feat: list users scim v2 endpoint (#9187)

# Which Problems Are Solved - Adds support for the list users SCIM v2 endpoint # How the Problems Are Solved - Adds support for the list users SCIM v2 endpoints under `GET /scim/v2/{orgID}/Users` and `POST /scim/v2/{orgID}/Users/.search` # Additional Changes - adds a new function `SearchUserMetadataForUsers` to the query layer to query a metadata keyset for given user ids - adds a new function `NewUserMetadataExistsQuery` to the query layer to query a given metadata key value pair exists - adds a new function `CountUsers` to the query layer to count users without reading any rows - handle `ErrorAlreadyExists` as scim errors `uniqueness` - adds `NumberLessOrEqual` and `NumberGreaterOrEqual` query comparison methods - adds `BytesQuery` with `BytesEquals` and `BytesNotEquals` query comparison methods # Additional Context Part of #8140 Supported fields for scim filters: * `meta.created` * `meta.lastModified` * `id` * `username` * `name.familyName` * `name.givenName` * `emails` and `emails.value` * `active` only eq and ne * `externalId` only eq and ne
2025-08-12 03:37:34 +00:00 · 2025-01-21 13:31:54 +01:00
parent 926e7169b2
commit 1915d35605
37 changed files with 4173 additions and 417 deletions
--- a/internal/api/scim/resources/user_metadata.go
+++ b/internal/api/scim/resources/user_metadata.go
@@ -20,6 +20,28 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )

+func (h *UsersHandler) queryMetadataForUsers(ctx context.Context, userIds []string) (map[string]map[metadata.ScopedKey][]byte, error) {
+	queries := h.buildMetadataQueries(ctx)
+
+	md, err := h.query.SearchUserMetadataForUsers(ctx, false, userIds, queries)
+	if err != nil {
+		return nil, err
+	}
+
+	metadataMap := make(map[string]map[metadata.ScopedKey][]byte, len(md.Metadata))
+	for _, entry := range md.Metadata {
+		userMetadata, ok := metadataMap[entry.UserID]
+		if !ok {
+			userMetadata = make(map[metadata.ScopedKey][]byte)
+			metadataMap[entry.UserID] = userMetadata
+		}
+
+		userMetadata[metadata.ScopedKey(entry.Key)] = entry.Value
+	}
+
+	return metadataMap, nil
+}
+
 func (h *UsersHandler) queryMetadataForUser(ctx context.Context, id string) (map[metadata.ScopedKey][]byte, error) {
 	queries := h.buildMetadataQueries(ctx)

@@ -108,15 +130,11 @@ func getValueForMetadataKey(user *ScimUser, key metadata.Key) ([]byte, error) {

 	switch key {
 	// json values
-	case metadata.KeyEntitlements:
-		fallthrough
-	case metadata.KeyIms:
-		fallthrough
-	case metadata.KeyPhotos:
-		fallthrough
-	case metadata.KeyAddresses:
-		fallthrough
-	case metadata.KeyRoles:
+	case metadata.KeyRoles,
+		metadata.KeyAddresses,
+		metadata.KeyEntitlements,
+		metadata.KeyIms,
+		metadata.KeyPhotos:
 		val, err := json.Marshal(value)
 		if err != nil {
 			return nil, err
@@ -134,21 +152,14 @@ func getValueForMetadataKey(user *ScimUser, key metadata.Key) ([]byte, error) {
 		return []byte(value.(*schemas.HttpURL).String()), nil

 	// raw values
-	case metadata.KeyProvisioningDomain:
-		fallthrough
-	case metadata.KeyExternalId:
-		fallthrough
-	case metadata.KeyMiddleName:
-		fallthrough
-	case metadata.KeyHonorificSuffix:
-		fallthrough
-	case metadata.KeyHonorificPrefix:
-		fallthrough
-	case metadata.KeyTitle:
-		fallthrough
-	case metadata.KeyLocale:
-		fallthrough
-	case metadata.KeyTimezone:
+	case metadata.KeyTimezone,
+		metadata.KeyLocale,
+		metadata.KeyTitle,
+		metadata.KeyHonorificPrefix,
+		metadata.KeyHonorificSuffix,
+		metadata.KeyMiddleName,
+		metadata.KeyExternalId,
+		metadata.KeyProvisioningDomain:
 		valueStr := value.(string)
 		if valueStr == "" {
 			return nil, nil