[Emulation Tuning] Adjusts `Add Admin Roles to User(s)` emulation

[terrancedejesus]

Overview

This pull request adjusts the emulation Add Admin Roles to User(s). Previously, this emulation served as a hello world for examples of running emulations. This emulation is now fully operational.

Emulation workflow

1. create a user in google workspace
2. dynamically generate a 12 character password for user
3. get a list of pre-built administrator roles from Google Workspace
4. for every admin role, assign it to the new user
5. delete the created user

Additional Information

• updated base_emulation.py to set self.domain from the etc/config.yaml value. This is important when dealing with the admin SDK API regarding users, groups, role's etc. If the user has not set this domain, emulations will not run as assumptions are made in emulations when dealing with users.
• this emulation requires a config admin_add_admin_roles_to_users.yaml which includes all the information for the user being added
• priority wise, the emulation sets user information based on arguments -> config -> default (dynamic)
• if an existing user exists, then roles are added to this user
• cleanup is optional but included
• required ['admin.directory.user', 'admin.directory.rolemanagement', 'admin.directory.user.security'] roles to operate therefore the default session referenced needs to accept this. These scopes were added to the config.yaml for SWAT to be globally set within the application since this is an OOTB emulation
• while doing this emulation, I noticed that the emulations should include descriptions and references if applicable. This will be good for users who may want to read Google Workspace documentation, 3rd-party blogs, or understand what the emulation is attempting to accomplish

[Mikaayenson]

Are you generating an alert or some event data to validate that the emulation works as expected, or do you have a screenshot to show that the automation works?

[terrancedejesus]

Are you generating an alert or some event data to validate that the emulation works as expected, or do you have a screenshot to show that the automation works?

@Mikaayenson For sure. The audit command allows us to pull logs from Google Workspace and output to console in a tabular format. Command: audit admin 24h --export --export-format=csv Results: admin_24h.csv

Command: audit admin 24h --interactive Results: Below

• In the screenshot above, you will see a user swat-user@dejesusarcheology.com created, followed by admin roles being assigned before the cleanup method removes the user, which is the USER_LICENSE_REVOKE event name. Happy to do a demo as well to make sure we thoroughly review.

Also, SWAT has a global and emulation specific logger for both console and file, so here is the log file for this emulation. Starting at line 135 reflects the existing code changes for this pull request. Before this are logs captured during dev and troubleshooting.

persistence_admin_add_admin_roles_to_users.log - User has been deleted.