firebase-tools 9.23.0 → 10.0.1

package/lib/api.js

@@ -93,7 +93,6 @@ var api = {
     functionsOrigin: utils.envOverride("FIREBASE_FUNCTIONS_URL", "https://cloudfunctions.googleapis.com"),
     functionsV2Origin: utils.envOverride("FIREBASE_FUNCTIONS_V2_URL", "https://cloudfunctions.googleapis.com"),
     runOrigin: utils.envOverride("CLOUD_RUN_URL", "https://run.googleapis.com"),
-    functionsUploadRegion: utils.envOverride("FIREBASE_FUNCTIONS_UPLOAD_REGION", "us-central1"),
     functionsDefaultRegion: utils.envOverride("FIREBASE_FUNCTIONS_DEFAULT_REGION", "us-central1"),
     cloudschedulerOrigin: utils.envOverride("FIREBASE_CLOUDSCHEDULER_URL", "https://cloudscheduler.googleapis.com"),
     cloudTasksOrigin: utils.envOverride("FIREBASE_CLOUD_TAKS_URL", "https://cloudtasks.googleapis.com"),

package/lib/commands/database-remove.js

@@ -14,7 +14,7 @@ const clc = require("cli-color");
 const _ = require("lodash");
 module.exports = new command_1.Command("database:remove <path>")
     .description("remove data from your Firebase at the specified path")
-    .option("-y, --confirm", "pass this option to bypass confirmation prompt")
+    .option("-f, --force", "pass this option to bypass confirmation prompt")
     .option("--instance <instance>", "use the database <instance>.firebaseio.com (if omitted, use default database instance)")
     .before(requirePermissions_1.requirePermissions, ["firebasedatabase.instances.update"])
     .before(requireDatabaseInstance_1.requireDatabaseInstance)
@@ -28,7 +28,7 @@ module.exports = new command_1.Command("database:remove <path>")
     const databaseUrl = utils.getDatabaseUrl(origin, options.instance, path);
     const confirm = await prompt_1.promptOnce({
         type: "confirm",
-        name: "confirm",
+        name: "force",
         default: false,
         message: "You are about to remove all data at " + clc.cyan(databaseUrl) + ". Are you sure?",
     }, options);

package/lib/commands/database-set.js

@@ -19,7 +19,7 @@ const utils = require("../utils");
 exports.default = new command_1.Command("database:set <path> [infile]")
     .description("store JSON data at the specified path via STDIN, arg, or file")
     .option("-d, --data <data>", "specify escaped JSON directly")
-    .option("-y, --confirm", "pass this option to bypass confirmation prompt")
+    .option("-f, --force", "pass this option to bypass confirmation prompt")
     .option("--instance <instance>", "use the database <instance>.firebaseio.com (if omitted, use default database instance)")
     .before(requirePermissions_1.requirePermissions, ["firebasedatabase.instances.update"])
     .before(requireDatabaseInstance_1.requireDatabaseInstance)
@@ -34,7 +34,7 @@ exports.default = new command_1.Command("database:set <path> [infile]")
     const dbJsonURL = new url_1.URL(utils.getDatabaseUrl(origin, options.instance, path + ".json"));
     const confirm = await prompt_1.promptOnce({
         type: "confirm",
-        name: "confirm",
+        name: "force",
         default: false,
         message: "You are about to overwrite all data at " + clc.cyan(dbPath) + ". Are you sure?",
     }, options);

package/lib/commands/database-update.js

@@ -18,7 +18,7 @@ const utils = require("../utils");
 exports.default = new command_1.Command("database:update <path> [infile]")
     .description("update some of the keys for the defined path in your Firebase")
     .option("-d, --data <data>", "specify escaped JSON directly")
-    .option("-y, --confirm", "pass this option to bypass confirmation prompt")
+    .option("-f, --force", "pass this option to bypass confirmation prompt")
     .option("--instance <instance>", "use the database <instance>.firebaseio.com (if omitted, use default database instance)")
     .before(requirePermissions_1.requirePermissions, ["firebasedatabase.instances.update"])
     .before(requireDatabaseInstance_1.requireDatabaseInstance)
@@ -32,7 +32,7 @@ exports.default = new command_1.Command("database:update <path> [infile]")
     const url = utils.getDatabaseUrl(origin, options.instance, path);
     const confirmed = await prompt_1.promptOnce({
         type: "confirm",
-        name: "confirm",
+        name: "force",
         default: false,
         message: `You are about to modify data at ${clc.cyan(url)}. Are you sure?`,
     }, options);

