Adds support for nested groups #95
Conversation
|
any update here? |
|
So, I have multiple issues and pull requests relating to the how ssosync builds the user/group/group membership datasets. Having divide deep into the code it needs refactoring, which is where I currently am (In a feature branch). Once I have a functional build, I would be appreciate feedback before I push to master. Let me know If you would like me to update this thread when I have a candidate build. |
Sure, I'd be happy to test it out. |
Please count me in for a review |
| return nil, err | ||
| } | ||
|
|
||
| seenUsers := make(map[string]bool) |
There was a problem hiding this comment.
Instead of mapping to a bool, can we map to the user right here only if not seen before... just do the s.google.GetUser(m.Id) call right here?
|
So the feature branch is a much deeper over all of the internal logic. Getting back to the a left hand model of the Google directory (users, groups and memberships, filtered based on the supplied parameters) and comparing it to a right hand model of identity store (user, groups and memberships). Plus making better use of the external ids in identity store so we get faster more accurate matches, that survive updates on the left hand side, with a fall back match based on email address, so we can minimise delete/recreate events which result in loss of permission assignments in identity center. |
Issues
Sorry didn't raise a specific issue but some exist:
Fixes #66
Fixes #51
Fixes #27
Description
GetUserandGetGroupgetAllGroupMembers- This resolves all users from a nested group hierarchy (if any) and de-duplicates users by their unique ID. This is called bygetGoogleGroupsAndUsers.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.