SCRT-HQ
diff --git a/‎Chrome-Policy-Implementation-Guide.md‎
Lines changed: 234 additions & 0 deletions b/‎Chrome-Policy-Implementation-Guide.md‎
Lines changed: 234 additions & 0 deletions
diff --git a/‎PSGSuite/Public/ChromePolicy/Get-GSPolicySchema.ps1‎
Lines changed: 154 additions & 0 deletions b/‎PSGSuite/Public/ChromePolicy/Get-GSPolicySchema.ps1‎
Lines changed: 154 additions & 0 deletions
@@ -0,0 +1,234 @@
+# Adding Chrome Policy Functions to PSGSuite
+
+This document explains how to implement Chrome Policy API functions in PSGSuite and serves as a guide for adding new Google API services to the module.
+
+## Overview
+
+PSGSuite is a PowerShell module that wraps Google's .NET SDKs, enabling administrators to manage Google Workspace (formerly G Suite) services through PowerShell. The module uses Google's official .NET client libraries (NuGet packages) and provides PowerShell functions that follow consistent patterns.
+
+## Architecture Understanding
+
+### Core Components
+
+1. **Google .NET SDKs**: PSGSuite loads Google API client libraries as .NET assemblies (DLLs)
+2. **New-GoogleService**: Creates authenticated service objects for API calls
+3. **Function Structure**: Consistent PowerShell function patterns across all APIs
+4. **Configuration**: Centralized authentication and customer configuration
+
+### How PSGSuite Integrates with .NET APIs
+
+1. **Assembly Loading**: The `Import-GoogleSDK` private function loads Google API DLLs from the `lib` directory
+2. **Service Creation**: `New-GoogleService` creates authenticated service objects with proper scopes
+3. **API Calls**: Functions use the service objects to make API requests following Google's .NET SDK patterns
+
+## Adding Chrome Policy API Support
+
+### Step 1: Research the API
+
+**Chrome Policy API Details:**
+- **Service Endpoint**: `https://chromepolicy.googleapis.com`
+- **NuGet Package**: `Google.Apis.ChromePolicy.v1` (current: v1.69.0.3776)
+- **Service Type**: `Google.Apis.ChromePolicy.v1.ChromePolicyService`
+- **Scopes**:
+  - `https://www.googleapis.com/auth/chrome.management.policy` (read/write)
+  - `https://www.googleapis.com/auth/chrome.management.policy.readonly` (read-only)
+
+### Step 2: Update Dependencies
+
+Add the Chrome Policy SDK to the NuGet dependencies:
+
+```json
+{
+  "Name": "Google.Apis.ChromePolicy.v1.dll",
+  "BaseName": "Google.Apis.ChromePolicy.v1",
+  "Target": "Latest",
+  "LatestVersion": "1.69.0.3776"
+}
+```
+
+### Step 3: Create Directory Structure
+
+Create the function directory following PSGSuite patterns:
+```
+PSGSuite/Public/Chrome Policy/
+```
+
+### Step 4: Implement Functions
+
+#### Function Naming Convention
+- Use PSGSuite prefix: `Get-GS`, `Set-GS`, `New-GS`, `Remove-GS`
+- Use descriptive names: `Get-GSPolicySchema`, `Resolve-GSPolicy`
+
+#### Standard Function Structure
+
+```powershell
+function Get-GSExample {
+    <#
+    .SYNOPSIS
+    Brief description
+    
+    .DESCRIPTION
+    Detailed description
+    
+    .PARAMETER ParamName
+    Parameter description
+    
+    .EXAMPLE
+    Example usage
+    #>
+    [OutputType('Google.Apis.ChromePolicy.v1.Data.ResponseType')]
+    [CmdletBinding(DefaultParameterSetName = "List")]
+    Param(
+        # Parameters
+    )
+    Begin {
+        # Service creation
+        $serviceParams = @{
+            Scope       = 'https://www.googleapis.com/auth/chrome.management.policy.readonly'
+            ServiceType = 'Google.Apis.ChromePolicy.v1.ChromePolicyService'
+        }
+        $service = New-GoogleService @serviceParams
+        
+        # Customer ID handling
+        $customerId = if ($Script:PSGSuite.CustomerID) {
+            $Script:PSGSuite.CustomerID
+        }
+        else {
+            "my_customer"
+        }
+    }
+    Process {
+        # API logic with error handling
+        try {
+            # API calls
+        }
+        catch {
+            if ($ErrorActionPreference -eq 'Stop') {
+                $PSCmdlet.ThrowTerminatingError($_)
+            }
+            else {
+                Write-Error $_
+            }
+        }
+    }
+}
+```
+
+#### Key Patterns
+
+1. **Authentication**: Always use `New-GoogleService` with appropriate scopes
+2. **Customer ID**: Use `$Script:PSGSuite.CustomerID` or "my_customer"
+3. **Error Handling**: Consistent try/catch with ErrorActionPreference handling
+4. **Pagination**: Implement pagination for list operations
+5. **Verbose Output**: Use `Write-Verbose` for operation feedback
+6. **Output Types**: Specify `[OutputType()]` with Google API data types
+
+### Step 5: Implemented Chrome Policy Functions
+
+The following functions were created following PSGSuite patterns:
+
+1. **`Get-GSPolicySchema`**: Lists or gets specific policy schemas
