feature: expose and rename external group mappings endpoint + api docs

2026-01-09 15:38:03 -05:00 · 2025-12-16 11:06:18 -08:00
parent 695a4b9cbb
commit 8d7c5439f8
7 changed files with 32 additions and 7 deletions
--- a/backend/src/lib/api-docs/constants.ts
+++ b/backend/src/lib/api-docs/constants.ts
@@ -77,6 +77,7 @@ export enum ApiDocsTags {
  OidcSso = "OIDC SSO",
  SamlSso = "SAML SSO",
  LdapSso = "LDAP SSO",
+  Scim = "SCIM",
  Events = "Event Subscriptions"
 }

@@ -3151,6 +3152,13 @@ export const LdapSso = {
  }
 };

+export const Scim = {
+  UPDATE_GROUP_ORG_ROLE_MAPPINGS: {
+    groupName: "The name of the group in the SCIM provider.",
+    roleSlug: "The slug of the role that group members should be assigned when provisioned."
+  }
+};
+
 export const EventSubscriptions = {
  SUBSCRIBE_PROJECT_EVENTS: {
    projectId: "The ID of the project to subscribe to events for.",
--- a/backend/src/server/routes/v1/external-group-org-role-mapping-router.ts
+++ b/backend/src/server/routes/v1/external-group-org-role-mapping-router.ts
@@ -2,6 +2,7 @@ import { z } from "zod";

 import { ExternalGroupOrgRoleMappingsSchema } from "@app/db/schemas/external-group-org-role-mappings";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
+import { ApiDocsTags, Scim } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
@@ -16,6 +17,8 @@ export const registerExternalGroupOrgRoleMappingRouter = async (server: FastifyZ
      rateLimit: readLimit
    },
    schema: {
+      hide: false,
+      tags: [ApiDocsTags.Scim],
      response: {
        200: ExternalGroupOrgRoleMappingsSchema.array()
      }
@@ -44,11 +47,13 @@ export const registerExternalGroupOrgRoleMappingRouter = async (server: FastifyZ
      rateLimit: writeLimit
    },
    schema: {
+      hide: false,
+      tags: [ApiDocsTags.Scim],
      body: z.object({
        mappings: z
          .object({
-            groupName: z.string().trim().min(1),
-            roleSlug: slugSchema({ max: 64 })
+            groupName: z.string().trim().min(1).describe(Scim.UPDATE_GROUP_ORG_ROLE_MAPPINGS.groupName),
+            roleSlug: slugSchema({ max: 64 }).describe(Scim.UPDATE_GROUP_ORG_ROLE_MAPPINGS.roleSlug)
          })
          .array()
      }),
--- a/backend/src/server/routes/v1/index.ts
+++ b/backend/src/server/routes/v1/index.ts
@@ -236,7 +236,7 @@ export const registerV1Routes = async (server: FastifyZodProvider) => {
  await server.register(registerUserEngagementRouter, { prefix: "/user-engagement" });
  await server.register(registerDashboardRouter, { prefix: "/dashboard" });
  await server.register(registerCmekRouter, { prefix: "/kms" });
-  await server.register(registerExternalGroupOrgRoleMappingRouter, { prefix: "/external-group-mappings" });
+  await server.register(registerExternalGroupOrgRoleMappingRouter, { prefix: "/scim/group-org-role-mappings" });

  await server.register(
    async (appConnectionRouter) => {
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -928,6 +928,18 @@
                  "api-reference/endpoints/organizations/saml-sso/update-saml-config",
                  "api-reference/endpoints/organizations/saml-sso/create-saml-config"
                ]
+              },
+              {
+                "group": "SCIM",
+                "pages": [
+                  {
+                    "group": " Group to Org Role Mappings",
+                    "pages": [
+                      "api-reference/endpoints/organizations/scim/group-org-role-mappings/list",
+                      "api-reference/endpoints/organizations/scim/group-org-role-mappings/update"
+                    ]
+                  }
+                ]
              }
            ]
          },
--- a/frontend/src/hooks/api/auditLogs/constants.tsx
+++ b/frontend/src/hooks/api/auditLogs/constants.tsx
@@ -122,8 +122,8 @@ export const eventToNameMap: { [K in EventType]: string } = {
  [EventType.CMEK_LIST_SIGNING_ALGORITHMS]: "List signing algorithms for KMS key",
  [EventType.CMEK_GET_PUBLIC_KEY]: "Get public key for KMS key",
  [EventType.UPDATE_EXTERNAL_GROUP_ORG_ROLE_MAPPINGS]:
-    "Update SSO group to organization role mapping",
-  [EventType.GET_EXTERNAL_GROUP_ORG_ROLE_MAPPINGS]: "List SSO group to organization role mapping",
+    "Update SCIM group to organization role mapping",
+  [EventType.GET_EXTERNAL_GROUP_ORG_ROLE_MAPPINGS]: "List SCIM group to organization role mapping",
  [EventType.GET_PROJECT_TEMPLATES]: "List project templates",
  [EventType.GET_PROJECT_TEMPLATE]: "Get project template",
  [EventType.CREATE_PROJECT_TEMPLATE]: "Create project template",
--- a/frontend/src/hooks/api/externalGroupOrgRoleMappings/mutations.tsx
+++ b/frontend/src/hooks/api/externalGroupOrgRoleMappings/mutations.tsx
@@ -8,7 +8,7 @@ export const useUpdateExternalGroupOrgRoleMappings = () => {
  const queryClient = useQueryClient();
  return useMutation({
    mutationFn: async (payload: TSyncExternalGroupOrgRoleMappingsDTO) => {
-      const { data } = await apiRequest.put("/api/v1/external-group-mappings", payload);
+      const { data } = await apiRequest.put("/api/v1/scim/group-org-role-mappings", payload);

      return data;
    },
--- a/frontend/src/hooks/api/externalGroupOrgRoleMappings/queries.tsx
+++ b/frontend/src/hooks/api/externalGroupOrgRoleMappings/queries.tsx
@@ -23,7 +23,7 @@ export const useGetExternalGroupOrgRoleMappings = (
    queryKey: externalGroupOrgRoleMappingKeys.list(),
    queryFn: async () => {
      const { data } = await apiRequest.get<TExternalGroupOrgRoleMappingList>(
-        "/api/v1/external-group-mappings"
+        "/api/v1/scim/group-org-role-mappings"
      );

      return data;