mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
Updated gam create project to retry the following unexpected error:
Some checks failed
Build and test GAM / build (Win64, build, 10, VC-WIN64A, windows-2022) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 3, linux-aarch64, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 4, linux-aarch64, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 6, linux-aarch64, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 8, darwin64-arm64, macos-14) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 9, darwin64-arm64, macos-15) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 1, linux-x86_64, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 2, linux-x86_64, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 5, linux-x86_64, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 7, darwin64-x86_64, macos-13) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 11, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 12, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 13, ubuntu-24.04, 3.12) (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
Some checks failed
Build and test GAM / build (Win64, build, 10, VC-WIN64A, windows-2022) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 3, linux-aarch64, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 4, linux-aarch64, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 6, linux-aarch64, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 8, darwin64-arm64, macos-14) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 9, darwin64-arm64, macos-15) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 1, linux-x86_64, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 2, linux-x86_64, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 5, linux-x86_64, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 7, darwin64-x86_64, macos-13) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 11, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 12, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 13, ubuntu-24.04, 3.12) (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.
This commit is contained in:
@@ -1,3 +1,10 @@
|
|||||||
|
7.03.01
|
||||||
|
|
||||||
|
Updated `gam create project` to retry the following unexpected error:
|
||||||
|
```
|
||||||
|
ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.
|
||||||
|
```
|
||||||
|
|
||||||
7.03.00
|
7.03.00
|
||||||
|
|
||||||
Updated `gam create|use project` to discontinue use of the `Identity-Aware Proxy (IAP) OAuth Admin APIs`
|
Updated `gam create|use project` to discontinue use of the `Identity-Aware Proxy (IAP) OAuth Admin APIs`
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.03.00'
|
__version__ = '7.03.01'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -11361,13 +11361,32 @@ def doEnableAPIs():
|
|||||||
url = f'https://console.cloud.google.com/apis/enableflow?apiid={apiid}&project={projectId}'
|
url = f'https://console.cloud.google.com/apis/enableflow?apiid={apiid}&project={projectId}'
|
||||||
writeStdout(f' {url}\n\n')
|
writeStdout(f' {url}\n\n')
|
||||||
|
|
||||||
|
def _waitForSvcAcctCompletion(i):
|
||||||
|
sleep_time = i*5
|
||||||
|
if i > 3:
|
||||||
|
sys.stdout.write(Msg.WAITING_FOR_ITEM_CREATION_TO_COMPLETE_SLEEPING.format(Ent.Singular(Ent.SVCACCT), sleep_time))
|
||||||
|
time.sleep(sleep_time)
|
||||||
|
|
||||||
def _grantRotateRights(iam, projectId, service_account, email, account_type='serviceAccount'):
|
def _grantRotateRights(iam, projectId, service_account, email, account_type='serviceAccount'):
|
||||||
printEntityMessage([Ent.PROJECT, projectId, Ent.SVCACCT, email],
|
|
||||||
Msg.HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY.format(email, service_account))
|
|
||||||
body = {'policy': {'bindings': [{'role': 'roles/iam.serviceAccountKeyAdmin',
|
body = {'policy': {'bindings': [{'role': 'roles/iam.serviceAccountKeyAdmin',
|
||||||
'members': [f'{account_type}:{email}']}]}}
|
'members': [f'{account_type}:{email}']}]}}
|
||||||
|
maxRetries = 10
|
||||||
|
printEntityMessage([Ent.PROJECT, projectId, Ent.SVCACCT, email],
|
||||||
|
Msg.HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY.format(email, service_account))
|
||||||
|
for retry in range(1, maxRetries+1):
|
||||||
|
try:
|
||||||
callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
|
callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
|
||||||
|
throwReasons=[GAPI.INVALID_ARGUMENT],
|
||||||
resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)
|
resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)
|
||||||
