in internal/sync.go [273:469]
func (s *syncGSuite) SyncGroupsUsers(query string) error {
log.WithField("query", query).Info("get google groups")
googleGroups, err := s.google.GetGroups(query)
if err != nil {
return err
}
filteredGoogleGroups := []*admin.Group{}
for _, g := range googleGroups {
if s.ignoreGroup(g.Email) {
log.WithField("group", g.Email).Debug("ignoring group")
continue
}
filteredGoogleGroups = append(filteredGoogleGroups, g)
}
googleGroups = filteredGoogleGroups
log.Debug("preparing list of google users and then google groups and their members")
googleUsers, googleGroupsUsers, err := s.getGoogleGroupsAndUsers(googleGroups)
if err != nil {
return err
}
log.Info("get existing aws groups")
awsGroups, err := s.aws.GetGroups()
if err != nil {
log.Error("error getting aws groups")
return err
}
log.Info("get existing aws users")
awsUsers, err := s.aws.GetUsers()
if err != nil {
return err
}
log.Debug("preparing list of aws groups and their members")
awsGroupsUsers, err := s.getAWSGroupsAndUsers(awsGroups, awsUsers)
if err != nil {
return err
}
// create list of changes by operations
addAWSUsers, delAWSUsers, updateAWSUsers, _ := getUserOperations(awsUsers, googleUsers)
addAWSGroups, delAWSGroups, equalAWSGroups := getGroupOperations(awsGroups, googleGroups)
log.Info("syncing changes")
// delete aws users (deleted in google)
log.Debug("deleting aws users deleted in google")
for _, awsUser := range delAWSUsers {
log := log.WithFields(log.Fields{"user": awsUser.Username})
log.Debug("finding user")
awsUserFull, err := s.aws.FindUserByEmail(awsUser.Username)
if err != nil {
return err
}
log.Warn("deleting user")
if err := s.aws.DeleteUser(awsUserFull); err != nil {
log.Error("error deleting user")
return err
}
}
// update aws users (updated in google)
log.Debug("updating aws users updated in google")
for _, awsUser := range updateAWSUsers {
log := log.WithFields(log.Fields{"user": awsUser.Username})
log.Debug("finding user")
awsUserFull, err := s.aws.FindUserByEmail(awsUser.Username)
if err != nil {
return err
}
log.Warn("updating user")
_, err = s.aws.UpdateUser(awsUserFull)
if err != nil {
log.Error("error updating user")
return err
}
}
// add aws users (added in google)
log.Debug("creating aws users added in google")
for _, awsUser := range addAWSUsers {
log := log.WithFields(log.Fields{"user": awsUser.Username})
log.Info("creating user")
_, err := s.aws.CreateUser(awsUser)
if err != nil {
log.Error("error creating user")
return err
}
}
// add aws groups (added in google)
log.Debug("creating aws groups added in google")
for _, awsGroup := range addAWSGroups {
log := log.WithFields(log.Fields{"group": awsGroup.DisplayName})
log.Info("creating group")
_, err := s.aws.CreateGroup(awsGroup)
if err != nil {
log.Error("creating group")
return err
}
// add members of the new group
for _, googleUser := range googleGroupsUsers[awsGroup.DisplayName] {
// equivalent aws user of google user on the fly
log.Debug("finding user")
awsUserFull, err := s.aws.FindUserByEmail(googleUser.PrimaryEmail)
if err != nil {
return err
}
log.WithField("user", awsUserFull.Username).Info("adding user to group")
err = s.aws.AddUserToGroup(awsUserFull, awsGroup)
if err != nil {
return err
}
}
}
// list of users to to be removed in aws groups
deleteUsersFromGroup, _ := getGroupUsersOperations(googleGroupsUsers, awsGroupsUsers)
// validate groups members are equal in aws and google
log.Debug("validating groups members, equals in aws and google")
for _, awsGroup := range equalAWSGroups {
// add members of the new group
log := log.WithFields(log.Fields{"group": awsGroup.DisplayName})
for _, googleUser := range googleGroupsUsers[awsGroup.DisplayName] {
log.WithField("user", googleUser.PrimaryEmail).Debug("finding user")
awsUserFull, err := s.aws.FindUserByEmail(googleUser.PrimaryEmail)
if err != nil {
return err
}
log.WithField("user", awsUserFull.Username).Debug("checking user is in group already")
b, err := s.aws.IsUserInGroup(awsUserFull, awsGroup)
if err != nil {
return err
}
if !b {
log.WithField("user", awsUserFull.Username).Info("adding user to group")
err := s.aws.AddUserToGroup(awsUserFull, awsGroup)
if err != nil {
return err
}
}
}
for _, awsUser := range deleteUsersFromGroup[awsGroup.DisplayName] {
log.WithField("user", awsUser.Username).Warn("removing user from group")
err := s.aws.RemoveUserFromGroup(awsUser, awsGroup)
if err != nil {
return err
}
}
}
// delete aws groups (deleted in google)
log.Debug("delete aws groups deleted in google")
for _, awsGroup := range delAWSGroups {
log := log.WithFields(log.Fields{"group": awsGroup.DisplayName})
log.Debug("finding group")
awsGroupFull, err := s.aws.FindGroupByDisplayName(awsGroup.DisplayName)
if err != nil {
return err
}
log.Warn("deleting group")
err = s.aws.DeleteGroup(awsGroupFull)
if err != nil {
log.Error("deleting group")
return err
}
}
log.Info("sync completed")
return nil
}