├── .github ├── PULL_REQUEST_TEMPLATE.md ├── workflows │ ├── sync-labels.yml │ ├── golangci-lint.yml │ ├── steampipe-anywhere.yml │ ├── registry-publish.yml │ ├── add-issue-to-project.yml │ └── stale.yml ├── ISSUE_TEMPLATE │ ├── feature-request---new-table.md │ ├── config.yml │ ├── bug_report.md │ └── feature_request.md └── dependabot.yml ├── Makefile ├── main.go ├── .gitignore ├── googledirectory ├── not_found.go ├── connection_config.go ├── utils.go ├── plugin.go ├── table_googledirectory_privilege.go ├── table_googledirectory_domain.go ├── table_googledirectory_role.go ├── table_googledirectory_org_unit.go ├── service.go ├── table_googledirectory_domain_alias.go ├── table_googledirectory_group_member.go ├── table_googledirectory_role_assignment.go ├── table_googledirectory_group.go └── table_googledirectory_user.go ├── .goreleaser.yml ├── config └── googledirectory.spc ├── docs ├── tables │ ├── googledirectory_domain.md │ ├── googledirectory_domain_alias.md │ ├── googledirectory_org_unit.md │ ├── googledirectory_role_assignment.md │ ├── googledirectory_privilege.md │ ├── googledirectory_group_member.md │ ├── googledirectory_role.md │ ├── googledirectory_group.md │ └── googledirectory_user.md ├── index.md └── LICENSE ├── README.md ├── go.mod ├── CHANGELOG.md └── LICENSE /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | # Example query results 2 |

3 |

Results

4 | 5 | ``` 6 | Add example SQL query results here (please include the input queries as well) 7 | ``` 8 |

9 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | STEAMPIPE_INSTALL_DIR ?= ~/.steampipe 2 | BUILD_TAGS = netgo 3 | install: 4 | go build -o $(STEAMPIPE_INSTALL_DIR)/plugins/hub.steampipe.io/plugins/turbot/googledirectory@latest/steampipe-plugin-googledirectory.plugin -tags "${BUILD_TAGS}" *.go 5 | -------------------------------------------------------------------------------- /.github/workflows/sync-labels.yml: -------------------------------------------------------------------------------- 1 | name: Sync Labels 2 | on: 3 | schedule: 4 | - cron: "30 22 * * 1" 5 | workflow_dispatch: 6 | 7 | jobs: 8 | sync_labels_workflow: 9 | uses: turbot/steampipe-workflows/.github/workflows/sync-labels.yml@main 10 | -------------------------------------------------------------------------------- /.github/workflows/golangci-lint.yml: -------------------------------------------------------------------------------- 1 | name: golangci-lint 2 | on: 3 | push: 4 | tags: 5 | - v* 6 | branches: 7 | - main 8 | pull_request: 9 | 10 | jobs: 11 | golangci_lint_workflow: 12 | uses: turbot/steampipe-workflows/.github/workflows/golangci-lint.yml@main 13 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/turbot/steampipe-plugin-googledirectory/googledirectory" 5 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 6 | ) 7 | 8 | func main() { 9 | plugin.Serve(&plugin.ServeOpts{ 10 | PluginFunc: googledirectory.Plugin}) 11 | } 12 | -------------------------------------------------------------------------------- /.github/workflows/steampipe-anywhere.yml: -------------------------------------------------------------------------------- 1 | name: Release Steampipe Anywhere Components 2 | 3 | on: 4 | push: 5 | tags: 6 | - 'v*' 7 | 8 | 9 | jobs: 10 | anywhere_publish_workflow: 11 | uses: turbot/steampipe-workflows/.github/workflows/steampipe-anywhere.yml@main 12 | secrets: inherit 13 | -------------------------------------------------------------------------------- /.github/workflows/registry-publish.yml: -------------------------------------------------------------------------------- 1 | name: Build and Deploy OCI Image 2 | 3 | on: 4 | push: 5 | tags: 6 | - 'v*' 7 | 8 | jobs: 9 | registry_publish_workflow_ghcr: 10 | uses: turbot/steampipe-workflows/.github/workflows/registry-publish-ghcr.yml@main 11 | secrets: inherit 12 | with: 13 | releaseTimeout: 60m 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | 8 | # Test binary, built with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool, specifically when used with LiteIDE 12 | *.out 13 | 14 | # Dependency directories (remove the comment below to include it) 15 | # vendor/ 16 | -------------------------------------------------------------------------------- /.github/workflows/add-issue-to-project.yml: -------------------------------------------------------------------------------- 1 | name: Assign Issue to Project 2 | 3 | on: 4 | issues: 5 | types: [opened] 6 | 7 | jobs: 8 | add-to-project: 9 | uses: turbot/steampipe-workflows/.github/workflows/assign-issue-to-project.yml@main 10 | with: 11 | issue_number: ${{ github.event.issue.number }} 12 | repository: ${{ github.repository }} 13 | secrets: inherit 14 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature-request---new-table.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request - New table 3 | about: Suggest a new table for this project 4 | title: Add table googledirectory__ 5 | labels: enhancement, new table 6 | assignees: '' 7 | 8 | --- 9 | 10 | **References** 11 | Add any related links that will help us understand the resource, including vendor documentation, related GitHub issues, and Go SDK documentation. 12 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | name: Stale Issues and PRs 2 | on: 3 | schedule: 4 | - cron: "30 23 * * *" 5 | workflow_dispatch: 6 | inputs: 7 | dryRun: 8 | description: Set to true for a dry run 9 | required: false 10 | default: "false" 11 | type: string 12 | 13 | jobs: 14 | stale_workflow: 15 | uses: turbot/steampipe-workflows/.github/workflows/stale.yml@main 16 | with: 17 | dryRun: ${{ github.event.inputs.dryRun }} 18 | -------------------------------------------------------------------------------- /googledirectory/not_found.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "slices" 5 | 6 | "github.com/turbot/go-kit/types" 7 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 8 | "google.golang.org/api/googleapi" 9 | ) 10 | 11 | // function which returns an IsNotFoundErrorPredicate for Google Directory API calls 12 | func isNotFoundError(notFoundErrors []string) plugin.ErrorPredicate { 13 | return func(err error) bool { 14 | if gerr, ok := err.(*googleapi.Error); ok { 15 | return slices.Contains(notFoundErrors, types.ToString(gerr.Code)) 16 | } 17 | return false 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | contact_links: 3 | - name: Questions 4 | url: https://turbot.com/community/join 5 | about: GitHub issues in this repository are only intended for bug reports and feature requests. Other issues will be closed. Please ask and answer questions through the Steampipe Slack community. 6 | - name: Steampipe CLI Bug Reports and Feature Requests 7 | url: https://github.com/turbot/steampipe/issues/new/choose 8 | about: Steampipe CLI has its own codebase. Bug reports and feature requests for those pieces of functionality should be directed to that repository. -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **Steampipe version (`steampipe -v`)** 14 | Example: v0.3.0 15 | 16 | **Plugin version (`steampipe plugin list`)** 17 | Example: v0.5.0 18 | 19 | **To reproduce** 20 | Steps to reproduce the behavior (please include relevant code and/or commands). 21 | 22 | **Expected behavior** 23 | A clear and concise description of what you expected to happen. 24 | 25 | **Additional context** 26 | Add any other context about the problem here. 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "gomod" # See documentation for possible values 9 | directory: "/" # Location of package manifests 10 | schedule: 11 | interval: "weekly" 12 | pull-request-branch-name: 13 | separator: "-" 14 | assignees: 15 | - "misraved" 16 | - "madhushreeray30" 17 | labels: 18 | - "dependencies" 19 | -------------------------------------------------------------------------------- /googledirectory/connection_config.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 5 | ) 6 | 7 | type googledirectoryConfig struct { 8 | CredentialFile *string `hcl:"credential_file"` 9 | Credentials *string `hcl:"credentials"` 10 | ImpersonatedUserEmail *string `hcl:"impersonated_user_email"` 11 | TokenPath *string `hcl:"token_path"` 12 | } 13 | 14 | func ConfigInstance() interface{} { 15 | return &googledirectoryConfig{} 16 | } 17 | 18 | // GetConfig :: retrieve and cast connection config from query data 19 | func GetConfig(connection *plugin.Connection) googledirectoryConfig { 20 | if connection == nil || connection.Config == nil { 21 | return googledirectoryConfig{} 22 | } 23 | config, _ := connection.Config.(googledirectoryConfig) 24 | return config 25 | } 26 | -------------------------------------------------------------------------------- /.goreleaser.yml: -------------------------------------------------------------------------------- 1 | # This is an example goreleaser.yaml file with some sane defaults. 2 | # Make sure to check the documentation at http://goreleaser.com 3 | before: 4 | hooks: 5 | - go mod tidy 6 | builds: 7 | - env: 8 | - CGO_ENABLED=0 9 | - GO111MODULE=on 10 | - GOPRIVATE=github.com/turbot 11 | goos: 12 | - linux 13 | - darwin 14 | 15 | goarch: 16 | - amd64 17 | - arm64 18 | 19 | id: "steampipe" 20 | binary: "{{ .ProjectName }}.plugin" 21 | flags: 22 | - -tags=netgo 23 | 24 | archives: 25 | - format: gz 26 | name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}" 27 | files: 28 | - none* 29 | checksum: 30 | name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS" 31 | algorithm: sha256 32 | changelog: 33 | sort: asc 34 | filters: 35 | exclude: 36 | - "^docs:" 37 | - "^test:" 38 | -------------------------------------------------------------------------------- /googledirectory/utils.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | 7 | "github.com/mitchellh/go-homedir" 8 | ) 9 | 10 | // Returns the content of given file, or the inline JSON credential as it is 11 | func pathOrContents(poc string) (string, error) { 12 | if len(poc) == 0 { 13 | return poc, nil 14 | } 15 | 16 | path, err := expandPath(poc) 17 | if err != nil { 18 | return path, err 19 | } 20 | 21 | // Check for valid file path 22 | if _, err := os.Stat(path); err == nil { 23 | contents, err := os.ReadFile(path) 24 | if err != nil { 25 | return string(contents), err 26 | } 27 | return string(contents), nil 28 | } 29 | 30 | // Return error if content is a file path and the file doesn't exist 31 | if len(path) > 1 && (path[0] == '/' || path[0] == '\\') { 32 | return "", fmt.Errorf("%s: no such file or dir", path) 33 | } 34 | 35 | // Return the inline content 36 | return poc, nil 37 | } 38 | 39 | // Expands the path to include the home directory if the path is prefixed with `~` 40 | func expandPath(filePath string) (string, error) { 41 | // Check if the path has `~` to denote the home dir 42 | path := filePath 43 | if path[0] == '~' { 44 | var err error 45 | path, err = homedir.Expand(path) 46 | if err != nil { 47 | return path, err 48 | } 49 | } 50 | return path, nil 51 | } 52 | -------------------------------------------------------------------------------- /googledirectory/plugin.go: -------------------------------------------------------------------------------- 1 | /* 2 | Package googledirectory implements a steampipe plugin for googledirectory. 3 | 4 | This plugin provides data that Steampipe uses to present foreign 5 | tables that represent Google Directory resources. 6 | */ 7 | package googledirectory 8 | 9 | import ( 10 | "context" 11 | 12 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 13 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 14 | ) 15 | 16 | const pluginName = "steampipe-plugin-googledirectory" 17 | 18 | // Plugin creates this (googledirectory) plugin 19 | func Plugin(ctx context.Context) *plugin.Plugin { 20 | p := &plugin.Plugin{ 21 | Name: pluginName, 22 | DefaultTransform: transform.FromCamel().NullIfZero(), 23 | DefaultGetConfig: &plugin.GetConfig{ 24 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 25 | }, 26 | ConnectionConfigSchema: &plugin.ConnectionConfigSchema{ 27 | NewInstance: ConfigInstance, 28 | }, 29 | TableMap: map[string]*plugin.Table{ 30 | "googledirectory_domain": tableGoogleDirectoryDomain(ctx), 31 | "googledirectory_domain_alias": tableGoogleDirectoryDomainAlias(ctx), 32 | "googledirectory_group": tableGoogleDirectoryGroup(ctx), 33 | "googledirectory_group_member": tableGoogleDirectoryGroupMember(ctx), 34 | "googledirectory_org_unit": tableGoogleDirectoryOrgUnit(ctx), 35 | "googledirectory_privilege": tableGoogleDirectoryPrivilege(ctx), 36 | "googledirectory_role": tableGoogleDirectoryRole(ctx), 37 | "googledirectory_role_assignment": tableGoogleDirectoryRoleAssignment(ctx), 38 | "googledirectory_user": tableGoogleDirectoryUser(ctx), 39 | }, 40 | } 41 | 42 | return p 43 | } 44 | -------------------------------------------------------------------------------- /config/googledirectory.spc: -------------------------------------------------------------------------------- 1 | connection "googledirectory" { 2 | plugin = "googledirectory" 3 | 4 | # You may connect to Google Workspace using more than one option: 5 | # 1. To authenticate using domain-wide delegation, specify a service account credential file and the user email for impersonation 6 | # `credentials` - Either the path to a JSON credential file that contains Google application credentials, 7 | # or the contents of a service account key file in JSON format. If `credentials` is not specified in a connection, 8 | # credentials will be loaded from: 9 | # - The path specified in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable, if set; otherwise 10 | # - The standard location (`~/.config/gcloud/application_default_credentials.json`) 11 | # - The path specified for the credentials.json file ("/path/to/my/creds.json") 12 | # credentials = "~/.config/gcloud/application_default_credentials.json" 13 | 14 | # `impersonated_user_email` - The email (string) of the user which should be impersonated. Needs permissions to access the Admin APIs. 15 | # `impersonated_user_email` must be set, since the service account needs to impersonate a user with Admin API permissions to access the directory. 16 | # impersonated_user_email = "username@domain.com" 17 | 18 | # 2. To authenticate using OAuth 2.0, specify a client secret file 19 | # `token_path` - The path to a JSON credential file that contains Google application credentials. 20 | # If `token_path` is not specified in a connection, credentials will be loaded from: 21 | # - The path specified in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable, if set; otherwise 22 | # - The standard location (`~/.config/gcloud/application_default_credentials.json`) 23 | # token_path = "~/.config/gcloud/application_default_credentials.json" 24 | } 25 | -------------------------------------------------------------------------------- /docs/tables/googledirectory_domain.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_domain - Query Google Directory Domains using SQL" 3 | description: "Allows users to query Google Directory Domains, providing detailed information about the domain and its associated settings and configurations." 4 | --- 5 | 6 | # Table: googledirectory_domain - Query Google Directory Domains using SQL 7 | 8 | Google Directory Domains is a resource within Google Workspace that allows you to manage your organization's domains. It provides a centralized way to set up and manage domains, including domain verification, alias management, and more. Google Directory Domains helps you stay informed about the status and settings of your domains and take appropriate actions when needed. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_domain` table provides insights into domains within Google Workspace Directory. As a system administrator, explore domain-specific details through this table, including domain name, whether the domain is verified, and associated metadata. Utilize it to uncover information about domains, such as their verification status, and to manage domain aliases. 13 | 14 | ## Examples 15 | 16 | ### Basic info 17 | Explore which domains within your Google Directory are primary and when they were created. This can be beneficial for assessing domain configurations and understanding their establishment timeline. 18 | 19 | ```sql+postgres 20 | select 21 | domain_name, 22 | creation_time, 23 | is_primary 24 | from 25 | googledirectory_domain; 26 | ``` 27 | 28 | ```sql+sqlite 29 | select 30 | domain_name, 31 | creation_time, 32 | is_primary 33 | from 34 | googledirectory_domain; 35 | ``` 36 | 37 | ### List unverified domains 38 | Discover the segments that include unverified domains in your Google Directory. This can help you identify potential security risks and take necessary actions to verify these domains. 39 | 40 | ```sql+postgres 41 | select 42 | domain_name, 43 | creation_time, 44 | verified 45 | from 46 | googledirectory_domain 47 | where 48 | not verified; 49 | ``` 50 | 51 | ```sql+sqlite 52 | select 53 | domain_name, 54 | creation_time, 55 | verified 56 | from 57 | googledirectory_domain 58 | where 59 | not verified; 60 | ``` -------------------------------------------------------------------------------- /docs/tables/googledirectory_domain_alias.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_domain_alias - Query Google Workspace Domain Aliases using SQL" 3 | description: "Allows users to query Domain Aliases in Google Workspace, specifically providing insights into the aliases associated with a Google Workspace domain." 4 | --- 5 | 6 | # Table: googledirectory_domain_alias - Query Google Workspace Domain Aliases using SQL 7 | 8 | A Google Workspace Domain Alias is an alternative name for a Google Workspace domain, which allows users to log in to their accounts and services using different domain names. Domain aliases are particularly useful for organizations that operate under multiple brand names or have different domains for different departments. They are managed through the Google Admin console and can be used with all Google Workspace services. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_domain_alias` table provides insights into domain aliases within Google Workspace. As a Google Workspace administrator, explore alias-specific details through this table, including the parent domain name, creation time, and whether the alias is verified. Utilize it to manage and monitor your organization's domain aliases, ensuring that all aliases are correctly set up and verified. 