fix: data race in GetGroupsMembersBruteForce concurrent map writes

christiangda · christiangda · commit db3aba20f807 · 2026-03-30T12:18:23.000+02:00
diff --git a/internal/scim/scim.go b/internal/scim/scim.go
@@ -508,6 +508,12 @@ func (s *Provider) GetGroupsMembersBruteForce(ctx context.Context, gr *model.Gro
 	// a map of group SCIM IDs to a slice of members
 	membersByGroup := make(map[string][]*model.Member)
 
+	// pre-initialize all map entries before launching goroutines to avoid
+	// concurrent map writes between the outer loop and goroutine appends
+	for _, group := range gr.Resources {
+		membersByGroup[group.SCIMID] = make([]*model.Member, 0, 10)
+	}
+
 	// use an errgroup to manage the goroutines
 	g, ctx := errgroup.WithContext(ctx)
 
@@ -520,9 +526,6 @@ func (s *Provider) GetGroupsMembersBruteForce(ctx context.Context, gr *model.Gro
 	// brute force implemented here thanks to the fxxckin' aws sso scim api
 	// iterate over each group and user and check if the user is a member of the group
 	for _, group := range gr.Resources {
-		// initialize the members slice for the group. Optimistic approach
-		membersByGroup[group.SCIMID] = make([]*model.Member, 0, 10)
-
 		for _, user := range ur.Resources {
 
 			// create a new variable for the group and user to avoid data races
