Implement MSC4098: SCIM provisioning #17144
Conversation
azmeuk
force-pushed
the
msc4098-scim
branch
4 times, most recently
from
ea6a6d6
to
dd52360
Compare
|
(I've taken this out of the review queue as its in draft, let us know if you want feedback) |
|
Hi @erikjohnston There is one design question though. I see that there is a dependency to pydantic in synapse, and I recently published scim2-models that is a library that helps to parse and serialize SCIM2 payloads using pydantic. I think the SCIM implementation would greatly benefit from using scim2-models, as a big part of the specification compliance would be delegated to the library. Would it be acceptable to add a dependency towards scim2-models in synapse, or should I continue checking and building SCIM2 payloads manually? |
azmeuk
force-pushed
the
msc4098-scim
branch
4 times, most recently
from
f893967
to
81d751b
Compare
azmeuk
force-pushed
the
msc4098-scim
branch
3 times, most recently
from
dcd72ed
to
6a1e1b2
Compare
|
Hi @erikjohnston |
Implementation of a subset of SCIM endpoint and capabilities as described in MSC4098. Signed-off-by: Éloi Rivard <eloi@yaal.coop>
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This PR changes `from pydantic import BaseModel` to `from synapse._pydantic_compat import BaseModel` (as well as `constr`, `conbytes`, `conint`, `confloat`). It allows `check_pydantic_models.py` to mock those pydantic objects only in the synapse module, and not interfere with pydantic objects in external dependencies. This should solve the CI problems for #17144, which breaks because `check_pydantic_models.py` patches pydantic models from [scim2-models](https://scim2-models.readthedocs.io/). /cc @DMRobertson @gotmax23 fixes #17659 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
Finally, the CI is green! 🎉 |
This is an implementation of MSC4098. It implements a subset of the SCIM provisioning protocol defined in RFC7643 and RFC7644.
It contains:
synapse/rest/admin/users.py.The SCIM requires needs python 3.9+ (because of the use of typing.Anotated in scim2-models) and pydantic 2.7.0+
It seems
./scripts-dev/check_pydantic_models.pybreaks because of some models in scim2-models, but I am not really sure what to do about this.SCIM implementation details
Only a subset of the SCIM endpoints are implemented:
What's implemented:
What is defined in the SCIM specs but not implemented here:
What do you think?
Pull Request Checklist
EventStoretoEventWorkerStore.".code blocks.(run the linters)