Liking cljdoc? Tell your friends :D

goog.workspace.cloudidentity

Clojure wrapper for the Google Cloud Identity Groups API (v1).

Provides idiomatic Clojure functions for the modern Cloud Identity Groups surface — group CRUD plus membership CRUD, lookup, search, and transitive-membership traversal. This is Google's strategic forward path for groups; the older Directory API (goog.workspace.admin) remains for backward compatibility.

Auth: use csl/scoped-delegated-credentials with the appropriate scope and a super-admin impersonation target:

  • CloudIdentityScopes/CLOUD_IDENTITY_GROUPS (read + write)
  • CloudIdentityScopes/CLOUD_IDENTITY_GROUPS_READONLY (read-only)

All list / search functions return {:data [...] :next-page-token "..."}. :next-page-token is absent when there are no further pages.

SCOPE NOTE — when to use this vs. the Directory API (goog.workspace.admin):

  • Directory's Groups is the legacy CRUD surface; supports the broad base of existing Workspace integrations.
  • Cloud Identity's Groups is the modern surface with richer features: dynamic groups (query-driven membership via :dynamic-group-metadata), security labels (via :labels), additional group keys (alternate identifiers), and the transitive-membership query family.
  • Both libraries operate on the same underlying groups; the choice is about which feature set the consumer needs. We document the parallel; we do NOT build an adapter layer between the two.

GROUP IDENTITY FORMAT Resource names use Cloud Identity's structured form: "groups/{groupId}" for groups and "groups/{groupId}/memberships/{membershipId}" for memberships. To resolve a group by email or by external id, use lookup-group. The :parent for create-group is the customer name (e.g. "customers/C012345") — passed inside the body, not as a positional arg, because create-group lives on the top-level /v1/groups endpoint.

LRO POLLING Several mutations (create-group, update-group, delete-group, create-membership, delete-membership, get-membership-graph) return a long-running Operation. Most operations report :done true immediately; the response field carries the resulting resource. Cloud Identity v1 does NOT expose an operations.get endpoint — there is no wait-for-operation in this library. For the rare slow case (large dynamic group materialization), poll the resource itself via get-group or get-membership.

CLASS COLLISIONS Group, Membership, Operation, Status model classes are intentionally NOT imported. Typed bodies are constructed via JSON round-trip; responses are read via csl/->clj (java.util.Map walking). Typed sub-types under Group/Membership (DynamicGroupMetadata, PosixGroup, MembershipRole, ExpiryDetail, EntityKey, GroupRelation, RestrictionEvaluations) are populated transparently by the round-trip.

All functions return {:data ...} on success or {:error ...} on failure.

Clojure wrapper for the Google Cloud Identity Groups API (v1).

Provides idiomatic Clojure functions for the modern Cloud Identity
Groups surface — group CRUD plus membership CRUD, lookup, search, and
transitive-membership traversal. This is Google's strategic forward
path for groups; the older Directory API (goog.workspace.admin)
remains for backward compatibility.

Auth: use csl/scoped-delegated-credentials with the appropriate scope
and a super-admin impersonation target:
- CloudIdentityScopes/CLOUD_IDENTITY_GROUPS           (read + write)
- CloudIdentityScopes/CLOUD_IDENTITY_GROUPS_READONLY  (read-only)

All list / search functions return {:data [...] :next-page-token "..."}.
:next-page-token is absent when there are no further pages.

SCOPE NOTE — when to use this vs. the Directory API (goog.workspace.admin):
- Directory's Groups is the legacy CRUD surface; supports the broad
  base of existing Workspace integrations.
- Cloud Identity's Groups is the modern surface with richer features:
  dynamic groups (query-driven membership via :dynamic-group-metadata),
  security labels (via :labels), additional group keys (alternate
  identifiers), and the transitive-membership query family.
- Both libraries operate on the same underlying groups; the choice is
  about which feature set the consumer needs. We document the parallel;
  we do NOT build an adapter layer between the two.

GROUP IDENTITY FORMAT
Resource names use Cloud Identity's structured form: "groups/{groupId}"
for groups and "groups/{groupId}/memberships/{membershipId}" for
memberships. To resolve a group by email or by external id, use
lookup-group. The :parent for create-group is the customer name
(e.g. "customers/C012345") — passed inside the body, not as a
positional arg, because create-group lives on the top-level
/v1/groups endpoint.

LRO POLLING
Several mutations (create-group, update-group, delete-group,
create-membership, delete-membership, get-membership-graph) return a
long-running Operation. Most operations report :done true immediately;
the response field carries the resulting resource. Cloud Identity v1
does NOT expose an operations.get endpoint — there is no
wait-for-operation in this library. For the rare slow case (large
dynamic group materialization), poll the resource itself via get-group
or get-membership.

CLASS COLLISIONS
`Group`, `Membership`, `Operation`, `Status` model classes are
intentionally NOT imported. Typed bodies are constructed via JSON
round-trip; responses are read via csl/->clj (java.util.Map walking).
Typed sub-types under Group/Membership (DynamicGroupMetadata,
PosixGroup, MembershipRole, ExpiryDetail, EntityKey, GroupRelation,
RestrictionEvaluations) are populated transparently by the round-trip.

All functions return {:data ...} on success or {:error ...} on failure.
raw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts
Ctrl+kJump to recent docs
Move to previous article
Move to next article
Ctrl+/Jump to the search field
Raise an issueBrowse cljdoc sourceChat on Slack
× close