Add support for secrets in v2 (#1079)

In addition to adding secrets to v2 `__endpoint` annotation, I'm also making following (small) changes: * Enforce that `platform` be part of trigger annotation - Firebase CLI already assumes that it's included. * Endpoint secret environment variable annotation (for v1 & v2)
firebase · Apr 29, 2022 · c91fd9b · c91fd9b
1 parent 0406897
commit c91fd9b
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 21 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1 +1,2 @@
-Adds auth blocking triggers to the auth and identity namespaces (1080).
+- Adds auth blocking triggers to the auth and identity namespaces (1080).
+- Add support for secrets for v2 triggers (#1079).
diff --git a/spec/v1/cloud-functions.spec.ts b/spec/v1/cloud-functions.spec.ts
@@ -29,7 +29,7 @@ import {
   EventContext,
   makeCloudFunction,
   MakeCloudFunctionArgs,
-} from '../../src/cloud-functions';
+} from '../../src';
 
 describe('makeCloudFunction', () => {
   const cloudFunctionArgs: MakeCloudFunctionArgs<any> = {
@@ -124,7 +124,7 @@ describe('makeCloudFunction', () => {
         },
         retry: false,
       },
-      secretEnvironmentVariables: [{ secret: 'MY_SECRET', key: 'MY_SECRET' }],
+      secretEnvironmentVariables: [{ key: 'MY_SECRET' }],
       labels: {},
     });
   });

diff --git a/spec/v2/providers/fixtures.ts b/spec/v2/providers/fixtures.ts
@@ -1,3 +1,5 @@
+import { ManifestEndpoint } from '../../../src/runtime/manifest';
+import { TriggerAnnotation } from '../../../src/v2/core';
 import * as options from '../../../src/v2/options';
 
 export const FULL_OPTIONS: options.GlobalOptions = {
@@ -15,9 +17,10 @@ export const FULL_OPTIONS: options.GlobalOptions = {
   labels: {
     hello: 'world',
   },
+  secrets: ['MY_SECRET'],
 };
 
-export const FULL_TRIGGER = {
+export const FULL_TRIGGER: TriggerAnnotation = {
   platform: 'gcfv2',
   regions: ['us-west1'],
   availableMemoryMb: 512,
@@ -32,9 +35,10 @@ export const FULL_TRIGGER = {
   labels: {
     hello: 'world',
   },
+  secrets: ['MY_SECRET'],
 };
 
-export const FULL_ENDPOINT = {
+export const FULL_ENDPOINT: ManifestEndpoint = {
   platform: 'gcfv2',
   region: ['us-west1'],
   availableMemoryMb: 512,
@@ -52,4 +56,5 @@ export const FULL_ENDPOINT = {
   labels: {
     hello: 'world',
   },
+  secretEnvironmentVariables: [{ key: 'MY_SECRET' }],
 };
diff --git a/src/cloud-functions.ts b/src/cloud-functions.ts
@@ -636,7 +636,7 @@ export function optionsToEndpoint(
     options,
     'secretEnvironmentVariables',
     'secrets',
-    (secrets) => secrets.map((secret) => ({ secret, key: secret }))
+    (secrets) => secrets.map((secret) => ({ key: secret }))
   );
   if (options?.vpcConnector) {
     endpoint.vpc = { connector: options.vpcConnector };

diff --git a/src/v2/core.ts b/src/v2/core.ts
@@ -24,6 +24,7 @@ import { ManifestEndpoint } from '../runtime/manifest';
 
 /** @internal */
 export interface TriggerAnnotation {
+  platform?: string;
   concurrency?: number;
   minInstances?: number;
   maxInstances?: number;
@@ -44,11 +45,11 @@ export interface TriggerAnnotation {
   vpcConnectorEgressSettings?: string;
   serviceAccountEmail?: string;
   ingressSettings?: string;
+  secrets?: string[];
   blockingTrigger?: {
     eventType: string;
     options?: Record<string, unknown>;
   };
-
   // TODO: schedule
 }
 

diff --git a/src/v2/options.ts b/src/v2/options.ts
@@ -31,6 +31,7 @@ import { ManifestEndpoint } from '../runtime/manifest';
 import { TriggerAnnotation } from './core';
 import { declaredParams } from './params';
 import { ParamSpec } from './params/types';
+import { HttpsOptions } from './providers/https';
 
