From 65b5cfe09f84606693c13a2808571367b72f8931 Mon Sep 17 00:00:00 2001 From: Alejandro Date: Sat, 8 Nov 2025 00:29:18 +0100 Subject: [PATCH 1/3] Initial Enterprise SCIM schema --- github/enterprise_scim.go | 140 +++++++++++++++++++++++++++++++++ github/enterprise_scim_test.go | 14 ++++ 2 files changed, 154 insertions(+) create mode 100644 github/enterprise_scim.go create mode 100644 github/enterprise_scim_test.go diff --git a/github/enterprise_scim.go b/github/enterprise_scim.go new file mode 100644 index 00000000000..faf2b02534e --- /dev/null +++ b/github/enterprise_scim.go @@ -0,0 +1,140 @@ +// Copyright 2025 The go-github AUTHORS. All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package github + +// The URIs that are used to indicate the namespaces of the SCIM schemas (only core schemas are supported). +const SCIMSchemasURINamespacesUsers string = "urn:ietf:params:scim:schemas:core:2.0:User" +const SCIMSchemasURINamespacesGroups string = "urn:ietf:params:scim:schemas:core:2.0:Group" + +// SCIMEnterpriseGroupAttributes represents supported SCIM Enterprise group attributes. +// GitHub API docs:https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#supported-scim-group-attributes +type SCIMEnterpriseGroupAttributes struct { + DisplayName *string `json:"displayName,omitempty"` // Human-readable name for a group. + Members []*SCIMEnterpriseDisplayReference `json:"members,omitempty"` // (Optional.) + ExternalID *string `json:"externalId,omitempty"` // (Optional.) + // Only populated as a result of calling ListSCIMProvisionedIdentitiesOptions: + Schemas []string `json:"schemas"` // (Optional.) + ID *string `json:"id,omitempty"` + Meta *SCIMMeta `json:"meta,omitempty"` +} + +// SCIMEnterpriseDisplayReference represents a JSON SCIM (System for Cross-domain Identity Management) resource. +type SCIMEnterpriseDisplayReference struct { + Value string `json:"value"` // (Required.) + Ref string `json:"$+ref"` // (Required.) + Display *string `json:"displayName,omitempty"` // (Optional.) +} + +// SCIMEnterpriseUserAttributes represents supported SCIM enterprise user attributes. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#supported-scim-user-attributes +type SCIMEnterpriseUserAttributes struct { + DisplayName *string `json:"displayName,omitempty"` // Human-readable name for a user (Optional) + Name SCIMEnterpriseUserName `json:"name"` // (Required.) + UserName string `json:"userName"` // The username for the user (GitHub Account after normalized), generated by the SCIM provider. Must be unique per user. + Emails []*SCIMEnterpriseUserEmail `json:"emails"` // Must be unique per user. + Roles []*SCIMEnterpriseUserRole `json:"roles,omitempty"` // List of the user's roles. + Schemas []string `json:"schemas,omitempty"` // (Optional.) + ExternalID *string `json:"externalId,omitempty"` // This identifier is generated by a SCIM provider. Must be unique per user. + ID *string `json:"id,omitempty"` // Identifier generated by the GitHub's SCIM endpoint. + Active *bool `json:"active,omitempty"` // Indicates whether the identity is active (true) or should be suspended (false). + Groups []string `json:"groups,omitempty"` // (Optional.) + Meta *SCIMEnterpriseMeta `json:"meta,omitempty"` +} + +// SCIMEnterpriseUserName represents SCIM enterprise user's name information. +*type SCIMEnterpriseUserName struct { + GivenName string `json:"givenName"` // The first name of the user. + FamilyName string `json:"familyName"` // The last name of the user. + Formatted *string `json:"formatted,omitempty"` // The user's full name, including all middle names, titles, and suffixes, formatted for display (Optional) +} + +// SCIMEnterpriseUserEmail represents SCIM enterprise user's emails. +*type SCIMEnterpriseUserEmail struct { + Value string `json:"value"` // (Required.) + Primary *bool `json:"primary,omitempty"` // (Optional.) + Type *string `json:"type,omitempty"` // (Optional.) +} + +// ListSCIMProvisionedGroupsForEnterprise lists SCIM provisioned groups for an enterprise. +// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/scim#list-provisioned-scim-groups-for-an-enterprise +// +//meta:operation GET /scim/v2/enterprises/{enterprise} +// ----- Already present in scim.go file ----- + +// ProvisionSCIMEnterpriseGroup creates a SCIM group for an enterprise. