From d7e36bc5eb21d64b9cada877025e03bf07bce009 Mon Sep 17 00:00:00 2001 From: Ross Scroggs Date: Mon, 21 Oct 2024 10:17:34 -0700 Subject: [PATCH 1/3] Updated authentication process for `gam print|show projects`. --- docs/GamUpdates.md | 4 +++ docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md | 4 +-- docs/Version-and-Help.md | 12 ++++----- src/gam/__init__.py | 30 +++++++++++------------ src/gam/gamlib/glapi.py | 4 --- 5 files changed, 26 insertions(+), 28 deletions(-) diff --git a/docs/GamUpdates.md b/docs/GamUpdates.md index 07cafa0b..cdb15955 100644 --- a/docs/GamUpdates.md +++ b/docs/GamUpdates.md @@ -10,6 +10,10 @@ Add the `-s` option to the end of the above commands to suppress creating the `g See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation +### 7.00.25 + +Updated authentication process for `gam print|show projects`. + ### 7.00.24 Updated `gam print|show projects ... showiampolicies 0|1|3` to use non-service account authentication. diff --git a/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md b/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md index 2ca24085..3fccded6 100644 --- a/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md +++ b/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md @@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt. admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin$ gam version WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found -GAM 7.00.24 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.25 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -923,7 +923,7 @@ writes the credentials into the file oauth2.txt. C:\>del C:\GAMConfig\oauth2.txt C:\>gam version WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found -GAM7 7.00.24 - https://github.com/GAM-team/GAM - pythonsource +GAM7 7.00.25 - https://github.com/GAM-team/GAM - pythonsource GAM Team Python 3.13.0 64-bit final Windows-10-10.0.17134 AMD64 diff --git a/docs/Version-and-Help.md b/docs/Version-and-Help.md index f32d013b..a3944fd6 100644 --- a/docs/Version-and-Help.md +++ b/docs/Version-and-Help.md @@ -3,7 +3,7 @@ Print the current version of Gam with details ``` gam version -GAM 7.00.24 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.25 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00 Print the current version of Gam with details and time offset information ``` gam version timeoffset -GAM 7.00.24 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.25 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second Print the current version of Gam with extended details and SSL information ``` gam version extended -GAM 7.00.24 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.25 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64 Path: /Users/Admin/bin/gam7 Version Check: Current: 5.35.08 - Latest: 7.00.24 + Latest: 7.00.25 echo $? 1 ``` @@ -72,7 +72,7 @@ echo $? Print the current version number without details ``` gam version simple -7.00.24 +7.00.25 ``` In Linux/MacOS you can do: ``` @@ -82,7 +82,7 @@ echo $VER Print the current version of Gam and address of this Wiki ``` gam help -GAM 7.00.24 - https://github.com/GAM-team/GAM +GAM 7.00.25 - https://github.com/GAM-team/GAM GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 diff --git a/src/gam/__init__.py b/src/gam/__init__.py index 9815f22e..67daccbf 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki """ __author__ = 'GAM Team ' -__version__ = '7.00.24' +__version__ = '7.00.25' __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)' #pylint: disable=wrong-import-position @@ -11381,19 +11381,21 @@ def _getProjects(crm, pfilter, returnNF=False): query=pfilter) if projects: return projects - if not pfilter: + if (not pfilter) or pfilter == GAM_PROJECT_FILTER: return [] if pfilter.startswith('id:'): projects = [callGAPI(crm.projects(), 'get', throwReasons=[GAPI.BAD_REQUEST, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED], name=f'projects/{pfilter[3:]}')] - if projects or not returnNF: - return projects - return [{'projectId': pfilter[3:], 'state': 'NF'}] + if projects or not returnNF: + return projects + return [] except (GAPI.badRequest, GAPI.invalidArgument) as e: entityActionFailedExit([Ent.PROJECT, pfilter], str(e)) except GAPI.permissionDenied: - return [] + if (not pfilter) or (not pfilter.startswith('id:')) or (not returnNF): + return [] + return [{'projectId': pfilter[3:], 'state': 'NF'}] def _checkProjectFound(project, i, count): if project.get('state', '') != 'NF': @@ -11561,6 +11563,8 @@ def _getLoginHintProjects(createSvcAcctCmd=False, deleteSvcAcctCmd=False, printS if login_hint and login_hint.find('@') == -1: Cmd.Backup() login_hint = None + if readOnly and login_hint and login_hint != _getAdminEmail(): + readOnly = False projectIds = None pfilter = getString(Cmd.OB_STRING, optional=True) if not pfilter: @@ -11602,15 +11606,9 @@ def _getLoginHintProjects(createSvcAcctCmd=False, deleteSvcAcctCmd=False, printS login_hint = _getValidateLoginHint(login_hint, projectId) crm = None if readOnly: - _getSvcAcctData() - if (GM.Globals[GM.SVCACCT_SCOPES_DEFINED] and - (API.CLOUDRESOURCEMANAGER in GM.Globals[GM.SVCACCT_SCOPES] or - API.CLOUDRESOURCEMANAGER_V1 in GM.Globals[GM.SVCACCT_SCOPES])): #Backwards compatibility hack -# Removed 6.21.05 -# _, crm = buildGAPIServiceObject(API.CLOUDRESOURCEMANAGER, login_hint) - _, crm = buildGAPIServiceObject(API.CLOUDRESOURCEMANAGER, None) - if crm: - httpObj = crm._http + _, crm = buildGAPIServiceObject(API.CLOUDRESOURCEMANAGER, None) + if crm: + httpObj = crm._http if not crm: httpObj, crm = getCRMService(login_hint) if projectIds is None: @@ -11620,7 +11618,7 @@ def _getLoginHintProjects(createSvcAcctCmd=False, deleteSvcAcctCmd=False, printS else: projects = _getProjects(crm, f'id:{projectId}', returnNF=True) else: - projects = _getProjects(crm, pfilter) + projects = _getProjects(crm, pfilter, returnNF=printShowCmd) else: projects = [] for projectId in projectIds: diff --git a/src/gam/gamlib/glapi.py b/src/gam/gamlib/glapi.py index 77986ad4..071d98dd 100644 --- a/src/gam/gamlib/glapi.py +++ b/src/gam/gamlib/glapi.py @@ -695,10 +695,6 @@ _SVCACCT_SCOPES = [ ] _SVCACCT_SPECIAL_SCOPES = [ - {'name': 'Cloud Resource Manager API v3', - 'api': CLOUDRESOURCEMANAGER, - 'subscopes': [], - 'scope': CLOUD_PLATFORM_SCOPE}, {'name': 'Drive API - todrive', 'api': DRIVETD, 'subscopes': [], From cbb95a47f8fab8adf915a52ef2f51bfe97776c0f Mon Sep 17 00:00:00 2001 From: Jay Lee Date: Tue, 22 Oct 2024 09:22:56 -0400 Subject: [PATCH 2/3] actions: rebuild for OpenSSL 3.4.0 --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 55b02977..848f1cc6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -115,7 +115,7 @@ jobs: with: path: | cache.tar.xz - key: gam-${{ matrix.jid }}-20241014 + key: gam-${{ matrix.jid }}-20241022 - name: Untar Cache archive if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true' From beb75dbc208ee2bef579ee04dd9267cd38cdd92d Mon Sep 17 00:00:00 2001 From: Ross Scroggs Date: Tue, 22 Oct 2024 17:17:13 -0700 Subject: [PATCH 3/3] Updated `drive_dir` in `gam.cfg` to allow the value `.` --- docs/Authorization.md | 7 +++--- docs/GamUpdates.md | 7 ++++++ docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md | 4 +-- docs/Version-and-Help.md | 30 +++++++++++------------ src/GamUpdate.txt | 9 +++++++ src/gam/__init__.py | 4 +-- src/gam/gamlib/glapi.py | 1 - 7 files changed, 38 insertions(+), 24 deletions(-) diff --git a/docs/Authorization.md b/docs/Authorization.md index 94d99f81..ab1874c4 100644 --- a/docs/Authorization.md +++ b/docs/Authorization.md @@ -163,12 +163,11 @@ as required by Google for headless computers/cloud shells; this is required as o ``` ## Manage Projects In all of the project commands, the Google Workspace admin/GCP project manager `` can be omitted; you will be prompted for a value. -You must enter a full address, i.e., user@domain.com; you will be required to enter the password. +You must enter a full address, i.e., user@domain.com; you will be required to authenticate. -For `print|show projects`, you can eliminate the password requirement by enabling the following scope in `gam update serviceaccount`; -GAM will then use Service Account access to display projects. +For `print|show projects`, you can eliminate the password prompt and authentication requirement by specifying the super admin emailaddress used in `gam oauth create`. ``` -[*] 9) Cloud Resource Manager API v3 +gam print projects admin admin@domain.com ``` ## Authorize a super admin to create projects diff --git a/docs/GamUpdates.md b/docs/GamUpdates.md index cdb15955..0df6e1ee 100644 --- a/docs/GamUpdates.md +++ b/docs/GamUpdates.md @@ -10,6 +10,13 @@ Add the `-s` option to the end of the above commands to suppress creating the `g See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation +### 7.00.26 + +Updated `drive_dir` in `gam.cfg` to allow the value `.