mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 20:31:35 +00:00
Create, update and delete Cloud Identity policies
Some checks failed
Build and test GAM / build (false, build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (false, build, 10, Build x86_64 macOS 15, macos-15-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 11, Build x86_64 macOS 26, macos-26-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 12, Build Arm MacOS 26, macos-26) (push) Has been cancelled
Build and test GAM / build (false, build, 13, Build Intel Windows, windows-2025-vs2026) (push) Has been cancelled
Build and test GAM / build (false, build, 14, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (false, build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (false, build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (false, test, 15, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (false, test, 16, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (false, test, 17, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (false, test, 18, Test Python 3.13, ubuntu-24.04, 3.13) (push) Has been cancelled
Build and test GAM / build (false, test, 19, Test Python 3.15-dev, ubuntu-24.04, 3.15-dev) (push) Has been cancelled
Build and test GAM / build (true, test, 20, Test Python 3.14 freethread, ubuntu-24.04, 3.14) (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
Some checks failed
Build and test GAM / build (false, build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (false, build, 10, Build x86_64 macOS 15, macos-15-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 11, Build x86_64 macOS 26, macos-26-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 12, Build Arm MacOS 26, macos-26) (push) Has been cancelled
Build and test GAM / build (false, build, 13, Build Intel Windows, windows-2025-vs2026) (push) Has been cancelled
Build and test GAM / build (false, build, 14, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (false, build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (false, build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (false, test, 15, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (false, test, 16, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (false, test, 17, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (false, test, 18, Test Python 3.13, ubuntu-24.04, 3.13) (push) Has been cancelled
Build and test GAM / build (false, test, 19, Test Python 3.15-dev, ubuntu-24.04, 3.15-dev) (push) Has been cancelled
Build and test GAM / build (true, test, 20, Test Python 3.14 freethread, ubuntu-24.04, 3.14) (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
This commit is contained in:
@@ -5,6 +5,8 @@
|
|||||||
- [Definitions](#definitions)
|
- [Definitions](#definitions)
|
||||||
- [Policies](#policies)
|
- [Policies](#policies)
|
||||||
- [Display Cloud Identity Policies](#display-cloud-identity-policies)
|
- [Display Cloud Identity Policies](#display-cloud-identity-policies)
|
||||||
|
- [Create and Update Cloud Identity Policies](#create-and-update-cloud-identity-policies)
|
||||||
|
- [Delete Cloud Identity Policies](#delete-cloud-identity-policies)
|
||||||
|
|
||||||
## API documentation
|
## API documentation
|
||||||
* [Policy API](https://cloud.google.com/identity/docs/reference/rest/v1/policies)
|
* [Policy API](https://cloud.google.com/identity/docs/reference/rest/v1/policies)
|
||||||
@@ -35,6 +37,9 @@ You must enable access to policies in the GCP cloud console.
|
|||||||
* Click Organization Policy Administrator
|
* Click Organization Policy Administrator
|
||||||
* Click Save
|
* Click Save
|
||||||
|
|
||||||
|
The commands to create, update and delete Cloud Identity policies for data loss prevention (DLP) rules and detectors
|
||||||
|
were added in version `7.46.00`.
|
||||||
|
|
||||||
## Definitions
|
## Definitions
|
||||||
```
|
```
|
||||||
<CIPolicyName> ::= policies/<String>|settings/<String>|<String>
|
<CIPolicyName> ::= policies/<String>|settings/<String>|<String>
|
||||||
@@ -87,7 +92,7 @@ gam show policies
|
|||||||
[formatjson]
|
[formatjson]
|
||||||
```
|
```
|
||||||
By default, all policies are displayed.
|
By default, all policies are displayed.
|
||||||
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list
|
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1/policies/list
|
||||||
* `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>`
|
* `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>`
|
||||||
* `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>`
|
* `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>`
|
||||||
|
|
||||||
@@ -110,7 +115,7 @@ gam print policies [todrive <ToDriveAttribute>*]
|
|||||||
[formatjson [quotechar <Character>]]
|
[formatjson [quotechar <Character>]]
|
||||||
```
|
```
|
||||||
By default, all policies are displayed:
|
By default, all policies are displayed:
|
||||||
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list
|
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1/policies/list
|
||||||
* `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>`
|
* `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>`
|
||||||
* `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>`
|
* `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>`
|
||||||
|
|
||||||
@@ -152,3 +157,32 @@ Print all polices that apply to the OU "/Staff" and its sub-OUs.
