Skip to content

Commit

Permalink
AUTH-6586 adds identity update behavior field
Browse files Browse the repository at this point in the history
  • Loading branch information
khiller-cf committed Nov 18, 2024
1 parent 6e537fe commit 59de991
Show file tree
Hide file tree
Showing 3 changed files with 171 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .changelog/3618.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
access_identity_provider: Adds identity_update_behavior to SCIM config.
```
1 change: 1 addition & 0 deletions access_identity_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ type AccessIdentityProviderScimConfiguration struct {
UserDeprovision bool `json:"user_deprovision,omitempty"`
SeatDeprovision bool `json:"seat_deprovision,omitempty"`
GroupMemberDeprovision bool `json:"group_member_deprovision,omitempty"`
IdentityUpdateBehavior string `json:"identity_update_behavior,omitempty"`
}

// AccessIdentityProvidersListResponse is the API response for multiple
Expand Down
167 changes: 167 additions & 0 deletions access_identity_provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,91 @@ func TestCreateAccessIdentityProvider(t *testing.T) {
assert.Equal(t, want, actual)
}
}

func TestCreateAccessIdentityProviderScimConfig(t *testing.T) {
setup()
defer teardown()

handler := func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
w.Header().Set("content-type", "application/json")
fmt.Fprintf(w, `{
"success": true,
"errors": [],
"messages": [],
"result": {
"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"name": "Widget Corps SCIM",
"type": "github",
"config": {
"client_id": "example_id",
"client_secret": "a-secret-key",
"conditional_access_enabled": true
},
"scim_config": {
"enabled": true,
"user_deprovision": true,
"seat_deprovision": true,
"identity_update_behavior": "automatic",
"secret": "123123123"
}
}
}
`)
}

newIdentityProvider := CreateAccessIdentityProviderParams{
Name: "Widget Corps SCIM",
Type: "github",
Config: AccessIdentityProviderConfiguration{
ClientID: "example_id",
ClientSecret: "a-secret-key",
ConditionalAccessEnabled: true,
},
ScimConfig: AccessIdentityProviderScimConfiguration{
Enabled: true,
UserDeprovision: true,
SeatDeprovision: true,
IdentityUpdateBehavior: "automatic",
},
}

want := AccessIdentityProvider{
ID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
Name: "Widget Corps SCIM",
Type: "github",
Config: AccessIdentityProviderConfiguration{
ClientID: "example_id",
ClientSecret: "a-secret-key",
ConditionalAccessEnabled: true,
},
ScimConfig: AccessIdentityProviderScimConfiguration{
Enabled: true,
UserDeprovision: true,
SeatDeprovision: true,
GroupMemberDeprovision: false,
IdentityUpdateBehavior: "automatic",
Secret: "123123123",
},
}

mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers", handler)

actual, err := client.CreateAccessIdentityProvider(context.Background(), testAccountRC, newIdentityProvider)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}

mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers", handler)

actual, err = client.CreateAccessIdentityProvider(context.Background(), testZoneRC, newIdentityProvider)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}
}

func TestUpdateAccessIdentityProvider(t *testing.T) {
setup()
defer teardown()
Expand Down Expand Up @@ -246,6 +331,88 @@ func TestUpdateAccessIdentityProvider(t *testing.T) {
}
}

func TestUpdateAccessIdentityProviderScimConfig(t *testing.T) {
setup()
defer teardown()

handler := func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
w.Header().Set("content-type", "application/json")
fmt.Fprintf(w, `{
"success": true,
"errors": [],
"messages": [],
"result": {
"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"name": "Widget Corps Scim",
"type": "github",
"config": {
"client_id": "example_id",
"client_secret": "a-secret-key"
},
"scim_config": {
"enabled": true,
"user_deprovision": false,
"seat_deprovision": false,
"group_member_deprovision": true,
"identity_update_behavior": "reauth"
}
}
}
`)
}

updatedIdentityProvider := UpdateAccessIdentityProviderParams{
ID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
Name: "Widget Corps Scim",
Type: "github",
Config: AccessIdentityProviderConfiguration{
ClientID: "example_id",
ClientSecret: "a-secret-key",
},
ScimConfig: AccessIdentityProviderScimConfiguration{
Enabled: true,
UserDeprovision: false,
SeatDeprovision: false,
GroupMemberDeprovision: true,
IdentityUpdateBehavior: "reauth",
},
}

want := AccessIdentityProvider{
ID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
Name: "Widget Corps Scim",
Type: "github",
Config: AccessIdentityProviderConfiguration{
ClientID: "example_id",
ClientSecret: "a-secret-key",
},
ScimConfig: AccessIdentityProviderScimConfiguration{
Enabled: true,
UserDeprovision: false,
SeatDeprovision: false,
GroupMemberDeprovision: true,
IdentityUpdateBehavior: "reauth",
},
}

mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)

actual, err := client.UpdateAccessIdentityProvider(context.Background(), testAccountRC, updatedIdentityProvider)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}

mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)

actual, err = client.UpdateAccessIdentityProvider(context.Background(), testZoneRC, updatedIdentityProvider)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}
}

func TestDeleteAccessIdentityProvider(t *testing.T) {
setup()
defer teardown()
Expand Down

0 comments on commit 59de991

Please sign in to comment.