feat: get user scim v2 endpoint (#9161)

# Which Problems Are Solved - Adds support for the get user SCIM v2 endpoint # How the Problems Are Solved - Adds support for the get user SCIM v2 endpoint under `GET /scim/v2/{orgID}/Users/{id}` # Additional Context Part of #8140 Replaces https://github.com/zitadel/zitadel/pull/9154 as requested by the maintainers, discussions see https://github.com/zitadel/zitadel/pull/9154.
2025-08-11 18:17:35 +00:00 · 2025-01-10 12:15:06 +01:00
parent b0bcb051fc
commit 9c7f2a7d50
11 changed files with 744 additions and 15 deletions
--- a/internal/integration/assert.go
+++ b/internal/integration/assert.go
@@ -1,6 +1,7 @@
 package integration

 import (
+	"reflect"
 	"testing"
 	"time"

@@ -175,3 +176,89 @@ func AssertMapContains[M ~map[K]V, K comparable, V any](t *testing.T, m M, key K
 	assert.True(t, exists, "Key '%s' should exist in the map", key)
 	assert.Equal(t, expectedValue, val, "Key '%s' should have value '%d'", key, expectedValue)
 }
+
+// PartiallyDeepEqual is similar to reflect.DeepEqual,
+// but only compares exported non-zero fields of the expectedValue
+func PartiallyDeepEqual(expected, actual interface{}) bool {
+	if expected == nil {
+		return actual == nil
+	}
+
+	if actual == nil {
+		return false
+	}
+
+	return partiallyDeepEqual(reflect.ValueOf(expected), reflect.ValueOf(actual))
+}
+
+func partiallyDeepEqual(expected, actual reflect.Value) bool {
+	// Dereference pointers if needed
+	if expected.Kind() == reflect.Ptr {
+		if expected.IsNil() {
+			return actual.IsNil()
+		}
+
+		expected = expected.Elem()
+	}
+
+	if actual.Kind() == reflect.Ptr {
+		if actual.IsNil() {
+			return false
+		}
+
+		actual = actual.Elem()
+	}
+
+	if expected.Type() != actual.Type() {
+		return false
+	}
+
+	switch expected.Kind() { //nolint:exhaustive
+	case reflect.Struct:
+		for i := 0; i < expected.NumField(); i++ {
+			field := expected.Type().Field(i)
+			if field.PkgPath != "" { // Skip unexported fields
+				continue
+			}
+
+			expectedField := expected.Field(i)
+			actualField := actual.Field(i)
+
+			// Skip zero-value fields in expected
+			if reflect.DeepEqual(expectedField.Interface(), reflect.Zero(expectedField.Type()).Interface()) {
+				continue
+			}
+
+			// Compare fields recursively
+			if !partiallyDeepEqual(expectedField, actualField) {
+				return false
+			}
+		}
+		return true
+
+	case reflect.Slice, reflect.Array:
+		if expected.Len() > actual.Len() {
+			return false
+		}
+
+		for i := 0; i < expected.Len(); i++ {
+			if !partiallyDeepEqual(expected.Index(i), actual.Index(i)) {
+				return false
+			}
+		}
+
+		return true
+
+	default:
+		// Compare primitive types
+		return reflect.DeepEqual(expected.Interface(), actual.Interface())
+	}
+}
+
+func Must[T any](result T, error error) T {
+	if error != nil {
+		panic(error)
+	}
+
+	return result
+}
--- a/internal/integration/assert_test.go
+++ b/internal/integration/assert_test.go
@@ -50,3 +50,153 @@ func TestAssertDetails(t *testing.T) {
 		})
 	}
 }
+
+func TestPartiallyDeepEqual(t *testing.T) {
+	type SecondaryNestedType struct {
+		Value int
+	}
+	type NestedType struct {
+		Value         int
+		ValueSlice    []int
+		Nested        SecondaryNestedType
+		NestedPointer *SecondaryNestedType
+	}
+
+	type args struct {
+		expected interface{}
+		actual   interface{}
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "nil",
+			args: args{
+				expected: nil,
+				actual:   nil,
+			},
+			want: true,
+		},
+		{
+			name: "scalar value",
+			args: args{
+				expected: 10,
+				actual:   10,
+			},
+			want: true,
+		},
+		{
+			name: "different scalar value",
+			args: args{
+				expected: 11,
+				actual:   10,
+			},
+			want: false,
+		},
+		{
+			name: "string value",
+			args: args{
+				expected: "foo",
+				actual:   "foo",
+			},
+			want: true,
+		},
+		{
+			name: "different string value",
+			args: args{
+				expected: "foo2",
+				actual:   "foo",
+			},
+			want: false,
+		},
+		{
+			name: "scalar only set in actual",
+			args: args{
+				expected: &SecondaryNestedType{},
+				actual:   &SecondaryNestedType{Value: 10},
+			},
+			want: true,
+		},
+		{
+			name: "scalar equal",
+			args: args{
+				expected: &SecondaryNestedType{Value: 10},
+				actual:   &SecondaryNestedType{Value: 10},
+			},
+			want: true,
+		},
+		{
+			name: "scalar only set in expected",
+			args: args{
+				expected: &SecondaryNestedType{Value: 10},
+				actual:   &SecondaryNestedType{},
+			},
+			want: false,
+		},
+		{
+			name: "ptr only set in expected",
+			args: args{
+				expected: &NestedType{NestedPointer: &SecondaryNestedType{Value: 10}},
+				actual:   &NestedType{},
+			},
+			want: false,
+		},
+		{
+			name: "ptr only set in actual",
+			args: args{
+				expected: &NestedType{},
+				actual:   &NestedType{NestedPointer: &SecondaryNestedType{Value: 10}},
+			},
+			want: true,
+		},
+		{
+			name: "ptr equal",
+			args: args{
+				expected: &NestedType{NestedPointer: &SecondaryNestedType{Value: 10}},
+				actual:   &NestedType{NestedPointer: &SecondaryNestedType{Value: 10}},
+			},
+			want: true,
+		},
+		{
+			name: "nested equal",
+			args: args{
+				expected: &NestedType{Nested: SecondaryNestedType{Value: 10}},
+				actual:   &NestedType{Nested: SecondaryNestedType{Value: 10}},
+			},
+			want: true,
+		},
+		{
+			name: "slice equal",
+			args: args{
+				expected: &NestedType{ValueSlice: []int{10, 20}},
+				actual:   &NestedType{ValueSlice: []int{10, 20}},
+			},
+			want: true,
+		},
+		{
+			name: "slice additional in expected",
+			args: args{
+				expected: &NestedType{ValueSlice: []int{10, 20, 30}},
+				actual:   &NestedType{ValueSlice: []int{10, 20}},
+			},
+			want: false,
+		},
+		{
+			name: "slice additional in actual",
+			args: args{
+				expected: &NestedType{ValueSlice: []int{10, 20}},
+				actual:   &NestedType{ValueSlice: []int{10, 20, 30}},
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := PartiallyDeepEqual(tt.args.expected, tt.args.actual); got != tt.want {
+				t.Errorf("PartiallyDeepEqual() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/internal/integration/scim/client.go
+++ b/internal/integration/scim/client.go
@@ -18,10 +18,10 @@ import (
 )

