Is your feature request related to a problem? Please describe.
To the fullest extent possible, replicate all user attributes to IAM Identity Center, to support use of ABAC.
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
Currently SSOSync replicate First & Last Names and email address, for users wishing to use ABAC against IAM Identity Center this is insufficient.
Define field mapping between Google Directory & Identity Store, this will require some 'flattening' due to the data models being quite different.
expand data models in ssosync to hold this information
update CRUD methods to populate via SCIM api
Additional context
Add any other context or screenshots about the feature request here.
Google Directory - type User
type User struct {
// Addresses: The list of the user's addresses. The maximum allowed data
// size for this field is 10KB.
Addresses interface{} `json:"addresses,omitempty"`
// AgreedToTerms: Output only. This property is `true` if the user has
// completed an initial login and accepted the Terms of Service
// agreement.
AgreedToTerms [bool](https://pkg.go.dev/builtin#bool) `json:"agreedToTerms,omitempty"`
// Aliases: Output only. The list of the user's alias email addresses.
Aliases [][string](https://pkg.go.dev/builtin#string) `json:"aliases,omitempty"`
// Archived: Indicates if user is archived.
Archived [bool](https://pkg.go.dev/builtin#bool) `json:"archived,omitempty"`
// ChangePasswordAtNextLogin: Indicates if the user is forced to change
// their password at next login. This setting doesn't apply when the
// user signs in via a third-party identity provider
// (https://support.google.com/a/answer/60224).
ChangePasswordAtNextLogin [bool](https://pkg.go.dev/builtin#bool) `json:"changePasswordAtNextLogin,omitempty"`
// CreationTime: User's G Suite account creation time. (Read-only)
CreationTime [string](https://pkg.go.dev/builtin#string) `json:"creationTime,omitempty"`
// CustomSchemas: Custom fields of the user. The key is a `schema_name`
// and its values are `'field_name': 'field_value'`.
CustomSchemas map[[string](https://pkg.go.dev/builtin#string)][googleapi](https://pkg.go.dev/google.golang.org/api@v0.170.0/googleapi).[RawMessage](https://pkg.go.dev/google.golang.org/api@v0.170.0/googleapi#RawMessage) `json:"customSchemas,omitempty"`
// CustomerId: Output only. The customer ID to retrieve all account
// users
// (/admin-sdk/directory/v1/guides/manage-users.html#get_all_users). You
// can use the alias `my_customer` to represent your account's
// `customerId`. As a reseller administrator, you can use the resold
// customer account's `customerId`. To get a `customerId`, use the
// account's primary domain in the `domain` parameter of a users.list
// (/admin-sdk/directory/v1/reference/users/list) request.
CustomerId [string](https://pkg.go.dev/builtin#string) `json:"customerId,omitempty"`
DeletionTime [string](https://pkg.go.dev/builtin#string) `json:"deletionTime,omitempty"`
// Emails: The list of the user's email addresses. The maximum allowed
// data size for this field is 10KB. This excludes
// `publicKeyEncryptionCertificates`.
Emails interface{} `json:"emails,omitempty"`
// Etag: Output only. ETag of the resource.
Etag [string](https://pkg.go.dev/builtin#string) `json:"etag,omitempty"`
// ExternalIds: The list of external IDs for the user, such as an
// employee or network ID. The maximum allowed data size for this field
// is 2KB.
ExternalIds interface{} `json:"externalIds,omitempty"`
// Gender: The user's gender. The maximum allowed data size for this
// field is 1KB.
Gender interface{} `json:"gender,omitempty"`
// HashFunction: Stores the hash format of the `password` property. The
// following `hashFunction` values are allowed: * `MD5` - Accepts simple
// hex-encoded values. * `SHA-1` - Accepts simple hex-encoded values. *
// `crypt` - Compliant with the C crypt library
// (https://en.wikipedia.org/wiki/Crypt_%28C%29). Supports the DES, MD5
// (hash prefix `$1$`), SHA-256 (hash prefix `$5$`), and SHA-512 (hash
// prefix `$6$`) hash algorithms. If rounds are specified as part of the
// prefix, they must be 10,000 or fewer.