+   - Supports filtering by namespace
+   - Implements pagination
+   - Two parameter sets: List and Get
+
+2. **`Resolve-GSPolicy`**: Gets resolved policy values for org units or groups
+   - Supports both organizational units and groups
+   - Implements pagination for large result sets
+
+3. **`Set-GSPolicyOrgUnit`**: Modifies policies for organizational units
+   - Supports single policy or batch modifications
+   - Handles JSON serialization for policy values
+
+4. **`Set-GSPolicyGroup`**: Modifies policies for groups
+   - Same pattern as org unit function
+   - Supports batch operations
+
+5. **`Set-GSPolicyOrgUnitInherit`**: Sets policies to inherit from parent
+   - Supports single or multiple schema inheritance
+
+6. **`Remove-GSPolicyGroup`**: Deletes policies from groups
+   - Supports single or multiple policy deletion
+
+### Step 6: Authentication and Scopes
+
+Chrome Policy API requires specific OAuth scopes:
+- **Read-only**: `https://www.googleapis.com/auth/chrome.management.policy.readonly`
+- **Read-write**: `https://www.googleapis.com/auth/chrome.management.policy`
+
+Ensure your Google Cloud project has:
+1. Chrome Policy API enabled
+2. Appropriate OAuth consent screen configuration
+3. Service account or OAuth credentials configured
+
+### Step 7: Testing and Usage
+
+Basic usage examples:
+
+```powershell
+# List all policy schemas
+Get-GSPolicySchema
+
+# Get schemas for user apps
+Get-GSPolicySchema -Filter "chrome.users.apps"
+
+# Get resolved policies for an org unit
+Resolve-GSPolicy -PolicySchemaFilter "chrome.users.URLAllowlist" -OrgUnitId "03ph8a2z1qtgfqh"
+
+# Set a policy for an org unit
+$policyValue = @{
+    "value" = @{
+        "allowedUrls" = @("https://example.com")
+    }
+}
+Set-GSPolicyOrgUnit -OrgUnitId "03ph8a2z1qtgfqh" -PolicySchema "chrome.users.URLAllowlist" -PolicyValue $policyValue
+```
+
+## General Guidelines for Adding New APIs
+
+### Research Phase
+1. Check Google's API documentation
+2. Verify .NET SDK availability on NuGet
+3. Identify required scopes and authentication methods
+4. Understand API endpoints and data structures
+
+### Implementation Phase
+1. Add NuGet package to dependencies
+2. Create appropriate directory structure
+3. Implement functions following PSGSuite patterns
+4. Use consistent naming conventions
+5. Implement proper error handling and pagination
+
+### Best Practices
+1. **Consistency**: Follow existing PSGSuite patterns
+2. **Documentation**: Include comprehensive help text
+3. **Error Handling**: Use consistent error handling patterns
+4. **Scoping**: Use minimal required permissions
+5. **Testing**: Test with real API calls when possible
+
+### Common Patterns
+- Use `$Script:PSGSuite.CustomerID` for customer identification
+- Implement pagination for list operations
+- Use `ConvertTo-Json` for complex object serialization
+- Support both single and batch operations where applicable
+- Use parameter sets to handle different operation modes
+
+## Troubleshooting
+
+### Common Issues
+1. **Assembly Loading**: Ensure DLL is in the lib directory and loaded properly
+2. **Authentication**: Verify scopes and credentials are properly configured
+3. **API Limits**: Implement proper pagination and rate limiting
+4. **Data Types**: Use correct Google API data types for parameters and returns
+
+### Debug Steps
+1. Check verbose output with `-Verbose`
+2. Verify service object creation
+3. Test API calls with minimal parameters
+4. Check Google Cloud Console for API quotas and errors
+
+## Conclusion
+
+Adding Chrome Policy functions to PSGSuite follows the established patterns used throughout the module. The key is understanding how PSGSuite wraps Google's .NET SDKs and following consistent patterns for authentication, error handling, and API interaction.
+
+This approach can be applied to any Google API that has a corresponding .NET SDK package available on NuGet.
@@ -0,0 +1,154 @@
+function Get-GSPolicySchema {
+    <#
+    .SYNOPSIS
+    Gets Chrome policy schemas from the Chrome Policy API
+
+    .DESCRIPTION
+    Gets Chrome policy schemas that can be applied to Chrome OS devices and Chrome browsers in your organization.
+
+    .PARAMETER SchemaName
+    The specific schema name to retrieve. Can be either a full path (e.g., "customers/{customer}/policySchemas/chrome.users.AutoOpenFileTypes") 
+    or just the schema name (e.g., "chrome.users.AutoOpenFileTypes"). If not provided, lists all policy schemas.
+
+    .PARAMETER Filter
+    Search filter to apply to the policy schemas. Supports filtering by namespace (e.g., "chrome.users.apps").
+
+    .PARAMETER PageSize
+    Maximum number of policy schemas to return in a single request. Default is 100.
