Google Calendar

Google Calendar is a time-management and scheduling calendar service developed by Google. This integration helps you to perform various tasks on the access control list (ACL). This integration was integrated and tested with G Suite Basic edition.

Configure Service Account for Google Calendar

  1. Go to https://console.developers.google.com.

  2. Select or create a project:

    Setup Account

  3. Enable the Google Calendar API:

    1. Under the main menu, select APIs & Services > Libary: Setup Account
    2. Enable Google Calendar API: Setup Account
    3. Select the project and click OPEN: Setup Account
  4. Create a service account with the correct restricted permissions:

    1. Under the main menu, select IAM & Admin > Service Accounts: Setup Account

    2. In the top bar, select CREATE SERVICE ACCOUNT: Setup Account

    3. Under the main menu, select IAM & Admin > Service Accounts and open the account you just created.

    4. Generate new credentials:

      1. On the Service account details page, under Keys, click ADD KEY and select Create new key: Setup Account
      2. Under Key type, select JSON, and click CREATE. Save the credentials in a secure location. You will need the generated credentials.json file when you configure the instance in Cortex XSOAR: Setup Account

Add Scopes in G Suite Admin

  1. Go to https://admin.google.com

  2. Click Menu and select Security > API Controls: Setup Account

  3. Under the Domain wide delegation tab, click MANAGE DOMAIN WIDE DELEGATION: Setup Account

  4. Click Add new and enter the Client ID from your credentials.json file and required scopes from the integration tips. Setup Account

  5. Click AUTHORIZE.

Configure Google Calendar on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Google Calendar.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    user_service_account_jsonUser's Service Account JSONTrue
    insecureTrust any certificate (not secure)False
    proxyUse system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

google-calendar-acl-add


Creates an access control rule.

Base Command

google-calendar-acl-add

Input

Argument NameDescriptionRequired
calendar_idIdentifier of the calendar. If you want to access the primary calendar of the currently logged in user, use the "primary" keyword.Required
user_idThe user's primary email address.Optional
roleThe role assigned to the scope.

Available Options:
"none" - Provides no access.

"freeBusyReader" - Provides read access to free/busy information.

"reader" - Provides read access to the calendar. Private events will appear to users with reader access, but event details will be hidden.

"writer" - Provides read and write access to the calendar. Private events will appear to users with writer access, and event details will be visible.

"owner" - Provides ownership of the calendar. This role has all of the permissions of the writer role with the additional ability to see and manipulate ACLs.
Required
scope_typeThe type of the scope.

Available Options:
"default" - The public scope. This is the default value.

"user" - Limits the scope to a single user.

"group" - Limits the scope to a group.

"domain" - Limits the scope to a domain.

Note: The permissions granted to the "default", or public scope, apply to any user, authenticated or not.
Required
scope_valueThe email address of a user or group, or the name of a domain, depending on the scope type. Omitted for type "default".Optional
send_notificationsWhether to send notifications about the calendar sharing change. Default is "true".Optional

Context Output

PathTypeDescription
GoogleCalendar.Acl.calendarIdStringCalendar identifier.
GoogleCalendar.Acl.userIdStringUser's email address.
GoogleCalendar.Acl.idStringIdentifier of the ACL rule.
GoogleCalendar.Acl.kindStringType of the resource.
GoogleCalendar.Acl.etagStringETag of the resource.
GoogleCalendar.Acl.scopeTypeStringThe type of the scope.
GoogleCalendar.Acl.scopeValueStringThe email address of a user or group, or the name of a domain, depending on the scope type.
GoogleCalendar.Acl.roleStringThe role assigned to the scope.

Command Example

!google-calendar-acl-add calendar_id=calenderId role=freeBusyReader scope_type=user scope_value=useracl@domain.com user_id=user1@domain.com

Context Example

{
"GoogleCalendar": {
"Acl": {
"calendarId": "calenderId",
"userId": "user1@domain.com"
"etag": "\"00001600760672577000\"",
"id": "user:useracl@domain.com",
"kind": "calendar#aclRule",
"role": "freeBusyReader",
"scopeType": "user",
"scopeValue": "useracl@domain.com"
}
}
}

Human Readable Output

Giving an access control rule for calendar id "calenderId".