13 | 14 | ## Examples 15 | 16 | ### Basic info 17 | Explore which domain aliases in your Google Directory have been verified and when they were created. This can be used to maintain a secure and organized domain structure. 18 | 19 | ```sql+postgres 20 | select 21 | domain_alias_name, 22 | creation_time, 23 | verified 24 | from 25 | googledirectory_domain_alias; 26 | ``` 27 | 28 | ```sql+sqlite 29 | select 30 | domain_alias_name, 31 | creation_time, 32 | verified 33 | from 34 | googledirectory_domain_alias; 35 | ``` 36 | 37 | ### List unverified domain aliases 38 | Discover the segments that consist of unverified domain aliases, enabling you to identify potential areas of risk and take appropriate action to verify them. 39 | 40 | ```sql+postgres 41 | select 42 | domain_alias_name, 43 | creation_time, 44 | verified 45 | from 46 | googledirectory_domain_alias 47 | where 48 | not verified; 49 | ``` 50 | 51 | ```sql+sqlite 52 | select 53 | domain_alias_name, 54 | creation_time, 55 | verified 56 | from 57 | googledirectory_domain_alias 58 | where 59 | not verified; 60 | ``` 61 | 62 | ### List domain aliases by parent domain 63 | Explore the different domain aliases associated with a specific parent domain. This can be useful for understanding the structure and organization of your domain aliases, as well as for verifying their creation times and statuses. 64 | 65 | ```sql+postgres 66 | select 67 | domain_alias_name, 68 | parent_domain_name, 69 | creation_time, 70 | verified 71 | from 72 | googledirectory_domain_alias 73 | where 74 | parent_domain_name = 'domain.com'; 75 | ``` 76 | 77 | ```sql+sqlite 78 | select 79 | domain_alias_name, 80 | parent_domain_name, 81 | creation_time, 82 | verified 83 | from 84 | googledirectory_domain_alias 85 | where 86 | parent_domain_name = 'domain.com'; 87 | ``` -------------------------------------------------------------------------------- /docs/tables/googledirectory_org_unit.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_org_unit - Query Google Directory Org Units using SQL" 3 | description: "Allows users to query Google Directory Org Units, providing detailed information about organizational units within Google Workspace." 4 | --- 5 | 6 | # Table: googledirectory_org_unit - Query Google Directory Org Units using SQL 7 | 8 | Google Directory is a service within Google Workspace that manages and organizes information about users, groups, and devices. It provides a centralized way to manage organizational units, users, groups, and devices in a Google Workspace account. Google Directory helps you stay informed about the structure and organization of your Google Workspace resources. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_org_unit` table provides insights into organizational units within Google Directory. As a system administrator, explore unit-specific details through this table, including names, descriptions, parent organizational units, and associated metadata. Utilize it to uncover information about the hierarchy and structure of your organization within Google Workspace. 13 | 14 | ## Examples 15 | 16 | ### Basic info 17 | Explore the organization structure within Google Directory to understand its hierarchy and descriptions. This can be beneficial for managing resources and permissions within your organization. 18 | 19 | ```sql+postgres 20 | select 21 | name, 22 | org_unit_id, 23 | org_unit_path, 24 | description 25 | from 26 | googledirectory_org_unit; 27 | ``` 28 | 29 | ```sql+sqlite 30 | select 31 | name, 32 | org_unit_id, 33 | org_unit_path, 34 | description 35 | from 36 | googledirectory_org_unit; 37 | ``` 38 | 39 | ### Get org unit by ID 40 | Explore the specific organizational unit within Google Directory by using its unique ID. This assists in obtaining detailed information about the unit, such as its name, path, and description, which can be useful for managing and understanding the structure of your organization. 41 | 42 | ```sql+postgres 43 | select 44 | name, 45 | org_unit_id, 46 | org_unit_path, 47 | description 48 | from 49 | googledirectory_org_unit 50 | where 51 | org_unit_id = 'id:03pk8a4z4t34g1w'; 52 | ``` 53 | 54 | ```sql+sqlite 55 | select 56 | name, 57 | org_unit_id, 58 | org_unit_path, 59 | description 60 | from 61 | googledirectory_org_unit 62 | where 63 | org_unit_id = 'id:03pk8a4z4t34g1w'; 64 | ``` 65 | 66 | ### Get org unit by path 67 | Explore the specific organizational unit within your Google Directory by its unique path. This allows you to obtain crucial details about the unit, such as its name and description, which can be beneficial for managing your organizational structure. 68 | 69 | ```sql+postgres 70 | select 71 | name, 72 | org_unit_id, 73 | org_unit_path, 74 | description 75 | from 76 | googledirectory_org_unit 77 | where 78 | org_unit_path = '/DM'; 79 | ``` 80 | 81 | ```sql+sqlite 82 | select 83 | name, 84 | org_unit_id, 85 | org_unit_path, 86 | description 87 | from 88 | googledirectory_org_unit 89 | where 90 | org_unit_path = '/DM'; 91 | ``` -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_privilege.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 7 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 8 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 9 | ) 10 | 11 | //// TABLE DEFINITION 12 | 13 | func tableGoogleDirectoryPrivilege(_ context.Context) *plugin.Table { 14 | return &plugin.Table{ 15 | Name: "googledirectory_privilege", 16 | Description: "Privileges defined in the Google Workspace directory.", 17 | List: &plugin.ListConfig{ 18 | Hydrate: listDirectoryPrivileges, 19 | KeyColumns: []*plugin.KeyColumn{ 20 | { 21 | Name: "customer_id", 22 | Require: plugin.Optional, 23 | }, 24 | }, 25 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 26 | }, 27 | Columns: []*plugin.Column{ 28 | { 29 | Name: "privilege_name", 30 | Description: "The name of the privilege.", 31 | Type: proto.ColumnType_STRING, 32 | }, 33 | { 34 | Name: "service_name", 35 | Description: "The name of the service this privilege is for.", 36 | Type: proto.ColumnType_STRING, 37 | }, 38 | { 39 | Name: "service_id", 40 | Description: "The obfuscated ID of the service this privilege is for.", 41 | Type: proto.ColumnType_STRING, 42 | }, 43 | { 44 | Name: "is_ou_scopable", 45 | Description: "Indicates if the privilege can be restricted to an organization unit.", 46 | Type: proto.ColumnType_BOOL, 47 | }, 48 | { 49 | Name: "customer_id", 50 | Description: "The customer ID to retrieve all privileges for a customer.", 51 | Type: proto.ColumnType_STRING, 52 | Transform: transform.FromQual("customer_id"), 53 | }, 54 | { 55 | Name: "etag", 56 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 57 | Type: proto.ColumnType_STRING, 58 | }, 59 | { 60 | Name: "kind", 61 | Description: "The type of the API resource.", 62 | Type: proto.ColumnType_STRING, 63 | }, 64 | { 65 | Name: "child_privileges", 66 | Description: "A list of child privileges. Privileges for a service form a tree. Each privilege can have a list of child privileges; this list is empty for a leaf privilege.", 67 | Type: proto.ColumnType_JSON, 68 | }, 69 | }, 70 | } 71 | } 72 | 73 | //// LIST FUNCTION 74 | 75 | func listDirectoryPrivileges(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 76 | // Create service 77 | service, err := AdminService(ctx, d) 78 | if err != nil { 79 | return nil, err 80 | } 81 | 82 | // Set default value to my_customer, to represent current account 83 | customerID := "my_customer" 84 | if d.EqualsQuals["customer_id"] != nil { 85 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 86 | } 87 | 88 | resp, err := service.Privileges.List(customerID).Do() 89 | if err != nil { 90 | return nil, err 91 | } 92 | 93 | for _, role := range resp.Items { 94 | d.StreamListItem(ctx, role) 95 | 96 | // Context can be cancelled due to manual cancellation or the limit has been hit 97 | if plugin.IsCancelled(ctx) { 98 | break 99 | } 100 | } 101 | 102 | return nil, err 103 | } 104 | -------------------------------------------------------------------------------- /docs/tables/googledirectory_role_assignment.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_role_assignment - Query Google Directory Role Assignments using SQL" 3 | description: "Allows users to query Role Assignments in Google Directory, providing insights into role assignments and their details." 4 | --- 5 | 6 | # Table: googledirectory_role_assignment - Query Google Directory Role Assignments using SQL 7 | 8 | Google Directory is a service within Google Workspace that helps manage organizational structure and browse people in your organization. It allows you to manage users, devices, and apps, and it's an essential tool for IT and system administrators. Role Assignments in Google Directory are used to assign roles to users or groups, which define what actions they can perform. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_role_assignment` table provides insights into Role Assignments within Google Directory. As an IT or system administrator, explore role assignment-specific details through this table, including the assigned user or group, the role ID, and the assignment ID. Utilize it to uncover information about role assignments, such as the permissions associated with each role, the users or groups assigned to each role, and the scope of each assignment. 13 | 14 | ## Examples 15 | 16 | ### Basic info 17 | Explore the allocation of roles within your Google Directory setup. This query will help you understand who holds what role and where, enhancing your security management by identifying potential misassignments or gaps. 18 | 19 | ```sql+postgres 20 | select 21 | role_assignment_id, 22 | role_id, 23 | assigned_to, 24 | scope_type 25 | from 26 | googledirectory_role_assignment; 27 | ``` 28 | 29 | ```sql+sqlite 30 | select 31 | role_assignment_id, 32 | role_id, 33 | assigned_to, 34 | scope_type 35 | from 36 | googledirectory_role_assignment; 37 | ``` 38 | 39 | ### Get role assignments by role ID 40 | Explore which roles have been assigned to different users within a specific Google Directory role. This can be useful in managing access and permissions in your organization. 41 | 42 | ```sql+postgres 43 | select 44 | role_assignment_id, 45 | role_id, 46 | assigned_to, 47 | scope_type 48 | from 49 | googledirectory_role_assignment 50 | where 51 | role_id = '522363132560015'; 52 | ``` 53 | 54 | ```sql+sqlite 55 | select 56 | role_assignment_id, 57 | role_id, 58 | assigned_to, 59 | scope_type 60 | from 61 | googledirectory_role_assignment 62 | where 63 | role_id = '522363132560015'; 64 | ``` 65 | 66 | ### Get role assignments by user 67 | Explore which roles have been assigned to each user in the Google Directory. This can be useful to understand the permissions and access each user has within the organization. 68 | 69 | ```sql+postgres 70 | select 71 | assigned_role.role_assignment_id as role_assignment_id, 72 | r.role_name as role_name, 73 | u.full_name as user_name 74 | from 75 | googledirectory_role_assignment as assigned_role, 76 | googledirectory_user as u, 77 | googledirectory_role as r 78 | where 79 | assigned_role.user_key = u.id 80 | and assigned_role.role_id = r.role_id; 81 | ``` 82 | 83 | ```sql+sqlite 84 | select 85 | assigned_role.role_assignment_id as role_assignment_id, 86 | r.role_name as role_name, 87 | u.full_name as user_name 88 | from 89 | googledirectory_role_assignment as assigned_role 90 | join googledirectory_user as u on assigned_role.user_key = u.id 91 | join googledirectory_role as r on assigned_role.role_id = r.role_id; 92 | ``` -------------------------------------------------------------------------------- /docs/tables/googledirectory_privilege.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_privilege - Query Google Directory Privileges using SQL" 3 | description: "Allows users to query Google Directory Privileges, specifically providing insights into the various rights granted to administrative roles." 4 | --- 5 | 6 | # Table: googledirectory_privilege - Query Google Directory Privileges using SQL 7 | 8 | Google Directory Privileges is a resource within Google Workspace Admin SDK that manages and provides information about the various rights granted to administrative roles. It allows administrators to create, update, and delete roles that contain one or more privileges. It is a key component in managing access control within Google Workspace. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_privilege` table provides insights into the privileges within Google Workspace Admin SDK. As an administrator, explore privilege-specific details through this table, including service IDs, privilege names, and associated metadata. Utilize it to uncover information about privileges, such as those associated with specific roles, and manage access control effectively within your Google Workspace environment. 13 | 14 | ## Examples 15 | 16 | ### Basic info 17 | Explore which privileges within the Google Directory service are applicable to Organizational Units. This can aid in understanding the scope of access control and managing permissions effectively. 18 | 19 | ```sql+postgres 20 | select 21 | privilege_name, 22 | service_name, 23 | service_id, 24 | is_ou_scopable 25 | from 26 | googledirectory_privilege; 27 | ``` 28 | 29 | ```sql+sqlite 30 | select 31 | privilege_name, 32 | service_name, 33 | service_id, 34 | is_ou_scopable 35 | from 36 | googledirectory_privilege; 37 | ``` 38 | 39 | ### List privileges by service 40 | Explore the distribution of privileges across different services. This can help in assessing the security posture by identifying services with a high count of privileges. 41 | 42 | ```sql+postgres 43 | select 44 | service_name, 45 | count(*) 46 | from 47 | googledirectory_privilege 48 | group by 49 | service_name 50 | order by 51 | count desc; 52 | ``` 53 | 54 | ```sql+sqlite 55 | select 56 | service_name, 57 | count(*) 58 | from 59 | googledirectory_privilege 60 | group by 61 | service_name 62 | order by 63 | count(*) desc; 64 | ``` 65 | 66 | ### List privileges for each role 67 | This example allows you to examine the specific permissions associated with each role within your Google Directory. It's useful for ensuring that roles are correctly configured and that each role has the appropriate level of access, enhancing your overall security posture. 68 | 69 | ```sql+postgres 70 | select 71 | r.role_name as role_name, 72 | p.service_name as service_name, 73 | p.privilege_name as privilege_name 74 | from 75 | googledirectory_role as r, 76 | jsonb_array_elements(r.role_privileges) as rp, 77 | googledirectory_privilege as p 78 | where 79 | rp ->> 'serviceId' = p.service_id 80 | and rp ->> 'privilegeName' = p.privilege_name 81 | order by 82 | role_name, 83 | service_name, 84 | privilege_name; 85 | ``` 86 | 87 | ```sql+sqlite 88 | select 89 | r.role_name as role_name, 90 | p.service_name as service_name, 91 | p.privilege_name as privilege_name 92 | from 93 | googledirectory_role as r, 94 | json_each(r.role_privileges) as rp, 95 | googledirectory_privilege as p 96 | where 97 | json_extract(rp.value, '$.serviceId') = p.service_id 98 | and json_extract(rp.value, '$.privilegeName') = p.privilege_name 99 | order by 100 | role_name, 101 | service_name, 102 | privilege_name; 103 | ``` -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_domain.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 7 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 8 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 9 | ) 10 | 11 | //// TABLE DEFINITION 12 | 13 | func tableGoogleDirectoryDomain(_ context.Context) *plugin.Table { 14 | return &plugin.Table{ 15 | Name: "googledirectory_domain", 16 | Description: "Domains defined in the Google Workspace directory.", 17 | List: &plugin.ListConfig{ 18 | Hydrate: listDirectoryDomains, 19 | KeyColumns: []*plugin.KeyColumn{ 20 | { 21 | Name: "customer_id", 22 | Require: plugin.Optional, 23 | }, 24 | }, 25 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 26 | }, 27 | Get: &plugin.GetConfig{ 28 | KeyColumns: plugin.SingleColumn("domain_name"), 29 | Hydrate: getDirectoryDomain, 30 | }, 31 | Columns: []*plugin.Column{ 32 | { 33 | Name: "domain_name", 34 | Description: "The domain name of the customer.", 35 | Type: proto.ColumnType_STRING, 36 | }, 37 | { 38 | Name: "creation_time", 39 | Description: "Specifies the creation time of the domain.", 40 | Type: proto.ColumnType_TIMESTAMP, 41 | Transform: transform.FromField("CreationTime").Transform(transform.UnixMsToTimestamp), 42 | }, 43 | { 44 | Name: "is_primary", 45 | Description: "Indicates if the domain is a primary domain, or not.", 46 | Type: proto.ColumnType_BOOL, 47 | }, 48 | { 49 | Name: "verified", 50 | Description: "Indicates the verification state of a domain.", 51 | Type: proto.ColumnType_BOOL, 52 | }, 53 | { 54 | Name: "customer_id", 55 | Description: "The customer ID to retrieve all account roles.", 56 | Type: proto.ColumnType_STRING, 57 | Transform: transform.FromQual("customer_id"), 58 | }, 59 | { 60 | Name: "etag", 61 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 62 | Type: proto.ColumnType_STRING, 63 | }, 64 | { 65 | Name: "kind", 66 | Description: "The type of the API resource.", 67 | Type: proto.ColumnType_STRING, 68 | }, 69 | { 70 | Name: "domain_aliases", 71 | Description: "A list of domain alias objects.", 72 | Type: proto.ColumnType_JSON, 73 | }, 74 | }, 75 | } 76 | } 77 | 78 | //// LIST FUNCTION 79 | 80 | func listDirectoryDomains(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 81 | // Create service 82 | service, err := AdminService(ctx, d) 83 | if err != nil { 84 | return nil, err 85 | } 86 | 87 | // Set default value to my_customer, to represent current account 88 | customerID := "my_customer" 89 | if d.EqualsQuals["customer_id"] != nil { 90 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 91 | } 92 | 93 | resp, err := service.Domains.List(customerID).Do() 94 | if err != nil { 95 | return nil, err 96 | } 97 | for _, user := range resp.Domains { 98 | d.StreamListItem(ctx, user) 99 | 100 | // Context can be cancelled due to manual cancellation or the limit has been hit 101 | if plugin.IsCancelled(ctx) { 102 | break 103 | } 104 | } 105 | 106 | return nil, nil 107 | } 108 | 109 | //// HYDRATE FUNCTIONS 110 | 111 | func getDirectoryDomain(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 112 | plugin.Logger(ctx).Trace("getDirectoryDomain") 113 | 114 | // Create service 115 | service, err := AdminService(ctx, d) 116 | if err != nil { 117 | return nil, err 118 | } 119 | 120 | domainName := d.EqualsQuals["domain_name"].GetStringValue() 121 | 122 | // Return nil, if no input provided 123 | if domainName == "" { 124 | return nil, nil 125 | } 126 | 127 | resp, err := service.Domains.Get("my_customer", domainName).Do() 128 | if err != nil { 129 | return nil, err 130 | } 131 | 132 | return resp, nil 133 | } 134 | -------------------------------------------------------------------------------- /docs/tables/googledirectory_group_member.