dockerized and bug fixes

Author: ltsch

DOCKER.md

@@ -32,19 +32,57 @@ The following environment variables can be configured in `docker-compose.yml`:
 
 - `PYTHONPATH`: Set to `/app` (default)
 - `LOG_LEVEL`: Set to `info` (default)
+- `DATABASE_URL`: Set to `sqlite:////app/db/scim.db` (default)
 
 ### Volumes
 
-The following directories are mounted for persistence:
+The following volumes are configured for persistence:
 
-- `./scim.db` → `/app/scim.db` (main database)
-- `./logs` → `/app/logs` (application logs)
-- `./test_scim.db` → `/app/test_scim.db` (test database)
+- `scim_database` → `/app/db` (main database - Docker volume)
+- `./logs` → `/app/logs` (application logs - bind mount)
+
+**Database Volume**: The `scim_database` volume is a Docker-managed volume that persists across container restarts and reboots. This ensures your SCIM server data is preserved even when containers are recreated.
 
 ### Ports
 
 - `7001` - Main SCIM server port
 
+## Database Persistence
+
+### Docker Volume Benefits
+
+- **Persistent Storage**: Database survives container restarts and reboots
+- **Isolated Storage**: Database is managed by Docker and isolated from host filesystem
+- **Easy Backup**: Volume can be easily backed up using Docker commands
+- **Performance**: Better I/O performance compared to bind mounts
+
+### Managing the Database Volume
+
+**List volumes:**
+```bash
+docker volume ls
+```
+
+**Inspect volume details:**
+```bash
+docker volume inspect scim_database
+```
+
+**Backup the database:**
+```bash
+docker run --rm -v scim_database:/data -v $(pwd):/backup alpine tar czf /backup/scim_database_backup.tar.gz -C /data .
+```
+
+**Restore the database:**
+```bash
+docker run --rm -v scim_database:/data -v $(pwd):/backup alpine tar xzf /backup/scim_database_backup.tar.gz -C /data
+```
+
+**Remove the volume (WARNING: This will delete all data):**
+```bash
+docker volume rm scim_database
+```
+
 ## Health Checks
 
 The container includes robust health checks that verify the application is running properly:
@@ -91,123 +129,103 @@ docker build -t scim-server .
 ### Running the Container
 
 ```bash
-docker run -p 7001:7001 -v $(pwd)/scim.db:/app/scim.db -v $(pwd)/logs:/app/logs scim-server
+docker run -p 7001:7001 -v scim_database:/app/db -v $(pwd)/logs:/app/logs scim-server
 ```
 
 ### Viewing Logs
 
 ```bash
 # Docker Compose logs
-docker-compose logs -f
+docker-compose logs -f scim-server
 
 # Direct container logs
-docker logs scim-server
+docker logs -f scim-server
 ```
 
-### Checking Health Status
+### Database Initialization
 
-```bash
-# Check container health status
-docker ps
+The container automatically initializes the database on first startup. The startup script (`start.sh`) checks if the database file exists and initializes it if needed.
 
