telefonicaid / fiware-keystone-scim Goto Github PK
View Code? Open in Web Editor NEWOpenStack Keystone SCIM (System for Cross-domain Identity Management) extenstion
License: Apache License 2.0
OpenStack Keystone SCIM (System for Cross-domain Identity Management) extenstion
License: Apache License 2.0
keystone.identity.controllers.UsersV3 do not implements _get_domain_id_for_request
users are paginated in a wrong way.
If I create 18 users like:
user1... user18 and then I try to list then I see:
keystone scim API: "GET /v3/OS-SCIM/Users?domain_id=2d11ea01a00c423b919cb336adb99c76&startIndex=0&count=15"
Keystone scim API: GET /v3/OS-SCIM/Users?domain_id=2d11ea01a00c423b919cb336adb99c76&startIndex=15&count=15
So its seems a keystone-scim bug/issue https://github.com/telefonicaid/fiware-keystone-scim
Add user detail: List groups to which a user belongs
https://docs.openstack.org/api-ref/identity/v3/#list-groups-to-which-a-user-belongs
Add group detail: List users in group:
https://docs.openstack.org/api-ref/identity/v3/#list-users-in-group
Works OK:
curl -s -X GET -H "x-auth-token: $SMARTVALENCIA_ADMIN_TOKEN" \
"http://${KEYSTONE_HOST}/v3/OS-SCIM/Users?domain_id=${ID_DOM1}&startIndex=1&count=1"
Do not works (do not returns just 1)
curl -s -X GET -H "x-auth-token: $CLOUD_ADMIN_TOKEN" \
"http://${KEYSTONE_HOST}/v3/OS-SCIM/Users?startIndex=1&count=1"
introduced by #50
a bug for keystone Newton and upper versions, since some tables like service does not have name as a column, an then query is not able to work
According with SCIM spec: http://www.simplecloud.info/specs/draft-scim-api-01.html section 3.2.2.3 pagination results should provide totalResults, ItemsPerPage, startindex
itemsPerPage Non-negative Integer. Specifies the number of search results returned in a query response page; e.g., 10.
totalResults Non-negative Integer. Specifies the total number of results matching the Consumer query; e.g., 1000.
startIndex The 1-based index of the first result in the current set of search results; e.g., 1.
To be compatible with Keystone mitaka version RPM must have into account that https://github.com/telefonicaid/fiware-keystone-scim/blob/master/keystone-scim.spec#L23 file is in /etc/keystone/keystone-paste.ini instead of /usr/share/keystone/keystone-paste-dist.ini
Since these commit (1.7.0) order for user, group and roles is local to current page:
de1bc9b
c241703
The reason of that change was the upgrade of sqlamchemy by keystone upper than stein in the syntax for order_by
https://docs.sqlalchemy.org/en/13/changelog/migration_13.html
Minor but a bit ugly bug
In recent versions of Keystone (e.g.: the one shipped with Debian testing), log is imported by oslo_log and not keystone.openstack.
Attached is a patch that solve the issue for me:
https://gist.github.com/giuliopaci/cdb18e75b260a4ac2d99
When I issue this command, requesting a resource id with spaces in it, curl http://localhost:35357/v3/OS-SCIM/Users/"name with spaces" -H "X-Auth-Token: valid_token" -H "Content-Type: application/json" -H "Accept: application/json"
, I get the following HTML content describing the error, instead of the typical Json format:
<head>
<title>Error response</title>
</head>
<body>
<h1>Error response</h1>
<p>Error code 400.
<p>Message: Bad request syntax ('GET /v3/OS-SCIM/Users/name with spaces HTTP/1.1').
<p>Error code explanation: 400 = Bad request syntax or unsupported method.
</body>
DELETE /v3/OS-SCIM/Roles/<role_id> return 403
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.