search

SCRT-HQ / PSGSuite

Powershell module for Google / G Suite API calls wrapped in handy functions. Authentication is established using a service account via P12 key to negate the consent popup and allow for greater handsoff automation capabilities
https://psgsuite.io/
Apache License 2.0
235 stars 67 forks source link

Support for new Cloud Identity Groups API #318

Open FISHMANPET opened 4 years ago

FISHMANPET commented 4 years ago

Google has announced a new Cloud Identity Groups API, which despite having Cloud in the name, is part of GSuite, and is used for managing groups without needing to use the Admin SDK.

It also supports Service Accounts. My teams have just started exploring this, but it fills a big hole for us. I'm not sure if this would be best as a set of commands separate from the current Groups commands, replacements for those, or somehow modify those commands to use either the Admin SDK or this new API depending on ???

Another possibility, since New-GoogleService is an exported function, I think it would be possible to build a module using just this API (with corresponding .Net library) into its own module that has a dependency on PSGSuite, so it can take advantage of all the authentication and configuration of PSGSuite, but not put so much pressure on you to maintain integrations that you may not necessarily use or be familiar with.

scrthq commented 3 years ago

I think this would be good to include in the core PSGSuite module given that it's focused on group administration and appears to be the path forward for that from Google. If it's truly intended to be a direct replacement for the Groups API from the Admin SDK, then I think swapping in would be good once it's out of beta/early-access, but I think for now we should keep them as parallel functions.

I love the idea of modularizing the authentication components for reuse by other modules! We would need to figure out how to ensure that the assembly dependencies align though, maybe set the version of that particular module to the version of the core SDK that it bundles? Modules that use it can set the ModuleVersion it requires to be equal to the SDK version the underlying components require. Might have to add that custom assembly resolver though 🤔

I do see the advantage around possibly setting up the Cloud Identity bits as their own module though that depends on PSGSuite. Definitely worth continuing discussion around, considering this may lay the foundation down for the next major version of PSGSuite. I have definitely thought about breaking the components out into service specific modules as well.