Added command to display selected Cloud Identity policies.
Some checks are pending
Build and test GAM / build (Win64, build, 8, VC-WIN64A, windows-2022) (push) Waiting to run
Build and test GAM / build (aarch64, build, 3, linux-aarch64, [self-hosted linux arm64]) (push) Waiting to run
Build and test GAM / build (aarch64, build, 5, linux-aarch64, [self-hosted linux arm64], yes) (push) Waiting to run
Build and test GAM / build (aarch64, build, 7, darwin64-arm64, macos-14) (push) Waiting to run
Build and test GAM / build (x86_64, build, 1, linux-x86_64, ubuntu-22.04) (push) Waiting to run
Build and test GAM / build (x86_64, build, 2, linux-x86_64, ubuntu-24.04) (push) Waiting to run
Build and test GAM / build (x86_64, build, 4, linux-x86_64, ubuntu-22.04, yes) (push) Waiting to run
Build and test GAM / build (x86_64, build, 6, darwin64-x86_64, macos-13) (push) Waiting to run
Build and test GAM / build (x86_64, test, 10, ubuntu-24.04, 3.10) (push) Waiting to run
Build and test GAM / build (x86_64, test, 11, ubuntu-24.04, 3.11) (push) Waiting to run
Build and test GAM / build (x86_64, test, 12, ubuntu-24.04, 3.12) (push) Waiting to run
Build and test GAM / build (x86_64, test, 9, ubuntu-24.04, 3.9) (push) Waiting to run
Build and test GAM / merge (push) Blocked by required conditions
Build and test GAM / publish (push) Blocked by required conditions
CodeQL / Analyze (python) (push) Waiting to run
Check for Google Root CA Updates / check-apis (push) Waiting to run

This commit is contained in:
Ross Scroggs
2024-10-25 16:01:15 -07:00
parent 01a6781454
commit 40899de989
10 changed files with 164 additions and 88 deletions

View File

@@ -14,12 +14,15 @@ To use these commands you must update your client access authentication.
``` ```
gam oauth create gam oauth create
... ...
[*] 19) Cloud Identity - Policy [R] 19) Cloud Identity - Policy
``` ```
## Definitions ## Definitions
``` ```
<CIPolicyName> ::= policies/<String> <CIPolicyName> ::= policies/<String>
<CIPolicyNameList> ::= "<CIPolicyName>(,<CIPolicyName>)*"
<CIPolicyNameEntity> ::=
<CIPolicyNameList> | <FileSelector> | <CSVFileSelector>
``` ```
## Policies ## Policies
@@ -305,26 +308,41 @@ workspace_marketplace.apps_allowlist
apps apps
``` ```
## Display Cloud Identity Policies ## Display Cloud Identity Policies
Display selected policies.
```
gam info policies <CIPolicyEntity>
[nowarnings]
[formatjson]
```
By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display.
By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format.
Display all or filtered policies.
``` ```
gam show policies gam show policies
[(filter <String>)|(name <CIPolicyName>)] [nowarnings] [filter <String>] [nowarnings]
[formatjson] [formatjson]
``` ```
By default, all policies are displayed. By default, all policies are displayed.
* `filter <String>` - Display filtered policies, See https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Policies * `filter <String>` - Display filtered policies, See https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Policies
* `name <CIPolicyName>` - Display a specfic policy
By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display.
By default, Gam displays the information as an indented list of keys and values. By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.
``` ```
gam print policies [todrive <ToDriveAttribute>*] gam print policies [todrive <ToDriveAttribute>*]
[(filter <String>)|(name <CIPolicyName>)] [nowarnings] [filter <String>] [nowarnings]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
``` ```
By default, all policies are displayed: By default, all policies are displayed:
* `filter <String>` - Display filtered policies, See https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Policies * `filter <String>` - Display filtered policies, See https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Policies
* `name <CIPolicyName>` - Display a specfic policy
By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display.
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format, By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.

