From 21b2093b5557c3d261ff1f6deff3f2b634695d85 Mon Sep 17 00:00:00 2001 From: Ross Scroggs Date: Tue, 7 May 2024 20:00:23 -0700 Subject: [PATCH] Updated versions of `gam create|use project` --- docs/Authorization.md | 58 +++++++-------- docs/Calendars-Events.md | 6 +- docs/GamUpdates.md | 10 +++ docs/How-to-Upgrade-from-Standard-GAM.md | 4 +- docs/Users-Calendars-Events.md | 6 +- docs/Users-Gmail-Messages-Threads.md | 22 ++++++ docs/Version-and-Help.md | 12 ++-- src/GamCommands.txt | 53 ++++++-------- src/GamUpdate.txt | 10 +++ src/gam/__init__.py | 91 +++++++++++++----------- 10 files changed, 159 insertions(+), 113 deletions(-) diff --git a/docs/Authorization.md b/docs/Authorization.md index 8f7b2683..3b648882 100644 --- a/docs/Authorization.md +++ b/docs/Authorization.md @@ -315,6 +315,9 @@ gam create project [admin ] [project ] [projectname ] [parent ] [saname ] [sadisplayname ] [sadescription ] + [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber )] ``` * `admin ` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address * `appname ` - Application name, defaults to `GAM` @@ -326,6 +329,8 @@ gam create project [admin ] [project ] * `sadisplayname ` - Service account display name * `sadescription ` - Service account description +You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys) + ## Use an existing project for GAM authorization Use an existing project to create and download two files: `client_secrets.json` for the Client and `oauth2service.json` for the Service Account. @@ -351,6 +356,9 @@ can not be re-downloaded. gam use project [admin ] [project ] [saname ] [sadisplayname ] [sadescription ] + [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber )] ``` * `admin ` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address * `project ` - An existing Google project ID; if omitted, you will be prompted for the ID @@ -358,6 +366,8 @@ gam use project [admin ] [project ] * `sadisplayname ` - Service account display name * `sadescription ` - Service account description +You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys) + ## Update an existing project for GAM authorization This command is used when GAM has added new capabilities that require additional APIs to be added to your project. ``` @@ -695,6 +705,9 @@ file or define a new section in `gam.cfg` that references a different `oauth2ser gam create|add svcacct [[admin] ] [] [saname ] [sadisplayname ] [sadescription ] + [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber )] ``` * `` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address @@ -709,6 +722,8 @@ Use these options to select user-specified values.. * `sadisplayname ` - Service account display name * `sadescription ` - Service account description +You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys) + After adding an additional service account, you can select specific access APIs for it. [Selective Service Account access](#selective-service-account-access) @@ -765,6 +780,7 @@ There are several methods for generating private keys: * `localkeysize 1024` - Gam generates a 1024 bit key; this is not recommended * `localkeysize 2048` - Gam generates a 2048 bit key; this is the default * `localkeysize 4096` - Gam generates a 4096 bit key +* `yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber )]` - [Using GAMADV-XTD3 with a YubiKey](Using-GAMADV-XTD3-with-a-YubiKey) When `localkeysize` is specified, the optional argument `validityhours ` sets the length of time during which the key will be valid and should be used when the [GCP constraints/iam.serviceAccountKeyExpiryHours organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts#limit_key_expiry) is in use. Note that in order to account for system clock skew, GAM sets the key to be valid two minutes earlier than the current system time and thus it will also expire two minutes earlier. @@ -790,16 +806,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga ``` gam create sakey (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam rotate sakey retain_existing (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) ``` To distribute `oauth2service.json` files with unique private keys perform the following steps: ``` @@ -820,16 +832,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga ``` gam update sakey (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam rotate sakey replace_existing (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) ``` ## Replace all existing Service Account keys Create a new Service Account private key; all existing private keys are revoked. @@ -843,16 +851,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga ``` gam replace sakeys (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam rotate sakeys retain_none (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) ``` ## Delete Service Account keys You can delete Service Accounts keys thus revoking access for that key. Generally, you will @@ -875,10 +879,8 @@ any `oauth2service.json` file to other users, you must redistribute the updated ``` gam upload sakey [admin ] (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) ``` ## Display Service Account keys There are system keys and user keys; user keys are what Gam uses; GCP uses system keys. diff --git a/docs/Calendars-Events.md b/docs/Calendars-Events.md index 9bb4e660..f0e644e4 100644 --- a/docs/Calendars-Events.md +++ b/docs/Calendars-Events.md @@ -360,11 +360,13 @@ The Google Calendar API processes `*`; you may specify none GAM processes `*`; you may specify none or multiple properties. * `matchfield attendees ` - All of the attendees in `` must be present * `matchfield attendeesonlydomainlist ` - All attendee's email addresses must be in a domain in `` - * For example, this lets you look for events with all attendees in your internal domains + * For example, this lets you look for events with all attendees in your internal domains. You should include `resource.calendar.google.com` + in `` if the events use resources. * `matchfield attendeesdomainlist ` - Some attendee's email address must be in a domain in `` * For example, this lets you look for events with attendees in specific external domains * `matchfield attendeesnotdomainlist ` - Some attendee's email address must be in a domain not in `` - * For example, this lets you look for events with attendees not in your internal domains + * For example, this lets you look for events with attendees not in your internal domains. You should include `resource.calendar.google.com` + in `` if the events use resources. * `matchfield attendeespattern ` - Some attendee's email address must match `` * `matchfield attendeesstatus [] [] ` - All of the attendees in `` must be present and must have the specified values. diff --git a/docs/GamUpdates.md b/docs/GamUpdates.md index 66763e8c..a2b722b7 100644 --- a/docs/GamUpdates.md +++ b/docs/GamUpdates.md @@ -10,6 +10,16 @@ Add the `-s` option to the end of the above commands to suppress creating the `g See [Downloads](https://github.com/taers232c/GAMADV-XTD3/wiki/Downloads) for Windows or other options, including manual installation +### 6.76.00 + +Updated versions of `gam create|use project` that use keyword options to also accept the following options +to define non-default Service Account key characteristics. +``` +(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| +(localkeysize 1024|2048|4096 [validityhours ])| +(yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber ) +``` + ### 6.75.05 Added option `csv [todrive *]` to `gam archive|delete|modify|spam|trash|untrash messages|threads` diff --git a/docs/How-to-Upgrade-from-Standard-GAM.md b/docs/How-to-Upgrade-from-Standard-GAM.md index 3488c759..a0dd55d1 100644 --- a/docs/How-to-Upgrade-from-Standard-GAM.md +++ b/docs/How-to-Upgrade-from-Standard-GAM.md @@ -335,7 +335,7 @@ writes the credentials into the file oauth2.txt. admin@server:/Users/admin/bin/gamadv-xtd3$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam version WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found -GAMADV-XTD3 6.75.05 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.76.00 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.3 64-bit final MacOS Sonoma 14.4.1 x86_64 @@ -1009,7 +1009,7 @@ writes the credentials into the file oauth2.txt. C:\GAMADV-XTD3>del C:\GAMConfig\oauth2.txt C:\GAMADV-XTD3>gam version WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found -GAMADV-XTD3 6.75.05 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.76.00 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.3 64-bit final Windows-10-10.0.17134 AMD64 diff --git a/docs/Users-Calendars-Events.md b/docs/Users-Calendars-Events.md index 2fe060e2..d63a4861 100644 --- a/docs/Users-Calendars-Events.md +++ b/docs/Users-Calendars-Events.md @@ -442,11 +442,13 @@ The Google Calendar API processes `*`; you may specify none GAM processes `*`; you may specify none or multiple properties. * `matchfield attendees ` - All of the attendees in `` must be present * `matchfield attendeesonlydomainlist ` - All attendee's email addresses must be in a domain in `` - * For example, this lets you look for events with all attendees in your internal domains + * For example, this lets you look for events with all attendees in your internal domains. You should include `resource.calendar.google.com` + in `` if the events use resources. * `matchfield attendeesdomainlist ` - Some attendee's email address must be in a domain in `` * For example, this lets you look for events with attendees in specific external domains * `matchfield attendeesnotdomainlist ` - Some attendee's email address must be in a domain not in `` - * For example, this lets you look for events with attendees not in your internal domains + * For example, this lets you look for events with attendees not in your internal domains. You should include `resource.calendar.google.com` + in `` if the events use resources. * `matchfield attendeespattern ` - Some attendee's email address must match `` * `matchfield attendeesstatus [] [] ` - All of the attendees in `` must be present and must have the specified values. diff --git a/docs/Users-Gmail-Messages-Threads.md b/docs/Users-Gmail-Messages-Threads.md index 7f621866..c8527f58 100644 --- a/docs/Users-Gmail-Messages-Threads.md +++ b/docs/Users-Gmail-Messages-Threads.md @@ -367,6 +367,17 @@ Messages are archived to the group specified by ``. By default, the command results are displayed as indented keys and values. Use the `csv` option to display the command results in CSV form. +``` +$ gam user user@domain.com archive messages ids 18e9fc6581b9acab,18e9fc58c5491f4c +User: user@domain.com, Archive 2 Messages + User: user@domain.com, Message: 18e9fc6581b9acab, Archived (1/2) + User: user@domain.com, Message: 18e9fc58c5491f4c, Archived (2/2) +$ gam user user@domain.com archive messages ids 18e9fc6581b9acab,18e9fc58c5491f4c csv +User: user@domain.com, Archive 2 Messages +User,id,action,error +user@domain.com,18e9fc6581b9acab,Archived, +user@domain.com,18e9fc58c5491f4c,Archived, +``` See below for message selection. @@ -447,6 +458,17 @@ gam untrash messages|threads By default, the command results are displayed as indented keys and values. Use the `csv` option to display the command results in CSV form. +``` +$ gam user user@domain.com delete messages ids 18e9fc6581b9acab,18e9fc58c5491f4c +User: user@domain.com, Delete 2 Messages + User: user@domain.com, Message: 18e9fc6581b9acab, Deleted (1/2) + User: user@domain.com, Message: 18e9fc58c5491f4c, Deleted (2/2) +$ gam user user@domain.com delete messages ids 18e9fc6581b9acab,18e9fc58c5491f4c csv +User: user@domain.com, Delete 2 Messages +User,id,action,error +user@domain.com,18e9fc6581b9acab,Deleted, +user@domain.com,18e9fc58c5491f4c,Deleted, +``` ### Manage a specific set of messages * `ids ` - A list of message ids diff --git a/docs/Version-and-Help.md b/docs/Version-and-Help.md index 97088504..c9a76317 100644 --- a/docs/Version-and-Help.md +++ b/docs/Version-and-Help.md @@ -3,7 +3,7 @@ Print the current version of Gam with details ``` gam version -GAMADV-XTD3 6.75.05 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.76.00 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.3 64-bit final MacOS Sonoma 14.4.1 x86_64 @@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00 Print the current version of Gam with details and time offset information ``` gam version timeoffset -GAMADV-XTD3 6.75.05 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.76.00 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.3 64-bit final MacOS Sonoma 14.4.1 x86_64 @@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second Print the current version of Gam with extended details and SSL information ``` gam version extended -GAMADV-XTD3 6.75.05 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.76.00 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.3 64-bit final MacOS Sonoma 14.4.1 x86_64 @@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64 Path: /Users/Admin/bin/gamadv-xtd3 Version Check: Current: 5.35.08 - Latest: 6.75.05 + Latest: 6.76.00 echo $? 1 ``` @@ -72,7 +72,7 @@ echo $? Print the current version number without details ``` gam version simple -6.75.05 +6.76.00 ``` In Linux/MacOS you can do: ``` @@ -82,7 +82,7 @@ echo $VER Print the current version of Gam and address of this Wiki ``` gam help -GAM 6.75.05 - https://github.com/taers232c/GAMADV-XTD3 +GAM 6.76.00 - https://github.com/taers232c/GAMADV-XTD3 Ross Scroggs Python 3.12.3 64-bit final MacOS Sonoma 14.4.1 x86_64 diff --git a/src/GamCommands.txt b/src/GamCommands.txt index 5f60f1cd..1b4d64da 100644 --- a/src/GamCommands.txt +++ b/src/GamCommands.txt @@ -1338,10 +1338,16 @@ gam create project [admin ] [project ] [projectname ] [parent ] [saname ] [sadisplayname ] [sadescription ] + [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber )] gam use project [] [] gam use project [admin ] [project ] [saname ] [sadisplayname ] [sadescription ] + [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber )] gam update project [[admin] ] [] gam delete project [[admin] ] [] gam show projects [[admin] ] [all|] @@ -1354,6 +1360,9 @@ gam info currentprojectid gam create|add svcacct [[admin] ] [] [saname ] [sadisplayname ] [sadescription ] + [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber )] gam delete svcacct [[admin] ] [] (saemail )|(saname )|(sauniqueid ) gam check svcacct (scope|scopes )* @@ -1367,51 +1376,35 @@ gam print svcaccts [[admin] ] [all|] gam create sakey (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (localkeysize 1024|2048|4096)| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam rotate sakey|sakeys retain_existing (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam update sakey (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam rotate sakey|sakeys replace_current (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam replace sakeys (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (localkeysize 1024|2048|4096)| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam rotate sakey|sakeys retain_none (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam upload sakey [admin ] (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| - ((localkeysize 1024|2048|4096 [validityhours ])| - (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE - yubikey_serialnumber - [localkeysize 1024|2048|4096]) + (localkeysize 1024|2048|4096 [validityhours ])| + (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber ) gam delete sakeys + [doit] gam show sakeys [all|system|user] diff --git a/src/GamUpdate.txt b/src/GamUpdate.txt index deeea2be..25a6520a 100644 --- a/src/GamUpdate.txt +++ b/src/GamUpdate.txt @@ -2,6 +2,16 @@ Merged GAM-Team version +6.76.00 + +Updated versions of `gam create|use project` that use keyword options to also accept the following options +to define non-default Service Account key characteristics. +``` +(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| +(localkeysize 1024|2048|4096 [validityhours ])| +(yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber ) +``` + 6.75.05 Added option `csv [todrive *]` to `gam archive|delete|modify|spam|trash|untrash messages|threads` diff --git a/src/gam/__init__.py b/src/gam/__init__.py index 0cbeb1d8..4d7a7cbe 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -11377,7 +11377,9 @@ def _getLoginHintProjectInfo(createCmd): appInfo = {'applicationTitle': '', 'supportEmail': ''} projectInfo = {'projectId': '', 'parent': '', 'name': ''} svcAcctInfo = {'name': '', 'displayName': '', 'description': ''} - if not Cmd.PeekArgumentPresent(['admin', 'appname', 'supportemail', 'project', 'parent', 'projectname', 'saname', 'sadisplayname', 'sadescription']): + if not Cmd.PeekArgumentPresent(['admin', 'appname', 'supportemail', 'project', 'parent', + 'projectname', 'saname', 'sadisplayname', 'sadescription', + 'algorithm', 'localkeysize', 'yubikey']): login_hint = getString(Cmd.OB_EMAIL_ADDRESS, optional=True) if login_hint and login_hint.find('@') == -1: Cmd.Backup() @@ -11403,6 +11405,9 @@ def _getLoginHintProjectInfo(createCmd): pass elif createCmd and _getAppInfo(myarg, appInfo): pass + elif myarg in {'algorithm', 'localkeysize', 'yubikey'}: + Cmd.Backup() + break else: unknownArgumentExit() if not projectInfo['projectId']: @@ -11589,6 +11594,9 @@ def doCreateGCPFolder(): # [appname ] [supportemail ] # [projectname ] [parent ] # [saname ] [sadisplayname ] [sadescription ] +# [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| +# (localkeysize 1024|2048|4096 [validityhours ])| +# (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber )] def doCreateProject(): _checkForExistingProjectFiles([GC.Values[GC.OAUTH2SERVICE_JSON], GC.Values[GC.CLIENT_SECRETS_JSON]]) sys.stdout.write(Msg.TRUST_GAM_CLIENT_ID.format(GAM_PROJECT_CREATION, GAM_PROJECT_CREATION_CLIENT_ID)) @@ -11683,6 +11691,9 @@ def doCreateProject(): # gam use project [] [] # gam use project [admin ] [project ] # [saname ] [sadisplayname ] [sadescription ] +# [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| +# (localkeysize 1024|2048|4096 [validityhours ])| +# (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber )] def doUseProject(): _checkForExistingProjectFiles([GC.Values[GC.OAUTH2SERVICE_JSON], GC.Values[GC.CLIENT_SECRETS_JSON]]) _, httpObj, login_hint, _, projectInfo, svcAcctInfo = _getLoginHintProjectInfo(False) @@ -11887,6 +11898,9 @@ def doInfoCurrentProjectId(): # gam create svcacct [[admin] ] [] # [saname ] [sadisplayname ] [sadescription ] +# [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| +# (localkeysize 1024|2048|4096 [validityhours ])| +# (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber )] def doCreateSvcAcct(): _checkForExistingProjectFiles([GC.Values[GC.OAUTH2SERVICE_JSON]]) _, httpObj, login_hint, projects = _getLoginHintProjects(createSvcAcctCmd=True) @@ -12344,7 +12358,29 @@ def _formatOAuth2ServiceData(service_data): GM.Globals[GM.OAUTH2SERVICE_JSON_DATA] = service_data.copy() return