Create, update and delete Cloud Identity policies
Some checks failed
Build and test GAM / build (false, build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (false, build, 10, Build x86_64 macOS 15, macos-15-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 11, Build x86_64 macOS 26, macos-26-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 12, Build Arm MacOS 26, macos-26) (push) Has been cancelled
Build and test GAM / build (false, build, 13, Build Intel Windows, windows-2025-vs2026) (push) Has been cancelled
Build and test GAM / build (false, build, 14, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (false, build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (false, build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (false, test, 15, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (false, test, 16, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (false, test, 17, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (false, test, 18, Test Python 3.13, ubuntu-24.04, 3.13) (push) Has been cancelled
Build and test GAM / build (false, test, 19, Test Python 3.15-dev, ubuntu-24.04, 3.15-dev) (push) Has been cancelled
Build and test GAM / build (true, test, 20, Test Python 3.14 freethread, ubuntu-24.04, 3.14) (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled

This commit is contained in:
Ross Scroggs
2026-06-10 17:46:31 -07:00
parent d745aa65f5
commit 213b0f2ba2
4 changed files with 61 additions and 20 deletions

View File

@@ -5,6 +5,8 @@
- [Definitions](#definitions) - [Definitions](#definitions)
- [Policies](#policies) - [Policies](#policies)
- [Display Cloud Identity Policies](#display-cloud-identity-policies) - [Display Cloud Identity Policies](#display-cloud-identity-policies)
- [Create and Update Cloud Identity Policies](#create-and-update-cloud-identity-policies)
- [Delete Cloud Identity Policies](#delete-cloud-identity-policies)
## API documentation ## API documentation
* [Policy API](https://cloud.google.com/identity/docs/reference/rest/v1/policies) * [Policy API](https://cloud.google.com/identity/docs/reference/rest/v1/policies)
@@ -35,6 +37,9 @@ You must enable access to policies in the GCP cloud console.
* Click Organization Policy Administrator * Click Organization Policy Administrator
* Click Save * Click Save
The commands to create, update and delete Cloud Identity policies for data loss prevention (DLP) rules and detectors
were added in version `7.46.00`.
## Definitions ## Definitions
``` ```
<CIPolicyName> ::= policies/<String>|settings/<String>|<String> <CIPolicyName> ::= policies/<String>|settings/<String>|<String>
@@ -87,7 +92,7 @@ gam show policies
[formatjson] [formatjson]
``` ```
By default, all policies are displayed. By default, all policies are displayed.
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list * `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1/policies/list
* `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>` * `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>`
* `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>` * `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>`
@@ -110,7 +115,7 @@ gam print policies [todrive <ToDriveAttribute>*]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
``` ```
By default, all policies are displayed: By default, all policies are displayed:
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list * `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1/policies/list
* `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>` * `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>`
* `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>` * `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>`
@@ -152,3 +157,32 @@ Print all polices that apply to the OU "/Staff" and its sub-OUs.
``` ```
gam redirect csv ./StaffPolicies.csv print policies ou "^/Staff" gam redirect csv ./StaffPolicies.csv print policies ou "^/Staff"
``` ```
## Create and Update Cloud Identity Policies
Policies can be complex objects, it is probably easiest to create template policies in the Admin console (under Rules),
output the JSON format data for those policies to be used in subsequent create and update commands.
```
gam create policy
json <JSONData>
[(ou|orgunit <OrgUnitItem>)|(group <GroupItem>)|(query <String>)]
gam update policy
json <JSONData>
[(ou|orgunit <OrgUnitItem>)|(group <GroupItem>)|(query <String>)]
```
```
gam redirect stdout ./policy.json info policies policies/akajj264aoclblvncu
Make changes to policy.json and update the policy.
gam update policy json file policy.json
Update the policy to reference a different group.
