firebase-tools 9.23.0 → 9.23.1

package/CHANGELOG.md

@@ -1 +1,5 @@
-- `firebase deploy --only extensions` now supports project specifc .env files. When deploying to multiple projects, param values that are different between projects can be put in `extensions/${extensionInstanceId}.env.${projectIdOrAlias}` and common param values can be put in `extensions/${extensionInstanceId}.env`.
+- Corrects a bug where containers in Artifact Registry would not be deleted if a function has an upper case character in its name (#3918)
+- Fixes issue where providing the `--project` flag during `init` would not be recognized with a default project already set. (#3870)
+- Fixes issue with setting memory limits for some functions (#3924)
+- New HTTPS functions only allow secure traffic. (#3923)
+- No longer default-enable AR and don't send builds to AR unless an experiment is enabled (#3935)

package/lib/deploy/functions/checkIam.js

@@ -1,19 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkHttpIam = exports.checkServiceAccountIam = void 0;
+exports.ensureServiceAgentRoles = exports.mergeBindings = exports.checkHttpIam = exports.checkServiceAccountIam = void 0;
 const cli_color_1 = require("cli-color");
 const logger_1 = require("../../logger");
 const functionsDeployHelper_1 = require("./functionsDeployHelper");
 const error_1 = require("../../error");
-const iam_1 = require("../../gcp/iam");
+const iam = require("../../gcp/iam");
 const backend = require("./backend");
 const track = require("../../track");
+const utils = require("../../utils");
+const resourceManager_1 = require("../../gcp/resourceManager");
+const services_1 = require("./services");
 const PERMISSION = "cloudfunctions.functions.setIamPolicy";
 async function checkServiceAccountIam(projectId) {
     const saEmail = `${projectId}@appspot.gserviceaccount.com`;
     let passed = false;
     try {
-        const iamResult = await iam_1.testResourceIamPermissions("https://iam.googleapis.com", "v1", `projects/${projectId}/serviceAccounts/${saEmail}`, ["iam.serviceAccounts.actAs"]);
+        const iamResult = await iam.testResourceIamPermissions("https://iam.googleapis.com", "v1", `projects/${projectId}/serviceAccounts/${saEmail}`, ["iam.serviceAccounts.actAs"]);
         passed = iamResult.passed;
     }
     catch (err) {
@@ -41,7 +44,7 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found", newHttpsEndpoints.length, "new HTTP functions, testing setIamPolicy permission...");
     let passed = true;
     try {
-        const iamResult = await iam_1.testIamPermissions(context.projectId, [PERMISSION]);
+        const iamResult = await iam.testIamPermissions(context.projectId, [PERMISSION]);
         passed = iamResult.passed;
     }
     catch (e) {
@@ -57,3 +60,61 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found setIamPolicy permission, proceeding with deploy");
 }
 exports.checkHttpIam = checkHttpIam;
+function reduceEventsToServices(services, endpoint) {
+    const service = services_1.serviceForEndpoint(endpoint);
+    if (service.requiredProjectBindings && !services.find((s) => s.name === service.name)) {
+        services.push(service);
+    }
+    return services;
+}
+function mergeBindings(policy, allRequiredBindings) {
+    for (const requiredBindings of allRequiredBindings) {
+        if (requiredBindings.length === 0) {
+            continue;
+        }
+        for (const requiredBinding of requiredBindings) {
+            const ndx = policy.bindings.findIndex((policyBinding) => policyBinding.role === requiredBinding.role);
+            if (ndx === -1) {
+                policy.bindings.push(requiredBinding);
+                continue;
+            }
+            requiredBinding.members.forEach((updatedMember) => {
+                if (!policy.bindings[ndx].members.find((member) => member === updatedMember)) {
+                    policy.bindings[ndx].members.push(updatedMember);
+                }
+            });
+        }
+    }
+}
+exports.mergeBindings = mergeBindings;
+async function ensureServiceAgentRoles(projectId, want, have) {
+    const wantServices = backend.allEndpoints(want).reduce(reduceEventsToServices, []);
+    const haveServices = backend.allEndpoints(have).reduce(reduceEventsToServices, []);
+    const newServices = wantServices.filter((wantS) => !haveServices.find((haveS) => wantS.name === haveS.name));
+    if (newServices.length === 0) {
+        return;
+    }
+    let policy;
+    try {
+        policy = await resourceManager_1.getIamPolicy(projectId);
+    }
+    catch (err) {
+        utils.logLabeledBullet("functions", "Could not verify the necessary IAM configuration for the following newly-integrated services: " +
+            `${newServices.map((service) => service.api).join(", ")}` +
+            ". Deployment may fail.", "warn");
+        return;
+    }
+    const findRequiredBindings = [];
+    newServices.forEach((service) => findRequiredBindings.push(service.requiredProjectBindings(projectId, policy)));
+    const allRequiredBindings = await Promise.all(findRequiredBindings);
+    mergeBindings(policy, allRequiredBindings);
+    try {
+        await resourceManager_1.setIamPolicy(projectId, policy, "bindings");
+    }
+    catch (err) {
+        throw new error_1.FirebaseError("We failed to modify the IAM policy for the project. The functions " +
+            "deployment requires specific roles to be granted to service agents," +
+            " otherwise the deployment will fail.", { original: err });
+    }
+}
+exports.ensureServiceAgentRoles = ensureServiceAgentRoles;