package/lib/commands/firestore-delete.js

@@ -54,7 +54,7 @@ module.exports = new command_1.Command("firestore:delete [path]")
     "subcollections. May not be passed along with -r.")
     .option("--all-collections", "Delete all. Deletes the entire Firestore database, " +
     "including all collections and documents. Any other flags or arguments will be ignored.")
-    .option("-y, --yes", "No confirmation. Otherwise, a confirmation prompt will appear.")
+    .option("-f, --force", "No confirmation. Otherwise, a confirmation prompt will appear.")
     .before(commandUtils_1.printNoticeIfEmulated, types_1.Emulators.FIRESTORE)
     .before(requirePermissions_1.requirePermissions, ["datastore.entities.list", "datastore.entities.delete"])
     .action(async (path, options) => {
@@ -68,7 +68,7 @@ module.exports = new command_1.Command("firestore:delete [path]")
     });
     const confirm = await prompt_1.promptOnce({
         type: "confirm",
-        name: "yes",
+        name: "force",
         default: false,
         message: getConfirmationMessage(deleteOp, options),
     }, options);

package/lib/commands/functions-delete.js

@@ -8,6 +8,7 @@ const projectUtils_1 = require("../projectUtils");
 const prompt_1 = require("../prompt");
 const functional_1 = require("../functional");
 const requirePermissions_1 = require("../requirePermissions");
+const ensure = require("../ensureApiEnabled");
 const helper = require("../deploy/functions/functionsDeployHelper");
 const utils = require("../utils");
 const backend = require("../deploy/functions/backend");
@@ -84,5 +85,10 @@ exports.default = new command_1.Command("functions:delete [filters...]")
             exit: 1,
         });
     }
-    await containerCleaner.cleanupBuildImages([], allEpToDelete);
+    const opts = {};
+    const arEnabled = await ensure.check(projectUtils_1.needProjectId(options), "artifactregistry.googleapis.com", "functions", true);
+    if (!arEnabled) {
+        opts.ar = new containerCleaner.NoopArtifactRegistryCleaner();
+    }
+    await containerCleaner.cleanupBuildImages([], allEpToDelete, opts);
 });

package/lib/commands/hosting-disable.js

@@ -10,7 +10,7 @@ const requirePermissions_1 = require("../requirePermissions");
 const utils = require("../utils");
 exports.default = new command_1.Command("hosting:disable")
     .description("stop serving web traffic to your Firebase Hosting site")
-    .option("-y, --confirm", "skip confirmation")
+    .option("-f, --force", "skip confirmation")
     .option("-s, --site <siteName>", "the site to disable")
     .before(requirePermissions_1.requirePermissions, ["firebasehosting.sites.update"])
     .before(requireHostingSite_1.requireHostingSite)
@@ -18,9 +18,9 @@ exports.default = new command_1.Command("hosting:disable")
     const siteToDisable = options.site;
     const confirm = await prompt_1.promptOnce({
         type: "confirm",
-        name: "confirm",
+        name: "force",
         message: `Are you sure you want to disable Firebase Hosting for the site ${clc.underline(siteToDisable)}\n${clc.underline("This will immediately make your site inaccessible!")}`,
-    });
+    }, options);
     if (!confirm) {
         return;
     }

package/lib/commands/remoteconfig-get.js

@@ -11,13 +11,14 @@ const utils = require("../utils");
 const Table = require("cli-table");
 const fs = require("fs");
 const util = require("util");
+const error_1 = require("../error");
 const tableHead = ["Entry Name", "Value"];
 const MAX_DISPLAY_ITEMS = 20;
-function checkValidNumber(versionNumber) {
-    if (typeof Number(versionNumber) == "number") {
+function checkValidOptionalNumber(versionNumber) {
+    if (!versionNumber || typeof Number(versionNumber) == "number") {
         return versionNumber;
     }
-    return "null";
+    throw new error_1.FirebaseError(`Could not interpret "${versionNumber}" as a valid number.`);
 }
 module.exports = new command_1.Command("remoteconfig:get")
     .description("get a Firebase project's Remote Config template")
@@ -26,8 +27,8 @@ module.exports = new command_1.Command("remoteconfig:get")
     .before(requireAuth_1.requireAuth)
     .before(requirePermissions_1.requirePermissions, ["cloudconfig.configs.get"])
     .action(async (options) => {
-    utils.assertIsString(options.versionNumber);
-    const template = await rcGet.getTemplate(projectUtils_1.needProjectId(options), checkValidNumber(options.versionNumber));
+    utils.assertIsStringOrUndefined(options.versionNumber);
+    const template = await rcGet.getTemplate(projectUtils_1.needProjectId(options), checkValidOptionalNumber(options.versionNumber));
     const table = new Table({ head: tableHead, style: { head: ["green"] } });
     if (template.conditions) {
         let updatedConditions = template.conditions