HashFunction [string](https://pkg.go.dev/builtin#string) `json:"hashFunction,omitempty"`
// Id: The unique ID for the user. A user `id` can be used as a user
// request URI's `userKey`.
Id [string](https://pkg.go.dev/builtin#string) `json:"id,omitempty"`
// Ims: The list of the user's Instant Messenger (IM) accounts. A user
// account can have multiple ims properties. But, only one of these ims
// properties can be the primary IM contact. The maximum allowed data
// size for this field is 2KB.
Ims interface{} `json:"ims,omitempty"`
// IncludeInGlobalAddressList: Indicates if the user's profile is
// visible in the Google Workspace global address list when the contact
// sharing feature is enabled for the domain. For more information about
// excluding user profiles, see the administration help center
// (https://support.google.com/a/answer/1285988).
IncludeInGlobalAddressList [bool](https://pkg.go.dev/builtin#bool) `json:"includeInGlobalAddressList,omitempty"`
// IpWhitelisted: If `true`, the user's IP address is subject to a
// deprecated IP address `allowlist`
// (https://support.google.com/a/answer/60752) configuration.
IpWhitelisted [bool](https://pkg.go.dev/builtin#bool) `json:"ipWhitelisted,omitempty"`
// IsAdmin: Output only. Indicates a user with super admininistrator
// privileges. The `isAdmin` property can only be edited in the Make a
// user an administrator
// (/admin-sdk/directory/v1/guides/manage-users.html#make_admin)
// operation ( makeAdmin
// (/admin-sdk/directory/v1/reference/users/makeAdmin.html) method). If
// edited in the user insert
// (/admin-sdk/directory/v1/reference/users/insert.html) or update
// (/admin-sdk/directory/v1/reference/users/update.html) methods, the
// edit is ignored by the API service.
IsAdmin [bool](https://pkg.go.dev/builtin#bool) `json:"isAdmin,omitempty"`
// IsDelegatedAdmin: Output only. Indicates if the user is a delegated
// administrator. Delegated administrators are supported by the API but
// cannot create or undelete users, or make users administrators. These
// requests are ignored by the API service. Roles and privileges for
// administrators are assigned using the Admin console
// (https://support.google.com/a/answer/33325).
IsDelegatedAdmin [bool](https://pkg.go.dev/builtin#bool) `json:"isDelegatedAdmin,omitempty"`
// IsEnforcedIn2Sv: Output only. Is 2-step verification enforced
// (Read-only)
IsEnforcedIn2Sv [bool](https://pkg.go.dev/builtin#bool) `json:"isEnforcedIn2Sv,omitempty"`
// IsEnrolledIn2Sv: Output only. Is enrolled in 2-step verification
// (Read-only)
IsEnrolledIn2Sv [bool](https://pkg.go.dev/builtin#bool) `json:"isEnrolledIn2Sv,omitempty"`
// IsMailboxSetup: Output only. Indicates if the user's Google mailbox
// is created. This property is only applicable if the user has been
// assigned a Gmail license.
IsMailboxSetup [bool](https://pkg.go.dev/builtin#bool) `json:"isMailboxSetup,omitempty"`
// Keywords: The list of the user's keywords. The maximum allowed data
// size for this field is 1KB.
Keywords interface{} `json:"keywords,omitempty"`
// Kind: Output only. The type of the API resource. For Users resources,
// the value is `admin#directory#user`.
Kind [string](https://pkg.go.dev/builtin#string) `json:"kind,omitempty"`
// Languages: The user's languages. The maximum allowed data size for
// this field is 1KB.
Languages interface{} `json:"languages,omitempty"`
// LastLoginTime: User's last login time. (Read-only)
LastLoginTime [string](https://pkg.go.dev/builtin#string) `json:"lastLoginTime,omitempty"`
// Locations: The user's locations. The maximum allowed data size for
// this field is 10KB.
Locations interface{} `json:"locations,omitempty"`
// Name: Holds the given and family names of the user, and the read-only
// `fullName` value. The maximum number of characters in the `givenName`
// and in the `familyName` values is 60. In addition, name values
// support unicode/UTF-8 characters, and can contain spaces, letters
// (a-z), numbers (0-9), dashes (-), forward slashes (/), and periods
// (.). For more information about character usage rules, see the
// administration help center
// (https://support.google.com/a/answer/9193374). Maximum allowed data
// size for this field is 1KB.
