mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 20:47:32 +00:00
fix: scim tests failing
This commit is contained in:
Marco Ardizzone
@@ -17,6 +17,8 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/text/language"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/scim/resources"
|
||||
"github.com/zitadel/zitadel/internal/api/scim/schemas"
|
||||
@@ -478,7 +480,7 @@ func TestBulk(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "fail on errors",
|
||||
body: bulkFailOnErrorsJson,
|
||||
body: withUsername(bulkFailOnErrorsJson, gofakeit.Username()),
|
||||
want: &scim.BulkResponse{
|
||||
Schemas: []schemas.ScimSchemaType{schemas.IdBulkResponse},
|
||||
Operations: []*scim.BulkResponseOperation{
|
||||
@@ -579,7 +581,6 @@ func TestBulk(t *testing.T) {
|
||||
|
||||
response, err := Instance.Client.SCIM.Bulk(ctx, orgID, tt.body)
|
||||
createdUserIDs := buildCreatedIDs(response)
|
||||
defer deleteUsers(t, createdUserIDs)
|
||||
|
||||
if tt.wantErr != nil {
|
||||
statusCode := tt.wantErr.status
|
||||
@@ -656,17 +657,6 @@ func buildCreatedIDs(response *scim.BulkResponse) []string {
|
||||
return createdIds
|
||||
}
|
||||
|
||||
func deleteUsers(t require.TestingT, ids []string) {
|
||||
for _, id := range ids {
|
||||
err := Instance.Client.SCIM.Users.Delete(CTX, Instance.DefaultOrg.Id, id)
|
||||
|
||||
// only not found errors are ok (if the user is deleted in a later on bulk request)
|
||||
if err != nil {
|
||||
scim.RequireScimError(t, http.StatusNotFound, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func buildMinimalUpdateRequest(userID string) *scim.BulkRequest {
|
||||
return &scim.BulkRequest{
|
||||
Schemas: []schemas.ScimSchemaType{schemas.IdBulkRequest},
|
||||
@@ -690,7 +680,7 @@ func buildTooManyOperationsRequest() *scim.BulkRequest {
|
||||
req.Operations[i] = &scim.BulkRequestOperation{
|
||||
Method: http.MethodPost,
|
||||
Path: "/Users",
|
||||
Data: minimalUserJson,
|
||||
Data: withUsername(minimalUserJson, gofakeit.Username()),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -720,8 +710,11 @@ func ensureMetadataProjected(t require.TestingT, userID, key, value string) {
|
||||
Id: userID,
|
||||
Key: key,
|
||||
})
|
||||
require.NoError(tt, err)
|
||||
require.Equal(tt, value, string(md.Metadata.Value))
|
||||
if !assert.NoError(tt, err) {
|
||||
require.Equal(tt, status.Code(err), codes.NotFound)
|
||||
return
|
||||
}
|
||||
assert.Equal(tt, value, string(md.Metadata.Value))
|
||||
}, retryDuration, tick)
|
||||
}
|
||||
|
||||
|
||||
@@ -32,14 +32,14 @@
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"externalId": "scim-bulk-created-user-0",
|
||||
"userName": "scim-bulk-created-user-0",
|
||||
"userName": "{{ .Username }}",
|
||||
"name": {
|
||||
"familyName": "scim-bulk-created-user-0-family-name",
|
||||
"givenName": "scim-bulk-created-user-0-given-name"
|
||||
},
|
||||
"emails": [
|
||||
{
|
||||
"value": "scim-bulk-created-user-0@example.com",
|
||||
"value": "{{ .Username }}@example.com",
|
||||
"primary": true
|
||||
}
|
||||
],
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
|
||||
"externalId": "701984",
|
||||
"userName": "bjensen@example.com",
|
||||
"userName": "{{ .Username }}@example.com",
|
||||
"name": {
|
||||
"formatted": "Ms. Barbara J Jensen, III",
|
||||
"familyName": "Jensen",
|
||||
@@ -15,12 +15,12 @@
|
||||
"profileUrl": "http://login.example.com/bjensen",
|
||||
"emails": [
|
||||
{
|
||||
"value": "bjensen@example.com",
|
||||
"value": "{{ .Username }}@example.com",
|
||||
"type": "work",
|
||||
"primary": true
|
||||
},
|
||||
{
|
||||
"value": "babs@jensen.org",
|
||||
"value": "{{ .Username }}+1@example.com",
|
||||
"type": "home"
|
||||
}
|
||||
],
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"userName": "acmeUser1",
|
||||
"userName": "{{ .Username }}",
|
||||
"name": {
|
||||
"familyName": "Ross",
|
||||
"givenName": "Bethany"
|
||||
},
|
||||
"emails": [
|
||||
{
|
||||
"value": "user1@example.com",
|
||||
"value": "{{ .Username }}@example.com",
|
||||
"primary": true
|
||||
}
|
||||
]
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"userName": "acmeUser1",
|
||||
"userName": "acmeUser1-inactive",
|
||||
"name": {
|
||||
"familyName": "Ross",
|
||||
"givenName": "Bethany"
|
||||
},
|
||||
"emails": [
|
||||
{
|
||||
"value": "user1@example.com",
|
||||
"value": "user1-inactive@example.com",
|
||||
"primary": true
|
||||
}
|
||||
],
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"userName": "acmeUser1",
|
||||
"userName": "acmeUser1-no-primary-email-phone",
|
||||
"name": {
|
||||
"familyName": "Ross",
|
||||
"givenName": "Bethany"
|
||||
},
|
||||
"emails": [
|
||||
{
|
||||
"value": "user1@example.com"
|
||||
"value": "user1-no-primary-email-phone@example.com"
|
||||
}
|
||||
],
|
||||
"phoneNumbers": [
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"userName": "acmeUser1-minimal-replaced",
|
||||
"userName": "{{ .Username }}",
|
||||
"name": {
|
||||
"familyName": "Ross-replaced",
|
||||
"givenName": "Bethany-replaced"
|
||||
},
|
||||
"emails": [
|
||||
{
|
||||
"value": "user1-minimal-replaced@example.com",
|
||||
"value": "{{ .Username }}@example.com",
|
||||
"primary": true,
|
||||
"type": "work"
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
"value": {
|
||||
"emails":[
|
||||
{
|
||||
"value":"babs@example.com",
|
||||
"value":"{{ .Username }}+2@example.com",
|
||||
"type":"home",
|
||||
"primary": true
|
||||
}
|
||||
|
||||
@@ -3,17 +3,22 @@
|
||||
package integration_test
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
_ "embed"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"path"
|
||||
"testing"
|
||||
"text/template"
|
||||
"time"
|
||||
|
||||
"github.com/brianvoe/gofakeit/v6"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/text/language"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/scim/resources"
|
||||
"github.com/zitadel/zitadel/internal/api/scim/schemas"
|
||||
@@ -157,7 +162,18 @@ var (
|
||||
}
|
||||
)
|
||||
|
||||