package/lib/deploy/functions/checkIam.js

@@ -1,19 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkHttpIam = exports.checkServiceAccountIam = void 0;
+exports.ensureServiceAgentRoles = exports.mergeBindings = exports.checkHttpIam = exports.checkServiceAccountIam = void 0;
 const cli_color_1 = require("cli-color");
 const logger_1 = require("../../logger");
 const functionsDeployHelper_1 = require("./functionsDeployHelper");
 const error_1 = require("../../error");
-const iam_1 = require("../../gcp/iam");
+const iam = require("../../gcp/iam");
 const backend = require("./backend");
 const track = require("../../track");
+const utils = require("../../utils");
+const resourceManager_1 = require("../../gcp/resourceManager");
+const services_1 = require("./services");
 const PERMISSION = "cloudfunctions.functions.setIamPolicy";
 async function checkServiceAccountIam(projectId) {
     const saEmail = `${projectId}@appspot.gserviceaccount.com`;
     let passed = false;
     try {
-        const iamResult = await iam_1.testResourceIamPermissions("https://iam.googleapis.com", "v1", `projects/${projectId}/serviceAccounts/${saEmail}`, ["iam.serviceAccounts.actAs"]);
+        const iamResult = await iam.testResourceIamPermissions("https://iam.googleapis.com", "v1", `projects/${projectId}/serviceAccounts/${saEmail}`, ["iam.serviceAccounts.actAs"]);
         passed = iamResult.passed;
     }
     catch (err) {
@@ -41,7 +44,7 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found", newHttpsEndpoints.length, "new HTTP functions, testing setIamPolicy permission...");
     let passed = true;
     try {
-        const iamResult = await iam_1.testIamPermissions(context.projectId, [PERMISSION]);
+        const iamResult = await iam.testIamPermissions(context.projectId, [PERMISSION]);
         passed = iamResult.passed;
     }
     catch (e) {
@@ -57,3 +60,61 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found setIamPolicy permission, proceeding with deploy");
 }
 exports.checkHttpIam = checkHttpIam;
+function reduceEventsToServices(services, endpoint) {
+    const service = services_1.serviceForEndpoint(endpoint);
+    if (service.requiredProjectBindings && !services.find((s) => s.name === service.name)) {
+        services.push(service);
+    }
+    return services;
+}
+function mergeBindings(policy, allRequiredBindings) {
+    for (const requiredBindings of allRequiredBindings) {
+        if (requiredBindings.length === 0) {
+            continue;
+        }
+        for (const requiredBinding of requiredBindings) {
+            const ndx = policy.bindings.findIndex((policyBinding) => policyBinding.role === requiredBinding.role);
+            if (ndx === -1) {
+                policy.bindings.push(requiredBinding);
+                continue;
+            }
+            requiredBinding.members.forEach((updatedMember) => {
+                if (!policy.bindings[ndx].members.find((member) => member === updatedMember)) {
+                    policy.bindings[ndx].members.push(updatedMember);
+                }
+            });
+        }
+    }
+}
+exports.mergeBindings = mergeBindings;
+async function ensureServiceAgentRoles(projectId, want, have) {
+    const wantServices = backend.allEndpoints(want).reduce(reduceEventsToServices, []);
+    const haveServices = backend.allEndpoints(have).reduce(reduceEventsToServices, []);
+    const newServices = wantServices.filter((wantS) => !haveServices.find((haveS) => wantS.name === haveS.name));
+    if (newServices.length === 0) {
+        return;
+    }
+    let policy;
+    try {
+        policy = await resourceManager_1.getIamPolicy(projectId);
+    }
+    catch (err) {
+        utils.logLabeledBullet("functions", "Could not verify the necessary IAM configuration for the following newly-integrated services: " +
+            `${newServices.map((service) => service.api).join(", ")}` +
+            ". Deployment may fail.", "warn");
+        return;
+    }
+    const findRequiredBindings = [];
+    newServices.forEach((service) => findRequiredBindings.push(service.requiredProjectBindings(projectId, policy)));
+    const allRequiredBindings = await Promise.all(findRequiredBindings);
+    mergeBindings(policy, allRequiredBindings);
+    try {
+        await resourceManager_1.setIamPolicy(projectId, policy, "bindings");
+    }
+    catch (err) {
+        throw new error_1.FirebaseError("We failed to modify the IAM policy for the project. The functions " +
+            "deployment requires specific roles to be granted to service agents," +
+            " otherwise the deployment will fail.", { original: err });
+    }
+}
+exports.ensureServiceAgentRoles = ensureServiceAgentRoles;

