fix(gcs): exclude deleted principals (#364)

* refactor(gcs): use account type whitelisting * fix(gcs): exclude deleted principals
raystack · Feb 17, 2023 · f2e2739 · f2e2739
1 parent 3a88ce9
commit f2e2739
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 5 deletions.
diff --git a/plugins/providers/gcs/client.go b/plugins/providers/gcs/client.go
@@ -13,10 +13,6 @@ import (
 	"google.golang.org/api/option"
 )
 
-var (
-	excludedAccountTypesOnImport = []string{"allUsers", "allAuthenticatedUsers", "projectOwner", "projectEditor", "projectViewer"}
-)
-
 type gcsClient struct {
 	client    *storage.Client
 	projectID string
@@ -99,13 +95,16 @@ func (c *gcsClient) ListAccess(ctx context.Context, resources []*domain.Resource
 
 		for _, role := range policy.Roles() {
 			for _, member := range policy.Members(role) {
+				if strings.HasPrefix(member, "deleted:") {
+					continue
+				}
 				accountType, accountID, err := parseMember(member)
 				if err != nil {
 					return nil, err
 				}
 
 				// exclude unsupported account types
-				if utils.ContainsString(excludedAccountTypesOnImport, accountType) {
+				if !utils.ContainsString(AllowedAccountTypes, accountType) {
 					continue
 				}
 

diff --git a/plugins/providers/gcs/config.go b/plugins/providers/gcs/config.go
@@ -28,6 +28,15 @@ const (
 	AccountTypeDomain         = "domain"
 )
 
+var (
+	AllowedAccountTypes = []string{
+		AccountTypeUser,
+		AccountTypeServiceAccount,
+		AccountTypeGroup,
+		AccountTypeDomain,
+	}
+)
+
 type Config struct {
 	ProviderConfig *domain.ProviderConfig