Closed terrancedejesus closed 1 year ago
Are you generating an alert or some event data to validate that the emulation works as expected, or do you have a screenshot to show that the automation works?
Are you generating an alert or some event data to validate that the emulation works as expected, or do you have a screenshot to show that the automation works?
@Mikaayenson For sure. The audit
command allows us to pull logs from Google Workspace and output to console in a tabular format.
Command: audit admin 24h --export --export-format=csv
Results: admin_24h.csv
Command: audit admin 24h --interactive
Results: Below
swat-user@dejesusarcheology.com
created, followed by admin roles being assigned before the cleanup
method removes the user, which is the USER_LICENSE_REVOKE
event name. Happy to do a demo as well to make sure we thoroughly review.Also, SWAT has a global and emulation specific logger for both console and file, so here is the log file for this emulation. Starting at line 135 reflects the existing code changes for this pull request. Before this are logs captured during dev and troubleshooting.
persistence_admin_add_admin_roles_to_users.log - User has been deleted.
Overview
This pull request adjusts the emulation
Add Admin Roles to User(s)
. Previously, this emulation served as ahello world
for examples of running emulations. This emulation is now fully operational.Emulation workflow
Additional Information
base_emulation.py
to setself.domain
from theetc/config.yaml
value. This is important when dealing with the admin SDK API regarding users, groups, role's etc. If the user has not set this domain, emulations will not run as assumptions are made in emulations when dealing with users.admin_add_admin_roles_to_users.yaml
which includes all the information for the user being addedcleanup
is optional but included['admin.directory.user', 'admin.directory.rolemanagement', 'admin.directory.user.security']
roles to operate therefore thedefault
session referenced needs to accept this. These scopes were added to theconfig.yaml
for SWAT to be globally set within the application since this is an OOTB emulation