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_group_member - Query Google Directory Group Members using SQL" 3 | description: "Allows users to query Google Directory Group Members, specifically providing details about each member of a group, their roles, and type." 4 | --- 5 | 6 | # Table: googledirectory_group_member - Query Google Directory Group Members using SQL 7 | 8 | Google Directory is a service within Google Workspace that provides a centralized way to manage and organize users, groups, and devices in an organization. It allows administrators to manage access to services and delegate administrative tasks. Google Directory Group Member represents a member of a group within the Google Directory. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_group_member` table provides insights into each member of a group within Google Directory. As an IT administrator, explore member-specific details through this table, including roles, type, and associated metadata. Utilize it to uncover information about group members, such as their roles within the group, the type of member (user, group, or service account), and other relevant details. 13 | 14 | **Important Notes** 15 | - You must specify the `group_id` in the `where` clause to query this table. 16 | 17 | ## Examples 18 | 19 | ### Basic info 20 | Explore which roles are assigned to different members of a specific Google Directory group. This is useful for managing access permissions and ensuring the right individuals have the appropriate roles. 21 | 22 | ```sql+postgres 23 | select 24 | group_id, 25 | id, 26 | email, 27 | role 28 | from 29 | googledirectory_group_member 30 | where 31 | group_id = '01ksv4uv1gexk1h'; 32 | ``` 33 | 34 | ```sql+sqlite 35 | select 36 | group_id, 37 | id, 38 | email, 39 | role 40 | from 41 | googledirectory_group_member 42 | where 43 | group_id = '01ksv4uv1gexk1h'; 44 | ``` 45 | 46 | ### List all owners of a group 47 | Discover the segments that have a specific ownership within a group. This can be useful for managing group permissions and understanding the distribution of roles within a group. 48 | 49 | ```sql+postgres 50 | select 51 | group_id, 52 | id, 53 | email, 54 | role 55 | from 56 | googledirectory_group_member 57 | where 58 | group_id = '01ksv4uv1gexk1h' 59 | and role = 'OWNER'; 60 | ``` 61 | 62 | ```sql+sqlite 63 | select 64 | group_id, 65 | id, 66 | email, 67 | role 68 | from 69 | googledirectory_group_member 70 | where 71 | group_id = '01ksv4uv1gexk1h' 72 | and role = 'OWNER'; 73 | ``` 74 | 75 | ### List role counts for a group 76 | Explore which roles within a specific group have the highest membership count. This can help in understanding the distribution of roles within the group, allowing for better management and organization. 77 | 78 | ```sql+postgres 79 | select 80 | role, 81 | count(*) 82 | from 83 | googledirectory_group_member 84 | where 85 | group_id = '01ksv4uv1gexk1h' 86 | group by role 87 | order by 88 | count desc; 89 | ``` 90 | 91 | ```sql+sqlite 92 | select 93 | role, 94 | count(*) 95 | from 96 | googledirectory_group_member 97 | where 98 | group_id = '01ksv4uv1gexk1h' 99 | group by role 100 | order by 101 | count(*) desc; 102 | ``` 103 | 104 | ### List all groups and their members 105 | Explore the relationships between various groups and their respective members to understand the structure and dynamics within your organization. This can be particularly useful for managing access permissions, coordinating team activities, or identifying communication patterns. 106 | 107 | ```sql+postgres 108 | select 109 | g.id as group_id, 110 | g.name as group_name, 111 | m.email as member_email 112 | from 113 | googledirectory_group as g, 114 | googledirectory_group_member as m 115 | where 116 | g.id = m.group_id 117 | order by 118 | g.name, 119 | m.email; 120 | ``` 121 | 122 | ```sql+sqlite 123 | select 124 | g.id as group_id, 125 | g.name as group_name, 126 | m.email as member_email 127 | from 128 | googledirectory_group as g 129 | join 130 | googledirectory_group_member as m on g.id = m.group_id 131 | order by 132 | g.name, 133 | m.email; 134 | ``` -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_role.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 7 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 8 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 9 | 10 | admin "google.golang.org/api/admin/directory/v1" 11 | ) 12 | 13 | //// TABLE DEFINITION 14 | 15 | func tableGoogleDirectoryRole(_ context.Context) *plugin.Table { 16 | return &plugin.Table{ 17 | Name: "googledirectory_role", 18 | Description: "Roles defined in the Google Workspace directory.", 19 | List: &plugin.ListConfig{ 20 | Hydrate: listDirectoryRoles, 21 | KeyColumns: []*plugin.KeyColumn{ 22 | { 23 | Name: "customer_id", 24 | Require: plugin.Optional, 25 | }, 26 | }, 27 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 28 | }, 29 | Get: &plugin.GetConfig{ 30 | KeyColumns: plugin.SingleColumn("role_id"), 31 | Hydrate: getDirectoryRole, 32 | }, 33 | Columns: []*plugin.Column{ 34 | { 35 | Name: "role_name", 36 | Description: "The name of the role.", 37 | Type: proto.ColumnType_STRING, 38 | }, 39 | { 40 | Name: "role_id", 41 | Description: "The unique ID for the role.", 42 | Type: proto.ColumnType_STRING, 43 | }, 44 | { 45 | Name: "is_super_admin_role", 46 | Description: "Indicates whether the role is a super admin role, or not.", 47 | Type: proto.ColumnType_BOOL, 48 | }, 49 | { 50 | Name: "is_system_role", 51 | Description: "Indicates whether the role is a pre-defined system role, or not.", 52 | Type: proto.ColumnType_BOOL, 53 | }, 54 | { 55 | Name: "role_description", 56 | Description: "A short description of the role.", 57 | Type: proto.ColumnType_STRING, 58 | }, 59 | { 60 | Name: "customer_id", 61 | Description: "The customer ID to retrieve all account roles.", 62 | Type: proto.ColumnType_STRING, 63 | Transform: transform.FromQual("customer_id"), 64 | }, 65 | { 66 | Name: "etag", 67 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 68 | Type: proto.ColumnType_STRING, 69 | }, 70 | { 71 | Name: "kind", 72 | Description: "The type of the API resource.", 73 | Type: proto.ColumnType_STRING, 74 | }, 75 | { 76 | Name: "role_privileges", 77 | Description: "The set of privileges that are granted to this role.", 78 | Type: proto.ColumnType_JSON, 79 | }, 80 | }, 81 | } 82 | } 83 | 84 | //// LIST FUNCTION 85 | 86 | func listDirectoryRoles(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 87 | // Create service 88 | service, err := AdminService(ctx, d) 89 | if err != nil { 90 | return nil, err 91 | } 92 | 93 | // Set default value to my_customer, to represent current account 94 | customerID := "my_customer" 95 | if d.EqualsQuals["customer_id"] != nil { 96 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 97 | } 98 | 99 | resp := service.Roles.List(customerID) 100 | if err := resp.Pages(ctx, func(page *admin.Roles) error { 101 | for _, role := range page.Items { 102 | d.StreamListItem(ctx, role) 103 | 104 | // Context can be cancelled due to manual cancellation or the limit has been hit 105 | if plugin.IsCancelled(ctx) { 106 | page.NextPageToken = "" 107 | break 108 | } 109 | } 110 | return nil 111 | }); err != nil { 112 | return nil, err 113 | } 114 | 115 | return nil, err 116 | } 117 | 118 | //// HYDRATE FUNCTIONS 119 | 120 | func getDirectoryRole(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 121 | plugin.Logger(ctx).Trace("getDirectoryRole") 122 | 123 | // Create service 124 | service, err := AdminService(ctx, d) 125 | if err != nil { 126 | return nil, err 127 | } 128 | 129 | roleID := d.EqualsQuals["role_id"].GetStringValue() 130 | 131 | // Return nil, if no input provided 132 | if roleID == "" { 133 | return nil, nil 134 | } 135 | 136 | resp, err := service.Roles.Get("my_customer", roleID).Do() 137 | if err != nil { 138 | return nil, err 139 | } 140 | 141 | return resp, nil 142 | } 143 | -------------------------------------------------------------------------------- /docs/tables/googledirectory_role.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_role - Query Google Directory Roles using SQL" 3 | description: "Allows users to query Google Directory Roles, specifically the details about roles within Google Workspace. This includes role ID, role name, role description, and associated privileges." 4 | --- 5 | 6 | # Table: googledirectory_role - Query Google Directory Roles using SQL 7 | 8 | Google Directory is a service within Google Cloud that allows you to manage your organization's users, groups, and devices. It provides a centralized way to set up and manage roles for various Google Workspace resources. Google Directory helps you stay informed about the roles and their associated privileges within your Google Workspace. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_role` table provides insights into roles within Google Workspace. As a Google Workspace administrator, explore role-specific details through this table, including role ID, role name, role description, and associated privileges. Utilize it to uncover information about roles, such as their privileges and the details associated with each role. 13 | 14 | ## Examples 15 | 16 | ### Basic info 17 | Analyze the settings to understand the roles within your Google Directory, specifically identifying which roles have super admin or system privileges. This can be useful for auditing access rights and maintaining security within your organization. 18 | 19 | ```sql+postgres 20 | select 21 | role_name, 22 | role_id, 23 | is_super_admin_role, 24 | is_system_role 25 | from 26 | googledirectory_role; 27 | ``` 28 | 29 | ```sql+sqlite 30 | select 31 | role_name, 32 | role_id, 33 | is_super_admin_role, 34 | is_system_role 35 | from 36 | googledirectory_role; 37 | ``` 38 | 39 | ### Get role by ID 40 | Explore which Google Directory roles possess certain identifiers, enabling you to pinpoint specific roles for administrative or system purposes. This is useful in managing user access and permissions in your Google Directory. 41 | 42 | ```sql+postgres 43 | select 44 | role_name, 45 | role_id, 46 | is_super_admin_role, 47 | is_system_role 48 | from 49 | googledirectory_role 50 | where 51 | role_id = '02ce457p6conzyd'; 52 | ``` 53 | 54 | ```sql+sqlite 55 | select 56 | role_name, 57 | role_id, 58 | is_super_admin_role, 59 | is_system_role 60 | from 61 | googledirectory_role 62 | where 63 | role_id = '02ce457p6conzyd'; 64 | ``` 65 | 66 | ### List super admin roles 67 | Explore which roles hold super admin privileges in your Google Directory, to manage permissions and secure your system effectively. This query helps you identify those roles, providing valuable information for system administration and security. 68 | 69 | ```sql+postgres 70 | select 71 | role_id, 72 | role_name, 73 | is_super_admin_role, 74 | is_system_role 75 | from 76 | googledirectory_role 77 | where 78 | is_super_admin_role; 79 | ``` 80 | 81 | ```sql+sqlite 82 | select 83 | role_id, 84 | role_name, 85 | is_super_admin_role, 86 | is_system_role 87 | from 88 | googledirectory_role 89 | where 90 | is_super_admin_role = 1; 91 | ``` 92 | 93 | ### List system roles 94 | Discover the segments that identify all system roles in the Google Directory, providing a way to assess which roles have super admin privileges. This can be beneficial for auditing purposes or to manage user permissions effectively. 95 | 96 | ```sql+postgres 97 | select 98 | role_id, 99 | role_name, 100 | is_super_admin_role, 101 | is_system_role 102 | from 103 | googledirectory_role 104 | where 105 | is_system_role; 106 | ``` 107 | 108 | ```sql+sqlite 109 | select 110 | role_id, 111 | role_name, 112 | is_super_admin_role, 113 | is_system_role 114 | from 115 | googledirectory_role 116 | where 117 | is_system_role = 1; 118 | ``` 119 | 120 | ### List privileges by role 121 | Explore which privileges are associated with each role in Google Directory. This can be useful in managing access control and ensuring that each role has the correct privileges for its intended function. 122 | 123 | ```sql+postgres 124 | select 125 | role_name, 126 | p ->> 'serviceId' as service_id, 127 | p ->> 'privilegeName' as privilege 128 | from 129 | googledirectory_role as r, 130 | jsonb_array_elements(r.role_privileges) as p 131 | order by 132 | role_name, 133 | service_id, 134 | privilege; 135 | ``` 136 | 137 | ```sql+sqlite 138 | select 139 | role_name, 140 | json_extract(p.value, '$.serviceId') as service_id, 141 | json_extract(p.value, '$.privilegeName') as privilege 142 | from 143 | googledirectory_role as r, 144 | json_each(r.role_privileges) as p 145 | order by 146 | role_name, 147 | service_id, 148 | privilege; 149 | ``` -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_org_unit.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 7 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 8 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 9 | ) 10 | 11 | //// TABLE DEFINITION 12 | 13 | func tableGoogleDirectoryOrgUnit(_ context.Context) *plugin.Table { 14 | return &plugin.Table{ 15 | Name: "googledirectory_org_unit", 16 | Description: "OrgUnits defined in the Google Workspace directory.", 17 | List: &plugin.ListConfig{ 18 | Hydrate: listDirectoryOrgUnits, 19 | KeyColumns: []*plugin.KeyColumn{ 20 | { 21 | Name: "customer_id", 22 | Require: plugin.Optional, 23 | }, 24 | }, 25 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 26 | }, 27 | Get: &plugin.GetConfig{ 28 | KeyColumns: plugin.AnyColumn([]string{"org_unit_id", "org_unit_path"}), 29 | Hydrate: getDirectoryOrgUnit, 30 | }, 31 | Columns: []*plugin.Column{ 32 | { 33 | Name: "name", 34 | Description: "The organizational unit's path name.", 35 | Type: proto.ColumnType_STRING, 36 | }, 37 | { 38 | Name: "org_unit_id", 39 | Description: "The unique ID of the organizational unit.", 40 | Type: proto.ColumnType_STRING, 41 | }, 42 | { 43 | Name: "org_unit_path", 44 | Description: "The full path to the organizational unit.", 45 | Type: proto.ColumnType_STRING, 46 | }, 47 | { 48 | Name: "block_inheritance", 49 | Description: "Determines if a sub-organizational unit can inherit the settings of the parent organization.", 50 | Type: proto.ColumnType_BOOL, 51 | }, 52 | { 53 | Name: "customer_id", 54 | Description: "The customer ID to retrieve all account roles.", 55 | Type: proto.ColumnType_STRING, 56 | Transform: transform.FromQual("customer_id"), 57 | }, 58 | { 59 | Name: "description", 60 | Description: "A short description of the organizational unit.", 61 | Type: proto.ColumnType_STRING, 62 | }, 63 | { 64 | Name: "etag", 65 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 66 | Type: proto.ColumnType_STRING, 67 | }, 68 | { 69 | Name: "kind", 70 | Description: "The type of the API resource.", 71 | Type: proto.ColumnType_STRING, 72 | }, 73 | { 74 | Name: "parent_org_unit_id", 75 | Description: "The unique ID of the parent organizational unit.", 76 | Type: proto.ColumnType_STRING, 77 | }, 78 | { 79 | Name: "parent_org_unit_path", 80 | Description: "The organizational unit's parent path.", 81 | Type: proto.ColumnType_STRING, 82 | }, 83 | }, 84 | } 85 | } 86 | 87 | //// LIST FUNCTION 88 | 89 | func listDirectoryOrgUnits(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 90 | // Create service 91 | service, err := AdminService(ctx, d) 92 | if err != nil { 93 | return nil, err 94 | } 95 | 96 | // Set default value to my_customer, to represent current account 97 | customerID := "my_customer" 98 | if d.EqualsQuals["customer_id"] != nil { 99 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 100 | } 101 | 102 | resp, err := service.Orgunits.List(customerID).Do() 103 | if err != nil { 104 | return nil, err 105 | } 106 | 107 | for _, orgUnit := range resp.OrganizationUnits { 108 | d.StreamListItem(ctx, orgUnit) 109 | 110 | // Context can be cancelled due to manual cancellation or the limit has been hit 111 | if plugin.IsCancelled(ctx) { 112 | break 113 | } 114 | } 115 | 116 | return nil, nil 117 | } 118 | 119 | //// HYDRATE FUNCTIONS 120 | 121 | func getDirectoryOrgUnit(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 122 | plugin.Logger(ctx).Trace("getDirectoryOrgUnit") 123 | 124 | // Create service 125 | service, err := AdminService(ctx, d) 126 | if err != nil { 127 | return nil, err 128 | } 129 | 130 | orgUnitID := d.EqualsQuals["org_unit_id"].GetStringValue() 131 | orgUnitPath := d.EqualsQuals["org_unit_path"].GetStringValue() 132 | 133 | // Return nil, if no input provided 134 | if orgUnitID == "" && orgUnitPath == "" { 135 | return nil, nil 136 | } 137 | 138 | var inputStr string 139 | if orgUnitID == "" { 140 | inputStr = orgUnitPath 141 | } else { 142 | inputStr = orgUnitID 143 | } 144 | 145 | resp, err := service.Orgunits.Get("my_customer", inputStr).Do() 146 | if err != nil { 147 | return nil, err 148 | } 149 | 150 | return resp, nil 151 | } 152 | -------------------------------------------------------------------------------- /googledirectory/service.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | "errors" 6 | 7 | "golang.org/x/oauth2" 8 | "golang.org/x/oauth2/google" 9 | "google.golang.org/api/option" 10 | 11 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 12 | admin "google.golang.org/api/admin/directory/v1" 13 | ) 14 | 15 | func AdminService(ctx context.Context, d *plugin.QueryData) (*admin.Service, error) { 16 | // have we already created and cached the service? 17 | serviceCacheKey := "googledirectory.admin" 18 | if cachedData, ok := d.ConnectionManager.Cache.Get(serviceCacheKey); ok { 19 | return cachedData.