feat: list users scim v2 endpoint (#9187)

# Which Problems Are Solved - Adds support for the list users SCIM v2 endpoint # How the Problems Are Solved - Adds support for the list users SCIM v2 endpoints under `GET /scim/v2/{orgID}/Users` and `POST /scim/v2/{orgID}/Users/.search` # Additional Changes - adds a new function `SearchUserMetadataForUsers` to the query layer to query a metadata keyset for given user ids - adds a new function `NewUserMetadataExistsQuery` to the query layer to query a given metadata key value pair exists - adds a new function `CountUsers` to the query layer to count users without reading any rows - handle `ErrorAlreadyExists` as scim errors `uniqueness` - adds `NumberLessOrEqual` and `NumberGreaterOrEqual` query comparison methods - adds `BytesQuery` with `BytesEquals` and `BytesNotEquals` query comparison methods # Additional Context Part of #8140 Supported fields for scim filters: * `meta.created` * `meta.lastModified` * `id` * `username` * `name.familyName` * `name.givenName` * `emails` and `emails.value` * `active` only eq and ne * `externalId` only eq and ne
2025-08-12 00:47:33 +00:00 · 2025-01-21 13:31:54 +01:00
parent 926e7169b2
commit 1915d35605
37 changed files with 4173 additions and 417 deletions
--- a/internal/api/scim/resources/resource_handler_adapter.go
+++ b/internal/api/scim/resources/resource_handler_adapter.go
@@ -7,7 +7,6 @@ import (

 	"github.com/gorilla/mux"

-	"github.com/zitadel/zitadel/internal/api/scim/schemas"
 	"github.com/zitadel/zitadel/internal/api/scim/serrors"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -16,22 +15,6 @@ type ResourceHandlerAdapter[T ResourceHolder] struct {
 	handler ResourceHandler[T]
 }

-type ListRequest struct {
-	// Count An integer indicating the desired maximum number of query results per page. OPTIONAL.
-	Count uint64 `json:"count" schema:"count"`
-
-	// StartIndex An integer indicating the 1-based index of the first query result. Optional.
-	StartIndex uint64 `json:"startIndex" schema:"startIndex"`
-}
-
-type ListResponse[T any] struct {
-	Schemas      []schemas.ScimSchemaType `json:"schemas"`
-	ItemsPerPage uint64                   `json:"itemsPerPage"`
-	TotalResults uint64                   `json:"totalResults"`
-	StartIndex   uint64                   `json:"startIndex"`
-	Resources    []T                      `json:"Resources"` // according to the rfc this is the only field in PascalCase...
-}
-
 func NewResourceHandlerAdapter[T ResourceHolder](handler ResourceHandler[T]) *ResourceHandlerAdapter[T] {
 	return &ResourceHandlerAdapter[T]{
 		handler,
@@ -62,6 +45,15 @@ func (adapter *ResourceHandlerAdapter[T]) Delete(r *http.Request) error {
 	return adapter.handler.Delete(r.Context(), id)
 }

+func (adapter *ResourceHandlerAdapter[T]) List(r *http.Request) (*ListResponse[T], error) {
+	request, err := readListRequest(r)
+	if err != nil {
+		return nil, err
+	}
+
+	return adapter.handler.List(r.Context(), request)
+}
+
 func (adapter *ResourceHandlerAdapter[T]) Get(r *http.Request) (T, error) {
 	id := mux.Vars(r)["id"]
 	return adapter.handler.Get(r.Context(), id)
@@ -71,7 +63,7 @@ func (adapter *ResourceHandlerAdapter[T]) readEntityFromBody(r *http.Request) (T
 	entity := adapter.handler.NewResource()
 	err := json.NewDecoder(r.Body).Decode(entity)
 	if err != nil {
-		if zerrors.IsZitadelError(err) {
+		if serrors.IsScimOrZitadelError(err) {
 			return entity, err
 		}