add "additional group" support to other connectors

adorton-adobe · adorton-adobe · commit 4c4545a51d20 · 2022-12-21T17:29:17.000-07:00
except Okta which doesn't give us member groups
diff --git a/user_sync/app.py b/user_sync/app.py
@@ -371,11 +371,7 @@ def begin_work_umapi(config_loader: UMAPIConfigLoader):
     if additional_groups and isinstance(additional_groups, list):
         additional_group_filters = [r['source'] for r in additional_groups]
     if directory_connector is not None:
-        directory_connector.additional_group_filters = additional_group_filters
-        # show error dynamic mappings enabled but 'dynamic_group_member_attribute' is not defined
-        if additional_group_filters and directory_connector.options['dynamic_group_member_attribute'] is None:
-            raise AssertionException(
-                "Failed to enable dynamic group mappings. 'dynamic_group_member_attribute' is not defined in config")
+        directory_connector.set_additional_group_filters(additional_group_filters)
 
     primary_name = '.primary' if secondary_umapi_configs else ''
     umapi_primary_connector = UmapiConnector(primary_name, primary_umapi_config, True)
diff --git a/user_sync/connector/directory_adobe_console.py b/user_sync/connector/directory_adobe_console.py
@@ -37,6 +37,7 @@ class AdobeConsoleConnector(DirectoryConnector):
 
     def __init__(self, caller_options, *args, **kwargs):
         super(AdobeConsoleConnector, self).__init__(*args, **kwargs)
+        self.additional_group_filters = None
         caller_config = config_common.DictConfig('<%s configuration>' % self.name, caller_options)
         builder = config_common.OptionsBuilder(caller_config)
         # Let just ignore this
@@ -104,6 +105,9 @@ def __init__(self, caller_options, *args, **kwargs):
         self.umapi_users = []
         self.user_by_usr_key = {}
 
+    def set_additional_group_filters(self, _):
+        pass
+
     def load_users_and_groups(self, groups, extended_attributes, all_users):
         """
         :type groups: list(str)
@@ -178,6 +182,10 @@ def convert_user(self, record):
         source_attributes['country'] = user['country'] = record['country']
 
         user['source_attributes'] = source_attributes.copy()
+
+        groups = record.get('groups', [])
+        user['member_groups'] = groups
+
         return user
 
     def iter_umapi_groups(self):
diff --git a/user_sync/connector/directory_csv.py b/user_sync/connector/directory_csv.py
@@ -58,6 +58,7 @@ def __init__(self, caller_options, *args, **kwargs):
         self.encoding = options['string_encoding']
         # identity type for new users if not specified in column
         self.user_identity_type = user_sync.identity_type.parse_identity_type(options['user_identity_type'])
+        self.additional_group_filters = None
 
     def load_users_and_groups(self, groups, extended_attributes, all_users):
         """
@@ -140,6 +141,7 @@ def get_column_name(key):
             groups = self.get_column_value(row, groups_column_name)
             if groups is not None:
                 user['groups'].extend(groups.split(','))
+                user['member_groups'] = user['groups']
 
             username = self.get_column_value(row, username_column_name)
             if username is None:
@@ -170,6 +172,9 @@ def get_column_name(key):
 
         return users
 
+    def set_additional_group_filters(self, _):
+        pass
+
     def get_column_value(self, row, column_name):
         """
         :type row: dict
diff --git a/user_sync/connector/directory_ldap.py b/user_sync/connector/directory_ldap.py
@@ -116,6 +116,11 @@ def __init__(self, caller_options, *args, **kwargs):
         self.user_by_dn = {}
         self.additional_group_filters = None
 
+    def set_additional_group_filters(self, additional_group_filters):
+        if self.options['dynamic_group_member_attribute'] is None:
+            raise AssertionException(
+                "Failed to enable dynamic group mappings. 'dynamic_group_member_attribute' is not defined in config")
+
     @staticmethod
     def get_options(caller_config):
         builder = config_common.OptionsBuilder(caller_config)
diff --git a/user_sync/connector/directory_okta.py b/user_sync/connector/directory_okta.py
@@ -38,6 +38,7 @@ class OktaDirectoryConnector(DirectoryConnector):
 
     def __init__(self, caller_options, *args, **kwargs):
         super(OktaDirectoryConnector, self).__init__(*args, **kwargs)
+        self.additional_group_filters = None
         caller_config = DictConfig('%s configuration' % self.name, caller_options)
         builder = OptionsBuilder(caller_config)
         builder.set_string_value('group_filter_format',
@@ -130,6 +131,9 @@ def load_users_and_groups(self, groups, extended_attributes, all_users):
 
         return user_by_uid.values()
 
+    def set_additional_group_filters(self, _):
+        self.logger.warn("Additional group rules are not supported by the Okta connector")
+
     def find_group(self, group):
         """
         :type group: str