|
|||||||
```
|
```
|
||||||
gam redirect csv ./StaffPolicies.csv print policies ou "^/Staff"
|
gam redirect csv ./StaffPolicies.csv print policies ou "^/Staff"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Create and Update Cloud Identity Policies
|
||||||
|
Policies can be complex objects, it is probably easiest to create template policies in the Admin console (under Rules),
|
||||||
|
output the JSON format data for those policies to be used in subsequent create and update commands.
|
||||||
|
|
||||||
|
```
|
||||||
|
gam create policy
|
||||||
|
json <JSONData>
|
||||||
|
[(ou|orgunit <OrgUnitItem>)|(group <GroupItem>)|(query <String>)]
|
||||||
|
gam update policy
|
||||||
|
json <JSONData>
|
||||||
|
[(ou|orgunit <OrgUnitItem>)|(group <GroupItem>)|(query <String>)]
|
||||||
|
```
|
||||||
|
```
|
||||||
|
gam redirect stdout ./policy.json info policies policies/akajj264aoclblvncu
|
||||||
|
Make changes to policy.json and update the policy.
|
||||||
|
gam update policy json file policy.json
|
||||||
|
|
||||||
|
Update the policy to reference a different group.
|
||||||
|
gam update policy json file policy.json group <EmailAddress>
|
||||||
|
|
||||||
|
Make changes to policy.json and create a new policy in a different OU.
|
||||||
|
gam create policy json file policy.json ou <OrgUnitPath>
|
||||||
|
```
|
||||||
|
|
||||||
|
## Delete Cloud Identity Policies
|
||||||
|
```
|
||||||
|
gam delete policies <CIPolicyNameEntity>
|
||||||
|
```
|
||||||
|
|||||||
@@ -10,6 +10,13 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
|
|||||||
|
|
||||||
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
||||||
|
|
||||||
|
### 7.46.00
|
||||||
|
|
||||||
|
Added commands to create, update and delete Cloud Identity policies for data loss prevention (DLP) rules and detectors.
|
||||||
|
|
||||||
|
* See: https://github.com/GAM-team/GAM/wiki/Cloud-Identity-Policies
|
||||||
|
* See: https://workspaceupdates.googleblog.com/2026/06/introducing-workspace-policy-api-mutate-endpoints-for-DLP.html
|
||||||
|
|
||||||
### 7.45.00
|
### 7.45.00
|
||||||
|
|
||||||
Added options `isdisabled [<Boolean>]`, `disabledafter <DateTime>` and `disabledbefore <DateTime>`
|
Added options `isdisabled [<Boolean>]`, `disabledafter <DateTime>` and `disabledbefore <DateTime>`
|
||||||
|
|||||||
@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
|
|||||||
```
|
```
|
||||||
gamteam@server:/Users/gamteam$ rm -f /Users/gamteam/GAMConfig/oauth2.txt
|
gamteam@server:/Users/gamteam$ rm -f /Users/gamteam/GAMConfig/oauth2.txt
|
||||||
gamteam@server:/Users/gamteam$ gam version
|
gamteam@server:/Users/gamteam$ gam version
|
||||||
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.14.5 64-bit final
|
Python 3.14.5 64-bit final
|
||||||
macOS Tahoe 26.5.1 arm64
|
macOS Tahoe 26.5.1 arm64
|
||||||
@@ -1034,7 +1034,7 @@ writes the credentials into the file oauth2.txt.
