Google Cloud experiments #1

Summary
Jobs
- google-admin
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/google-workspace.yml at 2fbc3ed

	---
	name: Google Cloud experiments
	on: workflow_dispatch

	permissions:
	id-token: write
	contents: read

	jobs:
	google-admin:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	# https://github.com/google-github-actions/auth?tab=readme-ov-file#workload-identity-federation-through-a-service-account
	- uses: google-github-actions/auth@v2
	id: auth
	with:
	project_id: ${{ vars.PROJECT_ID }}
	workload_identity_provider: ${{ vars.WORKLOAD_ID_PROVIDER }}
	service_account: ${{ vars.SA }}

	# https://github.com/google-github-actions/setup-gcloud
	- uses: google-github-actions/setup-gcloud@v2

	# (Google Workspaces Admin) https://admin.google.com/u/1/ac/roles
	# .. create a custom role and assign admin (service_account)
	# .. grant relevant Admin API privileges
	#
	# (Google Cloud) https://console.cloud.google.com/
	# .. enable APIs:
	# * Admin SDK API
	# * IAM Service Account Credentials API
	# * Service Usage API
	# * Identity and Access Management (IAM) API
	- run: \|
	gcloud auth list

	# https://developers.google.com/admin-sdk
	urls='https://admin.googleapis.com/admin/directory/v1/users?customer=${{ vars.CUSTOMER }} https://admin.googleapis.com/admin/directory/v1/customers/${{ vars.CUSTOMER }} https://admin.googleapis.com/admin/directory/v1/groups?customer=${{ vars.CUSTOMER }} https://admin.googleapis.com/admin/directory/v1/customer/${{ vars.CUSTOMER }}/schemas'

	scopes='https://www.googleapis.com/auth/admin.directory.customer.readonly,https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly,https://www.googleapis.com/auth/admin.directory.device.mobile.readonly,https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly,https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly,https://www.googleapis.com/auth/admin.directory.user.alias.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.userschema.readonly'

	token="$(gcloud auth print-access-token --scopes=${scopes})"
	echo "::add-mask::${token}"

	curl --fail https://www.googleapis.com/oauth2/v1/tokeninfo \
	--header 'Content-Type: application/x-www-form-urlencoded' \
	--header 'X-Goog-User-Project: ${{ steps.auth.outputs.project_id }}' \
	--data "access_token=${token}" \| jq -r .

	for url in ${urls}; do
	curl --fail "${url}" \
	--header "Authorization: Bearer ${token}" \
	--header 'X-Goog-User-Project: ${{ steps.auth.outputs.project_id }}' \| jq -r .
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Google Cloud experiments #1

Workflow file

Google Cloud experiments #1

Jobs

Run details

Workflow file for this run