package/lib/deploy/functions/containerCleaner.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DockerHelper = exports.deleteGcfArtifacts = exports.listGcfPaths = exports.ContainerRegistryCleaner = exports.ArtifactRegistryCleaner = exports.cleanupBuildImages = exports.SUBDOMAIN_MAPPING = void 0;
+exports.DockerHelper = exports.deleteGcfArtifacts = exports.listGcfPaths = exports.ContainerRegistryCleaner = exports.NoopArtifactRegistryCleaner = exports.ArtifactRegistryCleaner = exports.cleanupBuildImages = void 0;
 const clc = require("cli-color");
 const error_1 = require("../../error");
 const api_1 = require("../../api");
@@ -10,31 +10,6 @@ const backend = require("./backend");
 const docker = require("../../gcp/docker");
 const utils = require("../../utils");
 const poller = require("../../operation-poller");
-exports.SUBDOMAIN_MAPPING = {
-    "us-west2": "us",
-    "us-west3": "us",
-    "us-west4": "us",
-    "us-central1": "us",
-    "us-central2": "us",
-    "us-east1": "us",
-    "us-east4": "us",
-    "northamerica-northeast1": "us",
-    "southamerica-east1": "us",
-    "europe-west1": "eu",
-    "europe-west2": "eu",
-    "europe-west3": "eu",
-    "europe-west5": "eu",
-    "europe-west6": "eu",
-    "europe-central2": "eu",
-    "asia-east1": "asia",
-    "asia-east2": "asia",
-    "asia-northeast1": "asia",
-    "asia-northeast2": "asia",
-    "asia-northeast3": "asia",
-    "asia-south1": "asia",
-    "asia-southeast2": "asia",
-    "australia-southeast1": "asia",
-};
 async function retry(func) {
     const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
     const MAX_RETRIES = 3;
@@ -87,7 +62,7 @@ async function cleanupBuildImages(haveFunctions, deletedFunctions, cleaners = {}
             await gcrCleaner.cleanupFunction(func);
         }
         catch (err) {
-            const path = `${func.project}/${exports.SUBDOMAIN_MAPPING[func.region]}/gcf`;
+            const path = `${func.project}/${docker.GCR_SUBDOMAIN_MAPPING[func.region]}/gcf`;
             failedDomains.add(`https://console.cloud.google.com/gcr/images/${path}`);
         }
     }));
@@ -108,7 +83,12 @@ async function cleanupBuildImages(haveFunctions, deletedFunctions, cleaners = {}
 exports.cleanupBuildImages = cleanupBuildImages;
 class ArtifactRegistryCleaner {
     static packagePath(func) {
-        return `projects/${func.project}/locations/${func.region}/repositories/gcf-artifacts/packages/${func.id}`;
+        const encodedId = func.id
+            .replace(/_/g, "__")
+            .replace(/-/g, "--")
+            .replace(/^[A-Z]/, (first) => `${first.toLowerCase()}-${first.toLowerCase()}`)
+            .replace(/[A-Z]/g, (upper) => `_${upper.toLowerCase()}`);
+        return `projects/${func.project}/locations/${func.region}/repositories/gcf-artifacts/packages/${encodedId}`;
     }
     async cleanupFunction(func) {
         let op;
@@ -140,12 +120,21 @@ ArtifactRegistryCleaner.POLLER_OPTIONS = {
     apiVersion: artifactregistry.API_VERSION,
     masterTimeout: 5 * 60 * 1000,
 };
+class NoopArtifactRegistryCleaner extends ArtifactRegistryCleaner {
+    cleanupFunction() {
+        return Promise.resolve();
+    }
+    cleanupFunctionCache() {
+        return Promise.resolve();
+    }
+}
+exports.NoopArtifactRegistryCleaner = NoopArtifactRegistryCleaner;
 class ContainerRegistryCleaner {
     constructor() {
         this.helpers = {};
     }
     helper(location) {
-        const subdomain = exports.SUBDOMAIN_MAPPING[location] || "us";
+        const subdomain = docker.GCR_SUBDOMAIN_MAPPING[location] || "us";
         if (!this.helpers[subdomain]) {
             const origin = `https://${subdomain}.${api_1.containerRegistryDomain}`;
             this.helpers[subdomain] = new DockerHelper(origin);
@@ -185,14 +174,14 @@ function getHelper(cache, subdomain) {
 }
 async function listGcfPaths(projectId, locations, dockerHelpers = {}) {
     if (!locations) {
-        locations = Object.keys(exports.SUBDOMAIN_MAPPING);
+        locations = Object.keys(docker.GCR_SUBDOMAIN_MAPPING);
     }
-    const invalidRegion = locations.find((loc) => !exports.SUBDOMAIN_MAPPING[loc]);
+    const invalidRegion = locations.find((loc) => !docker.GCR_SUBDOMAIN_MAPPING[loc]);
     if (invalidRegion) {
         throw new error_1.FirebaseError(`Invalid region ${invalidRegion} supplied`);
     }
     const locationsSet = new Set(locations);
-    const subdomains = new Set(Object.values(exports.SUBDOMAIN_MAPPING));
+    const subdomains = new Set(Object.values(docker.GCR_SUBDOMAIN_MAPPING));
     const failedSubdomains = [];
     const listAll = [];
     for (const subdomain of subdomains) {
@@ -223,26 +212,27 @@ async function listGcfPaths(projectId, locations, dockerHelpers = {}) {
         throw new error_1.FirebaseError(`Failed to search the following subdomains: ${failedSubdomains.join(",")}`);
     }
     return gcfDirs.map((loc) => {
-        return `${exports.SUBDOMAIN_MAPPING[loc]}.${api_1.containerRegistryDomain}/${projectId}/gcf/${loc}`;
+        return `${docker.GCR_SUBDOMAIN_MAPPING[loc]}.${api_1.containerRegistryDomain}/${projectId}/gcf/${loc}`;
     });
 }
 exports.listGcfPaths = listGcfPaths;
 async function deleteGcfArtifacts(projectId, locations, dockerHelpers = {}) {
     if (!locations) {
-        locations = Object.keys(exports.SUBDOMAIN_MAPPING);
+        locations = Object.keys(docker.GCR_SUBDOMAIN_MAPPING);
     }
-    const invalidRegion = locations.find((loc) => !exports.SUBDOMAIN_MAPPING[loc]);
+    const invalidRegion = locations.find((loc) => !docker.GCR_SUBDOMAIN_MAPPING[loc]);
     if (invalidRegion) {
         throw new error_1.FirebaseError(`Invalid region ${invalidRegion} supplied`);
     }
-    const subdomains = new Set(Object.values(exports.SUBDOMAIN_MAPPING));
+    const subdomains = new Set(Object.values(docker.GCR_SUBDOMAIN_MAPPING));
     const failedSubdomains = [];
     const deleteLocations = locations.map((loc) => {
+        const subdomain = docker.GCR_SUBDOMAIN_MAPPING[loc];
         try {
-            return getHelper(dockerHelpers, exports.SUBDOMAIN_MAPPING[loc]).rm(`${projectId}/gcf/${loc}`);
+            return getHelper(dockerHelpers, subdomain).rm(`${projectId}/gcf/${loc}`);
         }
         catch (err) {
-            failedSubdomains.push(exports.SUBDOMAIN_MAPPING[loc]);
+            failedSubdomains.push(subdomain);
             logger_1.logger.debug(err);
         }
     });

