Skip to content

Commit 5e58ce2

Browse files
gregwood-dbgregwood-db
authored
Merge pull request #225 from hwang-db/issue216
add Azure SPN import logic to ScimClient
2 parents 82b855e + b8d742f commit 5e58ce2

File tree

1 file changed

+24
-1
lines changed

1 file changed

+24
-1
lines changed

dbclient/ScimClient.py

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -439,8 +439,31 @@ def import_groups(self, group_dir, current_user_ids, error_logger):
439439
elif self.is_group(m):
440440
this_group_id = current_group_ids.get(m['display'])
441441
member_id_list.append(this_group_id)
442+
elif self.is_member_a_service_principal(m):
443+
logging.info(
444+
f"Importing Service Principal - AppId: {m['display']}, userId: {m['value']}")
445+
payload_service_principal = {
446+
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal"],
447+
"applicationId": m['display'],
448+
"displayName": m['display'], # you can also change this to SPN AppId - m['display']
449+
"groups": [
450+
{
451+
"value": group_name
452+
}
453+
],
454+
"entitlements": [
455+
{
456+
"value": "allow-cluster-create"
457+
}
458+
]
459+
}
460+
add_azure_spns = self.post(
461+
'/preview/scim/v2/ServicePrincipals', payload_service_principal)
462+
logging_utils.log_response_error(
463+
error_logger, add_azure_spns)
442464
else:
443-
logging.info("Skipping service principal members and other identities not within users/groups")
465+
logging.info(
466+
"Skipping other identities not within users/service_principal_users/groups")
444467
add_members_json = self.get_member_args(member_id_list)
445468
group_id = current_group_ids[group_name]
446469
add_resp = self.patch('/preview/scim/v2/Groups/{0}'.format(group_id), add_members_json)

0 commit comments

Comments
 (0)