-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathresources.ps1
112 lines (95 loc) · 3.66 KB
/
resources.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
$config = ConvertFrom-Json $configuration
# The resourceData used in this default script uses resources based on Title
$rRef = $resourceContext | ConvertFrom-Json
$success = $false
$auditLogs = [Collections.Generic.List[PSCustomObject]]@()
#region Support Functions
function Get-GoogleAccessToken() {
### exchange the refresh token for an access token
$requestUri = "https://www.googleapis.com/oauth2/v4/token"
$refreshTokenParams = @{
client_id=$config.clientId;
client_secret=$config.clientSecret;
redirect_uri=$config.redirectUri;
refresh_token=$config.refreshToken;
grant_type="refresh_token"; # Fixed value
};
$response = Invoke-RestMethod -Method Post -Uri $requestUri -Body $refreshTokenParams -Verbose:$False
$accessToken = $response.access_token
#Add the authorization header to the request
$authorization = [ordered]@{
Authorization = "Bearer $accesstoken";
'Content-Type' = "application/json";
Accept = "application/json";
}
$authorization
}
#endregion Support Functions
# Get the authorization header
$authorization = Get-GoogleAccessToken
# In preview only the first 10 items of the SourceData are used
foreach ($title in $rRef.SourceData) {
$calc_title = $title;
$calc_title = $calc_title -replace '\s','_' #Remove Spaces
$calc_title = $calc_title -replace '[^a-zA-Z0-9_]', '' #Remove Special Characters, except underscore
$calc_title = $calc_title -replace '__','_' #Remove Double Underscores
$calc_groupName = "IAM_POSD_$($calc_title)"
if($calc_groupName -eq "IAM_POSD_") { continue }
#Check if Group Exists
try{
#Write-Information "Checking $($calc_groupName)"
$splat = @{
Body = @{
customer = "my_customer"
query = "Email:{0}@*" -f $calc_groupName
}
URI = "https://www.googleapis.com/admin/directory/v1/groups"
Method = 'GET'
Headers = $authorization
Verbose = $False
}
$groupResponse = Invoke-RestMethod @splat
} catch {}
if($groupResponse.groups)
{
#Already exists
#Write-Information "$($calc_groupName) Exists"
}
else {
# If resource does not exist
<# Resource creation preview uses a timeout of 30 seconds
while actual run has timeout of 10 minutes #>
Write-Information "Creating $($calc_groupName)"
if (-Not($dryRun -eq $True)) {
try{
$group = @{
name = $calc_groupName
email = "{0}@{1}" -f $calc_groupName, $config.defaultDomain
}
$splat = @{
Body = [System.Text.Encoding]::UTF8.GetBytes(($group | ConvertTo-Json))
URI = "https://www.googleapis.com/admin/directory/v1/groups"
Method = 'POST'
Headers = $authorization
Verbose = $False
}
$groupResponse = Invoke-RestMethod @splat
$success = $True
} catch {
Write-Error "Failed to Create $($calc_groupName) - $_"
}
}
$auditLogs.Add([PSCustomObject]@{
Message = "Creating resource for title $($title.name) - $calc_groupName"
Action = "CreateResource"
IsError = $false
})
}
}
$success = $true
# Send results
$result = [PSCustomObject]@{
Success = $success
AuditLogs = $auditLogs
}
Write-Output $result | ConvertTo-Json -Depth 10