habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sources: add SCIM source (#3051)

Browse Source 
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* rebuild migration

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include root URL in API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI base URL

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only allow SCIM basic auth for testing and debug

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start user tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* antlr for scim filter parsing, why

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix url mountpoint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ...turns out we don't need antlr

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start to revive this PR

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* don't put doc structure changes into this

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make mostly work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add filter support

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add e2e tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix helper

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add codecov oidc

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove unused fields from API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix group membership

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix backchannel helper text size

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test against authentik as SCIM server I guess?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix scim provider task render

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add preview banner

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Revert "re-add codecov oidc"

This reverts commit fdeeb391afba710645e77608e0ab2e97485c48d1.

* add API for connection objects

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix preview banner

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI for users and groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
Jens L
2024-04-15 14:23:43 +02:00
committed by GitHub
parent 4a9c95b44e
commit 3c28cf1909
51 changed files with 5018 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/admin/applications/components/ak-backchannel-input.ts
View File

@ -74,7 +74,7 @@ export class AkBackchannelProvidersInput extends AKElement {
<ak-chip-group> ${map(this.providers, renderOneChip)} </ak-chip-group>
</div>
</div>
${this.help ? html`<p class="pf-c-form__helper-radio">${this.help}</p>` : nothing}
${this.help ? html`<p class="pf-c-form__helper-text">${this.help}</p>` : nothing}
</ak-form-element-horizontal>
`;
}

5
web/src/admin/providers/scim/SCIMProviderViewPage.ts
View File

@ -8,6 +8,7 @@ import "@goauthentik/elements/Markdown";
import "@goauthentik/elements/Tabs";
import "@goauthentik/elements/buttons/ActionButton";
import "@goauthentik/elements/buttons/ModalButton";
import "@goauthentik/elements/events/LogViewer";
import "@goauthentik/elements/rbac/ObjectPermissionsPage";
import { msg, str } from "@lit/localize";
@ -155,9 +156,7 @@ export class SCIMProviderViewPage extends AKElement {
<p>${task.name}</p>
<ul class="pf-c-list">
<li>${header}</li>
${task.messages.map((m) => {
return html`<li>${m}</li>`;
})}
<ak-log-viewer .logs=${task?.messages}></ak-log-viewer>
</ul>
</li> `;
})}

5
web/src/admin/sources/SourceViewPage.ts
View File

@ -2,6 +2,7 @@ import "@goauthentik/admin/sources/ldap/LDAPSourceViewPage";
import "@goauthentik/admin/sources/oauth/OAuthSourceViewPage";
import "@goauthentik/admin/sources/plex/PlexSourceViewPage";
import "@goauthentik/admin/sources/saml/SAMLSourceViewPage";
import "@goauthentik/admin/sources/scim/SCIMSourceViewPage";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { AKElement } from "@goauthentik/elements/Base";
import "@goauthentik/elements/EmptyState";
@ -51,6 +52,10 @@ export class SourceViewPage extends AKElement {
return html`<ak-source-plex-view
sourceSlug=${this.source.slug}
></ak-source-plex-view>`;
case "ak-source-scim-form":
return html`<ak-source-scim-view
sourceSlug=${this.source.slug}
></ak-source-scim-view>`;
default:
return html`<p>Invalid source type ${this.source.component}</p>`;
}

1
web/src/admin/sources/SourceWizard.ts
View File

@ -2,6 +2,7 @@ import "@goauthentik/admin/sources/ldap/LDAPSourceForm";
import "@goauthentik/admin/sources/oauth/OAuthSourceForm";
import "@goauthentik/admin/sources/plex/PlexSourceForm";
import "@goauthentik/admin/sources/saml/SAMLSourceForm";
import "@goauthentik/admin/sources/scim/SCIMSourceForm";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { AKElement } from "@goauthentik/elements/Base";
import "@goauthentik/elements/forms/ProxyForm";

