usersyncer

Documentation

Index

• func AssignDefaultPermissionsToUser(ctx context.Context, querier usersyncsql.Querier, userID uuid.UUID) error
• type Usersynchronizer
  • func New(pool *pgxpool.Pool, adminGroupPrefix, tenantDomain string, ...) *Usersynchronizer
  • func NewFromConfig(ctx context.Context, pool *pgxpool.Pool, ...) (*Usersynchronizer, error)
  • func (s *Usersynchronizer) Sync(ctx context.Context) error

Functions

func AssignDefaultPermissionsToUser

func AssignDefaultPermissionsToUser(ctx context.Context, querier usersyncsql.Querier, userID uuid.UUID) error

Types

type Usersynchronizer

type Usersynchronizer struct {
	// contains filtered or unexported fields
}

func New

func New(pool *pgxpool.Pool, adminGroupPrefix, tenantDomain string, service *admindirectoryv1.Service, log logrus.FieldLogger) *Usersynchronizer

func NewFromConfig

func NewFromConfig(ctx context.Context, pool *pgxpool.Pool, serviceAccount, subjectEmail, tenantDomain, adminGroupPrefix string, log logrus.FieldLogger) (*Usersynchronizer, error)

func (*Usersynchronizer) Sync

func (s *Usersynchronizer) Sync(ctx context.Context) error

Sync fetches all users from the Google Directory of the tenant and adds them as users in NAIS API.

If a user already exist in NAIS API the user will get the name and email potentially updated if it has changed in the Google Directory.

After all users have been synced, users that have an email address that matches the tenant domain that no longer exist in the Google Directory will be removed.

All users present in the admin group in the Google Directory will also be granted the admin role in NAIS API, and existing admins that no longer exist in the admin group will get the admin role revoked.