public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SCIM: Update UIDs for provisioned users (#113423)

Browse Source 
* Update UIDs for provisioned users

* change the prefix from scim_ to scim-

* Update tests
This commit is contained in:
linoman
2025-11-05 17:52:23 +01:00
committed by GitHub
parent 1830e2ce9d
commit daa28773d6
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/services/authn/authnimpl/sync/user_sync_test.go
+3 -3
View File
@@ -149,7 +149,7 @@ func TestUserSync_SyncUserHook(t *testing.T) {
scimUserNotAdminInitial := &user.User{
ID: 100,
UID: "scim_uid_100",
UID: "scim-uid-100",
Login: "scim.user.notadmin",
Email: "scim.notadmin@example.com",
Name: "SCIM NotAdmin",
@@ -160,7 +160,7 @@ func TestUserSync_SyncUserHook(t *testing.T) {
scimUserIsAdminInitial := &user.User{
ID: 101,
UID: "scim_uid_101",
UID: "scim-uid-101",
Login: "scim.user.isadmin",
Email: "scim.isadmin@example.com",
Name: "SCIM IsAdmin",
@@ -171,7 +171,7 @@ func TestUserSync_SyncUserHook(t *testing.T) {
nonScimUserInitial := &user.User{
ID: 102,
UID: "nonscim_uid_102",
UID: "nonscim-uid-102",
Login: "nonscim.user",
Email: "nonscim@example.com",
Name: "NonSCIM User",
pkg/services/sqlstore/migrations/user_mig.go
+6
View File
@@ -181,6 +181,12 @@ func addUserMigrations(mg *Migrator) {
mg.AddMigration("Add index on user.is_service_account and user.last_seen_at", NewAddIndexMigration(userV2, &Index{
Cols: []string{"is_service_account", "last_seen_at"}, Type: IndexType,
}))
// Prefix SCIM UID for provisioned users to avoid numeric/existing-id collisions
mg.AddMigration("Prefix SCIM uid for provisioned users", NewRawSQLMigration("").
SQLite("UPDATE user SET uid = 'scim-' || uid WHERE is_provisioned = 1 AND uid NOT LIKE 'scim-%';").
Postgres("UPDATE `user` SET uid = 'scim-' || uid WHERE is_provisioned = TRUE AND uid NOT LIKE 'scim-%';").
Mysql("UPDATE user SET uid = CONCAT('scim-', uid) WHERE is_provisioned = 1 AND uid NOT LIKE 'scim-%';"))
}
const migSQLITEisServiceAccountNullable = `ALTER TABLE user ADD COLUMN tmp_service_account BOOLEAN DEFAULT 0;