Firebase-tools: `functions:config:get` not retrieving data starting with `firebase_`

Created on 5 Oct 2017  Â·  10Comments  Â·  Source: firebase/firebase-tools

Version info

firebase-tools v3.13.0 on node v6.11.1

Steps to reproduce

This works as expected:

$ firebase functions:config:set foo.bar="baz"
✔  Functions config updated.
Please deploy your functions for the change to take effect by running firebase deploy --only functions
$ firebase functions:config:get
{
  "foo": {
    "bar": "baz"
  }
}

This does not:

$ firebase functions:config:set firebase_foo.bar="baz"
✔  Functions config updated.
Please deploy your functions for the change to take effect by running firebase deploy --only functions
$ firebase functions:config:get
{}
$ firebase functions:config:get firebase_foo
{
  "bar": "baz",
}

Expected behavior

I would expect the firebase_foo key to be displayed when calling functions:config:get.

Actual behavior

The firebase_foo key is not displayed when calling functions:config:get, while it is when specifying functions:config:get firebase_foo.

If it is a know limitation, it should be mentioned in the documentation.

Full (edited) log

$ firebase --debug functions:config:get
[2017-10-05T14:26:35.967Z] ----------------------------------------------------------------------
[2017-10-05T14:26:35.970Z] Command:       /home/tim/.nvm/versions/node/v6.11.1/bin/node /home/tim/.config/yarn/global/node_modules/.bin/firebase --debug functions:config:get
[2017-10-05T14:26:35.970Z] CLI Version:   3.13.1
[2017-10-05T14:26:35.970Z] Platform:      linux
[2017-10-05T14:26:35.971Z] Node Version:  v6.11.1
[2017-10-05T14:26:35.971Z] Time:          Thu Oct 05 2017 16:26:35 GMT+0200 (CEST)
[2017-10-05T14:26:35.971Z] ----------------------------------------------------------------------

[2017-10-05T14:26:35.978Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2017-10-05T14:26:35.978Z] > authorizing via signed-in user
[2017-10-05T14:26:35.980Z] > refreshing access token with scopes: ["email","https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","openid"]
[2017-10-05T14:26:35.980Z] >>> HTTP REQUEST POST https://www.googleapis.com/oauth2/v3/token { refresh_token: 'XXXX_REFRESH_TOKEN_XXXX',
  client_id: 'XXXX_CLIENT_ID_XXXX',
  client_secret: 'XXXX_CLIENT_SECRET_XXXX',
  grant_type: 'refresh_token',
  scope: 'email https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/cloudplatformprojects.readonly https://www.googleapis.com/auth/firebase openid' }
 Thu Oct 05 2017 16:26:35 GMT+0200 (CEST)
[2017-10-05T14:26:36.077Z] <<< HTTP RESPONSE 200 cache-control=no-cache, no-store, max-age=0, must-revalidate, pragma=no-cache, expires=Mon, 01 Jan 1990 00:00:00 GMT, date=Thu, 05 Oct 2017 14:26:36 GMT, vary=X-Origin, Origin,Accept-Encoding, content-type=application/json; charset=UTF-8, x-content-type-options=nosniff, x-frame-options=SAMEORIGIN, x-xss-protection=1; mode=block, server=GSE, alt-svc=quic=":443"; ma=2592000; v="39,38,37,35", accept-ranges=none, connection=close
[2017-10-05T14:26:36.089Z] >>> HTTP REQUEST GET https://admin.firebase.com/v1/projects/XXXX_PROJECT_XXXX
 Thu Oct 05 2017 16:26:36 GMT+0200 (CEST)
[2017-10-05T14:26:37.116Z] <<< HTTP RESPONSE 200 server=nginx, date=Thu, 05 Oct 2017 14:26:37 GMT, content-type=application/json; charset=utf-8, content-length=144, connection=close, x-content-type-options=nosniff, strict-transport-security=max-age=31536000; includeSubdomains, cache-control=no-cache, no-store
[2017-10-05T14:26:37.119Z] >>> HTTP REQUEST GET https://admin.firebase.com/v1/database/XXXX_PROJECT_XXXX/tokens
 Thu Oct 05 2017 16:26:37 GMT+0200 (CEST)
[2017-10-05T14:26:38.043Z] <<< HTTP RESPONSE 200 server=nginx, date=Thu, 05 Oct 2017 14:26:37 GMT, content-type=application/json; charset=utf-8, content-length=278, connection=close, x-content-type-options=nosniff, strict-transport-security=max-age=31536000; includeSubdomains, cache-control=no-cache, no-store
[2017-10-05T14:26:38.045Z] >>> HTTP REQUEST GET https://servicemanagement.googleapis.com/v1/services/runtimeconfig.googleapis.com/projectSettings/XXXX_PROJECT_XXXX?view=CONSUMER_VIEW
 Thu Oct 05 2017 16:26:38 GMT+0200 (CEST)
[2017-10-05T14:26:39.233Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Thu, 05 Oct 2017 14:26:38 GMT, server=ESF, cache-control=private, x-xss-protection=1; mode=block, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="39,38,37,35", accept-ranges=none, connection=close
[2017-10-05T14:26:39.236Z] >>> HTTP REQUEST GET https://runtimeconfig.googleapis.com/v1beta1/projects/XXXX_PROJECT_XXXX/configs
 Thu Oct 05 2017 16:26:39 GMT+0200 (CEST)
[2017-10-05T14:26:39.615Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Thu, 05 Oct 2017 14:26:39 GMT, server=ESF, cache-control=private, x-xss-protection=1; mode=block, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="39,38,37,35", accept-ranges=none, connection=close
[2017-10-05T14:26:39.619Z] >>> HTTP REQUEST GET https://runtimeconfig.googleapis.com/v1beta1/projects/XXXX_PROJECT_XXXX/configs/foo/variables
 Thu Oct 05 2017 16:26:39 GMT+0200 (CEST)
[2017-10-05T14:26:39.621Z] >>> HTTP REQUEST GET https://runtimeconfig.googleapis.com/v1beta1/projects/XXXX_PROJECT_XXXX/configs/bar/variables
 Thu Oct 05 2017 16:26:39 GMT+0200 (CEST)
[2017-10-05T14:26:40.011Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Thu, 05 Oct 2017 14:26:39 GMT, server=ESF, cache-control=private, x-xss-protection=1; mode=block, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="39,38,37,35", accept-ranges=none, connection=close
[2017-10-05T14:26:40.015Z] >>> HTTP REQUEST GET https://runtimeconfig.googleapis.com/v1beta1/projects/XXXX_PROJECT_XXXX/configs/foo/variables/token
 Thu Oct 05 2017 16:26:40 GMT+0200 (CEST)
[2017-10-05T14:26:40.017Z] >>> HTTP REQUEST GET https://runtimeconfig.googleapis.com/v1beta1/projects/XXXX_PROJECT_XXXX/configs/bar/variables/foo
 Thu Oct 05 2017 16:26:40 GMT+0200 (CEST)
[2017-10-05T14:26:40.400Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Thu, 05 Oct 2017 14:26:40 GMT, server=ESF, cache-control=private, x-xss-protection=1; mode=block, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="39,38,37,35", accept-ranges=none, connection=close
[2017-10-05T14:26:40.403Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Thu, 05 Oct 2017 14:26:40 GMT, server=ESF, cache-control=private, x-xss-protection=1; mode=block, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="39,38,37,35", accept-ranges=none, connection=close
[2017-10-05T14:26:40.404Z] >>> HTTP REQUEST GET https://runtimeconfig.googleapis.com/v1beta1/projects/XXXX_PROJECT_XXXX/configs/bar/variables/api_key
 Thu Oct 05 2017 16:26:40 GMT+0200 (CEST)
[2017-10-05T14:26:40.815Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Thu, 05 Oct 2017 14:26:40 GMT, server=ESF, cache-control=private, x-xss-protection=1; mode=block, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="39,38,37,35", accept-ranges=none, connection=close
[2017-10-05T14:26:41.385Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Thu, 05 Oct 2017 14:26:41 GMT, server=ESF, cache-control=private, x-xss-protection=1; mode=block, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="39,38,37,35", accept-ranges=none, connection=close
{
  "foo": {
    "bar": "baz"
  }
}

