Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/freepik-company/bgos
A process to synchronize selected G.Workspace groups into Boundary groups with authoritative approach
https://github.com/freepik-company/bgos
bgos gitops golang google-workspace gsuite hashicorp-boundary oidc
Last synced: 25 days ago
JSON representation
A process to synchronize selected G.Workspace groups into Boundary groups with authoritative approach
- Host: GitHub
- URL: https://github.com/freepik-company/bgos
- Owner: freepik-company
- License: apache-2.0
- Created: 2024-05-03T14:20:36.000Z (8 months ago)
- Default Branch: master
- Last Pushed: 2024-05-06T08:53:53.000Z (8 months ago)
- Last Synced: 2024-05-06T09:57:13.829Z (8 months ago)
- Topics: bgos, gitops, golang, google-workspace, gsuite, hashicorp-boundary, oidc
- Language: Go
- Homepage: https://freepik.com
- Size: 43 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# BGOS (Boundary Gsuite OIDC Syncer)
![GitHub go.mod Go version (subdirectory of monorepo)](https://img.shields.io/github/go-mod/go-version/freepik-company/bgos)
![GitHub](https://img.shields.io/github/license/freepik-company/bgos)![YouTube Channel Subscribers](https://img.shields.io/youtube/channel/subscribers/UCeSb3yfsPNNVr13YsYNvCAw?label=achetronic&link=http%3A%2F%2Fyoutube.com%2Fachetronic)
![GitHub followers](https://img.shields.io/github/followers/achetronic?label=achetronic&link=http%3A%2F%2Fgithub.com%2Fachetronic)
![X (formerly Twitter) Follow](https://img.shields.io/twitter/follow/achetronic?style=flat&logo=twitter&link=https%3A%2F%2Ftwitter.com%2Fachetronic)A super specific process to synchronize selected G.Workspace groups into Boundary groups
following an authoritative approach## Motivation
Boundary service has the capability of using GCP Oauth2 as OIDC provider, but GCP does not set the groups into
JWTs claims. This could be solved performing a second call to G. Workspace Admin API to retrieve them, but Boundary
has not this capability implemented nowadays*.This synchronizer does this job in the background. It creates and synchronizes some groups and their memberships for you,
following an authoritative approach.## Flags
Every configuration parameter can be defined by flags that can be passed to the CLI.
They are described in the following table:| Name | Description | Default | Example |
|:-------------------------------|:----------------------------------------------------------------------|:-----------------:|---------------------------------------------------|
| `--log-level` | Define the verbosity of the logs | `info` | `--log-level info` |
| `--disable-trace` | Disable traces from logs | `false` | `--disable-trace true` |
| `--google-sa-credentials-path` | Google ServiceAccount credentials JSON file path | `google.json` | `--google-sa-credentials-path="~/something.json"` |
| `--sync-time` | Waiting time between group synchronizations (in duration type) | `10m` | `--sync-time 5m` |
| `--google-group` | (Repeatable or comma-separated list) G.Workspace groups | `-` | `--google-group [email protected]` |
| `--boundary-oidc-id` | Boundary oidc auth method ID to compare its users against G.Workspace | `amoidc_changeme` | `--boundary-oidc-id "amoidc_example"` |
| `--boundary-scope-id` | Boundary scope ID where the users and groups are synchronized | `global` | `--boundary-scope-id "global"` |## Environment Variables
Security-critical parameters are managed by environment variables.
They are described in the following table:| Name | Description | Default | Example |
|:-------------------------------|:------------------------------------------------------------------|:-------:|------------------------------------------|
| `BOUNDARY_ADDR` | Address where your Boundary instance is hosted | `-` | `https://hashicorp-boundary.company.com` |
| `BOUNDARY_AUTHMETHODPASS_ID` | ID of boundary auth method where the privileged user is stored | `-` | `ampw_example` |
| `BOUNDARY_AUTHMETHODPASS_USER` | Username of boundary privileged user that perform synchronization | `-` | `user_example_changeit` |
| `BOUNDARY_AUTHMETHODPASS_PASS` | Password of boundary privileged user that perform synchronization | `-` | `super_secure_password` |## Examples
Here you have a complete example to use this command.
> Output is thrown always in JSON as it is more suitable for automations
```console
export BOUNDARY_ADDR="https://your-boundary.you-company.com/"
export BOUNDARY_AUTHMETHODPASS_ID="ampw_example"
export BOUNDARY_AUTHMETHODPASS_USER="automation-google-workspace-groups-syncer"
export BOUNDARY_AUTHMETHODPASS_PASS='super_secure_password'bgos run \
--log-level=info \
--google-sa-credentials-path=le_credentials.json \
--google-group [email protected] \
--google-group [email protected]
```## How to use
This project provides binary files and Docker images to make it easy to use wherever wanted
### Binaries
Binary files for the most popular platforms will be added to the [releases](https://github.com/freepik-company/bgos/releases)
### Docker
Docker images can be found in GitHub's [packages](https://github.com/freepik-company/bgos/pkgs/container/bgos)
related to this repository> Do you need it in a different container registry? We think this is not needed, but if we're wrong, please, let's discuss
> it in the best place for that: an issue## How to contribute
We are open to external collaborations for this project: improvements, bugfixes, whatever.
For doing it, open an issue to discuss the need of the changes, then:
- Fork the repository
- Make your changes to the code
- Open a PR and wait for reviewThe code will be reviewed and tested (always)
> We are developers and hate bad code. For that reason we ask you the highest quality
> on each line of code to improve this project on each iteration.## License
Copyright 2022.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.## Special mention
This project was done using IDEs from JetBrains. They helped us to develop faster, so we recommend them a lot! 🤓