package/lib/deploy/functions/containerCleaner.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DockerHelper = exports.deleteGcfArtifacts = exports.listGcfPaths = exports.ContainerRegistryCleaner = exports.ArtifactRegistryCleaner = exports.cleanupBuildImages = exports.SUBDOMAIN_MAPPING = void 0;
+exports.DockerHelper = exports.deleteGcfArtifacts = exports.listGcfPaths = exports.ContainerRegistryCleaner = exports.NoopArtifactRegistryCleaner = exports.ArtifactRegistryCleaner = exports.cleanupBuildImages = void 0;
 const clc = require("cli-color");
 const error_1 = require("../../error");
 const api_1 = require("../../api");
@@ -10,31 +10,6 @@ const backend = require("./backend");
 const docker = require("../../gcp/docker");
 const utils = require("../../utils");
 const poller = require("../../operation-poller");
-exports.SUBDOMAIN_MAPPING = {
-    "us-west2": "us",
-    "us-west3": "us",
-    "us-west4": "us",
-    "us-central1": "us",
-    "us-central2": "us",
-    "us-east1": "us",
-    "us-east4": "us",
-    "northamerica-northeast1": "us",
-    "southamerica-east1": "us",
-    "europe-west1": "eu",
-    "europe-west2": "eu",
-    "europe-west3": "eu",
-    "europe-west5": "eu",
-    "europe-west6": "eu",
-    "europe-central2": "eu",
-    "asia-east1": "asia",
-    "asia-east2": "asia",
-    "asia-northeast1": "asia",
-    "asia-northeast2": "asia",
-    "asia-northeast3": "asia",
-    "asia-south1": "asia",
-    "asia-southeast2": "asia",
-    "australia-southeast1": "asia",
-};
 async function retry(func) {
     const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
     const MAX_RETRIES = 3;
@@ -87,7 +62,7 @@ async function cleanupBuildImages(haveFunctions, deletedFunctions, cleaners = {}
             await gcrCleaner.cleanupFunction(func);
         }
         catch (err) {
-            const path = `${func.project}/${exports.SUBDOMAIN_MAPPING[func.region]}/gcf`;
+            const path = `${func.project}/${docker.GCR_SUBDOMAIN_MAPPING[func.region]}/gcf`;
             failedDomains.add(`https://console.cloud.google.com/gcr/images/${path}`);
         }
     }));
@@ -108,7 +83,12 @@ async function cleanupBuildImages(haveFunctions, deletedFunctions, cleaners = {}
 exports.cleanupBuildImages = cleanupBuildImages;
 class ArtifactRegistryCleaner {
     static packagePath(func) {
-        return `projects/${func.project}/locations/${func.region}/repositories/gcf-artifacts/packages/${func.id}`;
+        const encodedId = func.id
+            .replace(/_/g, "__")
+            .replace(/-/g, "--")
+            .replace(/^[A-Z]/, (first) => `${first.toLowerCase()}-${first.toLowerCase()}`)
+            .replace(/[A-Z]/g, (upper) => `_${upper.toLowerCase()}`);
+        return `projects/${func.project}/locations/${func.region}/repositories/gcf-artifacts/packages/${encodedId}`;
     }
     async cleanupFunction(func) {
         let op;
@@ -140,12 +120,21 @@ ArtifactRegistryCleaner.POLLER_OPTIONS = {
     apiVersion: artifactregistry.API_VERSION,
     masterTimeout: 5 * 60 * 1000,
 };
+class NoopArtifactRegistryCleaner extends ArtifactRegistryCleaner {
+    cleanupFunction() {
+        return Promise.resolve();
+    }
+    cleanupFunctionCache() {