View File

@@ -1,4 +1,4 @@
!# Collections of Items # Collections of Items
- [Python Regular Expressions](Python-Regular-Expressions) Match function - [Python Regular Expressions](Python-Regular-Expressions) Match function
- [Definitions](#definitions) - [Definitions](#definitions)
- [ListSelector](#listselector) - [ListSelector](#listselector)
@@ -144,6 +144,8 @@ Data fields identified in a `csvkmd` argument.
<CalendarACLScopeList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector> <CalendarACLScopeList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
<CalendarEntity> ::= <CalendarEntity> ::=
<CalendarList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector> <CalendarList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
<CIPolicyNameEntity> ::=
<CIPolicyNameList> | <FileSelector> | <CSVFileSelector>
<ClassroomInvitationIDEntity> ::= <ClassroomInvitationIDEntity> ::=
<ClassroomInvitationIDList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector> <ClassroomInvitationIDList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
<ContactEntity> ::= <ContactEntity> ::=

View File

@@ -10,6 +10,17 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
### 7.00.30
Added command to display selected Cloud Identity policies.
```
gam info policies <CIPolicyNameEntity>
[nowarnings]
[formatjson]
```
Removed option `name <CIPolicyName>` from `gam print|show policies`; use `info policies`.
### 7.00.29 ### 7.00.29
Added option `name <CIPolicyName>` to `gam print|show policies` that displays Added option `name <CIPolicyName>` to `gam print|show policies` that displays

View File

@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
admin@server:/Users/admin$ gam version admin@server:/Users/admin$ gam version
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
GAM 7.00.29 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64
@@ -923,7 +923,7 @@ writes the credentials into the file oauth2.txt.
C:\>del C:\GAMConfig\oauth2.txt C:\>del C:\GAMConfig\oauth2.txt
C:\>gam version C:\>gam version
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
GAM7 7.00.29 - https://github.com/GAM-team/GAM - pythonsource GAM7 7.00.30 - https://github.com/GAM-team/GAM - pythonsource
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
Windows-10-10.0.17134 AMD64 Windows-10-10.0.17134 AMD64

View File

@@ -13,6 +13,7 @@
<ChatSpaceList> ::= "<ChatSpace>(,<ChatSpace>)*" <ChatSpaceList> ::= "<ChatSpace>(,<ChatSpace>)*"
<CIGroupAliasList> ::= "<CIGroupAlias>(,<CIGroupAlias>)*" <CIGroupAliasList> ::= "<CIGroupAlias>(,<CIGroupAlias>)*"
<CIGroupTypeList> ::= "<CIGroupType>(,<CIGroupType>)*" <CIGroupTypeList> ::= "<CIGroupType>(,<CIGroupType>)*"
<CIPolicyNameList> ::= "<CIPolicyName>(,<CIPolicyName>)*"
<ClassroomInvitationIDList> ::= "<ClassroomInvitationID>(,<ClassroomInvitationID>)*" <ClassroomInvitationIDList> ::= "<ClassroomInvitationID>(,<ClassroomInvitationID>)*"
<ContactGroupList> ::= "<ContactGroupItem>(,<ContactGroupItem>)*" <ContactGroupList> ::= "<ContactGroupItem>(,<ContactGroupItem>)*"
<ContactIDList> ::= "<ContactID>(,<ContactID>)*" <ContactIDList> ::= "<ContactID>(,<ContactID>)*"

View File

@@ -3,7 +3,7 @@
Print the current version of Gam with details Print the current version of Gam with details
``` ```
gam version gam version
GAM 7.00.29 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64
@@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00
Print the current version of Gam with details and time offset information Print the current version of Gam with details and time offset information
``` ```
gam version timeoffset gam version timeoffset
GAM 7.00.29 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
Print the current version of Gam with extended details and SSL information Print the current version of Gam with extended details and SSL information
``` ```
gam version extended gam version extended
GAM 7.00.29 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Version Check: Version Check:
Current: 5.35.08 Current: 5.35.08
Latest: 7.00.29 Latest: 7.00.30
echo $? echo $?
1 1
``` ```
@@ -72,7 +72,7 @@ echo $?
