Scim2SelfService

jaceklaskowski · jaceklaskowski · commit 0c042453e258 · 2024-12-17T22:31:09.000+01:00
diff --git a/docs/server/CatalogService.md b/docs/server/CatalogService.md
@@ -46,7 +46,7 @@ HttpResponse listCatalogs()
 ## Demo
 
 ```console
-$ http http://localhost:8081/api/2.1/unity-catalog/catalogs
+$ http http://localhost:8080/api/2.1/unity-catalog/catalogs
 HTTP/1.1 200 OK
 content-length: 184
 content-type: application/json
@@ -69,6 +69,6 @@ server: Armeria/1.28.4
 ```
 
 ```console
-$ http http://localhost:8081/api/2.1/unity-catalog/catalogs | jq '.catalogs[].name'
+$ http http://localhost:8080/api/2.1/unity-catalog/catalogs | jq '.catalogs[].name'
 "unity"
 ```
diff --git a/docs/server/MetastoreService.md b/docs/server/MetastoreService.md
@@ -7,7 +7,7 @@ Method | URL | Handler | Params
  GET | `/metastore_summary` | [getMetastoreSummary](#getMetastoreSummary) | &nbsp;
 
 ```console
-$ http http://localhost:8081/api/2.1/unity-catalog/metastore_summary | jq '.metastore_id'
+$ http http://localhost:8080/api/2.1/unity-catalog/metastore_summary | jq '.metastore_id'
 "92418bf6-e62c-4d4c-bb5d-e5eda5c82688"
 ```
 
diff --git a/docs/server/ModelService.md b/docs/server/ModelService.md
@@ -48,6 +48,6 @@ HttpResponse createRegisteredModel(
 !!! note "Example"
 
