Implements Auth provider configuration management APIs #415
Conversation
…g SAML and OIDC providers. ``` listProviderConfigs( options: admin.auth.AuthProviderConfigFilter ): Promise<admin.auth.ListProviderConfigResults>; getProviderConfig(providerId: string): Promise<admin.auth.AuthProviderConfig> deleteProviderConfig(providerId: string): Promise<void>; updateProviderConfig( providerId: string, updatedConfig: admin.auth.UpdateAuthProviderRequest ): Promise<admin.auth.AuthProviderConfig>; createProviderConfig( config: admin.auth.AuthProviderConfig ): Promise<admin.auth.AuthProviderConfig>; ```
src/auth/auth-api-request.ts
Outdated
| request.pageSize > MAX_LIST_PROVIDER_CONFIGURATION_PAGE_SIZE) { | ||
| throw new FirebaseAuthError( | ||
| AuthClientErrorCode.INVALID_ARGUMENT, | ||
| `Required "maxResults" must be a positive non-zero number that does not exceed ` + |
There was a problem hiding this comment.
May be "positive integer that does not...". Positive implies non-zero.
src/auth/auth-api-request.ts
Outdated
| constructor(app: FirebaseApp) { | ||
| this.httpClient = new AuthorizedHttpClient(app); | ||
| this.authUrlBuilder = new AuthResourceUrlBuilder(utils.getProjectId(app), 'v1'); | ||
| this.projectConfigUrlBuilder = new AuthResourceUrlBuilder(utils.getProjectId(app), 'v2beta1'); |
There was a problem hiding this comment.
Nit: Refactor getProjectId(app) into a constant.
const projectId = utils.getProjectId(app);
this.authUrlBuilder = ...
this.projectConfigUrlBuilder = ...
src/auth/auth-api-request.ts
Outdated
| * | ||
| * @param {number=} maxResults The page size, 100 if undefined. This is also the maximum | ||
| * allowed limit. | ||
| * @param {string=} pageToken The next page token. If not specified, returns OIDC configurations starting |
src/auth/auth-api-request.ts
Outdated
| * @param {string} providerId The provider identifier of the configuration to lookup. | ||
| * @return {Promise<object>} A promise that resolves with the provider configuration information. | ||
| */ | ||
| public getOAuthIdpConfig(providerId: string): Promise<object> { |
There was a problem hiding this comment.
Can this be declared to return a more specific type than object?
src/auth/auth.ts
Outdated
| * meeting the filter requirements. | ||
| */ | ||
| public listProviderConfigs(options: AuthProviderConfigFilter): Promise<ListProviderConfigResults> { | ||
| const processResponse = (response: any, providerConfigs: AuthProviderConfig[]) => { |
src/utils/index.ts
Outdated
| for (const key in obj) { | ||
| if (obj.hasOwnProperty(key) && typeof obj[key] !== 'undefined') { | ||
| let maskList: string[] = []; | ||
| maskList = generateUpdateMask(obj[key]); |
There was a problem hiding this comment.
const maskList = generateUpdateMask(...)
src/auth/auth-api-request.ts
Outdated
| export class FirebaseAuthRequestHandler { | ||
| private httpClient: AuthorizedHttpClient; | ||
| private authUrlBuilder: AuthResourceUrlBuilder; | ||
| private projectConfigUrlBuilder: AuthResourceUrlBuilder; |
There was a problem hiding this comment.
All these can be readonly.
src/auth/auth-api-request.ts
Outdated
| pageToken, | ||
| }; | ||
| // Remove next page token if not provided. | ||
| if (typeof request.pageToken === 'undefined') { |
There was a problem hiding this comment.
You can work around this by putting an explicit any on request. Or even:
const request: {pageSize: number, pageToken?: string} = ...;
is not too much of a hassle. But I'm ok if you choose to leave this as is for this PR.
test/unit/auth/auth.spec.ts
Outdated
| // Stub listOAuthIdpConfigs to return expected response. | ||
| const listConfigsStub = sinon | ||
| .stub(FirebaseAuthRequestHandler.prototype, 'listOAuthIdpConfigs') | ||
| .returns(Promise.resolve(listConfigsResponse)); |
There was a problem hiding this comment.