package/lib/deploy/functions/eventTypes.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PUBSUB_V2_EVENT = exports.STORAGE_V2_EVENTS = void 0;
+exports.STORAGE_V2_EVENTS = [
+    "google.cloud.storage.object.v1.finalized",
+    "google.cloud.storage.object.v1.archived",
+    "google.cloud.storage.object.v1.deleted",
+    "google.cloud.storage.object.v1.metadataUpdated",
+];
+exports.PUBSUB_V2_EVENT = "google.cloud.pubsub.topic.v1.messagePublished";

package/lib/deploy/functions/prepare.js

@@ -19,12 +19,20 @@ const validate = require("./validate");
 const utils = require("../../utils");
 const logger_1 = require("../../logger");
 const triggerRegionHelper_1 = require("./triggerRegionHelper");
+const checkIam_1 = require("./checkIam");
 function hasUserConfig(config) {
     return Object.keys(config).length > 1;
 }
 function hasDotenv(opts) {
     return previews_1.previews.dotenv && functionsEnv.hasUserEnvs(opts);
 }
+async function maybeEnableAR(projectId) {
+    if (previews_1.previews.artifactregistry) {
+        return ensureApiEnabled.check(projectId, "artifactregistry.googleapis.com", "functions", true);
+    }
+    await ensureApiEnabled.ensure(projectId, "artifactregistry.googleapis.com", "functions");
+    return true;
+}
 async function prepare(context, options, payload) {
     if (!options.config.src.functions) {
         return;
@@ -39,9 +47,10 @@ async function prepare(context, options, payload) {
         ensureApiEnabled.ensure(projectId, "cloudfunctions.googleapis.com", "functions"),
         ensureApiEnabled.check(projectId, "runtimeconfig.googleapis.com", "runtimeconfig", true),
         ensureCloudBuildEnabled_1.ensureCloudBuildEnabled(projectId),
-        ensureApiEnabled.ensure(projectId, "artifactregistry.googleapis.com", "functions"),
+        maybeEnableAR(projectId),
     ]);
     context.runtimeConfigEnabled = checkAPIsEnabled[1];
+    context.artifactRegistryEnabled = checkAPIsEnabled[3];
     const firebaseConfig = await functionsConfig.getFirebaseConfig(options);
     context.firebaseConfig = firebaseConfig;
     const runtimeConfig = await prepareFunctionsUpload_1.getFunctionsConfig(context);
@@ -104,8 +113,9 @@ async function prepare(context, options, payload) {
         return functionsDeployHelper_1.functionMatchesAnyGroup(endpoint, context.filters);
     });
     const haveBackend = await backend.existingBackend(context);
+    await checkIam_1.ensureServiceAgentRoles(projectId, wantBackend, haveBackend);
     inferDetailsFromExisting(wantBackend, haveBackend, usedDotenv);
-    await triggerRegionHelper_1.lookupMissingTriggerRegions(wantBackend);
+    await triggerRegionHelper_1.ensureTriggerRegions(wantBackend);
     await prompts_1.promptForFailurePolicies(options, matchingBackend, haveBackend);
     await prompts_1.promptForMinInstances(options, matchingBackend, haveBackend);
     await backend.checkAvailability(context, wantBackend);

package/lib/deploy/functions/release/fabricator.js

@@ -157,6 +157,9 @@ class Fabricator {
             throw new Error("Precondition failed");
         }
         const apiFunction = gcf.functionFromEndpoint(endpoint, this.sourceUrl);
+        if (apiFunction.httpsTrigger) {
+            apiFunction.httpsTrigger.securityLevel = "SECURE_ALWAYS";
+        }
         apiFunction.sourceToken = await scraper.tokenPromise();
         const resultFunction = await this.functionExecutor
             .run(async () => {

package/lib/deploy/functions/runtimes/node/parseTriggers.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = exports.GCS_EVENTS = void 0;
+exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = void 0;
 const path = require("path");
 const _ = require("lodash");
 const child_process_1 = require("child_process");
@@ -9,13 +9,8 @@ const logger_1 = require("../../../../logger");
 const backend = require("../../backend");
 const api = require("../../../../api");
 const proto = require("../../../../gcp/proto");
+const eventTypes_1 = require("../../eventTypes");
 const TRIGGER_PARSER = path.resolve(__dirname, "./triggerParser.js");
-exports.GCS_EVENTS = new Set([
-    "google.cloud.storage.object.v1.finalized",
-    "google.cloud.storage.object.v1.archived",
-    "google.cloud.storage.object.v1.deleted",
-    "google.cloud.storage.object.v1.metadataUpdated",
-]);
 function removeInspectOptions(options) {
     return options.filter((opt) => !opt.startsWith("--inspect"));
 }
@@ -64,7 +59,6 @@ async function discoverBackend(projectId, sourceDir, runtime, configValues, envs
 }
 exports.discoverBackend = discoverBackend;
 function addResourcesToBackend(projectId, runtime, annotation, want) {
-    var _a;
     Object.freeze(annotation);
     for (const region of annotation.regions || [api.functionsDefaultRegion]) {
         let triggered;
@@ -99,7 +93,7 @@ function addResourcesToBackend(projectId, runtime, annotation, want) {
                     retry: !!annotation.failurePolicy,
                 },
             };
-            if (exports.GCS_EVENTS.has(((_a = annotation.eventTrigger) === null || _a === void 0 ? void 0 : _a.eventType) || "")) {
+            if (eventTypes_1.STORAGE_V2_EVENTS.find((event) => { var _a; return event === (((_a = annotation.eventTrigger) === null || _a === void 0 ? void 0 : _a.eventType) || ""); })) {
                 triggered.eventTrigger.eventFilters = {
                     bucket: annotation.eventTrigger.resource,
                 };

