idp-scim-sync icon indicating copy to clipboard operation
idp-scim-sync copied to clipboard

Published 20 hours ago verified publisher icon slashdevops

que: Issue in the ListUsers and ListGroups callback functions ?

Open laurentdelosieresfact opened this issue 2 years ago • 3 comments
trafficstars

Hello,

We have been investigating this issue. When Google is facing some problems, the list of groups returned is incomplete and the idp-scim-sync deletes the group on the AWS side. In other words, the users are losing access to our AWS infra :(

We think that this is related to the callback functions (see here and here). According to google-api-go-client code, "Pages invokes f for each page of results. A non-nil error returned from f will halt the iteration." As you can see in the body of the callback functions, we always return nil, so we never stop the iteration upon receiving an error, which might cause an inconsistency 🤔

Best, L.

laurentdelosieresfact avatar May 11 '23 16:05 laurentdelosieresfact

hi @laurentdelosieresfact thank you very much for your analysis, I will check it in deep to try to fix the problem we are experimenting with the deletion of groups because the Google side fails.

christiangda avatar May 11 '23 19:05 christiangda

@laurentdelosieresfact my PR will probably fix the issue you describe here, the problem I have is how to test it, I was trying to mock the release Google API but it is challenging because of the chaining of different methods and data structures.

I will try again with a different strategy to ensure that when the Pages method fails, propagate the error upstream.

christiangda avatar May 14 '23 17:05 christiangda

Hi @christiangda ,

We have been running the PR for over 2 months and we have not experienced any issues. No groups being randomly deleted 👍 Can you please merge the PR with the changes 🙏

Best, L.

laurentdelosieresfact avatar May 15 '23 10:05 laurentdelosieresfact