Fixes source token expiration by token refresh

[blidd-google]

Developers have reported a variety of issues while attempting large function deployments (see #4266). Specifically, developers were encountering an Invalid source token error message after successfully deploying a subset of the functions, indicating that at least part of the issue stemmed from the source token re-use hack (used to expedite deployments by re-using the same container for each function).

On particularly large deployments (~100+), the process can take >30 minutes. The source token acquired after the first function deployment expires at 30 minutes, resulting in the failure of subsequent function deployments that included the expired source token.

This change tracks the expiration of acquired source tokens, and after about 25 minutes, discards the old token and instructs the next function deployment to request a new source token. The remaining functions wait until the new source token is acquired before starting deployment. A 5 minute buffer is provided to basically guarantee that no subsequent function deployments will include the expired token. After about 25 minutes, the second token also expires and the next function requests a new token, etc., etc.

[taeold]

tangent: enums are controversial in TS for some reason.

https://blog.logrocket.com/why-typescript-enums-suck/

Internally, I think we prefer string literals:

type TokenState = "none" | "valid" | "invalid"

[taeold]

Personally, I think using hrtime with its bigint silliness is unnecessarily precise, especially if the time range we care about is in MINUTES not MICROSECONDS.

I'd suggest we stick to Date.now() and forget about big ints.

[taeold]

I found that token states as described here bit confusing. tokenState == INVALID makes me think that token is invalid, but token doesn't actually exist at this point.

What about another name that closely maps to the state of the scraper, like tokenFetchState instead of tokenState and FETCHING instead of INVALID?

[taeold]

nit* I usually name my boolean function with "is" like isTokenExpired

[taeold]

This error is user visible - we should try our best to describe the situation and also call out what users should do when they see the issue.

[taeold]

nit - stray comment?

[taeold]

This error message makes sense to you and me but won't to almost all users trying to deploy their function.

I think this is a good example of a user facing error message - describe the situation in coarsely and suggest next steps:

firebase-tools/src/deploy/functions/prepareFunctionsUpload.ts

Lines 36 to 40 in 2ebefe2

	throw new FirebaseError(
	"Cloud Runtime Config is currently experiencing issues, " +
	"which is preventing your functions from being deployed. " +
	"Please wait a few minutes and then try to deploy your functions again." +
	"\nRun `firebase deploy --except functions` if you want to continue deploying the rest of your project."

In our case, hitting this if statement should never happen and would be considered a bug. Maybe we can suggest that they file a issue.

[blidd-google]

ah gotcha. working on a more descriptive message.

[blidd-google]

throw new FirebaseError(
        "Your deployment is checking the expiration of a source token that has not yet been polled. " +
          "Hitting this case should never happen and should be considered a bug. " +
          "Please file an issue at https://github.com/firebase/firebase-tools/issues " + 
          "and try deploying your functions again."
      );

What about something like this?

[codecov-commenter]

Codecov Report

❗ No coverage uploaded for pull request base (master@ea2a9ec). Click here to learn what that means.
Patch coverage: 83.33% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #5198   +/-   ##
=========================================
  Coverage          ?   56.26%           
=========================================
  Files             ?      308           
  Lines             ?    20814           
  Branches          ?     4225           
=========================================
  Hits              ?    11710           
  Misses            ?     8092           
  Partials          ?     1012           

Impacted Files	Coverage Δ
src/deploy/functions/release/sourceTokenScraper.ts	83.33% <81.81%> (ø)
src/deploy/functions/release/fabricator.ts	83.59% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[taeold]

Lgtm

[taeold]

Should we throw an error here instead of silently succeeding? Can see argument for either.

[blidd-google]

By throwing an error, do you mean throwing an error and then catching it in an enclosing try { await getToken(); ... } catch (expiredErr) {...} block, and then retrying?

[taeold]

I mean that in theory we should never reach this codepath - fetchState can only be in one of three states, and we have if condition for all of them. So we could throw (which could happen if we misunderstood this code for somee reason) or just return the promise (which might leave the CLI in an undefined state). I have slight preference for the former.

[taeold]

Nice test!!

[inlined]

Can we update this to throw with code: 2? We track this in Google Analytics for internal assertion errors.

[inlined]

In the future, try to instrument code without sleeping in your test. You can inject a clock for example.