Complete adminrole commands; add signout and turnoff2sv (#1237)

* Complete create admintole * Add update/delete to adminroles * Update privileges options * Separate create/update adminrole * Sdd signout/turnoff2sv commands * Move signout, turn_off_2sv to new users.py
2026-06-29 18:31:38 +00:00 · 2020-09-14 09:58:52 -07:00
parent 56f52c8623
commit 1b26a11281
4 changed files with 118 additions and 18 deletions
--- a/src/gam/gapi/directory/roles.py
+++ b/src/gam/gapi/directory/roles.py
@@ -1,46 +1,98 @@
 import sys

 from gam.var import GC_Values, GC_CUSTOMER_ID
+import gam
+from gam import controlflow
 from gam import display
 from gam import gapi
 from gam.gapi import directory as gapi_directory
 from gam.gapi.directory import privileges as gapi_directory_privileges


+def getPrivileges(body, privs, action):
+    all_privileges = gapi_directory_privileges.print_(return_only=True)
+    if privs == 'ALL':
+        body['rolePrivileges'] = [
+            {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges
+            ]
+    elif privs == 'ALL_OU':
+        body['rolePrivileges'] = [
+            {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges if p.get('isOuScopable')
+            ]
+    else:
+      body.setdefault('rolePrivileges', [])
+      for priv in privs.split(','):
+          for p in all_privileges:
+              if priv == p['privilegeName']:
+                body['rolePrivileges'].append({'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']})
+                break
+          else:
+              controlflow.invalid_argument_exit(priv,
+                                                f'gam {action} adminrole privileges')
+
 def create():
    cd = gapi_directory.build()
-    body = {'privileges': []}
-    all_privileges = gapi_directory_privileges.print_(return_only=True)
-    i = 3
+    body = {'roleName': sys.argv[3]}
+    i = 4
    while i < len(sys.argv):
        myarg = sys.argv[i].lower()
        if myarg == 'privileges':
-            privs = sys.argv[i + 1]
-            if privs == 'all':
-                body['rolePrivileges'] = all_privileges
-            elif privs == 'all_ou':
-                body['rolePrivileges'] = [
-                    p for p in all_privileges if p.get('isOuScopable')
-                ]
-            else:
-                # Known broken, need to get serviceName in here also...
-                body['rolePrivileges'] = [{
-                    'privilegeName': p
-                } for p in sys.argv[i + 1].split(',')]
+            getPrivileges(body, sys.argv[i + 1].upper(), 'create')
+            i += 2
+        elif myarg == 'description':
+            body['roleDescription'] = sys.argv[i + 1]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam create adminrole')
+
+    if not body.get('rolePrivileges'):
+        controlflow.missing_argument_exit('privileges',
+                                          'gam create adminrole')
+    print(f'Creating role {body["roleName"]}')
+    gapi.call(cd.roles(),
+              'insert',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              body=body)
+
+def update():
+    cd = gapi_directory.build()
+    body = {}
+    roleId = gam.getRoleId(sys.argv[3])
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'privileges':
+            getPrivileges(body, sys.argv[i + 1].upper(), 'update')
+            i += 2
+        elif myarg == 'description':
+            body['roleDescription'] = sys.argv[i + 1]
            i += 2
        elif myarg == 'name':
            body['roleName'] = sys.argv[i + 1]
            i += 2
        else:
            controlflow.invalid_argument_exit(sys.argv[i],
-                                              'gam create adminrole')
-    print(f'Creating role {body["roleName"]}')
+                                              'gam update adminrole')
+
+    print(f'Updating role {roleId}')
    gapi.call(cd.roles(),
-              'insert',
+              'patch',
              customer=GC_Values[GC_CUSTOMER_ID],
+              roleId=roleId,
              body=body)


+def delete():
+    cd = gapi_directory.build()
+    roleId = gam.getRoleId(sys.argv[3])
+    print(f'Deleting role {roleId}')
+    gapi.call(cd.roles(),
+              'delete',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              roleId=roleId)
+
+
 def print_():
    cd = gapi_directory.build()
    todrive = False
--- a/src/gam/gapi/directory/users.py
+++ b/src/gam/gapi/directory/users.py
@@ -0,0 +1,32 @@
+import gam
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+
+def signout(users):
+    cd = gapi_directory.build()
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        user = gam.normalizeEmailAddressOrUID(user)
+        print(f'Signing Out {user}{gam.currentCount(i, count)}')
+        gapi.call(cd.users(),
+                  'signOut',
+                  soft_errors=True,
+                  userKey=user)
+
+
+def turn_off_2sv(users):
+    cd = gapi_directory.build()
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        user = gam.normalizeEmailAddressOrUID(user)
+        print(f'Turning Off 2-Step Verification for {user}{gam.currentCount(i, count)}')
+        gapi.call(cd.twoStepVerification(),
+                  'turnOff',
+                  soft_errors=True,
+                  userKey=user)
+
+