func withUsername(fixture []byte, username string) []byte {
|
||||
buf := new(bytes.Buffer)
|
||||
template.Must(template.New("").Parse(string(fixture))).Execute(buf, &struct {
|
||||
Username string
|
||||
}{
|
||||
Username: username,
|
||||
})
|
||||
return buf.Bytes()
|
||||
}
|
||||
|
||||
func TestCreateUser(t *testing.T) {
|
||||
minimalUsername := gofakeit.Username()
|
||||
tests := []struct {
|
||||
name string
|
||||
body []byte
|
||||
@@ -171,16 +187,16 @@ func TestCreateUser(t *testing.T) {
|
||||
}{
|
||||
{
|
||||
name: "minimal user",
|
||||
body: minimalUserJson,
|
||||
body: withUsername(minimalUserJson, minimalUsername),
|
||||
want: &resources.ScimUser{
|
||||
UserName: "acmeUser1",
|
||||
UserName: minimalUsername,
|
||||
Name: &resources.ScimUserName{
|
||||
FamilyName: "Ross",
|
||||
GivenName: "Bethany",
|
||||
},
|
||||
Emails: []*resources.ScimEmail{
|
||||
{
|
||||
Value: "user1@example.com",
|
||||
Value: minimalUsername + "@example.com",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
@@ -195,7 +211,7 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "full user",
|
||||
body: fullUserJson,
|
||||
body: withUsername(fullUserJson, "bjensen"),
|
||||
want: fullUser,
|
||||
},
|
||||
{
|
||||
@@ -204,7 +220,7 @@ func TestCreateUser(t *testing.T) {
|
||||
want: &resources.ScimUser{
|
||||
Emails: []*resources.ScimEmail{
|
||||
{
|
||||
Value: "user1@example.com",
|
||||
Value: "user1-no-primary-email-phone@example.com",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
@@ -262,21 +278,21 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "not authenticated",
|
||||
body: minimalUserJson,
|
||||
body: withUsername(minimalUserJson, gofakeit.Username()),
|
||||
ctx: context.Background(),
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusUnauthorized,
|
||||
},
|
||||
{
|
||||
name: "no permissions",
|
||||
body: minimalUserJson,
|
||||
body: withUsername(minimalUserJson, gofakeit.Username()),
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
},
|
||||
{
|
||||
name: "another org",
|
||||
body: minimalUserJson,
|
||||
body: withUsername(minimalUserJson, gofakeit.Username()),
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
@@ -315,11 +331,6 @@ func TestCreateUser(t *testing.T) {
|
||||
}
|
||||
|
||||
assert.NotEmpty(t, createdUser.ID)
|
||||
defer func() {
|
||||
_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
|
||||
assert.NoError(t, err)
|
||||
}()
|
||||
|
||||
assert.EqualValues(t, []schemas.ScimSchemaType{"urn:ietf:params:scim:schemas:core:2.0:User"}, createdUser.Resource.Schemas)
|
||||
assert.Equal(t, schemas.ScimResourceTypeSingular("User"), createdUser.Resource.Meta.ResourceType)
|
||||
assert.Equal(t, "http://"+Instance.Host()+path.Join(schemas.HandlerPrefix, orgID, "Users", createdUser.ID), createdUser.Resource.Meta.Location)
|
||||
@@ -345,10 +356,11 @@ func TestCreateUser(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestCreateUser_duplicate(t *testing.T) {
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, minimalUserJson)
|
||||
parsedMinimalUserJson := withUsername(minimalUserJson, gofakeit.Username())
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, parsedMinimalUserJson)
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, minimalUserJson)
|
||||
_, err = Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, parsedMinimalUserJson)
|
||||
scimErr := scim.RequireScimError(t, http.StatusConflict, err)
|
||||
assert.Equal(t, "User already exists", scimErr.Error.Detail)
|
||||
assert.Equal(t, "uniqueness", scimErr.Error.ScimType)
|
||||
@@ -358,14 +370,10 @@ func TestCreateUser_duplicate(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestCreateUser_metadata(t *testing.T) {
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
|
||||
username := gofakeit.Username()
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
|
||||
defer func() {
|
||||
_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
|
||||
require.NoError(t, err)
|
||||
}()
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
|
||||
require.EventuallyWithT(t, func(tt *assert.CollectT) {
|
||||
md, err := Instance.Client.Mgmt.ListUserMetadata(CTX, &management.ListUserMetadataRequest{
|
||||
@@ -391,38 +399,111 @@ func TestCreateUser_metadata(t *testing.T) {
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:locale", "en-US")
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:ims", `[{"value":"someaimhandle","type":"aim"},{"value":"twitterhandle","type":"X"}]`)
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:roles", `[{"value":"my-role-1","display":"Rolle 1","type":"main-role","primary":true},{"value":"my-role-2","display":"Rolle 2","type":"secondary-role"}]`)
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", `[{"value":"bjensen@example.com","primary":true,"type":"work"},{"value":"babs@jensen.org","primary":false,"type":"home"}]`)
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", fmt.Sprintf(`[{"value":"%s@example.com","primary":true,"type":"work"},{"value":"%s+1@example.com","primary":false,"type":"home"}]`, username, username))
|
||||
}, retryDuration, tick)
|
||||
}
|
||||
|
||||
func TestCreateUser_scopedExternalID(t *testing.T) {
|
||||
setProvisioningDomain(t, Instance.Users.Get(integration.UserTypeOrgOwner).ID, "fooBar")
|
||||
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
|
||||
callingUserId, callingUserPat, err := Instance.CreateMachineUserPATWithMembership(CTX, "ORG_OWNER")
|
||||
require.NoError(t, err)
|
||||
|
||||
defer func() {
|
||||
_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
|
||||
require.NoError(t, err)
|
||||
|
||||
removeProvisioningDomain(t, Instance.Users.Get(integration.UserTypeOrgOwner).ID)
|
||||
}()
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
|
||||
ctx := integration.WithAuthorizationToken(CTX, callingUserPat)
|
||||
setProvisioningDomain(t, callingUserId, "fooBar")
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(ctx, Instance.DefaultOrg.Id, withUsername(fullUserJson, gofakeit.Username()))
