feat: IdP management updates

- Add new fields for IdPs
- Add link from org to IdP + org to/from api funcs
- Add switch_active_identity_provider for new action endpoint

JIRA: LX-1187
risk: low

Author: chrisbonilla95

gooddata-sdk/gooddata_sdk/catalog/organization/entity_model/identity_provider.py

@@ -8,7 +8,6 @@
 from gooddata_api_client.model.json_api_identity_provider_in_attributes import JsonApiIdentityProviderInAttributes
 from gooddata_api_client.model.json_api_identity_provider_in_document import JsonApiIdentityProviderInDocument
 from gooddata_api_client.model.json_api_identity_provider_patch import JsonApiIdentityProviderPatch
-from gooddata_api_client.model.json_api_identity_provider_patch_attributes import JsonApiIdentityProviderPatchAttributes
 from gooddata_api_client.model.json_api_identity_provider_patch_document import JsonApiIdentityProviderPatchDocument
 
 from gooddata_sdk.catalog.base import Base
@@ -43,6 +42,11 @@ def init(
         oauth_client_secret: Optional[str] = None,
         oauth_issuer_location: Optional[str] = None,
         saml_metadata: Optional[str] = None,
+        idp_type: Optional[str] = None,
+        oauth_issuer_id: Optional[str] = None,
+        oauth_subject_id_claim: Optional[str] = None,
+        oauth_custom_auth_attributes: Optional[dict[str, str]] = None,
+        oauth_custom_scopes: Optional[list[str]] = None,
     ) -> CatalogIdentityProvider:
         return cls(
             id=identity_provider_id,
@@ -53,6 +57,11 @@ def init(
                 oauth_client_secret=oauth_client_secret,
                 oauth_issuer_location=oauth_issuer_location,
                 saml_metadata=saml_metadata,
+                idp_type=idp_type,
+                oauth_issuer_id=oauth_issuer_id,
+                oauth_subject_id_claim=oauth_subject_id_claim,
+                oauth_custom_auth_attributes=oauth_custom_auth_attributes,
+                oauth_custom_scopes=oauth_custom_scopes,
             ),
         )
 
@@ -66,6 +75,11 @@ def from_api(cls, entity: dict[str, Any]) -> CatalogIdentityProvider:
             oauth_client_secret=safeget(ea, ["oauth_client_secret"]),
             oauth_issuer_location=safeget(ea, ["oauth_issuer_location"]),
             saml_metadata=safeget(ea, ["saml_metadata"]),
+            idp_type=safeget(ea, ["idp_type"]),
+            oauth_issuer_id=safeget(ea, ["oauth_issuer_id"]),
+            oauth_subject_id_claim=safeget(ea, ["oauth_subject_id_claim"]),
+            oauth_custom_auth_attributes=safeget(ea, ["oauth_custom_auth_attributes"]),
+            oauth_custom_scopes=safeget(ea, ["oauth_custom_scopes"]),
         )
         return cls(
             id=entity["id"],
@@ -76,7 +90,7 @@ def from_api(cls, entity: dict[str, Any]) -> CatalogIdentityProvider:
     def to_api_patch(cls, identity_provider_id: str, attributes: dict) -> JsonApiIdentityProviderPatchDocument:
         return JsonApiIdentityProviderPatchDocument(
             data=JsonApiIdentityProviderPatch(
-                id=identity_provider_id, attributes=JsonApiIdentityProviderPatchAttributes(**attributes)
+                id=identity_provider_id, attributes=JsonApiIdentityProviderInAttributes(**attributes)
             )
         )
 
@@ -89,6 +103,11 @@ class CatalogIdentityProviderAttributes(Base):
     oauth_client_secret: Optional[str] = None
     oauth_issuer_location: Optional[str] = None
     saml_metadata: Optional[str] = None
+    idp_type: Optional[str] = None
+    oauth_issuer_id: Optional[str] = None
+    oauth_subject_id_claim: Optional[str] = None
+    oauth_custom_auth_attributes: Optional[dict[str, str]] = None
+    oauth_custom_scopes: Optional[list[str]] = None
 
     @staticmethod
     def client_class() -> type[JsonApiIdentityProviderInAttributes]:

gooddata-sdk/gooddata_sdk/catalog/organization/entity_model/organization.py

@@ -1,14 +1,20 @@
 # (C) 2022 GoodData Corporation
 from __future__ import annotations
 
-from typing import Optional
+from typing import Any, Optional
 
 import attr
+from gooddata_api_client.model.json_api_identity_provider_to_one_linkage import JsonApiIdentityProviderToOneLinkage
 from gooddata_api_client.model.json_api_organization_in import JsonApiOrganizationIn
 from gooddata_api_client.model.json_api_organization_in_attributes import JsonApiOrganizationInAttributes
 from gooddata_api_client.model.json_api_organization_in_document import JsonApiOrganizationInDocument
+from gooddata_api_client.model.json_api_organization_in_relationships import JsonApiOrganizationInRelationships
+from gooddata_api_client.model.json_api_organization_in_relationships_identity_provider import (
+    JsonApiOrganizationInRelationshipsIdentityProvider,
+)
 
 from gooddata_sdk.catalog.base import Base
+from gooddata_sdk.utils import safeget
 
