in src/main/java/com/googlesource/gerrit/plugins/saml/SamlMembership.java [87:125]
public void sync(AuthenticatedUser user, SAML2Profile profile) throws IOException {
Set<AccountGroup.UUID> samlMembership =
Optional.ofNullable((List<?>) profile.getAttribute(memberAttr, List.class))
.orElse(Collections.emptyList())
.stream()
.map(m -> getOrCreateGroup(m.toString()))
.filter(Optional::isPresent)
.map(Optional::get)
.collect(Collectors.toSet());
IdentifiedUser identifiedUser = userFactory.create(getOrCreateAccountId(user));
Set<AccountGroup.UUID> userMembership =
identifiedUser.getEffectiveGroups().getKnownGroups().stream()
.filter(
uuid ->
groupCache
.get(uuid)
.filter(g -> g.getName().startsWith(GROUP_PREFIX))
.isPresent())
.collect(Collectors.toSet());
log.debug(
"User {} is member of {} in saml and {} in gerrit",
user.getUsername(),
samlMembership,
userMembership);
Set<Account.Id> accountIdSet = ImmutableSet.of(identifiedUser.getAccountId());
samlMembership.stream()
.filter(g -> !userMembership.contains(g))
.forEach(g -> this.updateMembers(g, members -> Sets.union(members, accountIdSet)));
userMembership.stream()
.filter(g -> !samlMembership.contains(g))
.forEach(
g ->
this.updateMembers(
g,
members ->
Sets.difference(members, ImmutableSet.of(identifiedUser.getAccountId()))));
}