package/lib/deploy/functions/services/index.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serviceForEndpoint = exports.EVENT_SERVICE_MAPPING = exports.StorageService = exports.PubSubService = exports.NoOpService = void 0;
+const backend = require("../backend");
+const storage_1 = require("./storage");
+const noop = () => Promise.resolve();
+exports.NoOpService = {
+    name: "noop",
+    api: "",
+    requiredProjectBindings: undefined,
+    ensureTriggerRegion: noop,
+};
+exports.PubSubService = {
+    name: "pubsub",
+    api: "pubsub.googleapis.com",
+    requiredProjectBindings: undefined,
+    ensureTriggerRegion: noop,
+};
+exports.StorageService = {
+    name: "storage",
+    api: "storage.googleapis.com",
+    requiredProjectBindings: storage_1.obtainStorageBindings,
+    ensureTriggerRegion: storage_1.ensureStorageTriggerRegion,
+};
+exports.EVENT_SERVICE_MAPPING = {
+    "google.cloud.pubsub.topic.v1.messagePublished": exports.PubSubService,
+    "google.cloud.storage.object.v1.finalized": exports.StorageService,
+    "google.cloud.storage.object.v1.archived": exports.StorageService,
+    "google.cloud.storage.object.v1.deleted": exports.StorageService,
+    "google.cloud.storage.object.v1.metadataUpdated": exports.StorageService,
+};
+function serviceForEndpoint(endpoint) {
+    if (!backend.isEventTriggered(endpoint)) {
+        return exports.NoOpService;
+    }
+    return exports.EVENT_SERVICE_MAPPING[endpoint.eventTrigger.eventType] || exports.NoOpService;
+}
+exports.serviceForEndpoint = serviceForEndpoint;

package/lib/deploy/functions/services/storage.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureStorageTriggerRegion = exports.obtainStorageBindings = void 0;
+const storage = require("../../../gcp/storage");
+const logger_1 = require("../../../logger");
+const error_1 = require("../../../error");
+const location_1 = require("../../../gcp/location");
+const PUBSUB_PUBLISHER_ROLE = "roles/pubsub.publisher";
+async function obtainStorageBindings(projectId, existingPolicy) {
+    const storageResponse = await storage.getServiceAccount(projectId);
+    const storageServiceAgent = `serviceAccount:${storageResponse.email_address}`;
+    let pubsubBinding = existingPolicy.bindings.find((b) => b.role === PUBSUB_PUBLISHER_ROLE);
+    if (!pubsubBinding) {
+        pubsubBinding = {
+            role: PUBSUB_PUBLISHER_ROLE,
+            members: [],
+        };
+    }
+    if (!pubsubBinding.members.find((m) => m === storageServiceAgent)) {
+        pubsubBinding.members.push(storageServiceAgent);
+    }
+    return [pubsubBinding];
+}
+exports.obtainStorageBindings = obtainStorageBindings;
+async function ensureStorageTriggerRegion(endpoint, eventTrigger) {
+    if (!eventTrigger.region) {
+        logger_1.logger.debug("Looking up bucket region for the storage event trigger");
+        try {
+            const bucket = await storage.getBucket(eventTrigger.eventFilters.bucket);
+            eventTrigger.region = bucket.location.toLowerCase();
+            logger_1.logger.debug("Setting the event trigger region to", eventTrigger.region, ".");
+        }
+        catch (err) {
+            throw new error_1.FirebaseError("Can't find the storage bucket region", { original: err });
+        }
+    }
+    if (endpoint.region !== eventTrigger.region &&
+        eventTrigger.region !== "us-central1" &&
+        !location_1.regionInLocation(endpoint.region, eventTrigger.region)) {
+        throw new error_1.FirebaseError(`A function in region ${endpoint.region} cannot listen to a bucket in region ${eventTrigger.region}`);
+    }
+}
+exports.ensureStorageTriggerRegion = ensureStorageTriggerRegion;

package/lib/deploy/functions/triggerRegionHelper.js

@@ -1,40 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.lookupMissingTriggerRegions = void 0;
+exports.ensureTriggerRegions = void 0;
 const backend = require("./backend");
-const storage = require("../../gcp/storage");
-const error_1 = require("../../error");
-const logger_1 = require("../../logger");
-const noop = () => Promise.resolve();
-const LOOKUP_BY_EVENT_TYPE = {
-    "google.cloud.pubsub.topic.v1.messagePublished": noop,
-    "google.cloud.storage.object.v1.finalized": lookupBucketRegion,
-    "google.cloud.storage.object.v1.archived": lookupBucketRegion,
-    "google.cloud.storage.object.v1.deleted": lookupBucketRegion,
-    "google.cloud.storage.object.v1.metadataUpdated": lookupBucketRegion,
-};
-async function lookupMissingTriggerRegions(want) {
+const services_1 = require("./services");
+async function ensureTriggerRegions(want) {
     const regionLookups = [];
     for (const ep of backend.allEndpoints(want)) {
-        if (ep.platform === "gcfv1" || !backend.isEventTriggered(ep) || ep.eventTrigger.region) {
+        if (ep.platform === "gcfv1" || !backend.isEventTriggered(ep)) {
             continue;
         }
-        const lookup = LOOKUP_BY_EVENT_TYPE[ep.eventTrigger.eventType];
-        if (!lookup) {
-            logger_1.logger.debug("Don't know how to look up trigger region for event type", ep.eventTrigger.eventType, ". Deploy will fail unless this event type is global");
-            continue;
-        }
-        regionLookups.push(lookup(ep));
+        regionLookups.push(services_1.serviceForEndpoint(ep).ensureTriggerRegion(ep, ep.eventTrigger));
     }
     await Promise.all(regionLookups);
 }
-exports.lookupMissingTriggerRegions = lookupMissingTriggerRegions;
-async function lookupBucketRegion(endpoint) {
-    try {
-        const bucket = await storage.getBucket(endpoint.eventTrigger.eventFilters.bucket);
-        endpoint.eventTrigger.region = bucket.location.toLowerCase();
-    }
-    catch (err) {
-        throw new error_1.FirebaseError("Can't find the storage bucket region", { original: err });
-    }
-}
+exports.ensureTriggerRegions = ensureTriggerRegions;

