Refactor the GSuite Reconciler

groups/Makefile

@@ -22,9 +22,12 @@ endif
 default: run
 
 .PHONY: run
-run: test
-	go run . $(runargs)
+plan: test
+	go run . plan
+
+apply: test
+	go run . apply
 
 .PHONY: test
 test:
-	go test
+	go run . validate

groups/README.md

@@ -1,4 +1,6 @@
-# Automation of Google Groups maintenance for k8s-infra permissions
+# GSuite Groups Reconciler
+
+This tool automates the management of Google Workspace Groups belonging to kubernetes.io domain.
 
 - [Making changes](#making-changes)
   - [Staging access groups](#staging-access-groups)
@@ -27,7 +29,7 @@ k8s-infra-staging-<project-name>@kubernetes.io`
 
 - Must be run by someone who is a member of the k8s-infra-group-admins@kubernetes.io group
 - Run `gcloud auth application-default login` to login
-- Use `make run` to dry run the changes
-- Use `make run -- --confirm` if the changes suggested in the previous step looks good
+- Use `make plan` to print a plan of proposed changes
+- Use `make apply` to apply the changes proposed by `make plan`
 
 [post-k8sio-groups]: https://testgrid.k8s.io/sig-k8s-infra-k8sio#post-k8sio-groups

groups/config.yaml

@@ -11,3 +11,11 @@ groups-path: .
 
 # Path to restrictions.yaml file, relative to location of this config file
 restrictions-path: restrictions.yaml
+
+# Google Workspace Domains
+domains:
+  - kubernetes.io
+
+# Set this to true to skip various internal kubernetes.io group checks. This is important if the reconciler
+# is being used for other projects.
+skip-kubernetes-io-tests: false

groups/go.mod

@@ -6,26 +6,29 @@ require (
 	cloud.google.com/go/secretmanager v1.0.0
 	github.com/bmatcuk/doublestar v1.1.1
 	golang.org/x/net v0.0.0-20211007125505-59d4e928ea9d
-	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
-	google.golang.org/api v0.58.0
-	google.golang.org/genproto v0.0.0-20211007155348-82e027067bd4
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
+	google.golang.org/api v0.62.0
+	google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	k8s.io/apimachinery v0.0.0-20190817020851-f2f3a405f61d
 	k8s.io/test-infra v0.0.0-20191024183346-202cefeb6ff5
 )
 
 require (
-	cloud.google.com/go v0.97.0 // indirect
+	cloud.google.com/go v0.99.0 // indirect
 	github.com/clarketm/json v1.13.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-cmp v0.5.6 // indirect
 	github.com/googleapis/gax-go/v2 v2.1.1 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/spf13/cobra v1.3.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
 	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac // indirect
+	golang.org/x/sys v0.0.0-20211205182925-97ca703d548d // indirect
 	golang.org/x/text v0.3.7 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/grpc v1.41.0 // indirect
+	google.golang.org/grpc v1.42.0 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 )