(feat) ignore users and groups

fac · Jul 30, 2020 · 0e2fbe7 · 0e2fbe7
1 parent c65b4d0
commit 0e2fbe7
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -112,6 +112,8 @@ Flags:
   -u, --google-admin string         Google Admin Email
   -c, --google-credentials string   set the path to find credentials for Google (default "credentials.json")
   -h, --help                        help for ssosync
+      --ignore-groups strings       ignores these groups
+      --ignore-users strings        ignores these users
       --log-format string           log format (default "text")
       --log-level string            log level (default "warn")
   -v, --version                     version for ssosync
@@ -129,6 +131,8 @@ The output of the command when run without 'debug' turned on looks like this:
 2020-05-26T12:08:15.703+0100	INFO	internal/sync.go:183	Done sync groups
 ```
 
+You can ignore users to be synced by setting `--ignore-users [email protected],[email protected]` or `[email protected],[email protected]`. Groups are ignored by setting `--ignore-groups [email protected],[email protected]` or `[email protected],[email protected]`.
+
 ## AWS Lambda Usage
 
 NOTE: Using Lambda may incur costs in your AWS account. Please make sure you have checked

diff --git a/cmd/root.go b/cmd/root.go
@@ -95,7 +95,7 @@ func initConfig() {
 	viper.SetEnvPrefix("ssosync")
 	viper.AutomaticEnv()
 
-	for _, e := range []string{"google_admin", "google_credentials", "scim_access_token", "scim_endpoint", "log_level", "log_format"} {
+	for _, e := range []string{"google_admin", "google_credentials", "scim_access_token", "scim_endpoint", "log_level", "log_format", "ignore_users", "ignore_groups"} {
 		if err := viper.BindEnv(e); err != nil {
 			log.Fatalf(errors.Wrap(err, "cannot bind environment variable").Error())
 		}
@@ -152,6 +152,8 @@ func addFlags(cmd *cobra.Command, cfg *config.Config) {
 	rootCmd.Flags().StringVarP(&cfg.SCIMEndpoint, "endpoint", "e", "", "SCIM Endpoint")
 	rootCmd.Flags().StringVarP(&cfg.GoogleCredentials, "google-credentials", "c", config.DefaultGoogleCredentials, "set the path to find credentials for Google")
 	rootCmd.Flags().StringVarP(&cfg.GoogleAdmin, "google-admin", "u", "", "Google Admin Email")
+	rootCmd.Flags().StringSliceVar(&cfg.IgnoreUsers, "ignore-users", []string{}, "ignores these users")
+	rootCmd.Flags().StringSliceVar(&cfg.IgnoreGroups, "ignore-groups", []string{}, "ignores these groups")
 }
 
 func logConfig(cfg *config.Config) {

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -18,6 +18,10 @@ type Config struct {
 	SCIMAccessToken string `mapstructure:"scim_access_token"`
 	// IsLambda ...
 	IsLambda bool
+	// Ignore users ...
+	IgnoreUsers []string `mapstructure:"ignore_users"`
+	// Ignore groups ...
+	IgnoreGroups []string `mapstructure:"ignore_groups"`
 }
 
 const (

diff --git a/internal/sync.go b/internal/sync.go
@@ -37,15 +37,17 @@ type SyncGSuite interface {
 type syncGSuite struct {
 	aws    aws.Client
 	google google.Client
+	cfg    *config.Config
 
 	users map[string]*aws.User
 }
 
 // New will create a new SyncGSuite object
-func New(a aws.Client, g google.Client) SyncGSuite {
+func New(cfg *config.Config, a aws.Client, g google.Client) SyncGSuite {
 	return &syncGSuite{
 		aws:    a,
 		google: g,
+		cfg:    cfg,
 		users:  make(map[string]*aws.User),
 	}
 }
@@ -84,6 +86,10 @@ func (s *syncGSuite) SyncUsers() error {
 	}
 
 	for _, u := range googleUsers {
+		if s.ignoreUser(u.PrimaryEmail) {
+			continue
+		}
+
 		ll := log.WithFields(log.Fields{
 			"email": u.PrimaryEmail,
 		})
@@ -136,8 +142,12 @@ func (s *syncGSuite) SyncGroups() error {
 	correlatedGroups := make(map[string]*aws.Group)
 
 	for _, g := range googleGroups {
+		if s.ignoreGroup(g.Email) {
+			continue
+		}
+
 		log := log.WithFields(log.Fields{
-			"group": g.Name,
+			"group": g.Email,
 		})
 
 		log.Debug("Check group")
@@ -205,17 +215,6 @@ func (s *syncGSuite) SyncGroups() error {
 		}
 	}
 
-	// log.Info("Clean up AWS groups")
-	// for _, g := range awsGroups {
-	// 	if _, ok := correlatedGroups[g.DisplayName]; !ok {
-	// 		log.Info("Delete Group in AWS", zap.String("group", g.DisplayName))
-	// 		err := s.aws.DeleteGroup(&g)
-	// 		if err != nil {
-	// 			return err
-	// 		}
-	// 	}
-	// }
-
 	return nil
 }
 
@@ -249,7 +248,7 @@ func DoSync(ctx context.Context, cfg *config.Config) error {
 		return err
 	}
 
-	c := New(awsClient, googleClient)
+	c := New(cfg, awsClient, googleClient)
 	err = c.SyncUsers()
 	if err != nil {
 		return err
@@ -262,3 +261,23 @@ func DoSync(ctx context.Context, cfg *config.Config) error {
 
 	return nil
 }
+
+func (s *syncGSuite) ignoreUser(name string) bool {
+	for _, u := range s.cfg.IgnoreUsers {
+		if u == name {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (s *syncGSuite) ignoreGroup(name string) bool {
+	for _, g := range s.cfg.IgnoreGroups {
+		if g == name {
+			return true
+		}
+	}
+
+	return false
+}