     ```console
-    $ http http://localhost:8081/api/2.1/unity-catalog/models | jq '.registered_models'
+    $ http http://localhost:8080/api/2.1/unity-catalog/models | jq '.registered_models'
     []
     ```
diff --git a/docs/server/PermissionService.md b/docs/server/PermissionService.md
@@ -18,7 +18,7 @@ Method | URL | Handler | AuthorizeKey
  ... | | |
 
 ``` console
-$ http http://localhost:8081/api/2.1/unity-catalog/permissions/catalog/unity
+$ http http://localhost:8080/api/2.1/unity-catalog/permissions/catalog/unity
 HTTP/1.1 200 OK
 content-length: 28
 content-type: application/json
diff --git a/docs/server/Scim2SelfService.md b/docs/server/Scim2SelfService.md
@@ -0,0 +1,101 @@
+# Scim2SelfService
+
+`Scim2SelfService` is a SCIM2-compliant `/Me` endpoint.
+
+`Scim2SelfService` is an API service of [UnityCatalogServer](UnityCatalogServer.md) to handle HTTP requests at `/api/1.0/unity-control/scim2/Me` URL.
+
+Method | URL | Handler | Params
+-|-|-|-
+ GET | - | [getCurrentUser](#getCurrentUser) | -
+
+```console
+# 🛑 Start the UC server with server authorization enabled
+$ http http://localhost:8080/api/1.0/unity-control/scim2/Me
+HTTP/1.1 401 Unauthorized
+content-length: 173
+content-type: application/json
+date: Tue, 17 Dec 2024 21:23:01 GMT
+server: Armeria/1.28.4
+
+{
+    "details": [
+        {
+            "@type": "google.rpc.ErrorInfo",
+            "metadata": {},
+            "reason": "UNAUTHENTICATED"
+        }
+    ],
+    "error_code": "UNAUTHENTICATED",
+    "message": "No authorization found.",
+    "stack_trace": null
+}
+```
+
+```console
+$ http -A bearer -a $(cat etc/conf/token.txt) \
+    http://localhost:8080/api/1.0/unity-control/scim2/Me
+HTTP/1.1 200 OK
+content-length: 345
+content-type: application/scim+json
+date: Tue, 17 Dec 2024 21:23:29 GMT
+server: Armeria/1.28.4
+
+{
+    "active": true,
+    "displayName": "Admin",
+    "emails": [
+        {
+            "primary": true,
+            "value": "admin"
+        }
+    ],
+    "id": "cd941442-6635-45b9-bc7a-c9b527600b3b",
+    "meta": {
+        "created": "2024-11-08T17:40:16.216+00:00",
+        "lastModified": "2024-12-17T21:23:29.251+00:00",
+        "resourceType": "User"
+    },
+    "photos": [
+        {
+            "value": ""
+        }
+    ],
+    "schemas": [
+        "urn:ietf:params:scim:schemas:core:2.0:User"
+    ],
+    "userName": "admin"
+}
+```
+
+## Creating Instance
+
+`Scim2SelfService` takes the following to be created:
+
+* <span id="authorizer"> [UnityCatalogAuthorizer](../server-authorization/UnityCatalogAuthorizer.md)
+
+`Scim2SelfService` is created when:
+
+* `UnityCatalogServer` is requested to [register the API services](UnityCatalogServer.md#addServices)
+
+## UserRepository { #USER_REPOSITORY }
+
+`Scim2SelfService` looks up the system-wide [UserRepository](../persistent-storage/UserRepository.md#getInstance) when [created](#creating-instance).
+
+## Get Current User { #getCurrentUser }
+
+```java
+UserResource getCurrentUser()
+```
+
+`getCurrentUser` finds a [JSON web token](../server-authorization/AuthDecorator.md#DECODED_JWT_ATTR) in the server-side request context.
+
+`getCurrentUser` uses the `sub` claim (of the decoded JSON web token) as the email of a user to look up.
+
+`getCurrentUser` requests the system-wide [UserRepository](#USER_REPOSITORY) instance to [look up a user by the email](../persistent-storage/UserRepository.md#getUserByEmail).
+
+??? note "Scim2RuntimeException"
+    `getCurrentUser` reports a `Scim2RuntimeException` when there is no [JSON web token](../server-authorization/AuthDecorator.md#DECODED_JWT_ATTR) in the server-side request context:
+
+    ```text
+    No user found.
+    ```
diff --git a/docs/server/Scim2UserService.md b/docs/server/Scim2UserService.md
@@ -8,7 +8,6 @@ Method | URL | Handler | Params
 -|-|-|-
  GET | `/` | [getScimUsers](#getScimUsers) | <ul><li>filter<li>startIndex<li>count</ul>
  POST | `/` | [createScimUser](#createScimUser) | JSON-ified `UserResource`
- GET | `/self` | [getCurrentUser](#getCurrentUser) | -
  GET | `/{id}` | [getUser](#getUser) | <ul><li>id</ul>
  PUT | `/{id}` | [updateUser](#updateUser) | <ul><li>id<li>JSON-ified `UserResource`</ul>
  DELETE | `/{id}` | [deleteUser](#deleteUser) | <ul><li>id</ul>
@@ -27,29 +26,6 @@ Method | URL | Handler | Params
 
 * `UnityCatalogServer` is requested to [register the API services](UnityCatalogServer.md#addServices)
 
-## getCurrentUser { #getCurrentUser }
-
-```java
-UserResource getCurrentUser()
-```
-
-??? note "Authorization"
-    `getCurrentUser` handles `POST` requests with the following:
-
-    * [AuthorizeExpression](../server-authorization/AuthorizeExpression.md): `#principal != null`
-    * [AuthorizeKey](../server-authorization/AuthorizeKey.md): `METASTORE`
-
-`getCurrentUser` finds a [JSON web token](../server-authorization/AuthDecorator.md#DECODED_JWT_ATTR) in the server-side request context.
-
-`getCurrentUser` returns the [getUserByEmail](../persistent-storage/UserRepository.md#getUserByEmail) (from the system-wide [UserRepository](#USER_REPOSITORY)) for the `sub` claim of the decoded JSON web token.
-
-??? note "Scim2RuntimeException for no JSON web token"
-    `getCurrentUser` reports a `Scim2RuntimeException` when there is no [JSON web token](../server-authorization/AuthDecorator.md#DECODED_JWT_ATTR) in the server-side request context:
-
-    ```text
-    No user found.
-    ```
-
 ## Examples
 
 ### Get All Users
@@ -142,41 +118,3 @@ server: Armeria/1.28.4
     "userName": "admin"
 }
 ```
-
-### Get Current User
-
-```console
-$ https -A bearer -a $(cat etc/conf/token.txt) \
-    http://localhost:8080/api/1.0/unity-control/scim2/Users/self
-HTTP/1.1 200 OK
-content-length: 345
-content-type: application/scim+json
-date: Sat, 9 Nov 2024 12:35:40 GMT
-server: Armeria/1.28.4
-
-{
-    "active": true,
-    "displayName": "Admin",
-    "emails": [
-        {
-            "primary": true,
-            "value": "admin"
-        }
-    ],
-    "id": "cd941442-6635-45b9-bc7a-c9b527600b3b",
-    "meta": {
-        "created": "2024-11-08T17:40:16.216+00:00",
-        "lastModified": "2024-11-09T12:35:40.341+00:00",
-        "resourceType": "User"
-    },
-    "photos": [
-        {
-            "value": ""
-        }
-    ],
-    "schemas": [
-        "urn:ietf:params:scim:schemas:core:2.0:User"
-    ],
-    "userName": "admin"
-}
-```
diff --git a/docs/server/TableService.md b/docs/server/TableService.md
@@ -10,7 +10,7 @@ Method | URL | Handler | Params
  DELETE | `/{full_name}` | [deleteTable](#deleteTable) | <ul><li>fullName</ul>
 
 ```console
-$ http http://localhost:8081/api/2.1/unity-catalog/tables catalog_name==unity schema_name==default | jq '.tables[].name'
+$ http http://localhost:8080/api/2.1/unity-catalog/tables catalog_name==unity schema_name==default | jq '.tables[].name'
 "numbers"
 "marksheet_uniform"
 "marksheet"
diff --git a/docs/server/TemporaryPathCredentialsService.md b/docs/server/TemporaryPathCredentialsService.md
@@ -18,7 +18,7 @@ Method | AuthorizeExpression | Securables
     The following demo requires `url` being configured in [etc/conf/server.properties](index.md#server-configuration) (using`s3.bucketPath.0=s3://uc-japila` and the others).
 