Print the current version number without details Print the current version number without details
``` ```
gam version simple gam version simple
7.00.29 7.00.30
``` ```
In Linux/MacOS you can do: In Linux/MacOS you can do:
``` ```
@@ -82,7 +82,7 @@ echo $VER
Print the current version of Gam and address of this Wiki Print the current version of Gam and address of this Wiki
``` ```
gam help gam help
GAM 7.00.29 - https://github.com/GAM-team/GAM GAM 7.00.30 - https://github.com/GAM-team/GAM
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64

View File

@@ -665,6 +665,7 @@ If an item contains spaces, it should be surrounded by ".
<ChatSpaceList> ::= "<ChatSpace>(,<ChatSpace>)*" <ChatSpaceList> ::= "<ChatSpace>(,<ChatSpace>)*"
<CIGroupAliasList> ::= "<CIGroupAlias>(,<CIGroupAlias>)*" <CIGroupAliasList> ::= "<CIGroupAlias>(,<CIGroupAlias>)*"
<CIGroupTypeList> ::= "<CIGroupType>(,<CIGroupType>)*" <CIGroupTypeList> ::= "<CIGroupType>(,<CIGroupType>)*"
<CIPolicyNameList> ::= "<CIPolicyName>(,<CIPolicyName>)*"
<ClassroomInvitationIDList> ::= "<ClassroomInvitationID>(,<ClassroomInvitationID>)*" <ClassroomInvitationIDList> ::= "<ClassroomInvitationID>(,<ClassroomInvitationID>)*"
<ContactGroupList> ::= "<ContactGroupItem>(,<ContactGroupItem>)*" <ContactGroupList> ::= "<ContactGroupItem>(,<ContactGroupItem>)*"
<ContactIDList> ::= "<ContactID>(,<ContactID>)*" <ContactIDList> ::= "<ContactID>(,<ContactID>)*"
@@ -1001,6 +1002,8 @@ Specify a collection of items by directly specifying them; the item type is dete
<CalendarACLScopeList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector> <CalendarACLScopeList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
<CalendarEntity> ::= <CalendarEntity> ::=
<CalendarList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector> <CalendarList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
<CIPolicyNameEntity> ::=
<CIPolicyNameList> | <FileSelector> | <CSVFileSelector>
<ClassroomInvitationIDEntity> ::= <ClassroomInvitationIDEntity> ::=
<ClassroomInvitationIDList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector> <ClassroomInvitationIDList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
<ContactEntity> ::= <ContactEntity> ::=
@@ -4072,11 +4075,15 @@ gam update deviceuserstate <DeviceUserEntity> [clientid <String>]
# Cloud Identity Policies # Cloud Identity Policies
gam info policies <CIPolicyNameEntity>
[nowarnings]
[formatjson]
gam print policies [todrive <ToDriveAttribute>*] gam print policies [todrive <ToDriveAttribute>*]
[(filter <String>)|(name <CIPolicyName>)] [nowarnings] [filter <String>] [nowarnings]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
gam show policies gam show policies
[(filter <String>)|(name <CIPolicyName>)] [nowarnings] [filter <String>] [nowarnings]
[formatjson] [formatjson]
# Inbound SSO # Inbound SSO

View File

@@ -1,3 +1,14 @@
7.00.30
Added command to display selected Cloud Identity policies.
```
gam info policies <CIPolicyNameEntity>
[nowarnings]
[formatjson]
```
Removed option `name <CIPolicyName>` from `gam print|show policies`; use `info policies`.
7.00.29 7.00.29
Added option `name <CIPolicyName>` to `gam print|show policies` that displays Added option `name <CIPolicyName>` to `gam print|show policies` that displays
@@ -94,6 +105,8 @@ as files/folders are being identified for processing.
Added option `<JSONData>` to `gam create|update caalevel`. Added option `<JSONData>` to `gam create|update caalevel`.
Updated to Python 3.13.0.
