/
table_googledirectory_role_assignment.go
173 lines (154 loc) · 4.61 KB
/
table_googledirectory_role_assignment.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
package googledirectory
import (
"context"
"github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto"
"github.com/turbot/steampipe-plugin-sdk/v5/plugin"
"github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform"
admin "google.golang.org/api/admin/directory/v1"
)
//// TABLE DEFINITION
func tableGoogleDirectoryRoleAssignment(_ context.Context) *plugin.Table {
return &plugin.Table{
Name: "googledirectory_role_assignment",
Description: "Role assignments defined in the Google Workspace directory.",
List: &plugin.ListConfig{
Hydrate: listDirectoryRoleAssignments,
KeyColumns: []*plugin.KeyColumn{
{
Name: "customer_id",
Require: plugin.Optional,
},
{
Name: "role_id",
Require: plugin.Optional,
},
{
Name: "user_key",
Require: plugin.Optional,
},
},
ShouldIgnoreError: isNotFoundError([]string{"404"}),
},
Get: &plugin.GetConfig{
KeyColumns: []*plugin.KeyColumn{
{
Name: "role_assignment_id",
Require: plugin.Required,
},
{
Name: "customer_id",
Require: plugin.Optional,
},
},
Hydrate: getDirectoryRoleAssignment,
},
Columns: []*plugin.Column{
{
Name: "role_assignment_id",
Description: "The unique ID for the role assignment.",
Type: proto.ColumnType_STRING,
},
{
Name: "role_id",
Description: "The unique ID for the role.",
Type: proto.ColumnType_STRING,
},
{
Name: "assigned_to",
Description: "The unique ID of the user this role is assigned to.",
Type: proto.ColumnType_STRING,
},
{
Name: "scope_type",
Description: "The scope in which this role is assigned.",
Type: proto.ColumnType_STRING,
},
{
Name: "customer_id",
Description: "The customer ID to retrieve all account roles.",
Type: proto.ColumnType_STRING,
Transform: transform.FromQual("customer_id"),
},
{
Name: "user_key",
Description: "The user's primary email address, alias email address, or unique user ID.",
Type: proto.ColumnType_STRING,
Transform: transform.FromQual("user_key"),
},
{
Name: "etag",
Description: "A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.",
Type: proto.ColumnType_STRING,
},
{
Name: "kind",
Description: "The type of the API resource.",
Type: proto.ColumnType_STRING,
},
{
Name: "org_unit_id",
Description: "If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.",
Type: proto.ColumnType_STRING,
},
},
}
}
//// LIST FUNCTION
func listDirectoryRoleAssignments(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) {
// Create service
service, err := AdminService(ctx, d)
if err != nil {
return nil, err
}
// Set default value to my_customer, to represent current account
customerID := "my_customer"
if d.EqualsQuals["customer_id"] != nil {
customerID = d.EqualsQuals["customer_id"].GetStringValue()
}
var roleId string
if d.EqualsQuals["role_id"] != nil {
roleId = d.EqualsQuals["role_id"].GetStringValue()
}
resp := service.RoleAssignments.List(customerID).RoleId(roleId)
if d.EqualsQuals["user_key"] != nil {
resp.UserKey(d.EqualsQuals["user_key"].GetStringValue())
}
if err := resp.Pages(ctx, func(page *admin.RoleAssignments) error {
for _, assignment := range page.Items {
d.StreamListItem(ctx, assignment)
// Context can be cancelled due to manual cancellation or the limit has been hit
if plugin.IsCancelled(ctx) {
page.NextPageToken = ""
break
}
}
return nil
}); err != nil {
return nil, err
}
return nil, nil
}
//// HYDRATE FUNCTIONS
func getDirectoryRoleAssignment(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) {
plugin.Logger(ctx).Trace("getDirectoryRoleAssignment")
// Create service
service, err := AdminService(ctx, d)
if err != nil {
return nil, err
}
// Set default value to my_customer, to represent current account
customerID := "my_customer"
if d.EqualsQuals["customer_id"] != nil {
customerID = d.EqualsQuals["customer_id"].GetStringValue()
}
roleAssignmentId := d.EqualsQuals["role_assignment_id"].GetStringValue()
// Return nil, if no input provided
if roleAssignmentId == "" {
return nil, nil
}
resp, err := service.RoleAssignments.Get(customerID, roleAssignmentId).Do()
if err != nil {
return nil, err
}
return resp, nil
}