Added OIDCProviderConfig API

auth/provider_config.go

@@ -109,6 +109,16 @@ func buildMask(data map[string]interface{}) []string {
 	return mask
 }
 
+// OIDCProviderConfig is the OIDC auth provider configuration.
+// See https://openid.net/specs/openid-connect-core-1_0-final.html.
+type OIDCProviderConfig struct {
+	ID          string
+	DisplayName string
+	Enabled     bool
+	ClientID    string
+	Issuer      string
+}
+
 // SAMLProviderConfig is the SAML auth provider configuration.
 // See http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html.
 type SAMLProviderConfig struct {
@@ -422,6 +432,38 @@ func newProviderConfigClient(hc *http.Client, conf *internal.AuthConfig) *provid
 	}
 }
 
+// OIDCProviderConfig returns the OIDCProviderConfig with the given ID.
+func (c *providerConfigClient) OIDCProviderConfig(ctx context.Context, id string) (*OIDCProviderConfig, error) {
+	if err := validateOIDCConfigID(id); err != nil {
+		return nil, err
+	}
+
+	req := &internal.Request{
+		Method: http.MethodGet,
+		URL:    fmt.Sprintf("/oauthIdpConfigs/%s", id),
+	}
+	var result oidcProviderConfigDAO
+	if _, err := c.makeRequest(ctx, req, &result); err != nil {
+		return nil, err
+	}
+
+	return result.toOIDCProviderConfig(), nil
+}
+
+// DeleteOIDCProviderConfig deletes the OIDCProviderConfig with the given ID.
+func (c *providerConfigClient) DeleteOIDCProviderConfig(ctx context.Context, id string) error {
+	if err := validateOIDCConfigID(id); err != nil {
+		return err
+	}
+
+	req := &internal.Request{
+		Method: http.MethodDelete,
+		URL:    fmt.Sprintf("/oauthIdpConfigs/%s", id),
+	}
+	_, err := c.makeRequest(ctx, req, nil)
+	return err
+}
+
 // SAMLProviderConfig returns the SAMLProviderConfig with the given ID.
 func (c *providerConfigClient) SAMLProviderConfig(ctx context.Context, id string) (*SAMLProviderConfig, error) {
 	if err := validateSAMLConfigID(id); err != nil {
@@ -543,6 +585,24 @@ func (c *providerConfigClient) makeRequest(ctx context.Context, req *internal.Re
 	return c.httpClient.DoAndUnmarshal(ctx, req, v)
 }
 
+type oidcProviderConfigDAO struct {
+	Name        string `json:"name"`
+	ClientID    string `json:"clientId"`
+	Issuer      string `json:"issuer"`
+	DisplayName string `json:"displayName"`
+	Enabled     bool   `json:"enabled"`
+}
+
+func (dao *oidcProviderConfigDAO) toOIDCProviderConfig() *OIDCProviderConfig {
+	return &OIDCProviderConfig{
+		ID:          extractResourceID(dao.Name),
+		DisplayName: dao.DisplayName,
+		Enabled:     dao.Enabled,
+		ClientID:    dao.ClientID,
+		Issuer:      dao.Issuer,
+	}
+}
+
 type idpCertificate struct {
 	X509Certificate string `json:"x509Certificate"`
 }
@@ -582,6 +642,14 @@ func (dao *samlProviderConfigDAO) toSAMLProviderConfig() *SAMLProviderConfig {
 	}
 }
 
+func validateOIDCConfigID(id string) error {
+	if !strings.HasPrefix(id, "oidc.") {
+		return fmt.Errorf("invalid OIDC provider id: %q", id)
+	}
+
+	return nil
+}
+
 func validateSAMLConfigID(id string) error {
 	if !strings.HasPrefix(id, "saml.") {
 		return fmt.Errorf("invalid SAML provider id: %q", id)

auth/provider_config_test.go

@@ -27,8 +27,16 @@ import (
 	"google.golang.org/api/iterator"
 )
 
+const oidcConfigResponse = `{
+    "name":"projects/mock-project-id/oauthIdpConfigs/oidc.provider",
+    "clientId": "CLIENT_ID",
+    "issuer": "https://oidc.com/issuer",
+    "displayName": "oidcProviderName",
+    "enabled": true
+}`
+
 const samlConfigResponse = `{
-    "name":"projects/mock-project-id/inboundSamlConfigs/saml.provider",
+    "name": "projects/mock-project-id/inboundSamlConfigs/saml.provider",
     "idpConfig": {
         "idpEntityId": "IDP_ENTITY_ID",
         "ssoUrl": "https://example.com/login",
@@ -57,6 +65,14 @@ var idpCertsMap = []interface{}{
 	map[string]interface{}{"x509Certificate": "CERT2"},
 }
 