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#provision-a-scim-enterprise-group +// +//meta:operation POST scim/v2/enterprises/{enterprise}/Groups +//func (s *SCIMService) ProvisionSCIMEnterpriseGroup(ctx context.Context, enterprise string, opts *SCIMGroupAttributes) (*SCIMGroupAttributes, *Response, error) { +//} + +// GetSCIMProvisioningInformationForEnterpriseGroup gets information about a SCIM group for an enterprise. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#get-scim-provisioning-information-for-an-enterprise-group +// +//meta:operation GET /scim/v2/enterprises/{enterprise}/Groups/{scim_group_id} +//func (s *SCIMService) GetSCIMProvisioningInformationForEnterpriseGroup(ctx context.Context, enterprise string, scimGroupID string) (*SCIMGroupAttributes, *Response, error) { +//} + +// SetSCIMInformationForProvisionedEnterpriseGroup replaces an existing provisioned group’s information for an enterprise. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-group +// +//meta:operation PUT /scim/v2/enterprises/{enterprise}/Groups/{scim_group_id} +//func (s *SCIMService) SetSCIMInformationForProvisionedEnterpriseGroup(ctx context.Context, enterprise string, scimGroupID string, opts *SCIMGroupAttributes) (*SCIMGroupAttributes, *Response, error) { +//} + +// UpdateAttributeForSCIMEnterpriseGroup updates a provisioned group’s individual attributes for an enterprise. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-group +// +//meta:operation PATCH /scim/v2/enterprises/{enterprise}/Groups/{scim_group_id} +//func (s *SCIMService) UpdateAttributeForSCIMEnterpriseGroup(ctx context.Context, enterprise string, scimGroupID string, opts *SCIMGroupAttributes) (*SCIMGroupAttributes, *Response, error) { +//} + +// DeleteSCIMGroupFromEnterprise deletes a SCIM group from an enterprise. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#delete-a-scim-group-from-an-enterprise +// +//meta:operation DELETE /scim/v2/enterprises/{enterprise}/Groups/{scim_group_id} + +// ListSCIMProvisionedIdentitiesForEnterprise lists provisioned SCIM enterprise users. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#list-scim-provisioned-identities-for-an-enterprise +// +//meta:operation GET /scim/v2/enterprises/{enterprise}/Users +//func (s *SCIMService) ListSCIMProvisionedIdentitiesForEnterprise(ctx context.Context, enterprise string, opts *ListOptions) ([]*SCIMEnterpriseUser, *Response, error) { +//} + +// ProvisionSCIMEnterpriseUser creates an external identity for a new SCIM enterprise user. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#provision-a-scim-enterprise-user +// +//meta:operation POST /scim/v2/enterprises/{enterprise}/Users +//func (s *SCIMService) ProvisionSCIMEnterpriseUser(ctx context.Context, enterprise string, opts *SCIMEnterpriseUser) (*SCIMEnterpriseUser, *Response, error) { +//} + +// GetSCIMProvisioningInformationForEnterpriseUser gets information about a SCIM enterprise user. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#get-scim-provisioning-information-for-an-enterprise-user +// +//meta:operation GET /scim/v2/enterprises/{enterprise}/Users/{scim_user_id} +//func (s *SCIMService) GetSCIMProvisioningInformationForEnterpriseUser(ctx context.Context, enterprise string, scimUserID string) (*SCIMEnterpriseUser, *Response, error) { +//} + +// SetSCIMInformationForProvisionedEnterpriseUser replaces an existing provisioned enterprise user's information. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-user +// +//meta:operation PUT /scim/v2/enterprises/{enterprise}/Users/{scim_user_id} +//func (s *SCIMService) SetSCIMInformationForProvisionedEnterpriseUser(ctx context.Context, enterprise string, scimUserID string, opts *SCIMEnterpriseUser) (*SCIMEnterpriseUser, *Response, error) { +//} + +// UpdateAttributeForSCIMEnterpriseUser update a provisioned enterprise user's individual attributes. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-user +// +//meta:operation PATCH /scim/v2/enterprises/{enterprise}/Users/{scim_user_id} +//func (s *SCIMService) UpdateAttributeForSCIMEnterpriseUser(ctx context.Context, enterprise string, scimUserID string, opts *SCIMEnterpriseUser) (*SCIMEnterpriseUser, *Response, error) { +//} + +// DeleteSCIMUserFromEnterprise suspends a SCIM user permanently from an enterprise, removes all the user's data, etc. This action is irreversible. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#delete-a-scim-user-from-an-enterprise +// +//meta:operation DELETE /scim/v2/enterprises/{enterprise}/Users/{scim_user_id} +//func (s *SCIMService) DeleteSCIMUserFromEnterprise(ctx context.Context, enterprise string, scimUserID string) (*Response, error) { +//} diff --git a/github/enterprise_scim_test.go b/github/enterprise_scim_test.go new file mode 100644 index 00000000000..2a4e6c50ceb --- /dev/null +++ b/github/enterprise_scim_test.go @@ -0,0 +1,14 @@ +// Copyright 2025 The go-github AUTHORS. All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package github + +import ( + "fmt" + "net/http" + "testing" + + "github.com/google/go-cmp/cmp" +) From c1c2f12af0fdeaa7bc671d2037b32a29d2998326 Mon Sep 17 00:00:00 2001 From: Alejandro Date: Sun, 9 Nov 2025 11:36:48 +0100 Subject: [PATCH 2/3] Add missing type structs --- github/enterprise_scim.go | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/github/enterprise_scim.go b/github/enterprise_scim.go index faf2b02534e..576ef11df80 100644 --- a/github/enterprise_scim.go +++ b/github/enterprise_scim.go @@ -12,19 +12,19 @@ const SCIMSchemasURINamespacesGroups string = "urn:ietf:params:scim:schemas:core // SCIMEnterpriseGroupAttributes represents supported SCIM Enterprise group attributes. // GitHub API docs:https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#supported-scim-group-attributes type SCIMEnterpriseGroupAttributes struct { - DisplayName *string `json:"displayName,omitempty"` // Human-readable name for a group. + DisplayName *string `json:"displayName,omitempty"` // Human-readable name for a group. Members []*SCIMEnterpriseDisplayReference `json:"members,omitempty"` // (Optional.) - ExternalID *string `json:"externalId,omitempty"` // (Optional.) + ExternalID *string `json:"externalId,omitempty"` // (Optional.) // Only populated as a result of calling ListSCIMProvisionedIdentitiesOptions: - Schemas []string `json:"schemas"` // (Optional.) - ID *string `json:"id,omitempty"` - Meta *SCIMMeta `json:"meta,omitempty"` + Schemas []string `json:"schemas"` // (Optional.) + ID *string `json:"id,omitempty"` + Meta *SCIMMeta `json:"meta,omitempty"` } // SCIMEnterpriseDisplayReference represents a JSON SCIM (System for Cross-domain Identity Management) resource. type SCIMEnterpriseDisplayReference struct { - Value string `json:"value"` // (Required.) - Ref string `json:"$+ref"` // (Required.) + Value string `json:"value"` // (Required.) + Ref string `json:"$+ref"` // (Required.) Display *string `json:"displayName,omitempty"` // (Optional.) } @@ -41,24 +41,39 @@ type SCIMEnterpriseUserAttributes struct { ID *string `json:"id,omitempty"` // Identifier generated by the GitHub's SCIM endpoint. Active *bool `json:"active,omitempty"` // Indicates whether the identity is active (true) or should be suspended (false). Groups []string `json:"groups,omitempty"` // (Optional.) - Meta *SCIMEnterpriseMeta `json:"meta,omitempty"` + Meta *SCIMEnterpriseMeta `json:"meta,omitempty"` } // SCIMEnterpriseUserName represents SCIM enterprise