firebase · taeold · Mar 31, 2022 · Jan 27, 2022 · Jan 31, 2022 · Jan 31, 2022
diff --git a/scripts/emulator-tests/fixtures.ts b/scripts/emulator-tests/fixtures.ts
@@ -6,17 +6,6 @@ export const TIMEOUT_MED = 5000;
 export const MODULE_ROOT = findModuleRoot("firebase-tools", __dirname);
 export const FunctionRuntimeBundles: { [key: string]: FunctionsRuntimeBundle } = {
   onCreate: {
-    adminSdkConfig: {
-      databaseURL: "https://fake-project-id-default-rtdb.firebaseio.com",
-      storageBucket: "fake-project-id.appspot.com",
-    },
-    emulators: {
-      firestore: {
-        host: "localhost",
-        port: 8080,
-      },
-    },
-    cwd: MODULE_ROOT,
     proto: {
       data: {
         value: {
@@ -41,22 +30,8 @@ export const FunctionRuntimeBundles: { [key: string]: FunctionsRuntimeBundle } =
         },
       },
     },
-    triggerId: "us-central1-function_id",
-    targetName: "function_id",
-    projectId: "fake-project-id",
   },
   onWrite: {
-    adminSdkConfig: {
-      databaseURL: "https://fake-project-id-default-rtdb.firebaseio.com",
-      storageBucket: "fake-project-id.appspot.com",
-    },
-    emulators: {
-      firestore: {
-        host: "localhost",
-        port: 8080,
-      },
-    },
-    cwd: MODULE_ROOT,
     proto: {
       data: {
         value: {
@@ -81,22 +56,8 @@ export const FunctionRuntimeBundles: { [key: string]: FunctionsRuntimeBundle } =
         },
       },
     },
-    triggerId: "us-central1-function_id",
-    targetName: "function_id",
-    projectId: "fake-project-id",
   },
   onDelete: {
-    adminSdkConfig: {
-      databaseURL: "https://fake-project-id-default-rtdb.firebaseio.com",
-      storageBucket: "fake-project-id.appspot.com",
-    },
-    emulators: {
-      firestore: {
-        host: "localhost",
-        port: 8080,
-      },
-    },
-    cwd: MODULE_ROOT,
     proto: {
       data: {
         oldValue: {
@@ -121,22 +82,8 @@ export const FunctionRuntimeBundles: { [key: string]: FunctionsRuntimeBundle } =
         },
       },
     },
-    triggerId: "us-central1-function_id",
-    targetName: "function_id",
-    projectId: "fake-project-id",
   },
   onUpdate: {
-    adminSdkConfig: {
-      databaseURL: "https://fake-project-id-default-rtdb.firebaseio.com",
-      storageBucket: "fake-project-id.appspot.com",
-    },
-    emulators: {
-      firestore: {
-        host: "localhost",
-        port: 8080,
-      },
-    },
-    cwd: MODULE_ROOT,
     proto: {
       data: {
         oldValue: {
@@ -173,25 +120,9 @@ export const FunctionRuntimeBundles: { [key: string]: FunctionsRuntimeBundle } =
         timestamp: "2019-05-15T16:21:15.148831Z",
       },
     },
-    triggerId: "us-central1-function_id",
-    targetName: "function_id",
-    projectId: "fake-project-id",
   },
   onRequest: {
-    adminSdkConfig: {
-      databaseURL: "https://fake-project-id-default-rtdb.firebaseio.com",
-      storageBucket: "fake-project-id.appspot.com",
-    },
-    emulators: {
-      firestore: {
-        host: "localhost",
-        port: 8080,
-      },
-    },
-    cwd: MODULE_ROOT,
-    triggerId: "us-central1-function_id",
-    targetName: "function_id",
-    projectId: "fake-project-id",
+    proto: {},
   },
 };
 

diff --git a/scripts/emulator-tests/functionsEmulator.spec.ts b/scripts/emulator-tests/functionsEmulator.spec.ts
@@ -3,7 +3,7 @@ import * as express from "express";
 import * as sinon from "sinon";
 import * as supertest from "supertest";
 
-import { SignatureType } from "../../src/emulator/functionsEmulatorShared";
+import { EmulatedTriggerDefinition } from "../../src/emulator/functionsEmulatorShared";
 import {
   EmulatableBackend,
   FunctionsEmulator,
@@ -32,6 +32,7 @@ if ((process.env.DEBUG || "").toLowerCase().includes("spec")) {
 
 const functionsEmulator = new FunctionsEmulator({
   projectId: "fake-project-id",
+  projectDir: MODULE_ROOT,
   emulatableBackends: [
     {
       functionsDir: MODULE_ROOT,
@@ -108,13 +109,11 @@ function useFunctions(triggers: () => {}): void {
   // eslint-disable-next-line @typescript-eslint/unbound-method
   functionsEmulator.startFunctionRuntime = (
     backend: EmulatableBackend,
-    triggerId: string,
-    targetName: string,
-    triggerType: SignatureType,
+    trigger: EmulatedTriggerDefinition,
     proto?: any,
     runtimeOpts?: InvokeRuntimeOpts
   ): RuntimeWorker => {
-    return startFunctionRuntime(testBackend, triggerId, targetName, triggerType, proto, {
+    return startFunctionRuntime(testBackend, trigger, proto, {
       nodeBinary: process.execPath,
       serializedTriggers,
     });

