Merge pull request #338 from slashdevops/fix-issue-322

christiangda · web-flow · commit 50cc4b8c7461 · 2025-02-08T16:53:46.000Z
Fix issue 322
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -3,6 +3,7 @@
     "amzn",
     "awsconf",
     "AWSS",
+    "AWSSCIM",
     "Babs",
     "bjensen",
     "christiangda",
@@ -30,6 +31,7 @@
     "GOMODCACHE",
     "googleapi",
     "GOPATH",
+    "gopkg",
     "goroot",
     "GOROOT",
     "gosec",
@@ -38,6 +40,7 @@
     "hashcode",
     "hashicorp",
     "idpid",
+    "idpscim",
     "idpscimcli",
     "ietf",
     "Infof",
@@ -56,10 +59,12 @@
     "repositoryname",
     "Retryable",
     "retryablehttp",
+    "SCIM",
     "scimid",
     "secretmanager",
     "securego",
     "sirupsen",
+    "slashdevops",
     "softprops",
     "stackset",
     "stretchr",
diff --git a/cmd/idpscim/cmd/root.go b/cmd/idpscim/cmd/root.go
@@ -27,7 +27,8 @@ import (
 )
 
 var (
-	cfg               config.Config
+	cfg config.Config
+
 	logHandler        slog.Handler
 	logHandlerOptions *slog.HandlerOptions
 	logger            *slog.Logger
@@ -111,10 +112,6 @@ func init() {
 
 // initConfig reads in config file and ENV variables if set.
 func initConfig() {
-	// Set the default logger
-	logger = slog.New(logHandler)
-	slog.SetDefault(logger)
-
 	viper.SetEnvPrefix("idpscim") // allow to read in from environment
 
 	envVars := []string{
@@ -175,6 +172,10 @@ func initConfig() {
 		slog.Error("cannot unmarshal config", "error", err)
 	}
 
+	if cfg.Debug {
+		cfg.LogLevel = "debug"
+	}
+
 	switch strings.ToLower(cfg.LogFormat) {
 	case "json":
 		logHandler = slog.NewJSONHandler(os.Stdout, logHandlerOptions)
@@ -198,12 +199,15 @@ func initConfig() {
 		slog.Warn("unknown log level, setting it to info", "level", cfg.LogLevel)
 	}
 
-	if cfg.Debug {
-		cfg.LogLevel = "debug"
-	}
+	// Set the default logger
+	logger = slog.New(logHandler)
+	slog.SetDefault(logger)
 
 	if cfg.IsLambda || cfg.UseSecretsManager {
-		getSecrets()
+		if err := getSecrets(); err != nil {
+			slog.Error("cannot get secrets", "error", err)
+			os.Exit(1)
+		}
 	}
 
 	// not implemented yet block
@@ -213,65 +217,64 @@ func initConfig() {
 	}
 }
 
-func getSecrets() {
+func getSecrets() error {
 	slog.Info("reading secrets from AWS Secrets Manager")
 
 	awsConf, err := aws.NewDefaultConf(context.Background())
 	if err != nil {
-		slog.Error("cannot load aws config", "error", err)
-		os.Exit(1)
+		return errors.Wrap(err, "cannot load aws config")
 	}
 
 	svc := secretsmanager.NewFromConfig(awsConf)
 
 	secrets, err := aws.NewSecretsManagerService(svc)
 	if err != nil {
-		slog.Error("cannot create aws secrets manager service", "error", err)
-		os.Exit(1)
+		return errors.Wrap(err, "cannot create aws secrets manager service")
 	}
 
 	slog.Debug("reading secret", "name", cfg.GWSUserEmailSecretName)
 	unwrap, err := secrets.GetSecretValue(context.Background(), cfg.GWSUserEmailSecretName)
 	if err != nil {
-		slog.Error("cannot get secretmanager value", "error", err)
-		os.Exit(1)
+		return errors.Wrap(err, "cannot get secretmanager value")
 	}
 	cfg.GWSUserEmail = unwrap
 
 	slog.Debug("reading secret", "name", cfg.GWSServiceAccountFileSecretName)
 	unwrap, err = secrets.GetSecretValue(context.Background(), cfg.GWSServiceAccountFileSecretName)
 	if err != nil {
-		slog.Error("cannot get secretmanager value", "error", err)
-		os.Exit(1)
+		return errors.Wrap(err, "cannot get secretmanager value")
 	}
 	cfg.GWSServiceAccountFile = unwrap
 
