scim-server 0.5.3

A comprehensive SCIM 2.0 server library for Rust with multi-tenant support and type-safe operations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315

//! Provider-Specific Integration Tests
//!
//! This module contains comprehensive integration tests for specific provider implementations
//! of the multi-tenant SCIM system. Each provider type gets its own test suite to verify
//! provider-specific behavior while ensuring compliance with the MultiTenantResourceProvider trait.
//!
//! ## Test Organization
//!
//! ### Stage 3a: In-Memory Provider (`in_memory.rs`)
//! - Production-ready in-memory provider with tenant isolation
//! - Thread-safe concurrent operations
//! - Memory usage and performance testing
//! - Configurable capacity limits and persistence
//!
//! ### Stage 3b: Database Provider (`database.rs`)
//! - SQL database provider with different isolation strategies
//! - Schema-per-tenant, table-per-tenant, and row-level security
//! - Transaction support and connection pooling
//! - Migration and schema management
//!
//! ### Stage 3c: Cloud Platform Providers
//! - AWS Cognito provider (`aws_cognito.rs`)
//! - Azure AD provider (`azure_ad.rs`)
//! - Google Workspace provider (`google_workspace.rs`)
//!
//! ## Testing Strategy
//!
//! Each provider implementation must:
//! 1. Implement the MultiTenantResourceProvider trait correctly
//! 2. Ensure complete tenant data isolation
//! 3. Handle provider-specific error scenarios
//! 4. Support concurrent multi-tenant operations
//! 5. Provide appropriate performance characteristics
//!
//! ## Common Test Patterns
//!
//! All provider tests follow these patterns:
//! - Tenant isolation verification
//! - Performance under concurrent load
//! - Error handling and recovery
//! - Provider-specific feature testing
//! - Configuration and lifecycle management

pub mod common;
// pub mod in_memory;     // Removed - use StandardResourceProvider<InMemoryStorage> instead
// pub mod database;      // Stage 3b - To be implemented
// pub mod aws_cognito;   // Stage 3c - To be implemented

// Re-export commonly used test utilities
pub use super::super::common::providers::*;
// pub use crate::unit::multi_tenant::provider_trait::{ProviderTestHarness, TestMultiTenantProvider}; // Disabled - removed with deleted modules
pub use scim_server::ResourceProvider;

#[cfg(test)]
mod provider_suite_meta {
    /// Meta-test to verify provider test suite setup
    #[test]
    fn provider_test_suite_setup() {
        println!("\n🏭 Provider-Specific Integration Test Suite");
        println!("==========================================");
        println!("This suite tests specific provider implementations");
        println!("with comprehensive multi-tenant functionality.\n");

        println!("📋 Provider Test Stages:");
        println!("  Stage 3a: In-Memory Provider 🚧");
        println!("  Stage 3b: Database Provider 🚧 (Planned)");
        println!("  Stage 3c: Cloud Providers 🚧 (Planned)\n");

        println!("🔧 Provider Requirements:");
        println!("  • Implement MultiTenantResourceProvider trait");
        println!("  • Ensure complete tenant data isolation");
        println!("  • Handle provider-specific configurations");
        println!("  • Support concurrent multi-tenant operations");
        println!("  • Provide appropriate error handling\n");

        println!("🎯 Test Categories per Provider:");
        println!("  • Basic functionality and CRUD operations");
        println!("  • Tenant isolation and security");
        println!("  • Performance and scalability");
        println!("  • Configuration and lifecycle management");
        println!("  • Provider-specific features and edge cases");
    }

    /// Document the provider testing framework
    #[test]
    fn provider_testing_framework() {
        println!("\n🧪 Provider Testing Framework");
        println!("============================");

        println!("📚 Common Test Utilities:");
        println!("  • ProviderTestHarness - Standard provider testing utilities");
        println!("  • Multi-tenant test data builders and fixtures");
        println!("  • Performance measurement and benchmarking tools");
        println!("  • Isolation verification and security test helpers\n");

        println!("🔒 Security Test Requirements:");
        println!("  • Cross-tenant data access prevention");
        println!("  • Tenant context validation");
        println!("  • Resource scoping verification");
        println!("  • Authentication and authorization integration\n");

        println!("⚡ Performance Test Requirements:");
        println!("  • Concurrent multi-tenant operations");
        println!("  • Resource usage under load");
        println!("  • Provider-specific optimization verification");
        println!("  • Scalability with increasing tenant count");
    }
}

/// Common test patterns and utilities for all provider implementations
pub mod test_patterns {
    use super::*;
    use crate::common::{create_multi_tenant_context, create_test_user};
    use serde_json::json;

    /// Standard test pattern for verifying basic provider functionality
    pub async fn test_basic_provider_functionality<P: ResourceProvider>(
        provider: &P,
    ) -> Result<(), Box<dyn std::error::Error>>
    where
        P::Error: std::fmt::Debug,
    {
        let context = create_multi_tenant_context("test_tenant");

        // Test create
        let user_data = create_test_user("test_user");
        let created = provider
            .create_resource("User", user_data, &context)
            .await
            .map_err(|e| format!("Create failed: {:?}", e))?;

        let resource_id = created.resource().get_id().ok_or("No resource ID")?;

        // Test get
        let retrieved = provider
            .get_resource("User", resource_id, &context)
            .await
            .map_err(|e| format!("Get failed: {:?}", e))?;

        assert!(retrieved.is_some(), "Resource should be retrievable");