IdRoleScope TypeScope Value
user:useracl@domain.comfreeBusyReaderuseruseracl@domain.com

google-calendar-acl-list


Returns the rules in the access control list for the calendar.

Base Command

google-calendar-acl-list

Input

Argument NameDescriptionRequired
calendar_idCalendar identifier. If you want to access the primary calendar of the currently logged in user, use the "primary" keyword.Required
user_idThe user's primary email address.Optional
max_resultsMaximum number of entries returned on a result page. Default is 100. The page size cannot be greater than 250 entries.Optional
page_tokenToken specifying which result page to return.Optional
show_deletedWhether to include deleted ACLs in the result. Deleted ACLs are represented by role "none". Deleted ACLs will always be included if syncToken is provided. Default is "false".Optional
sync_tokenToken obtained from the nextSyncToken field returned on the last page of results from the previous list request. The result of this list request contains only entries that have changed since then. All entries deleted since the previous list request will always be in the result set and it is not allowed to set showDeleted to false.
If the syncToken expires, the server will respond with a 410 GONE response code and the client should clear its storage and perform a full synchronization without any syncToken.
Optional

Context Output

PathTypeDescription
GoogleCalendar.Acl.calendarIdStringCalendar identifier.
GoogleCalendar.Acl.userIdStringUser's email address.
GoogleCalendar.Acl.idStringIdentifier of the ACL rule.
GoogleCalendar.Acl.kindStringType of the resource.
GoogleCalendar.Acl.etagStringETag of the resource.
GoogleCalendar.Acl.scopeTypeStringThe type of the scope.
GoogleCalendar.Acl.scopeValueStringThe email address of a user or group, or the name of a domain, depending on the scope type.
GoogleCalendar.Acl.roleStringThe role assigned to the scope.
GoogleCalendar.PageToken.Acl.calendarIdStringCalendar identifier.
GoogleCalendar.PageToken.Acl.userIdStringUser's email address.
GoogleCalendar.PageToken.Acl.nextPageTokenStringToken used to access the next page of this result.
GoogleCalendar.PageToken.Acl.nextSyncTokenStringToken used at a later point in time to retrieve only the entries that have changed since this result was returned.

Command Example

!google-calendar-acl-list calendar_id=calenderID user_id=user1@domain.com max_results=2

Context Example

{
"GoogleCalendar": {
"Acl": [
{
"calendarId": "calenderID",
"userId": "user1@domain.com",
"etag": "\"00000000000000000000\"",
"id": "user:user1@domain.com",
"kind": "calendar#aclRule",
"role": "owner",
"scopeType": "user",
"scopeValue": "user1@domain.com"
},
{
"calendarId": "calenderID",
"userId": "user1@domain.com",
"etag": "\"00001598621012848000\"",
"id": "user:user2@domain.com",
"kind": "calendar#aclRule",
"role": "reader",
"scopeType": "user",
"scopeValue": "user2@domain.com"
}
],
"PageToken": {
"Acl": {
"calendarId": "calenderID",
"userId": "user1@domain.com"
"nextPageToken": "EKiDnZGM_OsCGAAgADIkCgwI1Iqk-gUQgOitlAMSFCoSeHh4eEBuaW1ibGVkYXRhLmlv"
}
}
}
}

Human Readable Output

Next Page Token: EKiDnZGM_OsCGAAgADIkCgwI1Iqk-gUQgOitlAMSFCoSeHh4eEBuaW1ibGVkYXRhLmlv

Total Retrieved ACL: 2

IdRoleScope TypeScope Value
user:user1@domain.comowneruseruser1@domain.com
user:user2@domain.comreaderuseruser2@domain.com