Skip to content

Commit 8078b7b

Browse files
ChrisPatesChrisPates
authored
BugFix Release (#263)
Issue #, if available: #261 - lambda function crashing with runtime, unknown error after update to 230 #262 - Fix to catch GoogleAPI errors, has a hole. Description of changes: #261 Caused by an undocumented type of group member (CUSTOMER), and the logic wasn't catching that case. Updated to ignore any non USER members in the first statement. #262 Implemented the recommended change to close the error handling gap.
1 parent 51e2734 commit 8078b7b

File tree

4 files changed

+132
-135
lines changed

4 files changed

+132
-135
lines changed

cicd/deploy_patterns/staging/buildspec.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ phases:
5252
# Update params with the values for this run for a developer account
5353
- |
5454
jq -n \
55-
--argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:AWS*\"}" \
55+
--argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:AWS*,name=NestedGroups,name=ExternalUserTest\"}" \
5656
--argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \
5757
'$ARGS.named' > ./deploy/developer.json
5858
- cat ./deploy/developer.json

cicd/deploy_patterns/staging/stack.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,5 +73,6 @@ Resources:
7373
- '}}'
7474
SyncMethod: groups
7575
GoogleGroupMatch: !Ref GroupMatch
76+
ScheduleExpression: ''
7677
LogLevel: warn
7778
LogFormat: json

internal/google/client.go

Lines changed: 33 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -68,13 +68,12 @@ func (c *client) GetDeletedUsers() ([]*admin.User, error) {
6868
u := make([]*admin.User, 0)
6969
var err error
7070

71-
err = c.service.Users.List().Customer("my_customer").ShowDeleted("true").Pages(c.ctx, func(users *admin.Users) error {
72-
if err != nil {
73-
return err
74-
}
71+
if err = c.service.Users.List().Customer("my_customer").ShowDeleted("true").Pages(c.ctx, func(users *admin.Users) error {
7572
u = append(u, users.Users...)
7673
return nil
77-
})
74+
}); err != nil {
75+
return nil, err
76+
}
7877

7978
return u, err
8079
}
@@ -84,13 +83,12 @@ func (c *client) GetGroupMembers(g *admin.Group) ([]*admin.Member, error) {
8483
m := make([]*admin.Member, 0)
8584
var err error
8685

87-
err = c.service.Members.List(g.Id).IncludeDerivedMembership(true).Pages(context.TODO(), func(members *admin.Members) error {
88-
if err != nil {
89-
return err
90-
}
86+
if err = c.service.Members.List(g.Id).IncludeDerivedMembership(true).Pages(context.TODO(), func(members *admin.Members) error {
9187
m = append(m, members.Members...)
9288
return nil
93-
})
89+
}); err != nil {
90+
return nil, err
91+
}
9492

9593
return m, err
9694
}
@@ -101,13 +99,14 @@ func (c *client) GetGroupMembers(g *admin.Group) ([]*admin.Member, error) {
10199
// * https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/list
102100
// * https://developers.google.com/admin-sdk/directory/v1/guides/search-users
103101
// query possible values:
104-
// '' --> empty or not defined
105-
// name:'Jane'
106-
// email:admin*
107-
// isAdmin=true
108-
// manager='[email protected]'
109-
// orgName=Engineering orgTitle:Manager
110-
// EmploymentData.projects:'GeneGnomes'
102+
// ” --> empty or not defined
103+
//
104+
// name:'Jane'
105+
// email:admin*
106+
// isAdmin=true
107+
// manager='[email protected]'
108+
// orgName=Engineering orgTitle:Manager
109+
// EmploymentData.projects:'GeneGnomes'
111110
func (c *client) GetUsers(query string, filter string) ([]*admin.User, error) {
112111
u := make([]*admin.User, 0)
113112
var err error
@@ -119,27 +118,26 @@ func (c *client) GetUsers(query string, filter string) ([]*admin.User, error) {
119118

120119
// If we have wildcard then fetch all users
121120
if query == "*" {
122-
err = c.service.Users.List().Query(filter).Customer("my_customer").Pages(c.ctx, func(users *admin.Users) error {
123-
if err != nil {
124-
return err
125-
}
121+
if err = c.service.Users.List().Query(filter).Customer("my_customer").Pages(c.ctx, func(users *admin.Users) error {
126122
u = append(u, users.Users...)
127123
return nil
128-
})
124+
}); err != nil {
125+
return nil, err
126+
}
127+
129128
} else {
130129

131130
// The Google api doesn't support multi-part queries, but we do so we need to split into an array of query strings
132131
queries := strings.Split(query, ",")
133132

134133
// Then call the api one query at a time, appending to our list
135134
for _, subQuery := range queries {
136-
err = c.service.Users.List().Query(subQuery + filter).Customer("my_customer").Pages(c.ctx, func(users *admin.Users) error {
137-
if err != nil {
138-
return err
139-
}
135+
if err = c.service.Users.List().Query(subQuery+filter).Customer("my_customer").Pages(c.ctx, func(users *admin.Users) error {
140136
u = append(u, users.Users...)
141137
return nil
142-
})
138+
}); err != nil {
139+
return nil, err
140+
}
143141
}
144142
}
145143

@@ -182,13 +180,12 @@ func (c *client) GetGroups(query string) ([]*admin.Group, error) {
182180

183181
// If we have wildcard then fetch all groups
184182
if query == "*" {
185-
err = c.service.Groups.List().Customer("my_customer").Pages(context.TODO(), func(groups *admin.Groups) error {
186-
if err != nil {
187-
return err
188-
}
183+
if err = c.service.Groups.List().Customer("my_customer").Pages(context.TODO(), func(groups *admin.Groups) error {
189184
g = append(g, groups.Groups...)
190185
return nil
191-
})
186+
}); err != nil {
187+
return nil, err
188+
}
192189
return g, err
193190
}
194191

@@ -197,13 +194,12 @@ func (c *client) GetGroups(query string) ([]*admin.Group, error) {
197194

198195
// Then call the api one query at a time, appending to our list
199196
for _, subQuery := range queries {
200-
err = c.service.Groups.List().Customer("my_customer").Query(subQuery).Pages(context.TODO(), func(groups *admin.Groups) error {
201-
if err != nil {
202-
return err
203-
}
197+
if err = c.service.Groups.List().Customer("my_customer").Query(subQuery).Pages(context.TODO(), func(groups *admin.Groups) error {
204198
g = append(g, groups.Groups...)
205199
return nil
206-
})
200+
}); err != nil {
201+
return nil, err
202+
}
207203
}
208204

209205
// Check we've got some users otherwise something is wrong.

0 commit comments

Comments
 (0)