib/deploy/functions/containerCleaner.js

@@ -1,9 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DockerHelper = exports.deleteGcfArtifacts = exports.listGcfPaths = exports.ContainerRegistryCleaner = exports.ArtifactRegistryCleaner = exports.cleanupBuildImages = exports.SUBDOMAIN_MAPPING = void 0;
+exports.DockerHelper = exports.deleteGcfArtifacts = exports.listGcfPaths = exports.ContainerRegistryCleaner = exports.NoopArtifactRegistryCleaner = exports.ArtifactRegistryCleaner = exports.cleanupBuildImages = void 0;
 const clc = require("cli-color");
 const error_1 = require("../../error");
-const previews_1 = require("../../previews");
 const api_1 = require("../../api");
 const logger_1 = require("../../logger");
 const artifactregistry = require("../../gcp/artifactregistry");
@@ -11,31 +10,6 @@ const backend = require("./backend");
 const docker = require("../../gcp/docker");
 const utils = require("../../utils");
 const poller = require("../../operation-poller");
-exports.SUBDOMAIN_MAPPING = {
-    "us-west2": "us",
-    "us-west3": "us",
-    "us-west4": "us",
-    "us-central1": "us",
-    "us-central2": "us",
-    "us-east1": "us",
-    "us-east4": "us",
-    "northamerica-northeast1": "us",
-    "southamerica-east1": "us",
-    "europe-west1": "eu",
-    "europe-west2": "eu",
-    "europe-west3": "eu",
-    "europe-west5": "eu",
-    "europe-west6": "eu",
-    "europe-central2": "eu",
-    "asia-east1": "asia",
-    "asia-east2": "asia",
-    "asia-northeast1": "asia",
-    "asia-northeast2": "asia",
-    "asia-northeast3": "asia",
-    "asia-south1": "asia",
-    "asia-southeast2": "asia",
-    "australia-southeast1": "asia",
-};
 async function retry(func) {
     const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
     const MAX_RETRIES = 3;
@@ -62,44 +36,37 @@ async function retry(func) {
 async function cleanupBuildImages(haveFunctions, deletedFunctions, cleaners = {}) {
     utils.logBullet(clc.bold.cyan("functions: ") + "cleaning up build files...");
     const failedDomains = new Set();
-    if (previews_1.previews.artifactregistry) {
-        const arCleaner = cleaners.ar || new ArtifactRegistryCleaner();
-        await Promise.all([
-            ...haveFunctions.map(async (func) => {
-                try {
-                    await arCleaner.cleanupFunction(func);
-                }
-                catch (err) {
-                    const path = `${func.project}/${func.region}/gcf-artifacts`;
-                    failedDomains.add(`https://console.cloud.google.com/artifacts/docker/${path}`);
-                }
-            }),
-            ...deletedFunctions.map(async (func) => {
-                try {
-                    await Promise.all([
-                        arCleaner.cleanupFunction(func),
-                        arCleaner.cleanupFunctionCache(func),
-                    ]);
-                }
-                catch (err) {
-                    const path = `${func.project}/${func.region}/gcf-artifacts`;
-                    failedDomains.add(`https://console.cloud.google.com/artifacts/docker/${path}`);
-                }
-            }),
-        ]);
-    }
-    else {
-        const gcrCleaner = cleaners.gcr || new ContainerRegistryCleaner();
-        await Promise.all([...haveFunctions, ...deletedFunctions].map(async (func) => {
-            try {
-                await gcrCleaner.cleanupFunction(func);
-            }
-            catch (err) {
-                const path = `${func.project}/${exports.SUBDOMAIN_MAPPING[func.region]}/gcf`;
-                failedDomains.add(`https://console.cloud.google.com/gcr/images/${path}`);
-            }
-        }));
-    }
+    const cleanup = [];
+    const arCleaner = cleaners.ar || new ArtifactRegistryCleaner();
+    cleanup.push(...haveFunctions.map(async (func) => {
+        try {
+            await arCleaner.cleanupFunction(func);
+        }
+        catch (err) {
+            const path = `${func.project}/${func.region}/gcf-artifacts`;
+            failedDomains.add(`https://console.cloud.google.com/artifacts/docker/${path}`);
+        }
+    }));
+    cleanup.push(...deletedFunctions.map(async (func) => {
+        try {
+            await Promise.all([arCleaner.cleanupFunction(func), arCleaner.cleanupFunctionCache(func)]);
+        }
+        catch (err) {
+            const path = `${func.project}/${func.region}/gcf-artifacts`;
+            failedDomains.add(`https://console.cloud.google.com/artifacts/docker/${path}`);
+        }
+    }));
+    const gcrCleaner = cleaners.gcr || new ContainerRegistryCleaner();
+    cleanup.push(...[...haveFunctions, ...deletedFunctions].map(async (func) => {
+        try {
+            await gcrCleaner.cleanupFunction(func);
+        }
+        catch (err) {
+            const path = `${func.project}/${docker.GCR_SUBDOMAIN_MAPPING[func.region]}/gcf`;
+            failedDomains.add(`https://console.cloud.google.com/gcr/images/${path}`);
+        }
