From 1b26a11281ac4141261bc25a1a374a52cc5231f2 Mon Sep 17 00:00:00 2001 From: Ross Scroggs Date: Mon, 14 Sep 2020 09:58:52 -0700 Subject: [PATCH] Complete adminrole commands; add signout and turnoff2sv (#1237) * Complete create admintole * Add update/delete to adminroles * Update privileges options * Separate create/update adminrole * Sdd signout/turnoff2sv commands * Move signout, turn_off_2sv to new users.py --- src/GamCommands.txt | 7 +++ src/gam/__init__.py | 9 ++++ src/gam/gapi/directory/roles.py | 88 ++++++++++++++++++++++++++------- src/gam/gapi/directory/users.py | 32 ++++++++++++ 4 files changed, 118 insertions(+), 18 deletions(-) create mode 100644 src/gam/gapi/directory/users.py diff --git a/src/GamCommands.txt b/src/GamCommands.txt index 04203895..aa393ebc 100644 --- a/src/GamCommands.txt +++ b/src/GamCommands.txt @@ -943,6 +943,9 @@ gam report [todrive] gam create admin customer|(org_unit ) gam delete admin gam print admins [todrive] [user ] [role ] +gam create adminrole privileges all|all_ou| [description ] +gam update adminrole [name ] [privileges all|all_ou|] [description ] +gam delete adminrole gam print adminroles|roles [todrive] gam create domain @@ -1450,3 +1453,7 @@ gam vacation gam vacation subject (message )|(file [charset ]) (replace )* [html] [contactsonly] [domainonly] [startdate ] [enddate ] gam show vacation [format] + +gam signout +gam turnoff2sv + diff --git a/src/gam/__init__.py b/src/gam/__init__.py index d0ef6ff1..de2751b3 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -65,6 +65,7 @@ from gam.gapi.directory import orgunits as gapi_directory_orgunits from gam.gapi.directory import privileges as gapi_directory_privileges from gam.gapi.directory import resource as gapi_directory_resource from gam.gapi.directory import roles as gapi_directory_roles +from gam.gapi.directory import users as gapi_directory_users from gam.gapi import siteverification as gapi_siteverification from gam.gapi import errors as gapi_errors from gam.gapi import reports as gapi_reports @@ -11256,6 +11257,8 @@ def ProcessGAMCommand(args): gapi_directory_resource.updateBuilding() elif argument in ['feature']: gapi_directory_resource.updateFeature() + elif argument in ['adminrole']: + gapi_directory_roles.update() else: controlflow.invalid_argument_exit(argument, 'gam update') sys.exit(0) @@ -11368,6 +11371,8 @@ def ProcessGAMCommand(args): doDeleteOrUndeleteAlert('delete') elif argument in ['sakey', 'sakeys']: doDeleteServiceAccountKeys() + elif argument in ['adminrole']: + gapi_directory_roles.delete() else: controlflow.invalid_argument_exit(argument, 'gam delete') sys.exit(0) @@ -11887,6 +11892,10 @@ def ProcessGAMCommand(args): else: controlflow.invalid_argument_exit(watchWhat, 'gam watch') + elif command == 'signout': + gapi_directory_users.signout(users) + elif command == 'turnoff2sv': + gapi_directory_users.turn_off_2sv(users) else: controlflow.invalid_argument_exit(command, 'gam') except IndexError: diff --git a/src/gam/gapi/directory/roles.py b/src/gam/gapi/directory/roles.py index 3357f45d..4ee1332b 100644 --- a/src/gam/gapi/directory/roles.py +++ b/src/gam/gapi/directory/roles.py @@ -1,46 +1,98 @@ import sys from gam.var import GC_Values, GC_CUSTOMER_ID +import gam +from gam import controlflow from gam import display from gam import gapi from gam.gapi import directory as gapi_directory from gam.gapi.directory import privileges as gapi_directory_privileges +def getPrivileges(body, privs, action): + all_privileges = gapi_directory_privileges.print_(return_only=True) + if privs == 