Allow custom workspace customer id

cmd/root.go

@@ -159,6 +159,7 @@ func initConfig() {
 
 	appEnvVars := []string{
 		"google_admin",
+		"customer_id",
 		"google_credentials",
 		"scim_access_token",
 		"scim_endpoint",
@@ -204,6 +205,12 @@ func configLambda() {
 	}
 	cfg.GoogleAdmin = unwrap
 
+	unwrap, err = secrets.CustomerId(os.Getenv("CUSTOMER_ID"))
+	if err != nil {
+		log.Fatalf(errors.Wrap(err, "cannot read config: CUSTOMER_ID").Error())
+	}
+	cfg.CustomerId = unwrap
+
 	unwrap, err = secrets.GoogleCredentials(os.Getenv("GOOGLE_CREDENTIALS"))
 	if err != nil {
 		log.Fatalf(errors.Wrap(err, "cannot read config: GOOGLE_CREDENTIALS").Error())
@@ -293,6 +300,7 @@ func addFlags(cmd *cobra.Command, cfg *config.Config) {
 	rootCmd.Flags().StringVarP(&cfg.SCIMEndpoint, "endpoint", "e", "", "AWS SSO SCIM API Endpoint")
 	rootCmd.Flags().StringVarP(&cfg.GoogleCredentials, "google-credentials", "c", config.DefaultGoogleCredentials, "path to Google Workspace credentials file")
 	rootCmd.Flags().StringVarP(&cfg.GoogleAdmin, "google-admin", "u", "", "Google Workspace admin user email")
+	rootCmd.Flags().StringVarP(&cfg.CustomerId, "customer-id", "", config.DefaultCustomerId, "Google Workspace Customer ID")
 	rootCmd.Flags().StringSliceVar(&cfg.IgnoreUsers, "ignore-users", []string{}, "ignores these Google Workspace users")
 	rootCmd.Flags().StringSliceVar(&cfg.IgnoreGroups, "ignore-groups", []string{}, "ignores these Google Workspace groups")
 	rootCmd.Flags().StringSliceVar(&cfg.IncludeGroups, "include-groups", []string{}, "include only these Google Workspace groups, NOTE: only works when --sync-method 'users_groups'")

internal/config/config.go

@@ -13,6 +13,8 @@ type Config struct {
 	GoogleCredentials string `mapstructure:"google_credentials"`
 	// GoogleAdmin ...
 	GoogleAdmin string `mapstructure:"google_admin"`
+	// CustomerId ...
+	CustomerId string `mapstructure:"customer_id"`
 	// UserMatch ...
 	UserMatch string `mapstructure:"user_match"`
 	// GroupFilter ...
@@ -46,6 +48,8 @@ const (
 	DefaultLogFormat = "text"
 	// DefaultDebug is the default debug status.
 	DefaultDebug = false
+	// DefaultCustomerId is the default customer id
+	DefaultCustomerId = "my_customer"
 	// DefaultGoogleCredentials is the default credentials path
 	DefaultGoogleCredentials = "credentials.json"
 	// DefaultSyncMethod is the default sync method to use.
@@ -60,5 +64,6 @@ func New() *Config {
 		LogFormat:         DefaultLogFormat,
 		SyncMethod:        DefaultSyncMethod,
 		GoogleCredentials: DefaultGoogleCredentials,
+		CustomerId:        DefaultCustomerId,
 	}
 }

internal/config/secrets.go

@@ -26,6 +26,14 @@ func (s *Secrets) GoogleAdminEmail(secretArn string) (string, error) {
      return s.getSecret(secretArn)
 }
 
+// CustomerId ...
+func (s *Secrets) CustomerId(secretArn string) (string, error) {
+     if len([]rune(secretArn)) == 0 {
+        return s.getSecret("SSOSyncCustomerId")
+     }
+     return s.getSecret(secretArn)
+}
+
 // SCIMAccessToken ...
 func (s *Secrets) SCIMAccessToken(secretArn string) (string, error) {
      if len([]rune(secretArn)) == 0 {

internal/google/client.go

@@ -36,10 +36,11 @@ type Client interface {
 type client struct {
 	ctx     context.Context
 	service *admin.Service
+	customerId string
 }
 
