Challenge Overview
Please implement the following requirements:
Language and Platform
This application can be written in Java or Python for the Google App Engine platform.
Multitenancy
This application needs to be designed with multitanancy using namespaces:
Multitenancy for Java
Multitenancy for Python
The general idea with multitenancy is that this application should be designed in a way where an application administrator can create and delete tenants. ����Each tenant can then login and configure a task to manage group membership based on OUs for their Google Apps domain. ����The tenant's configuration will only affect their own Google Apps domain. ����This enables the application to be reused by many Google Apps customers without needing to install this application to App Engine for each new Google Apps customer.
User Interface
There should be two main user interfaces(pages).
- The administrative interface. ����This interface is mainly used to create and delete tenants using Google's Multitenancy service. ����Additionally, administrators should also be able to use this interface to add authorized users to each tenant. ����Our preference would be that����the administrator could also use this interface����to view and manage any tasks that have been scheduled by a tenant although this is not a hard requirement.
- The tenant's interface. ����This is where an authorized user can login and configure a job to manage a group based on OUs. ����The interface should allow the tenant to define what OU is being synced to what group. ����The interface should allow the user to define more than one mapping. ����For example, maybe groupa members are based on OU a, and groupb members are based on OU b. ����Our preference would be that this interface allow the tenant to define the schedule that the job runs. ����Finally, the tenant's interface will need to support an oauth workflow to authorize the tenant's job to run for their configured Google Apps domain.
Authentication and Security
The administrative interface should only be accessible to Google accounts that are added to the application via the Google Cloud Console.
The user interface should only be accessible to Google users defined in the administrative interface. ����Users should only be able to access the user interface for their own tenancy, and not any other tenants.
Appropriate care should be taken for the storage of oauth tokens used to access the Google APIs for Users,����OUs, and Groups.
Task logic
The application needs to maintain the members of a Google group based on the members of a Google OU. ����In general, when the task is executed by the scheduler, the task will need to get a list of users that are in the tenant configured OU, compare those OU members to the associated group, and modify the members of the group so that they are the same as the members in the OU.