Create, update and delete Cloud Identity policies
Some checks failed
Build and test GAM / build (false, build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (false, build, 10, Build x86_64 macOS 15, macos-15-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 11, Build x86_64 macOS 26, macos-26-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 12, Build Arm MacOS 26, macos-26) (push) Has been cancelled
Build and test GAM / build (false, build, 13, Build Intel Windows, windows-2025-vs2026) (push) Has been cancelled
Build and test GAM / build (false, build, 14, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (false, build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (false, build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (false, test, 15, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (false, test, 16, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (false, test, 17, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (false, test, 18, Test Python 3.13, ubuntu-24.04, 3.13) (push) Has been cancelled
Build and test GAM / build (false, test, 19, Test Python 3.15-dev, ubuntu-24.04, 3.15-dev) (push) Has been cancelled
Build and test GAM / build (true, test, 20, Test Python 3.14 freethread, ubuntu-24.04, 3.14) (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled

This commit is contained in:
Ross Scroggs
2026-06-10 17:46:31 -07:00
parent d745aa65f5
commit 213b0f2ba2
4 changed files with 61 additions and 20 deletions

View File

@@ -5,6 +5,8 @@
- [Definitions](#definitions)
- [Policies](#policies)
- [Display Cloud Identity Policies](#display-cloud-identity-policies)
- [Create and Update Cloud Identity Policies](#create-and-update-cloud-identity-policies)
- [Delete Cloud Identity Policies](#delete-cloud-identity-policies)
## API documentation
* [Policy API](https://cloud.google.com/identity/docs/reference/rest/v1/policies)
@@ -35,6 +37,9 @@ You must enable access to policies in the GCP cloud console.
* Click Organization Policy Administrator
* Click Save
The commands to create, update and delete Cloud Identity policies for data loss prevention (DLP) rules and detectors
were added in version `7.46.00`.
## Definitions
```
<CIPolicyName> ::= policies/<String>|settings/<String>|<String>
@@ -87,7 +92,7 @@ gam show policies
[formatjson]
```
By default, all policies are displayed.
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1/policies/list
* `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>`
* `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>`
@@ -110,7 +115,7 @@ gam print policies [todrive <ToDriveAttribute>*]
[formatjson [quotechar <Character>]]
```
By default, all policies are displayed:
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list
* `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1/policies/list
* `group <REMatchPattern>` - Only display policies whose group email address matches the `<REMatchPattern>`
* `ou|org|orgunit <REMatchPattern>` - Only display policies whose OU path matches the `<REMatchPattern>`
@@ -152,3 +157,32 @@ Print all polices that apply to the OU "/Staff" and its sub-OUs.
```
gam redirect csv ./StaffPolicies.csv print policies ou "^/Staff"
```
## Create and Update Cloud Identity Policies
Policies can be complex objects, it is probably easiest to create template policies in the Admin console (under Rules),
output the JSON format data for those policies to be used in subsequent create and update commands.
```
gam create policy
json <JSONData>
[(ou|orgunit <OrgUnitItem>)|(group <GroupItem>)|(query <String>)]
gam update policy
json <JSONData>
[(ou|orgunit <OrgUnitItem>)|(group <GroupItem>)|(query <String>)]
```
```
gam redirect stdout ./policy.json info policies policies/akajj264aoclblvncu
Make changes to policy.json and update the policy.
gam update policy json file policy.json
Update the policy to reference a different group.
gam update policy json file policy.json group <EmailAddress>
Make changes to policy.json and create a new policy in a different OU.
gam create policy json file policy.json ou <OrgUnitPath>
```
## Delete Cloud Identity Policies
```
gam delete policies <CIPolicyNameEntity>
```

View File

@@ -10,6 +10,13 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
### 7.46.00
Added commands to create, update and delete Cloud Identity policies for data loss prevention (DLP) rules and detectors.
* See: https://github.com/GAM-team/GAM/wiki/Cloud-Identity-Policies
* See: https://workspaceupdates.googleblog.com/2026/06/introducing-workspace-policy-api-mutate-endpoints-for-DLP.html
### 7.45.00
Added options `isdisabled [<Boolean>]`, `disabledafter <DateTime>` and `disabledbefore <DateTime>`

View File

@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
```
gamteam@server:/Users/gamteam$ rm -f /Users/gamteam/GAMConfig/oauth2.txt
gamteam@server:/Users/gamteam$ gam version
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64
@@ -1034,7 +1034,7 @@ writes the credentials into the file oauth2.txt.
```
C:\>del C:\GAMConfig\oauth2.txt
C:\>gam version
GAM 7.45.00 - https://github.com/GAM-team/GAM - pythonsource
GAM 7.46.00 - https://github.com/GAM-team/GAM - pythonsource
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final
Windows 11 10.0.26200 AMD64

View File

@@ -3,7 +3,7 @@
Print the current version of Gam with details
```
gam version
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64
@@ -15,7 +15,7 @@ Time: 2026-02-15T07:51:00-08:00
Print the current version of Gam with details and time offset information
```
gam version timeoffset
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
Print the current version of Gam with extended details and SSL information
```
gam version extended
GAM 7.45.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM 7.46.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64
@@ -35,21 +35,21 @@ Path: /Users/gamteam/bin/gam7
Config File: /Users/gamteam/GamConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Time: 2026-02-15T07:51:00-08:00
Your system time differs from admin.googleapis.com by less than 1 second
OpenSSL 4.0.0 14 Apr 2026
OpenSSL 4.0.1 9 Jun 2026
arrow 1.4.0
chardet 5.2.0
cryptography 46.0.5
filelock 3.21.2
google-api-python-client 2.190.0
google-auth-httplib2 0.3.0
google-auth-oauthlib 1.2.4
google-auth 2.48.0
lxml 6.0.2
chardet 7.4.3
cryptography 48.0.0
filelock 3.29.0
google-api-python-client 2.196.0
google-auth-httplib2 0.4.0
google-auth-oauthlib 1.4.0
google-auth 2.53.0
lxml 6.1.1
httplib2 0.31.2
passlib 1.7.4
pathvalidate 3.3.1
pyscard 2.3.1
yubikey-manager 5.9.0
yubikey-manager 5.9.1
admin.googleapis.com connects using TLSv1.3 TLS_AES_256_GCM_SHA384
```
@@ -68,7 +68,7 @@ MacOS High Sierra 10.13.6 x86_64
Path: /Users/gamteam/bin/gam7
Version Check:
Current: 5.35.08
Latest: 7.45.00
Latest: 7.46.00
echo $?
1
```
@@ -76,7 +76,7 @@ echo $?
Print the current version number without details
```
gam version simple
7.45.00
7.46.00
```
In Linux/MacOS you can do:
```
@@ -86,7 +86,7 @@ echo $VER
Print the current version of Gam and address of this Wiki
```
gam help
GAM 7.45.00 - https://github.com/GAM-team/GAM
GAM 7.46.00 - https://github.com/GAM-team/GAM
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.5 64-bit final
macOS Tahoe 26.5.1 arm64