 	slog.Debug("reading secret", "name", cfg.AWSSCIMAccessTokenSecretName)
 	unwrap, err = secrets.GetSecretValue(context.Background(), cfg.AWSSCIMAccessTokenSecretName)
 	if err != nil {
-		slog.Error("cannot get secretmanager value", "error", err)
-		os.Exit(1)
+		return errors.Wrap(err, "cannot get secretmanager value")
 	}
 	cfg.AWSSCIMAccessToken = unwrap
 
 	slog.Debug("reading secret", "name", cfg.AWSSCIMEndpointSecretName)
 	unwrap, err = secrets.GetSecretValue(context.Background(), cfg.AWSSCIMEndpointSecretName)
 	if err != nil {
-		slog.Error("cannot get secretmanager value", "error", err)
-		os.Exit(1)
+		return errors.Wrap(err, "cannot get secretmanager value")
 	}
 	cfg.AWSSCIMEndpoint = unwrap
+
+	return nil
 }
 
 func sync() error {
 	slog.Debug("viper config", "config", viper.AllSettings())
 
 	if cfg.SyncMethod != "groups" {
-		slog.Error("only 'sync-method=groups' are implemented")
-		return fmt.Errorf("unknown sync method: %s", cfg.SyncMethod)
+		return fmt.Errorf("unknown sync method: %s, only 'groups' are implemented", cfg.SyncMethod)
+	}
+
+	if err := syncGroups(); err != nil {
+		return errors.Wrap(err, "cannot sync groups")
 	}
 
-	return syncGroups()
+	return nil
 }
 
 func syncGroups() error {
@@ -284,7 +287,7 @@ func syncGroups() error {
 	if !cfg.IsLambda {
 		gwsServiceAccount, err := os.ReadFile(cfg.GWSServiceAccountFile)
 		if err != nil {
-			slog.Error("cannot read service account file", "error", err)
+			return errors.Wrap(err, "cannot read google workspace service account file")
 		}
 		gwsServiceAccountContent = gwsServiceAccount
 	}
@@ -343,15 +346,13 @@ func syncGroups() error {
 
 	awsConf, err := aws.NewDefaultConf(context.Background())
 	if err != nil {
-		slog.Error("cannot load aws config", "error", err)
-		os.Exit(1)
+		return errors.Wrap(err, "cannot load aws config")
 	}
 
 	s3Client := s3.NewFromConfig(awsConf)
 	repo, err := repository.NewS3Repository(s3Client, repository.WithBucket(cfg.AWSS3BucketName), repository.WithKey(cfg.AWSS3BucketKey))
 	if err != nil {
-		slog.Error("cannot create s3 repository", "error", err)
-		os.Exit(1)
+		return errors.Wrap(err, "cannot create s3 repository")
 	}
 
 	ss, err := core.NewSyncService(idpService, scimService, repo, core.WithIdentityProviderGroupsFilter(cfg.GWSGroupsFilter))
diff --git a/go.mod b/go.mod
@@ -1,80 +1,80 @@
 module github.com/slashdevops/idp-scim-sync
 
-go 1.23.4
+go 1.23.5
 
 require (
 	github.com/aws/aws-lambda-go v1.47.0
-	github.com/aws/aws-sdk-go-v2 v1.32.6
-	github.com/aws/aws-sdk-go-v2/config v1.28.6
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.47
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7
+	github.com/aws/aws-sdk-go-v2 v1.36.1
+	github.com/aws/aws-sdk-go-v2/config v1.29.6
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.59
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.76.0
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.18
 	github.com/google/go-cmp v0.6.0
 	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.10.0
 	go.uber.org/mock v0.5.0
-	golang.org/x/oauth2 v0.24.0
-	google.golang.org/api v0.212.0
+	golang.org/x/oauth2 v0.26.0
+	google.golang.org/api v0.220.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.13.0 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
+	cloud.google.com/go/auth v0.14.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect
-	github.com/aws/smithy-go v1.22.1 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.32 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 // indirect
+	github.com/aws/smithy-go v1.22.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.14.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/magiconair/properties v1.8.9 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/sagikazarmark/locafero v0.6.0 // indirect
+	github.com/sagikazarmark/locafero v0.7.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.11.0 // indirect
-	github.com/spf13/cast v1.7.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/afero v1.12.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
-	go.opentelemetry.io/otel v1.29.0 // indirect
-	go.opentelemetry.io/otel/metric v1.29.0 // indirect
-	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
+	go.opentelemetry.io/otel v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.34.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.31.0 // indirect
-	golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect
-	golang.org/x/net v0.32.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect
-	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/protobuf v1.35.2 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	golang.org/x/crypto v0.33.0 // indirect
+	golang.org/x/exp v0.0.0-20250207012021-f9890c6ad9f3 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect
+	google.golang.org/grpc v1.70.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 )
diff --git a/go.sum b/go.sum
