{"id":13581952,"url":"https://github.com/emicklei/gws","last_synced_at":"2026-03-17T22:32:29.170Z","repository":{"id":43666552,"uuid":"209493089","full_name":"emicklei/gws","owner":"emicklei","description":"command line tool for using the Google Workspace Admin (formerly GSuite)","archived":false,"fork":false,"pushed_at":"2025-09-29T09:16:39.000Z","size":222,"stargazers_count":17,"open_issues_count":1,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-29T11:28:17.366Z","etag":null,"topics":["cli","command-line-tool","gcp","google","google-workspace","google-workspace-add-on","gsuite"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/emicklei.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-19T07:44:15.000Z","updated_at":"2025-09-29T09:16:37.000Z","dependencies_parsed_at":"2024-04-05T21:26:17.586Z","dependency_job_id":"435b6b67-7e84-4e70-8e2d-9a58cb780864","html_url":"https://github.com/emicklei/gws","commit_stats":null,"previous_names":["emicklei/gsuite"],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/emicklei/gws","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emicklei%2Fgws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emicklei%2Fgws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emicklei%2Fgws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emicklei%2Fgws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/emicklei","download_url":"https://codeload.github.com/emicklei/gws/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emicklei%2Fgws/sbom","scorecard":{"id":375368,"data":{"date":"2025-08-11","repo":{"name":"github.com/emicklei/gws","commit":"050f2e7416958ff72df704007d022173fa1cb9bb"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/23 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 8 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T14:08:38.308Z","repository_id":43666552,"created_at":"2025-08-18T14:08:38.308Z","updated_at":"2025-08-18T14:08:38.308Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30633337,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T17:32:55.572Z","status":"ssl_error","status_checked_at":"2026-03-17T17:32:38.732Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","command-line-tool","gcp","google","google-workspace","google-workspace-add-on","gsuite"],"created_at":"2024-08-01T15:02:20.727Z","updated_at":"2026-03-17T22:32:29.162Z","avatar_url":"https://github.com/emicklei.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# gws - command line tool to use the Google Workspace Admin SDK\n\n## features\n\n- list of users\n- details of a user\n- membership of a user\n- management of groups\n- list of roles\n- user assignments of a role\n- list of domains\n\nAny command can produce JSON format using `-json` at the end of the command.\n\n## examples\n\n    gws user list\n    gws user list -limit 4\n    gws user membership john.doe\n    gws user membership john.doe@company.com\n    gws user info john.doe\n    gws user info john.doe@company.com\n    gws user aliases john.doe@company.com\n    gws user suspend angelina \"retired\"\n\n    gws group list    \n    gws group members all\n    gws group members all@company.com\n\n    gws group info somegroup\n    gws group info somegroup@company.com\n    gws group delete my-old@company.com\n    gws group delete my-old@company.com\n    gws group add my-group this-person other-person@company.com\n    gws group remove my-group this-person\n    gws group export -json \u003e all.json    \n    gws --domain company.com group export -csv \u003e company-only.csv\n\n    gws role list\n    gws role assignments _USER_MANAGEMENT_ADMIN_ROLE\n   \n    gws domain list\n\n    gws examples\n\n## requirements\n\n- A Google Cloud Identity domain with API access enabled\n- A Google account in that domain with enough administrator privileges\n- A Google Cloud Platform project with Admin SDK enabled ( https://console.developers.google.com/apis/library/admin.googleapis.com?project=YOURPROJECT )\n\n### primary domain access\n\nIf your Google Workspace (GSuite) account only has \"Group Editor\" role then you cannot use the short syntax for accounts that require the lookup of the primary domain. You can workaround this missing permission by setting an enviroment variable such as:\n\n    export GWS_PRIMARY_DOMAIN=yourhost.com\n\n## install\n\nInstallation requires the Go SDK.\n\n    go install github.com/emicklei/gws@latest \n\n## tool authentication\n\nThere are two ways to authenticate yourself. One through is through the [installed apps](https://developers.google.com/identity/protocols/oauth2#installed) flow,\nthe other is through the [service accounts](https://developers.google.com/identity/protocols/oauth2/service-account) flow. The first\nflow requires you to create a new OAuth 2.0 client ID credential in the project and store these and the user credentials files on your file system.\nThe latter does not keep any credentials stored locally.\n\n## installed application authentication flow\n\n- Using the Google Cloud Platform console, create a new OAuth 2.0 client ID credential in the project for which you enabled the Admin SDK.\n- Download the JSON file from the list of Credentials (download button on the right).\n- Save the file to *gws-credentials.json* in your *home* directory or a *local* directory if you need access to more organisations. *gws* will look for this file in the current directoy first.\n\n## user permissions\n\n*gws* requires the following authentication scopes to be consent per user.\nYou will be asked to accept those on the first time you use *gws*.\nNote that accepting these scopes does not mean you as a user have access; this is controlled in Cloud Identity (or Google Workspace/GSuite) Admin Console.\n\n- https://www.googleapis.com/auth/admin.directory.user\n- https://www.googleapis.com/auth/admin.directory.group (for group management)\n- https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly\n- https://www.googleapis.com/auth/admin.directory.domain.readonly\n- https://www.googleapis.com/auth/iam (for service account lookup)\n\nSee also https://developers.google.com/admin-sdk/directory/v1/guides/authorizing\n\n\n## service account authentication flow\n\n- Create a service account in your Google Cloud project \n  - grant the roles iam.serviceAccountTokenCreator and iam.serviceAccountUser to the service account itself\n  - grant the roles iam.serviceAccountTokenCreator and iam.serviceAccountUser to the users you want to use *gws* with\n- Grant the service account the role iam.serviceAccountViewer in your Google organization\n- Delegate domain-wide authority to the service account\n  - follow the instructions in the [documentation](https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority)\n  - using the following scopes for read-only access:\n    - https://www.googleapis.com/auth/admin.directory.domain.readonly\n    - https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly \n    - https://www.googleapis.com/auth/admin.directory.group.readonly\n    - https://www.googleapis.com/auth/admin.directory.user.readonly\n    - https://www.googleapis.com/auth/iam\n\n  - or the following scopes for read-write access:\n      - https://www.googleapis.com/auth/admin.directory.domain.readonly\n      - https://www.googleapis.com/auth/admin.directory.rolemanagement\n      - https://www.googleapis.com/auth/admin.directory.group\n      - https://www.googleapis.com/auth/admin.directory.user\n      - https://www.googleapis.com/auth/iam\n  \n- set the environment variable GWS_SERVICE_ACCOUNT to the email address of the created service account\n- set the environment variable GWS_ADMIN_USER to the email address of the user you want to impersonate\n\n## help\n\nHaving problems using *gws* ? Read about [known errors](/errors.md)\n\n\u0026copy; 2025, https://ernestmicklei.com. MIT License. Contributions welcome.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femicklei%2Fgws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Femicklei%2Fgws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femicklei%2Fgws/lists"}