Add support G-Suite group whose members have ADMIN access to registrar console

After this CL, "support" accounts (accounts that are part of the "support" G-Suite group) will the same access to the registrar console as GCP "admins". However, they don't won't have access to the GCP project itself. We could give them their own Role in the future (say SUPPORT) and give them different access than "admins", but right now we don't need it and YAGNI or something :) NOTE: we identify users by their email (they need to be logged in to a google account). I don't know if that's best practice, since I guess different google accounts might have the same email address. However, G-Suite groups' membership is by email so there's not much we can do about it if we want to use G-Suite groups. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=220804273
2025-05-12 22:38:16 +02:00 · 2018-11-09 08:11:26 -08:00 · 2018-11-09 08:11:26 -08:00 · 557984bb75
commit 557984bb75
parent 783c010ab4
15 changed files with 285 additions and 25 deletions
--- a/java/google/registry/config/RegistryConfig.java
+++ b/java/google/registry/config/RegistryConfig.java
@ -392,6 +392,19 @@ public final class RegistryConfig {
      return config.gSuite.adminAccountEmailAddress;
    }

+    /**
+     * Returns the email address of the group containing emails of support accounts.
+     *
+     * <p>These accounts will have "ADMIN" access to the registrar console.
+     *
+     * @see google.registry.groups.DirectoryGroupsConnection
+     */
+    @Provides
+    @Config("gSuiteSupportGroupEmailAddress")
+    public static String provideGSuiteSupportGroupEmailAddress(RegistryConfigSettings config) {
+      return config.gSuite.supportGroupEmailAddress;
+    }
+
    /**
     * Returns the email address(es) that notifications of registrar and/or registrar contact
     * updates should be sent to, or the empty list if updates should not be sent.