|
||||
require.NoError(t, err)
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
|
||||
require.EventuallyWithT(t, func(tt *assert.CollectT) {
|
||||
// unscoped externalID should not exist
|
||||
_, err = Instance.Client.Mgmt.GetUserMetadata(CTX, &management.GetUserMetadataRequest{
|
||||
unscoped, err := Instance.Client.Mgmt.GetUserMetadata(ctx, &management.GetUserMetadataRequest{
|
||||
Id: createdUser.ID,
|
||||
Key: "urn:zitadel:scim:externalId",
|
||||
})
|
||||
integration.AssertGrpcStatus(tt, codes.NotFound, err)
|
||||
unscoped = unscoped
|
||||
|
||||
// scoped externalID should exist
|
||||
md, err := Instance.Client.Mgmt.GetUserMetadata(CTX, &management.GetUserMetadataRequest{
|
||||
md, err := Instance.Client.Mgmt.GetUserMetadata(ctx, &management.GetUserMetadataRequest{
|
||||
Id: createdUser.ID,
|
||||
Key: "urn:zitadel:scim:fooBar:externalId",
|
||||
})
|
||||
require.NoError(tt, err)
|
||||
if !assert.NoError(tt, err) {
|
||||
require.Equal(tt, status.Code(err), codes.NotFound)
|
||||
return
|
||||
}
|
||||
assert.Equal(tt, "701984", string(md.Metadata.Value))
|
||||
}, retryDuration, tick)
|
||||
}
|
||||
|
||||
func TestCreateUser_ignorePasswordOnCreate(t *testing.T) {
|
||||
t.Parallel()
|
||||
tests := []struct {
|
||||
name string
|
||||
ignorePassword string
|
||||
scimErrorType string
|
||||
scimErrorDetail string
|
||||
wantUser *resources.ScimUser
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "ignorePasswordOnCreate set to false",
|
||||
ignorePassword: "false",
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
scimErrorDetail: "Password is too short",
|
||||
},
|
||||
{
|
||||
name: "ignorePasswordOnCreate set to an invalid value",
|
||||
ignorePassword: "random",
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
scimErrorDetail: "Invalid value for metadata key urn:zitadel:scim:ignorePasswordOnCreate: random",
|
||||
},
|
||||
{
|
||||
name: "ignorePasswordOnCreate set to true",
|
||||
ignorePassword: "true",
|
||||
wantUser: &resources.ScimUser{
|
||||
UserName: "acmeUser1",
|
||||
Name: &resources.ScimUserName{
|
||||
FamilyName: "Ross",
|
||||
GivenName: "Bethany",
|
||||
},
|
||||
Emails: []*resources.ScimEmail{
|
||||
{
|
||||
Value: "user1@example.com",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
// create a machine user
|
||||
callingUserId, callingUserPat, err := Instance.CreateMachineUserPATWithMembership(CTX, "ORG_OWNER")
|
||||
require.NoError(t, err)
|
||||
ctx := integration.WithAuthorizationToken(CTX, callingUserPat)
|
||||
|
||||
// set urn:zitadel:scim:ignorePasswordOnCreate metadata for the machine user
|
||||
setAndEnsureMetadata(t, callingUserId, "urn:zitadel:scim:ignorePasswordOnCreate", tt.ignorePassword)
|
||||
|
||||
// create a user with an invalid password
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(ctx, Instance.DefaultOrg.Id, withUsername(invalidPasswordUserJson, "acmeUser1"))
|
||||
require.Equal(t, tt.wantErr, err != nil)
|
||||
if err != nil {
|
||||
scimErr := scim.RequireScimError(t, http.StatusBadRequest, err)
|
||||
assert.Equal(t, tt.scimErrorType, scimErr.Error.ScimType)
|
||||
assert.Equal(t, tt.scimErrorDetail, scimErr.Error.Detail)
|
||||
return
|
||||
}
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
|
||||
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
|
||||
// ensure the user is really stored and not just returned to the caller
|
||||
fetchedUser, err := Instance.Client.SCIM.Users.Get(CTX, Instance.DefaultOrg.Id, createdUser.ID)
|
||||
require.NoError(ttt, err)
|
||||
assert.True(ttt, test.PartiallyDeepEqual(tt.wantUser, fetchedUser))
|
||||
}, retryDuration, tick)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/brianvoe/gofakeit/v6"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/text/language"
|
||||
@@ -18,256 +19,260 @@ import (
|
||||
"github.com/zitadel/zitadel/internal/integration"
|
||||
"github.com/zitadel/zitadel/internal/integration/scim"
|
||||
"github.com/zitadel/zitadel/internal/test"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/user/v2"
|
||||
)
|
||||
|
||||
func TestGetUser(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
orgID string
|
||||
buildUserID func() string
|
||||
cleanup func(userID string)
|
||||
type testCase struct {
|
||||
ctx context.Context
|
||||
orgID string
|
||||
userID string
|
||||
want *resources.ScimUser
|
||||
wantErr bool
|
||||
errorStatus int
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
setup func(t *testing.T) testCase
|
||||
}{
|
||||
{
|
||||
name: "not authenticated",
|
||||
ctx: context.Background(),
|
||||
errorStatus: http.StatusUnauthorized,
|
||||
wantErr: true,
|
||||
name: "not authenticated",
|
||||
setup: func(t *testing.T) testCase {
|
||||
return testCase{
|
||||
ctx: context.Background(),
|
||||
errorStatus: http.StatusUnauthorized,
|
||||
wantErr: true,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "no permissions",
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
errorStatus: http.StatusNotFound,
|
||||
wantErr: true,
|
||||
name: "no permissions",
|
||||
setup: func(t *testing.T) testCase {
|
||||
return testCase{
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
errorStatus: http.StatusNotFound,
|
||||
wantErr: true,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "another org",
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
errorStatus: http.StatusNotFound,
|
||||
wantErr: true,
|
||||
name: "another org",
|
||||
setup: func(t *testing.T) testCase {
|
||||
return testCase{
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
errorStatus: http.StatusNotFound,
|
||||
wantErr: true,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "another org with permissions",
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
errorStatus: http.StatusNotFound,
|
||||
wantErr: true,
|
||||
name: "another org with permissions",
|
||||
setup: func(t *testing.T) testCase {
|
||||
return testCase{
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
errorStatus: http.StatusNotFound,
|
