awslabs / ssosync

Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Apache License 2.0
525 stars 181 forks source link

Sync fails for user with apostrophe in email address #139

Closed cgrice closed 7 months ago

cgrice commented 1 year ago

Describe the bug When syncing using the groups method, any users with an apostrophe in their email cause the sync to fail.

To Reproduce Steps to reproduce the behavior:

  1. Find a group with a user who has an email containing an apostrophe
  2. Run a sync using groups mode, with a --group-match set to match that group
  3. The sync fails with an "Error 400: Invalid Input: query, invalid" error

Expected behavior The sync should work as expected, including the user with the apostrophe.

Additional context I believe the issue is caused by these lines - https://github.com/awslabs/ssosync/blob/065189469236d528c98b95c170f6f4130ae013db/internal/sync.go#L565-L566 - there's a note to move to GetUser(m.Email) which I think would solve the issue.

I've managed to work around this by adding an email alias without an apostrophe, and ignoring the user in question with --ignore-users

ChrisPates commented 7 months ago

This should have been addressed v2.2.0, where we don't do per user queries, instead we have all users in a memory and pull the details from there.