package/lib/emulator/auth/operations.js

@@ -1010,7 +1010,7 @@ function signInWithEmailLink(state, reqBody) {
     }
 }
 function signInWithIdp(state, reqBody) {
-    var _a, _b;
+    var _a, _b, _c;
     errors_1.assert(!state.disableAuth, "PROJECT_DISABLED");
     errors_1.assert(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     if (reqBody.returnRefreshToken) {
@@ -1041,7 +1041,16 @@ function signInWithIdp(state, reqBody) {
             throw new errors_1.NotImplementedError("The Auth Emulator only supports sign-in with credentials (id_token required).");
         }
     }
-    let { response, rawId } = fakeFetchUserInfoFromIdp(providerId, claims);
+    let samlResponse;
+    let signInAttributes = undefined;
+    if (normalizedUri.searchParams.get("SAMLResponse")) {
+        samlResponse = JSON.parse(normalizedUri.searchParams.get("SAMLResponse"));
+        signInAttributes = (_b = samlResponse.assertion) === null || _b === void 0 ? void 0 : _b.attributeStatements;
+        errors_1.assert(samlResponse.assertion, "INVALID_IDP_RESPONSE ((Missing assertion in SAMLResponse.))");
+        errors_1.assert(samlResponse.assertion.subject, "INVALID_IDP_RESPONSE ((Missing assertion.subject in SAMLResponse.))");
+        errors_1.assert(samlResponse.assertion.subject.nameId, "INVALID_IDP_RESPONSE ((Missing assertion.subject.nameId in SAMLResponse.))");
+    }
+    let { response, rawId } = fakeFetchUserInfoFromIdp(providerId, claims, samlResponse);
     response.oauthAccessToken =
         oauthAccessToken || `FirebaseAuthEmulatorFakeAccessToken_${providerId}`;
     response.oauthIdToken = oauthIdToken;
@@ -1101,12 +1110,12 @@ function signInWithIdp(state, reqBody) {
     if (state instanceof state_1.TenantProjectState) {
         response.tenantId = state.tenantId;
     }
-    if ((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") && ((_b = user.mfaInfo) === null || _b === void 0 ? void 0 : _b.length)) {
+    if ((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") && ((_c = user.mfaInfo) === null || _c === void 0 ? void 0 : _c.length)) {
         return Object.assign(Object.assign({}, response), mfaPending(state, user, providerId));
     }
     else {
         user = state.updateUserByLocalId(user.localId, { lastLoginAt: Date.now().toString() });
-        return Object.assign(Object.assign({}, response), issueTokens(state, user, providerId));
+        return Object.assign(Object.assign({}, response), issueTokens(state, user, providerId, { signInAttributes }));
     }
 }
 function signInWithPassword(state, reqBody) {
@@ -1391,7 +1400,7 @@ function redactPasswordHash(user) {
 function hashPassword(password, salt) {
     return `fakeHash:salt=${salt}:password=${password}`;
 }
-function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, } = {}) {
+function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, signInAttributes, } = {}) {
     user = state.updateUserByLocalId(user.localId, { lastRefreshAt: new Date().toISOString() });
     const usageMode = state.usageMode === state_1.UsageMode.PASSTHROUGH ? "passthrough" : undefined;
     const tenantId = state instanceof state_1.TenantProjectState ? state.tenantId : undefined;
@@ -1404,6 +1413,7 @@ function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, }
         secondFactor,
         usageMode,
         tenantId,
+        signInAttributes,
     });
     const refreshToken = state.usageMode === state_1.UsageMode.DEFAULT
         ? state.createRefreshTokenFor(user, signInProvider, {
@@ -1435,7 +1445,7 @@ function parseIdToken(state, idToken) {
     const signInProvider = decoded.payload.firebase.sign_in_provider;
     return { user, signInProvider, payload: decoded.payload };
 }
-function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraClaims = {}, secondFactor, usageMode, tenantId, }) {
+function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraClaims = {}, secondFactor, usageMode, tenantId, signInAttributes, }) {
     const identities = {};
     if (user.email) {
         identities["email"] = [user.email];
@@ -1459,6 +1469,7 @@ function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraC
             sign_in_second_factor: secondFactor === null || secondFactor === void 0 ? void 0 : secondFactor.provider,
             usage_mode: usageMode,
             tenant: tenantId,
+            sign_in_attributes: signInAttributes,
         } });
     const jwtStr = jsonwebtoken_1.sign(customPayloadFields, "", {
         algorithm: "none",
@@ -1603,7 +1614,8 @@ function parseClaims(idTokenOrJsonClaims) {
     errors_1.assert(typeof claims.sub === "string", 'INVALID_IDP_RESPONSE : ((The "sub" field must be a string.))');
     return claims;
 }
-function fakeFetchUserInfoFromIdp(providerId, claims) {
+function fakeFetchUserInfoFromIdp(providerId, claims, samlResponse) {
+    var _a, _b, _c, _d, _e;
     const rawId = claims.sub;
     const email = claims.email ? utils_1.canonicalizeEmailAddress(claims.email) : undefined;
     const emailVerified = !!claims.email_verified;
@@ -1620,7 +1632,7 @@ function fakeFetchUserInfoFromIdp(providerId, claims) {
         emailVerified,
         photoUrl,
     };
-    let federatedId;
+    let federatedId = rawId;
     switch (providerId) {
         case "google.com": {
             federatedId = `https://accounts.google.com/${rawId}`;
@@ -1643,8 +1655,14 @@ function fakeFetchUserInfoFromIdp(providerId, claims) {
             });
             break;
         }
+        case (_a = providerId.match(/^saml\./)) === null || _a === void 0 ? void 0 : _a.input:
+            const nameId = (_c = (_b = samlResponse === null || samlResponse === void 0 ? void 0 : samlResponse.assertion) === null || _b === void 0 ? void 0 : _b.subject) === null || _c === void 0 ? void 0 : _c.nameId;
+            response.email = nameId && utils_1.isValidEmailAddress(nameId) ? nameId : response.email;
+            response.emailVerified = true;
+            response.rawUserInfo = JSON.stringify((_d = samlResponse === null || samlResponse === void 0 ? void 0 : samlResponse.assertion) === null || _d === void 0 ? void 0 : _d.attributeStatements);
+            break;
+        case (_e = providerId.match(/^oidc\./)) === null || _e === void 0 ? void 0 : _e.input:
         default:
-            federatedId = rawId;
             response.rawUserInfo = JSON.stringify(claims);
             break;
     }