Name *[UserName](https://pkg.go.dev/google.golang.org/api/admin/directory/v1#UserName) `json:"name,omitempty"`
// NonEditableAliases: Output only. The list of the user's non-editable
// alias email addresses. These are typically outside the account's
// primary domain or sub-domain.
NonEditableAliases [][string](https://pkg.go.dev/builtin#string) `json:"nonEditableAliases,omitempty"`
// Notes: Notes for the user.
Notes interface{} `json:"notes,omitempty"`
// OrgUnitPath: The full path of the parent organization associated with
// the user. If the parent organization is the top-level, it is
// represented as a forward slash (`/`).
OrgUnitPath [string](https://pkg.go.dev/builtin#string) `json:"orgUnitPath,omitempty"`
// Organizations: The list of organizations the user belongs to. The
// maximum allowed data size for this field is 10KB.
Organizations interface{} `json:"organizations,omitempty"`
// Password: User's password
Password [string](https://pkg.go.dev/builtin#string) `json:"password,omitempty"`
// Phones: The list of the user's phone numbers. The maximum allowed
// data size for this field is 1KB.
Phones interface{} `json:"phones,omitempty"`
// PosixAccounts: The list of POSIX
// (https://www.opengroup.org/austin/papers/posix_faq.html) account
// information for the user.
PosixAccounts interface{} `json:"posixAccounts,omitempty"`
// PrimaryEmail: The user's primary email address. This property is
// required in a request to create a user account. The `primaryEmail`
// must be unique and cannot be an alias of another user.
PrimaryEmail [string](https://pkg.go.dev/builtin#string) `json:"primaryEmail,omitempty"`
// RecoveryEmail: Recovery email of the user.
RecoveryEmail [string](https://pkg.go.dev/builtin#string) `json:"recoveryEmail,omitempty"`
// RecoveryPhone: Recovery phone of the user. The phone number must be
// in the E.164 format, starting with the plus sign (+). Example:
// *+16506661212*.
RecoveryPhone [string](https://pkg.go.dev/builtin#string) `json:"recoveryPhone,omitempty"`
// Relations: The list of the user's relationships to other users. The
// maximum allowed data size for this field is 2KB.
Relations interface{} `json:"relations,omitempty"`
// SshPublicKeys: A list of SSH public keys.
SshPublicKeys interface{} `json:"sshPublicKeys,omitempty"`
// Suspended: Indicates if user is suspended.
Suspended [bool](https://pkg.go.dev/builtin#bool) `json:"suspended,omitempty"`
// SuspensionReason: Output only. Has the reason a user account is
// suspended either by the administrator or by Google at the time of
// suspension. The property is returned only if the `suspended` property
// is `true`.
SuspensionReason [string](https://pkg.go.dev/builtin#string) `json:"suspensionReason,omitempty"`
// ThumbnailPhotoEtag: Output only. ETag of the user's photo (Read-only)
ThumbnailPhotoEtag [string](https://pkg.go.dev/builtin#string) `json:"thumbnailPhotoEtag,omitempty"`
// ThumbnailPhotoUrl: Output only. The URL of the user's profile photo.
// The URL might be temporary or private.
ThumbnailPhotoUrl [string](https://pkg.go.dev/builtin#string) `json:"thumbnailPhotoUrl,omitempty"`
// Websites: The user's websites. The maximum allowed data size for this
// field is 2KB.
Websites interface{} `json:"websites,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
[googleapi](https://pkg.go.dev/google.golang.org/api@v0.170.0/googleapi).[ServerResponse](https://pkg.go.dev/google.golang.org/api@v0.170.0/googleapi#ServerResponse) `json:"-"`
// ForceSendFields is a list of field names (e.g. "Addresses") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields [][string](https://pkg.go.dev/builtin#string) `json:"-"`
// NullFields is a list of field names (e.g. "Addresses") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields [][string](https://pkg.go.dev/builtin#string) `json:"-"`
}
Google Directory - type UserAddress
type UserAddress struct {
// Country: Country.
Country [string](https://pkg.go.dev/builtin#string) `json:"country,omitempty"`
// CountryCode: Country code.
