Initial support for delegated admin service accounts (DASA)

Google now allows GCP service accounts to be granted delegated admin status for a G Suite domain.
To use this, admins can grant the service account email address delegated admin rights in the admin console
and then set some environment variables for GAM to use:

OAUTHFILE=oauth2service.json
GA_DOMAIN=example.com   # your primary domain name in Google
CUSTOMER_ID=1d80dfc     # admin.google.com > Account > Account settings > Customer ID

src/gam/gapi/directory/orgunits.py

@@ -404,7 +404,7 @@ def getOrgUnitId(orgUnit, cd=None):
 
 
 def buildOrgUnitIdToNameMap():
-    cd = buildGAPIObject('directory')
+    cd = gapi_directory.build()
     result = gapi.call(cd.orgunits(),
                        'list',
                        customerId=GC_Values[GC_CUSTOMER_ID],
@@ -420,5 +420,3 @@ def orgunit_from_orgunitid(orgunitid):
     if not GM_Globals[GM_MAP_ORGUNIT_ID_TO_NAME]:
         buildOrgUnitIdToNameMap()
     return GM_Globals[GM_MAP_ORGUNIT_ID_TO_NAME].get(orgunitid, orgunitid)
-
-

src/gam/gapi/directory/privileges.py

@@ -3,6 +3,7 @@ from gam import display
 from gam import gapi
 from gam.gapi import directory as gapi_directory
 
+
 def flatten_privilege_list(privs, parent=None):
     flat_privs = []
     for priv in privs:
@@ -10,18 +11,22 @@ def flatten_privilege_list(privs, parent=None):
         if parent:
             priv['parent'] = parent
         if priv.get('childPrivileges'):
-            children = flatten_privilege_list(priv['childPrivileges'], parent=priv['privilegeName'])
-            priv['children'] = ' '.join([child['privilegeName'] for child in children])
-            del(priv['childPrivileges'])
+            children = flatten_privilege_list(priv['childPrivileges'],
+                                              parent=priv['privilegeName'])
+            priv['children'] = ' '.join(
+                [child['privilegeName'] for child in children])
+            del (priv['childPrivileges'])
         flat_privs = flat_privs + children
         flat_privs.append(priv)
     return flat_privs
 
 
-
-def print_():
-	cd = gapi_directory.build()
-	privs = gapi.call(cd.privileges(), 'list',
-		              customer=GC_Values[GC_CUSTOMER_ID])
-	privs = flatten_privilege_list(privs.get('items', []))
-	display.print_json(privs)
+def print_(return_only=False):
+    cd = gapi_directory.build()
+    privs = gapi.call(cd.privileges(),
+                      'list',
+                      customer=GC_Values[GC_CUSTOMER_ID])
+    privs = flatten_privilege_list(privs.get('items', []))
+    if return_only:
+        return privs
+    display.print_json(privs)

src/gam/gapi/directory/roles.py

@@ -0,0 +1,72 @@
+import sys
+
+from gam.var import GC_Values, GC_CUSTOMER_ID
+from gam import display
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+from gam.gapi.directory import privileges as gapi_directory_privileges
+
+
+def create():
+    cd = gapi_directory.build()
+    body = {'privileges': []}
+    all_privileges = gapi_directory_privileges.print_(return_only=True)
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'privileges':
+            privs = sys.argv[i + 1]
+            if privs == 'all':
+                body['rolePrivileges'] = all_privileges
+            elif privs == 'all_ou':
+                body['rolePrivileges'] = [
+                    p for p in all_privileges if p.get('isOuScopable')
+                ]
+            else:
+                # Known broken, need to get serviceName in here also...
+                body['rolePrivileges'] = [{
+                    'privilegeName': p
+                } for p in sys.argv[i + 1].split(',')]
+            i += 2
+        elif myarg == 'name':
+            body['roleName'] = sys.argv[i + 1]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam create adminrole')
+    print(f'Creating role {body["roleName"]}')
+    gapi.call(cd.roles(),
+              'insert',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              body=body)
+
+
+def print_():
+    cd = gapi_directory.build()
+    todrive = False
+    titles = [
+        'roleId', 'roleName', 'roleDescription', 'isSuperAdminRole',
+        'isSystemRole'
+    ]
+    fields = f'nextPageToken,items({",".join(titles)})'
+    csvRows = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam print adminroles')
+    roles = gapi.get_all_pages(cd.roles(),
+                               'list',
+                               'items',
+                               customer=GC_Values[GC_CUSTOMER_ID],
+                               fields=fields)
+    for role in roles:
+        role_attrib = {}
+        for key, value in list(role.items()):
+            role_attrib[key] = value
+        csvRows.append(role_attrib)
+    display.write_csv_file(csvRows, titles, 'Admin Roles', todrive)