#!/usr/bin/env python # Copyright 2018 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ''' syncOwners.py reads the membership of a Google Group and uses that to populate the "verified owners" of a domain in the Google Search Console ''' import json from apiclient.discovery import build from google.oauth2 import service_account def get_config(): ''' Read config from json file ''' with open('config.json') as config_file: data = json.load(config_file) return data['domain'], data['group'], data['adminUser'], data['service-account-key'] def get_members(credentials, group, admin_user): ''' Retrieve list of email addresses of all members of the group Args: credentials: Google OAuth credentials group: Email address of the group to check membership for admin_user: The email address of a user in the domain with admin rights ''' delegated_credentials = credentials.with_subject(admin_user) admin_service = build('admin', 'directory_v1', credentials=delegated_credentials) admin_response = admin_service.members().list(groupKey=group).execute() members = [] for member in admin_response['members']: members.append(member['email']) return members def set_permissions(credentials, domain, users): ''' Update the "verified owners" list for the specified domain Args: credentials: Google OAuth credentials domain: the dns name of the domain to update users: list of users to be applied as "verified owners" ''' url = 'dns://' url += domain service = build('siteVerification', 'v1', credentials=credentials) response = service.webResource().update( id=url, body={ 'owners': users, 'site': { 'type': 'INET_DOMAIN', 'identifier': domain } }).execute() return response def main(): ''' Main entry-point for the program ''' domain, group, admin_user, service_account_key = get_config() scopes = ['https://www.googleapis.com/auth/siteverification', \ 'https://www.googleapis.com/auth/admin.directory.group.member.readonly'] credentials = \ service_account.Credentials.from_service_account_file(service_account_key, scopes=scopes) verified_users = get_members(credentials, group, admin_user) result = set_permissions(credentials, domain, verified_users) print result if __name__ == '__main__': main()