Adds tenant management APIs to developer facing Auth instance.

src/auth/auth.ts

@@ -34,7 +34,7 @@ import {
   AuthProviderConfig, AuthProviderConfigFilter, ListProviderConfigResults, UpdateAuthProviderRequest,
   SAMLConfig, OIDCConfig, OIDCConfigServerResponse, SAMLConfigServerResponse,
 } from './auth-config';
-import {deepCopy, deepExtend} from '../utils/deep-copy';
+import {Tenant, TenantOptions, ListTenantsResult, TenantServerResponse} from './tenant';
 
 
 /**
@@ -89,7 +89,7 @@ export interface SessionCookieOptions {
 /**
  * Base Auth class. Mainly used for user management APIs.
  */
-export class BaseAuth {
+export class BaseAuth<T extends AbstractAuthRequestHandler> {
   protected readonly tokenGenerator: FirebaseTokenGenerator;
   protected readonly idTokenVerifier: FirebaseTokenVerifier;
   protected readonly sessionCookieVerifier: FirebaseTokenVerifier;
@@ -98,14 +98,14 @@ export class BaseAuth {
    * The BaseAuth class constructor.
    *
    * @param {string} projectId The corresponding project ID.
-   * @param {AbstractAuthRequestHandler} authRequestHandler The RPC request handler
+   * @param {T} authRequestHandler The RPC request handler
    *     for this instance.
    * @param {CryptoSigner} cryptoSigner The instance crypto signer used for custom token
    *     minting.
    * @constructor
    */
   constructor(protected readonly projectId: string,
-              protected readonly authRequestHandler: AbstractAuthRequestHandler,
+              protected readonly authRequestHandler: T,
               cryptoSigner: CryptoSigner) {
     this.tokenGenerator = new FirebaseTokenGenerator(cryptoSigner);
     this.sessionCookieVerifier = createSessionCookieVerifier(projectId);
@@ -606,7 +606,7 @@ export class BaseAuth {
 /**
  * The tenant aware Auth class.
  */
-export class TenantAwareAuth extends BaseAuth {
+export class TenantAwareAuth extends BaseAuth<TenantAwareAuthRequestHandler> {
   public readonly tenantId: string;
 
   /**
@@ -720,7 +720,7 @@ export class TenantAwareAuth extends BaseAuth {
  * Auth service bound to the provided app.
  * An Auth instance can have multiple tenants.
  */
-export class Auth extends BaseAuth implements FirebaseServiceInterface {
+export class Auth extends BaseAuth<AuthRequestHandler> implements FirebaseServiceInterface {
   public INTERNAL: AuthInternals = new AuthInternals();
   private readonly tenantsMap: {[key: string]: TenantAwareAuth};
   private readonly app_: FirebaseApp;
@@ -778,4 +778,92 @@ export class Auth extends BaseAuth implements FirebaseServiceInterface {
     }
     return this.tenantsMap[tenantId];
   }
+
+  /**
+   * Looks up the tenant identified by the provided tenant ID and returns a promise that is
+   * fulfilled with the corresponding tenant if it is found.
+   *
+   * @param {string} tenantId The tenant ID of the tenant to look up.
+   * @return {Promise<Tenant>} A promise that resolves with the corresponding tenant.
+   */
+  public getTenant(tenantId: string): Promise<Tenant> {
+    return this.authRequestHandler.getTenant(tenantId)
+      .then((response: TenantServerResponse) => {
+        return new Tenant(response);
+      });
+  }
+
+  /**
+   * Exports a batch of tenant accounts. Batch size is determined by the maxResults argument.
+   * Starting point of the batch is determined by the pageToken argument.
+   *
+   * @param {number=} maxResults The page size, 1000 if undefined. This is also the maximum
+   *     allowed limit.
+   * @param {string=} pageToken The next page token. If not specified, returns users starting
+   *     without any offset.
+   * @return {Promise<{users: Tenant[], pageToken?: string}>} A promise that resolves with
+   *     the current batch of downloaded tenants and the next page token. For the last page, an
+   *     empty list of tenants and no page token are returned.
+   */
+  public listTenants(
+      maxResults?: number,
+      pageToken?: string): Promise<ListTenantsResult> {
+    return this.authRequestHandler.listTenants(maxResults, pageToken)
+      .then((response: {tenants: TenantServerResponse[], nextPageToken?: string}) => {
+        // List of tenants to return.
+        const tenants: Tenant[] = [];
+        // Convert each user response to a Tenant.
+        response.tenants.forEach((tenantResponse: TenantServerResponse) => {
+          tenants.push(new Tenant(tenantResponse));
+        });
+        // Return list of tenants and the next page token if available.
+        const result = {
+          tenants,
+          pageToken: response.nextPageToken,
+        };
+        // Delete result.pageToken if undefined.
+        if (typeof result.pageToken === 'undefined') {
+          delete result.pageToken;
+        }
+        return result;
+      });
+  }
+
+  /**
+   * Deletes the tenant identified by the provided tenant ID and returns a promise that is
+   * fulfilled when the tenant is found and successfully deleted.
+   *
+   * @param {string} tenantId The tenant ID of the tenant to delete.
+   * @return {Promise<void>} A promise that resolves when the tenant is successfully deleted.
+   */
+  public deleteTenant(tenantId: string): Promise<void> {
+    return this.authRequestHandler.deleteTenant(tenantId);
+  }
+
+  /**
+   * Creates a new tenant with the properties provided.
+   *
+   * @param {TenantOptions} tenantOptions The properties to set on the new tenant to be created.
+   * @return {Promise<Tenant>} A promise that resolves with the newly created tenant.
+   */
+  public createTenant(tenantOptions: TenantOptions): Promise<Tenant> {
+    return this.authRequestHandler.createTenant(tenantOptions)
+      .then((response: TenantServerResponse) => {
+        return new Tenant(response);
+      });
+  }
+
+  /**
+   * Updates an existing tenant identified by the tenant ID with the properties provided.
+   *
+   * @param {string} tenantId The tenant identifier of the tenant to update.
+   * @param {TenantOptions} tenantOptions The properties to update on the existing tenant.
+   * @return {Promise<Tenant>} A promise that resolves with the modified tenant.
+   */
+  public updateTenant(tenantId: string, tenantOptions: TenantOptions): Promise<Tenant> {
+    return this.authRequestHandler.updateTenant(tenantId, tenantOptions)
+      .then((response: TenantServerResponse) => {
+        return new Tenant(response);
+      });
+  }
 }