86
web/src/admin/sources/scim/SCIMSourceForm.ts Normal file
View File

@ -0,0 +1,86 @@
import { BaseSourceForm } from "@goauthentik/admin/sources/BaseSourceForm";
import { placeholderHelperText } from "@goauthentik/authentik/admin/helperText";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { first } from "@goauthentik/common/utils";
import "@goauthentik/elements/forms/FormGroup";
import "@goauthentik/elements/forms/HorizontalFormElement";
import { msg } from "@lit/localize";
import { TemplateResult, html } from "lit";
import { customElement } from "lit/decorators.js";
import { ifDefined } from "lit/directives/if-defined.js";
import { SCIMSource, SCIMSourceRequest, SourcesApi } from "@goauthentik/api";
@customElement("ak-source-scim-form")
export class SCIMSourceForm extends BaseSourceForm<SCIMSource> {
async loadInstance(pk: string): Promise<SCIMSource> {
return new SourcesApi(DEFAULT_CONFIG)
.sourcesScimRetrieve({
slug: pk,
})
.then((source) => {
return source;
});
}
async send(data: SCIMSource): Promise<SCIMSource> {
if (this.instance?.slug) {
return new SourcesApi(DEFAULT_CONFIG).sourcesScimPartialUpdate({
slug: this.instance.slug,
patchedSCIMSourceRequest: data,
});
} else {
return new SourcesApi(DEFAULT_CONFIG).sourcesScimCreate({
sCIMSourceRequest: data as unknown as SCIMSourceRequest,
});
}
}
renderForm(): TemplateResult {
return html`<form class="pf-c-form pf-m-horizontal">
<ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
<input
type="text"
value="${ifDefined(this.instance?.name)}"
class="pf-c-form-control"
required
/>
</ak-form-element-horizontal>
<ak-form-element-horizontal label=${msg("Slug")} ?required=${true} name="slug">
<input
type="text"
value="${ifDefined(this.instance?.slug)}"
class="pf-c-form-control"
required
/>
</ak-form-element-horizontal>
<ak-form-element-horizontal name="enabled">
<div class="pf-c-check">
<input
type="checkbox"
class="pf-c-check__input"
?checked=${first(this.instance?.enabled, true)}
/>
<label class="pf-c-check__label"> ${msg("Enabled")} </label>
</div>
</ak-form-element-horizontal>
<ak-form-group>
<span slot="header"> ${msg("Advanced protocol settings")} </span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal label=${msg("User path")} name="userPathTemplate">
<input
type="text"
value="${first(
this.instance?.userPathTemplate,
"goauthentik.io/sources/%(slug)s",
)}"
class="pf-c-form-control"
/>
<p class="pf-c-form__helper-text">${placeholderHelperText}</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
</form>`;
}
}

51
web/src/admin/sources/scim/SCIMSourceGroups.ts Normal file
View File

@ -0,0 +1,51 @@
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { uiConfig } from "@goauthentik/common/ui/config";
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
import { msg } from "@lit/localize";
import { TemplateResult, html } from "lit";
import { customElement, property } from "lit/decorators.js";
import { SCIMSourceGroup, SourcesApi } from "@goauthentik/api";
@customElement("ak-source-scim-groups-list")
export class SCIMSourceGroupList extends Table<SCIMSourceGroup> {
@property()
sourceSlug?: string;
expandable = true;
searchEnabled(): boolean {
return true;
}
async apiEndpoint(page: number): Promise<PaginatedResponse<SCIMSourceGroup>> {
return new SourcesApi(DEFAULT_CONFIG).sourcesScimGroupsList({
page: page,
pageSize: (await uiConfig()).pagination.perPage,
ordering: this.order,
search: this.search || "",
sourceSlug: this.sourceSlug,
});
}
columns(): TableColumn[] {
return [new TableColumn(msg("Name")), new TableColumn(msg("ID"))];
}
renderExpanded(item: SCIMSourceGroup): TemplateResult {
return html`<td role="cell" colspan="4">
<div class="pf-c-table__expandable-row-content">
<pre>${JSON.stringify(item.attributes, null, 4)}</pre>
</div>
</td>`;
}
row(item: SCIMSourceGroup): TemplateResult[] {
return [
html`<a href="#/identity/groups/${item.groupObj.pk}">
<div>${item.groupObj.name}</div>
</a>`,
html`${item.id}`,
];
}
}

52
web/src/admin/sources/scim/SCIMSourceUsers.ts Normal file
View File

@ -0,0 +1,52 @@
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { uiConfig } from "@goauthentik/common/ui/config";
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
import { msg } from "@lit/localize";
import { TemplateResult, html } from "lit";
import { customElement, property } from "lit/decorators.js";
import { SCIMSourceUser, SourcesApi } from "@goauthentik/api";
@customElement("ak-source-scim-users-list")
export class SCIMSourceUserList extends Table<SCIMSourceUser> {
@property()
sourceSlug?: string;
expandable = true;
searchEnabled(): boolean {
return true;
}
async apiEndpoint(page: number): Promise<PaginatedResponse<SCIMSourceUser>> {
return new SourcesApi(DEFAULT_CONFIG).sourcesScimUsersList({
page: page,
pageSize: (await uiConfig()).pagination.perPage,
ordering: this.order,
search: this.search || "",
sourceSlug: this.sourceSlug,
});
}
columns(): TableColumn[] {
return [new TableColumn(msg("Username")), new TableColumn(msg("ID"))];
}
renderExpanded(item: SCIMSourceUser): TemplateResult {
return html`<td role="cell" colspan="4">
<div class="pf-c-table__expandable-row-content">
<pre>${JSON.stringify(item.attributes, null, 4)}</pre>
</div>
</td>`;
}
row(item: SCIMSourceUser): TemplateResult[] {
return [
html`<a href="#/identity/users/${item.userObj.pk}">
<div>${item.userObj.username}</div>
<small>${item.userObj.name}</small>
</a>`,
html`${item.id}`,
];
}
}

