telefonicaid / fiware-keystone-scim Goto Github PK

keystone.identity.controllers.UsersV3 do not implements _get_domain_id_for_request

https://github.com/telefonicaid/fiware-keystone-scim/blob/develop/keystone_scim/contrib/scim/controllers.py#L79

users are paginated in a wrong way.

If I create 18 users like:
user1... user18 and then I try to list then I see:

keystone scim API: "GET /v3/OS-SCIM/Users?domain_id=2d11ea01a00c423b919cb336adb99c76&startIndex=0&count=15"

Keystone scim API: GET /v3/OS-SCIM/Users?domain_id=2d11ea01a00c423b919cb336adb99c76&startIndex=15&count=15

So its seems a keystone-scim bug/issue https://github.com/telefonicaid/fiware-keystone-scim

Add user detail: List groups to which a user belongs
https://docs.openstack.org/api-ref/identity/v3/#list-groups-to-which-a-user-belongs

Add group detail: List users in group:
https://docs.openstack.org/api-ref/identity/v3/#list-users-in-group

Works OK:

curl -s -X GET -H "x-auth-token: $SMARTVALENCIA_ADMIN_TOKEN" \
  "http://${KEYSTONE_HOST}/v3/OS-SCIM/Users?domain_id=${ID_DOM1}&startIndex=1&count=1"

Do not works (do not returns just 1)

curl -s -X GET -H "x-auth-token: $CLOUD_ADMIN_TOKEN" \
  "http://${KEYSTONE_HOST}/v3/OS-SCIM/Users?startIndex=1&count=1"

introduced by #50

a bug for keystone Newton and upper versions, since some tables like service does not have name as a column, an then query is not able to work

According with SCIM spec: http://www.simplecloud.info/specs/draft-scim-api-01.html section 3.2.2.3 pagination results should provide totalResults, ItemsPerPage, startindex

itemsPerPage    Non-negative Integer. Specifies the number of search results returned in a query response page; e.g., 10.
totalResults    Non-negative Integer. Specifies the total number of results matching the Consumer query; e.g., 1000.
startIndex  The 1-based index of the first result in the current set of search results; e.g., 1. 

To be compatible with Keystone mitaka version RPM must have into account that https://github.com/telefonicaid/fiware-keystone-scim/blob/master/keystone-scim.spec#L23 file is in /etc/keystone/keystone-paste.ini instead of /usr/share/keystone/keystone-paste-dist.ini

Since these commit (1.7.0) order for user, group and roles is local to current page:
de1bc9b
c241703

The reason of that change was the upgrade of sqlamchemy by keystone upper than stein in the syntax for order_by
https://docs.sqlalchemy.org/en/13/changelog/migration_13.html

Minor but a bit ugly bug

In recent versions of Keystone (e.g.: the one shipped with Debian testing), log is imported by oslo_log and not keystone.openstack.

Attached is a patch that solve the issue for me:
https://gist.github.com/giuliopaci/cdb18e75b260a4ac2d99

When I issue this command, requesting a resource id with spaces in it, curl http://localhost:35357/v3/OS-SCIM/Users/"name with spaces" -H "X-Auth-Token: valid_token" -H "Content-Type: application/json" -H "Accept: application/json", I get the following HTML content describing the error, instead of the typical Json format:

<head>
<title>Error response</title>
</head>
<body>
<h1>Error response</h1>
<p>Error code 400.
<p>Message: Bad request syntax ('GET /v3/OS-SCIM/Users/name with spaces HTTP/1.1').
<p>Error code explanation: 400 = Bad request syntax or unsupported method.
</body>

DELETE /v3/OS-SCIM/Roles/<role_id> return 403