Adding initial table schema for GSuite groups. #159
Conversation
@@ -73,3 +73,12 @@ | |||
PRIMARY KEY (`id`) | |||
) ENGINE=InnoDB DEFAULT CHARSET=utf8; | |||
""" | |||
|
|||
CREATE_GSUITE_ACCOUNT_GROUPS_TABLE = """ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a couple of nits here:
(1) can we avoid using "ACCOUNT" here? and just leave this as CREATE_GSUITE_GROUPS_TABLE ?
(2) can we make this more generic, i.e not use "GSUITE"? as to avoid any fallout from name changes in the future? and also to make this more platform neutral?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. I put some thought into this too.
Currently the API is defined here as the Directory API. When fetching groups you can scope the request to an account, a domain, or a sub-domain. Since it's my intention to specify account in the request I felt it appropriate to name the table with the same scope.
As it relates to GSuite I'm open to other ideas.
There could conceivably be other "groups" objects put out by other product teams I suspect scoping this to what it is (currently) gsuite made sense.
|
||
CREATE_GSUITE_ACCOUNT_GROUPS_TABLE = """ | ||
CREATE TABLE `{0}` ( | ||
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there other attributes we like to save? i.e. "name"
BTW, what is the resource description for the group response? is there a link?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right now I'm just collecting group_id and group_email.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at the groups resource definition, the "alias" might be interesting:
https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource
Do you think that we would need aliases? Could aliases be used somehow in permissioning? If so, it would help to collect it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this! Just one more item needing comment. LGTM
|
||
CREATE_GSUITE_ACCOUNT_GROUPS_TABLE = """ | ||
CREATE TABLE `{0}` ( | ||
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at the groups resource definition, the "alias" might be interesting:
https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource
Do you think that we would need aliases? Could aliases be used somehow in permissioning? If so, it would help to collect it.
We might, but this is intended to be a base implementation so I'm keeping it easy until we find out more. |
Adding |
One of many PRs to add Google Group expansion in IAM policies.