+        return Promise.resolve();
+    }
+}
+exports.NoopArtifactRegistryCleaner = NoopArtifactRegistryCleaner;
 class ContainerRegistryCleaner {
     constructor() {
         this.helpers = {};
     }
     helper(location) {
-        const subdomain = exports.SUBDOMAIN_MAPPING[location] || "us";
+        const subdomain = docker.GCR_SUBDOMAIN_MAPPING[location] || "us";
         if (!this.helpers[subdomain]) {
             const origin = `https://${subdomain}.${api_1.containerRegistryDomain}`;
             this.helpers[subdomain] = new DockerHelper(origin);
@@ -185,14 +174,14 @@ function getHelper(cache, subdomain) {
 }
 async function listGcfPaths(projectId, locations, dockerHelpers = {}) {
     if (!locations) {
-        locations = Object.keys(exports.SUBDOMAIN_MAPPING);
+        locations = Object.keys(docker.GCR_SUBDOMAIN_MAPPING);
     }
-    const invalidRegion = locations.find((loc) => !exports.SUBDOMAIN_MAPPING[loc]);
+    const invalidRegion = locations.find((loc) => !docker.GCR_SUBDOMAIN_MAPPING[loc]);
     if (invalidRegion) {
         throw new error_1.FirebaseError(`Invalid region ${invalidRegion} supplied`);
     }
     const locationsSet = new Set(locations);
-    const subdomains = new Set(Object.values(exports.SUBDOMAIN_MAPPING));
+    const subdomains = new Set(Object.values(docker.GCR_SUBDOMAIN_MAPPING));
     const failedSubdomains = [];
     const listAll = [];
     for (const subdomain of subdomains) {
@@ -223,26 +212,27 @@ async function listGcfPaths(projectId, locations, dockerHelpers = {}) {
         throw new error_1.FirebaseError(`Failed to search the following subdomains: ${failedSubdomains.join(",")}`);
     }
     return gcfDirs.map((loc) => {
-        return `${exports.SUBDOMAIN_MAPPING[loc]}.${api_1.containerRegistryDomain}/${projectId}/gcf/${loc}`;
+        return `${docker.GCR_SUBDOMAIN_MAPPING[loc]}.${api_1.containerRegistryDomain}/${projectId}/gcf/${loc}`;
     });
 }
 exports.listGcfPaths = listGcfPaths;
 async function deleteGcfArtifacts(projectId, locations, dockerHelpers = {}) {
     if (!locations) {
-        locations = Object.keys(exports.SUBDOMAIN_MAPPING);
+        locations = Object.keys(docker.GCR_SUBDOMAIN_MAPPING);
     }
-    const invalidRegion = locations.find((loc) => !exports.SUBDOMAIN_MAPPING[loc]);
+    const invalidRegion = locations.find((loc) => !docker.GCR_SUBDOMAIN_MAPPING[loc]);
     if (invalidRegion) {
         throw new error_1.FirebaseError(`Invalid region ${invalidRegion} supplied`);
     }
-    const subdomains = new Set(Object.values(exports.SUBDOMAIN_MAPPING));
+    const subdomains = new Set(Object.values(docker.GCR_SUBDOMAIN_MAPPING));
     const failedSubdomains = [];
     const deleteLocations = locations.map((loc) => {
+        const subdomain = docker.GCR_SUBDOMAIN_MAPPING[loc];
         try {
-            return getHelper(dockerHelpers, exports.SUBDOMAIN_MAPPING[loc]).rm(`${projectId}/gcf/${loc}`);
+            return getHelper(dockerHelpers, subdomain).rm(`${projectId}/gcf/${loc}`);
         }
         catch (err) {
-            failedSubdomains.push(exports.SUBDOMAIN_MAPPING[loc]);
+            failedSubdomains.push(subdomain);
             logger_1.logger.debug(err);
         }
     });