||||
wantErr: true,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "unknown user id",
|
||||
buildUserID: func() string {
|
||||
return "unknown"
|
||||
setup: func(t *testing.T) testCase {
|
||||
return testCase{
|
||||
userID: "unknown",
|
||||
errorStatus: http.StatusNotFound,
|
||||
wantErr: true,
|
||||
}
|
||||
},
|
||||
errorStatus: http.StatusNotFound,
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "created via grpc",
|
||||
want: &resources.ScimUser{
|
||||
Name: &resources.ScimUserName{
|
||||
FamilyName: "Mouse",
|
||||
GivenName: "Mickey",
|
||||
},
|
||||
PreferredLanguage: language.MustParse("nl"),
|
||||
PhoneNumbers: []*resources.ScimPhoneNumber{
|
||||
{
|
||||
Value: "+41791234567",
|
||||
Primary: true,
|
||||
setup: func(t *testing.T) testCase {
|
||||
return testCase{
|
||||
want: &resources.ScimUser{
|
||||
Name: &resources.ScimUserName{
|
||||
FamilyName: "Mouse",
|
||||
GivenName: "Mickey",
|
||||
},
|
||||
PreferredLanguage: language.MustParse("nl"),
|
||||
PhoneNumbers: []*resources.ScimPhoneNumber{
|
||||
{
|
||||
Value: "+41791234567",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "created via scim",
|
||||
buildUserID: func() string {
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return createdUser.ID
|
||||
},
|
||||
cleanup: func(userID string) {
|
||||
_, err := Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: userID})
|
||||
require.NoError(t, err)
|
||||
},
|
||||
want: &resources.ScimUser{
|
||||
ExternalID: "701984",
|
||||
UserName: "bjensen@example.com",
|
||||
Name: &resources.ScimUserName{
|
||||
Formatted: "Babs Jensen", // DisplayName takes precedence
|
||||
FamilyName: "Jensen",
|
||||
GivenName: "Barbara",
|
||||
MiddleName: "Jane",
|
||||
HonorificPrefix: "Ms.",
|
||||
HonorificSuffix: "III",
|
||||
},
|
||||
DisplayName: "Babs Jensen",
|
||||
NickName: "Babs",
|
||||
ProfileUrl: test.Must(schemas.ParseHTTPURL("http://login.example.com/bjensen")),
|
||||
Title: "Tour Guide",
|
||||
PreferredLanguage: language.Make("en-US"),
|
||||
Locale: "en-US",
|
||||
Timezone: "America/Los_Angeles",
|
||||
Active: schemas.NewRelaxedBool(true),
|
||||
Emails: []*resources.ScimEmail{
|
||||
{
|
||||
Value: "bjensen@example.com",
|
||||
Primary: true,
|
||||
Type: "work",
|
||||
return testCase{
|
||||
userID: createdUser.ID,
|
||||
want: &resources.ScimUser{
|
||||
ExternalID: "701984",
|
||||
UserName: username + "@example.com",
|
||||
Name: &resources.ScimUserName{
|
||||
Formatted: "Babs Jensen", // DisplayName takes precedence
|
||||
FamilyName: "Jensen",
|
||||
GivenName: "Barbara",
|
||||
MiddleName: "Jane",
|
||||
HonorificPrefix: "Ms.",
|
||||
HonorificSuffix: "III",
|
||||
},
|
||||
DisplayName: "Babs Jensen",
|
||||
NickName: "Babs",
|
||||
ProfileUrl: test.Must(schemas.ParseHTTPURL("http://login.example.com/bjensen")),
|
||||
Title: "Tour Guide",
|
||||
PreferredLanguage: language.Make("en-US"),
|
||||
Locale: "en-US",
|
||||
Timezone: "America/Los_Angeles",
|
||||
Active: schemas.NewRelaxedBool(true),
|
||||
Emails: []*resources.ScimEmail{
|
||||
{
|
||||
Value: username + "@example.com",
|
||||
Primary: true,
|
||||
Type: "work",
|
||||
},
|
||||
},
|
||||
PhoneNumbers: []*resources.ScimPhoneNumber{
|
||||
{
|
||||
Value: "+415555555555",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
Ims: []*resources.ScimIms{
|
||||
{
|
||||
Value: "someaimhandle",
|
||||
Type: "aim",
|
||||
},
|
||||
{
|
||||
Value: "twitterhandle",
|
||||
Type: "X",
|
||||
},
|
||||
},
|
||||
Addresses: []*resources.ScimAddress{
|
||||
{
|
||||
Type: "work",
|
||||
StreetAddress: "100 Universal City Plaza",
|
||||
Locality: "Hollywood",
|
||||
Region: "CA",
|
||||
PostalCode: "91608",
|
||||
Country: "USA",
|
||||
Formatted: "100 Universal City Plaza\nHollywood, CA 91608 USA",
|
||||
Primary: true,
|
||||
},
|
||||
{
|
||||
Type: "home",
|
||||
StreetAddress: "456 Hollywood Blvd",
|
||||
Locality: "Hollywood",
|
||||
Region: "CA",
|
||||
PostalCode: "91608",
|
||||
Country: "USA",
|
||||
Formatted: "456 Hollywood Blvd\nHollywood, CA 91608 USA",
|
||||
},
|
||||
},
|
||||
Photos: []*resources.ScimPhoto{
|
||||
{
|
||||
Value: *test.Must(schemas.ParseHTTPURL("https://photos.example.com/profilephoto/72930000000Ccne/F")),
|
||||
Type: "photo",
|
||||
},
|
||||
{
|
||||
Value: *test.Must(schemas.ParseHTTPURL("https://photos.example.com/profilephoto/72930000000Ccne/T")),
|
||||
Type: "thumbnail",
|
||||
},
|
||||
},
|
||||
Roles: []*resources.ScimRole{
|
||||
{
|
||||
Value: "my-role-1",
|
||||
Display: "Rolle 1",
|
||||
Type: "main-role",
|
||||
Primary: true,
|
||||
},
|
||||
{
|
||||
Value: "my-role-2",
|
||||
Display: "Rolle 2",
|
||||
Type: "secondary-role",
|
||||
Primary: false,
|
||||
},
|
||||
},
|
||||
Entitlements: []*resources.ScimEntitlement{
|
||||
{
|
||||
Value: "my-entitlement-1",
|
||||
Display: "Entitlement 1",
|
||||
Type: "main-entitlement",
|
||||
Primary: true,
|
||||
},
|
||||
{
|
||||
Value: "my-entitlement-2",
|
||||
Display: "Entitlement 2",
|
||||
Type: "secondary-entitlement",
|
||||
Primary: false,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
PhoneNumbers: []*resources.ScimPhoneNumber{
|
||||
{
|
||||
Value: "+415555555555",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
Ims: []*resources.ScimIms{
|
||||
{
|
||||
Value: "someaimhandle",
|
||||
Type: "aim",
|
||||
},
|
||||
{
|
||||
Value: "twitterhandle",
|
||||
Type: "X",
|
||||
},
|
||||
},
|
||||
Addresses: []*resources.ScimAddress{
|
||||
{
|
||||
Type: "work",
|
||||
StreetAddress: "100 Universal City Plaza",
|
||||
Locality: "Hollywood",
|
||||
Region: "CA",
|
||||
PostalCode: "91608",
|
||||
Country: "USA",
|
||||
Formatted: "100 Universal City Plaza\nHollywood, CA 91608 USA",
|
||||
Primary: true,
|
||||
},
|
||||
{
|
||||
Type: "home",
|
||||
StreetAddress: "456 Hollywood Blvd",
|
||||
Locality: "Hollywood",
|
||||
Region: "CA",
|
||||
PostalCode: "91608",
|
||||
Country: "USA",
|
||||
Formatted: "456 Hollywood Blvd\nHollywood, CA 91608 USA",
|
||||
},
|
||||
},
|
||||
