Skip to content

Add SCIM as a provider to the Users API search

Jio Castillo requested to merge add-scim-provider-users-api-search into master

What does this MR do and why?

Adds SCIM as a provider to the Users API, allowing admins to search for SCIM identities within the instance.

How to set up and validate locally

  1. Add SCIM identity to a user
    • ScimIdentity.new(extern_uid:"{ScimIdentity}", user_id: {ID}).save
  2. Make a GET request to the endpoint
    • https://gitlab.example.com/api/v4/users?extern_uid={ScimIdentity}&provider=scim
  3. Observe the user details as a response

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Query plans

SELECT 
  "users".* 
FROM 
  "users" 
  INNER JOIN "scim_identities" ON "scim_identities"."user_id" = "users"."id" 
WHERE 
  (LOWER("scim_identities"."extern_uid") = LOWER('00ux21b4ukJP0UHMF0h7'))

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/20099/commands/65579

 Nested Loop  (cost=0.98..7.02 rows=1 width=1466) (actual time=21.720..21.726 rows=1 loops=1)
   Buffers: shared hit=5 read=7
   I/O Timings: read=21.508 write=0.000
   ->  Index Scan using index_scim_identities_on_lower_extern_uid_and_group_id on public.scim_identities  (cost=0.42..3.44 rows=1 width=8) (actual time=9.684..9.688 rows=1 loops=1)
         Index Cond: (lower((scim_identities.extern_uid)::text) = '00ux21b4ukjp0uhmf0h7'::text)
         Buffers: shared read=4
         I/O Timings: read=9.616 write=0.000
   ->  Index Scan using users_pkey on public.users  (cost=0.56..3.58 rows=1 width=1466) (actual time=12.024..12.024 rows=1 loops=1)
         Index Cond: (users.id = scim_identities.user_id)
         Buffers: shared hit=5 read=3
         I/O Timings: read=11.892 write=0.000
Edited by Jio Castillo

Merge request reports

Loading