Add awslabs#55 & awslabs#45

Tony Nyurkin · Tony Nyurkin · commit bd0978810f95 · 2021-09-17T14:03:15.000+03:00
diff --git a/README.md b/README.md
@@ -119,7 +119,7 @@ Flags:
   -e, --endpoint string             AWS SSO SCIM API Endpoint
   -u, --google-admin string         Google Workspace admin user email
   -c, --google-credentials string   path to Google Workspace credentials file (default "credentials.json")
-  -g, --group-match string          Google Workspace Groups filter query parameter, example: 'name:Admin* email:aws-*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups
+  -g, --group-match strings         Google Workspace Groups filter query parameter, example: 'name:Admin* email:aws-*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups (You can specify this flag multiple times for OR clause)
   -h, --help                        help for ssosync
       --ignore-groups strings       ignores these Google Workspace groups
       --ignore-users strings        ignores these Google Workspace users
diff --git a/cmd/root.go b/cmd/root.go
@@ -172,7 +172,7 @@ func addFlags(cmd *cobra.Command, cfg *config.Config) {
 	rootCmd.Flags().StringSliceVar(&cfg.IgnoreGroups, "ignore-groups", []string{}, "ignores these Google Workspace groups")
 	rootCmd.Flags().StringSliceVar(&cfg.IncludeGroups, "include-groups", []string{}, "include only these Google Workspace groups, NOTE: only works when --sync-method 'users_groups'")
 	rootCmd.Flags().StringVarP(&cfg.UserMatch, "user-match", "m", "", "Google Workspace Users filter query parameter, example: 'name:John* email:admin*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-users")
-	rootCmd.Flags().StringVarP(&cfg.GroupMatch, "group-match", "g", "", "Google Workspace Groups filter query parameter, example: 'name:Admin* email:aws-*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups")
+	rootCmd.Flags().StringSliceVarP(&cfg.GroupMatch, "group-match", "g", []string{""}, "Google Workspace Groups filter query parameter, example: 'name:Admin* email:aws-*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups (You can specify this flag multiple times for OR clause)")
 	rootCmd.Flags().StringVarP(&cfg.SyncMethod, "sync-method", "s", config.DefaultSyncMethod, "Sync method to use (users_groups|groups)")
 }
 
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -16,7 +16,7 @@ type Config struct {
 	// UserMatch ...
 	UserMatch string `mapstructure:"user_match"`
 	// GroupFilter ...
-	GroupMatch string `mapstructure:"group_match"`
+	GroupMatch []string `mapstructure:"group_match"`
 	// SCIMEndpoint ....
 	SCIMEndpoint string `mapstructure:"scim_endpoint"`
 	// SCIMAccessToken ...
diff --git a/internal/sync.go b/internal/sync.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"fmt"
 	"io/ioutil"
+	"time"
 
 	"github.com/awslabs/ssosync/internal/aws"
 	"github.com/awslabs/ssosync/internal/config"
@@ -32,8 +33,8 @@ import (
 // SyncGSuite is the interface for synchronizing users/groups
 type SyncGSuite interface {
 	SyncUsers(string) error
-	SyncGroups(string) error
-	SyncGroupsUsers(string) error
+	SyncGroups([]string) error
+	SyncGroupsUsers([]string) error
 }
 
 // SyncGSuite is an object type that will synchronize real users and groups
@@ -165,10 +166,8 @@ func (s *syncGSuite) SyncUsers(query string) error {
 //  name:contact* email:contact*
 //  name:Admin* email:aws-*
 //  email:aws-*
-func (s *syncGSuite) SyncGroups(query string) error {
-
-	log.WithField("query", query).Debug("get google groups")
-	googleGroups, err := s.google.GetGroups(query)
+func (s *syncGSuite) SyncGroups(queries []string) error {
+	googleGroups, err := s.getGroups(queries)
 	if err != nil {
 		return err
 	}
@@ -270,10 +269,8 @@ func (s *syncGSuite) SyncGroups(query string) error {
 //  4) add groups in aws and add its members, these were added in google
 //  5) validate equals aws an google groups members
 //  6) delete groups in aws, these were deleted in google
-func (s *syncGSuite) SyncGroupsUsers(query string) error {
-
-	log.WithField("query", query).Info("get google groups")
-	googleGroups, err := s.google.GetGroups(query)
+func (s *syncGSuite) SyncGroupsUsers(queries []string) error {
+	googleGroups, err := s.getGroups(queries)
 	if err != nil {
 		return err
 	}
@@ -359,14 +356,16 @@ func (s *syncGSuite) SyncGroupsUsers(query string) error {
 	// add aws users (added in google)
 	log.Debug("creating aws users added in google")
 	for _, awsUser := range addAWSUsers {
+		user, _ := s.aws.FindUserByEmail(awsUser.Username)
+		if user == nil {
+			log := log.WithFields(log.Fields{"user": awsUser.Username})
 