package/lib/emulator/auth/widget_ui.js

@@ -33,6 +33,7 @@ var firebaseAppId = query.get('appId');
 var apn = query.get('apn');
 var ibi = query.get('ibi');
 var appIdentifier = apn || ibi;
+var isSamlProvider = !!providerId.match(/^saml\./);
 assert(
   appName || clientId || firebaseAppId || appIdentifier,
   'Missing one of appName / clientId / appId / apn / ibi query params.'
@@ -172,6 +173,19 @@ function finishWithUser(urlEncodedIdToken) {
   // Avoid URLSearchParams for browser compatibility.
   url += '?providerId=' + encodeURIComponent(providerId);
   url += '&id_token=' + urlEncodedIdToken;
+
+  // Save reasonable defaults for SAML providers
+  if (isSamlProvider) {
+    var email = document.getElementById('email-input').value;
+    url += '&SAMLResponse=' + encodeURIComponent(JSON.stringify({
+      assertion: {
+        subject: {
+          nameId: email,
+        },
+      },
+    }));
+  }
+
   saveAuthEvent({
     type: authType,
     eventId: eventId,

package/lib/ensureApiEnabled.js

@@ -1,22 +1,23 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ensure = exports.enable = exports.check = exports.POLL_SETTINGS = void 0;
-const _ = require("lodash");
 const cli_color_1 = require("cli-color");
 const track = require("./track");
-const api = require("./api");
+const api_1 = require("./api");
+const apiv2_1 = require("./apiv2");
 const utils = require("./utils");
 const error_1 = require("./error");
 exports.POLL_SETTINGS = {
     pollInterval: 10000,
     pollsBeforeRetry: 12,
 };
+const apiClient = new apiv2_1.Client({
+    urlPrefix: api_1.serviceUsageOrigin,
+    apiVersion: "v1",
+});
 async function check(projectId, apiName, prefix, silent = false) {
-    const response = await api.request("GET", `/v1/projects/${projectId}/services/${apiName}`, {
-        auth: true,
-        origin: api.serviceUsageOrigin,
-    });
-    const isEnabled = _.get(response.body, "state") === "ENABLED";
+    const res = await apiClient.get(`/projects/${projectId}/services/${apiName}`);
+    const isEnabled = res.body.state === "ENABLED";
     if (isEnabled && !silent) {
         utils.logLabeledSuccess(prefix, `required API ${cli_color_1.bold(apiName)} is enabled`);
     }
@@ -25,10 +26,7 @@ async function check(projectId, apiName, prefix, silent = false) {
 exports.check = check;
 async function enable(projectId, apiName) {
     try {
-        await api.request("POST", `/v1/projects/${projectId}/services/${apiName}:enable`, {
-            auth: true,
-            origin: api.serviceUsageOrigin,
-        });
+        await apiClient.post(`/projects/${projectId}/services/${apiName}:enable`);
     }
     catch (err) {
         if (error_1.isBillingError(err)) {
@@ -49,7 +47,7 @@ async function pollCheckEnabled(projectId, apiName, prefix, silent, enablementRe
     });
     const isEnabled = await check(projectId, apiName, prefix, silent);
     if (isEnabled) {
-        track("api_enabled", apiName);
+        void track("api_enabled", apiName);
         return;
     }
     if (!silent) {

package/lib/gcp/cloudfunctions.js

@@ -4,6 +4,7 @@ exports.functionFromEndpoint = exports.endpointFromFunction = exports.listAllFun
 const clc = require("cli-color");
 const error_1 = require("../error");
 const logger_1 = require("../logger");
+const previews_1 = require("../previews");
 const api = require("../api");
 const backend = require("../deploy/functions/backend");
 const utils = require("../utils");
@@ -50,8 +51,12 @@ async function createFunction(cloudFunction) {
     const apiPath = cloudFunction.name.substring(0, cloudFunction.name.lastIndexOf("/"));
     const endpoint = `/${exports.API_VERSION}/${apiPath}`;
     try {
+        const headers = {};
+        if (previews_1.previews.artifactregistry) {
+            headers["X-Firebase-Artifact-Registry"] = "optin";
+        }
         const res = await api.request("POST", endpoint, {
-            headers: { "X-Firebase-Artifact-Registry": "optin" },
+            headers,
             auth: true,
             data: cloudFunction,
             origin: api.functionsOrigin,
@@ -146,8 +151,12 @@ async function updateFunction(cloudFunction) {
     const endpoint = `/${exports.API_VERSION}/${cloudFunction.name}`;
     const fieldMasks = proto.fieldMasks(cloudFunction, "labels", "environmentVariables");
     try {
+        const headers = {};
+        if (previews_1.previews.artifactregistry) {
+            headers["X-Firebase-Artifact-Registry"] = "optin";
+        }
         const res = await api.request("PATCH", endpoint, {
-            headers: { "X-Firebase-Artifact-Registry": "optin" },
+            headers,
             qs: {
                 updateMask: fieldMasks.join(","),
             },

