Correcting id for user and group deletion

Author: mettke

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lambda-aws-sso-google-sync"
-version = "0.1.0"
+version = "0.1.1"
 authors = ["Marc Mettke <marc@itmettke.de>"]
 edition = "2021"
 description = "Syncs Users and Groups from Google Workspace to AWS SSO"

README.md

@@ -70,11 +70,11 @@ them either with the Event that is send to the lambda, or via environment variab
 ```json
 {
     "security_hub_google_creds": {
-        "region": "eu-central-1",
+        "region": "<region_of_secret>",
         "id": "<google_secret_name>"
     },
     "security_hub_scim_creds": {
-        "region": "eu-central-1",
+        "region": "<region_of_secret>",
         "id": "<scim_secret_name>"
     },
     // Optional, remove if not required. Example: `email:aws-*`
@@ -105,8 +105,8 @@ them either with the Event that is send to the lambda, or via environment variab
 
 ### Environment Variables
 ```sh
-SH_GOOGLE_CREDS="{\"region\": \"eu-central-1\",\"id\": \"<google_secret_name>\"}"
-SH_SCIM_CREDS="{\"region\": \"eu-central-1\",\"id\": \"<scim_secret_name>\"}"
+SH_GOOGLE_CREDS="{\"region\": \"<region_of_secret>\",\"id\": \"<google_secret_name>\"}"
+SH_SCIM_CREDS="{\"region\": \"<region_of_secret>\",\"id\": \"<scim_secret_name>\"}"
 # Optional, skip if not required. Example: `email:aws-*`
 # Query send via Google API to filter users
 # More Infos at https://developers.google.com/admin-sdk/directory/v1/guides/search-users

src/main.rs

@@ -59,12 +59,12 @@
 //! * Create a CloudWatch Event to trigger the lambda regularly
 //!
 //! # Parameters
-//! 
-//! The lambda function requires a few parameters to correctly work. You can define 
+//!
+//! The lambda function requires a few parameters to correctly work. You can define
 //! them either with the Event that is send to the lambda, or via environment variables.
-//! 
+//!
 //! ## Event
-//! 
+//!
 //! ```json
 //! {
 //!     "security_hub_google_creds": {
@@ -100,7 +100,7 @@
 //!     "sync_strategie": [],
 //! }
 //! ```
-//! 
+//!
 //! ## Environment Variables
 //! ```sh
 //! SH_GOOGLE_CREDS="{\"region\": \"<region_of_secret>\",\"id\": \"<google_secret_name>\"}"
@@ -132,7 +132,7 @@
 //! # Defines the log level
 //! LOG_LEVEL=""
 //! ```
-//! 
+//!
 
 #![warn(
     absolute_paths_not_starting_with_crate,

src/sync.rs

@@ -180,11 +180,11 @@ impl<'a> SyncOp<'a> {
             .aws_group_lookup
             .iter()
             .filter(|(id, _)| !self.google_group_lookup.contains_key(*id))
-            .map(|(id, u)| (id.clone(), u.display_name.clone()))
+            .filter_map(|(id, u)| Some((id.clone(), u.display_name.clone(), u.id.as_ref()?.clone())))
             .collect::<Vec<_>>();
-        for (id, display_name) in to_delete {
+        for (id, display_name, aws_id) in to_delete {
             log::info!("Deleting group: {}", display_name);
-            self.scim.delete_group(&id).await?;
+            self.scim.delete_group(&aws_id).await?;
             let _ = self.aws_group_lookup.remove(&id);
         }
         Ok(())
@@ -245,11 +245,11 @@ impl<'a> SyncOp<'a> {
             .aws_user_lookup
             .iter()
             .filter(|(id, _)| !self.google_user_lookup.contains_key(*id))
-            .map(|(id, u)| (id.clone(), u.user_name.clone()))
+            .filter_map(|(id, u)| Some((id.clone(), u.user_name.clone(), u.id.as_ref()?.clone())))
             .collect::<Vec<_>>();
-        for (id, user_name) in to_delete {
+        for (id, user_name, aws_id) in to_delete {
             log::info!("Deleting user: {}", user_name);
-            self.scim.delete_user(&id).await?;
+            self.scim.delete_user(&aws_id).await?;
             let _ = self.aws_user_lookup.remove(&id);
         }
         Ok(())