info

The binary crawls for password-change event on Google Worksapce and notify about close password expiration in advance by mail. It allows you to track events for more than 6 months which is the hard limit for Google Security Audit events. It is done with local persistence, binary creates local user_events yaml db file.

build

cd google-password-notifier
poetry install
poetry build

install

python3 -m venv .venv
source .venv/bin/activate && python -m pip install dist/google_password_notifier-*-py3-none-any.whl

configure

• Go to google cloud console and setup service account with global permissions to admin.reports.audit.readonly (Audit events reader)
• Create a secret p12 key for this service account. Download it.
• Go to admin.google.com and grant this account permissions to read events (TODO: enter role name)

run

source .venv/bin/activate && google-password-notifier -c /path/to/config_file.yaml

sample config

---
service_account_email: "[email protected]"
app_password: "123"
delegated_email: "[email protected]"
treshold: 10
sender_email: [email protected]
service_account_json: /etc/google-password-notifier/secret.json