user's name information. -*type SCIMEnterpriseUserName struct { +type SCIMEnterpriseUserName struct { GivenName string `json:"givenName"` // The first name of the user. FamilyName string `json:"familyName"` // The last name of the user. Formatted *string `json:"formatted,omitempty"` // The user's full name, including all middle names, titles, and suffixes, formatted for display (Optional) } // SCIMEnterpriseUserEmail represents SCIM enterprise user's emails. -*type SCIMEnterpriseUserEmail struct { +type SCIMEnterpriseUserEmail struct { Value string `json:"value"` // (Required.) Primary *bool `json:"primary,omitempty"` // (Optional.) Type *string `json:"type,omitempty"` // (Optional.) } -// ListSCIMProvisionedGroupsForEnterprise lists SCIM provisioned groups for an enterprise. +// SCIMEnterpriseUserRole is an enterprise-wide role granted to the user. +type SCIMEnterpriseUserRole struct { + Value string `json:"value"` // (Required.) + Display *string `json:"display,omitempty"` // (Optional.) + Type *string `json:"type,omitempty"` // (Optional.) + Primary *bool `json:"primary,omitempty"` // (Optional.) +} + +// SCIMEnterpriseMeta represents metadata about the SCIM resource. +type SCIMEnterpriseMeta struct { + ResourceType *string `json:"resourceType,omitempty"` + Created *Timestamp `json:"created,omitempty"` + LastModified *Timestamp `json:"lastModified,omitempty"` + Location *string `json:"location,omitempty"` +} + // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/scim#list-provisioned-scim-groups-for-an-enterprise // //meta:operation GET /scim/v2/enterprises/{enterprise} From f7d36fc344951a72fef9c8b70617d407e1759c7a Mon Sep 17 00:00:00 2001 From: Alejandro Date: Sun, 9 Nov 2025 11:37:25 +0100 Subject: [PATCH 3/3] Deprecate ListSCIMProvisionedGroupsForEnterprise for ListProvisionedSCIMGroupsForEnterprise --- github/enterprise_scim.go | 10 ++++++---- github/scim.go | 1 + 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/github/enterprise_scim.go b/github/enterprise_scim.go index 576ef11df80..c7e5a642d18 100644 --- a/github/enterprise_scim.go +++ b/github/enterprise_scim.go @@ -74,15 +74,17 @@ type SCIMEnterpriseMeta struct { Location *string `json:"location,omitempty"` } -// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/scim#list-provisioned-scim-groups-for-an-enterprise +// ListProvisionedSCIMGroupsForEnterprise lists provisioned SCIM groups in an enterprise. +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#list-provisioned-scim-groups-for-an-enterprise // -//meta:operation GET /scim/v2/enterprises/{enterprise} -// ----- Already present in scim.go file ----- +//meta:operation GET /scim/v2/enterprises/{enterprise}/Groups +// func (s *SCIMService) ListProvisionedSCIMGroupsForEnterprise(ctx context.Context, enterprise string, opts *ListOptions) ([]*SCIMEnterpriseGroupAttributes, *Response, error) { +//} // ProvisionSCIMEnterpriseGroup creates a SCIM group for an enterprise. // GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/scim#provision-a-scim-enterprise-group // -//meta:operation POST scim/v2/enterprises/{enterprise}/Groups +//meta:operation POST /scim/v2/enterprises/{enterprise}/Groups //func (s *SCIMService) ProvisionSCIMEnterpriseGroup(ctx context.Context, enterprise string, opts *SCIMGroupAttributes) (*SCIMGroupAttributes, *Response, error) { //} diff --git a/github/scim.go b/github/scim.go index cd9d9222dce..bf074fe3cf3 100644 --- a/github/scim.go +++ b/github/scim.go @@ -282,6 +282,7 @@ func (s *SCIMService) DeleteSCIMUserFromOrg(ctx context.Context, org, scimUserID } // ListSCIMProvisionedGroupsForEnterprise lists SCIM provisioned groups for an enterprise. +// Deprecated: This method is deprecated. Please use ListProvisionedSCIMGroupsForEnterprise from EnterpriseService instead. // // GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/enterprise-admin/scim#list-provisioned-scim-groups-for-an-enterprise //