github-team-sync
github-team-sync copied to clipboard
3rd-party-integrations
Nested Group Support
Our org has some nested AD groups. Here's an example group structure:
Group A
* User 1
* Group B
Group B
* User 2
* User 3
If I were to sync Group A to a GitHub team, I would like to see Users 1, 2, and 3 to be added to the team. Currently I'm seeing an exception when encountering the Group B member because it doesn't have a sAMAccountName.
@timhirsh The exceptions are handled in 2.0 and it skips over groups. We'll be looking into support for nested teams in version 2.1
Hello there @primetheus, is there any update on this matter? We would really appreciate this feature to be implemented, since nearly all our groups are nested. Thank you!
@sudhir-korde-tm we can only implement a portion of this, as GitHub only allows for one parent team. For example:
The following mapping is possible with GitHub
GroupA:
Group1:
User1
User2
Group2:
User1
User5
GroupB:
Group3:
User3
User4
In this scenario, users can be part of multiple teams, but each team has exactly one parent team.
The following mapping is not possible with GitHub
GroupA:
Group1:
User1
User2
Group2:
User1
User5
GroupB:
Group1:
User1
User2
In this scenario we are attempting to add Group1 to both GroupA and GroupB. This is not something that GitHub supports with team nesting, and Group1 can only be a member of a single team.
Options
What we can do, is flatten out the nested groups in the IdP so they return individual users, and add them individually to the parent team. The sync would still add/remove users based on their membership, but on the GitHub side you would see individuals as members instead of teams. This is less than perfect, but it would be doable.
# User Directory
GroupA:
User1
User2
Group1:
User1
User5
Group2:
Group3:
User3
User4
# GitHub Team
GroupA:
User1
User2
User3
User4
User5
@sudhir-korde-tm @tim-tk is this something that would be a sufficient stop-gap?
@primetheus Yes, flattening the groups would be a valid solution for us! Thank you!