 
 @attr.s(auto_attribs=True, kw_only=True)
@@ -30,11 +36,49 @@ def to_api(self, oauth_client_secret: Optional[str] = None) -> JsonApiOrganizati
 class CatalogOrganization(Base):
     id: str
     attributes: CatalogOrganizationAttributes
+    identity_provider_id: Optional[str] = None
 
     @staticmethod
     def client_class() -> type[JsonApiOrganizationIn]:
         return JsonApiOrganizationIn
 
+    @classmethod
+    def from_api(cls, entity: dict[str, Any]) -> CatalogOrganization:
+        ea = entity.get("attributes", {})
+        er = entity.get("relationships", {})
+
+        attributes = CatalogOrganizationAttributes(
+            name=safeget(ea, ["name"]),
+            hostname=safeget(ea, ["hostname"]),
+            allowed_origins=safeget(ea, ["allowed_origins"]),
+            oauth_issuer_location=safeget(ea, ["oauth_issuer_location"]),
+            oauth_client_id=safeget(ea, ["oauth_client_id"]),
+        )
+
+        identity_provider_id = safeget(er, ["identityProvider", "data", "id"])
+
+        return cls(
+            id=entity["id"],
+            attributes=attributes,
+            identity_provider_id=identity_provider_id,
+        )
+
+    def to_api(self) -> JsonApiOrganizationIn:
+        kwargs = {}
+        if self.identity_provider_id:
+            kwargs["relationships"] = JsonApiOrganizationInRelationships(
+                identity_provider=JsonApiOrganizationInRelationshipsIdentityProvider(
+                    data=JsonApiIdentityProviderToOneLinkage(id=self.identity_provider_id, type="identityProvider")
+                )
+            )
+
+        return JsonApiOrganizationIn(
+            id=self.id,
+            type="organization",
+            attributes=self.attributes.to_api(),
+            **kwargs,
+        )
+
 
 @attr.s(auto_attribs=True, kw_only=True)
 class CatalogOrganizationAttributes(Base):

gooddata-sdk/gooddata_sdk/catalog/organization/layout/identity_provider.py

@@ -17,6 +17,11 @@ class CatalogDeclarativeIdentityProvider(Base):
     oauth_client_secret: Optional[str] = None
     oauth_issuer_location: Optional[str] = None
     saml_metadata: Optional[str] = None
+    idp_type: Optional[str] = None
+    oauth_issuer_id: Optional[str] = None
+    oauth_subject_id_claim: Optional[str] = None
+    oauth_custom_auth_attributes: Optional[dict[str, str]] = None
+    oauth_custom_scopes: Optional[list[str]] = None
 
     @staticmethod
     def client_class() -> builtins.type[DeclarativeIdentityProvider]:

gooddata-sdk/gooddata_sdk/catalog/organization/service.py

@@ -2,6 +2,7 @@
 from __future__ import annotations
 
 import functools
+import json
 from typing import Any, Optional
 
 from gooddata_api_client.exceptions import NotFoundException
@@ -747,3 +748,46 @@ def put_declarative_export_templates(self, export_templates: list[CatalogDeclara
         self._layout_api.set_export_templates(
             declarative_export_templates=DeclarativeExportTemplates(export_templates=api_export_templates)
         )
+
+    def switch_active_identity_provider(self, identity_provider_id: str) -> None:
+        """Switch the active identity provider for the organization.
+
+        Args:
+            identity_provider_id (str):
+                Identity provider identification string e.g. "auth0"
+
+        Returns:
+            None
+
+        Raises:
+            ValueError:
+                Identity provider does not exist or operation failed.
+        """
+        try:
+            # Prepare the request payload
+            request_data = {"idpId": identity_provider_id}
+
+            # Make the request using the client's POST request method
+            response = self._client._do_post_request(
+                data=json.dumps(request_data).encode("utf-8"),
+                endpoint="api/v1/actions/organization/switchActiveIdentityProvider",
+                content_type="application/json",
+            )
+
+            # Check for successful response
+            if response.status_code not in (200, 204):
+                if response.status_code == 404:
+                    raise ValueError(
+                        f"Cannot switch to identity provider {identity_provider_id}. "
+                        f"This identity provider does not exist."
+                    )
+                else:
+                    raise ValueError(
+                        f"Failed to switch active identity provider. "
+                        f"Status code: {response.status_code}, Response: {response.text}"
+                    )
+
+        except Exception as e:
+            if isinstance(e, ValueError):
+                raise
+            raise ValueError(f"Error switching active identity provider: {str(e)}")