` that causes `redirect csv|stdout|stderr ` +to write `` in the current directory without having to prefix `` with `./`. + +Upgraded to OpenSSL 3.4.0 where possible. + ### 7.00.25 Updated authentication process for `gam print|show projects`. diff --git a/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md b/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md index 3fccded6..e9d4b184 100644 --- a/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md +++ b/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md @@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt. admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin$ gam version WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found -GAM 7.00.25 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.26 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -923,7 +923,7 @@ writes the credentials into the file oauth2.txt. C:\>del C:\GAMConfig\oauth2.txt C:\>gam version WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found -GAM7 7.00.25 - https://github.com/GAM-team/GAM - pythonsource +GAM7 7.00.26 - https://github.com/GAM-team/GAM - pythonsource GAM Team Python 3.13.0 64-bit final Windows-10-10.0.17134 AMD64 diff --git a/docs/Version-and-Help.md b/docs/Version-and-Help.md index a3944fd6..2d223bd9 100644 --- a/docs/Version-and-Help.md +++ b/docs/Version-and-Help.md @@ -3,7 +3,7 @@ Print the current version of Gam with details ``` gam version -GAM 7.00.25 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.26 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00 Print the current version of Gam with details and time offset information ``` gam version timeoffset -GAM 7.00.25 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.26 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second Print the current version of Gam with extended details and SSL information ``` gam version extended -GAM 7.00.25 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.26 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -35,17 +35,17 @@ Path: /Users/Admin/bin/gam7 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Time: 2023-06-02T21:10:00-07:00 Your system time differs from admin.googleapis.com by less than 1 second -OpenSSL 3.1.1 30 May 2023 -cryptography 41.0.1 -filelock 3.13.0 -google-api-python-client 2.88.0 -google-auth-httplib2 0.1.0 -google-auth-oauthlib 1.0.0 -google-auth 2.19.1 +OpenSSL 3.4.0 22 Oct Sep 2024 +cryptography 43.0.3 +filelock 3.16.1 +google-api-python-client 2.149.0 +google-auth-httplib2 0.2.0 +google-auth-oauthlib 1.2.1 +google-auth 2.35.0 httplib2 0.22.0 passlib 1.7.4 -python-dateutil 2.8.2 -yubikey-manager 5.1.1 +python-dateutil 2.9.0.post0 +yubikey-manager 5.5.1 admin.googleapis.com connects using TLSv1.3 TLS_AES_256_GCM_SHA384 ``` @@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64 Path: /Users/Admin/bin/gam7 Version Check: Current: 5.35.08 - Latest: 7.00.25 + Latest: 7.00.26 echo $? 1 ``` @@ -72,7 +72,7 @@ echo $? Print the current version number without details ``` gam version simple -7.00.25 +7.00.26 ``` In Linux/MacOS you can do: ``` @@ -82,7 +82,7 @@ echo $VER Print the current version of Gam and address of this Wiki ``` gam help -GAM 7.00.25 - https://github.com/GAM-team/GAM +GAM 7.00.26 - https://github.com/GAM-team/GAM GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 diff --git a/src/GamUpdate.txt b/src/GamUpdate.txt index f9d53c1e..c57af05f 100644 --- a/src/GamUpdate.txt +++ b/src/GamUpdate.txt @@ -1,3 +1,12 @@ +7.00.26 + +Updated `drive_dir` in `gam.cfg` to allow the value `.` that causes `redirect csv|stdout|stderr ` +to write `` in the current directory without having to prefix `` with `./`. + +7.00.25 + +Updated authentication process for `gam print|show projects`. + 7.00.24 Updated `gam print|show projects ... showiampolicies 0|1|3` to use non-service account authentication. diff --git a/src/gam/__init__.py b/src/gam/__init__.py index 67daccbf..7d731801 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki """ __author__ = 'GAM Team ' -__version__ = '7.00.25' +__version__ = '7.00.26' __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)' #pylint: disable=wrong-import-position @@ -3671,7 +3671,7 @@ def SetGlobalVariables(): dirPath = os.path.expanduser(_stripStringQuotes(GM.Globals[GM.PARSER].get(sectionName, itemName))) if (not dirPath) and (itemName in {GC.GMAIL_CSE_INCERT_DIR, GC.GMAIL_CSE_INKEY_DIR}): return dirPath - if (not dirPath) or (not os.path.isabs(dirPath)): + if (not dirPath) or (not os.path.isabs(dirPath) and dirPath != '.'): if (sectionName != configparser.DEFAULTSECT) and (GM.Globals[GM.PARSER].has_option(sectionName, itemName)): dirPath = os.path.join(os.path.expanduser(_stripStringQuotes(GM.Globals[GM.PARSER].get(configparser.DEFAULTSECT, itemName))), dirPath) if not os.path.isabs(dirPath): diff --git a/src/gam/gamlib/glapi.py b/src/gam/gamlib/glapi.py index 071d98dd..a2c82629 100644 --- a/src/gam/gamlib/glapi.py +++ b/src/gam/gamlib/glapi.py @@ -49,7 +49,6 @@ CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits' CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta' CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations' CLOUDRESOURCEMANAGER = 'cloudresourcemanager' -CLOUDRESOURCEMANAGER_V1 = 'cloudresourcemanager1' CONTACTS = 'contacts' CONTACTDELEGATION = 'contactdelegation' DATATRANSFER = 'datatransfer'