implement sign user exclusion

Author: adorton-adobe

user_sync/connector/connector_sign.py

@@ -27,6 +27,7 @@
 from ..error import AssertionException
 from sign_client.client import SignClient
 from pathlib import Path
+import re
 
 
 class SignConnector(object):
@@ -45,6 +46,20 @@ def __init__(self, caller_options, org_name, test_mode, connection, cache_config
         sign_builder.require_string_value('admin_email')
         self.create_users = sign_builder.require_value('create_users', bool)
         self.deactivate_users = sign_builder.require_value('deactivate_users', bool)
+
+        exclusion_config = caller_config.get_dict_config('exclusions', True)
+        exclusion_builder = OptionsBuilder(exclusion_config)
+        exclusion_builder.set_value('groups', list, [])
+        exclusion_builder.set_value('users', list, [])
+
+        self.exclusion_options = exclusion_builder.get_options()
+
+        if 'users' in self.exclusion_options:
+            compiled_rules = []
+            for rule in self.exclusion_options['users']:
+                compiled_rules.append(re.compile(rule))
+            self.exclusion_options['users'] = compiled_rules
+
         store_path = Path(cache_config['path'])
 
         options = sign_builder.get_options()

user_sync/engine/sign.py

@@ -7,6 +7,7 @@
 from sign_client.error import AssertionException as ClientException
 
 from sign_client.model import DetailedUserInfo, GroupInfo, UserGroupsInfo, UserGroupInfo, DetailedGroupInfo, UserStateInfo
+import re
 
 
 class SignSyncEngine:
@@ -130,6 +131,18 @@ def log_action_summary(self):
         for description, count in self.action_summary.items():
             self.logger.info('  {}: {}'.format(description.rjust(pad, ' '), count))
 
+    def sign_user_excluded(self, user, user_groups, connector):
+        if 'users' in connector.exclusion_options:
+            for rule in connector.exclusion_options['users']:
+                if rule.match(user.email.lower()):
+                    return True
+        if 'groups' in connector.exclusion_options:
+            user_group_names = set([ug.name.lower() for ug in user_groups])
+            for group in connector.exclusion_options['groups']:
+                if group.lower() in user_group_names:
+                    return True
+        return False
+
     def update_sign_users(self, directory_users, sign_connector: SignConnector, org_name):
         """
         Updates user details or inserts new user
@@ -139,9 +152,10 @@ def update_sign_users(self, directory_users, sign_connector: SignConnector, org_
         :return:
         """
         # Fetch the list of active Sign users
-        sign_users = {user.email: user for user in sign_connector.get_users().values() if user.status != 'INACTIVE'}
-        inactive_sign_users = {user.email: user for user in sign_connector.get_users().values() if user.status == 'INACTIVE'}
         sign_user_groups = sign_connector.get_user_groups()
+        filtered_users = {user.email: user for user in sign_connector.get_users().values() if not self.sign_user_excluded(user, sign_user_groups[user.id], sign_connector)}
+        sign_users = {user.email: user for user in filtered_users.values() if user.status != 'INACTIVE'}
+        inactive_sign_users = {user.email: user for user in filtered_users.values() if user.status == 'INACTIVE'}
         self.sign_user_primary_groups[org_name] = {id: [g for g in groups if g.isPrimaryGroup][0] for id, groups in sign_user_groups.items()}
         users_update_list = []
         user_groups_update_list = []