 // NewClient creates a new client for Google's Admin API
-func NewClient(ctx context.Context, adminEmail string, serviceAccountKey []byte) (Client, error) {
+func NewClient(ctx context.Context, adminEmail string, customerId string, serviceAccountKey []byte) (Client, error) {
 	config, err := google.JWTConfigFromJSON(serviceAccountKey, admin.AdminDirectoryGroupReadonlyScope,
 		admin.AdminDirectoryGroupMemberReadonlyScope,
 		admin.AdminDirectoryUserReadonlyScope)
@@ -60,13 +61,14 @@ func NewClient(ctx context.Context, adminEmail string, serviceAccountKey []byte)
 	return &client{
 		ctx:     ctx,
 		service: srv,
+		customerId: customerId,
 	}, nil
 }
 
 // GetDeletedUsers will get the deleted users from the Google's Admin API.
 func (c *client) GetDeletedUsers() ([]*admin.User, error) {
 	u := make([]*admin.User, 0)
-	err := c.service.Users.List().Customer("my_customer").ShowDeleted("true").Pages(c.ctx, func(users *admin.Users) error {
+	err := c.service.Users.List().Customer(c.customerId).ShowDeleted("true").Pages(c.ctx, func(users *admin.Users) error {
 		u = append(u, users.Users...)
 		return nil
 	})
@@ -109,7 +111,7 @@ func (c *client) GetUsers(query string) ([]*admin.User, error) {
 
 	// If we have wildcard then fetch all users
 	if query  == "*" {
-                err = c.service.Users.List().Customer("my_customer").Pages(c.ctx, func(users *admin.Users) error {
+                err = c.service.Users.List().Customer(c.customerId).Pages(c.ctx, func(users *admin.Users) error {
                         u = append(u, users.Users...)
                         return nil
                 })
@@ -120,7 +122,7 @@ func (c *client) GetUsers(query string) ([]*admin.User, error) {
 
 		// Then call the api one query at a time, appending to our list
 		for _, subQuery := range queries {
-			err = c.service.Users.List().Query(subQuery).Customer("my_customer").Pages(c.ctx, func(users *admin.Users) error {
+			err = c.service.Users.List().Query(subQuery).Customer(c.customerId).Pages(c.ctx, func(users *admin.Users) error {
 				u = append(u, users.Users...)
 				return nil
 			})
@@ -170,7 +172,7 @@ func (c *client) GetGroups(query string) ([]*admin.Group, error) {
 
         // If we have wildcard then fetch all groups
         if query  == "*" {
-		err = c.service.Groups.List().Customer("my_customer").Pages(context.TODO(), func(groups *admin.Groups) error {
+		err = c.service.Groups.List().Customer(c.customerId).Pages(context.TODO(), func(groups *admin.Groups) error {
                         g = append(g, groups.Groups...)
                         return nil
                 })
@@ -182,7 +184,7 @@ func (c *client) GetGroups(query string) ([]*admin.Group, error) {
 
        	// Then call the api one query at a time, appending to our list
        	for _, subQuery := range queries {
-		err = c.service.Groups.List().Customer("my_customer").Query(subQuery).Pages(context.TODO(), func(groups *admin.Groups) error {
+		err = c.service.Groups.List().Customer(c.customerId).Query(subQuery).Pages(context.TODO(), func(groups *admin.Groups) error {
 			g = append(g, groups.Groups...)
 			return nil
 		})

internal/sync.go

@@ -768,7 +768,7 @@ func DoSync(ctx context.Context, cfg *config.Config) error {
 
 	httpClient := retryClient.StandardClient()
 
-	googleClient, err := google.NewClient(ctx, cfg.GoogleAdmin, creds)
+	googleClient, err := google.NewClient(ctx, cfg.GoogleAdmin, cfg.CustomerId, creds)
 	if err != nil {
 	        log.WithField("error", err).Warn("Problem establising a connection to Google directory")
 		return err