-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[IDP-1183, partial] Add cron-based sync of groups_external
data from Google Sheet
#360
Changes from all commits
930e932
aa20567
cbc532f
ca040ad
2f37a58
9fb14c1
ccace39
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
<?php | ||
|
||
namespace common\components; | ||
|
||
use common\models\User; | ||
use Webmozart\Assert\Assert; | ||
use Yii; | ||
use yii\base\Component; | ||
|
||
class ExternalGroupsSync extends Component | ||
{ | ||
public const MAX_SYNC_SETS = 20; | ||
|
||
public static function syncAllSets(array $syncSetsParams) | ||
{ | ||
for ($i = 1; $i <= self::MAX_SYNC_SETS; $i++) { | ||
$appPrefixKey = sprintf('set%uAppPrefix', $i); | ||
$googleSheetIdKey = sprintf('set%uGoogleSheetId', $i); | ||
|
||
if (! array_key_exists($appPrefixKey, $syncSetsParams)) { | ||
Yii::warning(sprintf( | ||
'Finished syncing external groups after %s sync set(s).', | ||
($i - 1) | ||
)); | ||
break; | ||
} | ||
|
||
$appPrefix = $syncSetsParams[$appPrefixKey] ?? null; | ||
$googleSheetId = $syncSetsParams[$googleSheetIdKey] ?? null; | ||
|
||
if (empty($appPrefix) || empty($googleSheetId)) { | ||
Yii::error(sprintf( | ||
'Unable to do external-groups sync set %s: ' | ||
. 'app-prefix (%s) or Google Sheet ID (%s) was empty.', | ||
$i, | ||
json_encode($appPrefix), | ||
json_encode($googleSheetId), | ||
)); | ||
} else { | ||
Yii::warning(sprintf( | ||
"Syncing '%s' external groups from Google Sheet (%s)...", | ||
$appPrefix, | ||
$googleSheetId | ||
)); | ||
self::syncSet($appPrefix, $googleSheetId); | ||
} | ||
} | ||
} | ||
|
||
private static function syncSet(string $appPrefix, string $googleSheetId) | ||
{ | ||
$desiredExternalGroups = self::getExternalGroupsFromGoogleSheet($googleSheetId); | ||
$errors = User::updateUsersExternalGroups($appPrefix, $desiredExternalGroups); | ||
Yii::warning(sprintf( | ||
"Ran sync for '%s' external groups.", | ||
$appPrefix | ||
)); | ||
|
||
if (! empty($errors)) { | ||
Yii::error(sprintf( | ||
'Errors that occurred while syncing %s external groups: %s', | ||
$appPrefix, | ||
join(" / ", $errors) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since it's theoretically possible to accumulate thousands of errors, would it be good to limit the length of this log message? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hmm, I hadn't thought of that. Yes, I can limit that error message length. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'll do that in a follow-up PR. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
)); | ||
} | ||
} | ||
|
||
/** | ||
* Get the desired external-group values, indexed by email address, from the | ||
* specified Google Sheet, from the tab named after this IDP's code name | ||
* (i.e. the name used in this IDP's subdomain). | ||
* | ||
* @throws \Google\Service\Exception | ||
*/ | ||
private static function getExternalGroupsFromGoogleSheet(string $googleSheetId): array | ||
{ | ||
$googleSheetsClient = new Sheets([ | ||
'applicationName' => Yii::$app->params['google']['applicationName'], | ||
'jsonAuthFilePath' => Yii::$app->params['google']['jsonAuthFilePath'], | ||
'jsonAuthString' => Yii::$app->params['google']['jsonAuthString'], | ||
'spreadsheetId' => $googleSheetId, | ||
]); | ||
$tabName = Yii::$app->params['idpName']; | ||
|
||
$values = $googleSheetsClient->getValuesFromTab($tabName); | ||
$columnLabels = $values[0]; | ||
|
||
Assert::eq($columnLabels[0], 'email', sprintf( | ||
"The first column in the '%s' tab must be 'email'", | ||
$tabName | ||
)); | ||
Assert::eq($columnLabels[1], 'groups', sprintf( | ||
"The second column in the '%s' tab must be 'groups'", | ||
$tabName | ||
)); | ||
Assert::eq( | ||
count($columnLabels), | ||
2, | ||
'There should only be two columns with values' | ||
); | ||
|
||
$data = []; | ||
for ($i = 1; $i < count($values); $i++) { | ||
$email = trim($values[$i][0]); | ||
$groups = trim($values[$i][1] ?? ''); | ||
$data[$email] = $groups; | ||
} | ||
return $data; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be my preference, just because it's more consistent with typical for loops. Leave the 1-based numbering for user-focused text. (Note: there's one more
$i
further down.)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That makes sense, but since this is also used for the names of the environment variables, starting with 1 seems more intuitive than starting with 0 in this case. I agree that it's more intuitive/expected that code-only for-loops start with 0, though.