Improve secret parameter support for firebase functions. #9335
Conversation
Summary of ChangesHello @taeold, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the secret management capabilities for Firebase Functions by introducing robust support for JSON-formatted secrets. It streamlines the process of setting and validating complex secret values, improves the interactive and non-interactive user experience with clearer prompts and error messages, and ensures data integrity by validating JSON inputs before storage. These changes make it easier for developers to manage structured configuration data as secrets. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds support for JSON-formatted secrets in Firebase Functions, including a new --format flag for the functions:secrets:set command, auto-detection of JSON from file extensions, and appropriate handling during deployment. The changes are well-implemented, with improved error messages and prompts for a better developer experience. My feedback includes a critical fix for interactive JSON secret input to ensure it's visible, and a few minor suggestions to improve the clarity of error messages.
Key changes: - Added --format flag to functions:secrets:set command - Auto-detect JSON format from .json file extensions - Added format field to SecretParam interface for deploy-time handling - Use visible input() prompt for JSON secrets vs password() for regular secrets - Validate JSON format before storing in Secret Manager - Improved error messages with actionable commands for developers - Added non-interactive mode check with helpful error for missing secrets Example usage: firebase functions:secrets:set STRIPE_CONFIG --format=json --data-file config.json cat config.json | firebase functions:secrets:set STRIPE_CONFIG --format=json
taeold
force-pushed
the
json-secrets-support
branch
from
8dc5984 to
b6cb593
Compare
- Include parse error message in JSON validation errors for better debugging - Remove redundant --format=json flag from error suggestions (auto-detected from .json extension) - Use consistent <file.json> placeholder instead of config.json in examples - Implement custom secret reading logic to handle file/stdin/interactive input - Keep all interactive secrets hidden using password() for security (including JSON)
- Include parse error message in JSON validation errors for better debugging - Remove redundant --format=json flag from error suggestions (auto-detected from .json extension) - Use consistent <file.json> placeholder instead of config.json in examples - Keep all interactive secrets hidden using password() for security (including JSON)
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces valuable support for JSON-formatted secrets in Firebase Functions, including auto-detection from file extensions and improved error messaging. The implementation is well-structured. My feedback focuses on a couple of areas to enhance usability and maintainability: using a visible prompt for entering JSON secrets interactively and refactoring duplicated code for JSON validation.
Move validateJsonSecret to src/functions/secrets.ts to adhere to DRY principle and improve maintainability. This avoids duplicating the same validation logic and error messages across multiple files.
github-project-automation
bot
moved this to Approved [PR]
in [Cloud] Extensions + Functions
github-project-automation
bot
moved this from Approved [PR]
to Done
in [Cloud] Extensions + Functions
…anager PR firebase#9335 added a check that fails deployments in non-interactive mode when secrets are required. However, it didn't verify whether those secrets already exist in Secret Manager, causing deployments to fail even when all secrets were properly configured. This change queries Secret Manager before throwing the error to check if each required secret exists. Only truly missing secrets will cause the deployment to fail. Fixes firebase#9368
2 participants
Key changes:
Example usage:
$ firebase functions:secrets:set STRIPE_CONFIG --format=json --data-file config.json$ cat config.json | firebase functions:secrets:set STRIPE_CONFIG --format=json