Nenhuma descrição
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

functions-secrets-set.js 3.8KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
  1. "use strict";
  2. Object.defineProperty(exports, "__esModule", { value: true });
  3. exports.command = void 0;
  4. const tty = require("tty");
  5. const fs = require("fs");
  6. const clc = require("colorette");
  7. const secrets_1 = require("../functions/secrets");
  8. const command_1 = require("../command");
  9. const requirePermissions_1 = require("../requirePermissions");
  10. const prompt_1 = require("../prompt");
  11. const utils_1 = require("../utils");
  12. const projectUtils_1 = require("../projectUtils");
  13. const secretManager_1 = require("../gcp/secretManager");
  14. const secrets = require("../functions/secrets");
  15. const backend = require("../deploy/functions/backend");
  16. exports.command = new command_1.Command("functions:secrets:set <KEY>")
  17. .description("Create or update a secret for use in Cloud Functions for Firebase.")
  18. .withForce("Automatically updates functions to use the new secret.")
  19. .before(requirePermissions_1.requirePermissions, [
  20. "secretmanager.secrets.create",
  21. "secretmanager.secrets.get",
  22. "secretmanager.secrets.update",
  23. "secretmanager.versions.add",
  24. ])
  25. .option("--data-file <dataFile>", 'File path from which to read secret data. Set to "-" to read the secret data from stdin.')
  26. .action(async (unvalidatedKey, options) => {
  27. const projectId = (0, projectUtils_1.needProjectId)(options);
  28. const projectNumber = await (0, projectUtils_1.needProjectNumber)(options);
  29. const key = await (0, secrets_1.ensureValidKey)(unvalidatedKey, options);
  30. const secret = await (0, secrets_1.ensureSecret)(projectId, key, options);
  31. let secretValue;
  32. if ((!options.dataFile || options.dataFile === "-") && tty.isatty(0)) {
  33. secretValue = await (0, prompt_1.promptOnce)({
  34. name: key,
  35. type: "password",
  36. message: `Enter a value for ${key}`,
  37. });
  38. }
  39. else {
  40. let dataFile = 0;
  41. if (options.dataFile && options.dataFile !== "-") {
  42. dataFile = options.dataFile;
  43. }
  44. secretValue = fs.readFileSync(dataFile, "utf-8");
  45. }
  46. const secretVersion = await (0, secretManager_1.addVersion)(projectId, key, secretValue);
  47. (0, utils_1.logSuccess)(`Created a new secret version ${(0, secretManager_1.toSecretVersionResourceName)(secretVersion)}`);
  48. if (!secrets.isFirebaseManaged(secret)) {
  49. (0, utils_1.logBullet)("Please deploy your functions for the change to take effect by running:\n\t" +
  50. clc.bold("firebase deploy --only functions"));
  51. return;
  52. }
  53. const haveBackend = await backend.existingBackend({ projectId });
  54. const endpointsToUpdate = backend
  55. .allEndpoints(haveBackend)
  56. .filter((e) => secrets.inUse({ projectId, projectNumber }, secret, e));
  57. if (endpointsToUpdate.length === 0) {
  58. return;
  59. }
  60. (0, utils_1.logBullet)(`${endpointsToUpdate.length} functions are using stale version of secret ${secret.name}:\n\t` +
  61. endpointsToUpdate.map((e) => `${e.id}(${e.region})`).join("\n\t"));
  62. if (!options.force) {
  63. const confirm = await (0, prompt_1.promptOnce)({
  64. name: "redeploy",
  65. type: "confirm",
  66. default: true,
  67. message: `Do you want to re-deploy the functions and destroy the stale version of secret ${secret.name}?`,
  68. }, options);
  69. if (!confirm) {
  70. (0, utils_1.logBullet)("Please deploy your functions for the change to take effect by running:\n\t" +
  71. clc.bold("firebase deploy --only functions"));
  72. return;
  73. }
  74. }
  75. const updateOps = endpointsToUpdate.map(async (e) => {
  76. (0, utils_1.logBullet)(`Updating function ${e.id}(${e.region})...`);
  77. const updated = await secrets.updateEndpointSecret({ projectId, projectNumber }, secretVersion, e);
  78. (0, utils_1.logBullet)(`Updated function ${e.id}(${e.region}).`);
  79. return updated;
  80. });
  81. await Promise.all(updateOps);
  82. });