mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-06 13:51:36 +00:00
Merge branch 'master' of https://github.com/jay0lee/GAM
This commit is contained in:
@@ -140,6 +140,7 @@ If an item contains spaces, it should be surrounded by ".
|
|||||||
|
|
||||||
<AccessToken> ::= <String>
|
<AccessToken> ::= <String>
|
||||||
<ACLScope> ::= [user:]<EmailAddress>|group:<EmailAddress>|domain[:<DomainName>]|default
|
<ACLScope> ::= [user:]<EmailAddress>|group:<EmailAddress>|domain[:<DomainName>]|default
|
||||||
|
<APIScopeURL> ::= <String>
|
||||||
<ASPID> ::= <String>
|
<ASPID> ::= <String>
|
||||||
<BuildingID> ::= <String>|id:<String>
|
<BuildingID> ::= <String>|id:<String>
|
||||||
<CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer
|
<CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer
|
||||||
@@ -552,6 +553,7 @@ Items, separated by spaces, with spaces, commas or single quotes in the items th
|
|||||||
"'it em' 'it,em' \"it'em\""
|
"'it em' 'it,em' \"it'em\""
|
||||||
|
|
||||||
<ACLList> ::= "<ACLScope>(,<ACLScope>)*"
|
<ACLList> ::= "<ACLScope>(,<ACLScope>)*"
|
||||||
|
<APIScopeURLList> ::= "<APIScopeURL>(,<APIScopeURL>)*"
|
||||||
<ASPIDList> ::= "<ASPID>(,<ASPID>)*"
|
<ASPIDList> ::= "<ASPID>(,<ASPID>)*"
|
||||||
<CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
|
<CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
|
||||||
<ChatRoomList> ::= "<ChatRoom>(,<ChatRoom>)*"
|
<ChatRoomList> ::= "<ChatRoom>(,<ChatRoom>)*"
|
||||||
@@ -839,7 +841,7 @@ gam oauth|oauth2 delete|revoke
|
|||||||
gam oauth|oauth2 info|verify [accesstoken <AccessToken>] [idtoken <IDToken>] [showsecret]
|
gam oauth|oauth2 info|verify [accesstoken <AccessToken>] [idtoken <IDToken>] [showsecret]
|
||||||
gam oauth|oauth2 refresh
|
gam oauth|oauth2 refresh
|
||||||
|
|
||||||
gam <UserTypeEntity> check serviceaccount
|
gam <UserTypeEntity> check serviceaccount [scope|scopes <APIScopeURLList>]
|
||||||
|
|
||||||
gam whatis <EmailItem>
|
gam whatis <EmailItem>
|
||||||
|
|
||||||
|
|||||||
23
src/gam.py
23
src/gam.py
@@ -1546,6 +1546,15 @@ def printPassFail(description, result):
|
|||||||
print(' {0:74} {1}'.format(description, result))
|
print(' {0:74} {1}'.format(description, result))
|
||||||
|
|
||||||
def doCheckServiceAccount(users):
|
def doCheckServiceAccount(users):
|
||||||
|
i = 5
|
||||||
|
check_scopes = []
|
||||||
|
while i < len(sys.argv):
|
||||||
|
myarg = sys.argv[i].lower()
|
||||||
|
if myarg in ['scope', 'scopes']:
|
||||||
|
check_scopes = sys.argv[i+1].replace(',', ' ').split()
|
||||||
|
i += 2
|
||||||
|
else:
|
||||||
|
systemErrorExit(3, '%s is not a valid argument for "gam user <email> check serviceaccount"' % myarg)
|
||||||
something_failed = False
|
something_failed = False
|
||||||
print('Computer clock status:')
|
print('Computer clock status:')
|
||||||
timeOffset, nicetime = getLocalGoogleTimeOffset()
|
timeOffset, nicetime = getLocalGoogleTimeOffset()
|
||||||
@@ -1574,18 +1583,18 @@ def doCheckServiceAccount(users):
|
|||||||
something_failed = True
|
something_failed = True
|
||||||
auth_error = str(e.args[0])
|
auth_error = str(e.args[0])
|
||||||
printPassFail('Authenticating...%s' % auth_error, sa_token_result)
|
printPassFail('Authenticating...%s' % auth_error, sa_token_result)
|
||||||
all_scopes = []
|
if not check_scopes:
|
||||||
for _, scopes in list(API_SCOPE_MAPPING.items()):
|
for _, scopes in list(API_SCOPE_MAPPING.items()):
|
||||||
for scope in scopes:
|
for scope in scopes:
|
||||||
if scope not in all_scopes:
|
if scope not in check_scopes:
|
||||||
all_scopes.append(scope)
|
check_scopes.append(scope)
|
||||||
all_scopes.sort()
|
check_scopes.sort()
|
||||||
for user in users:
|
for user in users:
|
||||||
user = user.lower()
|
user = user.lower()
|
||||||
all_scopes_pass = True
|
all_scopes_pass = True
|
||||||
oa2 = googleapiclient.discovery.build('oauth2', 'v1', _createHttpObj())
|
oa2 = googleapiclient.discovery.build('oauth2', 'v1', _createHttpObj())
|
||||||
print('Domain-Wide Delegation authentication as %s:' % (user))
|
print('Domain-Wide Delegation authentication as %s:' % (user))
|
||||||
for scope in all_scopes:
|
for scope in check_scopes:
|
||||||
# try with and without email scope
|
# try with and without email scope
|
||||||
for scopes in [[scope, USERINFO_EMAIL_SCOPE], [scope]]:
|
for scopes in [[scope, USERINFO_EMAIL_SCOPE], [scope]]:
|
||||||
try:
|
try:
|
||||||
@@ -1614,7 +1623,7 @@ def doCheckServiceAccount(users):
|
|||||||
return
|
return
|
||||||
user_domain = user[user.find('@')+1:]
|
user_domain = user[user.find('@')+1:]
|
||||||
# Tack on email scope for more accurate checking
|
# Tack on email scope for more accurate checking
|
||||||
all_scopes.append(USERINFO_EMAIL_SCOPE)
|
check_scopes.append(USERINFO_EMAIL_SCOPE)
|
||||||
scopes_failed = '''Some scopes failed! Please go to:
|
scopes_failed = '''Some scopes failed! Please go to:
|
||||||
|
|
||||||
https://admin.google.com/%s/AdminHome?#OGX:ManageOauthClients
|
https://admin.google.com/%s/AdminHome?#OGX:ManageOauthClients
|
||||||
@@ -1625,7 +1634,7 @@ and grant Client name:
|
|||||||
|
|
||||||
Access to scopes:
|
Access to scopes:
|
||||||
|
|
||||||
%s\n''' % (user_domain, service_account, ',\n'.join(all_scopes))
|
%s\n''' % (user_domain, service_account, ',\n'.join(check_scopes))
|
||||||
systemErrorExit(1, scopes_failed)
|
systemErrorExit(1, scopes_failed)
|
||||||
|
|
||||||
# Batch processing request_id fields
|
# Batch processing request_id fields
|
||||||
|
|||||||
Reference in New Issue
Block a user