improved

internal/aws/client.go

@@ -56,7 +56,9 @@ type Client interface {
 	DeleteUser(*User) error
 	FindGroupByDisplayName(string) (*Group, error)
 	FindUserByEmail(string) (*User, error)
+	FindUserByID(string) (*User, error)
 	GetUsers() ([]*User, error)
+	GetGroupMembers(*Group) ([]*User, error)
 	IsUserInGroup(*User, *Group) (bool, error)
 	GetGroups() ([]*Group, error)
 	UpdateUser(*User) (*User, error)
@@ -271,6 +273,33 @@ func (c *client) FindUserByEmail(email string) (*User, error) {
 	return &r.Resources[0], nil
 }
 
+// FindUserByID will find the user by the email address specified
+func (c *client) FindUserByID(id string) (*User, error) {
+	startURL, err := url.Parse(c.endpointURL.String())
+	if err != nil {
+		return nil, err
+	}
+
+	startURL.Path = path.Join(startURL.Path, fmt.Sprintf("/Users/%s", id))
+
+	resp, err := c.sendRequest(http.MethodGet, startURL.String())
+	if err != nil {
+		return nil, err
+	}
+
+	var r UserFilterResults
+	err = json.Unmarshal(resp, &r)
+	if err != nil {
+		return nil, err
+	}
+
+	if r.TotalResults != 1 {
+		return nil, ErrUserNotFound
+	}
+
+	return &r.Resources[0], nil
+}
+
 // FindGroupByDisplayName will find the group by its displayname.
 func (c *client) FindGroupByDisplayName(name string) (*Group, error) {
 	startURL, err := url.Parse(c.endpointURL.String())
@@ -463,6 +492,51 @@ func (c *client) GetGroups() ([]*Group, error) {
 	return gps, nil
 }
 
+// GetGroupMembers will return existing groups
+func (c *client) GetGroupMembers(g *Group) ([]*User, error) {
+	startURL, err := url.Parse(c.endpointURL.String())
+	if err != nil {
+		return nil, err
+	}
+
+	if g == nil {
+		return nil, ErrGroupNotSpecified
+	}
+
+	filter := fmt.Sprintf("displayName eq \"%s\"", g.DisplayName)
+
+	startURL.Path = path.Join(startURL.Path, "/Groups")
+	q := startURL.Query()
+	q.Add("filter", filter)
+
+	startURL.RawQuery = q.Encode()
+
+	resp, err := c.sendRequest(http.MethodGet, startURL.String())
+	if err != nil {
+		return nil, err
+	}
+
+	var r GroupFilterResults
+	err = json.Unmarshal(resp, &r)
+	if err != nil {
+		return nil, err
+	}
+
+	var users = make([]*User, 0)
+	for _, res := range r.Resources {
+		for _, uID := range res.Members { // NOTE: Not Implemented Yet https://docs.aws.amazon.com/singlesignon/latest/developerguide/listgroups.html
+
+			user, err := c.FindUserByID(uID)
+			if err != nil {
+				return nil, err
+			}
+			users = append(users, user)
+		}
+	}
+
+	return users, nil
+}
+
 // GetUsers will return existing users
 func (c *client) GetUsers() ([]*User, error) {
 	startURL, err := url.Parse(c.endpointURL.String())

internal/aws/schema.go

@@ -19,6 +19,7 @@ type Group struct {
 	ID          string   `json:"id,omitempty"`
 	Schemas     []string `json:"schemas"`
 	DisplayName string   `json:"displayName"`
+	Members     []string `json:"members"`
 }
 
 // GroupFilterResults represents filtered results when we search for

internal/sync.go

@@ -17,6 +17,7 @@ package internal
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 
@@ -274,11 +275,6 @@ func (s *syncGSuite) SyncGroupsUsers(query string) error {
 		return err
 	}
 
-	// for _, val := range googleGroups {
-	// 	fmt.Println(val)
-	// }
-	//log.Fatal("stop here")
-
 	log.Debug("get google users and groups and its users")
 	googleUsers, googleGroupsUsers, err := s.getGoogleGroupsAndUsers(googleGroups)
 	if err != nil {
@@ -298,6 +294,12 @@ func (s *syncGSuite) SyncGroupsUsers(query string) error {
 		return err
 	}
 
+	// log.Debug("get aws groups and its users")
+	// awsGroupsUsers, err := s.getAWSGroupsAndUsers(awsGroups, awsUsers)
+	// if err != nil {
+	// 	return err
+	// }
+
 	// list of changes
 	addAWSUsers, delAWSUsers, updateAWSUsers, _ := getUserOperations(awsUsers, googleUsers)
 	addAWSGroups, delAWSGroups, equalAWSGroups := getGroupOperations(awsGroups, googleGroups)
@@ -370,8 +372,8 @@ func (s *syncGSuite) SyncGroupsUsers(query string) error {
 		for _, googleUser := range googleGroupsUsers[awsGroup.DisplayName] {
 
 			// equivalent aws user of google user on the fly
+			awsUserFull, err := s.aws.FindUserByEmail(googleUser.PrimaryEmail) // NOTE: improve, use awsGroupsUsers[awsGroup.DisplayName] instead
 
-			awsUserFull, err := s.aws.FindUserByEmail(googleUser.PrimaryEmail)
 			if err != nil {
 				return err
 			}
@@ -475,6 +477,34 @@ func (s *syncGSuite) getGoogleGroupsAndUsers(googleGroups []*admin.Group) ([]*ad
 	return gUsers, gGroupsUsers, nil
 }
 
+// getAWSGroupsAndUsers return a list of google users members of googleGroups
+// and a map of google groups and its users' list
+func (s *syncGSuite) getAWSGroupsAndUsers(awsGroups []*aws.Group, awsUsers []*aws.User) (map[string][]*aws.User, error) {
+	awsGroupsUsers := make(map[string][]*aws.User, len(awsGroups))
+	users := make([]*aws.User, 0)
+
+	for _, group := range awsGroups {
+
+		log := log.WithFields(log.Fields{"group": group.DisplayName})
+
+		log.Debug("get group members")
+
+		for _, user := range awsUsers {
+
+			found, err := s.aws.IsUserInGroup(user, group)
+			if err != nil {
+				return nil, err
+			}
+			if found {
+				users = append(users, user)
+			}
+		}
+
+		awsGroupsUsers[group.DisplayName] = users
+	}
+	return awsGroupsUsers, nil
+}
+
 // getGroupOperations returns the groups of AWS that must be added, deleted and are equals
 func getGroupOperations(awsGroups []*aws.Group, googleGroups []*admin.Group) (add []*aws.Group, delete []*aws.Group, equals []*aws.Group) {
 
@@ -625,3 +655,12 @@ func (s *syncGSuite) ignoreGroup(name string) bool {
 
 	return false
 }
+
+// toJSON return a json pretty of the stc
+func toJSON(stc interface{}) []byte {
+	JSON, err := json.MarshalIndent(stc, "", "  ")
+	if err != nil {
+		log.Fatalf(err.Error())
+	}
+	return JSON
+}

internal/sync_test.go

@@ -25,7 +25,7 @@ import (
 	admin "google.golang.org/api/admin/directory/v1"
 )
 
-// toJSON return a json prety of the stc
+// toJSON return a json pretty of the stc
 func toJSON(stc interface{}) []byte {
 	JSON, err := json.MarshalIndent(stc, "", "  ")
 	if err != nil {