Photos: []*resources.ScimPhoto{
|
||||
{
|
||||
Value: *test.Must(schemas.ParseHTTPURL("https://photos.example.com/profilephoto/72930000000Ccne/F")),
|
||||
Type: "photo",
|
||||
},
|
||||
{
|
||||
Value: *test.Must(schemas.ParseHTTPURL("https://photos.example.com/profilephoto/72930000000Ccne/T")),
|
||||
Type: "thumbnail",
|
||||
},
|
||||
},
|
||||
Roles: []*resources.ScimRole{
|
||||
{
|
||||
Value: "my-role-1",
|
||||
Display: "Rolle 1",
|
||||
Type: "main-role",
|
||||
Primary: true,
|
||||
},
|
||||
{
|
||||
Value: "my-role-2",
|
||||
Display: "Rolle 2",
|
||||
Type: "secondary-role",
|
||||
Primary: false,
|
||||
},
|
||||
},
|
||||
Entitlements: []*resources.ScimEntitlement{
|
||||
{
|
||||
Value: "my-entitlement-1",
|
||||
Display: "Entitlement 1",
|
||||
Type: "main-entitlement",
|
||||
Primary: true,
|
||||
},
|
||||
{
|
||||
Value: "my-entitlement-2",
|
||||
Display: "Entitlement 2",
|
||||
Type: "secondary-entitlement",
|
||||
Primary: false,
|
||||
},
|
||||
},
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "scoped externalID",
|
||||
buildUserID: func() string {
|
||||
// create user without provisioning domain
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
|
||||
setup: func(t *testing.T) testCase {
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, gofakeit.Username()))
|
||||
require.NoError(t, err)
|
||||
|
||||
// set provisioning domain of service user
|
||||
setProvisioningDomain(t, Instance.Users.Get(integration.UserTypeOrgOwner).ID, "fooBar")
|
||||
|
||||
// set externalID for provisioning domain
|
||||
callingUserId, callingUserPat, err := Instance.CreateMachineUserPATWithMembership(CTX, "ORG_OWNER")
|
||||
require.NoError(t, err)
|
||||
setProvisioningDomain(t, callingUserId, "fooBar")
|
||||
setAndEnsureMetadata(t, createdUser.ID, "urn:zitadel:scim:fooBar:externalId", "100-scopedExternalId")
|
||||
return createdUser.ID
|
||||
},
|
||||
cleanup: func(userID string) {
|
||||
_, err := Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: userID})
|
||||
require.NoError(t, err)
|
||||
|
||||
removeProvisioningDomain(t, Instance.Users.Get(integration.UserTypeOrgOwner).ID)
|
||||
},
|
||||
want: &resources.ScimUser{
|
||||
ExternalID: "100-scopedExternalId",
|
||||
return testCase{
|
||||
ctx: integration.WithAuthorizationToken(CTX, callingUserPat),
|
||||
userID: createdUser.ID,
|
||||
want: &resources.ScimUser{
|
||||
ExternalID: "100-scopedExternalId",
|
||||
},
|
||||
}
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
ctx := tt.ctx
|
||||
if ctx == nil {
|
||||
ctx = CTX
|
||||
ttt := tt.setup(t)
|
||||
if ttt.userID == "" {
|
||||
ttt.userID = Instance.CreateHumanUser(CTX).UserId
|
||||
}
|
||||
|
||||
var userID string
|
||||
if tt.buildUserID != nil {
|
||||
userID = tt.buildUserID()
|
||||
} else {
|
||||
createUserResp := Instance.CreateHumanUser(CTX)
|
||||
userID = createUserResp.UserId
|
||||
if ttt.ctx == nil {
|
||||
ttt.ctx = CTX
|
||||
}
|
||||
|
||||
orgID := tt.orgID
|
||||
if orgID == "" {
|
||||
orgID = Instance.DefaultOrg.Id
|
||||
if ttt.orgID == "" {
|
||||
ttt.orgID = Instance.DefaultOrg.Id
|
||||
}
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
|
||||
var fetchedUser *resources.ScimUser
|
||||
var err error
|
||||
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
|
||||
fetchedUser, err = Instance.Client.SCIM.Users.Get(ctx, orgID, userID)
|
||||
if tt.wantErr {
|
||||
statusCode := tt.errorStatus
|
||||
require.EventuallyWithT(t, func(collect *assert.CollectT) {
|
||||
fetchedUser, err := Instance.Client.SCIM.Users.Get(ttt.ctx, ttt.orgID, ttt.userID)
|
||||
if ttt.wantErr {
|
||||
statusCode := ttt.errorStatus
|
||||
if statusCode == 0 {
|
||||
statusCode = http.StatusBadRequest
|
||||
}
|
||||
|
||||
scim.RequireScimError(ttt, statusCode, err)
|
||||
scim.RequireScimError(collect, statusCode, err)
|
||||
return
|
||||
}
|
||||
|
||||
assert.Equal(ttt, userID, fetchedUser.ID)
|
||||
assert.EqualValues(ttt, []schemas.ScimSchemaType{"urn:ietf:params:scim:schemas:core:2.0:User"}, fetchedUser.Schemas)
|
||||
assert.Equal(ttt, schemas.ScimResourceTypeSingular("User"), fetchedUser.Resource.Meta.ResourceType)
|
||||
assert.Equal(ttt, "http://"+Instance.Host()+path.Join(schemas.HandlerPrefix, orgID, "Users", fetchedUser.ID), fetchedUser.Resource.Meta.Location)
|
||||
assert.Nil(ttt, fetchedUser.Password)
|
||||
if !test.PartiallyDeepEqual(tt.want, fetchedUser) {
|
||||
ttt.Errorf("GetUser() got = %#v, want %#v", fetchedUser, tt.want)
|
||||
if !assert.NoError(collect, err) {
|
||||
scim.RequireScimError(collect, http.StatusNotFound, err)
|
||||
return
|
||||
}
|
||||
assert.Equal(collect, ttt.userID, fetchedUser.ID)
|
||||
assert.EqualValues(collect, []schemas.ScimSchemaType{"urn:ietf:params:scim:schemas:core:2.0:User"}, fetchedUser.Schemas)
|
||||
assert.Equal(collect, schemas.ScimResourceTypeSingular("User"), fetchedUser.Resource.Meta.ResourceType)
|
||||
assert.Equal(collect, "http://"+Instance.Host()+path.Join(schemas.HandlerPrefix, ttt.orgID, "Users", fetchedUser.ID), fetchedUser.Resource.Meta.Location)
|
||||
assert.Nil(collect, fetchedUser.Password)
|
||||
if !test.PartiallyDeepEqual(ttt.want, fetchedUser) {
|
||||
collect.Errorf("GetUser() got = %#v, want %#v", fetchedUser, ttt.want)
|
||||
}
|
||||
}, retryDuration, tick)
|
||||
|
||||
if tt.cleanup != nil {
|
||||
tt.cleanup(fetchedUser.ID)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,15 +23,6 @@ var totalCountOfHumanUsers = 13
|
||||
/*
|
||||
func TestListUser(t *testing.T) {
|
||||
createdUserIDs := createUsers(t, CTX, Instance.DefaultOrg.Id)
|
||||
defer func() {
|
||||
// only the full user needs to be deleted, all others have random identification data
|
||||
// fullUser is always the first one.
|
||||
_, err := Instance.Client.UserV2.DeleteUser(CTX, &user_v2.DeleteUserRequest{
|
||||
UserId: createdUserIDs[0],
|
||||
})
|
||||
require.NoError(t, err)
|
||||
}()
|
||||
|
||||
// secondary organization with same set of users,
|
||||
// these should never be modified.
