feat: Add wildcard support for ignore flags and fix for deletion logic#306
Open
Dakad wants to merge 4 commits into
Open
feat: Add wildcard support for ignore flags and fix for deletion logic#306Dakad wants to merge 4 commits into
Dakad wants to merge 4 commits into
Conversation
- Implement glob-style wildcard matching in ignoreUser and ignoreGroup using path.Match. - Update getGroupOperations and getUserOperations to respect ignore filters, preventing the accidental deletion of manual AWS IAM Identity Center objects that are not present in Google Workspace.
…void mismatches. - Improved logging to provide detailed information on group and user deletions, including counts and specific actions taken. - Added safety checks to skip deletions for groups and users listed in the ignore list, ensuring no accidental removals occur.
- Added tests for wildcard matching in ignoreUser and ignoreGroup functions. - Verified group and user operations with respect to ignore lists, ensuring correct handling of additions, deletions, and matches.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Resolves #305
Description of changes:
This PR enhances the user and group "ignore" functionality by introducing wildcard support and strengthening the safety checks during the deletion phase.
--ignore-usersand--ignore-groupsto support*wildcards using Go'spath.Match. This acts as a "Global Safety Net," allowing administrators to protect patterns of users/groups (e.g.,*@internal.com) from being deleted, even if they aren't present in the source directory.getUserOperationsandgetGroupOperationsto prevent ignored entities from even entering the "to-delete" queue.SyncGroupsUsersas a fail-safe to ensure no ignored user or group is deleted.strings.TrimSpace) for ignore list entries and comparison strings to prevent mismatches caused by leading/trailing spaces in configuration.internal/sync_test.gocovering wildcard matching scenarios and the filtered operation logic.Why this approach?
By moving the ignore logic into the operation calculation phase (
get...Operations), we minimise unnecessary API calls and log noise. The secondary check in the deletion loop serves as a "defense-in-depth" measure, if the sync logic is refactored in the future, the safety net for protected accounts remains intact.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.