New
Join our webinar! Building a customizable and extensible cloud asset inventory at scale
Sign up ❯
Report an issue
Back to source list
googleworkspace

Google Workspace

Pull directory information from your Google Workspace organization. Requires admin privileges.

Publisher

jsifuentes

Repositorygithub.com
Latest version

v1.2.1

Type

Source

Platforms
Date Published

Price

Free

DocumentationTablesChangelogDestinations
Overview

Overview #

Google Workspace Source Plugin

A Google Workspace source plugin for CloudQuery that loads data from Google Workspace to any database, data warehouse or data lake supported by CloudQuery, such as PostgreSQL, BigQuery, Athena, and many more.

Configuration #

The following source configuration file will sync to a sqlite database. See the CloudQuery Quickstart for more information on how to configure the source and destination.
How to find your Google Workspace Customer ID: https://support.google.com/a/answer/10070793?hl=en
To authenticate to Google Workspace, you can use either OAuth or a service account. See the section below for how to configure each.
kind: source
spec:
  name: "googleworkspace"
  path: "jsifuentes/googleworkspace"
  registry: "cloudquery"
  version: "v1.2.0"
  destinations:
    - "sqlite"
  spec:
    customer_id: your Google Workspace Customer ID
    # either `oauth` or `service_account` must be provided.
    oauth:
      client_id: your OAuth client ID
      client_secret: your OAuth client secret
      # token_file: ./token.json

    # or
    service_account:
      json_string: '{"type": "service_account","project_id": "...", ...}'
      impersonate_email: [email protected]

OAuth #

You can get your own OAuth credentials using this guide. When creating your OAuth Client ID, you should select "Desktop app". You also need to enable the Admin SDK API for your Cloud Project.
If you provide token_file, the plugin will write to the file your OAuth access token and refresh token. It can help avoid the need to re-authenticate every time the plugin runs. If you run the plugin in an automated environment, you should probably authenticate with a service account.

Service Account #

To authenticate with a service account, you need to provide a JSON key file. You can create a service account key file in the Google Cloud Console. You also need to enable the Admin SDK API for your Cloud Project.
Because you are accessing the Admin SDK via a service account, you need to impersonate a user with the necessary permissions to access the data you want to query. In Google Workspace, your service account can only impersonate a user if the Client ID of the service account is granted domain-wide delegation.
You can follow this guide to grant your service account domain-wide delegation: link
When granting domain wide delegation, you need to provide a list of OAuth scopes. Here is the list you provide: (they are all read-only scopes)
https://www.googleapis.com/auth/admin.directory.customer.readonly,https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.directory.user.alias.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.userschema.readonly,https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly,https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly,https://www.googleapis.com/auth/admin.chrome.printers.readonly

Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Solutions
Resources
Legal
Social
© 2024 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.