 /**
  * List of all regions supported by Cloud Functions v2
@@ -215,6 +216,11 @@ export interface GlobalOptions {
    * Invoker to set access control on https functions.
    */
   invoker?: 'public' | 'private' | string | string[];
+
+  /*
+   * Secrets to bind to a functions.
+   */
+  secrets?: string[];
 }
 
 let globalOptions: GlobalOptions | undefined;
@@ -251,7 +257,7 @@ export interface EventHandlerOptions extends GlobalOptions {
  * @internal
  */
 export function optionsToTriggerAnnotations(
-  opts: GlobalOptions | EventHandlerOptions
+  opts: GlobalOptions | EventHandlerOptions | HttpsOptions
 ): TriggerAnnotation {
   const annotation: TriggerAnnotation = {};
   copyIfPresent(
@@ -263,7 +269,8 @@ export function optionsToTriggerAnnotations(
     'ingressSettings',
     'labels',
     'vpcConnector',
-    'vpcConnectorEgressSettings'
+    'vpcConnectorEgressSettings',
+    'secrets'
   );
   convertIfPresent(
     annotation,
@@ -312,7 +319,7 @@ export function optionsToTriggerAnnotations(
  * @internal
  */
 export function optionsToEndpoint(
-  opts: GlobalOptions | EventHandlerOptions
+  opts: GlobalOptions | EventHandlerOptions | HttpsOptions
 ): ManifestEndpoint {
   const endpoint: ManifestEndpoint = {};
   copyIfPresent(
@@ -350,6 +357,13 @@ export function optionsToEndpoint(
     }
     return region;
   });
+  convertIfPresent(
+    endpoint,
+    opts,
+    'secretEnvironmentVariables',
+    'secrets',
+    (secrets) => secrets.map((secret) => ({ key: secret }))
+  );
 
   return endpoint;
 }

diff --git a/src/v2/providers/https.ts b/src/v2/providers/https.ts
@@ -33,14 +33,16 @@ import {
 } from '../../common/providers/https';
 import { ManifestEndpoint } from '../../runtime/manifest';
 import * as options from '../options';
+import { GlobalOptions, SupportedRegion } from '../options';
 
 export { Request, CallableRequest, FunctionsErrorCode, HttpsError };
 
-export interface HttpsOptions extends Omit<options.GlobalOptions, 'region'> {
-  region?:
-    | options.SupportedRegion
-    | string
-    | Array<options.SupportedRegion | string>;
+/**
+ * Options that can be set on an individual HTTPS Cloud Function.
+ */
+export interface HttpsOptions extends Omit<GlobalOptions, 'region'> {
+  /* HTTP functions can override and specify more than one regions. */
+  region?: SupportedRegion | string | Array<SupportedRegion | string>;
   cors?: string | boolean | RegExp | Array<string | RegExp>;
 }
 
@@ -54,7 +56,6 @@ export type HttpsFunction = ((
 export interface CallableFunction<T, Return> extends HttpsFunction {
   run(data: CallableRequest<T>): Return;
 }
-
 export function onRequest(
   opts: HttpsOptions,
   handler: (
@@ -195,9 +196,7 @@ export function onCall<T = any, Return = any | Promise<any>>(
       );
       // global options calls region a scalar and https allows it to be an array,
       // but optionsToTriggerAnnotations handles both cases.
-      const specificOpts = options.optionsToTriggerAnnotations(
-        opts as options.GlobalOptions
-      );
+      const specificOpts = options.optionsToTriggerAnnotations(opts);
       return {
         platform: 'gcfv2',
         ...baseOpts,
@@ -216,8 +215,8 @@ export function onCall<T = any, Return = any | Promise<any>>(
 
   const baseOpts = options.optionsToEndpoint(options.getGlobalOptions());
   // global options calls region a scalar and https allows it to be an array,
-  // but optionsToManifestEndpoint handles both cases.
-  const specificOpts = options.optionsToEndpoint(opts as options.GlobalOptions);
+  // but optionsToEndpoint handles both cases.
+  const specificOpts = options.optionsToEndpoint(opts);
   func.__endpoint = {
     platform: 'gcfv2',
     ...baseOpts,