|
||||
// This allows testing list requests without filters.
|
||||
@@ -451,7 +442,7 @@ func createUsers(t *testing.T, ctx context.Context, orgID string) []string {
|
||||
|
||||
// create the full scim user if on primary org
|
||||
if orgID == Instance.DefaultOrg.Id {
|
||||
fullUserCreatedResp, err := Instance.Client.SCIM.Users.Create(ctx, orgID, fullUserJson)
|
||||
fullUserCreatedResp, err := Instance.Client.SCIM.Users.Create(ctx, orgID, withUsername(fullUserJson, gofakeit.Username()))
|
||||
require.NoError(t, err)
|
||||
createdUserIDs = append(createdUserIDs, fullUserCreatedResp.ID)
|
||||
count--
|
||||
|
||||
@@ -5,11 +5,13 @@ package integration_test
|
||||
import (
|
||||
"context"
|
||||
_ "embed"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"path"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/brianvoe/gofakeit/v6"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/text/language"
|
||||
@@ -20,7 +22,6 @@ import (
|
||||
"github.com/zitadel/zitadel/internal/integration/scim"
|
||||
"github.com/zitadel/zitadel/internal/test"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/management"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/user/v2"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -199,28 +200,28 @@ func TestReplaceUser(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "not authenticated",
|
||||
body: minimalUserJson,
|
||||
body: withUsername(minimalUserJson, gofakeit.Username()),
|
||||
ctx: context.Background(),
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusUnauthorized,
|
||||
},
|
||||
{
|
||||
name: "no permissions",
|
||||
body: minimalUserJson,
|
||||
body: withUsername(minimalUserJson, gofakeit.Username()),
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
},
|
||||
{
|
||||
name: "another org",
|
||||
body: minimalUserJson,
|
||||
body: withUsername(minimalUserJson, gofakeit.Username()),
|
||||
replaceUserOrgID: SecondaryOrganization.OrganizationId,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
},
|
||||
{
|
||||
name: "another org with permissions",
|
||||
body: minimalUserJson,
|
||||
body: withUsername(minimalUserJson, gofakeit.Username()),
|
||||
replaceUserOrgID: SecondaryOrganization.OrganizationId,
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
|
||||
wantErr: true,
|
||||
@@ -230,14 +231,9 @@ func TestReplaceUser(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
// use iam owner => we don't want to test permissions of the create endpoint.
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner), Instance.DefaultOrg.Id, fullUserJson)
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner), Instance.DefaultOrg.Id, withUsername(fullUserJson, gofakeit.Username()))
|
||||
require.NoError(t, err)
|
||||
|
||||
defer func() {
|
||||
_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
|
||||
assert.NoError(t, err)
|
||||
}()
|
||||
|
||||
ctx := tt.ctx
|
||||
if ctx == nil {
|
||||
ctx = CTX
|
||||
@@ -294,10 +290,11 @@ func TestReplaceUser(t *testing.T) {
|
||||
|
||||
func TestReplaceUser_removeOldMetadata(t *testing.T) {
|
||||
// ensure old metadata is removed correctly
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
|
||||
username := gofakeit.Username()
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = Instance.Client.SCIM.Users.Replace(CTX, Instance.DefaultOrg.Id, createdUser.ID, minimalUserJson)
|
||||
_, err = Instance.Client.SCIM.Users.Replace(CTX, Instance.DefaultOrg.Id, createdUser.ID, withUsername(minimalUserJson, username))
|
||||
require.NoError(t, err)
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
|
||||
@@ -312,20 +309,17 @@ func TestReplaceUser_removeOldMetadata(t *testing.T) {
|
||||
for i := range md.Result {
|
||||
mdMap[md.Result[i].Key] = string(md.Result[i].Value)
|
||||
}
|
||||
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", "[{\"value\":\"user1@example.com\",\"primary\":true}]")
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", fmt.Sprintf("[{\"value\":\"%s@example.com\",\"primary\":true}]", username))
|
||||
}, retryDuration, tick)
|
||||
|
||||
_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestReplaceUser_emailType(t *testing.T) {
|
||||
// ensure old metadata is removed correctly
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, gofakeit.Username()))
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = Instance.Client.SCIM.Users.Replace(CTX, Instance.DefaultOrg.Id, createdUser.ID, minimalUserWithEmailTypeReplaceJson)
|
||||
replacedUsername := gofakeit.Username()
|
||||
_, err = Instance.Client.SCIM.Users.Replace(CTX, Instance.DefaultOrg.Id, createdUser.ID, withUsername(minimalUserWithEmailTypeReplaceJson, replacedUsername))
|
||||
require.NoError(t, err)
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
|
||||
@@ -341,28 +335,26 @@ func TestReplaceUser_emailType(t *testing.T) {
|
||||
mdMap[md.Result[i].Key] = string(md.Result[i].Value)
|
||||
}
|
||||
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", "[{\"value\":\"user1-minimal-replaced@example.com\",\"primary\":true,\"type\":\"work\"}]")
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", fmt.Sprintf("[{\"value\":\"%s@example.com\",\"primary\":true,\"type\":\"work\"}]", replacedUsername))
|
||||
}, retryDuration, tick)
|
||||
|
||||
_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestReplaceUser_scopedExternalID(t *testing.T) {
|
||||
// create user without provisioning domain set
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
|
||||
createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, gofakeit.Username()))
|
||||
require.NoError(t, err)
|
||||
|
||||
callingUserId, callingUserPat, err := Instance.CreateMachineUserPATWithMembership(CTX, "ORG_OWNER")
|
||||
require.NoError(t, err)
|
||||
ctx := integration.WithAuthorizationToken(CTX, callingUserPat)
|
||||
// set provisioning domain of service user
|
||||
setProvisioningDomain(t, Instance.Users.Get(integration.UserTypeOrgOwner).ID, "fooBazz")
|
||||
setProvisioningDomain(t, callingUserId, "fooBazz")
|
||||
|
||||
// replace the user with provisioning domain set
|
||||
_, err = Instance.Client.SCIM.Users.Replace(CTX, Instance.DefaultOrg.Id, createdUser.ID, minimalUserWithExternalIDJson)
|
||||
_, err = Instance.Client.SCIM.Users.Replace(ctx, Instance.DefaultOrg.Id, createdUser.ID, minimalUserWithExternalIDJson)
|
||||
require.NoError(t, err)
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
|
||||
require.EventuallyWithT(t, func(tt *assert.CollectT) {
|
||||
md, err := Instance.Client.Mgmt.ListUserMetadata(CTX, &management.ListUserMetadataRequest{
|
||||
