listgroups

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 5, 2021 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Overview

Package listgroups extract all groups from a GCI directory using the Admin SDK API

Triggered by

Cloud Scheduler Job, through PubSub messages.

Instances

few, one per directory customer ID.

Output

PubSub messages to a dedicated topic formated like Cloud Asset Inventory feed messages.

Cardinality

- one-several: one extraction job is scalled into x queries.

- x = (number of domains in GCI directory) x (36 email prefixes).

- email prefixes: a..z 0..9.

Automatic retrying

Yes.

Is recurssive

Yes.

Domain Wide Delegation

Yes. The service account used to run this cloud function must have domain wide delegation and the following Oauth scopes:

- https://www.googleapis.com/auth/admin.directory.group.readonly

- https://www.googleapis.com/auth/admin.directory.domain.readonly

Key rotation strategy

- A new service account key is created during the cloud function deployment in Cloud Build.

- The json key file is available to the cloud function as a local source file and is not persisted in git.

- The cloud function init function deletes any key but the current one.

- So, how to rotate service accout key? just redeploy the cloud function.

GCI authentication notes

- Read the service account json key file created during the cloud function deployment.

- Get a google jwt JSON Web token configuration from: Key JSON file, Scopes, GCI User to impersonate, aka subject, aka the super admin.

- Get an HTTP client from the jwtConfig.

- Get a clientOption from the HTTP client.

- Get a service from admin directory package fron the client option.

GCI request notes

- "my_customer": As an account administrator, you can also use the my_customer alias to represent your account's customerId.

- Prefer to use the "directory_customer_id" instead of "my_customer" to narrow the execution time of the function in case of multiple directories, e.g. sandboxes / managed

Implementation example

package p
import (
    "context"

    "github.com/BrunoReboul/ram/services/listgroups"
    "github.com/BrunoReboul/ram/utilities/ram"
)
var global listgroups.Global
var ctx = context.Background()

// EntryPoint is the function to be executed for each cloud function occurence
func EntryPoint(ctxEvent context.Context, PubSubMessage gps.PubSubMessage) error {
    return listgroups.EntryPoint(ctxEvent, PubSubMessage, &global)
}

func init() {
    listgroups.Initialize(ctx, &global)
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EntryPoint

func EntryPoint(ctxEvent context.Context, PubSubMessage gps.PubSubMessage, global *Global) error

EntryPoint is the function to be executed for each cloud function occurence

func Initialize

func Initialize(ctx context.Context, global *Global) (err error)

Initialize is to be executed in the init() function of the cloud function to optimize the cold start

Types

type Global

type Global struct {
	PubSubID string
	// contains filtered or unexported fields
}

Global structure for global variables to optimize the cloud function performances

type InstanceDeployment added in v0.0.24

type InstanceDeployment struct {
	DumpTimestamp time.Time `yaml:"dumpTimestamp"`
	Artifacts     struct {
		JobName         string `yaml:"jobName"`
		TopicName       string `yaml:"topicName"`
		Schedule        string
		OutputTopicName string `yaml:"outputTopicName"`
	}
	Core     *deploy.Core
	Settings struct {
		Service struct {
			GSU                     gsu.Parameters
			IAM                     iamgt.Parameters
			GCB                     gcb.Parameters
			GCF                     gcf.Parameters
			KeyJSONFileName         string `yaml:"keyJSONFileName"`
			LogEventEveryXPubSubMsg uint64 `yaml:"logEventEveryXPubSubMsg"`
			MaxResultsPerPage       int64  `yaml:"maxResultsPerPage"`
		}
		Instance struct {
			GCI struct {
				DirectoryCustomerID string `yaml:"directoryCustomerID"`
				SuperAdminEmail     string `yaml:"superAdminEmail"`
			}
			SCH sch.Parameters
		}
	}
}

InstanceDeployment settings and artifacts structure

func NewInstanceDeployment added in v0.0.24

func NewInstanceDeployment() *InstanceDeployment

NewInstanceDeployment create deployment structure with default settings set

func (*InstanceDeployment) Deploy added in v0.0.24

func (instanceDeployment *InstanceDeployment) Deploy() (err error)

Deploy a service instance

func (*InstanceDeployment) ReadValidate added in v0.0.24

func (instanceDeployment *InstanceDeployment) ReadValidate() (err error)

ReadValidate reads and validates service and instance settings

func (*InstanceDeployment) Situate added in v0.0.24

func (instanceDeployment *InstanceDeployment) Situate() (err error)

Situate complement settings taking in account the situation for service and instance settings

type Settings

type Settings struct {
	DirectoryCustomerID string    `json:"directoryCustomerID"`
	Domain              string    `json:"domain"`
	EmailPrefix         string    `json:"emailPrefix"`
	StepStack           glo.Steps `json:"step_stack,omitempty"`
}

Settings from PubSub triggering event

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL