awslabs / ssosync

Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Apache License 2.0
525 stars 181 forks source link

Panic - Due to lack of handling of External Users #119

Closed inickles closed 1 year ago

inickles commented 1 year ago

Describe the bug

I'm getting an panic with Google group that has an external member:

$ ./ssosync ...
INFO[0000] Syncing AWS users and groups from Google Workspace SAML Application
INFO[0000] syncing                                       sync_method=groups
INFO[0000] get google groups                             query=
DEBU[0000] preparing list of google users and then google groups and their members
DEBU[0000] get group members from google                 group=REDACTED
DEBU[0000] get users                                     group=REDACTED
DEBU[0000] get user                                      group=REDACTED id=REDACTED
...
panic: runtime error: index out of range [0] with length 0
github.com/awslabs/ssosync/internal.(*syncGSuite).getGoogleGroupsAndUsers(0xc00090fbe8, {0xc00066e400, 0x33, 0x1?})
        /home/inickles/src/ssosync/internal/sync.go:565 +0xa2e
github.com/awslabs/ssosync/internal.(*syncGSuite).SyncGroupsUsers(0xc00090fbe8, {0x0, 0x0})
        /home/inickles/src/ssosync/internal/sync.go:305 +0x33b
github.com/awslabs/ssosync/internal.DoSync({0xfe8698, 0xc000554c80}, 0xc0004065a0)
        /home/inickles/src/ssosync/internal/sync.go:747 +0x485
github.com/awslabs/ssosync/cmd.glob..func1(0x14f1120?, {0xd2cfe7?, 0xf?, 0xf?})
        /home/inickles/src/ssosync/cmd/root.go:57 +0x5b
github.com/spf13/cobra.(*Command).execute(0x14f1120, {0xc0001ac010, 0xf, 0xf})
        /home/inickles/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:852 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0x14f1120)
        /home/inickles/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:960 +0x39d
github.com/spf13/cobra.(*Command).Execute(...)
        /home/inickles/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:897
github.com/awslabs/ssosync/cmd.Execute()
        /home/inickles/src/ssosync/cmd/root.go:74 +0x93
main.main()
        /home/inickles/src/ssosync/main.go:29 +0x17

To Reproduce Steps to reproduce the behavior:

  1. Create Google group with external member
  2. Run to include the group
  3. See error

Expected behavior

I expect a warning or a proper error message, not a fatal panic.

Additional context

I'm not trying to include external members from SSO sync. I don't even care about syncing this particular group I have that caused the issue, I'm going to exclude it to later runs. Still, this should be handled gracefully.

ChrisPates commented 1 year ago

Resolved by release v2.0.2