md, err := Instance.Client.Mgmt.ListUserMetadata(ctx, &management.ListUserMetadataRequest{
|
||||
Id: createdUser.ID,
|
||||
})
|
||||
require.NoError(tt, err)
|
||||
@@ -376,9 +368,4 @@ func TestReplaceUser_scopedExternalID(t *testing.T) {
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:externalId", "701984")
|
||||
test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:fooBazz:externalId", "replaced-external-id")
|
||||
}, retryDuration, tick)
|
||||
|
||||
_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
|
||||
require.NoError(t, err)
|
||||
|
||||
removeProvisioningDomain(t, Instance.Users.Get(integration.UserTypeOrgOwner).ID)
|
||||
}
|
||||
|
||||
@@ -5,11 +5,13 @@ package integration_test
|
||||
import (
|
||||
"context"
|
||||
_ "embed"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/brianvoe/gofakeit/v6"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/text/language"
|
||||
@@ -19,7 +21,6 @@ import (
|
||||
"github.com/zitadel/zitadel/internal/integration"
|
||||
"github.com/zitadel/zitadel/internal/integration/scim"
|
||||
"github.com/zitadel/zitadel/internal/test"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/user/v2"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -34,15 +35,7 @@ func init() {
|
||||
}
|
||||
|
||||
func TestUpdateUser(t *testing.T) {
|
||||
fullUserCreated, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
|
||||
require.NoError(t, err)
|
||||
|
||||
defer func() {
|
||||
_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: fullUserCreated.ID})
|
||||
require.NoError(t, err)
|
||||
}()
|
||||
|
||||
tests := []struct {
|
||||
type testCase struct {
|
||||
name string
|
||||
body []byte
|
||||
ctx context.Context
|
||||
@@ -52,215 +45,296 @@ func TestUpdateUser(t *testing.T) {
|
||||
wantErr bool
|
||||
scimErrorType string
|
||||
errorStatus int
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
setup func(t *testing.T) testCase
|
||||
}{
|
||||
{
|
||||
name: "not authenticated",
|
||||
ctx: context.Background(),
|
||||
body: minimalUserUpdateJson,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusUnauthorized,
|
||||
name: "not authenticated",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
ctx: context.Background(),
|
||||
body: minimalUserUpdateJson,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusUnauthorized,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "no permissions",
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
body: minimalUserUpdateJson,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
name: "no permissions",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
body: minimalUserUpdateJson,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "other org",
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
body: minimalUserUpdateJson,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
name: "other org",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
body: minimalUserUpdateJson,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "other org with permissions",
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
body: minimalUserUpdateJson,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
name: "other org with permissions",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
|
||||
orgID: SecondaryOrganization.OrganizationId,
|
||||
body: minimalUserUpdateJson,
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "invalid patch json",
|
||||
body: simpleReplacePatchBody("nickname", "10"),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
name: "invalid patch json",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
body: simpleReplacePatchBody("nickname", "10"),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "password complexity violation",
|
||||
body: simpleReplacePatchBody("password", `"fooBar"`),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
name: "password complexity violation",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
body: simpleReplacePatchBody("password", `"fooBar"`),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "invalid profile url",
|
||||
body: simpleReplacePatchBody("profileUrl", `"ftp://example.com/profiles"`),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
name: "invalid profile url",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
body: simpleReplacePatchBody("profileUrl", `"ftp://example.com/profiles"`),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "invalid time zone",
|
||||
body: simpleReplacePatchBody("timezone", `"foobar"`),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
name: "invalid time zone",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
body: simpleReplacePatchBody("timezone", `"foobar"`),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "invalid locale",
|
||||
body: simpleReplacePatchBody("locale", `"foobar"`),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
name: "invalid locale",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
body: simpleReplacePatchBody("locale", `"foobar"`),
|
||||
wantErr: true,
|
||||
scimErrorType: "invalidValue",
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "unknown user id",
|
||||
body: simpleReplacePatchBody("nickname", `"foo"`),
|
||||
userID: "fooBar",
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
name: "unknown user id",
|
||||
setup: func(t *testing.T) testCase {
|
||||
return testCase{
|
||||
body: simpleReplacePatchBody("nickname", `"foo"`),
|
||||
userID: "fooBar",
|
||||
wantErr: true,
|
||||
errorStatus: http.StatusNotFound,
|
||||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "full",
|
||||
body: fullUserUpdateJson,
|
||||
want: &resources.ScimUser{
|
||||
ExternalID: "fooBAR",
|
||||
UserName: "bjensen@example.com",
|
||||
Name: &resources.ScimUserName{
|
||||
Formatted: "replaced-display-name",
|
||||
FamilyName: "added-family-name",
|
||||
GivenName: "added-given-name",
|
||||
MiddleName: "added-middle-name-2",
|
||||
HonorificPrefix: "added-honorific-prefix",
|
||||
HonorificSuffix: "replaced-honorific-suffix",
|
||||
},
|
||||
DisplayName: "replaced-display-name",
|
||||
NickName: "",
|
||||
ProfileUrl: test.Must(schemas.ParseHTTPURL("http://login.example.com/bjensen")),
|
||||
Emails: []*resources.ScimEmail{
|
||||
{
|
||||
Value: "bjensen@example.com",
|
||||
Type: "work",
|
||||
setup: func(t *testing.T) testCase {
|
||||
username := gofakeit.Username()
|
||||
created, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, withUsername(fullUserJson, username))
|
||||
require.NoError(t, err)
|
||||
return testCase{
|
||||
userID: created.ID,
|
||||
body: withUsername(fullUserUpdateJson, username),
|
||||
want: &resources.ScimUser{
|
||||
