Packs/GSuiteAdmin.py: added user signout command

Packs/GSuiteAdmin/.pack-ignore

@@ -6,4 +6,5 @@ g
 gsuite
 mobiledevice
 chromeosdevice
+signout
 

Packs/GSuiteAdmin/Integrations/GSuiteAdmin/GSuiteAdmin.py

@@ -65,6 +65,7 @@
     'MOBILE_DEVICES_LIST_SUCCESS': 'Google Workspace Admin - Mobile Devices List',
     'CHROMEOS_DEVICES_LIST_SUCCESS': 'Google Workspace Admin - ChromeOS Devices List',
     'CHROMEOS_DEVICE_ACTION_SUCCESS': 'ChromeOS device with resource id - {} updated.',
+    'USER_SIGNOUT_SESSIONS': 'Signs a {} out of all web and device sessions and reset their sign-in cookies.',
 }
 
 URL_SUFFIX: Dict[str, str] = {
@@ -83,6 +84,7 @@
     'MOBILE_DEVICES_LIST': 'admin/directory/v1/customer/{}/devices/mobile',
     'CHROMEOS_DEVICE_ACTION': 'admin/directory/v1/customer/{}/devices/chromeos/{}/action',
     'CHROMEOS_DEVICES_LIST': 'admin/directory/v1/customer/{}/devices/chromeos',
+    'USER_SIGN_OUT': 'admin/directory/v1/users/{}/signOut',
 
 }
 SCOPES: Dict[str, List[str]] = {
@@ -861,6 +863,25 @@ def token_revoke_command(client: Client, args: Dict[str, str]) -> CommandResults
     return CommandResults(readable_output=HR_MESSAGES['TOKEN_REVOKE_SUCCESS'].format(args.get('client_id', '')))
 
 
+@logger
+def user_signout_command(client: Client, args: Dict[str, str]) -> CommandResults:
+    """
+    Signs a user out of all web and device sessions and reset their sign-in cookies.
+
+    :param client: Client object.
+    :param args: Command arguments.
+
+    :return: CommandResults.
+    """
+
+    client.set_authorized_http(scopes=SCOPES['USER_SECURITY'])
+
+    user_key = urllib.parse.quote(args.get('user_key', ''))
+    client.http_request(url_suffix=URL_SUFFIX['USER_SIGN_OUT'].format(user_key), method='POST')
+
+    return CommandResults(readable_output=HR_MESSAGES['USER_SIGNOUT_SESSIONS'].format(args.get('user_key', '')))
+
+
 @logger
 def datatransfer_list_command(client: Client, args: Dict[str, str]) -> CommandResults:
     """
@@ -1488,8 +1509,8 @@ def main() -> None:
         'gsuite-user-update': user_update_command,
         'gsuite-mobiledevice-list': gsuite_mobile_device_list_command,
         'gsuite-chromeosdevice-action': gsuite_chromeos_device_action_command,
-        'gsuite-chromeosdevice-list': gsuite_chromeos_device_list_command
-
+        'gsuite-chromeosdevice-list': gsuite_chromeos_device_list_command,
+        'gsuite-user-signout': user_signout_command
     }
     command = demisto.command()
     demisto.info(f'Command being called is {command}')