7.00.15 7.00.15
Added options `timestamp [<Boolean>]` and `timeformat <String>` to `gam <UserTypeEntity> create|update drivefile` that allow Added options `timestamp [<Boolean>]` and `timeformat <String>` to `gam <UserTypeEntity> create|update drivefile` that allow

View File

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
""" """
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>' __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
__version__ = '7.00.29' __version__ = '7.00.30'
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)' __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
#pylint: disable=wrong-import-position #pylint: disable=wrong-import-position
@@ -35089,15 +35089,29 @@ def updateFieldsForCIGroupMatchPatterns(matchPatterns, fieldsList, csvPF=None):
CIPOLICY_TIME_OBJECTS = {'createTime', 'updateTime'} CIPOLICY_TIME_OBJECTS = {'createTime', 'updateTime'}
# gam print policies [todrive <ToDriveAttribute>*] # Policies where GAM should offer additional guidance and information
# [(filter <String>)|(name <PolicyName>)] [nowarnings] CIPOLICY_ADDITIONAL_WARNINGS = {
# [formatjson [quotechar <Character>]] 'settings/drive_and_docs.external_sharing': {
# gam show policies 'warningType': 'SUPERSEDED_POLICY',
# [(filter <String>)|(name <PolicyName>)] [nowarnings] 'warningMessage': 'CAUTION: Drive Sharing settings are superseded by Drive Trust Rules if Trust Rules has been enabled for your domain. Drive Trust Rule settings are not available in the Policy API today so GAM is not able to check if Trust Rules is enabled and if the settings/drive_and_docs.external_sharing policies are actually in effect for your domain. If Drive Trust Rules is enabled for your domain then this settings/drive_and_docs.external_sharing policy does not accurately reflect your current Drive sharing settings.'
# [formatjson] }
def doPrintShowCIPolicies(): }
def _showPolicy(policy, FJQC, i=0, count=0): def _cleanPolicy(policy, add_warnings, cd, groups_ci):
# convert any wordlists into spaced strings to reduce output complexity
if policy['setting']['type'] == 'settings/detector.word_list':
policy['setting']['value']['wordList'] = ' '.join(policy['setting']['value']['wordList']['words'])
# add any warnings to applicable policies
if add_warnings and policy['setting']['type'] in CIPOLICY_ADDITIONAL_WARNINGS:
policy['warning'] = CIPOLICY_ADDITIONAL_WARNINGS[policy['setting']['type']]
if groupId := policy['policyQuery'].get('group'):
_, _, policy['policyQuery']['groupEmail'] = convertGroupCloudIDToEmail(groups_ci, groupId)
# all groups are in the root OU so the orgUnit attribute is useless
policy['policyQuery'].pop('orgUnit', None)
elif orgId := policy['policyQuery'].get('orgUnit'):
policy['policyQuery']['orgUnitPath'] = convertOrgUnitIDtoPath(cd, orgId)
def _showPolicy(policy, FJQC, i=0, count=0):
if FJQC is not None and FJQC.formatJSON: if FJQC is not None and FJQC.formatJSON:
printLine(json.dumps(cleanJSON(policy, timeObjects=CIPOLICY_TIME_OBJECTS), printLine(json.dumps(cleanJSON(policy, timeObjects=CIPOLICY_TIME_OBJECTS),
ensure_ascii=False, ensure_ascii=False,
@@ -35107,10 +35121,50 @@ def doPrintShowCIPolicies():
Ind.Increment() Ind.Increment()
policy.pop('name') policy.pop('name')
showJSON(None, policy, timeObjects=CIPOLICY_TIME_OBJECTS) showJSON(None, policy, timeObjects=CIPOLICY_TIME_OBJECTS)
if not pname:
