From a786ca00bd27a6e098125d6b7b87edb11ea6ea0f Mon Sep 17 00:00:00 2001
From: George Czabania <1140167+stayradiated@users.noreply.github.com>
Date: Fri, 7 Feb 2020 20:32:46 +0100
Subject: [PATCH] feat(subscription): support oidcToken (#865)

Co-authored-by: Benjamin E. Coe <bencoe@google.com>
Co-authored-by: Megan Potter <57276408+feywind@users.noreply.github.com>
---
 src/pubsub.ts        |  6 +++++-
 src/subscription.ts  | 19 ++++++++++++++++++
 test/subscription.ts | 47 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/src/pubsub.ts b/src/pubsub.ts
index 5f55f210e..cb792bd62 100644
--- a/src/pubsub.ts
+++ b/src/pubsub.ts
@@ -334,11 +334,15 @@ export class PubSub {
    *     days.
    * @property {string} [pushEndpoint] A URL to a custom endpoint that
    *     messages should be pushed to.
+   * @property {object} [oidcToken] If specified, Pub/Sub will generate and
+   *     attach an OIDC JWT token as an `Authorization` header in the HTTP
+   *     request for every pushed message. This object should have the same
+   *     structure as [OidcToken]{@link google.pubsub.v1.OidcToken}
    * @property {boolean} [retainAckedMessages=false] If set, acked messages
    *     are retained in the subscription's backlog for the length of time
    *     specified by `options.messageRetentionDuration`.
    * @property {ExpirationPolicy} [expirationPolicy] A policy that specifies
-   * the conditions for this subscription's expiration.
+   *     the conditions for this subscription's expiration.
    */
   /**
    * Create a subscription to a topic.
diff --git a/src/subscription.ts b/src/subscription.ts
index f90436e01..70bb1576d 100644
--- a/src/subscription.ts
+++ b/src/subscription.ts
@@ -47,9 +47,12 @@ import {noop} from './util';
 
 export type PushConfig = google.pubsub.v1.IPushConfig;
 
+export type OidcToken = google.pubsub.v1.PushConfig.IOidcToken;
+
 export type SubscriptionMetadata = {
   messageRetentionDuration?: google.protobuf.IDuration | number;
   pushEndpoint?: string;
+  oidcToken?: OidcToken;
 } & Omit<google.pubsub.v1.ISubscription, 'messageRetentionDuration'>;
 
 export type SubscriptionOptions = SubscriberOptions & {topic?: Topic};
@@ -739,6 +742,10 @@ export class Subscription extends EventEmitter {
    * @param {string} config.pushEndpoint A URL locating the endpoint to which
    *     messages should be published.
    * @param {object} config.attributes [PushConfig attributes](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#google.pubsub.v1.PushConfig).
+   * @param {object} config.oidcToken If specified, Pub/Sub will generate and
+   *     attach an OIDC JWT token as an `Authorization` header in the HTTP
+   *     request for every pushed message. This object should have the same
+   *     structure as [OidcToken]{@link google.pubsub.v1.OidcToken}
    * @param {object} [gaxOpts] Request configuration options, outlined
    *     here: https://googleapis.github.io/gax-nodejs/CallSettings.html.
    * @param {ModifyPushConfigCallback} [callback] Callback function.
@@ -755,6 +762,10 @@ export class Subscription extends EventEmitter {
    *   pushEndpoint: 'https://mydomain.com/push',
    *   attributes: {
    *     key: 'value'
+   *   },
+   *   oidcToken: {
+   *     serviceAccountEmail: 'myproject@appspot.gserviceaccount.com',
+   *     audience: 'myaudience'
    *   }
    * };
    *
@@ -1039,6 +1050,14 @@ export class Subscription extends EventEmitter {
       delete formatted.pushEndpoint;
     }
 
+    if (metadata.oidcToken) {
+      formatted.pushConfig = {
+        ...formatted.pushConfig,
+        oidcToken: metadata.oidcToken,
+      };
+      delete formatted.oidcToken;
+    }
+
     return formatted as google.pubsub.v1.ISubscription;
   }
   /*!
diff --git a/test/subscription.ts b/test/subscription.ts
index dd96bb399..bf1a6c264 100644
--- a/test/subscription.ts
+++ b/test/subscription.ts
@@ -249,6 +249,53 @@ describe('Subscription', () => {
         undefined
       );
     });
+
+    it('should format oidcToken', () => {
+      const oidcToken = {
+        serviceAccount: 'pubsub-test@appspot.gserviceaccount.com',
+        audience: 'audience',
+      };
+
+      const metadata = {
+        oidcToken,
+      };
+
+      const formatted = Subscription.formatMetadata_(metadata);
+
+      assert.strictEqual(formatted.pushConfig!.oidcToken, oidcToken);
+      assert.strictEqual(
+        (formatted as subby.SubscriptionMetadata).oidcToken,
+        undefined
+      );
+    });
+
+    it('should format both pushEndpoint and oidcToken', () => {
+      const pushEndpoint = 'http://noop.com/push';
+
+      const oidcToken = {
+        serviceAccount: 'pubsub-test@appspot.gserviceaccount.com',
+        audience: 'audience',
+      };
+
+      const metadata = {
+        pushEndpoint,
+        oidcToken,
+      };
+
+      const formatted = Subscription.formatMetadata_(metadata);
+
+      assert.strictEqual(formatted.pushConfig!.pushEndpoint, pushEndpoint);
+      assert.strictEqual(
+        (formatted as subby.SubscriptionMetadata).pushEndpoint,
+        undefined
+      );
+
+      assert.strictEqual(formatted.pushConfig!.oidcToken, oidcToken);
+      assert.strictEqual(
+        (formatted as subby.SubscriptionMetadata).oidcToken,
+        undefined
+      );
+    });
   });
 
   describe('formatName_', () => {