search

awslabs / ssosync

Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Apache License 2.0
512 stars 175 forks source link

Nested group flattening not working #186

Closed naharoo closed 5 months ago

naharoo commented 5 months ago

Describe the bug

Running the v2.2.1 version of SSOSync doesn't flatten nested Google Workspace Groups.

To Reproduce

  1. Deploy SSOSync in an AWS account using the Serverless Application Repository template according to the Readme doc.
  2. Set name:AWS* as GoogleGroupMatch
  3. Create Google Workpsace groups AWS Group 1 and AWS Group 2
  4. Add an internal user to group AWS Group 2
  5. Add the group AWS Group 2 to group AWS Group 1
  6. Trigger the lambda function

Expected behavior

I expect the user and the group to be created in AWS SSO and the user to be added to the group.

Additional context

I guess that the following code snippet from sync.go file is causing this problem:

for _, m := range groupMembers {

    // ...

    // handle nested groups, by adding their membership to the end of googleMembers
    if m.Type == "GROUP" {
        groupMembers = append (groupMembers, s.getGoogleSubGroupMembers(m)...)
        continue
    }

    // ...
}

As you can see it is updating the variable groupMembers and the loop will not iterate over the newly added items.

ChrisPates commented 5 months ago

Thank you are quite right. More hast less speed, let me take a look and I'll try to get a fix out shortly.

ChrisPates commented 5 months ago

Fix coming through as v2.2.2. Building now.

naharoo commented 5 months ago

@ChrisPates thanks for the quick fix! I can confirm that the group nested feature works like a charm in v2.2.2.