package/lib/deploy/functions/deploy.js

@@ -5,18 +5,16 @@ const tmp_1 = require("tmp");
 const clc = require("cli-color");
 const fs = require("fs");
 const checkIam_1 = require("./checkIam");
-const api_1 = require("../../api");
 const utils_1 = require("../../utils");
 const gcs = require("../../gcp/storage");
 const gcf = require("../../gcp/cloudfunctions");
 const gcfv2 = require("../../gcp/cloudfunctionsv2");
 const utils = require("../../utils");
 const backend = require("./backend");
-const GCP_REGION = api_1.functionsUploadRegion;
 tmp_1.setGracefulCleanup();
-async function uploadSourceV1(context) {
-    const uploadUrl = await gcf.generateUploadUrl(context.projectId, GCP_REGION);
-    context.uploadUrl = uploadUrl;
+async function uploadSourceV1(context, region) {
+    const uploadUrl = await gcf.generateUploadUrl(context.projectId, region);
+    context.sourceUrl = uploadUrl;
     const uploadOpts = {
         file: context.functionsSourceV1,
         stream: fs.createReadStream(context.functionsSourceV1),
@@ -45,8 +43,9 @@ async function deploy(context, options, payload) {
     try {
         const want = payload.functions.backend;
         const uploads = [];
-        if (backend.allEndpoints(want).some((endpoint) => endpoint.platform === "gcfv1")) {
-            uploads.push(uploadSourceV1(context));
+        const v1Endpoints = backend.allEndpoints(want).filter((e) => e.platform === "gcfv1");
+        if (v1Endpoints.length > 0) {
+            uploads.push(uploadSourceV1(context, v1Endpoints[0].region));
         }
         for (const region of Object.keys(want.endpoints)) {
             if (backend.regionalEndpoints(want, region).some((e) => e.platform === "gcfv2")) {

package/lib/deploy/functions/eventTypes.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PUBSUB_V2_EVENT = exports.STORAGE_V2_EVENTS = void 0;
+exports.STORAGE_V2_EVENTS = [
+    "google.cloud.storage.object.v1.finalized",
+    "google.cloud.storage.object.v1.archived",
+    "google.cloud.storage.object.v1.deleted",
+    "google.cloud.storage.object.v1.metadataUpdated",
+];
+exports.PUBSUB_V2_EVENT = "google.cloud.pubsub.topic.v1.messagePublished";

package/lib/deploy/functions/prepare.js

@@ -19,12 +19,20 @@ const validate = require("./validate");
 const utils = require("../../utils");
 const logger_1 = require("../../logger");
 const triggerRegionHelper_1 = require("./triggerRegionHelper");
+const checkIam_1 = require("./checkIam");
 function hasUserConfig(config) {
     return Object.keys(config).length > 1;
 }
 function hasDotenv(opts) {
     return previews_1.previews.dotenv && functionsEnv.hasUserEnvs(opts);
 }
+async function maybeEnableAR(projectId) {
+    if (previews_1.previews.artifactregistry) {
+        return ensureApiEnabled.check(projectId, "artifactregistry.googleapis.com", "functions", true);
+    }
+    await ensureApiEnabled.ensure(projectId, "artifactregistry.googleapis.com", "functions");
+    return true;
+}
 async function prepare(context, options, payload) {
     if (!options.config.src.functions) {
         return;
@@ -39,9 +47,10 @@ async function prepare(context, options, payload) {
         ensureApiEnabled.ensure(projectId, "cloudfunctions.googleapis.com", "functions"),
         ensureApiEnabled.check(projectId, "runtimeconfig.googleapis.com", "runtimeconfig", true),
         ensureCloudBuildEnabled_1.ensureCloudBuildEnabled(projectId),
-        ensureApiEnabled.ensure(projectId, "artifactregistry.googleapis.com", "functions"),
+        maybeEnableAR(projectId),
     ]);
     context.runtimeConfigEnabled = checkAPIsEnabled[1];
+    context.artifactRegistryEnabled = checkAPIsEnabled[3];
     const firebaseConfig = await functionsConfig.getFirebaseConfig(options);
     context.firebaseConfig = firebaseConfig;
     const runtimeConfig = await prepareFunctionsUpload_1.getFunctionsConfig(context);
@@ -104,8 +113,9 @@ async function prepare(context, options, payload) {
         return functionsDeployHelper_1.functionMatchesAnyGroup(endpoint, context.filters);
     });
     const haveBackend = await backend.existingBackend(context);
+    await checkIam_1.ensureServiceAgentRoles(projectId, wantBackend, haveBackend);
     inferDetailsFromExisting(wantBackend, haveBackend, usedDotenv);
-    await triggerRegionHelper_1.lookupMissingTriggerRegions(wantBackend);
+    await triggerRegionHelper_1.ensureTriggerRegions(wantBackend);
     await prompts_1.promptForFailurePolicies(options, matchingBackend, haveBackend);
     await prompts_1.promptForMinInstances(options, matchingBackend, haveBackend);
     await backend.checkAvailability(context, wantBackend);