package/lib/gcp/cloudfunctionsv2.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.endpointFromFunction = exports.functionFromEndpoint = exports.deleteFunction = exports.updateFunction = exports.listAllFunctions = exports.listFunctions = exports.getFunction = exports.createFunction = exports.generateUploadUrl = exports.PUBSUB_PUBLISH_EVENT = exports.API_VERSION = void 0;
+exports.endpointFromFunction = exports.functionFromEndpoint = exports.deleteFunction = exports.updateFunction = exports.listAllFunctions = exports.listFunctions = exports.getFunction = exports.createFunction = exports.generateUploadUrl = exports.megabytes = exports.PUBSUB_PUBLISH_EVENT = exports.API_VERSION = void 0;
 const clc = require("cli-color");
 const apiv2_1 = require("../apiv2");
 const error_1 = require("../error");
@@ -17,6 +17,35 @@ const client = new apiv2_1.Client({
     apiVersion: exports.API_VERSION,
 });
 exports.PUBSUB_PUBLISH_EVENT = "google.cloud.pubsub.topic.v1.messagePublished";
+const BYTES_PER_UNIT = {
+    "": 1,
+    k: 1e3,
+    M: 1e6,
+    G: 1e9,
+    T: 1e12,
+    Ki: 1 << 10,
+    Mi: 1 << 20,
+    Gi: 1 << 30,
+    Ti: 1 << 40,
+};
+function megabytes(memory) {
+    const re = /^([0-9]+(\.[0-9]*)?)(Ki|Mi|Gi|Ti|k|M|G|T|([eE]([0-9]+)))?$/;
+    const matches = re.exec(memory);
+    if (!matches) {
+        throw new Error(`Invalid memory quantity "${memory}""`);
+    }
+    const quantity = Number.parseFloat(matches[1]);
+    let bytes;
+    if (matches[5]) {
+        bytes = quantity * Math.pow(10, Number.parseFloat(matches[5]));
+    }
+    else {
+        const suffix = matches[3] || "";
+        bytes = quantity * BYTES_PER_UNIT[suffix];
+    }
+    return bytes / 1e6;
+}
+exports.megabytes = megabytes;
 function functionsOpLogReject(funcName, type, err) {
     var _a, _b;
     if (((_b = (_a = err === null || err === void 0 ? void 0 : err.context) === null || _a === void 0 ? void 0 : _a.response) === null || _b === void 0 ? void 0 : _b.statusCode) === 429) {
@@ -136,7 +165,8 @@ function functionFromEndpoint(endpoint, source) {
         serviceConfig: {},
     };
     proto.copyIfPresent(gcfFunction, endpoint, "labels");
-    proto.copyIfPresent(gcfFunction.serviceConfig, endpoint, "availableMemoryMb", "environmentVariables", "vpcConnector", "vpcConnectorEgressSettings", "serviceAccountEmail", "ingressSettings");
+    proto.copyIfPresent(gcfFunction.serviceConfig, endpoint, "environmentVariables", "vpcConnector", "vpcConnectorEgressSettings", "serviceAccountEmail", "ingressSettings");
+    proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "availableMemory", "availableMemoryMb", (mb) => `${mb}M`);
     proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "timeoutSeconds", "timeout", proto.secondsFromDuration);
     proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "minInstanceCount", "minInstances");
     proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "maxInstanceCount", "maxInstances");
@@ -153,6 +183,7 @@ function functionFromEndpoint(endpoint, source) {
                 gcfFunction.eventTrigger.eventFilters.push({ attribute, value });
             }
         }
+        proto.renameIfPresent(gcfFunction.eventTrigger, endpoint.eventTrigger, "triggerRegion", "region");
         if (endpoint.eventTrigger.retry) {
             logger_1.logger.warn("Cannot set a retry policy on Cloud Function", endpoint.id);
         }
@@ -207,7 +238,8 @@ function endpointFromFunction(gcfFunction) {
     const endpoint = Object.assign(Object.assign({ platform: "gcfv2", id,
         project,
         region }, trigger), { entryPoint: gcfFunction.buildConfig.entryPoint, runtime: gcfFunction.buildConfig.runtime, uri: gcfFunction.serviceConfig.uri });
-    proto.copyIfPresent(endpoint, gcfFunction.serviceConfig, "serviceAccountEmail", "availableMemoryMb", "vpcConnector", "vpcConnectorEgressSettings", "ingressSettings", "environmentVariables");
+    proto.copyIfPresent(endpoint, gcfFunction.serviceConfig, "serviceAccountEmail", "vpcConnector", "vpcConnectorEgressSettings", "ingressSettings", "environmentVariables");
+    proto.renameIfPresent(endpoint, gcfFunction.serviceConfig, "availableMemoryMb", "availableMemory", megabytes);
     proto.renameIfPresent(endpoint, gcfFunction.serviceConfig, "timeout", "timeoutSeconds", proto.durationFromSeconds);
     proto.renameIfPresent(endpoint, gcfFunction.serviceConfig, "minInstances", "minInstanceCount");
     proto.renameIfPresent(endpoint, gcfFunction.serviceConfig, "maxInstances", "maxInstanceCount");

package/lib/gcp/docker.js

@@ -1,8 +1,36 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Client = void 0;
+exports.Client = exports.GCR_SUBDOMAIN_MAPPING = void 0;
 const error_1 = require("../error");
 const api = require("../apiv2");
+exports.GCR_SUBDOMAIN_MAPPING = {
+    "us-west1": "us",
+    "us-west2": "us",
+    "us-west3": "us",
+    "us-west4": "us",
+    "us-central1": "us",
+    "us-central2": "us",
+    "us-east1": "us",
+    "us-east4": "us",
+    "northamerica-northeast1": "us",
+    "southamerica-east1": "us",
+    "europe-west1": "eu",
+    "europe-west2": "eu",
+    "europe-west3": "eu",
+    "europe-west4": "eu",
+    "europe-west5": "eu",
+    "europe-west6": "eu",
+    "europe-central2": "eu",
+    "europe-north1": "eu",
+    "asia-east1": "asia",
+    "asia-east2": "asia",
+    "asia-northeast1": "asia",
+    "asia-northeast2": "asia",
+    "asia-northeast3": "asia",
+    "asia-south1": "asia",
+    "asia-southeast2": "asia",
+    "australia-southeast1": "asia",
+};
 function isErrors(response) {
     return !!response && Object.prototype.hasOwnProperty.call(response, "errors");
 }

package/lib/gcp/location.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.regionInLocation = exports.DUAL_REGION_MAPPING = exports.MULTI_REGION_MAPPING = void 0;
+exports.MULTI_REGION_MAPPING = {
+    "us-central1": "us",
+    "us-east1": "us",
+    "us-east4": "us",
+    "us-west1": "us",
+    "us-west2": "us",
+    "us-west3": "us",
+    "us-west4": "us",
+    "europe-central2": "eu",
+    "europe-north1": "eu",
+    "europe-west1": "eu",
+    "europe-west3": "eu",
+    "europe-west4": "eu",
+    "europe-west5": "eu",
+    "asia-east1": "asia",
+    "asia-east2": "asia",
+    "asia-northeast1": "asia",
+    "asia-northeast2": "asia",
+    "asia-northeast3": "asia",
+    "asia-south1": "asia",
+    "asia-south2": "asia",
+    "asia-southeast1": "asia",
+    "asia-southeast2": "asia",
+};
+exports.DUAL_REGION_MAPPING = {
+    "asia-northeast1": "asia1",
+    "asia-northeast2": "asia1",
+    "europe-north1": "eur4",
+    "europe-west4": "eur4",
+    "us-central1": "nam4",
+    "us-east1": "nam4",
+};
+function regionInLocation(region, location) {
+    region = region.toLowerCase();
+    location = location.toLowerCase();
+    if (exports.MULTI_REGION_MAPPING[region] === location || exports.DUAL_REGION_MAPPING[region] === location) {
+        return true;
+    }
+    return false;
+}
+exports.regionInLocation = regionInLocation;