.resolves(listConfigsResponse). Here and elsewhere.
test/unit/auth/auth.spec.ts
Outdated
| // Stub listOAuthIdpConfigs to throw a backend error. | ||
| const listConfigsStub = sinon | ||
| .stub(FirebaseAuthRequestHandler.prototype, 'listOAuthIdpConfigs') | ||
| .returns(Promise.reject(expectedError)); |
There was a problem hiding this comment.
.rejects(expectedError). Here and elsewhere.
test/unit/auth/auth.spec.ts
Outdated
| throw new Error('Unexpected success'); | ||
| }) | ||
| .catch((error) => { | ||
| expect(error).to.have.property('code', 'auth/argument-error'); |
There was a problem hiding this comment.
Can't we do .should.eventually.be.rejected.and.have.property here?
test/unit/auth/auth.spec.ts
Outdated
| providerConfigs: [], | ||
| }; | ||
|
|
||
| it('should resolve on listInboundSamlConfigs request success with configs in response', () => { |
There was a problem hiding this comment.
should resolve on success with configs in response
| describe('getOAuthIdpConfig()', () => { | ||
| const providerId = 'oidc.provider'; | ||
| const path = `/v2beta1/projects/project_id/oauthIdpConfigs/${providerId}`; | ||
| const method = 'GET'; |
There was a problem hiding this comment.
Nit: Calling this getMethod or httpGet would make the rest of the code more readable. Or even using the string literal as callParams(path, 'GET', {}) is not a bad idea.
There was a problem hiding this comment.
Renamed to expectedHttpMethod here and all the new proposed APIs We need to assert this value in all the suite test. It is better not to hardcode it.
There was a problem hiding this comment.
Appreciate the review.
Regarding the PR being too long, as mentioned in another comment, the way we have been doing things, it is unlikely we can split into multiple PRs since partial features would be available in master before launchcals are approved.
What I can do going forward is split into smaller commits and request reviews one part at a time.
src/auth/auth.ts
Outdated
| * meeting the filter requirements. | ||
| */ | ||
| public listProviderConfigs(options: AuthProviderConfigFilter): Promise<ListProviderConfigResults> { | ||
| const processResponse = (response: any, providerConfigs: AuthProviderConfig[]) => { |
src/auth/auth-api-request.ts
Outdated
| throw new FirebaseAuthError( | ||
| AuthClientErrorCode.INVALID_ARGUMENT, | ||
| `Required "maxResults" must be a positive integer that does not exceed ` + | ||
| `the allowed ${MAX_LIST_PROVIDER_CONFIGURATION_PAGE_SIZE}.`, |
src/auth/auth-api-request.ts
Outdated
| export class FirebaseAuthRequestHandler { | ||
| private httpClient: AuthorizedHttpClient; | ||
| private authUrlBuilder: AuthResourceUrlBuilder; | ||
| private projectConfigUrlBuilder: AuthResourceUrlBuilder; |
test/unit/auth/auth.spec.ts
Outdated
| throw new Error('Unexpected success'); | ||
| }) | ||
| .catch((error) => { | ||
| expect(error).to.have.property('code', 'auth/argument-error'); |
test/unit/auth/auth.spec.ts
Outdated
| providerConfigs: [], | ||
| }; | ||
|
|
||
| it('should resolve on listOAuthIdpConfigs request success with configs in response', () => { |
test/unit/auth/auth.spec.ts
Outdated
| // Stub listOAuthIdpConfigs to return expected response. | ||
| const listConfigsStub = sinon | ||
| .stub(FirebaseAuthRequestHandler.prototype, 'listOAuthIdpConfigs') | ||
| .returns(Promise.resolve(listConfigsResponse)); |
test/unit/auth/auth.spec.ts
Outdated
| // Stub listOAuthIdpConfigs to throw a backend error. | ||
| const listConfigsStub = sinon | ||
| .stub(FirebaseAuthRequestHandler.prototype, 'listOAuthIdpConfigs') | ||
| .returns(Promise.reject(expectedError)); |
test/unit/auth/auth.spec.ts
Outdated
| providerConfigs: [], | ||
| }; | ||
|
|
||
| it('should resolve on listInboundSamlConfigs request success with configs in response', () => { |
|
As for managing large changes, this is what I would recommend.
|
Implements Auth provider configuration management APIs for configuring SAML and OIDC providers.