BitTitan.Runbooks.GSuite.Beta

0.1.3

Functions/New-GSuiteEndpointConfiguration.ps1

                                <#

.SYNOPSIS

    This function creates a GSuite Endpoint Configuration given a GSuite application id, client secret and refresh tokens.

#>

function New-GSuiteEndpointConfiguration {

    [CmdletBinding(PositionalBinding=$true)]

    [OutputType([Object])]

    param (

        # The username to be stored in the new endpoint.

        [Parameter(Mandatory=$true)]

        [ValidateNotNullOrEmpty()]

        [string]$gSuiteApplicationID,

        # The client secret of the GSuite application.

        [Parameter(Mandatory=$true)]

        [ValidateNotNullOrEmpty()]

        [string]$gSuiteClientSecret,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.user'

        [Parameter(Mandatory=$false)]

        [ValidateNotNullOrEmpty()]

        [String]$userRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.group'

        [Parameter(Mandatory=$false)]

        [ValidateNotNullOrEmpty()]

        [String]$groupRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.orgunit'

        [Parameter(Mandatory=$false)]

        [ValidateNotNullOrEmpty()]

        [String]$organizationalUnitRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.userschema'

        [Parameter(Mandatory=$false)]

        [ValidateNotNullOrEmpty()]

        [String]$userSchemaRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.device.mobile'

        [Parameter(Mandatory=$false)]

        [ValidateNotNullOrEmpty()]

        [String]$mobileDeviceRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.user.security'

        [Parameter(Mandatory=$false)]

        [ValidateNotNullOrEmpty()]

        [String]$securityRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.customer'

        [Parameter(Mandatory=$false)]

        [ValidateNotNullOrEmpty()]

        [String]$customerRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.domain'

        [Parameter(Mandatory=$false)]

        [ValidateNotNullOrEmpty()]

        [String]$domainRefreshToken

    )

    # Initialize the password

    $gSuitePassword = "ClientSecret:$($gSuiteClientSecret)"

    # Declare the scopes for refresh tokens

    $refreshTokenScopes = @(

        "User",

        "Group",

        "OrganizationalUnit",

        "UserSchema",

        "MobileDevice",

        "Security",

        "Customer",

        "Domain"

    )

    # Append the refresh tokens to the client secret

    foreach ($scope in $refreshTokenScopes) {

        $refreshToken = Invoke-Expression ("`$" + (Invoke-Expression "`$scope") + "RefreshToken")

        if (![String]::IsNullOrWhiteSpace($refreshToken)){

            $gSuitePassword += " $($scope):$($refreshToken)"

        }

    }

    # Initialize a configuration for GSuite

    $importConfiguration = New-Object -TypeName ManagementProxy.ManagementService.GenericConfiguration -Property @{

        "Url"                          = "https://admin.google.com";

        "Username"                     = $gSuiteApplicationID;

        "Password"                     = $gSuitePassword;

        "UseAdministrativeCredentials" = $true;

    }

    return $importConfiguration

}