|
return True
|
||||||
|
except GAPI.invalidArgument as e:
|
||||||
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
|
||||||
|
if 'does not exist' not in str(e) or retry == maxRetries:
|
||||||
|
return False
|
||||||
|
_waitForSvcAcctCompletion(retry)
|
||||||
|
except Exception as e:
|
||||||
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
|
||||||
|
return False
|
||||||
|
|
||||||
def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True):
|
def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True):
|
||||||
iam = getAPIService(API.IAM, httpObj)
|
iam = getAPIService(API.IAM, httpObj)
|
||||||
@@ -11392,8 +11411,7 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True)
|
|||||||
clientId=service_account['uniqueId']):
|
clientId=service_account['uniqueId']):
|
||||||
return False
|
return False
|
||||||
sa_email = service_account['name'].rsplit('/', 1)[-1]
|
sa_email = service_account['name'].rsplit('/', 1)[-1]
|
||||||
_grantRotateRights(iam, projectInfo['projectId'], sa_email, sa_email)
|
return _grantRotateRights(iam, projectInfo['projectId'], sa_email, sa_email)
|
||||||
return True
|
|
||||||
|
|
||||||
def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key=True):
|
def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key=True):
|
||||||
def _checkClientAndSecret(csHttpObj, client_id, client_secret):
|
def _checkClientAndSecret(csHttpObj, client_id, client_secret):
|
||||||
@@ -12563,12 +12581,6 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|||||||
else:
|
else:
|
||||||
unknownArgumentExit()
|
unknownArgumentExit()
|
||||||
|
|
||||||
def waitForCompletion(i):
|
|
||||||
sleep_time = i*5
|
|
||||||
if i > 3:
|
|
||||||
sys.stdout.write(Msg.WAITING_FOR_ITEM_CREATION_TO_COMPLETE_SLEEPING.format(Ent.Singular(Ent.SVCACCT), sleep_time))
|
|
||||||
time.sleep(sleep_time)
|
|
||||||
|
|
||||||
local_key_size = 2048
|
local_key_size = 2048
|
||||||
validityHours = 0
|
validityHours = 0
|
||||||
body = {}
|
body = {}
|
||||||
@@ -12638,12 +12650,12 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|||||||
if retry == maxRetries:
|
if retry == maxRetries:
|
||||||
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
||||||
return False
|
return False
|
||||||
waitForCompletion(retry)
|
_waitForSvcAcctCompletion(retry)
|
||||||
except GAPI.permissionDenied:
|
except GAPI.permissionDenied:
|
||||||
if retry == maxRetries:
|
if retry == maxRetries:
|
||||||
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
||||||
return False
|
return False
|
||||||
waitForCompletion(retry)
|
_waitForSvcAcctCompletion(retry)
|
||||||
except GAPI.badRequest as e:
|
except GAPI.badRequest as e:
|
||||||
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
||||||
return False
|
return False
|
||||||
@@ -12656,7 +12668,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|||||||
new_data['private_key'] = ''
|
new_data['private_key'] = ''
|
||||||
newPrivateKeyId = ''
|
newPrivateKeyId = ''
|
||||||
break
|
break
|
||||||
waitForCompletion(retry)
|
_waitForSvcAcctCompletion(retry)
|
||||||
new_data['private_key_id'] = newPrivateKeyId
|
new_data['private_key_id'] = newPrivateKeyId
|
||||||
oauth2service_data = _formatOAuth2ServiceData(new_data)
|
oauth2service_data = _formatOAuth2ServiceData(new_data)
|
||||||
else:
|
else:
|
||||||
@@ -12673,7 +12685,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|||||||
if retry == maxRetries:
|
if retry == maxRetries:
|
||||||
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
||||||
return False
|
return False
|
||||||
waitForCompletion(retry)
|
_waitForSvcAcctCompletion(retry)
|
||||||
except GAPI.badRequest as e:
|
except GAPI.badRequest as e:
|
||||||
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, clientEmail], str(e))
|
||||||
return False
|
return False
|
||||||
@@ -12714,7 +12726,7 @@ def doProcessSvcAcctKeys(mode=None, iam=None, projectId=None, clientEmail=None,
|
|||||||
if retry == maxRetries:
|
if retry == maxRetries:
|
||||||
entityActionFailedWarning([Ent.SVCACCT_KEY, keyName], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
entityActionFailedWarning([Ent.SVCACCT_KEY, keyName], Msg.UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS)
|
||||||
break
|
break
|
||||||
waitForCompletion(retry)
|
_waitForSvcAcctCompletion(retry)
|
||||||
except GAPI.badRequest as e:
|
except GAPI.badRequest as e:
|
||||||
entityActionFailedWarning([Ent.SVCACCT_KEY, keyName], str(e), i, count)
|
entityActionFailedWarning([Ent.SVCACCT_KEY, keyName], str(e), i, count)
|
||||||
break
|
break
|
||||||
|
|||||||
Reference in New Issue
Block a user