From dd27bba37c254973d4e755ba0e4efbf5be970131 Mon Sep 17 00:00:00 2001 From: Sandro Mello Date: Fri, 22 Nov 2024 10:42:31 -0300 Subject: [PATCH] Fetch groups using pagination when fetching Gsuite groups (#566) * Fetch groups using pagination when fetching Gsuite groups * remove indexer from default plugin list to enable --- gateway/pgrest/plugins/helpers.go | 1 - gateway/security/idp/gsuite.go | 40 +++++++++++++++++++++++++------ 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/gateway/pgrest/plugins/helpers.go b/gateway/pgrest/plugins/helpers.go index 532dc844..29f48770 100644 --- a/gateway/pgrest/plugins/helpers.go +++ b/gateway/pgrest/plugins/helpers.go @@ -13,7 +13,6 @@ import ( var DefaultPluginNames = []string{ plugintypes.PluginAuditName, - plugintypes.PluginIndexName, plugintypes.PluginEditorName, plugintypes.PluginSlackName, plugintypes.PluginRunbooksName, diff --git a/gateway/security/idp/gsuite.go b/gateway/security/idp/gsuite.go index 458799e1..b9452e48 100644 --- a/gateway/security/idp/gsuite.go +++ b/gateway/security/idp/gsuite.go @@ -7,7 +7,12 @@ import ( "net/http" ) -const gSuiteGroupsURL = "https://www.googleapis.com/admin/directory/v1/groups" +const ( + // https://developers.google.com/admin-sdk/directory/reference/rest/v1/groups/list + gSuiteGroupsURL = "https://www.googleapis.com/admin/directory/v1/groups" + defaultMaxPages = 3 + defaultMaxResults = 200 +) type gsuiteGroups struct { NextPageToken string `json:"nextPageToken"` @@ -19,7 +24,32 @@ type gsuiteGroupEntry struct { } func (p *Provider) fetchGsuiteGroups(accessToken, email string) ([]string, error) { - apiURL := fmt.Sprintf("%s?userKey=%s", gSuiteGroupsURL, email) + var groups []string + var nextPageToken string + + for count := 0; ; count++ { + if count > defaultMaxPages { + return nil, fmt.Errorf("reached max pagination (%v) fetching Gsuite Groups", defaultMaxPages) + } + response, err := p.fetchGroupsPage(accessToken, email, nextPageToken) + if err != nil { + return nil, fmt.Errorf("page=%v, %v", count, err) + } + for _, entry := range response.Groups { + groups = append(groups, entry.Email) + } + if response.NextPageToken != "" { + nextPageToken = response.NextPageToken + continue + } + break + } + return groups, nil +} + +func (p *Provider) fetchGroupsPage(accessToken, email, pageToken string) (*gsuiteGroups, error) { + apiURL := fmt.Sprintf("%s?userKey=%s&pageToken=%s&maxResults=%v", + gSuiteGroupsURL, email, pageToken, defaultMaxResults) req, err := http.NewRequest("GET", apiURL, nil) if err != nil { return nil, fmt.Errorf("failed creating request to gsuite, reason=%v", err) @@ -39,9 +69,5 @@ func (p *Provider) fetchGsuiteGroups(accessToken, email string) ([]string, error if err := json.NewDecoder(resp.Body).Decode(&response); err != nil { return nil, fmt.Errorf("failed decoding gsuite response, reason=%v", err) } - var groups []string - for _, group := range response.Groups { - groups = append(groups, group.Email) - } - return groups, nil + return &response, nil }