Sin descripción
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

functions-secrets-destroy.js 2.8KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
  1. "use strict";
  2. Object.defineProperty(exports, "__esModule", { value: true });
  3. exports.command = void 0;
  4. const command_1 = require("../command");
  5. const projectUtils_1 = require("../projectUtils");
  6. const secretManager_1 = require("../gcp/secretManager");
  7. const prompt_1 = require("../prompt");
  8. const utils_1 = require("../utils");
  9. const secrets = require("../functions/secrets");
  10. const backend = require("../deploy/functions/backend");
  11. exports.command = new command_1.Command("functions:secrets:destroy <KEY>[@version]")
  12. .description("Destroy a secret. Defaults to destroying the latest version.")
  13. .withForce("Destroys a secret without confirmation.")
  14. .action(async (key, options) => {
  15. const projectId = (0, projectUtils_1.needProjectId)(options);
  16. const projectNumber = await (0, projectUtils_1.needProjectNumber)(options);
  17. const haveBackend = await backend.existingBackend({ projectId });
  18. let [name, version] = key.split("@");
  19. if (!version) {
  20. version = "latest";
  21. }
  22. const sv = await (0, secretManager_1.getSecretVersion)(projectId, name, version);
  23. if (sv.state === "DESTROYED") {
  24. (0, utils_1.logBullet)(`Secret ${sv.secret.name}@${version} is already destroyed. Nothing to do.`);
  25. return;
  26. }
  27. const boundEndpoints = backend
  28. .allEndpoints(haveBackend)
  29. .filter((e) => secrets.inUse({ projectId, projectNumber }, sv.secret, e));
  30. if (boundEndpoints.length > 0) {
  31. const endpointsMsg = boundEndpoints
  32. .map((e) => `${e.id}[${e.platform}](${e.region})`)
  33. .join("\t\n");
  34. (0, utils_1.logWarning)(`Secret ${name}@${version} is currently in use by following functions:\n\t${endpointsMsg}`);
  35. if (!options.force) {
  36. (0, utils_1.logWarning)("Refusing to destroy secret in use. Use -f to destroy the secret anyway.");
  37. return;
  38. }
  39. }
  40. if (!options.force) {
  41. const confirm = await (0, prompt_1.promptOnce)({
  42. name: "destroy",
  43. type: "confirm",
  44. default: true,
  45. message: `Are you sure you want to destroy ${sv.secret.name}@${sv.versionId}`,
  46. }, options);
  47. if (!confirm) {
  48. return;
  49. }
  50. }
  51. await (0, secretManager_1.destroySecretVersion)(projectId, name, version);
  52. (0, utils_1.logBullet)(`Destroyed secret version ${name}@${sv.versionId}`);
  53. const secret = await (0, secretManager_1.getSecret)(projectId, name);
  54. if (secrets.isFirebaseManaged(secret)) {
  55. const versions = await (0, secretManager_1.listSecretVersions)(projectId, name);
  56. if (versions.filter((v) => v.state === "ENABLED").length === 0) {
  57. (0, utils_1.logBullet)(`No active secret versions left. Destroying secret ${name}`);
  58. await (0, secretManager_1.deleteSecret)(projectId, name);
  59. }
  60. }
  61. });