        // Test update
        let update_data = json!({
            "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
            "userName": "updated_user",
            "active": false
        });

        let updated = provider
            .update_resource("User", resource_id, update_data, None, &context)
            .await
            .map_err(|e| format!("Update failed: {:?}", e))?;

        assert_eq!(updated.resource().get_username().unwrap(), "updated_user");

        // Test delete
        provider
            .delete_resource("User", resource_id, None, &context)
            .await
            .map_err(|e| format!("Delete failed: {:?}", e))?;

        // Verify deletion
        let deleted = provider
            .get_resource("User", resource_id, &context)
            .await
            .map_err(|e| format!("Get after delete failed: {:?}", e))?;

        assert!(deleted.is_none(), "Resource should be deleted");

        Ok(())
    }

    /// Test pattern for verifying tenant isolation
    pub async fn test_tenant_isolation<P: ResourceProvider>(
        provider: &P,
    ) -> Result<(), Box<dyn std::error::Error>>
    where
        P::Error: std::fmt::Debug,
    {
        let context_a = create_multi_tenant_context("tenant_a");
        let context_b = create_multi_tenant_context("tenant_b");

        // Create resources in both tenants
        let user_a = provider
            .create_resource("User", create_test_user("user_a"), &context_a)
            .await
            .map_err(|e| format!("Create in tenant A failed: {:?}", e))?;

        let user_b = provider
            .create_resource("User", create_test_user("user_b"), &context_b)
            .await
            .map_err(|e| format!("Create in tenant B failed: {:?}", e))?;

        let id_a = user_a.resource().get_id().ok_or("No ID for user A")?;
        let id_b = user_b.resource().get_id().ok_or("No ID for user B")?;

        // Verify tenant A can only access its own resources
        let get_a_own = provider
            .get_resource("User", id_a, &context_a)
            .await
            .map_err(|e| format!("Get A's own resource failed: {:?}", e))?;
        assert!(
            get_a_own.is_some(),
            "Tenant A should access its own resource"
        );

        let get_a_cross = provider
            .get_resource("User", id_b, &context_a)
            .await
            .map_err(|e| format!("Get B's resource from A failed: {:?}", e))?;
        assert!(
            get_a_cross.is_none(),
            "Tenant A should not access tenant B's resource"
        );

        // Verify tenant B can only access its own resources
        let get_b_own = provider
            .get_resource("User", id_b, &context_b)
            .await
            .map_err(|e| format!("Get B's own resource failed: {:?}", e))?;
        assert!(
            get_b_own.is_some(),
            "Tenant B should access its own resource"
        );

        let get_b_cross = provider
            .get_resource("User", id_a, &context_b)
            .await
            .map_err(|e| format!("Get A's resource from B failed: {:?}", e))?;
        assert!(
            get_b_cross.is_none(),
            "Tenant B should not access tenant A's resource"
        );

        // Verify list operations are isolated
        let list_a = provider
            .list_resources("User", None, &context_a)
            .await
            .map_err(|e| format!("List for tenant A failed: {:?}", e))?;
        assert_eq!(list_a.len(), 1, "Tenant A should see only its resource");

        let list_b = provider
            .list_resources("User", None, &context_b)
            .await
            .map_err(|e| format!("List for tenant B failed: {:?}", e))?;
        assert_eq!(list_b.len(), 1, "Tenant B should see only its resource");

        Ok(())
    }

    /// Standard test pattern for performance under concurrent load
    /// Note: Simplified version to avoid Send issues with contexts
    pub async fn test_concurrent_performance<P: ResourceProvider + 'static>(
        provider: std::sync::Arc<P>,
        tenant_count: usize,
        operations_per_tenant: usize,
    ) -> Result<(), Box<dyn std::error::Error>>
    where
        P::Error: std::fmt::Debug,
    {
        let start_time = std::time::Instant::now();
        let mut total_operations = 0;

        // Sequential execution to avoid Send issues for now
        for tenant_idx in 0..tenant_count {
            let tenant_id = format!("perf_tenant_{}", tenant_idx);
            let context = create_multi_tenant_context(&tenant_id);
            let mut created_ids = Vec::new();

            // Create resources
            for op_idx in 0..operations_per_tenant {
                let username = format!("user_{}_{}", tenant_idx, op_idx);
                let user_data = create_test_user(&username);

                let result = provider.create_resource("User", user_data, &context).await;

                match result {
                    Ok(resource) => {
                        if let Some(id) = resource.resource().get_id() {
                            created_ids.push(id.to_string());
                        }
                    }
                    Err(e) => return Err(format!("Create failed: {:?}", e).into()),
                }
            }

            // Read resources
            for id in &created_ids {
                let result = provider.get_resource("User", id, &context).await;

                match result {
                    Ok(Some(_)) => {} // Success
                    Ok(None) => return Err("Resource not found".into()),
                    Err(e) => return Err(format!("Get failed: {:?}", e).into()),
                }
            }

            total_operations += created_ids.len();
        }

        let duration = start_time.elapsed();
        let ops_per_second = total_operations as f64 / duration.as_secs_f64();

        println!("Performance test completed:");
        println!("  Tenants: {}", tenant_count);
        println!("  Operations per tenant: {}", operations_per_tenant);
        println!("  Total operations: {}", total_operations);
        println!("  Duration: {:?}", duration);
        println!("  Operations per second: {:.2}", ops_per_second);

        Ok(())
    }

    // Helper functions are imported from common module
}