diff --git a/scripts/emulator-tests/functionsEmulatorRuntime.spec.ts b/scripts/emulator-tests/functionsEmulatorRuntime.spec.ts
@@ -26,10 +26,15 @@ const testBackend = {
 };
 
 const functionsEmulator = new FunctionsEmulator({
+  projectDir: MODULE_ROOT,
   projectId: "fake-project-id",
   emulatableBackends: [testBackend],
+  adminSdkConfig: {
+    projectId: "fake-project-id",
+    databaseURL: "https://fake-project-id-default-rtdb.firebaseio.com",
+    storageBucket: "fake-project-id.appspot.com",
+  },
 });
-(functionsEmulator as any).adminSdkConfig = FunctionRuntimeBundles.onRequest.adminSdkConfig;
 
 async function countLogEntries(worker: RuntimeWorker): Promise<{ [key: string]: number }> {
   const runtime = worker.runtime;
@@ -55,11 +60,22 @@ function startRuntimeWithFunctions(
   opts.ignore_warnings = true;
   opts.serializedTriggers = serializedTriggers;
 
+  const dummyTriggerDef = {
+    name: "function_id",
+    region: "region",
+    id: "region-function_id",
+    entryPoint: "function_id",
+    platform: "gcfv1" as const,
+  };
   return functionsEmulator.startFunctionRuntime(
     testBackend,
-    frb.triggerId!,
-    frb.targetName!,
-    signatureType,
+    {
+      ...dummyTriggerDef,
+      // Fill in with dummy trigger info based on given signature type.
+      ...(signatureType === "http"
+        ? { httpsTrigger: {} }
+        : { eventTrigger: { eventType: "", resource: "" } }),
+    },
     frb.proto,
     opts
   );
@@ -450,7 +466,7 @@ describe("FunctionsEmulator-Runtime", () => {
 
         const data = await callHTTPSFunction(worker, frb);
         const info = JSON.parse(data);
-        expect(info.databaseURL).to.eql(frb.adminSdkConfig.databaseURL!);
+        expect(info.databaseURL).to.eql("https://fake-project-id-default-rtdb.firebaseio.com");
       }).timeout(TIMEOUT_MED);
     });
   });