+
+    .PARAMETER Limit
+    Maximum number of policy schemas to return. Set to 0 to return all results.
+
+    .EXAMPLE
+    Get-GSPolicySchema
+
+    Gets all Chrome policy schemas for the organization
+
+    .EXAMPLE
+    Get-GSPolicySchema -Filter "chrome.users.apps"
+
+    Gets policy schemas related to user applications
+
+    .EXAMPLE
+    Get-GSPolicySchema -SchemaName "chrome.users.AutoOpenFileTypes"
+
+    Gets a specific policy schema by name
+
+    .EXAMPLE
+    Get-GSPolicySchema -SchemaName "customers/{customer}/policySchemas/chrome.users.AutoOpenFileTypes"
+
+    Gets a specific policy schema using the full path
+    #>
+    [OutputType('Google.Apis.ChromePolicy.v1.Data.GoogleChromePolicyV1PolicySchema')]
+    [CmdletBinding(DefaultParameterSetName = "List")]
+    Param(
+        [Parameter(Mandatory = $false, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = "Get")]
+        [Alias('Name', 'Policy', 'PolicySchema')]
+        [String[]]
+        $SchemaName,
+        [Parameter(Mandatory = $false, ParameterSetName = "List")]
+        [String]
+        $Filter,
+        [Parameter(Mandatory = $false, ParameterSetName = "List")]
+        [ValidateRange(1, 1000)]
+        [Alias('MaxResults')]
+        [Int]
+        $PageSize = 100,
+        [Parameter(Mandatory = $false, ParameterSetName = "List")]
+        [Alias('First')]
+        [Int]
+        $Limit = 0
+    )
+    Begin {
+        $serviceParams = @{
+            Scope       = 'https://www.googleapis.com/auth/chrome.management.policy.readonly'
+            ServiceType = 'Google.Apis.ChromePolicy.v1.ChromePolicyService'
+        }
+        $service = New-GoogleService @serviceParams
+        $customerId = if ($Script:PSGSuite.CustomerID) {
+            $Script:PSGSuite.CustomerID
+        }
+        else {
+            "my_customer"
+        }
+        $parentPath = "customers/$customerId"
+    }
+    Process {
+        try {
+            switch ($PSCmdlet.ParameterSetName) {
+                Get {
+                    foreach ($schema in $SchemaName) {
+                        try {
+                            Write-Verbose "Getting Chrome Policy Schema '$schema'"
+                            # Handle both full paths and schema names
+                            $schemaPath = if ($schema.StartsWith('customers/')) {
+                                $schema
+                            } else {
+                                "$parentPath/policySchemas/$schema"
+                            }
+                            $request = $service.Customers.PolicySchemas.Get($schemaPath)
+                            $request.Execute()
+                        }
+                        catch {
+                            if ($ErrorActionPreference -eq 'Stop') {
+                                $PSCmdlet.ThrowTerminatingError($_)
+                            }
+                            else {
+                                Write-Error $_
+                            }
+                        }
+                    }
+                }
+                List {
+                    $request = $service.Customers.PolicySchemas.List($parentPath)
+                    if ($Limit -gt 0 -and $PageSize -gt $Limit) {
+                        Write-Verbose ("Reducing PageSize from {0} to {1} to meet limit with first page" -f $PageSize, $Limit)
+                        $PageSize = $Limit
+                    }
+                    $request.PageSize = $PageSize
+                    
+                    if ($PSBoundParameters.ContainsKey('Filter')) {
+                        Write-Verbose "Getting Chrome Policy Schemas with filter '$Filter'"
+                        $request.Filter = $Filter
+                    }
+                    else {
+                        Write-Verbose "Getting all Chrome Policy Schemas"
+                    }
+
+                    [int]$i = 1
+                    $overLimit = $false
+                    do {
+                        $result = $request.Execute()
+                        if ($result.PolicySchemas) {
+                            $result.PolicySchemas
+                        }
+                        if ($result.NextPageToken) {
+                            $request.PageToken = $result.NextPageToken
+                        }
+                        [int]$retrieved = ($i + $result.PolicySchemas.Count) - 1
+                        Write-Verbose "Retrieved $retrieved Chrome Policy Schemas..."
+                        if ($Limit -gt 0 -and $retrieved -eq $Limit) {
+                            Write-Verbose "Limit reached: $Limit"
+                            $overLimit = $true
+                        }
+                        elseif ($Limit -gt 0 -and ($retrieved + $PageSize) -gt $Limit) {
+                            $newPS = $Limit - $retrieved
+                            Write-Verbose ("Reducing PageSize from {0} to {1} to meet limit with next page" -f $PageSize, $newPS)
+                            $request.PageSize = $newPS
+                        }
+                        [int]$i = $i + $result.PolicySchemas.Count
+                    }
+                    until ($overLimit -or !$result.NextPageToken)
+                }
+            }
+        }
+        catch {
+            if ($ErrorActionPreference -eq 'Stop') {
+                $PSCmdlet.ThrowTerminatingError($_)
+            }
+            else {
+                Write-Error $_
+            }
+        }
+    }
+}