turbot/googledirectory

steampipe plugin install googledirectorysteampipe plugin install googledirectory

Google Directory + Steampipe

A Google Directory contains the users, groups, domains and other organizational features of a Google Workspace. Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

For example:

select
full_name,
primary_email
from
googledirectory_user;
+----------------+----------------------------+
| full_name | primary_email |
+----------------+----------------------------+
| Dwight Schrute | dschrute@dundermifflin.com |
| Michael Scott | mscott@dundermifflin.com |
| Pam Beesly | pbeesly@dundermifflin.com |
+----------------+----------------------------+

Documentation

Get started

Install

Download and install the latest Google Directory plugin:

steampipe plugin install googledirectory

Credentials

ItemDescription
CredentialsGenerate your service account and credentials and delegate domain-wide authority to your service account. Enter the following OAuth 2.0 scopes for the services that the service account can access:
https://www.googleapis.com/auth/admin.directory.customer.readonly
https://www.googleapis.com/auth/admin.directory.domain.readonly
https://www.googleapis.com/auth/admin.directory.group.member.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.orgunit.readonly
https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
https://www.googleapis.com/auth/admin.directory.user.alias.readonly
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.user.security
RadiusEach connection represents a single Google Workspace account.
ResolutionCredentials from the JSON file specified by the credential_file parameter in your steampipe config.

Configuration

Installing the latest googledirectory plugin will create a config file (~/.steampipe/config/googledirectory.spc) with a single connection named googledirectory:

connection "googledirectory" {
plugin = "googledirectory"
# `impersonated_user_email` (required) - The email (string) of the user which should be impersonated. Needs permissions to access the Admin APIs.
# `impersonated_user_email` must be set, since the service account needs to impersonate a user with Admin API permissions to access the directory.
#impersonated_user_email = "username@domain.com"
# `credential_file` (required) - The path to a JSON credential file that contains service account credentials.
#credential_file = "/path/to/my/creds.json"
}

Get involved