(*admin.Service), nil 20 | } 21 | 22 | // so it was not in cache - create service 23 | opts, err := getSessionConfig(ctx, d) 24 | if err != nil { 25 | return nil, err 26 | } 27 | 28 | // Create service 29 | svc, err := admin.NewService(ctx, opts...) 30 | if err != nil { 31 | return nil, err 32 | } 33 | 34 | // cache the service 35 | d.ConnectionManager.Cache.Set(serviceCacheKey, svc) 36 | 37 | return svc, nil 38 | } 39 | 40 | func getSessionConfig(ctx context.Context, d *plugin.QueryData) ([]option.ClientOption, error) { 41 | opts := []option.ClientOption{} 42 | 43 | // Get credential file path, and user to impersonate from config (if mentioned) 44 | var credentialContent, tokenPath string 45 | googledirectoryConfig := GetConfig(d.Connection) 46 | 47 | // 'credential_file' in connection config is DEPRECATED, and will be removed in future release 48 | // use `credentials` instead 49 | if googledirectoryConfig.Credentials != nil { 50 | credentialContent = *googledirectoryConfig.Credentials 51 | } else if googledirectoryConfig.CredentialFile != nil { 52 | credentialContent = *googledirectoryConfig.CredentialFile 53 | } 54 | 55 | if googledirectoryConfig.TokenPath != nil { 56 | tokenPath = *googledirectoryConfig.TokenPath 57 | } 58 | 59 | // If credential path provided, use domain-wide delegation 60 | if credentialContent != "" { 61 | ts, err := getTokenSource(ctx, d) 62 | if err != nil { 63 | return nil, err 64 | } 65 | opts = append(opts, option.WithTokenSource(ts)) 66 | return opts, nil 67 | } 68 | 69 | // If token path provided, authenticate using OAuth 2.0 70 | if tokenPath != "" { 71 | path, err := expandPath(tokenPath) 72 | if err != nil { 73 | return nil, err 74 | } 75 | opts = append(opts, option.WithCredentialsFile(path)) 76 | return opts, nil 77 | } 78 | 79 | return nil, nil 80 | } 81 | 82 | // Returns a JWT TokenSource using the configuration and the HTTP client from the provided context 83 | func getTokenSource(ctx context.Context, d *plugin.QueryData) (oauth2.TokenSource, error) { 84 | // NOTE: based on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#go 85 | 86 | // have we already created and cached the token? 87 | cacheKey := "googledirectory.token_source" 88 | if ts, ok := d.ConnectionManager.Cache.Get(cacheKey); ok { 89 | return ts.(oauth2.TokenSource), nil 90 | } 91 | 92 | // Get credential file path, and user to impersonate from config (if mentioned) 93 | var impersonateUser string 94 | googledirectoryConfig := GetConfig(d.Connection) 95 | 96 | // Read credential from JSON string, or from the given path 97 | // NOTE: 'credential_file' in connection config is DEPRECATED, and will be removed in future release 98 | // use `credentials` instead 99 | var creds string 100 | if googledirectoryConfig.Credentials != nil { 101 | creds = *googledirectoryConfig.Credentials 102 | } else if googledirectoryConfig.CredentialFile != nil { 103 | creds = *googledirectoryConfig.CredentialFile 104 | } 105 | 106 | // Read credential 107 | credentialContent, err := pathOrContents(creds) 108 | if err != nil { 109 | return nil, err 110 | } 111 | 112 | if googledirectoryConfig.ImpersonatedUserEmail != nil { 113 | impersonateUser = *googledirectoryConfig.ImpersonatedUserEmail 114 | } 115 | 116 | // Return error, since impersonation required to authenticate using domain-wide delegation 117 | if impersonateUser == "" { 118 | return nil, errors.New("impersonated_user_email must be configured") 119 | } 120 | 121 | // Authorize the request 122 | config, err := google.JWTConfigFromJSON( 123 | []byte(credentialContent), 124 | admin.AdminDirectoryDomainReadonlyScope, 125 | admin.AdminDirectoryGroupReadonlyScope, 126 | admin.AdminDirectoryOrgunitReadonlyScope, 127 | admin.AdminDirectoryRolemanagementReadonlyScope, 128 | admin.AdminDirectoryUserReadonlyScope, 129 | ) 130 | if err != nil { 131 | return nil, err 132 | } 133 | config.Subject = impersonateUser 134 | 135 | ts := config.TokenSource(ctx) 136 | 137 | // cache the token source 138 | d.ConnectionManager.Cache.Set(cacheKey, ts) 139 | 140 | return ts, nil 141 | } 142 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![image](https://hub.steampipe.io/images/plugins/turbot/googledirectory-social-graphic.png) 2 | 3 | # Google Directory Plugin for Steampipe 4 | 5 | Use SQL to query users, groups, org units and more from your Google Workspace directory. 6 | 7 | - **[Get started →](https://hub.steampipe.io/plugins/turbot/googledirectory)** 8 | - Documentation: [Table definitions & examples](https://hub.steampipe.io/plugins/turbot/googledirectory/tables) 9 | - Community: [Join #steampipe on Slack →](https://turbot.com/community/join) 10 | - Get involved: [Issues](https://github.com/turbot/steampipe-plugin-googledirectory/issues) 11 | 12 | ## Quick start 13 | 14 | Install the plugin with [Steampipe](https://steampipe.io): 15 | 16 | ```shell 17 | steampipe plugin install googledirectory 18 | ``` 19 | 20 | Configure your [credentials](https://hub.steampipe.io/plugins/turbot/googledirectory#credentials) and [config file](https://hub.steampipe.io/plugins/turbot/googledirectory#configuration). 21 | 22 | Run a query: 23 | 24 | ```sql 25 | select 26 | id, 27 | primary_email, 28 | full_name 29 | from 30 | googledirectory_user; 31 | ``` 32 | 33 | ## Engines 34 | 35 | This plugin is available for the following engines: 36 | 37 | | Engine | Description 38 | |---------------|------------------------------------------ 39 | | [Steampipe](https://steampipe.io/docs) | The Steampipe CLI exposes APIs and services as a high-performance relational database, giving you the ability to write SQL-based queries to explore dynamic data. Mods extend Steampipe's capabilities with dashboards, reports, and controls built with simple HCL. The Steampipe CLI is a turnkey solution that includes its own Postgres database, plugin management, and mod support. 40 | | [Postgres FDW](https://steampipe.io/docs/steampipe_postgres/overview) | Steampipe Postgres FDWs are native Postgres Foreign Data Wrappers that translate APIs to foreign tables. Unlike Steampipe CLI, which ships with its own Postgres server instance, the Steampipe Postgres FDWs can be installed in any supported Postgres database version. 41 | | [SQLite Extension](https://steampipe.io/docs/steampipe_sqlite/overview) | Steampipe SQLite Extensions provide SQLite virtual tables that translate your queries into API calls, transparently fetching information from your API or service as you request it. 42 | | [Export](https://steampipe.io/docs/steampipe_export/overview) | Steampipe Plugin Exporters provide a flexible mechanism for exporting information from cloud services and APIs. Each exporter is a stand-alone binary that allows you to extract data using Steampipe plugins without a database. 43 | | [Turbot Pipes](https://turbot.com/pipes/docs) | Turbot Pipes is the only intelligence, automation & security platform built specifically for DevOps. Pipes provide hosted Steampipe database instances, shared dashboards, snapshots, and more. 44 | 45 | ## Developing 46 | 47 | Prerequisites: 48 | 49 | - [Steampipe](https://steampipe.io/downloads) 50 | - [Golang](https://golang.org/doc/install) 51 | 52 | Clone: 53 | 54 | ```sh 55 | git clone https://github.com/turbot/steampipe-plugin-googledirectory.git 56 | cd steampipe-plugin-googledirectory 57 | ``` 58 | 59 | Build, which automatically installs the new version to your `~/.steampipe/plugins` directory: 60 | 61 | ``` 62 | make 63 | ``` 64 | 65 | Configure the plugin: 66 | 67 | ``` 68 | cp config/* ~/.steampipe/config 69 | vi ~/.steampipe/config/googledirectory.spc 70 | ``` 71 | 72 | Try it! 73 | 74 | ``` 75 | steampipe query 76 | > .inspect googledirectory 77 | ``` 78 | 79 | Further reading: 80 | 81 | - [Writing plugins](https://steampipe.io/docs/develop/writing-plugins) 82 | - [Writing your first table](https://steampipe.io/docs/develop/writing-your-first-table) 83 | 84 | ## Open Source & Contributing 85 | 86 | This repository is published under the [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) (source code) and [CC BY-NC-ND](https://creativecommons.org/licenses/by-nc-nd/2.0/) (docs) licenses. Please see our [code of conduct](https://github.com/turbot/.github/blob/main/CODE_OF_CONDUCT.md). We look forward to collaborating with you! 87 | 88 | [Steampipe](https://steampipe.io) is a product produced from this open source software, exclusively by [Turbot HQ, Inc](https://turbot.com). It is distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our [Open Source FAQ](https://turbot.com/open-source). 89 | 90 | ## Get Involved 91 | 92 | **[Join #steampipe on Slack →](https://turbot.com/community/join)** 93 | 94 | Want to help but don't know where to start? Pick up one of the `help wanted` issues: 95 | 96 | - [Steampipe](https://github.com/turbot/steampipe/labels/help%20wanted) 97 | - [Google Directory Plugin](https://github.com/turbot/steampipe-plugin-googledirectory/labels/help%20wanted) 98 | -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_domain_alias.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 7 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 8 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 9 | ) 10 | 11 | //// TABLE DEFINITION 12 | 13 | func tableGoogleDirectoryDomainAlias(_ context.Context) *plugin.Table { 14 | return &plugin.Table{ 15 | Name: "googledirectory_domain_alias", 16 | Description: "Domain alias defined in the Google Workspace directory.", 17 | List: &plugin.ListConfig{ 18 | Hydrate: listDirectoryDomainAliases, 19 | KeyColumns: []*plugin.KeyColumn{ 20 | { 21 | Name: "customer_id", 22 | Require: plugin.Optional, 23 | }, 24 | { 25 | Name: "parent_domain_name", 26 | Require: plugin.Optional, 27 | }, 28 | }, 29 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 30 | }, 31 | Get: &plugin.GetConfig{ 32 | KeyColumns: []*plugin.KeyColumn{ 33 | { 34 | Name: "domain_alias_name", 35 | Require: plugin.Required, 36 | }, 37 | { 38 | Name: "customer_id", 39 | Require: plugin.Optional, 40 | }, 41 | }, 42 | Hydrate: getDirectoryDomainAlias, 43 | }, 44 | Columns: []*plugin.Column{ 45 | { 46 | Name: "domain_alias_name", 47 | Description: "The domain alias name.", 48 | Type: proto.ColumnType_STRING, 49 | }, 50 | { 51 | Name: "parent_domain_name", 52 | Description: "The parent domain name that the domain alias is associated with.", 53 | Type: proto.ColumnType_STRING, 54 | }, 55 | { 56 | Name: "creation_time", 57 | Description: "The creation time of the domain alias.", 58 | Type: proto.ColumnType_TIMESTAMP, 59 | Transform: transform.FromField("CreationTime").Transform(transform.UnixMsToTimestamp), 60 | }, 61 | { 62 | Name: "verified", 63 | Description: "Indicates the verification state of a domain alias.", 64 | Type: proto.ColumnType_BOOL, 65 | }, 66 | { 67 | Name: "customer_id", 68 | Description: "The customer ID to retrieve all account roles.", 69 | Type: proto.ColumnType_STRING, 70 | Transform: transform.FromQual("customer_id"), 71 | }, 72 | { 73 | Name: "etag", 74 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 75 | Type: proto.ColumnType_STRING, 76 | }, 77 | { 78 | Name: "kind", 79 | Description: "The type of the API resource.", 80 | Type: proto.ColumnType_STRING, 81 | }, 82 | }, 83 | } 84 | } 85 | 86 | //// LIST FUNCTION 87 | 88 | func listDirectoryDomainAliases(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 89 | // Create service 90 | service, err := AdminService(ctx, d) 91 | if err != nil { 92 | return nil, err 93 | } 94 | 95 | // Set default value to my_customer, to represent current account 96 | customerID := "my_customer" 97 | if d.EqualsQuals["customer_id"] != nil { 98 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 99 | } 100 | var parentDomainName string 101 | if d.EqualsQuals["parent_domain_name"] != nil { 102 | parentDomainName = d.EqualsQuals["parent_domain_name"].GetStringValue() 103 | } 104 | 105 | resp, err := service.DomainAliases.List(customerID).ParentDomainName(parentDomainName).Do() 106 | if err != nil { 107 | return nil, err 108 | } 109 | for _, domainAlias := range resp.DomainAliases { 110 | d.StreamListItem(ctx, domainAlias) 111 | 112 | // Context can be cancelled due to manual cancellation or the limit has been hit 113 | if plugin.IsCancelled(ctx) { 114 | break 115 | } 116 | } 117 | 118 | return nil, nil 119 | } 120 | 121 | //// HYDRATE FUNCTIONS 122 | 123 | func getDirectoryDomainAlias(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 124 | plugin.Logger(ctx).Trace("getDirectoryDomainAlias") 125 | 126 | // Create service 127 | service, err := AdminService(ctx, d) 128 | if err != nil { 129 | return nil, err 130 | } 131 | 132 | // Set default value to my_customer, to represent current account 133 | customerID := "my_customer" 134 | if d.EqualsQuals["customer_id"] != nil { 135 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 136 | } 137 | domainAliasName := d.EqualsQuals["domain_alias_name"].GetStringValue() 138 | 139 | // Return nil, if no input provided 140 | if domainAliasName == "" { 141 | return nil, nil 142 | } 143 | 144 | resp, err := service.DomainAliases.Get(customerID, domainAliasName).Do() 145 | if err != nil { 146 | return nil, err 147 | } 148 | 149 | return resp, nil 150 | } 151 | -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_group_member.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 7 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 8 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 9 | 10 | admin "google.golang.org/api/admin/directory/v1" 11 | "google.golang.org/api/googleapi" 12 | ) 13 | 14 | //// TABLE DEFINITION 15 | 16 | func tableGoogleDirectoryGroupMember(_ context.Context) *plugin.Table { 17 | return &plugin.Table{ 18 | Name: "googledirectory_group_member", 19 | Description: "Group members defined in the Google Workspace directory.", 20 | List: &plugin.ListConfig{ 21 | Hydrate: listDirectoryGroupMembers, 22 | KeyColumns: []*plugin.KeyColumn{ 23 | { 24 | Name: "group_id", 25 | Require: plugin.Required, 26 | }, 27 | { 28 | Name: "role", 29 | Require: plugin.Optional, 30 | }, 31 | }, 32 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 33 | }, 34 | Get: &plugin.GetConfig{ 35 | KeyColumns: plugin.AllColumns([]string{"group_id", "id"}), 36 | Hydrate: getDirectoryGroupMember, 37 | }, 38 | Columns: []*plugin.Column{ 39 | { 40 | Name: "group_id", 41 | Description: "Specifies the ID of the group, the user belongs.", 42 | Type: proto.ColumnType_STRING, 43 | Transform: transform.FromQual("group_id"), 44 | }, 45 | { 46 | Name: "id", 47 | Description: "The unique ID of the group member.", 48 | Type: proto.ColumnType_STRING, 49 | }, 50 | { 51 | Name: "email", 52 | Description: "Specifies the member's email address.", 53 | Type: proto.ColumnType_STRING, 54 | }, 55 | { 56 | Name: "role", 57 | Description: "Specifies the role of the member in a group.", 58 | Type: proto.ColumnType_STRING, 59 | }, 60 | { 61 | Name: "status", 62 | Description: "Specifies the status of the member.", 63 | Type: proto.ColumnType_STRING, 64 | }, 65 | { 66 | Name: "delivery_settings", 67 | Description: "Defines mail delivery preferences of member.", 68 | Type: proto.ColumnType_STRING, 69 | Hydrate: getDirectoryGroupMember, 70 | }, 71 | { 72 | Name: "etag", 73 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 74 | Type: proto.ColumnType_STRING, 75 | }, 76 | { 77 | Name: "kind", 78 | Description: "The type of the API resource.", 79 | Type: proto.ColumnType_STRING, 80 | }, 81 | { 82 | Name: "type", 83 | Description: "The type of group member.", 84 | Type: proto.ColumnType_STRING, 85 | }, 86 | }, 87 | } 88 | } 89 | 90 | //// LIST FUNCTION 91 | 92 | func listDirectoryGroupMembers(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 93 | // Create service 94 | service, err := AdminService(ctx, d) 95 | if err != nil { 96 | return nil, err 97 | } 98 | groupID := d.EqualsQuals["group_id"].GetStringValue() 99 | 100 | var role string 101 | if d.EqualsQuals["role"] != nil { 102 | role = d.EqualsQuals["role"].GetStringValue() 103 | } 104 | 105 | // By default, API can return maximum 200 records in a single page 106 | maxResult := int64(200) 107 | 108 | limit := d.QueryContext.Limit 109 | if d.QueryContext.Limit != nil { 110 | if *limit < maxResult { 111 | maxResult = *limit 112 | } 113 | } 114 | 115 | resp := service.Members.List(groupID).Roles(role).MaxResults(maxResult) 116 | if err := resp.Pages(ctx, func(page *admin.Members) error { 117 | for _, member := range page.Members { 118 | d.StreamListItem(ctx, member) 119 | 120 | // Context can be cancelled due to manual cancellation or the limit has been hit 121 | if plugin.IsCancelled(ctx) { 122 | page.NextPageToken = "" 123 | break 124 | } 125 | } 126 | return nil 127 | }); err != nil { 128 | // Return nil, if given group is not present 129 | if err.(*googleapi.Error).Code == 404 { 130 | return nil, nil 131 | } 132 | return nil, err 133 | } 134 | 135 | return nil, err 136 | } 137 | 138 | //// HYDRATE FUNCTIONS 139 | 140 | func getDirectoryGroupMember(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { 141 | plugin.Logger(ctx).Trace("getDirectoryGroupMember") 142 | 143 | // Create service 144 | service, err := AdminService(ctx, d) 145 | if err != nil { 146 | return nil, err 147 | } 148 | 149 | var groupID, memberID string 150 | if h.Item != nil { 151 | data := h.Item.(*admin.Member) 152 | groupID = d.EqualsQuals["group_id"].GetStringValue() 153 | memberID = data.Id 154 | } else { 155 | groupID = d.EqualsQuals["group_id"].GetStringValue() 156 | memberID = d.EqualsQuals["id"].GetStringValue() 157 | } 158 | 159 | // Return nil, if no input provided 160 | if groupID == "" || memberID == "" { 161 | return nil, nil 162 | } 163 | 164 | resp, err := service.Members.Get(groupID, memberID).Do() 165 | if err != nil { 166 | return nil, err 167 | } 168 | 169 | return resp, nil 170 | } 171 | -------------------------------------------------------------------------------- /docs/tables/googledirectory_group.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_group - Query Google Directory Groups using SQL" 3 | description: "Allows users to query Google Directory Groups, specifically the group details and members, providing insights into the structure and membership of groups within the Google Workspace." 4 | --- 5 | 6 | # Table: googledirectory_group - Query Google Directory Groups using SQL 7 | 8 | Google Directory is a service within Google Workspace that allows you to manage, create, and view groups and their members. It provides a centralized way to set up and manage groups for various Google Workspace resources, including users, emails, and more. Google Directory helps you stay informed about the organization and membership of your Google Workspace resources. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_group` table provides insights into groups within Google Workspace. As a system administrator, explore group-specific details through this table, including group names, emails, and associated metadata. Utilize it to uncover information about groups, such as those with certain members, the hierarchy of groups, and the verification of group properties. 