CountryCode [string](https://pkg.go.dev/builtin#string) `json:"countryCode,omitempty"`
// CustomType: Custom type.
CustomType [string](https://pkg.go.dev/builtin#string) `json:"customType,omitempty"`
// ExtendedAddress: Extended Address.
ExtendedAddress [string](https://pkg.go.dev/builtin#string) `json:"extendedAddress,omitempty"`
// Formatted: Formatted address.
Formatted [string](https://pkg.go.dev/builtin#string) `json:"formatted,omitempty"`
// Locality: Locality.
Locality [string](https://pkg.go.dev/builtin#string) `json:"locality,omitempty"`
// PoBox: Other parts of address.
PoBox [string](https://pkg.go.dev/builtin#string) `json:"poBox,omitempty"`
// PostalCode: Postal code.
PostalCode [string](https://pkg.go.dev/builtin#string) `json:"postalCode,omitempty"`
// Primary: If this is user's primary address. Only one entry could be
// marked as primary.
Primary [bool](https://pkg.go.dev/builtin#bool) `json:"primary,omitempty"`
// Region: Region.
Region [string](https://pkg.go.dev/builtin#string) `json:"region,omitempty"`
// SourceIsStructured: User supplied address was structured. Structured
// addresses are NOT supported at this time. You might be able to write
// structured addresses but any values will eventually be clobbered.
SourceIsStructured [bool](https://pkg.go.dev/builtin#bool) `json:"sourceIsStructured,omitempty"`
// StreetAddress: Street.
StreetAddress [string](https://pkg.go.dev/builtin#string) `json:"streetAddress,omitempty"`
// Type: Each entry can have a type which indicates standard values of
// that entry. For example address could be of home work etc. In
// addition to the standard type an entry can have a custom type and can
// take any value. Such type should have the CUSTOM value as type and
// also have a customType value.
Type [string](https://pkg.go.dev/builtin#string) `json:"type,omitempty"`
// ForceSendFields is a list of field names (e.g. "Country") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields [][string](https://pkg.go.dev/builtin#string) `json:"-"`
// NullFields is a list of field names (e.g. "Country") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields [][string](https://pkg.go.dev/builtin#string) `json:"-"`
}
Google Directory - type UserEmail
type UserEmail struct {
// Address: Email id of the user.
Address [string](https://pkg.go.dev/builtin#string) `json:"address,omitempty"`
// CustomType: Custom Type.
CustomType [string](https://pkg.go.dev/builtin#string) `json:"customType,omitempty"`
// Primary: If this is user's primary email. Only one entry could be
// marked as primary.
Primary [bool](https://pkg.go.dev/builtin#bool) `json:"primary,omitempty"`
// PublicKeyEncryptionCertificates: Public Key Encryption Certificates.
// Current limit: 1 per email address, and 5 per user.
PublicKeyEncryptionCertificates *[UserEmailPublicKeyEncryptionCertificates](https://pkg.go.dev/google.golang.org/api/admin/directory/v1#UserEmailPublicKeyEncryptionCertificates) `json:"public_key_encryption_certificates,omitempty"`
// Type: Each entry can have a type which indicates standard types of
// that entry. For example email could be of home, work etc. In addition
// to the standard type, an entry can have a custom type and can take
// any value Such types should have the CUSTOM value as type and also
// have a customType value.
Type [string](https://pkg.go.dev/builtin#string) `json:"type,omitempty"`
// ForceSendFields is a list of field names (e.g. "Address") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields [][string](https://pkg.go.dev/builtin#string) `json:"-"`
// NullFields is a list of field names (e.g. "Address") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields [][string](https://pkg.go.dev/builtin#string) `json:"-"`
}
Is your feature request related to a problem? Please describe. To the fullest extent possible, replicate all user attributes to IAM Identity Center, to support use of ABAC.
Describe the solution you'd like A clear and concise description of what you want to happen.
Describe alternatives you've considered Currently SSOSync replicate First & Last Names and email address, for users wishing to use ABAC against IAM Identity Center this is insufficient.
Additional context Add any other context or screenshots about the feature request here.
Google Directory - type User
Google Directory - type UserAddress
Google Directory - type UserEmail
AWS SCIM - createUser