This handler uses the Google API library to add new owners to a previously created Google Group. Using a Service Account Email and the corresponding P12 file (see below for details about obtaining these values) to authenticate the handler against Google's API. A string of emails are taken from the input and the handler then sets the specified accounts to be managers of the group. Any errors that occur during the posting process will be caught and re-raised by this handler.
- In order to use this handler, the account specified by the task info values needs to enable Admin SDK API in admin account.
How to retrieve the Service Account Email and Setup P12 File
To enable the Calendar API and get the Service Account Email and P12 File
1. Navigate to the 'Google Developers Console'
2. Click on the Create Project button (or if you have an existing project that you wish to keep using, click on the project name.)
3. Go to the APIs page and turn on the Calendar service
4. Go to the Credentials page and Create a new Client Id
* Select 'Service Account'
* Select 'P12 Key' for Key type
5. When you click 'Create Client Id', a P12 File will be downloaded
6. Remember the Email for the Service Account that you just created
To add the P12 file to the handler:
1. Download the .zip file for the handler
2. Expand the zipped directory, and place the P12 File that you just downloaded into the resources folder
* Found at google_apps_sa_group_add_owners_v1 => handler => resources
* Remember the name of the P12 File, it will be needed later
3. Zip the directory back up and upload to Kinetic Task
The Service Account Email and P12 File name will be used as info values for the handler, and will be used to get access to the Google Services
How to Perform Domain-Wide Delegation of Authority to Allow Impersonation
- Go to your Google Apps domain’s Admin console.
- Select Security from the list of controls. If you don't see Security listed, select More controls from the gray bar at the bottom of the page, then select Security from the list of controls.
- Select Advanced settings from the list of options.
- Select Manage third party OAuth Client access in the Authentication section.
- In the Client name field enter the service account's Client ID.
- In the One or More API Scopes field enter the list of scopes that your application should be granted access to (see image below). For example if you need domain-wide access to the Google Calendar API enter:
- Click the Authorize button.