version: 1
metadata:
  labels:
    blueprints.goauthentik.io/system: "true"
  name: System - Google Workspace Provider - Mappings
entries:
  - identifiers:
      managed: goauthentik.io/providers/google_workspace/user
    model: authentik_providers_google_workspace.googleworkspaceprovidermapping
    attrs:
      name: "authentik default Google Workspace Mapping: User"
      expression: |
        # Field reference:
        # https://developers.google.com/admin-sdk/directory/reference/rest/v1/users#User
        # Google require givenName and familyName to be set
        givenName, familyName = request.user.name, " "
        formatted = request.user.name + " "
        # This default sets givenName to the name before the first space
        # and the remainder as family name
        # if the user's name has no space the givenName is the entire name
        if " " in request.user.name:
            givenName, _, familyName = request.user.name.partition(" ")
            formatted = request.user.name
        user = {
            "name": {
                "fullName": formatted,
                "familyName": familyName.strip(),
                "givenName": givenName.strip(),
                "displayName": formatted,
            },
            "suspended": not request.user.is_active,
        }
        if not connection:
            user["password"] = request.user.password
        return user
  - identifiers:
      managed: goauthentik.io/providers/google_workspace/group
    model: authentik_providers_google_workspace.googleworkspaceprovidermapping
    attrs:
      name: "authentik default Google Workspace Mapping: Group"
      expression: |
        # Field reference:
        # https://developers.google.com/admin-sdk/directory/reference/rest/v1/groups#Group
        return {
            "name": group.name,
        }