docs: API enterprise (#5625)

* docs: audit, deploymentconfig, files, parameters * Swagger comments in workspacebuilds.go * structs in workspacebuilds.go * workspaceagents: instance identity * workspaceagents.go in progress * workspaceagents.go in progress * Agents * workspacebuilds.go * /workspaces * templates.go, templateversions.go * templateversion.go in progress * cancel * templateversions * wip * Merge * x-apidocgen * NullTime hack not needed anymore * Fix: x-apidocgen * Members * Fixes * Fix * WIP * WIP * Users * Logout * User profile * Status suspend activate * User roles * User tokens * Keys * SSH key * All * Typo * Fix * Entitlements * Groups * SCIM * Fix * Fix * Clean templates * Sort API pages * Fix: HashedSecret * General is first
2025-07-13 21:36:50 +00:00 · 2023-01-11 16:05:42 +01:00
parent 8e9cbdd71b
commit d9436fab69
31 changed files with 4139 additions and 375 deletions
--- a/enterprise/coderd/scim.go
+++ b/enterprise/coderd/scim.go
@ -43,6 +43,14 @@ func (api *API) scimVerifyAuthHeader(r *http.Request) bool {
 // Okta to try and create each user individually, this way we don't need to
 // implement fetching users twice.
 //
+// @Summary SCIM 2.0: Get users
+// @ID scim-get-users
+// @Security CoderSessionToken
+// @Produce application/scim+json
+// @Tags Enterprise
+// @Success 200
+// @Router /scim/v2/Users [post]
+//
 //nolint:revive
 func (api *API) scimGetUsers(rw http.ResponseWriter, r *http.Request) {
 	if !api.scimVerifyAuthHeader(r) {
@ -62,6 +70,19 @@ func (api *API) scimGetUsers(rw http.ResponseWriter, r *http.Request) {
 // This is done to always force Okta to try and create the user, this way we
 // don't need to implement fetching users twice.
 //
+// scimGetUsers intentionally always returns no users. This is done to always force
+// Okta to try and create each user individually, this way we don't need to
+// implement fetching users twice.
+//
+// @Summary SCIM 2.0: Get user by ID
+// @ID scim-get-user-by-id
+// @Security CoderSessionToken
+// @Produce application/scim+json
+// @Tags Enterprise
+// @Param id path string true "User ID" format(uuid)
+// @Failure 404
+// @Router /scim/v2/Users/{id} [get]
+//
 //nolint:revive
 func (api *API) scimGetUser(rw http.ResponseWriter, r *http.Request) {
 	if !api.scimVerifyAuthHeader(r) {
@ -86,7 +107,7 @@ type SCIMUser struct {
 	} `json:"name"`
 	Emails []struct {
 		Primary bool   `json:"primary"`
-		Value   string `json:"value"`
+		Value   string `json:"value" format:"email"`
 		Type    string `json:"type"`
 		Display string `json:"display"`
 	} `json:"emails"`
@ -98,6 +119,15 @@ type SCIMUser struct {
 }

 // scimPostUser creates a new user, or returns the existing user if it exists.
+//
+// @Summary SCIM 2.0: Create new user
+// @ID scim-create-new-user
+// @Security CoderSessionToken
+// @Produce json
+// @Tags Enterprise
+// @Param request body coderd.SCIMUser true "New user"
+// @Success 200 {object} coderd.SCIMUser
+// @Router /scim/v2/Users [post]
 func (api *API) scimPostUser(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	if !api.scimVerifyAuthHeader(r) {
@ -144,6 +174,16 @@ func (api *API) scimPostUser(rw http.ResponseWriter, r *http.Request) {
 }

 // scimPatchUser supports suspending and activating users only.
+//
+// @Summary SCIM 2.0: Update user account
+// @ID scim-update-user-status
+// @Security CoderSessionToken
+// @Produce application/scim+json
+// @Tags Enterprise
+// @Param id path string true "User ID" format(uuid)
+// @Param request body coderd.SCIMUser true "Update user request"
+// @Success 200 {object} codersdk.User
+// @Router /scim/v2/Users/{id} [patch]
 func (api *API) scimPatchUser(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	if !api.scimVerifyAuthHeader(r) {