215
web/src/admin/sources/scim/SCIMSourceViewPage.ts Normal file
View File

@ -0,0 +1,215 @@
import "@goauthentik/admin/sources/scim/SCIMSourceForm";
import "@goauthentik/admin/sources/scim/SCIMSourceGroups";
import "@goauthentik/admin/sources/scim/SCIMSourceUsers";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { EVENT_REFRESH } from "@goauthentik/common/constants";
import "@goauthentik/components/events/ObjectChangelog";
import { AKElement } from "@goauthentik/elements/Base";
import "@goauthentik/elements/Tabs";
import "@goauthentik/elements/buttons/ActionButton";
import "@goauthentik/elements/buttons/SpinnerButton";
import "@goauthentik/elements/buttons/TokenCopyButton";
import "@goauthentik/elements/forms/ModalForm";
import "@goauthentik/elements/rbac/ObjectPermissionsPage";
import { msg } from "@lit/localize";
import { CSSResult, TemplateResult, html } from "lit";
import { customElement, property } from "lit/decorators.js";
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
import PFButton from "@patternfly/patternfly/components/Button/button.css";
import PFCard from "@patternfly/patternfly/components/Card/card.css";
import PFContent from "@patternfly/patternfly/components/Content/content.css";
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
import PFForm from "@patternfly/patternfly/components/Form/form.css";
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
import PFPage from "@patternfly/patternfly/components/Page/page.css";
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
import PFBase from "@patternfly/patternfly/patternfly-base.css";
import {
RbacPermissionsAssignedByUsersListModelEnum,
SCIMSource,
SourcesApi,
} from "@goauthentik/api";
@customElement("ak-source-scim-view")
export class SCIMSourceViewPage extends AKElement {
@property({ type: String })
set sourceSlug(value: string) {
new SourcesApi(DEFAULT_CONFIG)
.sourcesScimRetrieve({
slug: value,
})
.then((source) => {
this.source = source;
});
}
@property({ attribute: false })
source?: SCIMSource;
static get styles(): CSSResult[] {
return [
PFBase,
PFPage,
PFButton,
PFForm,
PFFormControl,
PFGrid,
PFContent,
PFCard,
PFDescriptionList,
PFBanner,
];
}
constructor() {
super();
this.addEventListener(EVENT_REFRESH, () => {
if (!this.source?.pk) return;
this.sourceSlug = this.source?.slug;
});
}
render(): TemplateResult {
if (!this.source) {
return html``;
}
return html`<ak-tabs>
<section slot="page-overview" data-tab-title="${msg("Overview")}">
<div slot="header" class="pf-c-banner pf-m-info">
${msg("SCIM Source is in preview.")}
<a href="mailto:hello+feature/scim-source@goauthentik.io"
>${msg("Send us feedback!")}</a
>
</div>
<div class="pf-c-page__main-section pf-m-no-padding-mobile pf-l-grid pf-m-gutter">
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__body">
<dl class="pf-c-description-list pf-m-2-col-on-lg">
<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${msg("Name")}</span
>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
${this.source.name}
</div>
</dd>
</div>
<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${msg("Slug")}</span
>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
${this.source.slug}
</div>
</dd>
</div>
</dl>
</div>
<div class="pf-c-card__footer">
<ak-forms-modal>
<span slot="submit"> ${msg("Update")} </span>
<span slot="header"> ${msg("Update SCIM Source")} </span>
<ak-source-scim-form slot="form" .instancePk=${this.source.slug}>
</ak-source-scim-form>
<button slot="trigger" class="pf-c-button pf-m-primary">
${msg("Edit")}
</button>
</ak-forms-modal>
</div>
</div>
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card">
<div class="pf-c-card__body">
<form class="pf-c-form">
<div class="pf-c-form__group">
<label class="pf-c-form__label">
<span class="pf-c-form__label-text"
>${msg("SCIM Base URL")}</span
>
</label>
<input
class="pf-c-form-control"
readonly
type="text"
value="${this.source.rootUrl}"
/>
</div>
<div class="pf-c-form__group">
<label class="pf-c-form__label">
<span class="pf-c-form__label-text"
>${msg("Token")}</span
>
</label>
<div>
<ak-token-copy-button
class="pf-m-primary"
identifier="${this.source?.tokenObj.identifier}"
>
${msg("Click to copy token")}
</ak-token-copy-button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</section>
<section
slot="page-changelog"
data-tab-title="${msg("Changelog")}"
class="pf-c-page__main-section pf-m-no-padding-mobile"
>
<div class="pf-l-grid pf-m-gutter">
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__body">
<ak-object-changelog
targetModelPk=${this.source.pk || ""}
targetModelApp="authentik_sources_scim"
targetModelName="scimsource"
>
</ak-object-changelog>
</div>
</div>
</div>
</section>
<section
slot="page-users"
data-tab-title="${msg("Provisioned Users")}"
class="pf-c-page__main-section pf-m-no-padding-mobile"
>
<div class="pf-l-grid pf-m-gutter">
<ak-source-scim-users-list
sourceSlug=${this.source.slug}
></ak-source-scim-users-list>
</div>
</section>
<section
slot="page-groups"
data-tab-title="${msg("Provisioned Groups")}"
class="pf-c-page__main-section pf-m-no-padding-mobile"
>
<div class="pf-l-grid pf-m-gutter">
<ak-source-scim-groups-list
sourceSlug=${this.source.slug}
></ak-source-scim-groups-list>
</div>
</section>
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesScimScimsource}
objectPk=${this.source.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;
}
}