serve tls

README.md

@@ -4,6 +4,9 @@ The Aserto SCIM service uses the SCIM 2.0 protocol to import data into the Asert
 ### sample config.yaml
 ```yaml
 ---
+logging:
+  prod: true
+  log_level: info
 server:
   listen_address: ":8080"
   auth:

cmd/aserto-scim/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"log"
+	"os"
 
 	"github.com/aserto-dev/scim/pkg/app"
 	"github.com/aserto-dev/scim/pkg/version"
@@ -31,7 +32,7 @@ var cmdRun = &cobra.Command{
 	Use:   "run [args]",
 	Short: "Start SCIM service",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		return app.Run(flagConfigPath)
+		return app.Run(flagConfigPath, os.Stdout, os.Stderr)
 	},
 }
 

config.sample.yaml

@@ -1,4 +1,7 @@
 ---
+logging:
+  prod: true
+  log_level: trace
 server:
   listen_address: ":8081"
   auth:

go.mod

@@ -3,13 +3,16 @@ module github.com/aserto-dev/scim
 go 1.20
 
 require (
+	github.com/aserto-dev/certs v0.0.5
 	github.com/aserto-dev/errors v0.0.6
 	github.com/aserto-dev/go-aserto v0.30.0
 	github.com/aserto-dev/go-directory v0.30.5
+	github.com/aserto-dev/logger v0.0.4
 	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
 	github.com/magefile/mage v1.15.0
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/pkg/errors v0.9.1
+	github.com/rs/zerolog v1.31.0
 	github.com/scim2/filter-parser/v2 v2.2.0
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/viper v1.18.0
@@ -32,9 +35,9 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
-	github.com/rs/zerolog v1.31.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect

go.sum

@@ -4,6 +4,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/aserto-dev/certs v0.0.5 h1:URZEN3DMUIqob3pf78NtTpe7sYPrR2oJYV5MbJ91YKA=
+github.com/aserto-dev/certs v0.0.5/go.mod h1:BGRgkJ4GB7XoETzDtnMxQySk5IVpJIa18aWuylvAsac=
 github.com/aserto-dev/errors v0.0.6 h1:iH5fkJwBGFPbcdS4B8mwvNdwODlhDEXXPduZtjLh6vo=
 github.com/aserto-dev/errors v0.0.6/go.mod h1:kenI1gamsemaR2wS+M2un0kXIJ9exTrmeRT/fCFwlWc=
 github.com/aserto-dev/go-aserto v0.30.0 h1:RZMM8ojXp4O15+qPKsFjQ+6/+KV3pXAwqCJrQjJRD5I=
@@ -12,6 +14,8 @@ github.com/aserto-dev/go-directory v0.30.5 h1:wOF1dtiqlNbfvb7iBH9qvgQ4e2jrIfMlRJ
 github.com/aserto-dev/go-directory v0.30.5/go.mod h1:qd/+uHrKvskPSN48FLGeZ/FoiORxjRmikCKRIp3pnYY=
 github.com/aserto-dev/header v0.0.4 h1:Bb58n1m2X/qRV3N2PS0avuFOyRcG8Iri7/qq0Wsunq8=
 github.com/aserto-dev/header v0.0.4/go.mod h1:LNgRo3gStS71lO1d9Oue9e9kfVvirvUHvdZClzDmNwo=
+github.com/aserto-dev/logger v0.0.4 h1:GF+17mhn03ZnE5KHCszrzGRcZULgczsql+y+PCHjgpI=
+github.com/aserto-dev/logger v0.0.4/go.mod h1:awdS/W0VnLNyP+aT5mmLx9PjOcT5IrXsYMxqwHglSLU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@@ -91,6 +95,8 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/scim2/filter-parser/v2 v2.2.0 h1:QGadEcsmypxg8gYChRSM2j1edLyE/2j72j+hdmI4BJM=
 github.com/scim2/filter-parser/v2 v2.2.0/go.mod h1:jWnkDToqX/Y0ugz0P5VvpVEUKcWcyHHj+X+je9ce5JA=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
@@ -107,6 +113,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
@@ -144,6 +151,7 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

pkg/app/handlers/groups/handler.go

@@ -3,6 +3,7 @@ package groups
 import (
 	"github.com/aserto-dev/scim/pkg/config"
 	"github.com/aserto-dev/scim/pkg/directory"
+	"github.com/rs/zerolog"
 )
 
 const (
@@ -12,15 +13,18 @@ const (
 type GroupResourceHandler struct {
 	dirClient *directory.DirectoryClient
 	cfg       *config.Config
+	logger    *zerolog.Logger
 }
 
-func NewGroupResourceHandler(cfg *config.Config) (*GroupResourceHandler, error) {
+func NewGroupResourceHandler(cfg *config.Config, logger *zerolog.Logger) (*GroupResourceHandler, error) {
