Simplify Tenant Metadata (#152)

* Simplify tenant metadata section and correct groups bug

* Remove scope that is no longer needed

* Remove unneeded OAUTH scope from readme

README.md

@@ -142,7 +142,6 @@ chmod +x opa_darwin_amd64 # give the opa executable execute permissions
 The tool uses the following OAUTH API scopes.
 - `https://www.googleapis.com/auth/admin.reports.audit.readonly`
 - `https://www.googleapis.com/auth/admin.directory.domain.readonly`
-- `https://www.googleapis.com/auth/admin.directory.customer.readonly`
 - `https://www.googleapis.com/auth/admin.directory.group.readonly`
 - `https://www.googleapis.com/auth/admin.directory.orgunit.readonly`
 - `https://www.googleapis.com/auth/admin.directory.user.readonly`

scubagoggles/auth.py

@@ -14,7 +14,6 @@
 # If modifying these scopes, delete the file token.json.
 SCOPES = ['https://www.googleapis.com/auth/admin.reports.audit.readonly',
     "https://www.googleapis.com/auth/admin.directory.domain.readonly",
-    "https://www.googleapis.com/auth/admin.directory.customer.readonly",
     "https://www.googleapis.com/auth/admin.directory.orgunit.readonly",
     "https://www.googleapis.com/auth/admin.directory.user.readonly",
     "https://www.googleapis.com/auth/admin.directory.group.readonly",

scubagoggles/orchestrator.py

@@ -207,7 +207,7 @@ def run_reporter(args):
     with open(f'{out_folder}/{args.outputproviderfilename}.json',
     mode='r',encoding='UTF-8') as file:
         tenant_info = json.load(file)['tenant_info']
-        tenant_name = tenant_info['name']
+        tenant_domain = tenant_info['domain']
 
 
     # Create the the individual report files
@@ -221,7 +221,7 @@ def run_reporter(args):
             test_results_data,
             product,
             out_folder,
-            tenant_name,
+            tenant_domain,
             main_report_name,
             prod_to_fullname,
             baseline_policies[product]

scubagoggles/provider.py

@@ -303,20 +303,24 @@ def get_tenant_info(service) -> dict:
     :param service: a directory_v1 service instance
     '''
     try:
-        response = service.customers().get(customerKey="my_customer").execute()
-        return {'id': response['id'],
-        'domain': response['customerDomain'],
-        'name': response['postalAddress']['organizationName'],
-        'topLevelOU': get_toplevel_ou(service)}
+        response = service.domains().list(customer="my_customer").execute()
+        primary_domain = ""
+        for domain in response['domains']:
+            if domain['isPrimary']:
+                primary_domain = domain['domainName']
+        return {
+            'domain': primary_domain,
+            'topLevelOU': get_toplevel_ou(service)
+        }
     except Exception as exc:
         warnings.warn(
             f"An exception was thrown trying to get the tenant info: {exc}",
             RuntimeWarning
         )
-        return {'id': 'Error Retrieving',
-        'domain': 'Error Retrieving',
-        'name': 'Error Retrieving',
-        'topLevelOU': 'Error Retrieving'}
+        return {
+            'domain': 'Error Retrieving',
+            'topLevelOU': 'Error Retrieving'
+        }
 
 
 def get_gws_logs(products: list, service, event: str) -> dict:
@@ -407,7 +411,7 @@ def get_group_settings(services) -> dict:
         domain_service = services['directory']
         # gather all of the domains within a suite to get groups
         response = domain_service.domains().list(customer="my_customer").execute()
-        domains = {d['domainName'] for d in response['domains']}
+        domains = {d['domainName'] for d in response['domains'] if d['verified']}
 
         # get the group settings for each groups
         group_settings = []

scubagoggles/reporter/reporter.py

@@ -77,20 +77,20 @@ def build_front_page_html(fragments : list, tenant_info : dict) -> str:
     meta_data = f"\
         <table style = \"text-align:center;\"> \
             <colgroup><col/><col/><col/><col/></colgroup> \
-            <tr><th>Customer Name</th><th>Customer Domain</th><th>Customer ID</th><th>Report Date</th></tr> \
-            <tr><td>{tenant_info['name']}</td><td>{tenant_info['domain']}</td><td>{tenant_info['id']}</td><td>{report_date}</td></tr> \
+            <tr><th>Customer Domain</th><th>Report Date</th></tr> \
+            <tr><td>{tenant_info['domain']}</td><td>{report_date}</td></tr> \
         </table>"
     html = html.replace('{{TENANT_DETAILS}}', meta_data)
     return html
 
 def build_report_html(fragments : list, product : str,
-tenant_name : str, main_report_name: str) -> str:
+tenant_domain : str, main_report_name: str) -> str:
     '''
     Adds data into HTML Template and formats the page accordingly
 
     :param fragments: list object containing each baseline
     :param product: str object containing name of Google Product being evaluated
-    :param tenant_name: the name of the tenant.
+    :param tenant_domain: the primary domain of the tenant.
     :param main_report_name: Name of the main report HTML file.
     '''
     reporter_path = str(rel_abs_path(__file__,"./"))
@@ -132,8 +132,8 @@ def build_report_html(fragments : list, product : str,
     meta_data = f"\
         <table style = \"text-align:center;\"> \
             <colgroup><col/><col/><col/></colgroup> \
-            <tr><th>Customer Name </th><th>Report Date</th><th>Baseline Version</th><th>Tool Version</th></tr> \
-            <tr><td>{tenant_name}</td><td>{report_date}</td><td>{baseline_version}</td><td>{tool_version}</td></tr> \
+            <tr><th>Customer Domain </th><th>Report Date</th><th>Baseline Version</th><th>Tool Version</th></tr> \
+            <tr><td>{tenant_domain}</td><td>{report_date}</td><td>{baseline_version}</td><td>{tool_version}</td></tr> \
         </table>"
 
     html = html.replace('{{METADATA}}', meta_data)
@@ -144,14 +144,14 @@ def build_report_html(fragments : list, product : str,
     return html
 
 def rego_json_to_html(test_results_data : str, product : list, out_path : str,
-tenant_name : str, main_report_name : str, prod_to_fullname: dict, product_policies) -> None:
+tenant_domain : str, main_report_name : str, prod_to_fullname: dict, product_policies) -> None:
     '''
     Transforms the Rego JSON output into HTML
 
     :param test_results_data: json object with results of Rego test
     :param product: list of products being tested
     :param out_path: output path where HTML should be saved
-    :param tenant_name: The name of the GWS org
+    :param tenant_domain: The primary domain of the GWS org
     :param main_report_name: report_name: Name of the main report HTML file.
     :param prod_to_fullname: dict containing mapping of the product full names
     :param product_policies: dict containing policies read from the baseline markdown
@@ -236,7 +236,7 @@ def rego_json_to_html(test_results_data : str, product : list, out_path : str,
         fragments.append(f"<h2>{product_upper}-{baseline_group['GroupNumber']} \
         {baseline_group['GroupName']}</h2>")
         fragments.append(create_html_table(table_data))
-    html = build_report_html(fragments, prod_to_fullname[product], tenant_name, main_report_name)
+    html = build_report_html(fragments, prod_to_fullname[product], tenant_domain, main_report_name)
     with open(f"{out_path}/IndividualReports/{ind_report_name}",
     mode='w', encoding='UTF-8') as file:
         file.write(html)