Skip to content

providers/scim: fix PATCH for AWS#18230

Merged
BeryJu merged 2 commits intogoauthentik:mainfrom
bitpavel-l25:develop
Nov 25, 2025
Merged

providers/scim: fix PATCH for AWS#18230
BeryJu merged 2 commits intogoauthentik:mainfrom
bitpavel-l25:develop

Conversation

@bitpavel-l25
Copy link
Contributor

@bitpavel-l25 bitpavel-l25 commented Nov 18, 2025

Details

Resolves #12321
According to the AWS SCIM reference, PatchGroup operation must contain path field with supported attributes: displayName, members, and externalId.

The current PR enforces this behaviour based on SCIMCompatibilityMode.

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make docs)

@bitpavel-l25 bitpavel-l25 requested a review from a team as a code owner November 18, 2025 11:28
@netlify
Copy link

netlify bot commented Nov 18, 2025
edited
Loading

Deploy Preview for authentik-integrations canceled.

Name Link
🔨 Latest commit f944ddb
🔍 Latest deploy log https://app.netlify.com/projects/authentik-integrations/deploys/691f31b87186b30008d25709

@netlify
Copy link

netlify bot commented Nov 18, 2025
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit f944ddb
🔍 Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/691f31b83776720008254492

@netlify
Copy link

netlify bot commented Nov 18, 2025
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit f944ddb
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/691f31b852f9d90008ff80a0

@rissson rissson changed the title Fix SCIM for AWS providers/scim: fix PATCH for AWS Nov 18, 2025
@rissson rissson requested a review from BeryJu November 18, 2025 12:57
@rissson rissson moved this from Todo to In review in authentik Core Nov 18, 2025
@rissson rissson moved this from In review to Needs review in authentik Core Nov 18, 2025
@rissson rissson added this to the Release 2025.12 milestone Nov 18, 2025
BeryJu
BeryJu reviewed Nov 18, 2025
View reviewed changes
@rissson rissson requested a review from BeryJu November 25, 2025 16:37
BeryJu
BeryJu reviewed Nov 25, 2025
View reviewed changes
authentik/providers/scim/clients/groups.py
Comment on lines +133 to +137
match connection.provider.compatibility_mode:
case SCIMCompatibilityMode.AWS:
self._update_patch_aws(group, scim_group, connection)
case _:
self._update_patch_general(group, scim_group, connection)
Copy link
Member

@BeryJu BeryJu Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small nit, I think an if/else would be more readable for this but good either way

@github-project-automation github-project-automation bot moved this from Needs review to In Progress in authentik Core Nov 25, 2025
@codecov
Copy link

codecov bot commented Nov 25, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 70.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 92.90%. Comparing base (acbecff) to head (f944ddb).
⚠️ Report is 134 commits behind head on main.

Files with missing lines Patch % Lines
authentik/providers/scim/clients/groups.py 70.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #18230      +/-   ##
==========================================
+ Coverage   92.73%   92.90%   +0.17%     
==========================================
  Files         869      869              
  Lines       48039    48152     +113     
==========================================
+ Hits        44550    44738     +188     
+ Misses       3489     3414      -75
Flag Coverage Δ
e2e 45.14% <0.00%> (+1.02%) ⬆️
integration 23.11% <0.00%> (-0.08%) ⬇️
unit 91.07% <70.00%> (-0.01%) ⬇️
unit-migrate 91.12% <70.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@BeryJu BeryJu merged commit 2145d92 into goauthentik:main Nov 25, 2025
133 of 136 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in authentik Core Nov 25, 2025
kensternberg-authentik added a commit that referenced this pull request Dec 11, 2025
@kensternberg-authentik
Merge branch 'main' into dev
ac31137 
* main: (58 commits)
  core: bump goauthentik.io/api/v3 from 3.2025120.5 to 3.2025120.7 (#18381)
  web/admin: add entitlement search (#18291)
  core: bump goauthentik/fips-debian from `8b7e8d0` to `8c4ec98` (#18361)
  website: bump the build group in /website with 3 updates (#18382)
  core: bump astral-sh/uv from 0.9.11 to 0.9.12 (#18383)
  root: improve testing helpers (#18379)
  website: bump the goauthentik group across 1 directory with 4 updates (#18378)
  website: bump the eslint group in /website with 3 updates (#18356)
  policies: use flow planner directly in PolicyAccessView to directly set flow context (#18372)
  providers/scim: fix PATCH for AWS (#18230)
  enterprise/providers/scim: fix OAuth (#18358)
  web: Fix stale table rows (#17940)
  web: Bump packages. (#18371)
  *: convert slugfields to textfields (#17411)
  outposts: set container healthcheck inline (#18298)
  web:  ESLint Typing Fixes  (#18362)
  core: bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#18275)
  lifecycle/aws: bump aws-cdk from 2.1032.0 to 2.1033.0 in /lifecycle/aws (#18278)
  core: bump github.com/getsentry/sentry-go from 0.38.0 to 0.39.0 (#18353)
  ci: bump actions/setup-python from 6.0.0 to 6.1.0 in /.github/actions/setup (#18360)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BeryJu BeryJu BeryJu approved these changes

@melizeche melizeche Awaiting requested review from melizeche melizeche is a code owner automatically assigned from goauthentik/backend

Assignees

@BeryJu BeryJu

Labels

area:backend

Projects

authentik Core
Status: Done

Milestone

Release 2025.12

Development

Successfully merging this pull request may close these issues.

AWS SCIM Provisioning Failure

3 participants

@bitpavel-l25 @BeryJu @rissson