+var oidcProviderConfig = &OIDCProviderConfig{
+	ID:          "oidc.provider",
+	DisplayName: "oidcProviderName",
+	Enabled:     true,
+	ClientID:    "CLIENT_ID",
+	Issuer:      "https://oidc.com/issuer",
+}
+
 var samlProviderConfig = &SAMLProviderConfig{
 	ID:                    "saml.provider",
 	DisplayName:           "samlProviderName",
@@ -69,12 +85,111 @@ var samlProviderConfig = &SAMLProviderConfig{
 	CallbackURL:           "https://projectId.firebaseapp.com/__/auth/handler",
 }
 
+var invalidOIDCConfigIDs = []string{
+	"",
+	"invalid.id",
+	"saml.config",
+}
+
 var invalidSAMLConfigIDs = []string{
 	"",
 	"invalid.id",
 	"oidc.config",
 }
 
+func TestOIDCProviderConfig(t *testing.T) {
+	s := echoServer([]byte(oidcConfigResponse), t)
+	defer s.Close()
+
+	client := s.Client.pcc
+	oidc, err := client.OIDCProviderConfig(context.Background(), "oidc.provider")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !reflect.DeepEqual(oidc, oidcProviderConfig) {
+		t.Errorf("OIDCProviderConfig() = %#v; want = %#v", oidc, oidcProviderConfig)
+	}
+
+	req := s.Req[0]
+	if req.Method != http.MethodGet {
+		t.Errorf("OIDCProviderConfig() Method = %q; want = %q", req.Method, http.MethodGet)
+	}
+
+	wantURL := "/projects/mock-project-id/oauthIdpConfigs/oidc.provider"
+	if req.URL.Path != wantURL {
+		t.Errorf("OIDCProviderConfig() URL = %q; want = %q", req.URL.Path, wantURL)
+	}
+}
+
+func TestOIDCProviderConfigInvalidID(t *testing.T) {
+	client := &providerConfigClient{}
+	wantErr := "invalid OIDC provider id: "
+
+	for _, id := range invalidOIDCConfigIDs {
+		saml, err := client.OIDCProviderConfig(context.Background(), id)
+		if saml != nil || err == nil || !strings.HasPrefix(err.Error(), wantErr) {
+			t.Errorf("OIDCProviderConfig(%q) = (%v, %v); want = (nil, %q)", id, saml, err, wantErr)
+		}
+	}
+}
+
+func TestOIDCProviderConfigError(t *testing.T) {
+	s := echoServer([]byte(notFoundResponse), t)
+	defer s.Close()
+	s.Status = http.StatusNotFound
+
+	client := s.Client.pcc
+	saml, err := client.OIDCProviderConfig(context.Background(), "oidc.provider")
+	if saml != nil || err == nil || !IsConfigurationNotFound(err) {
+		t.Errorf("OIDCProviderConfig() = (%v, %v); want = (nil, ConfigurationNotFound)", saml, err)
+	}
+}
+
+func TestDeleteOIDCProviderConfig(t *testing.T) {
+	s := echoServer([]byte("{}"), t)
+	defer s.Close()
+
+	client := s.Client.pcc
+	if err := client.DeleteOIDCProviderConfig(context.Background(), "oidc.provider"); err != nil {
+		t.Fatal(err)
+	}
+
+	req := s.Req[0]
+	if req.Method != http.MethodDelete {
+		t.Errorf("DeleteOIDCProviderConfig() Method = %q; want = %q", req.Method, http.MethodDelete)
+	}
+
+	wantURL := "/projects/mock-project-id/oauthIdpConfigs/oidc.provider"
+	if req.URL.Path != wantURL {
+		t.Errorf("DeleteOIDCProviderConfig() URL = %q; want = %q", req.URL.Path, wantURL)
+	}
+}
+
+func TestDeleteOIDCProviderConfigInvalidID(t *testing.T) {
+	client := &providerConfigClient{}
+	wantErr := "invalid OIDC provider id: "
+
+	for _, id := range invalidOIDCConfigIDs {
+		err := client.DeleteOIDCProviderConfig(context.Background(), id)
+		if err == nil || !strings.HasPrefix(err.Error(), wantErr) {
+			t.Errorf("DeleteOIDCProviderConfig(%q) = %v; want = %q", id, err, wantErr)
+		}
+	}
+}
+
+func TestDeleteOIDCProviderConfigError(t *testing.T) {
+	s := echoServer([]byte(notFoundResponse), t)
+	defer s.Close()
+	s.Status = http.StatusNotFound
+
+	client := s.Client.pcc
+	err := client.DeleteOIDCProviderConfig(context.Background(), "oidc.provider")
+	if err == nil || !IsConfigurationNotFound(err) {
+		t.Errorf("DeleteOIDCProviderConfig() = %v; want = ConfigurationNotFound", err)
+	}
+}
+
 func TestSAMLProviderConfig(t *testing.T) {
 	s := echoServer([]byte(samlConfigResponse), t)
 	defer s.Close()