13 | 14 | ## Examples 15 | 16 | ### Basic info 17 | Explore the basic information of Google Directory groups to gain insights into group names, IDs, associated emails, and creation details. This can be useful for managing and auditing group settings and memberships. 18 | 19 | ```sql+postgres 20 | select 21 | name, 22 | id, 23 | email, 24 | admin_created 25 | from 26 | googledirectory_group; 27 | ``` 28 | 29 | ```sql+sqlite 30 | select 31 | name, 32 | id, 33 | email, 34 | admin_created 35 | from 36 | googledirectory_group; 37 | ``` 38 | 39 | ### Get group by ID 40 | Discover the details of a specific group in your Google Directory by using its unique ID. This can be useful for gaining insights into group information such as its name, email, and administrative creation data. 41 | 42 | ```sql+postgres 43 | select 44 | name, 45 | id, 46 | email, 47 | admin_created 48 | from 49 | googledirectory_group 50 | where 51 | id = '02ce457p6conzyd'; 52 | ``` 53 | 54 | ```sql+sqlite 55 | select 56 | name, 57 | id, 58 | email, 59 | admin_created 60 | from 61 | googledirectory_group 62 | where 63 | id = '02ce457p6conzyd'; 64 | ``` 65 | 66 | ### Get group by email 67 | Determine the areas in which a specific email address is associated with a group, allowing you to understand the context and scope of that group's administration. This can be particularly useful for managing and auditing access permissions in a large organization. 68 | 69 | ```sql+postgres 70 | select 71 | name, 72 | id, 73 | email, 74 | admin_created 75 | from 76 | googledirectory_group 77 | where 78 | email = 'scranton@dundermifflin.com'; 79 | ``` 80 | 81 | ```sql+sqlite 82 | select 83 | name, 84 | id, 85 | email, 86 | admin_created 87 | from 88 | googledirectory_group 89 | where 90 | email = 'scranton@dundermifflin.com'; 91 | ``` 92 | 93 | ### List top 5 groups by member count 94 | Explore the five most populated groups within your Google Directory. This could be useful for understanding which groups are most active or require the most resources. 95 | 96 | ```sql+postgres 97 | select 98 | name, 99 | direct_members_count 100 | from 101 | googledirectory_group 102 | order by 103 | direct_members_count desc 104 | limit 5; 105 | ``` 106 | 107 | ```sql+sqlite 108 | select 109 | name, 110 | direct_members_count 111 | from 112 | googledirectory_group 113 | order by 114 | direct_members_count desc 115 | limit 5; 116 | ``` 117 | 118 | ### List all groups and their members 119 | Explore which members belong to specific groups within your Google Directory. This allows you to assess the composition of each group, aiding in tasks like group management and access control. 120 | 121 | ```sql+postgres 122 | select 123 | g.id as group_id, 124 | g.name as group_name, 125 | m.email as member_email 126 | from 127 | googledirectory_group as g, 128 | googledirectory_group_member as m 129 | where 130 | g.id = m.group_id 131 | order by 132 | g.name, 133 | m.email; 134 | ``` 135 | 136 | ```sql+sqlite 137 | select 138 | g.id as group_id, 139 | g.name as group_name, 140 | m.email as member_email 141 | from 142 | googledirectory_group as g 143 | join 144 | googledirectory_group_member as m 145 | on 146 | g.id = m.group_id 147 | order by 148 | g.name, 149 | m.email; 150 | ``` 151 | 152 | ### List groups using the [query filter](https://developers.google.com/admin-sdk/directory/v1/guides/search-groups) 153 | Explore which groups have been created by admins within the Google Directory, specifically focusing on those associated with an email containing 'steampipe'. This can be beneficial in understanding the extent of 'steampipe' usage across different groups. 154 | 155 | ```sql+postgres 156 | select 157 | name, 158 | id, 159 | email, 160 | admin_created 161 | from 162 | googledirectory_group 163 | where 164 | query = 'email:steampipe*'; 165 | ``` 166 | 167 | ```sql+sqlite 168 | select 169 | name, 170 | id, 171 | email, 172 | admin_created 173 | from 174 | googledirectory_group 175 | where 176 | query = 'email:steampipe*'; 177 | ``` -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_role_assignment.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 7 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 8 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 9 | 10 | admin "google.golang.org/api/admin/directory/v1" 11 | ) 12 | 13 | //// TABLE DEFINITION 14 | 15 | func tableGoogleDirectoryRoleAssignment(_ context.Context) *plugin.Table { 16 | return &plugin.Table{ 17 | Name: "googledirectory_role_assignment", 18 | Description: "Role assignments defined in the Google Workspace directory.", 19 | List: &plugin.ListConfig{ 20 | Hydrate: listDirectoryRoleAssignments, 21 | KeyColumns: []*plugin.KeyColumn{ 22 | { 23 | Name: "customer_id", 24 | Require: plugin.Optional, 25 | }, 26 | { 27 | Name: "role_id", 28 | Require: plugin.Optional, 29 | }, 30 | { 31 | Name: "user_key", 32 | Require: plugin.Optional, 33 | }, 34 | }, 35 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 36 | }, 37 | Get: &plugin.GetConfig{ 38 | KeyColumns: []*plugin.KeyColumn{ 39 | { 40 | Name: "role_assignment_id", 41 | Require: plugin.Required, 42 | }, 43 | { 44 | Name: "customer_id", 45 | Require: plugin.Optional, 46 | }, 47 | }, 48 | Hydrate: getDirectoryRoleAssignment, 49 | }, 50 | Columns: []*plugin.Column{ 51 | { 52 | Name: "role_assignment_id", 53 | Description: "The unique ID for the role assignment.", 54 | Type: proto.ColumnType_STRING, 55 | }, 56 | { 57 | Name: "role_id", 58 | Description: "The unique ID for the role.", 59 | Type: proto.ColumnType_STRING, 60 | }, 61 | { 62 | Name: "assigned_to", 63 | Description: "The unique ID of the user this role is assigned to.", 64 | Type: proto.ColumnType_STRING, 65 | }, 66 | { 67 | Name: "scope_type", 68 | Description: "The scope in which this role is assigned.", 69 | Type: proto.ColumnType_STRING, 70 | }, 71 | { 72 | Name: "customer_id", 73 | Description: "The customer ID to retrieve all account roles.", 74 | Type: proto.ColumnType_STRING, 75 | Transform: transform.FromQual("customer_id"), 76 | }, 77 | { 78 | Name: "user_key", 79 | Description: "The user's primary email address, alias email address, or unique user ID.", 80 | Type: proto.ColumnType_STRING, 81 | Transform: transform.FromQual("user_key"), 82 | }, 83 | { 84 | Name: "etag", 85 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 86 | Type: proto.ColumnType_STRING, 87 | }, 88 | { 89 | Name: "kind", 90 | Description: "The type of the API resource.", 91 | Type: proto.ColumnType_STRING, 92 | }, 93 | { 94 | Name: "org_unit_id", 95 | Description: "If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.", 96 | Type: proto.ColumnType_STRING, 97 | }, 98 | }, 99 | } 100 | } 101 | 102 | //// LIST FUNCTION 103 | 104 | func listDirectoryRoleAssignments(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 105 | // Create service 106 | service, err := AdminService(ctx, d) 107 | if err != nil { 108 | return nil, err 109 | } 110 | 111 | // Set default value to my_customer, to represent current account 112 | customerID := "my_customer" 113 | if d.EqualsQuals["customer_id"] != nil { 114 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 115 | } 116 | 117 | var roleId string 118 | if d.EqualsQuals["role_id"] != nil { 119 | roleId = d.EqualsQuals["role_id"].GetStringValue() 120 | } 121 | 122 | resp := service.RoleAssignments.List(customerID).RoleId(roleId) 123 | if d.EqualsQuals["user_key"] != nil { 124 | resp.UserKey(d.EqualsQuals["user_key"].GetStringValue()) 125 | } 126 | if err := resp.Pages(ctx, func(page *admin.RoleAssignments) error { 127 | for _, assignment := range page.Items { 128 | d.StreamListItem(ctx, assignment) 129 | 130 | // Context can be cancelled due to manual cancellation or the limit has been hit 131 | if plugin.IsCancelled(ctx) { 132 | page.NextPageToken = "" 133 | break 134 | } 135 | } 136 | return nil 137 | }); err != nil { 138 | return nil, err 139 | } 140 | 141 | return nil, nil 142 | } 143 | 144 | //// HYDRATE FUNCTIONS 145 | 146 | func getDirectoryRoleAssignment(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 147 | plugin.Logger(ctx).Trace("getDirectoryRoleAssignment") 148 | 149 | // Create service 150 | service, err := AdminService(ctx, d) 151 | if err != nil { 152 | return nil, err 153 | } 154 | 155 | // Set default value to my_customer, to represent current account 156 | customerID := "my_customer" 157 | if d.EqualsQuals["customer_id"] != nil { 158 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 159 | } 160 | roleAssignmentId := d.EqualsQuals["role_assignment_id"].GetStringValue() 161 | 162 | // Return nil, if no input provided 163 | if roleAssignmentId == "" { 164 | return nil, nil 165 | } 166 | 167 | resp, err := service.RoleAssignments.Get(customerID, roleAssignmentId).Do() 168 | if err != nil { 169 | return nil, err 170 | } 171 | 172 | return resp, nil 173 | } 174 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/turbot/steampipe-plugin-googledirectory 2 | 3 | go 1.24 4 | 5 | toolchain go1.24.1 6 | 7 | require ( 8 | github.com/mitchellh/go-homedir v1.1.0 9 | github.com/turbot/go-kit v1.1.0 10 | github.com/turbot/steampipe-plugin-sdk/v5 v5.13.1 11 | golang.org/x/oauth2 v0.27.0 12 | google.golang.org/api v0.171.0 13 | ) 14 | 15 | require ( 16 | cloud.google.com/go v0.112.1 // indirect 17 | cloud.google.com/go/compute/metadata v0.3.0 // indirect 18 | cloud.google.com/go/iam v1.1.6 // indirect 19 | cloud.google.com/go/storage v1.38.0 // indirect 20 | github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect 21 | github.com/agext/levenshtein v1.2.3 // indirect 22 | github.com/allegro/bigcache/v3 v3.1.0 // indirect 23 | github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect 24 | github.com/aws/aws-sdk-go v1.44.183 // indirect 25 | github.com/beorn7/perks v1.0.1 // indirect 26 | github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect 27 | github.com/btubbs/datetime v0.1.1 // indirect 28 | github.com/cenkalti/backoff/v4 v4.3.0 // indirect 29 | github.com/cespare/xxhash/v2 v2.3.0 // indirect 30 | github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 // indirect 31 | github.com/dgraph-io/ristretto v0.2.0 // indirect 32 | github.com/dustin/go-humanize v1.0.1 // indirect 33 | github.com/eko/gocache/lib/v4 v4.1.6 // indirect 34 | github.com/eko/gocache/store/bigcache/v4 v4.2.1 // indirect 35 | github.com/eko/gocache/store/ristretto/v4 v4.2.1 // indirect 36 | github.com/fatih/color v1.17.0 // indirect 37 | github.com/felixge/httpsnoop v1.0.4 // indirect 38 | github.com/fsnotify/fsnotify v1.7.0 // indirect 39 | github.com/gertd/go-pluralize v0.2.1 // indirect 40 | github.com/ghodss/yaml v1.0.0 // indirect 41 | github.com/go-logr/logr v1.4.1 // indirect 42 | github.com/go-logr/stdr v1.2.2 // indirect 43 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect 44 | github.com/golang/mock v1.6.0 // indirect 45 | github.com/golang/protobuf v1.5.4 // indirect 46 | github.com/google/go-cmp v0.6.0 // indirect 47 | github.com/google/s2a-go v0.1.7 // indirect 48 | github.com/google/uuid v1.6.0 // indirect 49 | github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect 50 | github.com/googleapis/gax-go/v2 v2.12.3 // indirect 51 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect 52 | github.com/hashicorp/go-cleanhttp v0.5.2 // indirect 53 | github.com/hashicorp/go-getter v1.7.9 // indirect 54 | github.com/hashicorp/go-hclog v1.6.3 // indirect 55 | github.com/hashicorp/go-plugin v1.6.1 // indirect 56 | github.com/hashicorp/go-safetemp v1.0.0 // indirect 57 | github.com/hashicorp/go-version v1.7.0 // indirect 58 | github.com/hashicorp/hcl/v2 v2.20.1 // indirect 59 | github.com/hashicorp/yamux v0.1.1 // indirect 60 | github.com/iancoleman/strcase v0.3.0 // indirect 61 | github.com/jmespath/go-jmespath v0.4.0 // indirect 62 | github.com/klauspost/compress v1.17.2 // indirect 63 | github.com/mattn/go-colorable v0.1.13 // indirect 64 | github.com/mattn/go-isatty v0.0.20 // indirect 65 | github.com/mattn/go-runewidth v0.0.15 // indirect 66 | github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect 67 | github.com/mitchellh/go-testing-interface v1.14.1 // indirect 68 | github.com/mitchellh/go-wordwrap v1.0.0 // indirect 69 | github.com/mitchellh/mapstructure v1.5.0 // indirect 70 | github.com/oklog/run v1.0.0 // indirect 71 | github.com/olekukonko/tablewriter v0.0.5 // indirect 72 | github.com/pkg/errors v0.9.1 // indirect 73 | github.com/prometheus/client_golang v1.14.0 // indirect 74 | github.com/prometheus/client_model v0.3.0 // indirect 75 | github.com/prometheus/common v0.37.0 // indirect 76 | github.com/prometheus/procfs v0.8.0 // indirect 77 | github.com/rivo/uniseg v0.2.0 // indirect 78 | github.com/sethvargo/go-retry v0.2.4 // indirect 79 | github.com/stevenle/topsort v0.2.0 // indirect 80 | github.com/tkrajina/go-reflector v0.5.6 // indirect 81 | github.com/ulikunitz/xz v0.5.15 // indirect 82 | github.com/zclconf/go-cty v1.14.4 // indirect 83 | go.opencensus.io v0.24.0 // indirect 84 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect 85 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect 86 | go.opentelemetry.io/otel v1.26.0 // indirect 87 | go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.26.0 // indirect 88 | go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 // indirect 89 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.24.0 // indirect 90 | go.opentelemetry.io/otel/metric v1.26.0 // indirect 91 | go.opentelemetry.io/otel/sdk v1.26.0 // indirect 92 | go.opentelemetry.io/otel/sdk/metric v1.26.0 // indirect 93 | go.opentelemetry.io/otel/trace v1.26.0 // indirect 94 | go.opentelemetry.io/proto/otlp v1.2.0 // indirect 95 | golang.org/x/crypto v0.36.0 // indirect 96 | golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect 97 | golang.org/x/mod v0.19.0 // indirect 98 | golang.org/x/net v0.38.0 // indirect 99 | golang.org/x/sync v0.12.0 // indirect 100 | golang.org/x/sys v0.31.0 // indirect 101 | golang.org/x/text v0.23.0 // indirect 102 | golang.org/x/time v0.5.0 // indirect 103 | golang.org/x/tools v0.23.0 // indirect 104 | google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect 105 | google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect 106 | google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect 107 | google.golang.org/grpc v1.66.0 // indirect 108 | google.golang.org/protobuf v1.34.2 // indirect 109 | gopkg.in/yaml.v2 v2.4.0 // indirect 110 | ) 111 | -------------------------------------------------------------------------------- /docs/tables/googledirectory_user.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Steampipe Table: googledirectory_user - Query Google Directory Users using SQL" 3 | description: "Allows users to query Google Directory Users, specifically retrieving detailed information about user accounts within the Google Workspace domain." 4 | --- 5 | 6 | # Table: googledirectory_user - Query Google Directory Users using SQL 7 | 8 | Google Directory is a service within Google Workspace that provides a centralized way to manage and access user account information. It allows administrators to manage users, groups, and devices, as well as to configure security settings for the domain. Google Directory helps to maintain the integrity of the domain's data by providing a structured way to manage user account information. 9 | 10 | ## Table Usage Guide 11 | 12 | The `googledirectory_user` table provides insights into user accounts within Google Workspace. As an IT administrator, explore user-specific details through this table, including email addresses, names, and administrative status. Utilize it to uncover information about users, such as their last login time, whether their account is suspended, and the organizational units to which they belong. 13 | 14 | ## Examples 15 | 16 | ### Basic info 17 | Explore which users have administrative privileges in your Google Directory and when they were created. This can be useful for auditing purposes and ensuring that only authorized individuals have admin access. 18 | 19 | ```sql+postgres 20 | select 21 | full_name, 22 | id, 23 | primary_email, 24 | creation_time, 25 | is_delegated_admin, 26 | customer_id 27 | from 28 | googledirectory_user; 29 | ``` 30 | 31 | ```sql+sqlite 32 | select 33 | full_name, 34 | id, 35 | primary_email, 36 | creation_time, 37 | is_delegated_admin, 38 | customer_id 39 | from 40 | googledirectory_user; 41 | ``` 42 | 43 | ### Get user by ID 44 | Discover the details of a specific user in the Google Directory, such as their full name, primary email, and creation time. This can be useful for administrators who need to verify user information or investigate account activity. 45 | 46 | ```sql+postgres 47 | select 48 | full_name, 49 | id, 50 | primary_email, 51 | creation_time, 52 | is_delegated_admin, 53 | customer_id 54 | from 55 | googledirectory_user 56 | where 57 | id = '119982672925259996273'; 58 | ``` 59 | 60 | ```sql+sqlite 61 | select 62 | full_name, 63 | id, 64 | primary_email, 65 | creation_time, 66 | is_delegated_admin, 67 | customer_id 68 | from 69 | googledirectory_user 70 | where 71 | id = '119982672925259996273'; 72 | ``` 73 | 74 | ### Get user by primary email 75 | Discover the details of a specific user by using their primary email. This can be particularly useful for gaining insights into user's profile details, creation time, and customer ID in a business context. 76 | 77 | ```sql+postgres 78 | select 79 | full_name, 80 | id, 81 | primary_email, 82 | creation_time, 83 | is_delegated_admin, 84 | customer_id 85 | from 86 | googledirectory_user 87 | where 88 | primary_email = 'mscott@dundermifflin.com'; 89 | ``` 90 | 91 | ```sql+sqlite 92 | select 93 | full_name, 94 | id, 95 | primary_email, 96 | creation_time, 97 | is_delegated_admin, 98 | customer_id 99 | from 100 | googledirectory_user 101 | where 102 | primary_email = 'mscott@dundermifflin.com'; 103 | ``` 104 | 105 | ### List administrators 106 | Discover the users who hold administrative or delegated administrative roles in your Google Directory. This can be useful for auditing access control and ensuring only authorized individuals have elevated permissions. 107 | 108 | ```sql+postgres 109 | select 110 | id, 111 | full_name, 112 | primary_email, 113 | is_admin, 114 | is_delegated_admin 115 | from 116 | googledirectory_user 117 | where 118 | is_admin 119 | or is_delegated_admin; 120 | ``` 121 | 122 | ```sql+sqlite 123 | select 124 | id, 125 | full_name, 126 | primary_email, 127 | is_admin, 128 | is_delegated_admin 129 | from 130 | googledirectory_user 131 | where 132 | is_admin 133 | or is_delegated_admin; 134 | ``` 135 | 136 | ### List users without two-step verification 137 | Discover the segments that have users who haven't enabled two-step verification. This can be beneficial for enhancing the security measures within your organization. 