did you mix up this PR and one of your other ones? cuz this talks about filetree but no changes here are within the filetree role

I don't think that I made mistake with PR, I thought a lot about this topic and this solution allows to synchronize roles between files exported using filetree_create and the target controller. It is not perfect because if someone delete all permissions from the user/team it won't be synchronized.

@Tompage1994 @sean-m-sullivan thoughts on this one? or do we need filetree team to review?

Sorry for taking a while on this. I've been back to this 2 or 3 times and I can't really get my head around what you're trying to achieve that the object_diff and filetree stuff doesn't do.

My gut feel is that this isn't the right place for all this logic as it goes against what we have tried to do for all the other 'endpoint' roles where we are simply looping over the module (as well as adding in extra bits to speed up execution etc.) This does stray away from that and that does make me nervous.

Let me know if you have compelling reasons why this needs to be part of this role specifically and not part of one of the filetree roles.

Okay, I know the object_diff but there is an issue when there are lots of the roles (we have around 20k) and while I was using the object_diff it was killing the job due to memory leak. If you can suggest how to solve it it would be great.

Okay, I know the object_diff but there is an issue when there are lots of the roles (we have around 20k) and while I was using the object_diff it was killing the job due to memory leak. If you can suggest how to solve it it would be great.

In honesty I've never tried doing object_diff at scale. If you find this works better then maybe adding this logic into the object_diff for roles as a replacement?

Ok I will try to add this changes to object_diff.

Hi, after analysing our approach with the object_diff we've decided not to push it to the collection, so I will close this PR.