package/lib/deploy/functions/release/fabricator.js

@@ -124,7 +124,9 @@ class Fabricator {
         await this.setTrigger(endpoint);
     }
     async updateEndpoint(update, scraper) {
-        update.endpoint.labels = Object.assign(Object.assign({}, update.endpoint.labels), deploymentTool.labels());
+        if (update.deleteAndRecreate || update.endpoint.platform !== "gcfv2") {
+            update.endpoint.labels = Object.assign(Object.assign({}, update.endpoint.labels), deploymentTool.labels());
+        }
         if (update.deleteAndRecreate) {
             await this.deleteEndpoint(update.deleteAndRecreate);
             await this.createEndpoint(update.endpoint, scraper);
@@ -157,6 +159,9 @@ class Fabricator {
             throw new Error("Precondition failed");
         }
         const apiFunction = gcf.functionFromEndpoint(endpoint, this.sourceUrl);
+        if (apiFunction.httpsTrigger) {
+            apiFunction.httpsTrigger.securityLevel = "SECURE_ALWAYS";
+        }
         apiFunction.sourceToken = await scraper.tokenPromise();
         const resultFunction = await this.functionExecutor
             .run(async () => {

package/lib/deploy/functions/release/index.js

@@ -37,7 +37,7 @@ async function release(context, options, payload) {
     const fab = new fabricator.Fabricator({
         functionExecutor,
         executor: new executor.QueueExecutor({}),
-        sourceUrl: context.uploadUrl,
+        sourceUrl: context.sourceUrl,
         storage: context.storage,
         appEngineLocation: functionsConfig_1.getAppEngineLocation(context.firebaseConfig),
     });
@@ -49,7 +49,11 @@ async function release(context, options, payload) {
     const deletedEndpoints = Object.values(plan)
         .map((r) => r.endpointsToDelete)
         .reduce(functional_1.reduceFlat, []);
-    await containerCleaner.cleanupBuildImages(haveEndpoints, deletedEndpoints);
+    const opts = {};
+    if (!context.artifactRegistryEnabled) {
+        opts.ar = new containerCleaner.NoopArtifactRegistryCleaner();
+    }
+    await containerCleaner.cleanupBuildImages(haveEndpoints, deletedEndpoints, opts);
     const allErrors = summary.results.filter((r) => r.error).map((r) => r.error);
     if (allErrors.length) {
         const opts = allErrors.length == 1 ? { original: allErrors[0] } : { children: allErrors };

package/lib/deploy/functions/release/reporter.js

@@ -29,8 +29,10 @@ async function logAndTrackDeployStats(summary) {
     let totalSuccesses = 0;
     let totalAborts = 0;
     const reports = [];
+    const regions = new Set();
     for (const result of summary.results) {
         const tag = triggerTag(result.endpoint);
+        regions.add(result.endpoint.region);
         totalTime += result.durationMs;
         if (!result.error) {
             totalSuccesses++;
@@ -45,6 +47,8 @@ async function logAndTrackDeployStats(summary) {
             reports.push(track.track("function_deploy_failure", tag, result.durationMs));
         }
     }
+    const regionCountTag = regions.size < 5 ? regions.size.toString() : ">=5";
+    reports.push(track.track("functions_region_count", regionCountTag, 1));
     const gcfv1 = summary.results.find((r) => r.endpoint.platform === "gcfv1");
     const gcfv2 = summary.results.find((r) => r.endpoint.platform === "gcfv2");
     const tag = gcfv1 && gcfv2 ? "v1+v2" : gcfv1 ? "v1" : "v2";

