Skip to content

Add config AwsGroupMatch to filter which AWS groups get compared #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
dancorne wants to merge 6 commits into
base: master
Choose a base branch
from
Draft

Add config AwsGroupMatch to filter which AWS groups get compared #1

dancorne wants to merge 6 commits into from

Conversation

@dancorne
Copy link
Collaborator

@dancorne dancorne commented Sep 12, 2023

We want to switch to the groups sync method instead of users_groups due to the latter timing out after 15 minutes. However groups will delete any groups in AWS that aren't found in the Google query. By filtering which AWS groups we get, we can then ignore certain AWS groups from this process.

For example, a Google query of name:PREFIX-* will return all Google groups starting with PREFIX-. We can then set this new config option to ^PREFIX.* which will only get AWS groups that match.

Of course, this is pretty dangerous -- if you filter out AWS groups that match ones in Google then you're at risk of SSOSync attempting to recreate groups persistently and erroring. I initially attempted to adapt the Google GroupMatch into a string match for AWS groups, however this ended up potentially more precarious because the Google query can include multiple statements.

@dancorne
Add config AwsGroupMatch to filter which AWS groups get compared
8982f68 
This is potentially dangerous for the reason in the comment, but useful
for our purposes and we just need something that works.
dancorne pushed a commit that referenced this pull request Nov 6, 2023
@imlach
Merge pull request #1 from fac/add-repository-skeleton
d62d3b9 
Add initial Dockerfile and skeleton for ssosync lambda
@agnes-gajda agnes-gajda marked this pull request as ready for review February 8, 2024 12:05
@agnes-gajda
Copy link

agnes-gajda commented Feb 8, 2024
edited
Loading

let's test this out in dev, tag: v100.100.100-local

@dancorne
Copy link
Collaborator Author

dancorne commented Feb 12, 2024

Marking as a draft until this gets tested in dev.

@dancorne dancorne marked this pull request as draft February 12, 2024 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dancorne @agnes-gajda