Added --ignore-outcast-users feature

Author: bhunut-adobe

examples/config files - basic/user-sync-config.yml

@@ -330,6 +330,11 @@ invocation_defaults:
   adobe_users: all
   # For argument --connector, the default is 'ldap'.
   connector: ldap
+  # For argument --ignore-outcast-users, the default is False (include all).
+  # If you set this default to True, UST will automatically ignore user creation
+  # on user that is not part of any group.
+  # --include-outcast-users to override the default.
+  ignore_outcast_users: No
   # For argument --process-groups, the default is False (don't process).
   # If you set this default to True, you can supply the argument
   # --no-process-groups to override the default.

user_sync/app.py

@@ -125,6 +125,8 @@ def main():
               cls=user_sync.cli.OptionMulti,
               type=list,
               metavar='ldap|okta|csv|adobe_console [path-to-file.csv]')
+@click.option('--ignore-outcast-users/--include-outcast-users', default=None,
+              help='Ignore users that is not part of a group from being sync')
 @click.option('--process-groups/--no-process-groups', default=None,
               help='if membership in mapped groups differs between the enterprise directory and Adobe sides, '
                    'the group membership is updated on the Adobe side so that the memberships in mapped '

user_sync/config.py

@@ -51,6 +51,7 @@ class ConfigLoader(object):
         'config_filename': 'user-sync-config.yml',
         'connector': ['ldap'],
         'encoding_name': 'utf8',
+        'ignore_outcast_users': False,
         'process_groups': False,
         'strategy': 'sync',
         'test_mode': False,

user_sync/rules.py

@@ -325,6 +325,9 @@ def will_update_user_info(self, umapi_info):
     def will_process_groups(self):
         return self.options['process_groups']
 
+    def will_exclude_outcast_users(self):
+        return self.options['ignore_outcast_users']
+
     def get_umapi_info(self, umapi_name):
         umapi_info = self.umapi_info_by_name.get(umapi_name)
         if umapi_info is None:
@@ -465,6 +468,7 @@ def sync_umapi_users(self, umapi_connectors):
             verb = "Push"
         else:
             verb = "Sync"
+        ignore_outcast_users = self.will_exclude_outcast_users()
         # first sync the primary connector, so the users get created in the primary
         if umapi_connectors.get_secondary_connectors():
             self.logger.debug('%sing users to primary umapi...', verb)
@@ -476,10 +480,14 @@ def sync_umapi_users(self, umapi_connectors):
         else:
             primary_adds_by_user_key = self.update_umapi_users_for_connector(umapi_info, umapi_connector)
         for user_key, groups_to_add in six.iteritems(primary_adds_by_user_key):
-            # We always create every user in the primary umapi, because it's believed to own the directories.
-            self.logger.info('Creating user with user key: %s', user_key)
-            self.primary_users_created.add(user_key)
-            self.create_umapi_user(user_key, groups_to_add, umapi_info, umapi_connector)
+            if ignore_outcast_users == True and not groups_to_add:
+                # If user is not part of any group and ignore outcast is enabled. Do not create user.
+                pass
+            else:
+                # We always create every user in the primary umapi, because it's believed to own the directories.
+                self.logger.info('Creating user with user key: %s', user_key)
+                self.primary_users_created.add(user_key)
+                self.create_umapi_user(user_key, groups_to_add, umapi_info, umapi_connector)
 
         # then sync the secondary connectors
         for umapi_name, umapi_connector in six.iteritems(umapi_connectors.get_secondary_connectors()):