-# Check health check logs
-docker inspect scim-server | grep -A 10 "Health"
+**Manual database initialization:**
+```bash
+docker exec scim-server python scripts/init_db.py
 ```
 
-## API Endpoints
-
-Once running, the SCIM server will be available at:
-
-- Health Check: `http://localhost:7001/healthz`
-- Detailed Health: `http://localhost:7001/health`
-- SCIM Endpoints: `http://localhost:7001/scim-identifier/{server_id}/scim/v2/`
-
-## Troubleshooting
-
-### Container Won't Start
+### CLI Access
 
-1. Check if port 7001 is already in use:
-   ```bash
-   lsof -i :7001
-   ```
+Access the SCIM CLI from within the container:
 
-2. Check container logs:
-   ```bash
-   docker-compose logs
-   ```
+```bash
+# List all servers
+docker exec scim-server python scripts/scim_cli.py list
 
-3. Check health check status:
-   ```bash
-   docker ps
-   docker inspect scim-server
-   ```
+# Create a new server
+docker exec scim-server python scripts/scim_cli.py create --app-profile hr --defaults
 
-### Health Check Failures
+# Create server with specific ID
+docker exec scim-server python scripts/scim_cli.py create --server-id your-server-id --app-profile hr --defaults
+```
 
-If health checks are failing:
+## Troubleshooting
 
-1. Check if the application is starting properly:
-   ```bash
-   docker-compose logs scim-server
-   ```
+### Database Issues
 
-2. Test the health endpoint manually:
-   ```bash
-   curl http://localhost:7001/healthz
-   curl http://localhost:7001/health
-   ```
+**Check if database exists:**
+```bash
+docker exec scim-server ls -la /app/db/
+```
 
-3. Verify the container is running:
-   ```bash
-   docker exec scim-server ps aux
-   ```
+**Check database contents:**
+```bash
+docker exec scim-server python -c "import sqlite3; conn = sqlite3.connect('/app/db/scim.db'); cursor = conn.cursor(); cursor.execute('SELECT COUNT(*) FROM users'); print('Users:', cursor.fetchone()[0]); conn.close()"
+```
 
-### IP Restriction Issues
+**Reset database (WARNING: This will delete all data):**
+```bash
+docker exec scim-server python scripts/scim_cli.py reset
+```
 
-If you're getting "Access denied from external network" errors when accessing `/health`:
+### Volume Issues
 
-1. **From Docker container**: The `/health` endpoint is restricted to internal networks only
-2. **From host machine**: Use `localhost` or `127.0.0.1` to access the endpoint
-3. **From external networks**: Use `/healthz` instead, which is publicly accessible
-4. **For monitoring systems**: Configure your monitoring to use `/healthz` for external checks
+**Check volume status:**
+```bash
+docker volume ls | grep scim_database
+```
 
-**Allowed networks for `/health`**:
-- Localhost: `127.0.0.1`, `::1`
-- Private networks: `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`
-- Docker networks: `172.16.0.0/12`, `192.168.0.0/16`
-- Link-local: `169.254.0.0/16`, `fe80::/10`
+**Inspect volume:**
+```bash
+docker volume inspect scim_database
+```
 
-### Database Issues
+**Recreate volume (WARNING: This will delete all data):**
+```bash
+docker-compose down
+docker volume rm scim_database
+docker-compose up --build
+```
 
-If you encounter database issues, you can reset the database:
+## Production Considerations
 
-1. Stop the container:
-   ```bash
-   docker-compose down
-   ```
+### Security
 
-2. Remove the database file:
-   ```bash
-   rm scim.db
-   ```
+- The container runs as root for simplicity, but you can modify the Dockerfile to run as a non-root user
+- Database volume is isolated from the host filesystem
+- Health checks are available for monitoring
 
-3. Restart the container:
-   ```bash
-   docker-compose up --build
-   ```
+### Backup Strategy
 
-### Permission Issues
+1. **Regular backups**: Set up automated backups of the `scim_database` volume
+2. **Test restores**: Regularly test backup restoration procedures
+3. **Multiple locations**: Store backups in multiple locations
 
-If you encounter permission issues with mounted volumes, ensure the current user has write permissions to the mounted directories.
+### Monitoring
 
-## Production Considerations
+- Use the health check endpoints for monitoring
+- Monitor container logs for errors
+- Set up alerts for database connectivity issues
 
-For production deployment:
+### Scaling
 
-1. Use environment-specific configuration
-2. Consider using PostgreSQL instead of SQLite
-3. Set up proper logging and monitoring
-4. Configure SSL/TLS termination
-5. Use secrets management for API keys
-6. Monitor health check metrics
-7. Set up alerting for health check failures
+- The current setup is designed for single-instance deployment
+- For multi-instance deployment, consider using an external database (PostgreSQL, MySQL)
+- Update the `DATABASE_URL` environment variable to point to your external database

Dockerfile

@@ -26,13 +26,15 @@ RUN pip install --no-cache-dir -r requirements.txt
 # Copy application code
 COPY . .
 
-# Create logs directory
-RUN mkdir -p logs
+# Create logs and database directories and ensure proper permissions
+RUN mkdir -p logs db && chmod 755 logs db
 
-# Create non-root user for security
+# Make startup script executable
+RUN chmod +x start.sh
+
+# Create non-root user for security (but allow running as root if needed)
 RUN groupadd -r scim && useradd -r -g scim scim
 RUN chown -R scim:scim /app
-USER scim
 
 # Expose port
 EXPOSE 7001
@@ -42,4 +44,4 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=5 \
     CMD curl -f http://localhost:7001/healthz || exit 1
 