+    }));
+    await Promise.all(cleanup);
     if (failedDomains.size) {
         let message = "Unhandled error cleaning up build images. This could result in a small monthly bill if not corrected. ";
         message +=
@@ -116,10 +83,24 @@ async function cleanupBuildImages(haveFunctions, deletedFunctions, cleaners = {}
 exports.cleanupBuildImages = cleanupBuildImages;
 class ArtifactRegistryCleaner {
     static packagePath(func) {
-        return `projects/${func.project}/locations/${func.region}/repositories/gcf-artifacts/packages/${func.id}`;
+        const encodedId = func.id
+            .replace(/_/g, "__")
+            .replace(/-/g, "--")
+            .replace(/^[A-Z]/, (first) => `${first.toLowerCase()}-${first.toLowerCase()}`)
+            .replace(/[A-Z]/g, (upper) => `_${upper.toLowerCase()}`);
+        return `projects/${func.project}/locations/${func.region}/repositories/gcf-artifacts/packages/${encodedId}`;
     }
     async cleanupFunction(func) {
-        const op = await artifactregistry.deletePackage(ArtifactRegistryCleaner.packagePath(func));
+        let op;
+        try {
+            op = await artifactregistry.deletePackage(ArtifactRegistryCleaner.packagePath(func));
+        }
+        catch (err) {
+            if (err.status === 404) {
+                return;
+            }
+            throw err;
+        }
         if (op.done) {
             return;
         }
@@ -139,12 +120,21 @@ ArtifactRegistryCleaner.POLLER_OPTIONS = {
     apiVersion: artifactregistry.API_VERSION,
     masterTimeout: 5 * 60 * 1000,
 };
+class NoopArtifactRegistryCleaner extends ArtifactRegistryCleaner {
+    cleanupFunction() {
+        return Promise.resolve();
+    }
+    cleanupFunctionCache() {
+        return Promise.resolve();
+    }
+}
+exports.NoopArtifactRegistryCleaner = NoopArtifactRegistryCleaner;
 class ContainerRegistryCleaner {
     constructor() {
         this.helpers = {};
     }
     helper(location) {
-        const subdomain = exports.SUBDOMAIN_MAPPING[location] || "us";
+        const subdomain = docker.GCR_SUBDOMAIN_MAPPING[location] || "us";
         if (!this.helpers[subdomain]) {
             const origin = `https://${subdomain}.${api_1.containerRegistryDomain}`;
             this.helpers[subdomain] = new DockerHelper(origin);
@@ -184,14 +174,14 @@ function getHelper(cache, subdomain) {
 }
 async function listGcfPaths(projectId, locations, dockerHelpers = {}) {
     if (!locations) {
-        locations = Object.keys(exports.SUBDOMAIN_MAPPING);
+        locations = Object.keys(docker.GCR_SUBDOMAIN_MAPPING);
     }
-    const invalidRegion = locations.find((loc) => !exports.SUBDOMAIN_MAPPING[loc]);
+    const invalidRegion = locations.find((loc) => !docker.GCR_SUBDOMAIN_MAPPING[loc]);
     if (invalidRegion) {
         throw new error_1.FirebaseError(`Invalid region ${invalidRegion} supplied`);
     }
     const locationsSet = new Set(locations);
-    const subdomains = new Set(Object.values(exports.SUBDOMAIN_MAPPING));
+    const subdomains = new Set(Object.values(docker.GCR_SUBDOMAIN_MAPPING));
     const failedSubdomains = [];
     const listAll = [];
     for (const subdomain of subdomains) {
@@ -222,26 +212,27 @@ async function listGcfPaths(projectId, locations, dockerHelpers = {}) {
         throw new error_1.FirebaseError(`Failed to search the following subdomains: ${failedSubdomains.join(",")}`);
     }
     return gcfDirs.map((loc) => {
-        return `${exports.SUBDOMAIN_MAPPING[loc]}.${api_1.containerRegistryDomain}/${projectId}/gcf/${loc}`;
+        return `${docker.GCR_SUBDOMAIN_MAPPING[loc]}.${api_1.containerRegistryDomain}/${projectId}/gcf/${loc}`;
     });
 }
 exports.listGcfPaths = listGcfPaths;
 async function deleteGcfArtifacts(projectId, locations, dockerHelpers = {}) {
     if (!locations) {
-        locations = Object.keys(exports.SUBDOMAIN_MAPPING);
+        locations = Object.keys(docker.GCR_SUBDOMAIN_MAPPING);
     }
-    const invalidRegion = locations.find((loc) => !exports.SUBDOMAIN_MAPPING[loc]);
+    const invalidRegion = locations.find((loc) => !docker.GCR_SUBDOMAIN_MAPPING[loc]);
     if (invalidRegion) {
         throw new error_1.FirebaseError(`Invalid region ${invalidRegion} supplied`);
     }
-    const subdomains = new Set(Object.values(exports.SUBDOMAIN_MAPPING));
+    const subdomains = new Set(Object.values(docker.GCR_SUBDOMAIN_MAPPING));
     const failedSubdomains = [];
     const deleteLocations = locations.map((loc) => {
+        const subdomain = docker.GCR_SUBDOMAIN_MAPPING[loc];
         try {
-            return getHelper(dockerHelpers, exports.SUBDOMAIN_MAPPING[loc]).rm(`${projectId}/gcf/${loc}`);
+            return getHelper(dockerHelpers, subdomain).rm(`${projectId}/gcf/${loc}`);
         }
         catch (err) {
-            failedSubdomains.push(exports.SUBDOMAIN_MAPPING[loc]);
+            failedSubdomains.push(subdomain);
             logger_1.logger.debug(err);
         }
     });

