npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

gitlab-google-scim

v0.1.3

Published

Synchronizes your google users with gitlab users via SCIM. It supports mapping of different privileges for different groups & users.

Downloads

3

Readme

Gitlab to Google SCIM

Synchronizes your google users with gitlab users via SCIM. It supports mapping of different privileges for different groups & users.

Configuration

You need a few items of configuration. One side from Gitlab, and the other from Google Cloud to allow for API access to each. You will need the files produced by these steps for AWS Lambda deployment as well as locally running the sync tool. This how-to assumes you have Gitlab SSO configured and a Google SAML app to log in into Gitlab.

Google

First, you have to setup your API. In the project you want to use go to the Console and select API & Services > Enable APIs and Services. Search for Admin SDK and Enable the API.

You have to perform this tutorial to create a service account that you use to sync your users. Save the JSON file you create during the process. Please, keep this file safe, or store it in the AWS Secrets Manager.

In the domain-wide delegation for the Admin API, you have to specify the following scopes for the user.

https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.group.member.readonly https://www.googleapis.com/auth/admin.directory.user.readonly

Back in the Console go to the Dashboard for the API & Services and select "Enable API and Services". In the Search box type Admin and select the Admin SDK option. Click the Enable button.

You will have to specify the email address of an admin via the environment variable GOOGLE_ADMIN_EMAIL to assume this users role in the Directory.

Slack

To create a slack app and an incoming webhook, follow this page

Gitlab

You need two different credentials, a SCIM token and an API token with api access to the root group.

To get a SCIM token:

  • Open Gitlab, on the left sidebar, at the top, select Search GitLab () to find your group.
  • Select Settings > SAML SSO. Select Generate a SCIM token.
  • Save the Token from the Your SCIM token field. Please, keep this token safe, or store it in the AWS Secrets Manager.
  • The SCIM API endpoint URL field will be automatically calculated.

To get an API token, create a Group Access Token or a Personal Access Token.

Deployment configuration

| Name | Required | Description | |---|---|---| | GOOGLE_DOMAIN | yes | google domain that is allowed in gitlab | | GOOGLE_ADMIN_EMAIL | yes | email of a google administrator that will be impersonated by the service account | | GOOGLE_SA_KEY_SECRET | no | AWS Secret name to retrieve the service account key from | | GOOGLE_SA_KEY_FILE | no | Filepath to retrieve the service account key from | | GOOGLE_SA_KEY | no | Service account key | | GITLAB_GROUP | yes | gitlab root group to sync users to | | GITLAB_URL | no | gitlab instance base url, defaults to https://gitlab.com | | GITLAB_SCIM_TOKEN_SECRET | no | AWS Secret name to retrieve the SCIM token from | | GITLAB_SCIM_TOKEN_FILE | no | Filepath to retrieve the SCIM token from | | GITLAB_SCIM_TOKEN | no | SCIM token | | GITLAB_API_TOKEN_SECRET | no | AWS Secret name to retrieve the API token from | | GITLAB_API_TOKEN_FILE | no | Filepath to retrieve the API token from | | GITLAB_API_TOKEN | no | API token | | DEFAULT_MEMBERSHIP_ROLE | no | Default gitlab role. Defaults to Minimal Access | | ROLE_MAPPINGS_SECRET | no | AWS Secret name to retrieve the gitlab role mappings from | | ROLE_MAPPINGS_FILE | no | Filepath to retrieve the gitlab role mappings from | | ROLE_MAPPINGS | no | Role mappings for gitlab | | SLACK_WEBHOOK_URL | no | Slack Webhook url to send notifications to | | LOG_LEVEL | no | Level of logs to print. Defaults to info | | DRY_RUN | no | Whether to only retrieve information, not create anything. Defaults to false |

Development

To install dependencies:

bun install

To run:

bun run index.ts