+	groupLogger := logger.With().Str("component", "groups").Logger()
 	dirClient, err := directory.GetDirectoryClient(&cfg.Directory)
 	if err != nil {
 		return nil, err
 	}
 	return &GroupResourceHandler{
 		dirClient: dirClient,
 		cfg:       cfg,
+		logger:    &groupLogger,
 	}, nil
 }

pkg/app/handlers/groups/patch.go

@@ -2,7 +2,6 @@ package groups
 
 import (
 	"context"
-	"log"
 	"net/http"
 
 	cerr "github.com/aserto-dev/errors"
@@ -19,7 +18,7 @@ import (
 )
 
 func (u GroupResourceHandler) Patch(r *http.Request, id string, operations []scim.PatchOperation) (scim.Resource, error) {
-	log.Println("PATCH", id, operations)
+	u.logger.Trace().Str("group_id", id).Any("operations", operations).Msg("patching group")
 	getObjResp, err := u.dirClient.Reader.GetObject(r.Context(), &dsr.GetObjectRequest{
 		ObjectType:    "group",
 		ObjectId:      id,
@@ -62,7 +61,7 @@ func (u GroupResourceHandler) Patch(r *http.Request, id string, operations []sci
 		Object: object,
 	})
 	if err != nil {
-		log.Println(err)
+		u.logger.Err(err).Msg("error setting object")
 		return scim.Resource{}, err
 	}
 

pkg/app/handlers/users/create.go

@@ -1,7 +1,6 @@
 package users
 
 import (
-	"log"
 	"net/http"
 
 	cerr "github.com/aserto-dev/errors"
@@ -16,7 +15,7 @@ import (
 )
 
 func (u UsersResourceHandler) Create(r *http.Request, attributes scim.ResourceAttributes) (scim.Resource, error) {
-	log.Println("CREATE", attributes)
+	u.logger.Trace().Any("attributes", attributes).Msg("creating user")
 	object, err := common.ResourceAttributesToObject(attributes, "user", attributes["userName"].(string))
 	if err != nil {
 		return scim.Resource{}, serrors.ScimErrorInvalidSyntax
@@ -88,6 +87,14 @@ func (u UsersResourceHandler) Create(r *http.Request, attributes scim.ResourceAt
 		}
 	}
 
+	if attributes["externalId"] != nil {
+		externalID := attributes["externalId"]
+		err = u.setIdentity(r.Context(), resp.Result.Id, externalID.(string), "IDENTITY_KIND_PID")
+		if err != nil {
+			return scim.Resource{}, err
+		}
+	}
+
 	if attributes["groups"] != nil {
 		err = u.setUserGroups(r.Context(), resp.Result.Id, attributes["groups"].([]string))
 		if err != nil {

pkg/app/handlers/users/delete.go

@@ -1,7 +1,6 @@
 package users
 
 import (
-	"log"
 	"net/http"
 
 	cerr "github.com/aserto-dev/errors"
@@ -13,7 +12,7 @@ import (
 )
 
 func (u UsersResourceHandler) Delete(r *http.Request, id string) error {
-	log.Println("DELETE", id)
+	u.logger.Trace().Str("user_id", id).Msg("deleting user")
 	relations, err := u.dirClient.Reader.GetRelations(r.Context(), &dsr.GetRelationsRequest{
 		SubjectType: "user",
 		SubjectId:   id,

pkg/app/handlers/users/get.go

@@ -2,7 +2,6 @@ package users
 
 import (
 	"context"
-	"log"
 	"net/http"
 
 	cerr "github.com/aserto-dev/errors"
@@ -17,7 +16,7 @@ import (
 )
 
 func (u UsersResourceHandler) Get(r *http.Request, id string) (scim.Resource, error) {
-	log.Println("GET", id)
+	u.logger.Trace().Str("user_id", id).Msg("get user")
 	resp, err := u.dirClient.Reader.GetObject(r.Context(), &dsr.GetObjectRequest{
 		ObjectType:    "user",
 		ObjectId:      id,
@@ -42,7 +41,7 @@ func (u UsersResourceHandler) Get(r *http.Request, id string) (scim.Resource, er
 }
 
 func (u UsersResourceHandler) GetAll(r *http.Request, params scim.ListRequestParams) (scim.Page, error) {
-	log.Println("GETALL", params)
+	u.logger.Trace().Msg("getall users")
 
 	var (
 		resources = make([]scim.Resource, 0)

pkg/app/handlers/users/handler.go

@@ -12,6 +12,7 @@ import (
 	"github.com/aserto-dev/scim/pkg/directory"
 	serrors "github.com/elimity-com/scim/errors"
 	"github.com/pkg/errors"