 # Default command
-CMD ["uvicorn", "scim_server.main:app", "--host", "0.0.0.0", "--port", "7001"]
+CMD ["./start.sh"]

docker-compose.yml

@@ -11,14 +11,14 @@ services:
     environment:
       - PYTHONPATH=/app
       - LOG_LEVEL=info
+      - DATABASE_URL=sqlite:////app/db/scim.db
     volumes:
-      # Mount database for persistence
-      - ./scim.db:/app/scim.db
+      # Use Docker volume for database persistence
+      - scim_database:/app/db
       # Mount logs directory for external access
       - ./logs:/app/logs
-      # Mount test database if needed
-      - ./test_scim.db:/app/test_scim.db
     restart: unless-stopped
+    user: "0:0"  # Run as root to avoid permission issues
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:7001/healthz"]
       interval: 30s
@@ -47,5 +47,6 @@ networks:
   scim-network:
     driver: bridge
 
-# volumes:
-#   postgres_data:
+volumes:
+  scim_database:
+    driver: local

frontend/static/index.html

@@ -257,6 +257,47 @@ <h3>Export Server Data</h3>
             copyToClipboard(scimUrl);
         }
 
+        function copyServerId(serverId) {
+            copyToClipboard(serverId);
+        }
+        
+        function copyServerBaseUrl(serverId) {
+            const protocol = window.location.protocol;
+            const host = window.location.host;
+            const baseUrl = `${protocol}//${host}/scim-identifier/${serverId}/scim/v2`;
+            copyToClipboard(baseUrl);
+        }
+        
+        function copyCurlExample(serverId) {
+            const protocol = window.location.protocol;
+            const host = window.location.host;
+            const baseUrl = `${protocol}//${host}/scim-identifier/${serverId}/scim/v2`;
+            
+            // Get the API key from the page (if available)
+            const apiKey = getApiKey();
+            const authHeader = apiKey ? `-H "Authorization: ${apiKey}"` : '';
+            
+            const curlExample = `# Test SCIM Server: ${serverId}
+# Base URL: ${baseUrl}
+
+# Test Users endpoint
+curl -X GET "${baseUrl}/Users" -H "Accept: application/scim+json" -H "Content-Type: application/scim+json" ${authHeader}
+
+# Test Groups endpoint  
+curl -X GET "${baseUrl}/Groups" -H "Accept: application/scim+json" -H "Content-Type: application/scim+json" ${authHeader}
+
+# Test ServiceProviderConfig
+curl -X GET "${baseUrl}/ServiceProviderConfig" -H "Accept: application/scim+json" -H "Content-Type: application/scim+json" ${authHeader}
+
+# Test ResourceTypes
+curl -X GET "${baseUrl}/ResourceTypes" -H "Accept: application/scim+json" -H "Content-Type: application/scim+json" ${authHeader}
+
+# Test Schemas
+curl -X GET "${baseUrl}/Schemas" -H "Accept: application/scim+json" -H "Content-Type: application/scim+json" ${authHeader}`;
+            
+            copyToClipboard(curlExample);
+        }
+        
         async function makeApiCall(endpoint, options = {}) {
             const apiKey = getApiKey();
             const headers = {
@@ -308,8 +349,11 @@ <h3>Export Server Data</h3>
                     <div class="server-card">
                         <div style="display: flex; align-items: center; gap: 10px; margin-bottom: 10px;">
                             <div class="server-id">${server.server_id}</div>
+                            <button class="btn" onclick="copyServerId('${server.server_id}')" style="padding: 5px 10px; font-size: 12px;">Copy Server ID</button>
+                            <button class="btn" onclick="copyServerBaseUrl('${server.server_id}')" style="padding: 5px 10px; font-size: 12px;">Copy Server URL</button>
                             <button class="btn" onclick="copyServerUrl('${server.server_id}', 'Users')" style="padding: 5px 10px; font-size: 12px;">Copy Users URL</button>
                             <button class="btn" onclick="copyServerUrl('${server.server_id}', 'Groups')" style="padding: 5px 10px; font-size: 12px;">Copy Groups URL</button>
+                            <button class="btn" onclick="copyCurlExample('${server.server_id}')" style="padding: 5px 10px; font-size: 12px;">Copy cURL Example</button>
                         </div>
                         ${server.app_profile ? `
                             <div style="margin-bottom: 10px; padding: 10px; background: #f8f9fa; border-radius: 4px; border-left: 4px solid #3498db;">

scim_server/config.py

@@ -1,8 +1,11 @@
+import os
+from typing import List, Dict, Any
+
 class Settings:
     """Application settings - all configuration in one place."""
 
     # Database settings
-    database_url: str = "sqlite:///./scim.db"
+    database_url: str = os.getenv("DATABASE_URL", "sqlite:///./scim.db")
 
     # API settings
     max_results_per_page: int = 100
@@ -264,6 +267,14 @@ class Settings:
     # Relationship distribution settings
     cli_max_groups_per_user: int = 6  # Maximum groups a user can belong to
     cli_max_entitlements_per_user: int = 8  # Maximum entitlements a user can have
+    
+    # Sortable fields configuration - Static list of fields that can be used for sorting
+    # These fields must exist in the database models and be mapped correctly in the CRUD layer
+    sortable_fields: Dict[str, List[str]] = {
+        'User': ['userName', 'displayName', 'id', 'created', 'lastModified'],
+        'Group': ['displayName', 'id', 'created', 'lastModified'],
+        'Entitlement': ['displayName', 'id', 'created', 'lastModified']
+    }
 
 # Global settings instance
 settings = Settings()