json.dumps(GM.Globals[GM.OAUTH2SERVICE_JSON_DATA], indent=2, sort_keys=True) -def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None, clientId=None): +def doProcessSvcAcctKeys(mode, iam=None, projectId=None, clientEmail=None, clientId=None): + def getSAKeyParms(body, new_data): + nonlocal local_key_size, validityHours + while Cmd.ArgumentsRemaining(): + myarg = getArgument() + if myarg == 'algorithm': + body['keyAlgorithm'] = getChoice(["key_alg_rsa_1024", "key_alg_rsa_2048"]).upper() + local_key_size = 0 + elif myarg == 'localkeysize': + local_key_size = int(getChoice(['1024', '2048', '4096'])) + elif myarg == 'yubikey': + new_data['key_type'] = 'yubikey' + elif myarg == 'yubikeyslot': + new_data['yubikey_slot'] = getString(Cmd.OB_STRING).upper() + elif myarg == 'yubikeypin': + new_data['yubikey_pin'] = readStdin('Enter your YubiKey PIN: ') + elif myarg == 'yubikeyserialnumber': + new_data['yubikey_serial_number'] = getInteger() + elif myarg == 'validityhours': + validityHours = getInteger() + else: + unknownArgumentExit() + def waitForCompletion(i): sleep_time = i*5 if i > 3: @@ -12363,29 +12399,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None, new_data = dict(GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]) # assume default key type unless we are told otherwise new_data['key_type'] = 'default' - while Cmd.ArgumentsRemaining(): - myarg = getArgument() - if myarg == 'algorithm': - body['keyAlgorithm'] = getChoice(["key_alg_rsa_1024", "key_alg_rsa_2048"]).upper() - local_key_size = 0 - elif myarg == 'localkeysize': - local_key_size = int(getChoice(['1024', '2048', '4096'])) - elif myarg == 'yubikey': - new_data['key_type'] = 'yubikey' - elif myarg == 'yubikeyslot': - new_data['yubikey_slot'] = getString(Cmd.OB_STRING).upper() - elif myarg == 'yubikeypin': - new_data['yubikey_pin'] = readStdin('Enter your YubiKey PIN: ') - elif myarg == 'yubikeyserialnumber': - new_data['yubikey_serial_number'] = getInteger() - elif myarg == 'validityhours': - validityHours = getInteger() - elif mode is None and myarg in ['retainnone', 'retainexisting', 'replacecurrent']: - mode = myarg - else: - unknownArgumentExit() - if mode is None: - mode = 'retainnone' + getSAKeyParms(body, new_data) else: new_data = { 'client_email': clientEmail, @@ -12393,6 +12407,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None, 'client_id': clientId, 'key_type': 'default' } + getSAKeyParms(body, new_data) name = f'projects/{projectId}/serviceAccounts/{clientId}' if mode != 'retainexisting': try: @@ -12527,41 +12542,31 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None, # gam create sakey|sakeys # gam rotate sakey|sakeys retain_existing # (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| -# ((localkeysize 1024|2048|4096 [validityhours ])| -# (yubikey yubikey_pin yubikey_slot AUTHENTICATION -# yubikey_serialnumber -# [localkeysize 1024|2048|4096]) -# [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|(localkeysize 1024|2048|4096)] +# (localkeysize 1024|2048|4096 [validityhours ])| +# (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber ) def doCreateSvcAcctKeys(): doProcessSvcAcctKeys(mode='retainexisting') # gam update sakey|sakeys # gam rotate sakey|sakeys replace_current # (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| -# ((localkeysize 1024|2048|4096 [validityhours ])| -# (yubikey yubikey_pin yubikey_slot AUTHENTICATION -# yubikey_serialnumber -# [localkeysize 1024|2048|4096]) -# [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|(localkeysize 1024|2048|4096)] +# (localkeysize 1024|2048|4096 [validityhours ])| +# (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber ) def doUpdateSvcAcctKeys(): doProcessSvcAcctKeys(mode='replacecurrent') # gam replace sakey|sakeys # gam rotate sakey|sakeys retain_none # (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| -# ((localkeysize 1024|2048|4096 [validityhours ])| -# (yubikey yubikey_pin yubikey_slot AUTHENTICATION -# yubikey_serialnumber -# [localkeysize 1024|2048|4096]) +# (localkeysize 1024|2048|4096 [validityhours ])| +# (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber ) def doReplaceSvcAcctKeys(): doProcessSvcAcctKeys(mode='retainnone') # gam upload sakey|sakeys [admin ] # (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)| -# ((localkeysize 1024|2048|4096 [validityhours ])| -# (yubikey yubikey_pin yubikey_slot AUTHENTICATION -# yubikey_serialnumber -# [localkeysize 1024|2048|4096]) +# (localkeysize 1024|2048|4096 [validityhours ])| +# (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber ) def doUploadSvcAcctKeys(): login_hint = getEmailAddress(noUid=True) if checkArgumentPresent(['admin']) else None httpObj, _ = getCRMService(login_hint)