|
|||||||
```
|
```
|
||||||
C:\>del C:\GAMConfig\oauth2.txt
|
C:\>del C:\GAMConfig\oauth2.txt
|
||||||
C:\>gam version
|
C:\>gam version
|
||||||
GAM 7.45.00 - https://github.com/GAM-team/GAM - pythonsource
|
GAM 7.46.00 - https://github.com/GAM-team/GAM - pythonsource
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.14.5 64-bit final
|
Python 3.14.5 64-bit final
|
||||||
Windows 11 10.0.26200 AMD64
|
Windows 11 10.0.26200 AMD64
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
Print the current version of Gam with details
|
Print the current version of Gam with details
|
||||||
```
|
```
|
||||||
gam version
|
gam version
|
||||||
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.14.5 64-bit final
|
Python 3.14.5 64-bit final
|
||||||
macOS Tahoe 26.5.1 arm64
|
macOS Tahoe 26.5.1 arm64
|
||||||
@@ -15,7 +15,7 @@ Time: 2026-02-15T07:51:00-08:00
|
|||||||
Print the current version of Gam with details and time offset information
|
Print the current version of Gam with details and time offset information
|
||||||
```
|
```
|
||||||
gam version timeoffset
|
gam version timeoffset
|
||||||
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.14.5 64-bit final
|
Python 3.14.5 64-bit final
|
||||||
macOS Tahoe 26.5.1 arm64
|
macOS Tahoe 26.5.1 arm64
|
||||||
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
|
|||||||
Print the current version of Gam with extended details and SSL information
|
Print the current version of Gam with extended details and SSL information
|
||||||
```
|
```
|
||||||
gam version extended
|
gam version extended
|
||||||
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.14.5 64-bit final
|
Python 3.14.5 64-bit final
|
||||||
macOS Tahoe 26.5.1 arm64
|
macOS Tahoe 26.5.1 arm64
|
||||||
@@ -35,21 +35,21 @@ Path: /Users/gamteam/bin/gam7
|
|||||||
Config File: /Users/gamteam/GamConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/gamteam/GamConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
Time: 2026-02-15T07:51:00-08:00
|
Time: 2026-02-15T07:51:00-08:00
|
||||||
Your system time differs from admin.googleapis.com by less than 1 second
|
Your system time differs from admin.googleapis.com by less than 1 second
|
||||||
OpenSSL 4.0.0 14 Apr 2026
|
OpenSSL 4.0.1 9 Jun 2026
|
||||||
arrow 1.4.0
|
arrow 1.4.0
|
||||||
chardet 5.2.0
|
chardet 7.4.3
|
||||||
cryptography 46.0.5
|
cryptography 48.0.0
|
||||||
filelock 3.21.2
|
filelock 3.29.0
|
||||||
google-api-python-client 2.190.0
|
google-api-python-client 2.196.0
|
||||||
google-auth-httplib2 0.3.0
|
google-auth-httplib2 0.4.0
|
||||||
google-auth-oauthlib 1.2.4
|
google-auth-oauthlib 1.4.0
|
||||||
google-auth 2.48.0
|
google-auth 2.53.0
|
||||||
lxml 6.0.2
|
lxml 6.1.1
|
||||||
httplib2 0.31.2
|
httplib2 0.31.2
|
||||||
passlib 1.7.4
|
passlib 1.7.4
|
||||||
pathvalidate 3.3.1
|
pathvalidate 3.3.1
|
||||||
pyscard 2.3.1
|
pyscard 2.3.1
|
||||||
yubikey-manager 5.9.0
|
yubikey-manager 5.9.1
|
||||||
admin.googleapis.com connects using TLSv1.3 TLS_AES_256_GCM_SHA384
|
admin.googleapis.com connects using TLSv1.3 TLS_AES_256_GCM_SHA384
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -68,7 +68,7 @@ MacOS High Sierra 10.13.6 x86_64
|
|||||||
Path: /Users/gamteam/bin/gam7
|
Path: /Users/gamteam/bin/gam7
|
||||||
Version Check:
|
Version Check:
|
||||||
Current: 5.35.08
|
Current: 5.35.08
|
||||||
Latest: 7.45.00
|
Latest: 7.46.00
|
||||||
echo $?
|
echo $?
|
||||||
1
|
1
|
||||||
```
|
```
|
||||||
@@ -76,7 +76,7 @@ echo $?
|
|||||||
Print the current version number without details
|
Print the current version number without details
|
||||||
```
|
```
|
||||||
gam version simple
|
gam version simple
|
||||||
7.45.00
|
7.46.00
|
||||||
```
|
```
|
||||||
In Linux/MacOS you can do:
|
In Linux/MacOS you can do:
|
||||||
```
|
```
|
||||||
@@ -86,7 +86,7 @@ echo $VER
|
|||||||
Print the current version of Gam and address of this Wiki
|
Print the current version of Gam and address of this Wiki
|
||||||
```
|
```
|
||||||
gam help
|
gam help
|
||||||
GAM 7.45.00 - https://github.com/GAM-team/GAM
|
GAM 7.46.00 - https://github.com/GAM-team/GAM
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.14.5 64-bit final
|
Python 3.14.5 64-bit final
|
||||||
macOS Tahoe 26.5.1 arm64
|
macOS Tahoe 26.5.1 arm64
|
||||||
|
|||||||
Reference in New Issue
Block a user