Packs/GSuiteAdmin/Integrations/GSuiteAdmin/GSuiteAdmin.yml

@@ -1026,6 +1026,13 @@ script:
     description: |-
       Delete all access tokens issued by a user for an application.
     name: gsuite-token-revoke
+  - arguments:
+    - description: Identifies the user in the API request. The value can be the user's primary email address, alias email address, or unique user ID.
+      name: user_key
+      required: true
+    description: |-
+      Signs a user out of all web and device sessions and reset their sign-in cookies.
+    name: gsuite-user-signout
   - arguments:
     - description: Immutable ID of the G Suite account.
       name: customer_id
@@ -1035,13 +1042,15 @@ script:
       name: old_owner_user_id
     - description: Status of the transfer.
       name: status
-    - description: Email ID of the G Suite domain admin who acts on behalf of an end-user.
+    - description: |-
+        Email ID of the G Suite domain admin who acts on behalf of an end-user.
       name: admin_email
-    - description: Maximum number of results to return. Default is 100. Acceptable values are 1 to 500, inclusive.
+    - description: |-
+        Maximum number of results to return. Default is 100. Acceptable values are 1 to 500, inclusive.
       name: max_results
     - description: Token to specify the next page in the list.
       name: page_token
-    description: Lists the transfers for a customer by source user, destination user, or status.
+    description: "Lists the transfers for a customer by source user, destination user, or status."
     name: gsuite-datatransfer-list
     outputs:
     - contextPath: GSuite.DataTransfer.kind
@@ -1081,7 +1090,7 @@ script:
       description: Continuation token which will be used to specify next page in list API.
       type: String
   - arguments:
-    - description: Email ID of the G Suite domain admin who acts on behalf of an end-user.
+    - description: 'Email ID of the G Suite domain admin who acts on behalf of an end-user.'
       name: admin_email
     - description: Immutable ID of the G Suite account.
       name: customer_id
@@ -1402,7 +1411,7 @@ script:
     description: Deletes a user.
     name: gsuite-user-delete
   - arguments:
-    - description: The user's first name.
+    - description: 'The user''s first name.'
       name: first_name
     - description: The user's last name.
       name: last_name
@@ -2220,7 +2229,7 @@ script:
     - contextPath: GSuite.Group.nonEditableAliases
       description: List of the group's non-editable alias email addresses that are outside of the account's primary domain or subdomains.
       type: String
-  dockerimage: demisto/googleapi-python3:1.0.0.64742
+  dockerimage: demisto/googleapi-python3:1.0.0.65068
   runonce: false
   script: '-'
   subtype: python3

Packs/GSuiteAdmin/Integrations/GSuiteAdmin/GSuiteAdmin_test.py

@@ -611,6 +611,28 @@ def test_gsuite_token_revoke_command_success(mocker_http_request, gsuite_client)
     assert response.readable_output == HR_MESSAGES['TOKEN_REVOKE_SUCCESS'].format('CLIENT_ID')
 
 
+@patch(MOCKER_HTTP_METHOD)
+def test_gsuite_user_signout_command_success(mocker_http_request, gsuite_client):
+    """
+    Scenario: User signout  command successful execution.
+
+    Given:
+    - Working API integration and correct parameters
+
+    When:
+    - Calling command method gsuite_token_revoke_command.
+
+    Then:
+    - Ensure expected human readable output is being set.
+    """
+
+    mocker_http_request.return_value = {}
+
+    from GSuiteAdmin import user_signout_command
+    response = user_signout_command(gsuite_client, {'user_key': 'USER_KEY'})
+    assert response.readable_output == HR_MESSAGES['USER_SIGNOUT_SESSIONS'].format('USER_KEY')
+
+
 @patch(MOCKER_HTTP_METHOD)
 def test_gsuite_token_revoke_command_failure(mocker_http_request, gsuite_client):
     """

Packs/GSuiteAdmin/Integrations/GSuiteAdmin/README.md

@@ -614,6 +614,26 @@ There is no context output for this command.
 >All access tokens deleted for 297408095146-fug707qsjv4ikron0hugpevbrjhkmsk7.apps.googleusercontent.com.
 
 
+### gsuite-user-signout
+***
+ Signs a user out of all web and device sessions and reset their sign-in cookies.
+
+##### Required Permissions
+`https://www.googleapis.com/auth/admin.directory.user.security`
+
+#### Base Command
+
+`gsuite-user-signout`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| user_key | Identifies the user in the API request. The value can be the user's primary email address, alias email address, or unique user ID. | Required |
+
+#### Context Output
+
+There is no context output for this command.
+
 ### gsuite-datatransfer-list
 ***
 Lists the transfers for a customer by source user, destination user, or status.

Packs/GSuiteAdmin/ReleaseNotes/1_1_23.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Google Workspace Admin
+
+- Added 1 commands:
+    - ***gsuite-user-signout***