Merge branch 'jej/fix-azure-scim-pre-check' into 'master'

Support new Azure SCIM pre-setup check

Closes #118558

See merge request gitlab-org/gitlab!22348

ee/app/finders/scim_finder.rb

@@ -27,6 +27,8 @@ class ScimFinder
 
     if eq_filter_on_extern_uid?(parser)
       by_extern_uid(parser)
+    elsif eq_filter_on_username?(parser)
+      by_username(parser)
     else
       raise UnsupportedFilter
     end
@@ -39,4 +41,13 @@ class ScimFinder
   def by_extern_uid(parser)
     Identity.where_group_saml_uid(saml_provider, parser.filter_params[:extern_uid])
   end
+
+  def eq_filter_on_username?(parser)
+    parser.filter_operator == :eq && parser.filter_params[:username].present?
+  end
+
+  def by_username(parser)
+    user = User.find_by_username(parser.filter_params[:username])
+    saml_provider.identities.for_user(user)
+  end
 end

ee/changelogs/unreleased/jej-fix-azure-scim-pre-check.yml

+---
+title: Support new Azure SCIM pre-setup check
+merge_request: 22348
+author:
+type: fixed

ee/spec/finders/scim_finder_spec.rb

@@ -37,6 +37,10 @@ describe ScimFinder do
           expect(finder.search(filter: "id eq #{identity.extern_uid}").first).to eq identity
           expect(finder.search(filter: "externalId eq #{identity.extern_uid}").first).to eq identity
         end
+
+        it 'allows lookup by userName' do
+          expect(finder.search(filter: "userName eq \"#{identity.user.username}\"").first).to eq identity
+        end
       end
 
       it 'returns all related identities if there is no filter' do
@@ -50,7 +54,7 @@ describe ScimFinder do
       end
 
       it 'raises an error if the attribute path is unsupported' do
-        expect { finder.search(filter: 'userName eq "name"').count }.to raise_error(ScimFinder::UnsupportedFilter)
+        expect { finder.search(filter: 'displayName eq "name"').count }.to raise_error(ScimFinder::UnsupportedFilter)
       end
     end
   end