From d16d185f8eb042eb50ab601e419e8829420944c0 Mon Sep 17 00:00:00 2001
From: Christoph Mewes <christoph@loodse.com>
Date: Mon, 2 Aug 2021 11:56:57 +0200
Subject: [PATCH] fix updating group members

---
 pkg/config/conversion.go     | 11 +++++++++--
 pkg/glib/directory_groups.go |  2 +-
 pkg/sync/groups.go           |  9 +++++++--
 pkg/sync/users.go            |  5 +++++
 4 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/pkg/config/conversion.go b/pkg/config/conversion.go
index 829eb05..af2a7c7 100644
--- a/pkg/config/conversion.go
+++ b/pkg/config/conversion.go
@@ -317,11 +317,18 @@ func ToConfigGroup(gsuiteGroup *directoryv1.Group, settings *groupssettingsv1.Gr
 	return group, nil
 }
 
-func ToGSuiteGroupMember(member *Member) *directoryv1.Member {
-	return &directoryv1.Member{
+func ToGSuiteGroupMember(member *Member, gsuiteMember *directoryv1.Member) *directoryv1.Member {
+	result := &directoryv1.Member{
 		Email: member.Email,
 		Role:  member.Role,
 	}
+
+	if gsuiteMember != nil {
+		result.Id = gsuiteMember.Id
+		result.Etag = gsuiteMember.Etag
+	}
+
+	return result
 }
 
 func ToConfigGroupMember(gsuiteMember *directoryv1.Member) Member {
diff --git a/pkg/glib/directory_groups.go b/pkg/glib/directory_groups.go
index 6a0e456..24286f5 100644
--- a/pkg/glib/directory_groups.go
+++ b/pkg/glib/directory_groups.go
@@ -131,7 +131,7 @@ func (ds *DirectoryService) RemoveMember(ctx context.Context, group *directoryv1
 // UpdateMembership changes the role of the member
 func (ds *DirectoryService) UpdateMembership(ctx context.Context, group *directoryv1.Group, member *directoryv1.Member) error {
 	// do NOT use the member email here, as it will lead to "Error 404: Resource Not Found: email, notFound." errors
-	if _, err := ds.Members.Update(group.Email, member.Id, member).Context(ctx).Do(); err != nil {
+	if _, err := ds.Members.Update(group.Id, member.Id, member).Context(ctx).Do(); err != nil {
 		return err
 	}
 
diff --git a/pkg/sync/groups.go b/pkg/sync/groups.go
index 5033077..f043eab 100644
--- a/pkg/sync/groups.go
+++ b/pkg/sync/groups.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"sort"
 
 	directoryv1 "google.golang.org/api/admin/directory/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -46,6 +47,10 @@ func SyncGroups(
 
 	liveGroupEmails := sets.NewString()
 
+	sort.Slice(liveGroups, func(i, j int) bool {
+		return liveGroups[i].Email < liveGroups[j].Email
+	})
+
 	for _, liveGroup := range liveGroups {
 		liveGroupEmails.Insert(liveGroup.Email)
 
@@ -171,7 +176,7 @@ func syncGroupMembers(
 			log.Printf("    ✎ %s", liveMember.Email)
 
 			if confirm {
-				member := config.ToGSuiteGroupMember(expectedMember)
+				member := config.ToGSuiteGroupMember(expectedMember, liveMember)
 				if err := directorySrv.UpdateMembership(ctx, liveGroup, member); err != nil {
 					return fmt.Errorf("unable to update membership: %v", err)
 				}
@@ -184,7 +189,7 @@ func syncGroupMembers(
 			log.Printf("    + %s", expectedMember.Email)
 
 			if confirm {
-				member := config.ToGSuiteGroupMember(&expectedMember)
+				member := config.ToGSuiteGroupMember(&expectedMember, nil)
 				if err := directorySrv.AddNewMember(ctx, liveGroup, member); err != nil {
 					return fmt.Errorf("unable to add member: %v", err)
 				}
diff --git a/pkg/sync/users.go b/pkg/sync/users.go
index 1c619ed..480e2b7 100644
--- a/pkg/sync/users.go
+++ b/pkg/sync/users.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"sort"
 
 	directoryv1 "google.golang.org/api/admin/directory/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -48,6 +49,10 @@ func SyncUsers(
 
 	liveEmails := sets.NewString()
 
+	sort.Slice(liveUsers, func(i, j int) bool {
+		return liveUsers[i].PrimaryEmail < liveUsers[j].PrimaryEmail
+	})
+
 	for _, liveUser := range liveUsers {
 		liveEmails.Insert(liveUser.PrimaryEmail)