'ALL': + body['rolePrivileges'] = [ + {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges + ] + elif privs == 'ALL_OU': + body['rolePrivileges'] = [ + {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges if p.get('isOuScopable') + ] + else: + body.setdefault('rolePrivileges', []) + for priv in privs.split(','): + for p in all_privileges: + if priv == p['privilegeName']: + body['rolePrivileges'].append({'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']}) + break + else: + controlflow.invalid_argument_exit(priv, + f'gam {action} adminrole privileges') + def create(): cd = gapi_directory.build() - body = {'privileges': []} - all_privileges = gapi_directory_privileges.print_(return_only=True) - i = 3 + body = {'roleName': sys.argv[3]} + i = 4 while i < len(sys.argv): myarg = sys.argv[i].lower() if myarg == 'privileges': - privs = sys.argv[i + 1] - if privs == 'all': - body['rolePrivileges'] = all_privileges - elif privs == 'all_ou': - body['rolePrivileges'] = [ - p for p in all_privileges if p.get('isOuScopable') - ] - else: - # Known broken, need to get serviceName in here also... - body['rolePrivileges'] = [{ - 'privilegeName': p - } for p in sys.argv[i + 1].split(',')] + getPrivileges(body, sys.argv[i + 1].upper(), 'create') + i += 2 + elif myarg == 'description': + body['roleDescription'] = sys.argv[i + 1] + i += 2 + else: + controlflow.invalid_argument_exit(sys.argv[i], + 'gam create adminrole') + + if not body.get('rolePrivileges'): + controlflow.missing_argument_exit('privileges', + 'gam create adminrole') + print(f'Creating role {body["roleName"]}') + gapi.call(cd.roles(), + 'insert', + customer=GC_Values[GC_CUSTOMER_ID], + body=body) + +def update(): + cd = gapi_directory.build() + body = {} + roleId = gam.getRoleId(sys.argv[3]) + i = 4 + while i < len(sys.argv): + myarg = sys.argv[i].lower() + if myarg == 'privileges': + getPrivileges(body, sys.argv[i + 1].upper(), 'update') + i += 2 + elif myarg == 'description': + body['roleDescription'] = sys.argv[i + 1] i += 2 elif myarg == 'name': body['roleName'] = sys.argv[i + 1] i += 2 else: controlflow.invalid_argument_exit(sys.argv[i], - 'gam create adminrole') - print(f'Creating role {body["roleName"]}') + 'gam update adminrole') + + print(f'Updating role {roleId}') gapi.call(cd.roles(), - 'insert', + 'patch', customer=GC_Values[GC_CUSTOMER_ID], + roleId=roleId, body=body) +def delete(): + cd = gapi_directory.build() + roleId = gam.getRoleId(sys.argv[3]) + print(f'Deleting role {roleId}') + gapi.call(cd.roles(), + 'delete', + customer=GC_Values[GC_CUSTOMER_ID], + roleId=roleId) + + def print_(): cd = gapi_directory.build() todrive = False diff --git a/src/gam/gapi/directory/users.py b/src/gam/gapi/directory/users.py new file mode 100644 index 00000000..fe7f4dfd --- /dev/null +++ b/src/gam/gapi/directory/users.py @@ -0,0 +1,32 @@ +import gam +from gam import gapi +from gam.gapi import directory as gapi_directory + +def signout(users): + cd = gapi_directory.build() + i = 0 + count = len(users) + for user in users: + i += 1 + user = gam.normalizeEmailAddressOrUID(user) + print(f'Signing Out {user}{gam.currentCount(i, count)}') + gapi.call(cd.users(), + 'signOut', + soft_errors=True, + userKey=user) + + +def turn_off_2sv(users): + cd = gapi_directory.build() + i = 0 + count = len(users) + for user in users: + i += 1 + user = gam.normalizeEmailAddressOrUID(user) + print(f'Turning Off 2-Step Verification for {user}{gam.currentCount(i, count)}') + gapi.call(cd.twoStepVerification(), + 'turnOff', + soft_errors=True, + userKey=user) + +