gam update policy json file policy.json group <EmailAddress>
Make changes to policy.json and create a new policy in a different OU.
gam create policy json file policy.json ou <OrgUnitPath>
```
## Delete Cloud Identity Policies
```
gam delete policies <CIPolicyNameEntity>
```

View File

@@ -10,6 +10,13 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
### 7.46.00
Added commands to create, update and delete Cloud Identity policies for data loss prevention (DLP) rules and detectors.
* See: https://github.com/GAM-team/GAM/wiki/Cloud-Identity-Policies
* See: https://workspaceupdates.googleblog.com/2026/06/introducing-workspace-policy-api-mutate-endpoints-for-DLP.html
### 7.45.00 ### 7.45.00
Added options `isdisabled [<Boolean>]`, `disabledafter <DateTime>` and `disabledbefore <DateTime>` Added options `isdisabled [<Boolean>]`, `disabledafter <DateTime>` and `disabledbefore <DateTime>`

View File

@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
``` ```
gamteam@server:/Users/gamteam$ rm -f /Users/gamteam/GAMConfig/oauth2.txt gamteam@server:/Users/gamteam$ rm -f /Users/gamteam/GAMConfig/oauth2.txt
gamteam@server:/Users/gamteam$ gam version gamteam@server:/Users/gamteam$ gam version
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64 macOS Tahoe 26.5.1 arm64
@@ -1034,7 +1034,7 @@ writes the credentials into the file oauth2.txt.
``` ```
C:\>del C:\GAMConfig\oauth2.txt C:\>del C:\GAMConfig\oauth2.txt
C:\>gam version C:\>gam version
GAM 7.45.00 - https://github.com/GAM-team/GAM - pythonsource GAM 7.46.00 - https://github.com/GAM-team/GAM - pythonsource
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final Python 3.14.5 64-bit final
Windows 11 10.0.26200 AMD64 Windows 11 10.0.26200 AMD64

View File

@@ -3,7 +3,7 @@
Print the current version of Gam with details Print the current version of Gam with details
``` ```
gam version gam version
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64 macOS Tahoe 26.5.1 arm64
@@ -15,7 +15,7 @@ Time: 2026-02-15T07:51:00-08:00
Print the current version of Gam with details and time offset information Print the current version of Gam with details and time offset information
``` ```
gam version timeoffset gam version timeoffset
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64 macOS Tahoe 26.5.1 arm64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
Print the current version of Gam with extended details and SSL information Print the current version of Gam with extended details and SSL information
``` ```
gam version extended gam version extended
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64 macOS Tahoe 26.5.1 arm64
@@ -35,21 +35,21 @@ Path: /Users/gamteam/bin/gam7
Config File: /Users/gamteam/GamConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/gamteam/GamConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Time: 2026-02-15T07:51:00-08:00 Time: 2026-02-15T07:51:00-08:00
Your system time differs from admin.googleapis.com by less than 1 second Your system time differs from admin.googleapis.com by less than 1 second
OpenSSL 4.0.0 14 Apr 2026 OpenSSL 4.0.1 9 Jun 2026
arrow 1.4.0 arrow 1.4.0
chardet 5.2.0 chardet 7.4.3
cryptography 46.0.5 cryptography 48.0.0
filelock 3.21.2 filelock 3.29.0
google-api-python-client 2.190.0 google-api-python-client 2.196.0
google-auth-httplib2 0.3.0 google-auth-httplib2 0.4.0
google-auth-oauthlib 1.2.4 google-auth-oauthlib 1.4.0
google-auth 2.48.0 google-auth 2.53.0
lxml 6.0.2 lxml 6.1.1
httplib2 0.31.2 httplib2 0.31.2
passlib 1.7.4 passlib 1.7.4
pathvalidate 3.3.1 pathvalidate 3.3.1
pyscard 2.3.1 pyscard 2.3.1
yubikey-manager 5.9.0 yubikey-manager 5.9.1
admin.googleapis.com connects using TLSv1.3 TLS_AES_256_GCM_SHA384 admin.googleapis.com connects using TLSv1.3 TLS_AES_256_GCM_SHA384
``` ```
@@ -68,7 +68,7 @@ MacOS High Sierra 10.13.6 x86_64
Path: /Users/gamteam/bin/gam7 Path: /Users/gamteam/bin/gam7
Version Check: Version Check:
Current: 5.35.08 Current: 5.35.08
Latest: 7.45.00 Latest: 7.46.00
echo $? echo $?
1 1
``` ```
@@ -76,7 +76,7 @@ echo $?
Print the current version number without details Print the current version number without details
``` ```
gam version simple gam version simple
7.45.00 7.46.00
``` ```
In Linux/MacOS you can do: In Linux/MacOS you can do:
``` ```
@@ -86,7 +86,7 @@ echo $VER
Print the current version of Gam and address of this Wiki Print the current version of Gam and address of this Wiki
``` ```
gam help gam help
GAM 7.45.00 - https://github.com/GAM-team/GAM GAM 7.46.00 - https://github.com/GAM-team/GAM
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64 macOS Tahoe 26.5.1 arm64