Add google workspace (#13)

* Added ability to use google workspace * Added ability to use google workspace * Fixed tests
rorylshanks · Jan 23, 2024 · 248fa68 · 248fa68
1 parent 807acce
commit 248fa68
Show file tree

Hide file tree

Showing 13 changed files with 294 additions and 13 deletions.
diff --git a/.gitignore b/.gitignore
@@ -137,4 +137,6 @@ caddy.json
 output.json
 
 token-auth.json
-request_header_map.json
+request_header_map.json
+
+gcp.json
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -9,6 +9,8 @@ services:
       context: "."
       dockerfile: Dockerfile.dev
     network_mode: host
+    depends_on:
+      - redis
     volumes:
       - $PWD:/appdata
       - /secrets:/secrets

diff --git a/docs/idp/googleworkspace.md b/docs/idp/googleworkspace.md
@@ -0,0 +1,2 @@
+idp_service_account_json_file
+idp_service_account_subject
diff --git a/docs/idp/msgraph.md b/docs/idp/msgraph.md
diff --git a/example-config.yaml b/example-config.yaml
@@ -34,6 +34,8 @@ policy:
   claims_headers:
     X-Pomerium-Claim-Email: mail
     X-Pomerium-Jwt-Assertion: jwt
+  allowed_domains:
+    - test.com
   allowed_groups:
     - All Users
   cors_allow_preflight: true

diff --git a/lib/authz.js b/lib/authz.js
@@ -37,7 +37,7 @@ async function update() {
         var duration = (endDate - startDate) / 1000
         log.info(`Updated users from IDP in ${duration} seconds`)
     } catch (error) {
-        log.error(error)
+        log.error({error, details: error.message})
     }
 }
 

diff --git a/lib/idp_adapters/googleworkspace.js b/lib/idp_adapters/googleworkspace.js
@@ -0,0 +1,69 @@
+import axios from 'axios';
+import fs from 'fs';
+import log from '../../util/logging.js';
+import {GoogleAuth} from 'google-auth-library';
+import { getConfig } from '../../util/config.js';
+
+async function getAccessToken() {
+    const config = getConfig()
+    const auth = new GoogleAuth({
+        keyFile: config.idp_service_account_json_file,
+        scopes: [
+            'https://www.googleapis.com/auth/admin.directory.user.readonly',
+            'https://www.googleapis.com/auth/admin.directory.group.readonly'
+        ],
+        subject: config.idp_service_account_subject,
+        clientOptions : {
+            subject : config.idp_service_account_subject
+        }
+    });
+
+    const client = await auth.getClient();
+    client.subject = config.idp_service_account_subject;
+    return client
+}
+
+async function getUsers(client) {
+    const config = getConfig()
+    const response = await client.request({url: `https://admin.googleapis.com/admin/directory/v1/users?domain=${config.idp_tenant_id}&maxResults=500`});
+    log.info(`Found ${response.data.users.length} users in domain`)
+    return response.data.users;
+}
+
+async function getUserGroups(client, userEmail) {
+    const response = await client.request({ url : `https://admin.googleapis.com/admin/directory/v1/groups?userKey=${userEmail}`});
+    return response.data.groups;
+}
+
+async function getUsersAndGroups() {
+    const client = await getAccessToken();
+    const users = await getUsers(client);
+
+    let userData = {};
+    for (const user of users) {
+        log.info(`Requesting groups for user ${user.primaryEmail}`)
+        const groups = await getUserGroups(client, user.primaryEmail);
+        userData[user.primaryEmail] = {
+            displayName: user.name.fullName,
+            givenName: user.name.givenName,
+            preferredLanguage: user.language || 'en',
+            surname: user.name.familyName,
+            userPrincipalName: user.primaryEmail,
+            mail: user.primaryEmail,
+            id: user.id,
+            groups: groups ? groups.map(group => group.name) : []
+        };
+    }
+
+    return userData;
+}
+
+async function runUpdate() {
+    log.debug("Starting update of users and groups from Google Workspace");
+    const userData = await getUsersAndGroups();
+    fs.writeFileSync("output.json", JSON.stringify(userData, null, 2));
+    log.debug("Finished update of users and groups from Google Workspace");
+    return userData;
+}
+
+export default { runUpdate };
diff --git a/lib/idp_adapters/localfile.js b/lib/idp_adapters/localfile.js
@@ -0,0 +1,14 @@
+import fs from 'fs/promises';
+import { getConfig } from '../../util/config.js';
+import log from '../../util/logging.js'
+
+async function runUpdate() {
+    const currentConfig = getConfig()
+    let localFile = currentConfig.idp_provider_localfile_location
+    let fileContents = await fs.readFile(localFile)
+    var result = JSON.parse(fileContents)
+    log.debug(result)
+    return result
+}
+
+export default { runUpdate };
diff --git a/lib/idp_adapters/localtest.js b/lib/idp_adapters/localtest.js
diff --git a/lib/idp_adapters/none.js b/lib/idp_adapters/none.js
@@ -0,0 +1,8 @@
+import log from '../util/logging.js'
+
+async function runUpdate() {
+    log.debug("Running idp_update for none")
+    return {}
+}
+
+export default { runUpdate };
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		idp_service_account_json_file
		idp_service_account_subject