 type Client struct {
-	Users *ResourceClient
+	Users *ResourceClient[resources.ScimUser]
 }

-type ResourceClient struct {
+type ResourceClient[T any] struct {
 	client       *http.Client
 	baseUrl      string
 	resourceName string
@@ -44,7 +44,7 @@ func NewScimClient(target string) *Client {
 	target = "http://" + target + schemas.HandlerPrefix
 	client := &http.Client{}
 	return &Client{
-		Users: &ResourceClient{
+		Users: &ResourceClient[resources.ScimUser]{
 			client:       client,
 			baseUrl:      target,
 			resourceName: "Users",
@@ -52,17 +52,19 @@ func NewScimClient(target string) *Client {
 	}
 }

-func (c *ResourceClient) Create(ctx context.Context, orgID string, body []byte) (*resources.ScimUser, error) {
-	user := new(resources.ScimUser)
-	err := c.doWithBody(ctx, http.MethodPost, orgID, "", bytes.NewReader(body), user)
-	return user, err
+func (c *ResourceClient[T]) Create(ctx context.Context, orgID string, body []byte) (*T, error) {
+	return c.doWithBody(ctx, http.MethodPost, orgID, "", bytes.NewReader(body))
 }

-func (c *ResourceClient) Delete(ctx context.Context, orgID, id string) error {
+func (c *ResourceClient[T]) Get(ctx context.Context, orgID, resourceID string) (*T, error) {
+	return c.doWithBody(ctx, http.MethodGet, orgID, resourceID, nil)
+}
+
+func (c *ResourceClient[T]) Delete(ctx context.Context, orgID, id string) error {
 	return c.do(ctx, http.MethodDelete, orgID, id)
 }

-func (c *ResourceClient) do(ctx context.Context, method, orgID, url string) error {
+func (c *ResourceClient[T]) do(ctx context.Context, method, orgID, url string) error {
 	req, err := http.NewRequestWithContext(ctx, method, c.buildURL(orgID, url), nil)
 	if err != nil {
 		return err
@@ -71,17 +73,18 @@ func (c *ResourceClient) do(ctx context.Context, method, orgID, url string) erro
 	return c.doReq(req, nil)
 }

-func (c *ResourceClient) doWithBody(ctx context.Context, method, orgID, url string, body io.Reader, responseEntity interface{}) error {
+func (c *ResourceClient[T]) doWithBody(ctx context.Context, method, orgID, url string, body io.Reader) (*T, error) {
 	req, err := http.NewRequestWithContext(ctx, method, c.buildURL(orgID, url), body)
 	if err != nil {
-		return err
+		return nil, err
 	}

 	req.Header.Set(zhttp.ContentType, middleware.ContentTypeScim)
-	return c.doReq(req, responseEntity)
+	responseEntity := new(T)
+	return responseEntity, c.doReq(req, responseEntity)
 }

-func (c *ResourceClient) doReq(req *http.Request, responseEntity interface{}) error {
+func (c *ResourceClient[T]) doReq(req *http.Request, responseEntity *T) error {
 	addTokenAsHeader(req)

 	resp, err := c.client.Do(req)
@@ -133,7 +136,7 @@ func readScimError(resp *http.Response) error {
 	return scimErr
 }

-func (c *ResourceClient) buildURL(orgID, segment string) string {
+func (c *ResourceClient[T]) buildURL(orgID, segment string) string {
 	if segment == "" {
 		return c.baseUrl + "/" + path.Join(orgID, c.resourceName)
 	}