+	"github.com/rs/zerolog"
 	structpb "google.golang.org/protobuf/types/known/structpb"
 )
 
@@ -23,16 +24,19 @@ const (
 type UsersResourceHandler struct {
 	dirClient *directory.DirectoryClient
 	cfg       *config.Config
+	logger    *zerolog.Logger
 }
 
-func NewUsersResourceHandler(cfg *config.Config) (*UsersResourceHandler, error) {
+func NewUsersResourceHandler(cfg *config.Config, logger *zerolog.Logger) (*UsersResourceHandler, error) {
+	usersLogger := logger.With().Str("component", "users").Logger()
 	dirClient, err := directory.GetDirectoryClient(&cfg.Directory)
 	if err != nil {
 		return nil, err
 	}
 	return &UsersResourceHandler{
 		dirClient: dirClient,
 		cfg:       cfg,
+		logger:    &usersLogger,
 	}, nil
 }
 

pkg/app/handlers/users/patch.go

@@ -2,7 +2,6 @@ package users
 
 import (
 	"context"
-	"log"
 	"net/http"
 
 	cerr "github.com/aserto-dev/errors"
@@ -19,7 +18,7 @@ import (
 )
 
 func (u UsersResourceHandler) Patch(r *http.Request, id string, operations []scim.PatchOperation) (scim.Resource, error) {
-	log.Println("PATCH", id, operations)
+	u.logger.Trace().Str("user_id", id).Any("operations", operations).Msg("patching user")
 	getObjResp, err := u.dirClient.Reader.GetObject(r.Context(), &dsr.GetObjectRequest{
 		ObjectType:    "user",
 		ObjectId:      id,
@@ -62,7 +61,7 @@ func (u UsersResourceHandler) Patch(r *http.Request, id string, operations []sci
 		Object: object,
 	})
 	if err != nil {
-		log.Println(err)
+		u.logger.Err(err).Msg("error setting object")
 		return scim.Resource{}, err
 	}
 

pkg/app/handlers/users/replace.go

@@ -1,7 +1,6 @@
 package users
 
 import (
-	"log"
 	"net/http"
 
 	cerr "github.com/aserto-dev/errors"
@@ -15,7 +14,7 @@ import (
 )
 
 func (u UsersResourceHandler) Replace(r *http.Request, id string, attributes scim.ResourceAttributes) (scim.Resource, error) {
-	log.Println("REPLACE", id, attributes)
+	u.logger.Trace().Str("user_id", id).Any("attributes", attributes).Msg("replacing user")
 	getObjResp, err := u.dirClient.Reader.GetObject(r.Context(), &dsr.GetObjectRequest{
 		ObjectType:    "user",
 		ObjectId:      id,

pkg/app/run.go

@@ -7,6 +7,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/aserto-dev/certs"
+	"github.com/aserto-dev/logger"
 	"github.com/aserto-dev/scim/pkg/app/handlers/groups"
 	"github.com/aserto-dev/scim/pkg/app/handlers/users"
 	"github.com/aserto-dev/scim/pkg/config"
@@ -15,13 +17,23 @@ import (
 	"github.com/elimity-com/scim/schema"
 )
 
-func Run(cfgPath string) error {
-	cfg, err := config.NewConfig(cfgPath)
+func Run(cfgPath string, logWriter logger.Writer, errWriter logger.ErrWriter) error {
+	loggerConfig, err := config.NewLoggerConfig(cfgPath)
+	if err != nil {
+		return err
+	}
+	scimLogger, err := logger.NewLogger(logWriter, errWriter, loggerConfig)
+	if err != nil {
+		return err
+	}
+	certGenerator := certs.NewGenerator(scimLogger)
+
+	cfg, err := config.NewConfig(cfgPath, scimLogger, certGenerator)
 	if err != nil {
 		return err
 	}
 
-	userHandler, err := users.NewUsersResourceHandler(cfg)
+	userHandler, err := users.NewUsersResourceHandler(cfg, scimLogger)
 	if err != nil {
 		return err
 	}
@@ -38,7 +50,7 @@ func Run(cfgPath string) error {
 		Handler: userHandler,
 	}
 
-	groupHandler, err := groups.NewGroupResourceHandler(cfg)
+	groupHandler, err := groups.NewGroupResourceHandler(cfg, scimLogger)
 	if err != nil {
 		return err
 	}
@@ -82,7 +94,7 @@ func Run(cfgPath string) error {
 		WriteTimeout: 30 * time.Second,
 	}
 
-	return srv.ListenAndServe()
+	return srv.ListenAndServeTLS(cfg.Server.Certs.TLSCertPath, cfg.Server.Certs.TLSKeyPath)
 }
 
 type application struct {