commit - 385db6d81b868f69681c9e6a22c1a3f26b3f613e
commit + dcbe37f45a1e8e25322104c64628591070c69395
blob - 36e89dbd10f7af7c1ccbd0d99e27cc9388b6b33b
blob + f33880833932d4c78128e752273ddf1715e4cb1d
--- README.md
+++ README.md
# cogops
-`cogops` is a command-line tool for performing batch operations on AWS Cognito user pools.\
-It supports synchronizing users into a local file, adding users to groups, and removing users from groups.
+`cogops` is a command-line tool for performing batch operations on AWS Cognito
+user pools.\
+It supports synchronizing users into a local file, adding users to groups, and
+removing users from groups.
-This project is designed to be simple, predictable, and operational-friendly.
+## Why
----
+Some of our internal systems rely on AWS Cognito Group membership for
+authorization. However, Cognito:
+- Does not support batch operations
+- Requires the opaque Cognito username for group changes
+- Does not allow group operations using the user’s email
+- Can throttle if performing requests per user per group
+- Each user lookup by email requires a full search query
+
+### Command sync Required?
+
+Our Cognito User Pool integrates with Google Identity Provider.
+
+Cognito usernames look like: **Google_AbCdEf1234567890**
+
+Emails are stored only as attributes and cannot be passed to Cognito Admin
+APIs. Other internal systems only know users by email — mismatch.
+
+Solution, the sync command downloads all users via paginated calls:
+
+```
+username,email
+Google_a3be23de...,user@example.com
+Google_91cfeacb...,another@example.com
+```
+
+This creates a local, up-to-date user index so later add and del operations
+run:
+
+- 1 direct request per user
+- No additional lookup/search required
+- No wasted API calls
+
+## Features
+
+- sync: Generates an optimized local mapping username,email of all Cognito
+ users
+- add: Add users in bulk to one or more groups
+- Concurrency Control
+- Operation timetout
+
## Requirements
- Rust toolchain (Rust 1.75 or newer recommended)
-- AWS credentials with Administrator privileges for the target Cognito user pool
+- AWS credentials with Administrator privileges for the target Cognito user
+ pool
- Access to the AWS API (environment variables, credential file, or IAM role)
To install Rust:
cargo --version
```
----
-
## Building
Clone the repository and build the binary:
You can add it to your PATH or move it to `/usr/local/bin`.
----
-
## AWS Credentials
-`cogops` uses the official AWS Rust SDK and respects all standard credential providers.
+`cogops` uses the official AWS Rust SDK and respects all standard credential
+providers.
For example:
3. `del`\
Remove users from one or more Cognito groups.
----
-
## 1. Synchronizing users (sync)
-This operation reads all users from the provided Cognito User Pool ID and writes them to a CSV file.
+This operation reads all users from the provided Cognito User Pool ID and
+writes them to a CSV file.
Example:
This file is later used by the `add` and `del` operations.
----
-
## 2. Adding users to groups (add)
This operation requires two input files:
Example:
```
-cogops add --pool-id us-east-1_ABC123 --sync-file cognito_sync.csv --emails-file to_add.txt --group admin --group managers --concurrency 10
+cogops add --pool-id us-east-1_ABC123 --sync-file cognito_sync.csv --emails-file to_add.txt --group admin --group managers --concurrency 10
```
Where `to_add.txt` might contain:
john@example.com
```
-For each email, `cogops` resolves the username from the sync map and calls the Cognito Admin API to add the user to the specified groups.
+For each email, `cogops` resolves the username from the sync map and calls the
+Cognito Admin API to add the user to the specified groups.
A progress bar is displayed during processing.
----
-
## 3. Removing users from groups (del) (WIP)
-This command mirrors the `add` command but removes users instead of adding them.
+This command mirrors the `add` command but removes users instead of adding
+them.
Example:
cogops del --pool-id us-east-1_ABC123 --sync-file cognito_sync.csv --emails-file to_remove.txt --group admin --concurrency 5
```
----
-
## Logging and verbosity
`cogops` uses `tracing` for structured logging.
RUST_LOG=debug cogops add ...
```
----
-
## License
-Licensed under ISC license ([LICENSE](LICENSE) or https://opensource.org/licenses/ISC)
+Licensed under ISC license ([LICENSE](LICENSE) or
+https://opensource.org/licenses/ISC)
blob - 0e2c33b2e7a56ab17151ed993928fd790e50a534
blob + 284a8eed34bf57cfd24efcd72e3dba103be26da4
--- dprint.json
+++ dprint.json
{
"lineWidth": 79,
+ "markdown": {
+ "textWrap": "always"
+ },
"json": {
"indentWidth": 2
},
