implement new account_admin_group config option

Author: adorton-adobe

examples/sign/sign-sync-config.yml

@@ -28,6 +28,10 @@ user_sync:
 # The cache will refresh after 24 hours
 cache:
   path: cache/sign
+
+account_admin_groups:
+  - Sign Admins 1
+  - Sign Admins 2
 
 # User management group/role mappings
 user_management:
@@ -37,13 +41,11 @@ user_management:
   - directory_group: Sign Users 1
     sign_group: Group 1
     group_admin: False
-    account_admin: False
 
   # Example 2 - group admin assignment
   - directory_group: Sign Group Admins 1
     sign_group: primary::Group 2
     group_admin: True
-    account_admin: False
 
   # Example 3 - account admin assignment
   # - directory_group: Sign Admins

tests/fixture/sign-sync-config.yml

@@ -32,6 +32,10 @@ connection:
   # Timeout for requests in seconds
   timeout: 120
 
+account_admin_groups:
+  - Sign Admins 1
+  - Sign Admins 2
+
 # User management group/role mappings
 user_management:
   # sign_group format: sign_org_name::Sign Group Name, default is 'primary'
@@ -40,25 +44,11 @@ user_management:
   - directory_group: Sign Users 1
     sign_group: Group 1
     group_admin:
-    account_admin:
   # Example 2 - group admin assignment
   - directory_group: Sign Group Admins 1
     sign_group: primary::Group 2
     group_admin: True
-    account_admin: False
 
-  # Example 3 - account admin assignment
-  # - directory_group: Sign Admins
-  #   sign_group: secondary::Group 3
-  #   admin_role: 
-  #     - ACCOUNT_ADMIN
-  # Example 4 - create user if `create_users` is `True`, otherwise do nothing
-  # - directory_group: Sign Normal Users
-  #   sign_group: tertiary::Group 4
-  #   admin_role:
-  #     - ACCOUNT_ADMIN
-  #     - GROUP_ADMIN
-  
 # Logging options
 logging:
   log_to_file: True

user_sync/config/sign_sync.py

@@ -40,6 +40,7 @@ def config_schema() -> Schema:
             Optional('group_admin', default=False): Or(bool, None),
             Optional('account_admin', default=False): Or(bool, None)
         }],
+        Optional('account_admin_groups'): list,
         'cache': {
             'path': And(str, len),
         },
@@ -187,11 +188,21 @@ def load_directory_groups(self) -> Dict[str, AdobeGroup]:
 
     def load_account_admin_groups(self):
         account_admin_groups = set()
+        using_deprecated_config = False
         group_config = self.main_config.get_list_config('user_management', True)
         for mapping in group_config.iter_dict_configs():
             dir_group = mapping.get_string('directory_group')
-            if mapping.get_bool('account_admin', True):
+            is_admin = mapping.get_bool('account_admin', True)
+            if is_admin is not None:
+                using_deprecated_config = True
+            if is_admin:
                 account_admin_groups.add(dir_group)
+        if using_deprecated_config:
+            self.logger.warn("Deprecation warning: using 'account_admin' flag inside of group mapping is deprecated")
+        admin_cfg_groups = self.main_config.get_list('account_admin_groups', True)
+        if admin_cfg_groups is not None:
+            for group in admin_cfg_groups:
+                account_admin_groups.add(group)
         return list(account_admin_groups)
 
     def load_group_admin_mappings(self):