Add create/update/delete endpoints for instance SCIM
What does this MR do and why?
- POST/PATCH/DELETE added
- GET endpoints were added separately: !107770 (merged)
- These endpoints mirror the endpoints for Group SCIM: https://gitlab.com/gitlab-org/gitlab/-/blob/7c33e7c4f71de373cd444ec4e684b9592c4ad442/ee/lib/api/scim/group_scim.rb
- There were some differences made for these endpoints, mostly around error handling, because the Group SCIM endpoints need improvement. I've opened an issue for the updates needed for Group SCIM: #387750 (closed)
- Will do a follow-up MR to add docs for these endpoints: #387591 (closed)
- #378599 (closed)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Test POST /Users endpoint:
- Create a scim access token in a rails console and copy the token value
token = ScimOauthAccessToken.create! token.token => $YOUR_SECRET_TOKEN - Make a curl request using the token
curl --location --request POST "http://localhost:3000/api/scim/v2/application/Users" --header "Authorization: Bearer $YOUR_SECRET_TOKEN" --header "Content-Type: application/scim+json" --data '{"externalId": "scim_user_2", "userName": "TestUser2Username", "emails": [{"primary": true, "type": "work", "value": "testuser2@example.com"}], "name": { "formatted": "TestFormatedName", "familyName": "LastName2", "givenName": "TestUser2" }, "access_token": "fakeyfakeaccesstoken", "password": "definitelynotarealpassword" }' - Response json should look like:
{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"id":"scim_user_2","active":true,"emails":[{"type":"work","value":"testuser2@example.com","primary":true}],"name":{"formatted":"TestFormatedName","givenName":"TestFormatedName","familyName":""},"meta":{"resourceType":"User"},"userName":"TestUser2Username"}
Test PATCH /Users/:id endpoint:
- Note the
extern_uidof the user created when testing thePOSTendpoint. We will update a user withextern_uidvalue of . - Make a curl request using the token you created when testing other endpoint. The params are encoded so it is hard to read but this is changing the
extern_uidfor this user fromscim_user_2tonew_extern_uid_2curl --location --request PATCH "http://localhost:3000/api/scim/v2/application/Users/scim_user_2?Operations%5B%5D%5Bop%5D=Replace&Operations%5B%5D%5Bpath%5D=id&Operations%5B%5D%5Bvalue%5D=new_extern_uid_2" --header "Content-Type: application/scim+json" --header "Authorization: Bearer $YOUR_SECRET_TOKEN" - Response JSON should be empty in a success case but you can verify the
extern_uidupdate was successful in rails console:ScimIdentity.last => #<ScimIdentity:0x000000012ed6d038 id: 2, group_id: nil, user_id: 56, created_at: Wed, 11 Jan 2023 00:04:12.171090000 UTC +00:00, updated_at: Wed, 11 Jan 2023 00:09:28.521818000 UTC +00:00, active: true, extern_uid: "new_extern_uid_2">
Test DELETE /Users/:id endpoint:
- Assuming there is a user with an
extern_uidvalue ofnew_extern_uid_2curl --location --request DELETE "http://localhost:3000/api/scim/v2/application/Users/new_extern_uid_2" --header "Content-Type: application/scim+json" --header "Authorization: Bearer $YOUR_SECRET_TOKEN" - Response JSON should be empty in a success case but you can verify that the scim identity was deprovisioned (
active: false) in a Rails console:ScimIdentity.last => #<ScimIdentity:0x000000012ed0ca58 id: 2, group_id: nil, user_id: 56, created_at: Wed, 11 Jan 2023 00:04:12.171090000 UTC +00:00, updated_at: Wed, 11 Jan 2023 00:13:51.875750000 UTC +00:00, active: false, extern_uid: "new_extern_uid_2">
## MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
* [ ] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR.
<!-- template sourced from https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/Default.md -->Edited by Jessie Young