ExternalID: "fooBAR",
|
||||
UserName: username + "@example.com",
|
||||
Name: &resources.ScimUserName{
|
||||
Formatted: "replaced-display-name",
|
||||
FamilyName: "added-family-name",
|
||||
GivenName: "added-given-name",
|
||||
MiddleName: "added-middle-name-2",
|
||||
HonorificPrefix: "added-honorific-prefix",
|
||||
HonorificSuffix: "replaced-honorific-suffix",
|
||||
},
|
||||
DisplayName: "replaced-display-name",
|
||||
NickName: "",
|
||||
ProfileUrl: test.Must(schemas.ParseHTTPURL("http://login.example.com/bjensen")),
|
||||
Emails: []*resources.ScimEmail{
|
||||
{
|
||||
Value: username + "@example.com",
|
||||
Type: "work",
|
||||
},
|
||||
{
|
||||
Value: username + "+1@example.com",
|
||||
Type: "home",
|
||||
},
|
||||
{
|
||||
Value: username + "+2@example.com",
|
||||
Primary: true,
|
||||
Type: "home",
|
||||
},
|
||||
},
|
||||
Addresses: []*resources.ScimAddress{
|
||||
{
|
||||
Type: "replaced-work",
|
||||
StreetAddress: "replaced-100 Universal City Plaza",
|
||||
Locality: "replaced-Hollywood",
|
||||
Region: "replaced-CA",
|
||||
PostalCode: "replaced-91608",
|
||||
Country: "replaced-USA",
|
||||
Formatted: "replaced-100 Universal City Plaza\nHollywood, CA 91608 USA",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
PhoneNumbers: []*resources.ScimPhoneNumber{
|
||||
{
|
||||
Value: "+41711234567",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
Ims: []*resources.ScimIms{
|
||||
{
|
||||
Value: "someaimhandle",
|
||||
Type: "aim",
|
||||
},
|
||||
{
|
||||
Value: "twitterhandle",
|
||||
Type: "",
|
||||
},
|
||||
},
|
||||
Photos: []*resources.ScimPhoto{
|
||||
{
|
||||
Value: *test.Must(schemas.ParseHTTPURL("https://photos.example.com/profilephoto/72930000000Ccne/F")),
|
||||
Type: "photo",
|
||||
},
|
||||
},
|
||||
Roles: nil,
|
||||
Entitlements: []*resources.ScimEntitlement{
|
||||
{
|
||||
Value: "my-entitlement-1",
|
||||
Display: "added-entitlement-1",
|
||||
Type: "added-entitlement-1",
|
||||
Primary: false,
|
||||
},
|
||||
{
|
||||
Value: "my-entitlement-2",
|
||||
Display: "Entitlement 2",
|
||||
Type: "secondary-entitlement",
|
||||
Primary: false,
|
||||
},
|
||||
{
|
||||
Value: "added-entitlement-1",
|
||||
Primary: false,
|
||||
},
|
||||
{
|
||||
Value: "added-entitlement-2",
|
||||
Primary: false,
|
||||
},
|
||||
{
|
||||
Value: "added-entitlement-3",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
Title: "Tour Guide",
|
||||
PreferredLanguage: language.MustParse("en"),
|
||||
Locale: "en-US",
|
||||
Timezone: "America/Los_Angeles",
|
||||
Active: schemas.NewRelaxedBool(true),
|
||||
},
|
||||
{
|
||||
Value: "babs@jensen.org",
|
||||
Type: "home",
|
||||
},
|
||||
{
|
||||
Value: "babs@example.com",
|
||||
Primary: true,
|
||||
Type: "home",
|
||||
},
|
||||
},
|
||||
Addresses: []*resources.ScimAddress{
|
||||
{
|
||||
Type: "replaced-work",
|
||||
StreetAddress: "replaced-100 Universal City Plaza",
|
||||
Locality: "replaced-Hollywood",
|
||||
Region: "replaced-CA",
|
||||
PostalCode: "replaced-91608",
|
||||
Country: "replaced-USA",
|
||||
Formatted: "replaced-100 Universal City Plaza\nHollywood, CA 91608 USA",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
PhoneNumbers: []*resources.ScimPhoneNumber{
|
||||
{
|
||||
Value: "+41711234567",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
Ims: []*resources.ScimIms{
|
||||
{
|
||||
Value: "someaimhandle",
|
||||
Type: "aim",
|
||||
},
|
||||
{
|
||||
Value: "twitterhandle",
|
||||
Type: "",
|
||||
},
|
||||
},
|
||||
Photos: []*resources.ScimPhoto{
|
||||
{
|
||||
Value: *test.Must(schemas.ParseHTTPURL("https://photos.example.com/profilephoto/72930000000Ccne/F")),
|
||||
Type: "photo",
|
||||
},
|
||||
},
|
||||
Roles: nil,
|
||||
Entitlements: []*resources.ScimEntitlement{
|
||||
{
|
||||
Value: "my-entitlement-1",
|
||||
Display: "added-entitlement-1",
|
||||
Type: "added-entitlement-1",
|
||||
Primary: false,
|
||||
},
|
||||
{
|
||||
Value: "my-entitlement-2",
|
||||
Display: "Entitlement 2",
|
||||
Type: "secondary-entitlement",
|
||||
Primary: false,
|
||||
},
|
||||
{
|
||||
Value: "added-entitlement-1",
|
||||
Primary: false,
|
||||
},
|
||||
{
|
||||
Value: "added-entitlement-2",
|
||||
Primary: false,
|
||||
},
|
||||
{
|
||||
Value: "added-entitlement-3",
|
||||
Primary: true,
|
||||
},
|
||||
},
|
||||
Title: "Tour Guide",
|
||||
PreferredLanguage: language.MustParse("en-US"),
|
||||
Locale: "en-US",
|
||||
Timezone: "America/Los_Angeles",
|
||||
Active: schemas.NewRelaxedBool(true),
|
||||
}
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.ctx == nil {
|
||||
tt.ctx = CTX
|
||||
ttt := tt.setup(t)
|
||||
if ttt.orgID == "" {
|
||||
ttt.orgID = Instance.DefaultOrg.Id
|
||||
}
|
||||
|
||||
if tt.orgID == "" {
|
||||
tt.orgID = Instance.DefaultOrg.Id
|
||||
if ttt.ctx == nil {
|
||||
ttt.ctx = CTX
|
||||
}
|
||||
|
||||
if tt.userID == "" {
|
||||
tt.userID = fullUserCreated.ID
|
||||
}
|
||||
|
||||
err := Instance.Client.SCIM.Users.Update(tt.ctx, tt.orgID, tt.userID, tt.body)
|
||||
|
||||
if tt.wantErr {
|
||||
err := Instance.Client.SCIM.Users.Update(ttt.ctx, ttt.orgID, ttt.userID, ttt.body)
|
||||
if ttt.wantErr {
|
||||
require.Error(t, err)
|
||||
|
||||
statusCode := tt.errorStatus
|
||||
statusCode := ttt.errorStatus
|
||||
if statusCode == 0 {
|
||||
statusCode = http.StatusBadRequest
|
||||
}
|
||||
|
||||
scimErr := scim.RequireScimError(t, statusCode, err)
|
||||
assert.Equal(t, tt.scimErrorType, scimErr.Error.ScimType)
|
||||
assert.Equal(t, ttt.scimErrorType, scimErr.Error.ScimType)
|
||||
return
|
||||
}
|
||||
|
||||
require.NoError(t, err)
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
|
||||
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
|
||||
fetchedUser, err := Instance.Client.SCIM.Users.Get(tt.ctx, tt.orgID, fullUserCreated.ID)
|
||||
require.NoError(ttt, err)
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 3*time.Minute)
|
||||
require.EventuallyWithT(t, func(collect *assert.CollectT) {
|
||||
fetchedUser, err := Instance.Client.SCIM.Users.Get(ttt.ctx, ttt.orgID, ttt.userID)
|
||||
require.NoError(collect, err)
|
||||
|
||||
fetchedUser.Resource = nil
|
||||
fetchedUser.ID = ""
|
||||
if tt.want != nil && !test.PartiallyDeepEqual(tt.want, fetchedUser) {
|
||||
ttt.Errorf("got = %#v, want = %#v", fetchedUser, tt.want)
|
||||
}
|
||||
fetched, err := json.Marshal(fetchedUser)
|
||||
require.NoError(collect, err)
|
||||
want, err := json.Marshal(ttt.want)
|
||||
require.NoError(collect, err)
|
||||
assert.JSONEq(collect, string(want), string(fetched))
|
||||
}, retryDuration, tick)
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user