_As a side note, I felt the need to obfuscate identifiable values of my config in the above log. Your issue template indicate to copy the raw output of running the method with the --debug mode enable but I think that is an important security risk. It might require another issue, but maybe the --debug flag should hide any sensitive information by default._

picture pixelastic

Most helpful comment

@alexanderkjeldaas this has been improved in #1953 and will be included in the next release.

picture samtstern on 7 Feb 2020
👍2

All 10 comments

firebase is a reserved namespace in the runtime config to be used for our own internal purposes -- we could probably do a better job documenting this, but you'll need to rename the value to something else.

As to your obfuscation comment -- in general, we try to do this. The client id and client secret you marked out are actually safe to share as they are distributed with the source code of the CLI. If there's other info that you saw in the debug logs, please do file a followup.

mbleigh picture mbleigh on 5 Oct 2017

Thanks for the answer. I figured that firebase was a reserved keyword, but could not find any documentation about that. What is surprising is that it correctly saves the value, but I cannot get it with generic config:get but can access it with config:get:key_name.

And glad to know there was no security issue. I didn't feel comfortable sharing something called client_secret :)

pixelastic picture pixelastic on 8 Oct 2017

@pixelastic What command did you use to set the config? That's a bug that it had let you set it to the "firebase" keyword.

laurenzlong picture laurenzlong on 9 Oct 2017

Nothing fancy, just this:

$ firebase functions:config:set firebase_foo.bar="baz"
$ firebase functions:config:get firebase_foo
{
  "bar": "baz",
}
pixelastic picture pixelastic on 9 Oct 2017

Ah that makes sense, we currently only check for "firebase" as a reserved keyword, not "firebase_something".

laurenzlong picture laurenzlong on 13 Oct 2017

This looks like it's resolved. Closing this out - as always, if you encounter any other problems, please open up a new issue.

thechenky picture thechenky on 9 Jan 2019

https://github.com/firebase/firebase-tools/issues/678#issuecomment-413622488
worked for me >>

You need to run this in the functions directory:
firebase functions:config:get > .runtimeconfig.json
However, if you're using Windows PowerShell, replace the above command with:
firebase functions:config:get | ac .runtimeconfig.json

See https://firebase.google.com/docs/functions/local-emulator

philval picture philval on 10 Sep 2019
👍1

not sure that this is fixed as there is no error, warning or anything like it for setting these reserved names.

alexanderkjeldaas picture alexanderkjeldaas on 2 Feb 2020

@alexanderkjeldaas that's true I will add a better error.

samtstern picture samtstern on 4 Feb 2020

@alexanderkjeldaas this has been improved in #1953 and will be included in the next release.

samtstern picture samtstern on 7 Feb 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

FluorescentHallucinogen picture FluorescentHallucinogen  Â·  3Comments
repentsinner picture repentsinner  Â·  3Comments
chen86860 picture chen86860  Â·  3Comments
ahaverty picture ahaverty  Â·  4Comments
hmazter picture hmazter  Â·  4Comments