Complete adminrole commands; add signout and turnoff2sv (#1237)

* Complete create admintole

* Add update/delete to adminroles

* Update privileges options

* Separate create/update adminrole

* Sdd signout/turnoff2sv commands

* Move signout, turn_off_2sv to new users.py

src/GamCommands.txt

@@ -943,6 +943,9 @@ gam report <ActivityApplicationName> [todrive]
 gam create admin <UserItem> <RoleItem> customer|(org_unit <OrgUnitItem>)
 gam delete admin <RoleAssignmentId>
 gam print admins [todrive] [user <UserItem>] [role <RoleItem>]
+gam create adminrole <String> privileges all|all_ou|<PrivilegesList> [description <String>]
+gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegesList>] [description <String>]
+gam delete adminrole <RoleItem>
 gam print adminroles|roles [todrive]
 
 gam create domain <DomainName>
@@ -1450,3 +1453,7 @@ gam <UserTypeEntity> vacation <FalseValues>
 gam <UserTypeEntity> vacation <TrueValues> subject <String> (message <String>)|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)* [html]
 	[contactsonly] [domainonly] [startdate <Date>] [enddate <Date>]
 gam <UserTypeEntity> show vacation [format]
+
+gam <UserTypeEntity> signout
+gam <UserTypeEntity> turnoff2sv
+

src/gam/__init__.py

@@ -65,6 +65,7 @@ from gam.gapi.directory import orgunits as gapi_directory_orgunits
 from gam.gapi.directory import privileges as gapi_directory_privileges
 from gam.gapi.directory import resource as gapi_directory_resource
 from gam.gapi.directory import roles as gapi_directory_roles
+from gam.gapi.directory import users as gapi_directory_users
 from gam.gapi import siteverification as gapi_siteverification
 from gam.gapi import errors as gapi_errors
 from gam.gapi import reports as gapi_reports
@@ -11256,6 +11257,8 @@ def ProcessGAMCommand(args):
                 gapi_directory_resource.updateBuilding()
             elif argument in ['feature']:
                 gapi_directory_resource.updateFeature()
+            elif argument in ['adminrole']:
+                gapi_directory_roles.update()
             else:
                 controlflow.invalid_argument_exit(argument, 'gam update')
             sys.exit(0)
@@ -11368,6 +11371,8 @@ def ProcessGAMCommand(args):
                 doDeleteOrUndeleteAlert('delete')
             elif argument in ['sakey', 'sakeys']:
                 doDeleteServiceAccountKeys()
+            elif argument in ['adminrole']:
+                gapi_directory_roles.delete()
             else:
                 controlflow.invalid_argument_exit(argument, 'gam delete')
             sys.exit(0)
@@ -11887,6 +11892,10 @@ def ProcessGAMCommand(args):
             else:
                 controlflow.invalid_argument_exit(watchWhat,
                                                   'gam <users> watch')
+        elif command == 'signout':
+            gapi_directory_users.signout(users)
+        elif command == 'turnoff2sv':
+            gapi_directory_users.turn_off_2sv(users)
         else:
             controlflow.invalid_argument_exit(command, 'gam')
     except IndexError:

src/gam/gapi/directory/roles.py

@@ -1,46 +1,98 @@
 import sys
 
 from gam.var import GC_Values, GC_CUSTOMER_ID
+import gam
+from gam import controlflow
 from gam import display
 from gam import gapi
 from gam.gapi import directory as gapi_directory
 from gam.gapi.directory import privileges as gapi_directory_privileges
 
 
+def getPrivileges(body, privs, action):
+    all_privileges = gapi_directory_privileges.print_(return_only=True)
+    if privs == 'ALL':
+        body['rolePrivileges'] = [
+            {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges
+            ]
+    elif privs == 'ALL_OU':
+        body['rolePrivileges'] = [
+            {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges if p.get('isOuScopable')
+            ]
+    else:
+      body.setdefault('rolePrivileges', [])
+      for priv in privs.split(','):
+          for p in all_privileges:
+              if priv == p['privilegeName']:
+                body['rolePrivileges'].append({'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']})
+                break
+          else:
+              controlflow.invalid_argument_exit(priv,
+                                                f'gam {action} adminrole privileges')
+
 def create():
     cd = gapi_directory.build()
-    body = {'privileges': []}
-    all_privileges = gapi_directory_privileges.print_(return_only=True)
-    i = 3
+    body = {'roleName': sys.argv[3]}
+    i = 4
     while i < len(sys.argv):
         myarg = sys.argv[i].lower()
         if myarg == 'privileges':
-            privs = sys.argv[i + 1]
-            if privs == 'all':
-                body['rolePrivileges'] = all_privileges
-            elif privs == 'all_ou':
-                body['rolePrivileges'] = [
-                    p for p in all_privileges if p.get('isOuScopable')
-                ]
-            else:
-                # Known broken, need to get serviceName in here also...
-                body['rolePrivileges'] = [{
-                    'privilegeName': p
-                } for p in sys.argv[i + 1].split(',')]
+            getPrivileges(body, sys.argv[i + 1].upper(), 'create')
+            i += 2
+        elif myarg == 'description':
+            body['roleDescription'] = sys.argv[i + 1]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam create adminrole')
+
+    if not body.get('rolePrivileges'):
+        controlflow.missing_argument_exit('privileges',
+                                          'gam create adminrole')
+    print(f'Creating role {body["roleName"]}')
+    gapi.call(cd.roles(),
+              'insert',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              body=body)
+
+def update():
+    cd = gapi_directory.build()
+    body = {}
+    roleId = gam.getRoleId(sys.argv[3])
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'privileges':
+            getPrivileges(body, sys.argv[i + 1].upper(), 'update')
+            i += 2
+        elif myarg == 'description':
+            body['roleDescription'] = sys.argv[i + 1]
             i += 2
         elif myarg == 'name':
             body['roleName'] = sys.argv[i + 1]
             i += 2
         else:
             controlflow.invalid_argument_exit(sys.argv[i],
-                                              'gam create adminrole')
-    print(f'Creating role {body["roleName"]}')
+                                              'gam update adminrole')
+
+    print(f'Updating role {roleId}')
     gapi.call(cd.roles(),
-              'insert',
+              'patch',
               customer=GC_Values[GC_CUSTOMER_ID],
+              roleId=roleId,
               body=body)
 
 
+def delete():
+    cd = gapi_directory.build()
+    roleId = gam.getRoleId(sys.argv[3])
+    print(f'Deleting role {roleId}')
+    gapi.call(cd.roles(),
+              'delete',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              roleId=roleId)
+
+
 def print_():
     cd = gapi_directory.build()
     todrive = False

src/gam/gapi/directory/users.py

@@ -0,0 +1,32 @@
+import gam
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+
+def signout(users):
+    cd = gapi_directory.build()
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        user = gam.normalizeEmailAddressOrUID(user)
+        print(f'Signing Out {user}{gam.currentCount(i, count)}')
+        gapi.call(cd.users(),
+                  'signOut',
+                  soft_errors=True,
+                  userKey=user)
+
+
+def turn_off_2sv(users):
+    cd = gapi_directory.build()
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        user = gam.normalizeEmailAddressOrUID(user)
+        print(f'Turning Off 2-Step Verification for {user}{gam.currentCount(i, count)}')
+        gapi.call(cd.twoStepVerification(),
+                  'turnOff',
+                  soft_errors=True,
+                  userKey=user)
+
+