package/lib/deploy/functions/runtimes/node/parseRuntimeAndValidateSDK.js

@@ -18,7 +18,7 @@ const ENGINE_RUNTIMES = {
 const ENGINE_RUNTIMES_NAMES = Object.values(ENGINE_RUNTIMES);
 exports.RUNTIME_NOT_SET = "`runtime` field is required but was not found in firebase.json.\n" +
     "To fix this, add the following lines to the `functions` section of your firebase.json:\n" +
-    '"runtime": "nodejs14"\n';
+    '"runtime": "nodejs16"\n';
 exports.UNSUPPORTED_NODE_VERSION_FIREBASE_JSON_MSG = clc.bold(`functions.runtime value is unsupported. ` +
     `Valid choices are: ${clc.bold("nodejs{10|12|14|16}")}.`);
 exports.UNSUPPORTED_NODE_VERSION_PACKAGE_JSON_MSG = clc.bold(`package.json in functions directory has an engines field which is unsupported. ` +

package/lib/deploy/functions/runtimes/node/parseTriggers.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = exports.GCS_EVENTS = void 0;
+exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = void 0;
 const path = require("path");
 const _ = require("lodash");
 const child_process_1 = require("child_process");
@@ -9,13 +9,8 @@ const logger_1 = require("../../../../logger");
 const backend = require("../../backend");
 const api = require("../../../../api");
 const proto = require("../../../../gcp/proto");
+const eventTypes_1 = require("../../eventTypes");
 const TRIGGER_PARSER = path.resolve(__dirname, "./triggerParser.js");
-exports.GCS_EVENTS = new Set([
-    "google.cloud.storage.object.v1.finalized",
-    "google.cloud.storage.object.v1.archived",
-    "google.cloud.storage.object.v1.deleted",
-    "google.cloud.storage.object.v1.metadataUpdated",
-]);
 function removeInspectOptions(options) {
     return options.filter((opt) => !opt.startsWith("--inspect"));
 }
@@ -64,7 +59,6 @@ async function discoverBackend(projectId, sourceDir, runtime, configValues, envs
 }
 exports.discoverBackend = discoverBackend;
 function addResourcesToBackend(projectId, runtime, annotation, want) {
-    var _a;
     Object.freeze(annotation);
     for (const region of annotation.regions || [api.functionsDefaultRegion]) {
         let triggered;
@@ -99,7 +93,7 @@ function addResourcesToBackend(projectId, runtime, annotation, want) {
                     retry: !!annotation.failurePolicy,
                 },
             };
-            if (exports.GCS_EVENTS.has(((_a = annotation.eventTrigger) === null || _a === void 0 ? void 0 : _a.eventType) || "")) {
+            if (eventTypes_1.STORAGE_V2_EVENTS.find((event) => { var _a; return event === (((_a = annotation.eventTrigger) === null || _a === void 0 ? void 0 : _a.eventType) || ""); })) {
                 triggered.eventTrigger.eventFilters = {
                     bucket: annotation.eventTrigger.resource,
                 };

package/lib/deploy/functions/services/index.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serviceForEndpoint = exports.EVENT_SERVICE_MAPPING = exports.StorageService = exports.PubSubService = exports.NoOpService = void 0;
+const backend = require("../backend");
+const storage_1 = require("./storage");
+const noop = () => Promise.resolve();
+exports.NoOpService = {
+    name: "noop",
+    api: "",
+    requiredProjectBindings: undefined,
+    ensureTriggerRegion: noop,
+};
+exports.PubSubService = {
+    name: "pubsub",
+    api: "pubsub.googleapis.com",
+    requiredProjectBindings: undefined,
+    ensureTriggerRegion: noop,
+};
+exports.StorageService = {
+    name: "storage",
+    api: "storage.googleapis.com",
+    requiredProjectBindings: storage_1.obtainStorageBindings,
+    ensureTriggerRegion: storage_1.ensureStorageTriggerRegion,
+};
+exports.EVENT_SERVICE_MAPPING = {
+    "google.cloud.pubsub.topic.v1.messagePublished": exports.PubSubService,
+    "google.cloud.storage.object.v1.finalized": exports.StorageService,
+    "google.cloud.storage.object.v1.archived": exports.StorageService,
+    "google.cloud.storage.object.v1.deleted": exports.StorageService,
+    "google.cloud.storage.object.v1.metadataUpdated": exports.StorageService,
+};
+function serviceForEndpoint(endpoint) {
+    if (!backend.isEventTriggered(endpoint)) {
+        return exports.NoOpService;
+    }
+    return exports.EVENT_SERVICE_MAPPING[endpoint.eventTrigger.eventType] || exports.NoOpService;
+}
+exports.serviceForEndpoint = serviceForEndpoint;