printBlankLine() printBlankLine()
Ind.Decrement() Ind.Decrement()
# gam info policies <CIPolicyNameEntity>
# [nowarnings] [formatjson]
def doInfoCIPolicies():
groups_ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
ci = buildGAPIObject(API.CLOUDIDENTITY_POLICY)
cd = buildGAPIObject(API.DIRECTORY)
entityList = getEntityList(Cmd.OB_CIPOLICY_NAME_ENTITY)
FJQC = FormatJSONQuoteChar()
add_warnings = True
while Cmd.ArgumentsRemaining():
myarg = getArgument()
if myarg == 'nowarnings':
add_warnings = False
else:
FJQC.GetFormatJSON(myarg)
i = 0
count = len(entityList)
for pname in entityList:
i += 1
if not pname.startswith('policies/'):
pname = 'policies/'+pname
try:
policy = callGAPI(ci.policies(), 'get',
bailOnInternalError=True,
throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.INTERNAL_ERROR],
name=pname,
fields='name,policyQuery(group,orgUnit,sortOrder),type,setting')
_cleanPolicy(policy, add_warnings, cd, groups_ci)
_showPolicy(policy, FJQC, i, count)
except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.internalError) as e:
entityActionFailedWarning([Ent.POLICY, pname], str(e), i, count)
continue
# gam print policies [todrive <ToDriveAttribute>*]
# [filter <String>] [nowarnings]
# [formatjson [quotechar <Character>]]
# gam show policies
# [filter <String>] [nowarnings]
# [formatjson]
def doPrintShowCIPolicies():
def _printPolicy(policy): def _printPolicy(policy):
row = flattenJSON(policy, timeObjects=CIPOLICY_TIME_OBJECTS) row = flattenJSON(policy, timeObjects=CIPOLICY_TIME_OBJECTS)
if not FJQC.formatJSON: if not FJQC.formatJSON:
@@ -35121,19 +35175,12 @@ def doPrintShowCIPolicies():
ensure_ascii=False, ensure_ascii=False,
sort_keys=True)}) sort_keys=True)})
# Policies where GAM should offer additional guidance and information
warnings = {
'settings/drive_and_docs.external_sharing': {
'warningType': 'SUPERSEDED_POLICY',
'warningMessage': 'CAUTION: Drive Sharing settings are superseded by Drive Trust Rules if Trust Rules has been enabled for your domain. Drive Trust Rule settings are not available in the Policy API today so GAM is not able to check if Trust Rules is enabled and if the settings/drive_and_docs.external_sharing policies are actually in effect for your domain. If Drive Trust Rules is enabled for your domain then this settings/drive_and_docs.external_sharing policy does not accurately reflect your current Drive sharing settings.'
}
}
groups_ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS) groups_ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
ci = buildGAPIObject(API.CLOUDIDENTITY_POLICY) ci = buildGAPIObject(API.CLOUDIDENTITY_POLICY)
cd = buildGAPIObject(API.DIRECTORY) cd = buildGAPIObject(API.DIRECTORY)
csvPF = CSVPrintFile(['name']) if Act.csvFormat() else None csvPF = CSVPrintFile(['name']) if Act.csvFormat() else None
FJQC = FormatJSONQuoteChar(csvPF) FJQC = FormatJSONQuoteChar(csvPF)
ifilter = pname = None ifilter = None
add_warnings = True add_warnings = True
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
@@ -35141,63 +35188,36 @@ def doPrintShowCIPolicies():
csvPF.GetTodriveParameters() csvPF.GetTodriveParameters()
elif myarg == 'filter': elif myarg == 'filter':
ifilter = getString(Cmd.OB_STRING) ifilter = getString(Cmd.OB_STRING)
elif myarg == 'name':
pname = getString(Cmd.OB_STRING)
elif myarg == 'nowarnings': elif myarg == 'nowarnings':
add_warnings = False add_warnings = False