diff --git a/src/commands/functions-secrets-access.ts b/src/commands/functions-secrets-access.ts
@@ -0,0 +1,19 @@
+import { Command } from "../command";
+import { logger } from "../logger";
+import { Options } from "../options";
+import { needProjectId } from "../projectUtils";
+import { accessSecretVersion } from "../gcp/secretManager";
+
+export default new Command("functions:secrets:access <KEY>[@version]")
+  .description(
+    "Access secret value given secret and its version. Defaults to accessing the latest version."
+  )
+  .action(async (key: string, options: Options) => {
+    const projectId = needProjectId(options);
+    let [name, version] = key.split("@");
+    if (!version) {
+      version = "latest";
+    }
+    const value = await accessSecretVersion(projectId, name, version);
+    logger.info(value);
+  });
diff --git a/src/commands/functions-secrets-destroy.ts b/src/commands/functions-secrets-destroy.ts
@@ -0,0 +1,78 @@
+import { Command } from "../command";
+import { Options } from "../options";
+import { needProjectId, needProjectNumber } from "../projectUtils";
+import {
+  deleteSecret,
+  destroySecretVersion,
+  getSecret,
+  getSecretVersion,
+  listSecretVersions,
+} from "../gcp/secretManager";
+import { promptOnce } from "../prompt";
+import { logBullet, logWarning } from "../utils";
+import * as secrets from "../functions/secrets";
+import * as backend from "../deploy/functions/backend";
+import * as args from "../deploy/functions/args";
+
+export default new Command("functions:secrets:destroy <KEY>[@version]")
+  .description("Destroy a secret. Defaults to destroying the latest version.")
+  .withForce("Destroys a secret without confirmation.")
+  .action(async (key: string, options: Options) => {
+    const projectId = needProjectId(options);
+    const projectNumber = await needProjectNumber(options);
+    const haveBackend = await backend.existingBackend({ projectId } as args.Context);
+
+    let [name, version] = key.split("@");
+    if (!version) {
+      version = "latest";
+    }
+    const sv = await getSecretVersion(projectId, name, version);
+
+    if (sv.state === "DESTROYED") {
+      logBullet(`Secret ${sv.secret.name}@${version} is already destroyed. Nothing to do.`);
+      return;
+    }
+
+    const boundEndpoints = backend
+      .allEndpoints(haveBackend)
+      .filter((e) => secrets.inUse({ projectId, projectNumber }, sv.secret, e));
+    if (boundEndpoints.length > 0) {
+      const endpointsMsg = boundEndpoints
+        .map((e) => `${e.id}[${e.platform}](${e.region})`)
+        .join("\t\n");
+      logWarning(
+        `Secret ${name}@${version} is currently in use by following functions:\n\t${endpointsMsg}`
+      );
+      if (!options.force) {
+        logWarning("Refusing to destroy secret in use. Use -f to destroy the secret anyway.");
+        return;
+      }
+    }
+
+    if (!options.force) {
+      const confirm = await promptOnce(
+        {
+          name: "destroy",
+          type: "confirm",
+          default: true,
+          message: `Are you sure you want to destroy ${sv.secret.name}@${sv.versionId}`,
+        },
+        options
+      );
+      if (!confirm) {
+        return;
+      }
+    }
+    await destroySecretVersion(projectId, name, version);
+    logBullet(`Destroyed secret version ${name}@${sv.versionId}`);
+
+    const secret = await getSecret(projectId, name);
+    if (secrets.isFirebaseManaged(secret)) {
+      const versions = await listSecretVersions(projectId, name);
+      if (versions.filter((v) => v.state === "ENABLED").length === 0) {
+        logBullet(`No active secret versions left. Destroying secret ${name}`);
+        // No active secret version. Remove secret resource.
+        await deleteSecret(projectId, name);
+      }
+    }
+  });
diff --git a/src/commands/functions-secrets-get.ts b/src/commands/functions-secrets-get.ts
@@ -0,0 +1,23 @@
+import Table = require("cli-table");
+
+import { Command } from "../command";
+import { logger } from "../logger";
+import { Options } from "../options";
+import { needProjectId } from "../projectUtils";
+import { listSecretVersions } from "../gcp/secretManager";
+
+export default new Command("functions:secrets:get <KEY>")
+  .description("Get metadata for secret and its versions")
+  .action(async (key: string, options: Options) => {
+    const projectId = needProjectId(options);
+    const versions = await listSecretVersions(projectId, key);
+
+    const table = new Table({
+      head: ["Version", "State"],
+      style: { head: ["yellow"] },
+    });
+    for (const version of versions) {
+      table.push([version.versionId, version.state]);
+    }
+    logger.info(table.toString());
+  });
diff --git a/src/commands/functions-secrets-prune.ts b/src/commands/functions-secrets-prune.ts
@@ -0,0 +1,68 @@
+import * as args from "../deploy/functions/args";
+import * as backend from "../deploy/functions/backend";
+import { Command } from "../command";
+import { Options } from "../options";
+import { needProjectId, needProjectNumber } from "../projectUtils";
+import { pruneSecrets } from "../functions/secrets";
+import { requirePermissions } from "../requirePermissions";
+import { isFirebaseManaged } from "../deploymentTool";
+import { logBullet, logSuccess } from "../utils";
+import { promptOnce } from "../prompt";
+import { destroySecretVersion } from "../gcp/secretManager";
+
+export default new Command("functions:secrets:prune")
+  .description("Destroys unused secrets")
+  .before(requirePermissions, [
+    "cloudfunctions.functions.list",
+    "secretmanager.secrets.list",
+    "secretmanager.versions.list",
+    "secretmanager.versions.destroy",
+  ])
+  .action(async (options: Options) => {
+    const projectNumber = await needProjectNumber(options);
+    const projectId = needProjectId(options);
+
+    logBullet("Loading secrets...");
+
+    const haveBackend = await backend.existingBackend({ projectId } as args.Context);
+    const haveEndpoints = backend
+      .allEndpoints(haveBackend)
+      .filter((e) => isFirebaseManaged(e.labels || []));
+
+    const pruned = await pruneSecrets({ projectNumber, projectId }, haveEndpoints);
+
+    if (pruned.length === 0) {
+      logBullet("All secrets are in use. Nothing to prune today.");
+      return;
+    }
+
+    // prompt to get them all deleted
+    logBullet(
+      `Found ${pruned.length} unused active secret versions:\n\t` +
+        pruned.map((sv) => `${sv.secret}@${sv.version}`).join("\n\t")
+    );
+
+    const confirm = await promptOnce(
+      {
+        name: "destroy",
+        type: "confirm",
+        default: true,
+        message: `Do you want to destroy unused secret versions?`,
+      },
+      options
+    );
+
+    if (!confirm) {
+      logBullet(
+        "Run the following commands to destroy each unused secret version:\n\t" +
+          pruned
+            .map((sv) => `firebase functions:secrets:destroy ${sv.secret}@${sv.version}`)
+            .join("\n\t")
+      );
+      return;
+    }
+
+    await Promise.all(pruned.map((sv) => destroySecretVersion(projectId, sv.secret, sv.version)));
+
+    logSuccess("Destroyed all unused secrets!");
+  });