-		log := log.WithFields(log.Fields{"user": awsUser.Username})
-
-		log.Info("creating user")
-		_, err := s.aws.CreateUser(awsUser)
-		if err != nil {
-			log.Error("error creating user")
-			return err
+			log.Info("creating user")
+			_, err := s.aws.CreateUser(awsUser)
+			if err != nil {
+				log.Error("error creating user")
+				return err
+			}
 		}
 	}
 
@@ -503,6 +502,7 @@ func (s *syncGSuite) getGoogleGroupsAndUsers(googleGroups []*admin.Group) ([]*ad
 
 			log.WithField("id", m.Email).Debug("get user")
 			q := fmt.Sprintf("email:%s", m.Email)
+			time.Sleep(1 * time.Second)
 			u, err := s.google.GetUsers(q) // TODO: implement GetUser(m.Email)
 			if err != nil {
 				return nil, nil, err
@@ -555,6 +555,32 @@ func (s *syncGSuite) getAWSGroupsAndUsers(awsGroups []*aws.Group, awsUsers []*aw
 	return awsGroupsUsers, nil
 }
 
+// getGroups returns Google Groups from multiple queries.
+func (s *syncGSuite) getGroups(queries []string) ([]*admin.Group, error) {
+	uniqueGroups := map[string]*admin.Group{}
+
+	for _, query := range queries {
+		log.WithField("query", query).Debug("get google groups")
+		googleGroups, err := s.google.GetGroups(query)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, group := range googleGroups {
+			uniqueGroups[group.Id] = group
+		}
+	}
+
+	groups := make([]*admin.Group, len(uniqueGroups))
+	var i int
+	for _, group := range uniqueGroups {
+		groups[i] = group
+		i++
+	}
+
+	return groups, nil
+}
+
 // getGroupOperations returns the groups of AWS that must be added, deleted and are equals
 func getGroupOperations(awsGroups []*aws.Group, googleGroups []*admin.Group) (add []*aws.Group, delete []*aws.Group, equals []*aws.Group) {
 

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,7 @@ func addFlags(cmd cobra.Command, cfg config.Config) {`
`172`	`172`	`rootCmd.Flags().StringSliceVar(&cfg.IgnoreGroups, "ignore-groups", []string{}, "ignores these Google Workspace groups")`
`173`	`173`	`rootCmd.Flags().StringSliceVar(&cfg.IncludeGroups, "include-groups", []string{}, "include only these Google Workspace groups, NOTE: only works when --sync-method 'users_groups'")`
`174`	`174`	`rootCmd.Flags().StringVarP(&cfg.UserMatch, "user-match", "m", "", "Google Workspace Users filter query parameter, example: 'name:John* email:admin*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-users")`
`175`		`- rootCmd.Flags().StringVarP(&cfg.GroupMatch, "group-match", "g", "", "Google Workspace Groups filter query parameter, example: 'name:Admin* email:aws-*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups")`
	`175`	`+ rootCmd.Flags().StringSliceVarP(&cfg.GroupMatch, "group-match", "g", []string{""}, "Google Workspace Groups filter query parameter, example: 'name:Admin* email:aws-*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups (You can specify this flag multiple times for OR clause)")`
`176`	`176`	`rootCmd.Flags().StringVarP(&cfg.SyncMethod, "sync-method", "s", config.DefaultSyncMethod, "Sync method to use (users_groups\|groups)")`
`177`	`177`	`}`
`178`	`178`