 ```console
-$ http http://localhost:8081/api/2.1/unity-catalog/temporary-path-credentials \
+$ http http://localhost:8080/api/2.1/unity-catalog/temporary-path-credentials \
     url=s3://uc-japila \
     operation=PATH_CREATE_TABLE
 HTTP/1.1 200 OK
diff --git a/docs/server/TemporaryTableCredentialsService.md b/docs/server/TemporaryTableCredentialsService.md
@@ -43,7 +43,7 @@ HttpResponse generateTemporaryTableCredential(
 ### Local File System
 
 ```console
-$ http http://localhost:8081/api/2.1/unity-catalog/temporary-table-credentials \
+$ http http://localhost:8080/api/2.1/unity-catalog/temporary-table-credentials \
     table_id=b5d6db68-5eca-485c-be5f-5f53d4f27f60 \
     operation=READ
 HTTP/1.1 200 OK
@@ -102,7 +102,7 @@ $ ./bin/uc table create \
 ```
 
 ```console
-$ http http://localhost:8081/api/2.1/unity-catalog/temporary-table-credentials \
+$ http http://localhost:8080/api/2.1/unity-catalog/temporary-table-credentials \
     table_id=020270b2-621e-4157-a73d-6a63c3b86bdd   \
     operation=READ
 
@@ -143,7 +143,7 @@ s3.sessionToken.0=FIXME_sessionToken
 ```
 
 ```console
-$ http http://localhost:8081/api/2.1/unity-catalog/temporary-table-credentials \
+$ http http://localhost:8080/api/2.1/unity-catalog/temporary-table-credentials \
     table_id=020270b2-621e-4157-a73d-6a63c3b86bdd   \
     operation=READ
 HTTP/1.1 200 OK
diff --git a/docs/server/UnityCatalogServer.md b/docs/server/UnityCatalogServer.md
@@ -16,7 +16,7 @@ usage: bin/start-uc-server
  -v,--version      Display the version of the Unity Catalog server
 ```
 
-`UnityCatalogServer` starts Armeria documentation service at http://localhost:8081/docs and the other [Unity Catalog API services](#addServices).
+`UnityCatalogServer` starts Armeria documentation service at http://localhost:8080/docs and the other [Unity Catalog API services](#addServices).
 
 ## Metastore
 
@@ -86,6 +86,7 @@ URL | Service
 -|-
  `/` | Returns `Hello, Unity Catalog!` message
  `/api/1.0/unity-control/auth` |  [AuthService](AuthService.md)
+ `/api/1.0/unity-control/scim2/Me` |  [Scim2SelfService](Scim2SelfService.md)
  `/api/1.0/unity-control/scim2/Users` |  [Scim2UserService](Scim2UserService.md)
  `/api/2.1/unity-catalog/` | [MetastoreService](MetastoreService.md)
  `/api/2.1/unity-catalog/catalogs` | [CatalogService](CatalogService.md)
