in internal/sync.go [168:252]
func (s *syncGSuite) SyncGroups(query string) error {
log.WithField("query", query).Debug("get google groups")
googleGroups, err := s.google.GetGroups(query)
if err != nil {
return err
}
correlatedGroups := make(map[string]*aws.Group)
for _, g := range googleGroups {
if s.ignoreGroup(g.Email) || !s.includeGroup(g.Email) {
continue
}
log := log.WithFields(log.Fields{
"group": g.Email,
})
log.Debug("Check group")
var group *aws.Group
gg, err := s.aws.FindGroupByDisplayName(g.Email)
if err != nil && err != aws.ErrGroupNotFound {
return err
}
if gg != nil {
log.Debug("Found group")
correlatedGroups[gg.DisplayName] = gg
group = gg
} else {
log.Info("Creating group in AWS")
newGroup, err := s.aws.CreateGroup(aws.NewGroup(g.Email))
if err != nil {
return err
}
correlatedGroups[newGroup.DisplayName] = newGroup
group = newGroup
}
groupMembers, err := s.google.GetGroupMembers(g)
if err != nil {
return err
}
memberList := make(map[string]*admin.Member)
log.Info("Start group user sync")
for _, m := range groupMembers {
if _, ok := s.users[m.Email]; ok {
memberList[m.Email] = m
}
}
for _, u := range s.users {
log.WithField("user", u.Username).Debug("Checking user is in group already")
b, err := s.aws.IsUserInGroup(u, group)
if err != nil {
return err
}
if _, ok := memberList[u.Username]; ok {
if !b {
log.WithField("user", u.Username).Info("Adding user to group")
err := s.aws.AddUserToGroup(u, group)
if err != nil {
return err
}
}
} else {
if b {
log.WithField("user", u.Username).Warn("Removing user from group")
err := s.aws.RemoveUserFromGroup(u, group)
if err != nil {
return err
}
}
}
}
}
return nil
}