package/lib/gcp/storage.js

@@ -1,26 +1,29 @@
 "use strict";
-var path = require("path");
-var api = require("../api");
-const { logger } = require("../logger");
-var { FirebaseError } = require("../error");
-function _getDefaultBucket(projectId) {
-    return api
-        .request("GET", "/v1/apps/" + projectId, {
-        auth: true,
-        origin: api.appengineOrigin,
-    })
-        .then(function (resp) {
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getServiceAccount = exports.getBucket = exports.deleteObject = exports.uploadObject = exports.upload = exports.getDefaultBucket = void 0;
+const path = require("path");
+const api = require("../api");
+const logger_1 = require("../logger");
+const error_1 = require("../error");
+async function getDefaultBucket(projectId) {
+    try {
+        const resp = await api.request("GET", "/v1/apps/" + projectId, {
+            auth: true,
+            origin: api.appengineOrigin,
+        });
         if (resp.body.defaultBucket === "undefined") {
-            logger.debug("Default storage bucket is undefined.");
-            return Promise.reject(new FirebaseError("Your project is being set up. Please wait a minute before deploying again."));
+            logger_1.logger.debug("Default storage bucket is undefined.");
+            throw new error_1.FirebaseError("Your project is being set up. Please wait a minute before deploying again.");
         }
-        return Promise.resolve(resp.body.defaultBucket);
-    }, function (err) {
-        logger.info("\n\nThere was an issue deploying your functions. Verify that your project has a Google App Engine instance setup at https://console.cloud.google.com/appengine and try again. If this issue persists, please contact support.");
-        return Promise.reject(err);
-    });
+        return resp.body.defaultBucket;
+    }
+    catch (err) {
+        logger_1.logger.info("\n\nThere was an issue deploying your functions. Verify that your project has a Google App Engine instance setup at https://console.cloud.google.com/appengine and try again. If this issue persists, please contact support.");
+        throw err;
+    }
 }
-async function _uploadSource(source, uploadUrl, extraHeaders) {
+exports.getDefaultBucket = getDefaultBucket;
+async function upload(source, uploadUrl, extraHeaders) {
     const url = new URL(uploadUrl);
     const result = await api.request("PUT", url.pathname + url.search, {
         data: source.stream,
@@ -33,9 +36,10 @@ async function _uploadSource(source, uploadUrl, extraHeaders) {
         generation: result.response.headers["x-goog-generation"],
     };
 }
-async function _uploadObject(source, bucketName) {
+exports.upload = upload;
+async function uploadObject(source, bucketName) {
     if (path.extname(source.file) !== ".zip") {
-        throw new FirebaseError(`Expected a file name ending in .zip, got ${source.file}`);
+        throw new error_1.FirebaseError(`Expected a file name ending in .zip, got ${source.file}`);
     }
     const location = `/${bucketName}/${path.basename(source.file)}`;
     const result = await api.request("PUT", location, {
@@ -55,13 +59,15 @@ async function _uploadObject(source, bucketName) {
         generation: result.response.headers["x-goog-generation"],
     };
 }
-function _deleteObject(location) {
+exports.uploadObject = uploadObject;
+function deleteObject(location) {
     return api.request("DELETE", location, {
         auth: true,
         origin: api.storageOrigin,
     });
 }
-async function _getBucket(bucketName) {
+exports.deleteObject = deleteObject;
+async function getBucket(bucketName) {
     try {
         const result = await api.request("GET", `/storage/v1/b/${bucketName}`, {
             auth: true,
@@ -70,16 +76,26 @@ async function _getBucket(bucketName) {
         return result.body;
     }
     catch (err) {
-        logger.debug(err);
-        throw new FirebaseError("Failed to obtain the storage bucket", {
+        logger_1.logger.debug(err);
+        throw new error_1.FirebaseError("Failed to obtain the storage bucket", {
+            original: err,
+        });
+    }
+}
+exports.getBucket = getBucket;
+async function getServiceAccount(projectId) {
+    try {
+        const response = await api.request("GET", `/storage/v1/projects/${projectId}/serviceAccount`, {
+            auth: true,
+            origin: api.storageOrigin,
+        });
+        return response.body;
+    }
+    catch (err) {
+        logger_1.logger.debug(err);
+        throw new error_1.FirebaseError("Failed to obtain the Cloud Storage service agent", {
             original: err,
         });
     }
 }
-module.exports = {
-    getDefaultBucket: _getDefaultBucket,
-    deleteObject: _deleteObject,
-    upload: _uploadSource,
-    uploadObject: _uploadObject,
-    getBucket: _getBucket,
-};
+exports.getServiceAccount = getServiceAccount;

package/lib/init/features/project.js

@@ -72,7 +72,7 @@ async function doSetup(setup, config, options) {
     logger_1.logger.info(`but for now we'll just set up a default project.`);
     logger_1.logger.info();
     const projectFromRcFile = _.get(setup.rcfile, "projects.default");
-    if (projectFromRcFile) {
+    if (projectFromRcFile && !options.project) {
         utils.logBullet(`.firebaserc already has a default project, using ${projectFromRcFile}.`);
         const rcProject = await projects_1.getFirebaseProject(projectFromRcFile);
         setup.projectId = rcProject.projectId;
@@ -81,6 +81,7 @@ async function doSetup(setup, config, options) {
     }
     let projectMetaData;
     if (options.project) {
+        logger_1.logger.debug(`Using project from CLI flag: ${options.project}`);
         projectMetaData = await projects_1.getFirebaseProject(options.project);
     }
     else {

package/lib/previews.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.previews = void 0;
 const lodash_1 = require("lodash");
 const configstore_1 = require("./configstore");
-exports.previews = Object.assign({ rtdbrules: false, ext: false, extdev: false, rtdbmanagement: false, functionsv2: false, golang: false, deletegcfartifacts: false, dotenv: false }, configstore_1.configstore.get("previews"));
+exports.previews = Object.assign({ rtdbrules: false, ext: false, extdev: false, rtdbmanagement: false, functionsv2: false, golang: false, deletegcfartifacts: false, dotenv: false, artifactregistry: false }, configstore_1.configstore.get("previews"));
 if (process.env.FIREBASE_CLI_PREVIEWS) {
     process.env.FIREBASE_CLI_PREVIEWS.split(",").forEach((feature) => {
         if (lodash_1.has(exports.previews, feature)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-tools",
-  "version": "9.23.0",
+  "version": "9.23.1",
   "description": "Command-Line Interface for Firebase",
   "main": "./lib/index.js",
   "bin": {