feat: add AD user groups retrieval function to identity shard

2026-04-15 17:30:11 -04:00 · 2026-04-15 17:30:11 -04:00 · 4539653d79
commit 4539653d79
parent a4c09bd43d
2 changed files with 31 additions and 0 deletions
--- a/nexus-mcp/src/identity_backend.py
+++ b/nexus-mcp/src/identity_backend.py
@ -0,0 +1,22 @@
+from typing import Set
+
+# Fields allowed to be returned to the MCP client
+ALLOWED_USER_FIELDS: Set[str] = {
+    "username",
+    "display_name",
+    "first_name",
+    "last_name",
+    "email",
+    "enabled",
+    "ou",
+    "description",
+    "last_logon_utc",
+    "when_created_utc",
+    "department",
+    "title",
+}
+
+
+class IdentityBackend:
+    """Base interface for Identity Shard backends."""
+    pass
--- a/nexus-mcp/src/shards/identity.py
+++ b/nexus-mcp/src/shards/identity.py
@ -121,6 +121,15 @@ def register(mcp: FastMCP) -> None:
        logger.warning("ad_list_groups: group enumeration not yet implemented in AD backend")
        return []

+    @mcp.tool()
+    async def ad_get_user_groups(sam_account_name: str) -> list[str]:
+        """Get all AD groups for a specific user."""
+        if _USE_MOCK:
+            # Mock logic here...
+            return ["Domain Users", "Wheels-IT"]
+        
+        return await _get_ad().get_user_groups(sam_account_name)
+
    @mcp.tool()
    async def ad_get_group_members(group_dn: str) -> list[dict]:
        """Return all members of an Active Directory group by its distinguished name."""