138 | 139 | ```sql+postgres 140 | select 141 | id, 142 | full_name, 143 | primary_email, 144 | is_enrolled_in_2sv, 145 | is_enforced_in_2sv 146 | from 147 | googledirectory_user 148 | where 149 | not is_enrolled_in_2sv 150 | or not is_enforced_in_2sv; 151 | ``` 152 | 153 | ```sql+sqlite 154 | select 155 | id, 156 | full_name, 157 | primary_email, 158 | is_enrolled_in_2sv, 159 | is_enforced_in_2sv 160 | from 161 | googledirectory_user 162 | where 163 | not is_enrolled_in_2sv 164 | or not is_enforced_in_2sv; 165 | ``` 166 | 167 | ### List users who have not logged in for more than 30 days 168 | The query is used to identify users who have been inactive for over a month. This can be useful for IT administrators to manage user accounts and security, by potentially flagging these accounts for follow-up or deactivation. 169 | 170 | ```sql+postgres 171 | select 172 | id, 173 | full_name, 174 | primary_email, 175 | last_login_time 176 | from 177 | googledirectory_user 178 | where 179 | last_login_time < current_timestamp - interval '30 days'; 180 | ``` 181 | 182 | ```sql+sqlite 183 | select 184 | id, 185 | full_name, 186 | primary_email, 187 | last_login_time 188 | from 189 | googledirectory_user 190 | where 191 | last_login_time < datetime('now', '-30 days'); 192 | ``` 193 | 194 | ### List users using the [query filter](https://developers.google.com/admin-sdk/directory/v1/guides/search-users) 195 | Discover the segments that include users with a specific attribute in their name. This is useful in scenarios where you need to identify and group users based on shared characteristics for targeted communication or management. 196 | 197 | ```sql+postgres 198 | select 199 | id, 200 | full_name, 201 | primary_email, 202 | last_login_time 203 | from 204 | googledirectory_user 205 | where 206 | query = 'givenName:steampipe*'; 207 | ``` 208 | 209 | ```sql+sqlite 210 | select 211 | id, 212 | full_name, 213 | primary_email, 214 | last_login_time 215 | from 216 | googledirectory_user 217 | where 218 | query = 'givenName:steampipe*'; 219 | ``` -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_group.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | "strings" 7 | 8 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 9 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 10 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 11 | 12 | admin "google.golang.org/api/admin/directory/v1" 13 | ) 14 | 15 | //// TABLE DEFINITION 16 | 17 | func tableGoogleDirectoryGroup(_ context.Context) *plugin.Table { 18 | return &plugin.Table{ 19 | Name: "googledirectory_group", 20 | Description: "Groups defined in the Google Workspace directory.", 21 | List: &plugin.ListConfig{ 22 | Hydrate: listDirectoryGroups, 23 | KeyColumns: []*plugin.KeyColumn{ 24 | { 25 | Name: "customer_id", 26 | Require: plugin.Optional, 27 | }, 28 | { 29 | Name: "name", 30 | Require: plugin.Optional, 31 | }, 32 | { 33 | Name: "query", 34 | Require: plugin.Optional, 35 | }, 36 | }, 37 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 38 | }, 39 | Get: &plugin.GetConfig{ 40 | KeyColumns: plugin.AnyColumn([]string{"id", "email"}), 41 | Hydrate: getDirectoryGroup, 42 | }, 43 | Columns: []*plugin.Column{ 44 | { 45 | Name: "name", 46 | Description: "The group's display name.", 47 | Type: proto.ColumnType_STRING, 48 | }, 49 | { 50 | Name: "id", 51 | Description: "The unique ID of a group.", 52 | Type: proto.ColumnType_STRING, 53 | }, 54 | { 55 | Name: "email", 56 | Description: "Specifies the group's email address.", 57 | Type: proto.ColumnType_STRING, 58 | }, 59 | { 60 | Name: "admin_created", 61 | Description: "Indicates whether the group is created by an administrator, or by an user.", 62 | Type: proto.ColumnType_BOOL, 63 | }, 64 | { 65 | Name: "customer_id", 66 | Description: "The customer ID to retrieve all account groups.", 67 | Type: proto.ColumnType_STRING, 68 | Transform: transform.FromQual("customer_id"), 69 | }, 70 | { 71 | Name: "description", 72 | Description: "An extended description to help users determine the purpose of a group.", 73 | Type: proto.ColumnType_STRING, 74 | }, 75 | { 76 | Name: "direct_members_count", 77 | Description: "The number of users that are direct members of the group.", 78 | Type: proto.ColumnType_INT, 79 | }, 80 | { 81 | Name: "etag", 82 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 83 | Type: proto.ColumnType_STRING, 84 | }, 85 | { 86 | Name: "kind", 87 | Description: "The type of the API resource.", 88 | Type: proto.ColumnType_STRING, 89 | }, 90 | { 91 | Name: "query", 92 | Description: "Filter string to [filter](https://developers.google.com/admin-sdk/directory/v1/guides/search-groups) groups.", 93 | Type: proto.ColumnType_STRING, 94 | Transform: transform.FromQual("query"), 95 | }, 96 | { 97 | Name: "aliases", 98 | Description: "A list of the group's alias email addresses.", 99 | Type: proto.ColumnType_JSON, 100 | }, 101 | { 102 | Name: "non_editable_aliases", 103 | Description: "A list of the group's non-editable alias email addresses that are outside of the account's primary domain or subdomains.", 104 | Type: proto.ColumnType_JSON, 105 | }, 106 | }, 107 | } 108 | } 109 | 110 | //// LIST FUNCTION 111 | 112 | func listDirectoryGroups(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 113 | // Create service 114 | service, err := AdminService(ctx, d) 115 | if err != nil { 116 | return nil, err 117 | } 118 | 119 | var queryFilter, query string 120 | var filter []string 121 | 122 | if d.EqualsQuals["name"] != nil { 123 | filter = append(filter, fmt.Sprintf("name='%s'", d.EqualsQuals["name"].GetStringValue())) 124 | } 125 | 126 | if d.EqualsQuals["query"] != nil { 127 | queryFilter = d.EqualsQuals["query"].GetStringValue() 128 | } 129 | 130 | if queryFilter != "" { 131 | query = queryFilter 132 | } else if len(filter) > 0 { 133 | query = strings.Join(filter, " ") 134 | } 135 | 136 | // Since, query parameter can't be empty, set default param name:**, to return all groups 137 | if query == "" { 138 | query = "name:**" 139 | } 140 | 141 | // Set default value to my_customer, to represent current account 142 | customerID := "my_customer" 143 | if d.EqualsQuals["customer_id"] != nil { 144 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 145 | } 146 | 147 | // By default, API can return maximum 200 records in a single page 148 | maxResult := int64(200) 149 | 150 | limit := d.QueryContext.Limit 151 | if d.QueryContext.Limit != nil { 152 | if *limit < maxResult { 153 | maxResult = *limit 154 | } 155 | } 156 | 157 | resp := service.Groups.List().Customer(customerID).Query(query).MaxResults(maxResult) 158 | if err := resp.Pages(ctx, func(page *admin.Groups) error { 159 | for _, group := range page.Groups { 160 | d.StreamListItem(ctx, group) 161 | 162 | // Context can be cancelled due to manual cancellation or the limit has been hit 163 | if plugin.IsCancelled(ctx) { 164 | page.NextPageToken = "" 165 | break 166 | } 167 | } 168 | return nil 169 | }); err != nil { 170 | return nil, err 171 | } 172 | 173 | return nil, err 174 | } 175 | 176 | //// HYDRATE FUNCTIONS 177 | 178 | func getDirectoryGroup(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 179 | plugin.Logger(ctx).Trace("getDirectoryGroup") 180 | 181 | // Create service 182 | service, err := AdminService(ctx, d) 183 | if err != nil { 184 | return nil, err 185 | } 186 | 187 | id := d.EqualsQuals["id"].GetStringValue() 188 | email := d.EqualsQuals["email"].GetStringValue() 189 | 190 | // Return nil, if no input provided 191 | if id == "" && email == "" { 192 | return nil, nil 193 | } 194 | 195 | var inputStr string 196 | if id == "" { 197 | inputStr = email 198 | } else { 199 | inputStr = id 200 | } 201 | 202 | resp, err := service.Groups.Get(inputStr).Do() 203 | if err != nil { 204 | return nil, err 205 | } 206 | 207 | return resp, nil 208 | } 209 | -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | organization: Turbot 3 | category: ["saas"] 4 | icon_url: "/images/plugins/turbot/googledirectory.svg" 5 | brand_color: "#1967D2" 6 | display_name: "Google Directory" 7 | short_name: "googledirectory" 8 | description: "Steampipe plugin for querying users, groups, org units and more from your Google Workspace directory." 9 | og_description: "Query Google Workspace directory with SQL! Open source CLI. No DB required." 10 | og_image: "/images/plugins/turbot/googledirectory-social-graphic.png" 11 | engines: ["steampipe", "sqlite", "postgres", "export"] 12 | --- 13 | 14 | # Google Directory + Steampipe 15 | 16 | A [Google Directory](https://developers.google.com/admin-sdk/directory) contains the users, groups, domains and other organizational features of a Google Workspace. [Google Workspace](https://workspace.google.com) is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. 17 | 18 | [Steampipe](https://steampipe.io) is an open-source zero-ETL engine to instantly query cloud APIs using SQL. 19 | 20 | For example: 21 | 22 | ```sql 23 | select 24 | full_name, 25 | primary_email 26 | from 27 | googledirectory_user; 28 | ``` 29 | 30 | ``` 31 | +----------------+----------------------------+ 32 | | full_name | primary_email | 33 | +----------------+----------------------------+ 34 | | Dwight Schrute | dschrute@dundermifflin.com | 35 | | Michael Scott | mscott@dundermifflin.com | 36 | | Pam Beesly | pbeesly@dundermifflin.com | 37 | +----------------+----------------------------+ 38 | ``` 39 | 40 | ## Documentation 41 | 42 | - **[Table definitions & examples →](/plugins/turbot/googledirectory/tables)** 43 | 44 | ## Get started 45 | 46 | ### Install 47 | 48 | Download and install the latest Google Directory plugin: 49 | 50 | ```bash 51 | steampipe plugin install googledirectory 52 | ``` 53 | 54 | ### Credentials 55 | 56 | | Item | Description | 57 | | :---------- | :-----------| 58 | | Credentials | 1. To use **domain-wide delegation**, generate your [service account and credentials](https://developers.google.com/admin-sdk/directory/v1/guides/delegation#create_the_service_account_and_credentials) and [delegate domain-wide authority to your service account](https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account). Enter the following OAuth 2.0 scopes for the services that the service account can access:
`https://www.googleapis.com/auth/admin.directory.domain.readonly`
`https://www.googleapis.com/auth/admin.directory.group.readonly`
`https://www.googleapis.com/auth/admin.directory.orgunit.readonly`
`https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly`
`https://www.googleapis.com/auth/admin.directory.user.readonly`
2. To use **OAuth client**, configure your [credentials](#authenticate-using-oauth-client). | 59 | | Radius | Each connection represents a single Google Workspace account. | 60 | | Resolution | 1. Credentials from the JSON file specified by the `credentials` parameter in your Steampipe config.
2. Credentials from the JSON file specified by the `token_path` parameter in your Steampipe config.
3. Credentials from the default json file location (`~/.config/gcloud/application_default_credentials.json`). | 61 | 62 | ### Configuration 63 | 64 | Installing the latest googledirectory plugin will create a config file (`~/.steampipe/config/googledirectory.spc`) with a single connection named `googledirectory`: 65 | 66 | ```hcl 67 | connection "googledirectory" { 68 | plugin = "googledirectory" 69 | 70 | # You may connect to Google Workspace using more than one option: 71 | # 1. To authenticate using domain-wide delegation, specify a service account credential file and the user email for impersonation 72 | # `credentials` - Either the path to a JSON credential file that contains Google application credentials, 73 | # or the contents of a service account key file in JSON format. If `credentials` is not specified in a connection, 74 | # credentials will be loaded from: 75 | # - The path specified in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable, if set; otherwise 76 | # - The standard location (`~/.config/gcloud/application_default_credentials.json`) 77 | # - The path specified for the credentials.json file ("/path/to/my/creds.json") 78 | # credentials = "~/.config/gcloud/application_default_credentials.json" 79 | 80 | # `impersonated_user_email` - The email (string) of the user which should be impersonated. Needs permissions to access the Admin APIs. 81 | # `impersonated_user_email` must be set, since the service account needs to impersonate a user with Admin API permissions to access the directory. 82 | # impersonated_user_email = "username@domain.com" 83 | 84 | # 2. To authenticate using OAuth 2.0, specify a client secret file 85 | # `token_path` - The path to a JSON credential file that contains Google application credentials. 86 | # If `token_path` is not specified in a connection, credentials will be loaded from: 87 | # - The path specified in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable, if set; otherwise 88 | # - The standard location (`~/.config/gcloud/application_default_credentials.json`) 89 | # token_path = "~/.config/gcloud/application_default_credentials.json" 90 | } 91 | ``` 92 | 93 | ## Advanced configuration options 94 | 95 | ### Authenticate using OAuth client 96 | 97 | You can use client secret credentials to protect the user's data by only granting tokens to authorized requestors. Use following steps to configure credentials: 98 | 99 | - [Configure the OAuth consent screen](https://developers.google.com/workspace/guides/configure-oauth-consent). 100 | - [Create an OAuth client ID credential](https://developers.google.com/workspace/guides/create-credentials#desktop-app) with the application type `Desktop app`, and download the client secret JSON file. 101 | - Wherever you have the [Google Cloud SDK](https://cloud.google.com/sdk/docs/install) installed, run the following command with the correct client secret JSON file parameters: 102 | 103 | ```sh 104 | gcloud auth application-default login \ 105 | --client-id-file=client_secret.json \ 106 | --scopes="\ 107 | https://www.googleapis.com/auth/admin.directory.domain.readonly,\ 108 | https://www.googleapis.com/auth/admin.directory.group.readonly,\ 109 | https://www.googleapis.com/auth/admin.directory.orgunit.readonly,\ 110 | https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly,\ 111 | https://www.googleapis.com/auth/admin.directory.user.readonly" 112 | ``` 113 | 114 | - In the browser window that just opened, authenticate as the user you would like to make the API calls through. 115 | - Review the output for the location of the **Application Default Credentials** file, which usually appears following the text `Credentials saved to file:`. 116 | - Set the **Application Default Credentials** filepath in the Steampipe config `token_path` or in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. 117 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## v1.2.0 [2025-10-13] 2 | 3 | _Dependencies_ 4 | 5 | - Recompiled plugin with Go version `1.24`. ([#113](https://github.com/turbot/steampipe-plugin-googledirectory/pull/113)) 6 | - Recompiled plugin with [steampipe-plugin-sdk v5.13.1](https://github.com/turbot/steampipe-plugin-sdk/blob/develop/CHANGELOG.md#v5131-2025-09-25) that addresses critical and high vulnerabilities in dependent packages. ([#114](https://github.com/turbot/steampipe-plugin-googledirectory/pull/114)) 7 | 8 | ## v1.1.1 [2025-04-18] 9 | 10 | _Bug fixes_ 11 | 12 | - Fixed Linux AMD64 plugin build failures for `Postgres 14 FDW`, `Postgres 15 FDW`, and `SQLite Extension` by upgrading GitHub Actions runners from `ubuntu-20.04` to `ubuntu-22.04`. 13 | 14 | ## v1.1.0 [2025-04-17] 15 | 16 | _Dependencies_ 17 | 18 | - Recompiled plugin with Go version `1.23.1`. ([#109](https://github.com/turbot/steampipe-plugin-googledirectory/pull/109)) 19 | - Recompiled plugin with [steampipe-plugin-sdk v5.11.5](https://github.com/turbot/steampipe-plugin-sdk/blob/v5.11.5/CHANGELOG.md#v5115-2025-03-31) that addresses critical and high vulnerabilities in dependent packages. ([#109](https://github.com/turbot/steampipe-plugin-googledirectory/pull/109)) 20 | 21 | ## v1.0.0 [2024-10-22] 22 | 23 | There are no significant changes in this plugin version; it has been released to align with [Steampipe's v1.0.0](https://steampipe.io/changelog/steampipe-cli-v1-0-0) release. This plugin adheres to [semantic versioning](https://semver.org/#semantic-versioning-specification-semver), ensuring backward compatibility within each major version. 24 | 25 | _Dependencies_ 26 | 27 | - Recompiled plugin with Go version `1.22`. ([#103](https://github.com/turbot/steampipe-plugin-googledirectory/pull/103)) 28 | - Recompiled plugin with [steampipe-plugin-sdk v5.10.4](https://github.com/turbot/steampipe-plugin-sdk/blob/develop/CHANGELOG.md#v5104-2024-08-29) that fixes logging in the plugin export tool. ([#103](https://github.com/turbot/steampipe-plugin-googledirectory/pull/103)) 29 | 30 | ## v0.8.0 [2023-12-12] 31 | 32 | _What's new?