scim-server 0.5.3

A comprehensive SCIM 2.0 server library for Rust with multi-tenant support and type-safe operations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402

//! SCIM PATCH Operation Integration Tests
//!
//! This module provides comprehensive testing of SCIM PATCH operations according to RFC 7644 Section 3.5.2.
//! The tests are designed to be economical and maintainable through parameterization and shared utilities.

pub mod assertions;
pub mod capabilities;
pub mod property_tests;
pub mod scenarios;
pub mod test_data;
pub mod test_helpers;

use serde::{Deserialize, Serialize};
use serde_json::Value;
use std::collections::HashMap;

/// Core PATCH operation types for testing
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub enum PatchOperation {
    Add,
    Remove,
    Replace,
}

/// Path expression types for comprehensive testing
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum PathType {
    /// Simple attribute path (e.g., "displayName")
    Simple,
    /// Complex attribute path (e.g., "name.givenName")
    Complex,
    /// Multi-valued attribute path (e.g., "emails")
    MultiValued,
    /// Filtered multi-valued path (e.g., "emails[type eq \"work\"]")
    Filtered,
    /// Invalid path for error testing
    Invalid,
    /// Invalid syntax for error testing (malformed filter expressions)
    InvalidSyntax,
    /// Read-only attribute path
    ReadOnly,
    /// Immutable attribute path
    Immutable,
}

/// Expected test result types
#[derive(Debug, Clone, PartialEq)]
pub enum ExpectedResult {
    /// Operation should succeed
    Success,
    /// Operation should fail with specific SCIM error
    ScimError {
        error_type: ScimErrorType,
        status_code: u16,
    },
    /// Operation should fail with validation error
    ValidationError(ValidationErrorType),
    /// Operation should be rejected due to capabilities
    NotImplemented,
}

/// SCIM error types for testing
#[derive(Debug, Clone, PartialEq)]
pub enum ScimErrorType {
    InvalidPath,
    InvalidValue,
    NotFound,
    Conflict,
    PreconditionFailed,
    Mutability,
    Uniqueness,
    TooMany,
    InvalidFilter,
    InvalidSyntax,
}

/// Validation error types
#[derive(Debug, Clone, PartialEq)]
pub enum ValidationErrorType {
    RequiredAttribute,
    TypeMismatch,
    SchemaViolation,
    UniquenessViolation,
}

/// Test case for parameterized PATCH operations
#[derive(Debug, Clone)]
pub struct PatchTestCase {
    /// Descriptive name for the test case
    pub name: String,
    /// The PATCH operation to perform
    pub operation: PatchOperation,
    /// The path to operate on
    pub path: String,
    /// The value for add/replace operations
    pub value: Option<Value>,
    /// Expected result of the operation
    pub expected_result: ExpectedResult,
    /// Resource type to test against
    pub resource_type: String,
    /// Optional setup requirements
    pub setup: TestSetup,
}

/// Test setup configuration
#[derive(Debug, Clone)]
pub struct TestSetup {
    /// Whether to create an existing resource
    pub create_existing_resource: bool,
    /// Initial resource data
    pub initial_resource: Option<Value>,
    /// ETag to use for conditional operations
    pub etag: Option<String>,
    /// Tenant configuration
    pub tenant_config: TenantConfig,
    /// Provider capabilities
    pub capabilities: TestCapabilities,
}

/// Tenant configuration for multi-tenant testing
#[derive(Debug, Clone)]
pub struct TenantConfig {
    pub tenant_id: String,
    pub isolated: bool,
}

/// Test capabilities configuration
#[derive(Debug, Clone)]
pub struct TestCapabilities {
    pub patch_supported: bool,
    pub etag_supported: bool,
    pub custom_capabilities: HashMap<String, bool>,
}

/// Multi-tenant test scenario
#[derive(Debug, Clone)]
pub struct MultiTenantTestCase {
    pub name: String,
    pub tenant_a_capabilities: TestCapabilities,
    pub tenant_b_capabilities: TestCapabilities,
    pub operation: TenantOperation,
    pub expected_isolation: bool,
}

/// Operations for multi-tenant testing
#[derive(Debug, Clone)]
pub enum TenantOperation {
    PatchInTenantA {
        resource_id: String,
        patch_request: Value,
    },
    PatchInTenantB {
        resource_id: String,
        patch_request: Value,
    },
    CrossTenantAccess {
        source_tenant: String,
        target_tenant: String,
        resource_id: String,
    },
}

/// Capability test scenario
#[derive(Debug, Clone)]
pub struct CapabilityTestScenario {
    pub name: String,
    pub patch_supported: bool,
    pub expected_behavior: ExpectedBehavior,
    pub test_operation: TestOperation,
}

/// Expected behavior for capability testing
#[derive(Debug, Clone, PartialEq)]
pub enum ExpectedBehavior {
    ProcessRequest,
    Return501NotImplemented,
    ReturnCapabilityInServiceConfig(bool),
    ProviderSpecificBehavior,
}

/// Test operation configuration
#[derive(Debug, Clone)]
pub struct TestOperation {
    pub resource_type: String,
    pub resource_id: String,
    pub patch_operations: Vec<PatchOperationSpec>,
}

/// Specification for a PATCH operation in tests
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PatchOperationSpec {
    pub op: String,
    pub path: String,
    pub value: Option<Value>,
}

