Closed dkess closed 5 years ago
I wonder if it would be better to have this as a independent script in utils, for example, rather than adding another dependency to ocflib
This won't ever get run by a human, so it didn't seem correct to put it in utils.
That's true. However, it seems heavy to add two more dependencies that will get installed on all of our hosts for something that we will probably only want to run as a cronjob on a single host. Perhaps we should add an independent script to puppet instead?
One thing I'm not sure about in this commit is the way I handle authentication. My current plan is to have the credentials file get saved in the Puppet private share, and then have scripts provide that filename when constructing a GAppsAdmin object. But if there's a more idiomatic way to do this, I'd like to change it.
FYI the way we do this in things like ircbot is to have the constructor take a bunch of passwords as string arguments. (But if we move this to an independent script it would be a moot point.)
+1 for keeping out of ocflib; this is logically more of a single-use application, so you could use dh-virtualenv, a service, etc.
unfortunately there is not a super straightforward way currently of having a "cronjob with python dependencies" besides dh-virtualenv (but there is prior art for this at the ocf)
Sounds good. Which prior art are you referring to that uses dh-virtualenv?
https://github.com/ocf/approve is one example, not sure if we have others nowdays (create used to also work this way, but we turned it into a marathon service).
Would be nice if we had some kind of batch framework to use with mesos... not sure if we really want to invest in chronos at this point though, when the future of mesos at ocf seems unclear.
On the subject of chronos, it's half-dead too.
Closing, since this doesn't belong in ocflib.
This adds tools for interacting with our groups on GApps using the Google Admin API, and should lay the groundwork for eventually syncing LDAP groups and Google Groups.
One thing I'm not sure about in this commit is the way I handle authentication. My current plan is to have the credentials file get saved in the Puppet private share, and then have scripts provide that filename when constructing a
GAppsAdmin
object. But if there's a more idiomatic way to do this, I'd like to change it.