sources: add SCIM source (#3051)
* initial Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * rebuild migration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * include root URL in API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add UI base URL Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * only allow SCIM basic auth for testing and debug Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * start user tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * antlr for scim filter parsing, why Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix url mountpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ...turns out we don't need antlr Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start to revive this PR Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * don't put doc structure changes into this Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make mostly work Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add filter support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add e2e tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix helper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add codecov oidc Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove unused fields from API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix group membership Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix backchannel helper text size Signed-off-by: Jens Langhammer <jens@goauthentik.io> * test against authentik as SCIM server I guess? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix scim provider task render Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add preview banner Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Revert "re-add codecov oidc" This reverts commit fdeeb391afba710645e77608e0ab2e97485c48d1. * add API for connection objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix preview banner Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI for users and groups Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
Jens L
90
tests/e2e/test_source_scim.py
Normal file
90
tests/e2e/test_source_scim.py
Normal file
@ -0,0 +1,90 @@
|
||||
"""test SCIM Source"""
|
||||
|
||||
from pprint import pformat
|
||||
from time import sleep
|
||||
from typing import Any
|
||||
|
||||
from docker.types import Healthcheck
|
||||
|
||||
from authentik.core.models import Token, TokenIntents, User
|
||||
from authentik.lib.generators import generate_id
|
||||
from authentik.lib.utils.http import get_http_session
|
||||
from authentik.sources.scim.models import SCIMSource
|
||||
from tests.e2e.utils import SeleniumTestCase, retry
|
||||
|
||||
TEST_POLL_MAX = 25
|
||||
|
||||
|
||||
class TestSourceSCIM(SeleniumTestCase):
|
||||
"""test SCIM Source flow"""
|
||||
|
||||
def setUp(self):
|
||||
self.slug = generate_id()
|
||||
super().setUp()
|
||||
|
||||
def get_container_specs(self) -> dict[str, Any] | None:
|
||||
return {
|
||||
"image": (
|
||||
"ghcr.io/suvera/scim2-compliance-test-utility@sha256:eca913bb73"
|
||||
"c46892cd1fb2dfd2fef1c5881e6abc5cb0eec7e92fb78c1b933ece"
|
||||
),
|
||||
"detach": True,
|
||||
"ports": {"8080": "8080"},
|
||||
"auto_remove": True,
|
||||
"healthcheck": Healthcheck(
|
||||
test=["CMD", "curl", "http://localhost:8080"],
|
||||
interval=5 * 1_000 * 1_000_000,
|
||||
start_period=1 * 1_000 * 1_000_000,
|
||||
),
|
||||
}
|
||||
|
||||
@retry()
|
||||
def test_scim_conformance(self):
|
||||
user = User.objects.create(
|
||||
username=generate_id(),
|
||||
)
|
||||
token = Token.objects.create(
|
||||
user=user,
|
||||
intent=TokenIntents.INTENT_API,
|
||||
expiring=False,
|
||||
)
|
||||
source = SCIMSource.objects.create(
|
||||
name=generate_id(),
|
||||
slug=generate_id(),
|
||||
token=token,
|
||||
)
|
||||
session = get_http_session()
|
||||
test_launch = session.post(
|
||||
"http://localhost:8080/test/run",
|
||||
data={
|
||||
"endPoint": self.live_server_url + f"/source/scim/{source.slug}/v2",
|
||||
"username": "foo",
|
||||
"password": token.key,
|
||||
"jwtToken": None,
|
||||
"usersCheck": 1,
|
||||
"groupsCheck": 1,
|
||||
"checkIndResLocation": 1,
|
||||
},
|
||||
)
|
||||
self.assertEqual(test_launch.status_code, 200)
|
||||
test_id = test_launch.json()["id"]
|
||||
attempt = 0
|
||||
while attempt <= TEST_POLL_MAX:
|
||||
test_status = session.get(
|
||||
"http://localhost:8080/test/status",
|
||||
params={"runId": test_id},
|
||||
)
|
||||
self.assertEqual(test_status.status_code, 200)
|
||||
body = test_status.json()
|
||||
if any([data["title"] == "--DONE--" for data in body["data"]]):
|
||||
break
|
||||
attempt += 1
|
||||
sleep(1)
|
||||
for test in body["data"]:
|
||||
# Workaround, the test expects DELETE requests to return 204 and have
|
||||
# the content type set to the JSON SCIM one, which is not what most HTTP servers do
|
||||
if test["requestMethod"] == "DELETE" and test["responseCode"] == 204: # noqa: PLR2004
|
||||
continue
|
||||
if test["title"] == "--DONE--":
|
||||
break
|
||||
self.assertTrue(test["success"], pformat(test))
|
||||
Reference in New Issue
Block a user