src/utils/error.ts

@@ -457,6 +457,10 @@ export class AuthClientErrorCode {
     code: 'invalid-last-sign-in-time',
     message: 'The last sign-in time must be a valid UTC date string.',
   };
+  public static INVALID_NAME = {
+    code: 'invalid-name',
+    message: 'The resource name provided is invalid.',
+  };
   public static INVALID_OAUTH_CLIENT_ID = {
     code: 'invalid-oauth-client-id',
     message: 'The provided OAuth client ID is invalid.',
@@ -486,6 +490,10 @@ export class AuthClientErrorCode {
     code: 'invalid-photo-url',
     message: 'The photoURL field must be a valid URL.',
   };
+  public static INVALID_PROJECT_ID = {
+    code: 'invalid-project-id',
+    message: 'Invalid parent project. Either parent project doesn\'t exist or didn\'t enable multi-tenancy.',
+  };
   public static INVALID_PROVIDER_DATA = {
     code: 'invalid-provider-data',
     message: 'The providerData must be a valid array of UserInfo objects.',
@@ -503,6 +511,10 @@ export class AuthClientErrorCode {
     code: 'invalid-tenant-id',
     message: 'The tenant ID must be a valid non-empty string.',
   };
+  public static INVALID_TENANT_TYPE = {
+    code: 'invalid-tenant-type',
+    message: 'Tenant type must be either "full_service" or "lightweight".',
+  };
   public static INVALID_UID = {
     code: 'invalid-uid',
     message: 'The uid must be a non-empty string with at most 128 characters.',
@@ -590,6 +602,10 @@ export class AuthClientErrorCode {
       'https://firebase.google.com/docs/admin/setup for details on how to authenticate this SDK ' +
       'with appropriate permissions.',
   };
+  public static QUOTA_EXCEEDED = {
+    code: 'quota-exceeded',
+    message: 'The project quota for the specified operation has been exceeded.',
+  };
   public static SESSION_COOKIE_EXPIRED = {
     code: 'session-cookie-expired',
     message: 'The Firebase session cookie is expired.',
@@ -787,16 +803,22 @@ const AUTH_SERVER_TO_CLIENT_CODE: ServerToClientCode = {
   INVALID_DISPLAY_NAME: 'INVALID_DISPLAY_NAME',
   // Invalid ID token provided.
   INVALID_ID_TOKEN: 'INVALID_ID_TOKEN',
+  // Invalid tenant/parent resource name.
+  INVALID_NAME: 'INVALID_NAME',
   // OIDC configuration has an invalid OAuth client ID.
   INVALID_OAUTH_CLIENT_ID: 'INVALID_OAUTH_CLIENT_ID',
   // Invalid page token.
   INVALID_PAGE_SELECTION: 'INVALID_PAGE_TOKEN',
   // Invalid phone number.
   INVALID_PHONE_NUMBER: 'INVALID_PHONE_NUMBER',
+  // Invalid agent project. Either agent project doesn't exist or didn't enable multi-tenancy.
+  INVALID_PROJECT_ID: 'INVALID_PROJECT_ID',
   // Invalid provider ID.
   INVALID_PROVIDER_ID: 'INVALID_PROVIDER_ID',
   // Invalid service account.
   INVALID_SERVICE_ACCOUNT: 'INVALID_SERVICE_ACCOUNT',
+  // Invalid tenant type.
+  INVALID_TENANT_TYPE: 'INVALID_TENANT_TYPE',
   // Missing Android package name.
   MISSING_ANDROID_PACKAGE_NAME: 'MISSING_ANDROID_PACKAGE_NAME',
   // Missing configuration.
@@ -827,6 +849,8 @@ const AUTH_SERVER_TO_CLIENT_CODE: ServerToClientCode = {
   PHONE_NUMBER_EXISTS: 'PHONE_NUMBER_ALREADY_EXISTS',
   // Project not found.
   PROJECT_NOT_FOUND: 'PROJECT_NOT_FOUND',
+  // In multi-tenancy context: project creation quota exceeded.
+  QUOTA_EXCEEDED: 'QUOTA_EXCEEDED',
   // Tenant not found.
   TENANT_NOT_FOUND: 'TENANT_NOT_FOUND',
   // Tenant ID mismatch.