Enable UAA shadow user creation for POST /v3/users

svkrieger · svkrieger · commit fb624e3d8ed8 · 2024-11-28T13:03:20.000+01:00
diff --git a/app/actions/user_create.rb b/app/actions/user_create.rb
@@ -4,10 +4,21 @@ class Error < StandardError
     end
 
     def create(message:)
-      user = User.create(guid: message.guid)
+      begin
+        shadow_user = User.create_uaa_shadow_user(message.username, message.origin) if message.username && message.origin
+      rescue CF::UAA::TargetError => e
+        raise e unless e.info['error'] == 'scim_resource_already_exists'
+
+        existing_guid = e.info['user_id']
+      end
+
+      user_guid = existing_guid || shadow_user['id'] || message.guid
+
+      user = User.create(guid: user_guid)
       User.db.transaction do
         MetadataUpdate.update(user, message)
       end
+
       user
     rescue Sequel::ValidationFailed => e
       validation_error!(message, e)
@@ -16,7 +27,11 @@ def create(message:)
     private
 
     def validation_error!(message, error)
-      error!("User with guid '#{message.guid}' already exists.") if error.errors.on(:guid)&.any? { |e| [:unique].include?(e) }
+      error!("User with guid '#{message.guid}' already exists.") if message.guid && error.errors.on(:guid)&.any? { |e| [:unique].include?(e) }
+
+      if !message.guid && error.errors.on(:guid)&.any? { |e| [:unique].include?(e) }
+        error!("User with username '#{message.username}' and origin '#{message.origin}' already exists.")
+      end
 
       error!(error.message)
     end
diff --git a/app/models/runtime/user.rb b/app/models/runtime/user.rb
@@ -252,6 +252,11 @@ def self.uaa_users_info(user_guids)
       uaa_username_lookup_client.users_for_ids(user_guids)
     end
 
+    def self.create_uaa_shadow_user(username, origin)
+      uaa_shadow_user_creation_client = CloudController::DependencyLocator.instance.uaa_shadow_user_creation_client
+      uaa_shadow_user_creation_client.create_shadow_user(username, origin)
+    end
+
     def self.user_visibility_filter(_)
       full_dataset_filter
     end
diff --git a/lib/cloud_controller/uaa/uaa_client.rb b/lib/cloud_controller/uaa/uaa_client.rb
@@ -96,6 +96,10 @@ def origins_for_username(username)
       raise UaaUnavailable
     end
 
+    def create_shadow_user(username, origin)
+      with_cache_retry { scim.add(:user, { username: username, origin: origin, emails: [{ primary: true, value: username}]}) }
+    end
+
     def info
       CF::UAA::Info.new(uaa_target, uaa_connection_opts)
     end