else: else:
FJQC.GetFormatJSONQuoteChar(myarg, True) FJQC.GetFormatJSONQuoteChar(myarg, True)
if ifilter and pname:
usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('filter', 'name'))
throwReasons = [GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.INTERNAL_ERROR]
fields = 'name,policyQuery(group,orgUnit,sortOrder),type,setting'
if not pname:
printGettingAllAccountEntities(Ent.POLICY, ifilter) printGettingAllAccountEntities(Ent.POLICY, ifilter)
pageMessage = getPageMessage() pageMessage = getPageMessage()
try: try:
policies = callGAPIpages(ci.policies(), 'list', 'policies', policies = callGAPIpages(ci.policies(), 'list', 'policies',
throwReasons=throwReasons,
pageMessage=pageMessage, pageMessage=pageMessage,
throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
filter=ifilter, filter=ifilter,
fields=f'nextPageToken,policies({fields})', fields='nextPageToken,policies(name,policyQuery(group,orgUnit,sortOrder),type,setting)',
pageSize=100) pageSize=100)
except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied) as e: except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied) as e:
entityActionFailedExit([Ent.POLICY, None], str(e)) entityActionFailedExit([Ent.POLICY, None], str(e))
else:
try:
policies = [callGAPI(ci.policies(), 'get',
bailOnInternalError=True,
throwReasons=throwReasons,
name=pname,
fields=fields)]
except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.internalError) as e:
entityActionFailedExit([Ent.POLICY, pname], str(e))
# Google returns unordered results, sort them by setting type # Google returns unordered results, sort them by setting type
policies = sorted(policies, key=lambda p: p.get('setting', {}).get('type', '')) policies = sorted(policies, key=lambda p: p.get('setting', {}).get('type', ''))
for policy in policies:
# convert any wordlists into spaced strings to reduce output complexity
if policy['setting']['type'] == 'settings/detector.word_list':
policy['setting']['value']['wordList'] = ' '.join(policy['setting']['value']['wordList']['words'])
# add any warnings to applicable policies
if add_warnings and policy['setting']['type'] in warnings:
policy['warning'] = warnings[policy['setting']['type']]
if groupId := policy['policyQuery'].get('group'):
_, _, policy['policyQuery']['groupEmail'] = convertGroupCloudIDToEmail(groups_ci, groupId)
# all groups are in the root OU so the orgUnit attribute is useless
policy['policyQuery'].pop('orgUnit', None)
elif orgId := policy['policyQuery'].get('orgUnit'):
policy['policyQuery']['orgUnitPath'] = convertOrgUnitIDtoPath(cd, orgId)
if not csvPF: if not csvPF:
jcount = len(policies) count = len(policies)
performActionNumItems(jcount, Ent.POLICY) performActionNumItems(count, Ent.POLICY)
Ind.Increment() Ind.Increment()
j = 0 i = 0
for policy in policies: for policy in policies:
j += 1 i += 1
_showPolicy(policy, FJQC, j, jcount) _cleanPolicy(policy, add_warnings, cd, groups_ci)
_showPolicy(policy, FJQC, i, count)
Ind.Decrement() Ind.Decrement()
else: else:
for policy in policies: for policy in policies:
_cleanPolicy(policy, add_warnings, cd, groups_ci)
_printPolicy(policy) _printPolicy(policy)
if csvPF: if csvPF:
csvPF.writeCSVfile('Policies') csvPF.writeCSVfile('Policies')
@@ -75125,6 +75145,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
Cmd.ARG_CHROMESCHEMA: doInfoChromePolicySchemas, Cmd.ARG_CHROMESCHEMA: doInfoChromePolicySchemas,
