1. Docs
  2. Develop (v2.16)
Edit this page

Source code for google.cloud.forseti.common.gcp_api.groups_settings

# Copyright 2017 The Forseti Security Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""Wrapper for Groups Settings  API client."""
from googleapiclient import errors
from httplib2 import HttpLib2Error
from google.auth.exceptions import RefreshError

from google.cloud.forseti.common.gcp_api import _base_repository
from google.cloud.forseti.common.gcp_api import api_helpers
from google.cloud.forseti.common.gcp_api import errors as api_errors
from google.cloud.forseti.common.gcp_api import repository_mixins
from google.cloud.forseti.common.util import logger

LOGGER = logger.get_logger(__name__)

API_NAME = 'groupssettings'

REQUIRED_SCOPES = frozenset([
    'https://www.googleapis.com/auth/apps.groups.settings'
])

GSUITE_AUTH_FAILURE_MESSAGE = (
    'Failed to retrieve G Suite Group Settings data due to authentication '
    'failure. Please make sure your forseti_server_config.yaml '
    'file contains the most updated information and enable G '
    'Suite Groups Collection if you haven\'t done so. Instructions'
    'on how to enable: https://forsetisecurity.org/docs/v2.16/'
    'configure/inventory/gsuite.html')



[docs]class GroupsSettingsRepositoryClient(_base_repository.BaseRepositoryClient):
    """Groups Settings API Respository Client."""

    def __init__(self,
                 credentials,
                 quota_max_calls=None,
                 quota_period=1.0,
                 use_rate_limiter=True):
        """Constructor.

        Args:
            credentials (object): An google.auth credentials object. The group
                settings API needs a service account credential with delegated
                super admin role.
            quota_max_calls (int): Allowed requests per <quota_period> for the
                API.
            quota_period (float): The time period to track requests over.
            use_rate_limiter (bool): Set to false to disable the use of a rate
                limiter for this service.
        """
        if not quota_max_calls:
            use_rate_limiter = False

        self._groups = None

        super(GroupsSettingsRepositoryClient, self).__init__(
            API_NAME, versions=['v1'],
            credentials=credentials,
            quota_max_calls=quota_max_calls,
            quota_period=quota_period,
            use_rate_limiter=use_rate_limiter)

    # Turn off docstrings for properties.
    # pylint: disable=missing-return-doc, missing-return-type-doc
    @property
    def groups(self):
        """Returns a _GroupsSettingsGroupsRepository instance."""
        if not self._groups:
            self._groups = self._init_repository(
                _GroupsSettingsGroupsRepository)
        return self._groups

    # pylint: enable=missing-return-doc, missing-return-type-doc



[docs]class _GroupsSettingsGroupsRepository(
        repository_mixins.GetQueryMixin,
        _base_repository.GCPRepository):
    """Implementation of Groups Settings repository."""

    def __init__(self, **kwargs):
        """Constructor.

        Args:
            **kwargs (dict): The args to pass into GCPRepository.__init__()
        """
        super(_GroupsSettingsGroupsRepository, self).__init__(
            key_field='groupUniqueId', component='groups', **kwargs)




[docs]class GroupsSettingsClient(object):
    """GSuite Groups Settings API Client."""

    def __init__(self, global_configs, **kwargs):
        """Initialize.

        Args:
            global_configs (dict): Global configurations.
            **kwargs (dict): The kwargs.
        """
        credentials = api_helpers.get_delegated_credential(
            global_configs.get('domain_super_admin_email'),
            REQUIRED_SCOPES)

        max_calls, quota_period = api_helpers.get_ratelimiter_config(
            global_configs, API_NAME)

        self.repository = GroupsSettingsRepositoryClient(
            credentials=credentials,
            quota_max_calls=max_calls,
            quota_period=quota_period,
            use_rate_limiter=kwargs.get('use_rate_limiter', True))


[docs]    def get_groups_settings(self, group_email):
        """Get the group settings for a given group.


        https://developers.google.com/admin-sdk/groups-settings/v1/reference/groups/get

        Args:
            group_email (str): The gsuite group email to scope the request to.

        Returns:
            dict:group settings for given group_email.

        Raises:
            api_errors.ApiExecutionError: If groups retrieval fails.
            RefreshError: If the authentication fails.
        """
        try:
            result = self.repository.groups.get(group_email)
            LOGGER.debug('Getting group settings information for group id = %s,'
                         ' result = %s',
                         group_email, result)
            return result
        except RefreshError as e:
            # Authentication failed, log before raise.
            LOGGER.exception(GSUITE_AUTH_FAILURE_MESSAGE)
            raise e
        except (errors.HttpError, HttpLib2Error) as e:
            raise api_errors.ApiExecutionError('groups', e)