providers/SCIM: improve backchannel signalling (#5657)

* providers/scim: add warning when provider is not used as backchannel provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/scim: don't sync SCIM provider that isn't used as backchannel at all

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-05-17 16:19:18 +02:00 committed by GitHub
parent cd7de4c0b9
commit 68a1bcf233
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 8 deletions

View file

@ -24,8 +24,8 @@ class SCIMProviderSerializer(ProviderSerializer):
"property_mappings",
"property_mappings_group",
"component",
"assigned_application_slug",
"assigned_application_name",
"assigned_backchannel_application_slug",
"assigned_backchannel_application_name",
"verbose_name",
"verbose_name_plural",
"meta_model_name",

View file

@ -42,7 +42,9 @@ def scim_sync_all():
@CELERY_APP.task(bind=True, base=MonitoredTask)
def scim_sync(self: MonitoredTask, provider_pk: int) -> None:
"""Run SCIM full sync for provider"""
provider: SCIMProvider = SCIMProvider.objects.filter(pk=provider_pk).first()
provider: SCIMProvider = SCIMProvider.objects.filter(
pk=provider_pk, backchannel_application__isnull=False
).first()
if not provider:
return
self.set_uid(slugify(provider.name))

View file

@ -36,6 +36,7 @@ class SCIMMembershipTests(TestCase):
slug=generate_id(),
)
self.app.backchannel_providers.add(self.provider)
self.provider.save()
self.provider.property_mappings.set(
[SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user")]
)

View file

@ -39824,11 +39824,11 @@ components:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_application_slug:
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
@ -39857,8 +39857,8 @@ components:
format: uuid
nullable: true
required:
- assigned_application_name
- assigned_application_slug
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- component
- meta_model_name
- name

View file

@ -121,9 +121,14 @@ export class SCIMProviderViewPage extends AKElement {
if (!this.provider) {
return html``;
}
return html` <div slot="header" class="pf-c-banner pf-m-info">
return html`<div slot="header" class="pf-c-banner pf-m-info">
${t`SCIM provider is in preview.`}
</div>
${!this.provider?.assignedBackchannelApplicationName
? html`<div slot="header" class="pf-c-banner pf-m-warning">
${t`Warning: Provider is not assigned to an application as backchannel provider.`}
</div>`
: html``}
<div class="pf-c-page__main-section pf-m-no-padding-mobile pf-l-grid pf-m-gutter">
<div class="pf-l-grid__item pf-m-7-col pf-l-stack pf-m-gutter">
<div class="pf-c-card pf-m-12-col pf-l-stack__item">