Cmd.ARG_CIGROUP: doInfoCIGroups, Cmd.ARG_CIGROUP: doInfoCIGroups,
Cmd.ARG_CIGROUPMEMBERS: doInfoCIGroupMembers, Cmd.ARG_CIGROUPMEMBERS: doInfoCIGroupMembers,
Cmd.ARG_CIPOLICY: doInfoCIPolicies,
Cmd.ARG_CONTACT: doInfoDomainContacts, Cmd.ARG_CONTACT: doInfoDomainContacts,
Cmd.ARG_COURSE: doInfoCourse, Cmd.ARG_COURSE: doInfoCourse,
Cmd.ARG_COURSES: doInfoCourses, Cmd.ARG_COURSES: doInfoCourses,
@@ -75212,7 +75233,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions, Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
Cmd.ARG_CIGROUP: doPrintCIGroups, Cmd.ARG_CIGROUP: doPrintCIGroups,
Cmd.ARG_CIGROUPMEMBERS: doPrintCIGroupMembers, Cmd.ARG_CIGROUPMEMBERS: doPrintCIGroupMembers,
Cmd.ARG_CIPOLICIES: doPrintShowCIPolicies, Cmd.ARG_CIPOLICY: doPrintShowCIPolicies,
Cmd.ARG_CLASSROOMINVITATION: doPrintShowClassroomInvitations, Cmd.ARG_CLASSROOMINVITATION: doPrintShowClassroomInvitations,
Cmd.ARG_CONTACT: doPrintShowDomainContacts, Cmd.ARG_CONTACT: doPrintShowDomainContacts,
Cmd.ARG_COURSE: doPrintCourses, Cmd.ARG_COURSE: doPrintCourses,
@@ -75341,7 +75362,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas, Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas,
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions, Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers, Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers,
Cmd.ARG_CIPOLICIES: doPrintShowCIPolicies, Cmd.ARG_CIPOLICY: doPrintShowCIPolicies,
Cmd.ARG_CLASSROOMINVITATION: doPrintShowClassroomInvitations, Cmd.ARG_CLASSROOMINVITATION: doPrintShowClassroomInvitations,
Cmd.ARG_CONTACT: doPrintShowDomainContacts, Cmd.ARG_CONTACT: doPrintShowDomainContacts,
Cmd.ARG_CROSTELEMETRY: doInfoPrintShowCrOSTelemetry, Cmd.ARG_CROSTELEMETRY: doInfoPrintShowCrOSTelemetry,
@@ -75525,6 +75546,7 @@ MAIN_COMMANDS_OBJ_ALIASES = {
Cmd.ARG_CIGROUPSMEMBERS: Cmd.ARG_CIGROUPMEMBERS, Cmd.ARG_CIGROUPSMEMBERS: Cmd.ARG_CIGROUPMEMBERS,
Cmd.ARG_CIMEMBER: Cmd.ARG_CIGROUPMEMBERS, Cmd.ARG_CIMEMBER: Cmd.ARG_CIGROUPMEMBERS,
Cmd.ARG_CIMEMBERS: Cmd.ARG_CIGROUPMEMBERS, Cmd.ARG_CIMEMBERS: Cmd.ARG_CIGROUPMEMBERS,
Cmd.ARG_CIPOLICIES: Cmd.ARG_CIPOLICY,
Cmd.ARG_CLASS: Cmd.ARG_COURSE, Cmd.ARG_CLASS: Cmd.ARG_COURSE,
Cmd.ARG_CLASSES: Cmd.ARG_COURSES, Cmd.ARG_CLASSES: Cmd.ARG_COURSES,
Cmd.ARG_CLASSPARTICIPANTS: Cmd.ARG_COURSEPARTICIPANTS, Cmd.ARG_CLASSPARTICIPANTS: Cmd.ARG_COURSEPARTICIPANTS,

View File

@@ -493,6 +493,7 @@ class GamCLArgs():
ARG_CIGROUPSMEMBERS = 'cigroupsmembers' ARG_CIGROUPSMEMBERS = 'cigroupsmembers'
ARG_CIMEMBER = 'cimember' ARG_CIMEMBER = 'cimember'
ARG_CIMEMBERS = 'cimembers' ARG_CIMEMBERS = 'cimembers'
ARG_CIPOLICY = 'policy'
ARG_CIPOLICIES = 'policies' ARG_CIPOLICIES = 'policies'
ARG_CLASS = 'class' ARG_CLASS = 'class'
ARG_CLASSES = 'classes' ARG_CLASSES = 'classes'
@@ -844,6 +845,7 @@ class GamCLArgs():
OB_CHROME_VERSION = 'ChromeVersion' OB_CHROME_VERSION = 'ChromeVersion'
OB_CIDR_NETMASK = 'CIDRnetmask' OB_CIDR_NETMASK = 'CIDRnetmask'
OB_CIGROUP_ALIAS_LIST = "CIGroupAliasList" OB_CIGROUP_ALIAS_LIST = "CIGroupAliasList"
OB_CIPOLICY_NAME_ENTITY = 'CIPolicyNameEntity'
OB_CLASSROOM_INVITATION_ID_ENTITY = 'ClassroomInvitationIDEntity' OB_CLASSROOM_INVITATION_ID_ENTITY = 'ClassroomInvitationIDEntity'
OB_CLIENT_ID = 'ClientID' OB_CLIENT_ID = 'ClientID'
OB_COLLABORATOR_ITEM = 'CollaboratorItem' OB_COLLABORATOR_ITEM = 'CollaboratorItem'