_ 33 | 34 | - The plugin can now be downloaded and used with the [Steampipe CLI](https://steampipe.io/docs), as a [Postgres FDW](https://steampipe.io/docs/steampipe_postgres/overview), as a [SQLite extension](https://steampipe.io/docs//steampipe_sqlite/overview) and as a standalone [exporter](https://steampipe.io/docs/steampipe_export/overview). ([#85](https://github.com/turbot/steampipe-plugin-googledirectory/pull/85)) 35 | - The table docs have been updated to provide corresponding example queries for Postgres FDW and SQLite extension. ([#85](https://github.com/turbot/steampipe-plugin-googledirectory/pull/85)) 36 | - Docs license updated to match Steampipe [CC BY-NC-ND license](https://github.com/turbot/steampipe-plugin-googledirectory/blob/main/docs/LICENSE). ([#85](https://github.com/turbot/steampipe-plugin-googledirectory/pull/85)) 37 | 38 | _Dependencies_ 39 | 40 | - Recompiled plugin with [steampipe-plugin-sdk v5.8.0](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v580-2023-12-11) that includes plugin server encapsulation for in-process and GRPC usage, adding Steampipe Plugin SDK version to `_ctx` column, and fixing connection and potential divide-by-zero bugs. ([#84](https://github.com/turbot/steampipe-plugin-googledirectory/pull/84)) 41 | 42 | ## v0.7.1 [2023-10-05] 43 | 44 | _Dependencies_ 45 | 46 | - Recompiled plugin with [steampipe-plugin-sdk v5.6.2](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v562-2023-10-03) which prevents nil pointer reference errors for implicit hydrate configs. ([#64](https://github.com/turbot/steampipe-plugin-googledirectory/pull/64)) 47 | 48 | ## v0.7.0 [2023-10-02] 49 | 50 | _Dependencies_ 51 | 52 | - Upgraded to [steampipe-plugin-sdk v5.6.1](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v561-2023-09-29) with support for rate limiters. ([#60](https://github.com/turbot/steampipe-plugin-googledirectory/pull/60)) 53 | - Recompiled plugin with Go version `1.21`. ([#60](https://github.com/turbot/steampipe-plugin-googledirectory/pull/60)) 54 | 55 | ## v0.6.0 [2023-08-31] 56 | 57 | _Dependencies_ 58 | 59 | - Recompiled plugin with [steampipe-plugin-sdk v5.5.1](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v551-2023-07-26). ([#50](https://github.com/turbot/steampipe-plugin-googledirectory/pull/50)) 60 | - Recompiled plugin with `google.golang.org/api v0.138.0`. ([#52](https://github.com/turbot/steampipe-plugin-googledirectory/pull/52)) 61 | - Recompiled plugin with `github.com/aws/aws-sdk-go v1.34.0`. ([#47](https://github.com/turbot/steampipe-plugin-googledirectory/pull/47)) 62 | - Recompiled plugin with `golang.org/x/net v0.7.0`. ([#49](https://github.com/turbot/steampipe-plugin-googledirectory/pull/49)) 63 | - Recompiled plugin with `github.com/turbot/go-kit v0.7.0`. ([#51](https://github.com/turbot/steampipe-plugin-googledirectory/pull/51)) 64 | 65 | ## v0.5.0 [2023-04-10] 66 | 67 | _Dependencies_ 68 | 69 | - Recompiled plugin with [steampipe-plugin-sdk v5.3.0](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v530-2023-03-16) which includes fixes for query cache pending item mechanism and aggregator connections not working for dynamic tables. ([#44](https://github.com/turbot/steampipe-plugin-googledirectory/pull/44)) 70 | 71 | ## v0.4.0 [2022-09-28] 72 | 73 | _Dependencies_ 74 | 75 | - Recompiled plugin with [steampipe-plugin-sdk v4.1.7](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v417-2022-09-08) which includes several caching and memory management improvements. ([#39](https://github.com/turbot/steampipe-plugin-googledirectory/pull/39)) 76 | - Recompiled plugin with Go version `1.19`. ([#39](https://github.com/turbot/steampipe-plugin-googledirectory/pull/39)) 77 | 78 | ## v0.3.0 [2022-04-27] 79 | 80 | _Enhancements_ 81 | 82 | - Added support for native Linux ARM and Mac M1 builds. ([#35](https://github.com/turbot/steampipe-plugin-googledirectory/pull/35)) 83 | - Recompiled plugin with [steampipe-plugin-sdk v3.1.0](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v310--2022-03-30) and Go version `1.18`. ([#34](https://github.com/turbot/steampipe-plugin-googledirectory/pull/34)) 84 | 85 | ## v0.2.1 [2022-04-14] 86 | 87 | _Bug fixes_ 88 | 89 | - Fixed links in documentation for configuring OAuth client authentication. 90 | 91 | ## v0.2.0 [2022-01-31] 92 | 93 | _What's new?_ 94 | 95 | - Added: The `credentials` argument can now be specified in the configuration file to pass in either the path to or the contents of a service account key file in JSON format ([#32](https://github.com/turbot/steampipe-plugin-googledirectory/pull/32)) 96 | - Added: The `token_path` argument can now be specified in the configuration file to authenticate using OAuth 2.0 ([#32](https://github.com/turbot/steampipe-plugin-googledirectory/pull/32)) 97 | 98 | _Deprecated_ 99 | 100 | - The `credential_file` argument in the configuration file is now deprecated and will be removed in the next major version. We recommend using the `credentials` argument instead, which can take the same file path as the `credential_file` argument. ([#32](https://github.com/turbot/steampipe-plugin-googledirectory/pull/32)) 101 | 102 | ## v0.1.0 [2021-12-08] 103 | 104 | _Enhancements_ 105 | 106 | - Recompiled plugin with Go version 1.17 ([#28](https://github.com/turbot/steampipe-plugin-googledirectory/pull/28)) 107 | - Recompiled plugin with [steampipe-plugin-sdk v1.8.2](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v182--2021-11-22) ([#27](https://github.com/turbot/steampipe-plugin-googledirectory/pull/27)) 108 | 109 | ## v0.0.4 [2021-10-20] 110 | 111 | _Bug fixes_ 112 | 113 | - Fixed: All tables now return the service API disabled error directly instead of returning empty rows 114 | 115 | ## v0.0.3 [2021-09-16] 116 | 117 | _What's new?_ 118 | 119 | - Added: Additional optional key columns and better filtering capabilities to `googledirectory_group`, `googledirectory_group_member`, and `googledirectory_user` tables ([#20](https://github.com/turbot/steampipe-plugin-googledirectory/pull/20)) 120 | 121 | _Enhancements_ 122 | 123 | - Updated: Improve context cancellation handling in all tables ([#20](https://github.com/turbot/steampipe-plugin-googledirectory/pull/20)) 124 | 125 | _Bug fixes_ 126 | 127 | - Fixed: Remove check for credentials in `GOOGLE_APPLICATION_CREDENTIALS` environment variable to align with Google's authentication methods ([#20](https://github.com/turbot/steampipe-plugin-googledirectory/pull/20)) 128 | 129 | ## v0.0.2 [2021-09-01] 130 | 131 | _What's new?_ 132 | 133 | - New tables added 134 | - [googledirectory_domain_alias](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_domain_alias) ([#11](https://github.com/turbot/steampipe-plugin-googledirectory/pull/11)) 135 | - [googledirectory_role_assignment](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_role_assignment) ([#12](https://github.com/turbot/steampipe-plugin-googledirectory/pull/12)) 136 | 137 | _Enhancements_ 138 | 139 | - Recompiled plugin with [steampipe-plugin-sdk v1.5.0](https://github.com/turbot/steampipe-plugin-sdk/blob/main/CHANGELOG.md#v150--2021-08-06) and `google.golang.org/api v0.54.0` ([#17](https://github.com/turbot/steampipe-plugin-googledirectory/pull/17)) 140 | 141 | _Bug fixes_ 142 | 143 | - Fixed typos in all table function names ([#6](https://github.com/turbot/steampipe-plugin-googledirectory/pull/6)) 144 | 145 | ## v0.0.1 [2021-08-12] 146 | 147 | _What's new?_ 148 | 149 | - New tables added 150 | 151 | - [googledirectory_domain](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_domain) 152 | - [googledirectory_group](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_group) 153 | - [googledirectory_group_member](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_group_member) 154 | - [googledirectory_org_unit](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_org_unit) 155 | - [googledirectory_privilege](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_privilege) 156 | - [googledirectory_role](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_role) 157 | - [googledirectory_user](https://hub.steampipe.io/plugins/turbot/googledirectory/tables/googledirectory_user) 158 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /googledirectory/table_googledirectory_user.go: -------------------------------------------------------------------------------- 1 | package googledirectory 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | "strings" 7 | 8 | "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" 9 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin" 10 | "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" 11 | 12 | admin "google.golang.org/api/admin/directory/v1" 13 | ) 14 | 15 | //// TABLE DEFINITION 16 | 17 | func tableGoogleDirectoryUser(_ context.Context) *plugin.Table { 18 | return &plugin.Table{ 19 | Name: "googledirectory_user", 20 | Description: "Users defined in the Google Workspace directory.", 21 | List: &plugin.ListConfig{ 22 | Hydrate: listDirectoryUsers, 23 | KeyColumns: []*plugin.KeyColumn{ 24 | { 25 | Name: "customer_id", 26 | Require: plugin.Optional, 27 | }, 28 | { 29 | Name: "full_name", 30 | Require: plugin.Optional, 31 | }, 32 | { 33 | Name: "family_name", 34 | Require: plugin.Optional, 35 | }, 36 | { 37 | Name: "given_name", 38 | Require: plugin.Optional, 39 | }, 40 | { 41 | Name: "is_admin", 42 | Require: plugin.Optional, 43 | Operators: []string{"<>", "="}, 44 | }, 45 | { 46 | Name: "is_delegated_admin", 47 | Require: plugin.Optional, 48 | Operators: []string{"<>", "="}, 49 | }, 50 | { 51 | Name: "suspended", 52 | Require: plugin.Optional, 53 | Operators: []string{"<>", "="}, 54 | }, 55 | { 56 | Name: "query", 57 | Require: plugin.Optional, 58 | }, 59 | }, 60 | ShouldIgnoreError: isNotFoundError([]string{"404"}), 61 | }, 62 | Get: &plugin.GetConfig{ 63 | KeyColumns: plugin.AnyColumn([]string{"id", "primary_email"}), 64 | Hydrate: getDirectoryUser, 65 | }, 66 | Columns: []*plugin.Column{ 67 | { 68 | Name: "full_name", 69 | Description: "The user's full name formed by concatenating the first and last name values.", 70 | Type: proto.ColumnType_STRING, 71 | Transform: transform.FromField("Name.FullName"), 72 | }, 73 | { 74 | Name: "id", 75 | Description: "The unique ID for the user.", 76 | Type: proto.ColumnType_STRING, 77 | }, 78 | { 79 | Name: "primary_email", 80 | Description: "Specifies the user's primary email address.", 81 | Type: proto.ColumnType_STRING, 82 | }, 83 | { 84 | Name: "customer_id", 85 | Description: "The customer ID to retrieve all account users.", 86 | Type: proto.ColumnType_STRING, 87 | }, 88 | { 89 | Name: "creation_time", 90 | Description: "Specifies user's G-Suite account creation time.", 91 | Type: proto.ColumnType_TIMESTAMP, 92 | }, 93 | { 94 | Name: "is_admin", 95 | Description: "Indicates whether an user have super administrator privileges, or not.", 96 | Type: proto.ColumnType_BOOL, 97 | }, 98 | { 99 | Name: "is_delegated_admin", 100 | Description: "Indicates whether the user is a delegated administrator, or not.", 101 | Type: proto.ColumnType_BOOL, 102 | }, 103 | { 104 | Name: "suspended", 105 | Description: "Indicates whether an user is suspended, or not.", 106 | Type: proto.ColumnType_BOOL, 107 | }, 108 | { 109 | Name: "agreed_to_terms", 110 | Description: "Indicates whether the user has completed an initial login and accepted the Terms of Service agreement, or not.", 111 | Type: proto.ColumnType_BOOL, 112 | }, 113 | { 114 | Name: "archived", 115 | Description: "Indicates whether an user is archived, or not.", 116 | Type: proto.ColumnType_BOOL, 117 | }, 118 | { 119 | Name: "change_password_at_next_login", 120 | Description: "Indicates if the user is forced to change their password at next login.", 121 | Type: proto.ColumnType_BOOL, 122 | }, 123 | { 124 | Name: "deletion_time", 125 | Description: "Specifies user's deletion time.", 126 | Type: proto.ColumnType_TIMESTAMP, 127 | Transform: transform.FromField("DeletionTime").Transform(transform.NullIfZeroValue), 128 | }, 129 | { 130 | Name: "etag", 131 | Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.", 132 | Type: proto.ColumnType_STRING, 133 | }, 134 | { 135 | Name: "family_name", 136 | Description: "The user's last name.", 137 | Type: proto.ColumnType_STRING, 138 | Transform: transform.FromField("Name.FamilyName"), 139 | }, 140 | { 141 | Name: "gender", 142 | Description: "The user's gender.", 143 | Type: proto.ColumnType_STRING, 144 | }, 145 | { 146 | Name: "given_name", 147 | Description: "The user's first name.", 148 | Type: proto.ColumnType_STRING, 149 | Transform: transform.FromField("Name.GivenName"), 150 | }, 151 | { 152 | Name: "hash_function", 153 | Description: "Specifies the hash format of the password property.", 154 | Type: proto.ColumnType_STRING, 155 | }, 156 | { 157 | Name: "include_in_global_address_list", 158 | Description: "Indicates whether the user's profile is visible in the Google Workspace global address list when the contact sharing feature is enabled for the domain.", 159 | Type: proto.ColumnType_BOOL, 160 | }, 161 | { 162 | Name: "ip_whitelisted", 163 | Description: "Indicates whether the user's IP address is whitelisted, or not.", 164 | Type: proto.ColumnType_BOOL, 165 | }, 166 | { 167 | Name: "is_enforced_in_2sv", 168 | Description: "Indicates whether the 2-step verification enforced, or not.", 169 | Type: proto.ColumnType_BOOL, 170 | Transform: transform.FromField("IsEnforcedIn2Sv"), 171 | }, 172 | { 173 | Name: "is_enrolled_in_2sv", 174 | Description: "Indicates whether an user is enrolled in 2-step verification, or not.", 175 | Type: proto.ColumnType_BOOL, 176 | Transform: transform.FromField("IsEnrolledIn2Sv"), 177 | }, 178 | { 179 | Name: "is_mailbox_setup", 180 | Description: "Indicates whether the user's Google mailbox is created, or not.", 181 | Type: proto.ColumnType_BOOL, 182 | }, 183 | { 184 | Name: "kind", 185 | Description: "The type of the API resource.", 186 | Type: proto.ColumnType_STRING, 187 | }, 188 | { 189 | Name: "last_login_time", 190 | Description: "Specifies user's last login time.", 191 | Type: proto.ColumnType_TIMESTAMP, 192 | }, 193 | { 194 | Name: "org_unit_path", 195 | Description: "The full path of the parent organization associated with the user.", 196 | Type: proto.ColumnType_STRING, 197 | }, 198 | { 199 | Name: "recovery_email", 200 | Description: "Specifies the recovery email of the user.", 201 | Type: proto.ColumnType_STRING, 202 | }, 203 | { 204 | Name: "recovery_phone", 205 | Description: "Specifies the recovery phone of the user.", 206 | Type: proto.ColumnType_STRING, 207 | }, 208 | { 209 | Name: "suspension_reason", 210 | Description: "Specifies the reason a user account is suspended either by the administrator or by Google at the time of suspension.", 211 | Type: proto.ColumnType_STRING, 212 | }, 213 | { 214 | Name: "thumbnail_photo_etag", 215 | Description: "ETag of the user's photo.", 216 | Type: proto.ColumnType_STRING, 217 | }, 218 | { 219 | Name: "thumbnail_photo_url", 220 | Description: "Photo Url of the user.", 221 | Type: proto.ColumnType_STRING, 222 | }, 223 | { 224 | Name: "query", 225 | Description: "Filter string to [filter](https://developers.google.com/admin-sdk/directory/v1/guides/search-users) users.", 226 | Type: proto.ColumnType_STRING, 227 | Transform: transform.FromQual("query"), 228 | }, 229 | { 230 | Name: "addresses", 231 | Description: "A list of the user's addresses.", 232 | Type: proto.ColumnType_JSON, 233 | }, 234 | { 235 | Name: "aliases", 236 | Description: "A list of the user's alias email addresses.", 237 | Type: proto.ColumnType_JSON, 238 | }, 239 | { 240 | Name: "custom_schemas", 241 | Description: "Custom fields of the user.", 242 | Type: proto.ColumnType_JSON, 243 | }, 244 | { 245 | Name: "emails", 246 | Description: "A list of the user's email addresses.", 247 | Type: proto.ColumnType_JSON, 248 | }, 249 | { 250 | Name: "external_ids", 251 | Description: "A list of external IDs for the user, such as an employee or network ID.", 252 | Type: proto.ColumnType_JSON, 253 | }, 254 | { 255 | Name: "ims", 256 | Description: "The user's Instant Messenger (IM) accounts.", 257 | Type: proto.ColumnType_JSON, 258 | }, 259 | { 260 | Name: "keywords", 261 | Description: "The user's keywords.", 262 | Type: proto.ColumnType_JSON, 263 | }, 264 | { 265 | Name: "languages", 266 | Description: "The user's languages.", 267 | Type: proto.ColumnType_JSON, 268 | }, 269 | { 270 | Name: "locations", 271 | Description: "The user's locations.", 272 | Type: proto.ColumnType_JSON, 273 | }, 274 | { 275 | Name: "non_editable_aliases", 276 | Description: "A list of the user's non-editable alias email addresses.", 277 | Type: proto.ColumnType_JSON, 278 | }, 279 | { 280 | Name: "notes", 281 | Description: "Notes for the user.", 282 | Type: proto.ColumnType_JSON, 283 | }, 284 | { 285 | Name: "organizations", 286 | Description: "A list of organizations the user belongs to.", 287 | Type: proto.ColumnType_JSON, 288 | }, 289 | { 290 | Name: "phones", 291 | Description: "A list of the user's phone numbers.", 292 | Type: proto.ColumnType_JSON, 293 | }, 294 | { 295 | Name: "posix_accounts", 296 | Description: "A list of POSIX account information for the user.", 297 | Type: proto.ColumnType_JSON, 298 | }, 299 | { 300 | Name: "relations", 301 | Description: "A list of the user's relationships to other users.", 302 | Type: proto.ColumnType_JSON, 303 | }, 304 | { 305 | Name: "ssh_public_keys", 306 | Description: "A list of SSH public keys.", 307 | Type: proto.ColumnType_JSON, 308 | }, 309 | { 310 | Name: "websites", 311 | Description: "The user's websites.", 312 | Type: proto.ColumnType_JSON, 313 | }, 314 | }, 315 | } 316 | } 317 | 318 | //// LIST FUNCTION 319 | 320 | func listDirectoryUsers(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 321 | // Create service 322 | service, err := AdminService(ctx, d) 323 | if err != nil { 324 | return nil, err 325 | } 326 | 327 | equalQuals := d.EqualsQuals 328 | quals := d.Quals 329 | 330 | var queryFilter, query string 331 | filter := buildUserQueryFilter(equalQuals) 332 | filter = append(filter, buildUserBoolNEFilter(quals)...) 