/// Error test case configuration
#[derive(Debug, Clone)]
pub struct ErrorTestCase {
    pub name: String,
    pub setup: fn() -> TestSetup,
    pub patch_request: Value,
    pub expected_error: ScimErrorType,
    pub expected_status: u16,
}

/// Property test configuration
#[derive(Debug, Clone)]
pub struct PropertyTestConfig {
    pub max_operations: usize,
    pub resource_types: Vec<String>,
    pub include_etag_tests: bool,
    pub include_multi_tenant: bool,
}

impl Default for TestSetup {
    fn default() -> Self {
        Self {
            create_existing_resource: true,
            initial_resource: None,
            etag: None,
            tenant_config: TenantConfig {
                tenant_id: "default".to_string(),
                isolated: false,
            },
            capabilities: TestCapabilities {
                patch_supported: true,
                etag_supported: true,
                custom_capabilities: HashMap::new(),
            },
        }
    }
}

impl Default for TestCapabilities {
    fn default() -> Self {
        Self {
            patch_supported: true,
            etag_supported: true,
            custom_capabilities: HashMap::new(),
        }
    }
}

impl PatchTestCase {
    /// Create a new test case with default setup
    pub fn new(
        name: impl Into<String>,
        operation: PatchOperation,
        path: impl Into<String>,
        value: Option<Value>,
        expected_result: ExpectedResult,
    ) -> Self {
        Self {
            name: name.into(),
            operation,
            path: path.into(),
            value,
            expected_result,
            resource_type: "User".to_string(),
            setup: TestSetup::default(),
        }
    }

    /// Set the resource type for this test case
    pub fn with_resource_type(mut self, resource_type: impl Into<String>) -> Self {
        self.resource_type = resource_type.into();
        self
    }

    /// Set custom setup for this test case
    pub fn with_setup(mut self, setup: TestSetup) -> Self {
        self.setup = setup;
        self
    }
}

impl PatchOperationSpec {
    /// Create a new add operation
    pub fn add(path: impl Into<String>, value: Value) -> Self {
        Self {
            op: "add".to_string(),
            path: path.into(),
            value: Some(value),
        }
    }

    /// Create a new remove operation
    pub fn remove(path: impl Into<String>) -> Self {
        Self {
            op: "remove".to_string(),
            path: path.into(),
            value: None,
        }
    }

    /// Create a new replace operation
    pub fn replace(path: impl Into<String>, value: Value) -> Self {
        Self {
            op: "replace".to_string(),
            path: path.into(),
            value: Some(value),
        }
    }
}

/// ETag test case for concurrency control testing
#[derive(Debug, Clone)]
pub struct ETagTestCase {
    pub name: String,
    pub request_etag: Option<String>,
    pub expected_result: ETagResult,
}

/// Expected result for ETag operations
#[derive(Debug, Clone, PartialEq)]
pub enum ETagResult {
    Success,
    PreconditionFailed,
}

/// Atomic test case for multi-operation testing
#[derive(Debug, Clone)]
pub struct AtomicTestCase {
    pub name: String,
    pub operations: Vec<PatchOperationSpec>,
    pub expected_behavior: AtomicBehavior,
}

/// Expected behavior for atomic operations
#[derive(Debug, Clone, PartialEq)]
pub enum AtomicBehavior {
    AllSucceed,
    AllFail,
    ResolveConflicts,
}

/// Test result wrapper for assertions
#[derive(Debug)]
pub struct PatchTestResult {
    pub success: bool,
    pub resource: Option<Value>,
    pub error: Option<String>,
    pub status_code: Option<u16>,
    pub etag: Option<String>,
}

impl PatchTestResult {
    pub fn is_ok(&self) -> bool {
        self.success
    }

    pub fn is_err(&self) -> bool {
        !self.success
    }

    pub fn error_type(&self) -> Option<ScimErrorType> {
        // Parse error message to determine SCIM error type
        if let Some(error_msg) = &self.error {
            if error_msg.contains("readonly attribute")
                || error_msg.contains("Cannot modify readonly")
            {
                return Some(ScimErrorType::Mutability);
            }
            if error_msg.contains("not found") || error_msg.contains("NotFound") {
                return Some(ScimErrorType::NotFound);
            }
            if error_msg.contains("ETag mismatch") || error_msg.contains("Precondition failed") {
                return Some(ScimErrorType::PreconditionFailed);
            }
            if error_msg.contains("syntax")
                || error_msg.contains("Syntax")
                || error_msg.contains("JSON")
                || error_msg.contains("PATCH request must contain Operations array")
            {
                // Check if this is a malformed filter syntax error which should be InvalidPath
                if error_msg.contains("malformed filter syntax") {
                    return Some(ScimErrorType::InvalidPath);
                }
                return Some(ScimErrorType::InvalidSyntax);
            }
            if error_msg.contains("invalid") || error_msg.contains("Invalid") {
                if error_msg.contains("path") {
                    return Some(ScimErrorType::InvalidPath);
                }
                return Some(ScimErrorType::InvalidValue);
            }
            if error_msg.contains("duplicate") || error_msg.contains("uniqueness") {
                return Some(ScimErrorType::Uniqueness);
            }
        }
        None
    }

    pub fn get_attribute_value(&self, path: &str) -> Option<&Value> {
        // This would implement path-based value extraction
        self.resource.as_ref().and_then(|r| {
            // Simplified - real implementation would handle complex paths
            r.get(path)
        })
    }
}