# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import hashlib from cdktf import TerraformLocal, Fn from cdktf_cdktf_provider_google.data_google_service_account_access_token import ( DataGoogleServiceAccountAccessToken, ) from cdktf_cdktf_provider_googleworkspace.provider import GoogleworkspaceProvider from cdktf_cdktf_provider_googleworkspace.user import User import util def init_workspace_provider(self, users): setup_sa = self.created["vars"]["setup_service_account"].string_value sa_token_access = DataGoogleServiceAccountAccessToken( self, "sa", target_service_account=setup_sa, scopes=[ "userinfo-email", "cloud-platform", "https://www.googleapis.com/auth/admin.directory.user", ], ) user_pass = { user["primary_email"]: hashlib.md5(util.random_str().encode()).hexdigest() for user in users } self.created["locals"]["users_hash_pass"] = TerraformLocal( self, "users_hash_password", user_pass ) self.created["locals"]["change_password_at_next_login"] = TerraformLocal( self, "change_password_at_next_login", True ) GoogleworkspaceProvider( self, id="googleworkspace", customer_id=self.created["data"]["google_org"].directory_customer_id, access_token=sa_token_access.access_token, ) def create_user(self, user): user_id = user["primary_email"] user["password"] = Fn.lookup( self.created["locals"]["users_hash_pass"].as_string_map, user_id ) user["hash_function"] = "MD5" user["change_password_at_next_login"] = self.created["locals"][ "change_password_at_next_login" ].as_boolean self.created["users"][user_id] = User( self, f"user_{user_id}", **user, ) def generate_users(self, my_resource, resource): self.ensure_data(["google_org"]) add_users = self.eztf_config.get(my_resource) if add_users: init_workspace_provider(self, add_users) for user in add_users: create_user(self, user)