333 | 334 | if equalQuals["query"] != nil { 335 | queryFilter = equalQuals["query"].GetStringValue() 336 | } 337 | 338 | if queryFilter != "" { 339 | query = queryFilter 340 | } else if len(filter) > 0 { 341 | query = strings.Join(filter, " ") 342 | } 343 | 344 | // Set default value to my_customer, to represent current account 345 | customerID := "my_customer" 346 | if d.EqualsQuals["customer_id"] != nil { 347 | customerID = d.EqualsQuals["customer_id"].GetStringValue() 348 | } 349 | 350 | // By default, API can return maximum 500 records in a single page 351 | maxResult := int64(500) 352 | 353 | limit := d.QueryContext.Limit 354 | if d.QueryContext.Limit != nil { 355 | if *limit < maxResult { 356 | maxResult = *limit 357 | } 358 | } 359 | 360 | resp := service.Users.List().Customer(customerID).Query(query).MaxResults(maxResult) 361 | if err := resp.Pages(ctx, func(page *admin.Users) error { 362 | for _, user := range page.Users { 363 | d.StreamListItem(ctx, user) 364 | 365 | // Context can be cancelled due to manual cancellation or the limit has been hit 366 | if plugin.IsCancelled(ctx) { 367 | page.NextPageToken = "" 368 | break 369 | } 370 | } 371 | return nil 372 | }); err != nil { 373 | return nil, err 374 | } 375 | 376 | return nil, err 377 | } 378 | 379 | //// HYDRATE FUNCTIONS 380 | 381 | func getDirectoryUser(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { 382 | plugin.Logger(ctx).Trace("getDirectoryUser") 383 | 384 | // Create service 385 | service, err := AdminService(ctx, d) 386 | if err != nil { 387 | return nil, err 388 | } 389 | 390 | id := d.EqualsQuals["id"].GetStringValue() 391 | primaryEmail := d.EqualsQuals["primary_email"].GetStringValue() 392 | 393 | // Return nil, if no input provided 394 | if id == "" && primaryEmail == "" { 395 | return nil, nil 396 | } 397 | 398 | var inputStr string 399 | if id == "" { 400 | inputStr = primaryEmail 401 | } else { 402 | inputStr = id 403 | } 404 | 405 | resp, err := service.Users.Get(inputStr).Do() 406 | if err != nil { 407 | return nil, err 408 | } 409 | 410 | return resp, nil 411 | } 412 | 413 | func buildUserQueryFilter(equalQuals plugin.KeyColumnEqualsQualMap) []string { 414 | filters := []string{} 415 | 416 | filterQuals := map[string]string{ 417 | "full_name": "name", 418 | "family_name": "familyName", 419 | "given_name": "givenName", 420 | "is_admin": "isAdmin", 421 | "is_delegated_admin": "isDelegatedAdmin", 422 | "suspended": "isSuspended", 423 | } 424 | 425 | for qual, filterColumn := range filterQuals { 426 | if equalQuals[qual] != nil { 427 | if qual == "is_admin" || qual == "is_delegated_admin" || qual == "suspended" { 428 | filters = append(filters, fmt.Sprintf("%s=%t", filterColumn, equalQuals[qual].GetBoolValue())) 429 | } else { 430 | filters = append(filters, fmt.Sprintf("%s='%s'", filterColumn, equalQuals[qual].GetStringValue())) 431 | } 432 | } 433 | } 434 | return filters 435 | } 436 | 437 | func buildUserBoolNEFilter(quals plugin.KeyColumnQualMap) []string { 438 | filters := []string{} 439 | 440 | filterQuals := []string{ 441 | "is_admin", 442 | "is_delegated_admin", 443 | "suspended", 444 | } 445 | 446 | for _, qual := range filterQuals { 447 | if quals[qual] != nil { 448 | for _, q := range quals[qual].Quals { 449 | value := q.Value.GetBoolValue() 450 | if q.Operator == "<>" { 451 | switch qual { 452 | case "is_admin": 453 | filters = append(filters, fmt.Sprintf("isAdmin=%t", !value)) 454 | case "is_delegated_admin": 455 | filters = append(filters, fmt.Sprintf("isDelegatedAdmin=%t", !value)) 456 | case "suspended": 457 | filters = append(filters, fmt.Sprintf("isSuspended=%t", !value)) 458 | } 459 | break 460 | } 461 | } 462 | } 463 | } 464 | return filters 465 | } 466 | -------------------------------------------------------------------------------- /docs/LICENSE: -------------------------------------------------------------------------------- 1 | Attribution-NonCommercial-NoDerivatives 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 58 | International Public License 59 | 60 | By exercising the Licensed Rights (defined below), You accept and agree 61 | to be bound by the terms and conditions of this Creative Commons 62 | Attribution-NonCommercial-NoDerivatives 4.0 International Public 63 | License ("Public License"). To the extent this Public License may be 64 | interpreted as a contract, You are granted the Licensed Rights in 65 | consideration of Your acceptance of these terms and conditions, and the 66 | Licensor grants You such rights in consideration of benefits the 67 | Licensor receives from making the Licensed Material available under 68 | these terms and conditions. 69 | 70 | 71 | Section 1 -- Definitions. 72 | 73 | a. Adapted Material means material subject to Copyright and Similar 74 | Rights that is derived from or based upon the Licensed Material 75 | and in which the Licensed Material is translated, altered, 76 | arranged, transformed, or otherwise modified in a manner requiring 77 | permission under the Copyright and Similar Rights held by the 78 | Licensor. For purposes of this Public License, where the Licensed 79 | Material is a musical work, performance, or sound recording, 80 | Adapted Material is always produced where the Licensed Material is 81 | synched in timed relation with a moving image. 82 | 83 | b. Copyright and Similar Rights means copyright and/or similar rights 84 | closely related to copyright including, without limitation, 85 | performance, broadcast, sound recording, and Sui Generis Database 86 | Rights, without regard to how the rights are labeled or 87 | categorized. For purposes of this Public License, the rights 88 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 89 | Rights. 90 | 91 | c. Effective Technological Measures means those measures that, in the 92 | absence of proper authority, may not be circumvented under laws 93 | fulfilling obligations under Article 11 of the WIPO Copyright 94 | Treaty adopted on December 20, 1996, and/or similar international 95 | agreements. 96 | 97 | d. Exceptions and Limitations means fair use, fair dealing, and/or 98 | any other exception or limitation to Copyright and Similar Rights 99 | that applies to Your use of the Licensed Material. 100 | 101 | e. Licensed Material means the artistic or literary work, database, 102 | or other material to which the Licensor applied this Public 103 | License. 104 | 105 | f. Licensed Rights means the rights granted to You subject to the 106 | terms and conditions of this Public License, which are limited to 107 | all Copyright and Similar Rights that apply to Your use of the 108 | Licensed Material and that the Licensor has authority to license. 109 | 110 | g. Licensor means the individual(s) or entity(ies) granting rights 111 | under this Public License. 112 | 113 | h. NonCommercial means not primarily intended for or directed towards 114 | commercial advantage or monetary compensation. For purposes of 115 | this Public License, the exchange of the Licensed Material for 116 | other material subject to Copyright and Similar Rights by digital 117 | file-sharing or similar means is NonCommercial provided there is 118 | no payment of monetary compensation in connection with the 119 | exchange. 120 | 121 | i. Share means to provide material to the public by any means or 122 | process that requires permission under the Licensed Rights, such 123 | as reproduction, public display, public performance, distribution, 124 | dissemination, communication, or importation, and to make material 125 | available to the public including in ways that members of the 126 | public may access the material from a place and at a time 127 | individually chosen by them. 128 | 129 | j. Sui Generis Database Rights means rights other than copyright 130 | resulting from Directive 96/9/EC of the European Parliament and of 131 | the Council of 11 March 1996 on the legal protection of databases, 132 | as amended and/or succeeded, as well as other essentially 133 | equivalent rights anywhere in the world. 134 | 135 | k. You means the individual or entity exercising the Licensed Rights 136 | under this Public License. Your has a corresponding meaning. 137 | 138 | 139 | Section 2 -- Scope. 140 | 141 | a. License grant. 142 | 143 | 1. Subject to the terms and conditions of this Public License, 144 | the Licensor hereby grants You a worldwide, royalty-free, 145 | non-sublicensable, non-exclusive, irrevocable license to 146 | exercise the Licensed Rights in the Licensed Material to: 147 | 148 | a. reproduce and Share the Licensed Material, in whole or 149 | in part, for NonCommercial purposes only; and 150 | 151 | b. produce and reproduce, but not Share, Adapted Material 152 | for NonCommercial purposes only. 153 | 154 | 2. Exceptions and Limitations. For the avoidance of doubt, where 155 | Exceptions and Limitations apply to Your use, this Public 156 | License does not apply, and You do not need to comply with 157 | its terms and conditions. 158 | 159 | 3. Term. The term of this Public License is specified in Section 160 | 6(a). 161 | 162 | 4. Media and formats; technical modifications allowed. The 163 | Licensor authorizes You to exercise the Licensed Rights in 164 | all media and formats whether now known or hereafter created, 165 | and to make technical modifications necessary to do so. The 166 | Licensor waives and/or agrees not to assert any right or 167 | authority to forbid You from making technical modifications 168 | necessary to exercise the Licensed Rights, including 169 | technical modifications necessary to circumvent Effective 170 | Technological Measures. For purposes of this Public License, 171 | simply making modifications authorized by this Section 2(a) 172 | (4) never produces Adapted Material. 173 | 174 | 5. Downstream recipients. 175 | 176 | a. Offer from the Licensor -- Licensed Material. Every 177 | recipient of the Licensed Material automatically 178 | receives an offer from the Licensor to exercise the 179 | Licensed Rights under the terms and conditions of this 180 | Public License. 181 | 182 | b. No downstream restrictions. You may not offer or impose 183 | any additional or different terms or conditions on, or 184 | apply any Effective Technological Measures to, the 185 | Licensed Material if doing so restricts exercise of the 186 | Licensed Rights by any recipient of the Licensed 187 | Material. 188 | 189 | 6. No endorsement. Nothing in this Public License constitutes or 190 | may be construed as permission to assert or imply that You 191 | are, or that Your use of the Licensed Material is, connected 192 | with, or sponsored, endorsed, or granted official status by, 193 | the Licensor or others designated to receive attribution as 194 | provided in Section 3(a)(1)(A)(i). 195 | 196 | b. Other rights. 197 | 198 | 1. Moral rights, such as the right of integrity, are not 199 | licensed under this Public License, nor are publicity, 200 | privacy, and/or other similar personality rights; however, to 201 | the extent possible, the Licensor waives and/or agrees not to 202 | assert any such rights held by the Licensor to the limited 203 | extent necessary to allow You to exercise the Licensed 204 | Rights, but not otherwise. 205 | 206 | 2. Patent and trademark rights are not licensed under this 207 | Public License. 208 | 209 | 3. To the extent possible, the Licensor waives any right to 210 | collect royalties from You for the exercise of the Licensed 211 | Rights, whether directly or through a collecting society 212 | under any voluntary or waivable statutory or compulsory 213 | licensing scheme. In all other cases the Licensor expressly 214 | reserves any right to collect such royalties, including when 215 | the Licensed Material is used other than for NonCommercial 216 | purposes. 217 | 218 | 219 | Section 3 -- License Conditions. 220 | 221 | Your exercise of the Licensed Rights is expressly made subject to the 222 | following conditions. 223 | 224 | a. Attribution. 225 | 226 | 1. If You Share the Licensed Material, You must: 227 | 228 | a. retain the following if it is supplied by the Licensor 229 | with the Licensed Material: 230 | 231 | i. identification of the creator(s) of the Licensed 232 | Material and any others designated to receive 233 | attribution, in any reasonable manner requested by 234 | the Licensor (including by pseudonym if 235 | designated); 236 | 237 | ii. a copyright notice; 238 | 239 | iii. a notice that refers to this Public License; 240 | 241 | iv. a notice that refers to the disclaimer of 242 | warranties; 243 | 244 | v. a URI or hyperlink to the Licensed Material to the 245 | extent reasonably practicable; 246 | 247 | b. indicate if You modified the Licensed Material and 248 | retain an indication of any previous modifications; and 249 | 250 | c. indicate the Licensed Material is licensed under this 251 | Public License, and include the text of, or the URI or 252 | hyperlink to, this Public License. 253 | 254 | For the avoidance of doubt, You do not have permission under 255 | this Public License to Share Adapted Material. 256 | 257 | 2. You may satisfy the conditions in Section 3(a)(1) in any 258 | reasonable manner based on the medium, means, and context in 259 | which You Share the Licensed Material. For example, it may be 260 | reasonable to satisfy the conditions by providing a URI or 261 | hyperlink to a resource that includes the required 262 | information. 263 | 264 | 3. If requested by the Licensor, You must remove any of the 265 | information required by Section 3(a)(1)(A) to the extent 266 | reasonably practicable. 267 | 268 | 269 | Section 4 -- Sui Generis Database Rights. 270 | 271 | Where the Licensed Rights include Sui Generis Database Rights that 272 | apply to Your use of the Licensed Material: 273 | 274 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 275 | to extract, reuse, reproduce, and Share all or a substantial 276 | portion of the contents of the database for NonCommercial purposes 277 | only and provided You do not Share Adapted Material; 278 | 279 | b. if You include all or a substantial portion of the database 280 | contents in a database in which You have Sui Generis Database 281 | Rights, then the database in which You have Sui Generis Database 282 | Rights (but not its individual contents) is Adapted Material; and 283 | 284 | c. You must comply with the conditions in Section 3(a) if You Share 285 | all or a substantial portion of the contents of the database. 286 | 287 | For the avoidance of doubt, this Section 4 supplements and does not 288 | replace Your obligations under this Public License where the Licensed 289 | Rights include other Copyright and Similar Rights. 290 | 291 | 292 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 293 | 294 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 295 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 296 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 297 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 298 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 299 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 300 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 301 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 302 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 303 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 304 | 305 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 306 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 307 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 308 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 309 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 310 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 311 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 312 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 313 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 314 | 315 | c. The disclaimer of warranties and limitation of liability provided 316 | above shall be interpreted in a manner that, to the extent 317 | possible, most closely approximates an absolute disclaimer and 318 | waiver of all liability. 319 | 320 | 321 | Section 6 -- Term and Termination. 322 | 323 | a. This Public License applies for the term of the Copyright and 324 | Similar Rights licensed here. However, if You fail to comply with 325 | this Public License, then Your rights under this Public License 326 | terminate automatically. 327 | 328 | b. Where Your right to use the Licensed Material has terminated under 329 | Section 6(a), it reinstates: 330 | 331 | 1. automatically as of the date the violation is cured, provided 332 | it is cured within 30 days of Your discovery of the 333 | violation; or 334 | 335 | 2. upon express reinstatement by the Licensor. 336 | 337 | For the avoidance of doubt, this Section 6(b) does not affect any 338 | right the Licensor may have to seek remedies for Your violations 339 | of this Public License. 340 | 341 | c. For the avoidance of doubt, the Licensor may also offer the 342 | Licensed Material under separate terms or conditions or stop 343 | distributing the Licensed Material at any time; however, doing so 344 | will not terminate this Public License. 345 | 346 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 347 | License. 348 | 349 | 350 | Section 7 -- Other Terms and Conditions. 351 | 352 | a. The Licensor shall not be bound by any additional or different 353 | terms or conditions communicated by You unless expressly agreed. 354 | 355 | b. Any arrangements, understandings, or agreements regarding the 356 | Licensed Material not stated herein are separate from and 357 | independent of the terms and conditions of this Public License. 358 | 359 | 360 | Section 8 -- Interpretation. 361 | 362 | a. For the avoidance of doubt, this Public License does not, and 363 | shall not be interpreted to, reduce, limit, restrict, or impose 364 | conditions on any use of the Licensed Material that could lawfully 365 | be made without permission under this Public License. 366 | 367 | b. To the extent possible, if any provision of this Public License is 368 | deemed unenforceable, it shall be automatically reformed to the 369 | minimum extent necessary to make it enforceable. If the provision 370 | cannot be reformed, it shall be severed from this Public License 371 | without affecting the enforceability of the remaining terms and 372 | conditions. 373 | 374 | c. No term or condition of this Public License will be waived and no 375 | failure to comply consented to unless expressly agreed to by the 376 | Licensor. 377 | 378 | d. Nothing in this Public License constitutes or may be interpreted 379 | as a limitation upon, or waiver of, any privileges and immunities 380 | that apply to the Licensor or You, including from the legal 381 | processes of any jurisdiction or authority. 382 | 383 | ======================================================================= 384 | 385 | Creative Commons is not a party to its public 386 | licenses. Notwithstanding, Creative Commons may elect to apply one of 387 | its public licenses to material it publishes and in those instances 388 | will be considered the “Licensor.” The text of the Creative Commons 389 | public licenses is dedicated to the public domain under the CC0 Public 390 | Domain Dedication. Except for the limited purpose of indicating that 391 | material is shared under a Creative Commons public license or as 392 | otherwise permitted by the Creative Commons policies published at 393 | creativecommons.org/policies, Creative Commons does not authorize the 394 | use of the trademark "Creative Commons" or any other trademark or logo 395 | of Creative Commons without its prior written consent including, 396 | without limitation, in connection with any unauthorized modifications 397 | to any of its public licenses or any other arrangements, 398 | understandings, or agreements concerning use of licensed material. For 399 | the avoidance of doubt, this paragraph does not form part of the 400 | public licenses. 401 | 402 | Creative Commons may be contacted at creativecommons.org. --------------------------------------------------------------------------------