package/lib/deploy/functions/eventTypes.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PUBSUB_V2_EVENT = exports.STORAGE_V2_EVENTS = void 0;
+exports.STORAGE_V2_EVENTS = [
+    "google.cloud.storage.object.v1.finalized",
+    "google.cloud.storage.object.v1.archived",
+    "google.cloud.storage.object.v1.deleted",
+    "google.cloud.storage.object.v1.metadataUpdated",
+];
+exports.PUBSUB_V2_EVENT = "google.cloud.pubsub.topic.v1.messagePublished";

package/lib/deploy/functions/prepare.js

@@ -19,12 +19,20 @@ const validate = require("./validate");
 const utils = require("../../utils");
 const logger_1 = require("../../logger");
 const triggerRegionHelper_1 = require("./triggerRegionHelper");
+const checkIam_1 = require("./checkIam");
 function hasUserConfig(config) {
     return Object.keys(config).length > 1;
 }
 function hasDotenv(opts) {
     return previews_1.previews.dotenv && functionsEnv.hasUserEnvs(opts);
 }
+async function maybeEnableAR(projectId) {
+    if (previews_1.previews.artifactregistry) {
+        return ensureApiEnabled.check(projectId, "artifactregistry.googleapis.com", "functions", true);
+    }
+    await ensureApiEnabled.ensure(projectId, "artifactregistry.googleapis.com", "functions");
+    return true;
+}
 async function prepare(context, options, payload) {
     if (!options.config.src.functions) {
         return;
@@ -39,8 +47,10 @@ async function prepare(context, options, payload) {
         ensureApiEnabled.ensure(projectId, "cloudfunctions.googleapis.com", "functions"),
         ensureApiEnabled.check(projectId, "runtimeconfig.googleapis.com", "runtimeconfig", true),
         ensureCloudBuildEnabled_1.ensureCloudBuildEnabled(projectId),
+        maybeEnableAR(projectId),
     ]);
     context.runtimeConfigEnabled = checkAPIsEnabled[1];
+    context.artifactRegistryEnabled = checkAPIsEnabled[3];
     const firebaseConfig = await functionsConfig.getFirebaseConfig(options);
     context.firebaseConfig = firebaseConfig;
     const runtimeConfig = await prepareFunctionsUpload_1.getFunctionsConfig(context);
@@ -103,8 +113,9 @@ async function prepare(context, options, payload) {
         return functionsDeployHelper_1.functionMatchesAnyGroup(endpoint, context.filters);
     });
     const haveBackend = await backend.existingBackend(context);
+    await checkIam_1.ensureServiceAgentRoles(projectId, wantBackend, haveBackend);
     inferDetailsFromExisting(wantBackend, haveBackend, usedDotenv);
-    await triggerRegionHelper_1.lookupMissingTriggerRegions(wantBackend);
+    await triggerRegionHelper_1.ensureTriggerRegions(wantBackend);
     await prompts_1.promptForFailurePolicies(options, matchingBackend, haveBackend);
     await prompts_1.promptForMinInstances(options, matchingBackend, haveBackend);
     await backend.checkAvailability(context, wantBackend);

package/lib/deploy/functions/release/fabricator.js

@@ -124,7 +124,9 @@ class Fabricator {
         await this.setTrigger(endpoint);
     }
     async updateEndpoint(update, scraper) {
-        update.endpoint.labels = Object.assign(Object.assign({}, update.endpoint.labels), deploymentTool.labels());
+        if (update.deleteAndRecreate || update.endpoint.platform !== "gcfv2") {
+            update.endpoint.labels = Object.assign(Object.assign({}, update.endpoint.labels), deploymentTool.labels());
+        }
         if (update.deleteAndRecreate) {
             await this.deleteEndpoint(update.deleteAndRecreate);
             await this.createEndpoint(update.endpoint, scraper);
@@ -157,6 +159,9 @@ class Fabricator {
             throw new Error("Precondition failed");
         }
         const apiFunction = gcf.functionFromEndpoint(endpoint, this.sourceUrl);
+        if (apiFunction.httpsTrigger) {
+            apiFunction.httpsTrigger.securityLevel = "SECURE_ALWAYS";
+        }
         apiFunction.sourceToken = await scraper.tokenPromise();
         const resultFunction = await this.functionExecutor
             .run(async () => {

package/lib/deploy/functions/release/index.js

@@ -49,7 +49,11 @@ async function release(context, options, payload) {
     const deletedEndpoints = Object.values(plan)
         .map((r) => r.endpointsToDelete)
         .reduce(functional_1.reduceFlat, []);
-    await containerCleaner.cleanupBuildImages(haveEndpoints, deletedEndpoints);
+    const opts = {};
+    if (!context.artifactRegistryEnabled) {
+        opts.ar = new containerCleaner.NoopArtifactRegistryCleaner();
+    }
+    await containerCleaner.cleanupBuildImages(haveEndpoints, deletedEndpoints, opts);
     const allErrors = summary.results.filter((r) => r.error).map((r) => r.error);
     if (allErrors.length) {
         const opts = allErrors.length == 1 ? { original: allErrors[0] } : { children: allErrors };

package/lib/deploy/functions/release/reporter.js

@@ -29,8 +29,10 @@ async function logAndTrackDeployStats(summary) {
     let totalSuccesses = 0;
     let totalAborts = 0;
     const reports = [];
+    const regions = new Set();
     for (const result of summary.results) {
         const tag = triggerTag(result.endpoint);
+        regions.add(result.endpoint.region);
         totalTime += result.durationMs;
         if (!result.error) {
             totalSuccesses++;
@@ -45,6 +47,8 @@ async function logAndTrackDeployStats(summary) {
             reports.push(track.track("function_deploy_failure", tag, result.durationMs));
         }
     }
+    const regionCountTag = regions.size < 5 ? regions.size.toString() : ">=5";
+    reports.push(track.track("functions_region_count", regionCountTag, 1));
     const gcfv1 = summary.results.find((r) => r.endpoint.platform === "gcfv1");
     const gcfv2 = summary.results.find((r) => r.endpoint.platform === "gcfv2");
     const tag = gcfv1 && gcfv2 ? "v1+v2" : gcfv1 ? "v1" : "v2";

package/lib/deploy/functions/runtimes/node/parseTriggers.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = exports.GCS_EVENTS = void 0;
+exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = void 0;
 const path = require("path");
 const _ = require("lodash");
 const child_process_1 = require("child_process");
@@ -9,13 +9,8 @@ const logger_1 = require("../../../../logger");
 const backend = require("../../backend");
 const api = require("../../../../api");
 const proto = require("../../../../gcp/proto");
+const eventTypes_1 = require("../../eventTypes");
 const TRIGGER_PARSER = path.resolve(__dirname, "./triggerParser.js");
-exports.GCS_EVENTS = new Set([
-    "google.cloud.storage.object.v1.finalized",
-    "google.cloud.storage.object.v1.archived",
-    "google.cloud.storage.object.v1.deleted",
-    "google.cloud.storage.object.v1.metadataUpdated",
-]);
 function removeInspectOptions(options) {
     return options.filter((opt) => !opt.startsWith("--inspect"));
 }
@@ -64,7 +59,6 @@ async function discoverBackend(projectId, sourceDir, runtime, configValues, envs
 }
 exports.discoverBackend = discoverBackend;
 function addResourcesToBackend(projectId, runtime, annotation, want) {
-    var _a;
     Object.freeze(annotation);
     for (const region of annotation.regions || [api.functionsDefaultRegion]) {
         let triggered;
@@ -99,7 +93,7 @@ function addResourcesToBackend(projectId, runtime, annotation, want) {
                     retry: !!annotation.failurePolicy,
                 },
             };
-            if (exports.GCS_EVENTS.has(((_a = annotation.eventTrigger) === null || _a === void 0 ? void 0 : _a.eventType) || "")) {
+            if (eventTypes_1.STORAGE_V2_EVENTS.find((event) => { var _a; return event === (((_a = annotation.eventTrigger) === null || _a === void 0 ? void 0 : _a.eventType) || ""); })) {
                 triggered.eventTrigger.eventFilters = {
                     bucket: annotation.eventTrigger.resource,
                 };