mirror of
https://github.com/GAM-team/GAM.git
synced 2025-07-10 14:43:34 +00:00
check serviceaccount command, better error on missing service scopes
This commit is contained in:
26
src/gam.py
26
src/gam.py
@ -1160,17 +1160,20 @@ def getSvcAcctAPIversionHttpService(api):
|
|||||||
except (ValueError, KeyError):
|
except (ValueError, KeyError):
|
||||||
invalidJSONExit(disc_file)
|
invalidJSONExit(disc_file)
|
||||||
|
|
||||||
def buildGAPIServiceObject(api, act_as):
|
def buildGAPIServiceObject(api, act_as, use_scopes=None):
|
||||||
_, http, service = getSvcAcctAPIversionHttpService(api)
|
_, http, service = getSvcAcctAPIversionHttpService(api)
|
||||||
GM_Globals[GM_CURRENT_API_USER] = act_as
|
GM_Globals[GM_CURRENT_API_USER] = act_as
|
||||||
GM_Globals[GM_CURRENT_API_SCOPES] = API_SCOPE_MAPPING[api]
|
GM_Globals[GM_CURRENT_API_SCOPES] = API_SCOPE_MAPPING[api]
|
||||||
credentials = getSvcAcctCredentials(GM_Globals[GM_CURRENT_API_SCOPES], act_as)
|
if not use_scopes:
|
||||||
|
use_scopes = GM_Globals[GM_CURRENT_API_SCOPES]
|
||||||
|
credentials = getSvcAcctCredentials(use_scopes, act_as)
|
||||||
try:
|
try:
|
||||||
service._http = credentials.authorize(http)
|
service._http = credentials.authorize(http)
|
||||||
|
service._http.request.credentials.refresh(httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL]))
|
||||||
except httplib2.ServerNotFoundError as e:
|
except httplib2.ServerNotFoundError as e:
|
||||||
systemErrorExit(4, e)
|
systemErrorExit(4, e)
|
||||||
except oauth2client.client.AccessTokenRefreshError as e:
|
except oauth2client.client.AccessTokenRefreshError as e:
|
||||||
entityServiceNotApplicableWarning([u'Calendar', u'User'][api != u'calendar'], act_as, 0, 0)
|
print u'ERROR user %s: %s' % (act_as, e)
|
||||||
return handleOAuthTokenError(e, True)
|
return handleOAuthTokenError(e, True)
|
||||||
return service
|
return service
|
||||||
|
|
||||||
@ -1194,6 +1197,19 @@ def buildGplusGAPIObject(user):
|
|||||||
userEmail = convertUserUIDtoEmailAddress(user)
|
userEmail = convertUserUIDtoEmailAddress(user)
|
||||||
return (userEmail, buildGAPIServiceObject(u'plus', userEmail))
|
return (userEmail, buildGAPIServiceObject(u'plus', userEmail))
|
||||||
|
|
||||||
|
def doCheckServiceAccount(users):
|
||||||
|
for user in users:
|
||||||
|
for api, scopes in API_SCOPE_MAPPING.items():
|
||||||
|
#print u'Checking %s access for %s' % (user, api)
|
||||||
|
for scope in scopes:
|
||||||
|
try:
|
||||||
|
service = buildGAPIServiceObject(api, act_as=user, use_scopes=scope)
|
||||||
|
service._http.request.credentials.refresh(httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL]))
|
||||||
|
result = u'pass'
|
||||||
|
except oauth2client.client.HttpAccessTokenRefreshError:
|
||||||
|
result = u'FAIL'
|
||||||
|
print u'Scope: {0:60} {1}'.format(scope, result)
|
||||||
|
|
||||||
def showReport():
|
def showReport():
|
||||||
|
|
||||||
def _adjustDate(errMsg):
|
def _adjustDate(errMsg):
|
||||||
@ -10691,6 +10707,10 @@ def ProcessGAMCommand(args):
|
|||||||
else:
|
else:
|
||||||
print u'ERROR: %s is not a valid argument for "gam <users> info"' % infoWhat
|
print u'ERROR: %s is not a valid argument for "gam <users> info"' % infoWhat
|
||||||
sys.exit(2)
|
sys.exit(2)
|
||||||
|
elif command == u'check':
|
||||||
|
checkWhat = sys.argv[4].replace(u'_', '').lower()
|
||||||
|
if checkWhat == u'serviceaccount':
|
||||||
|
doCheckServiceAccount(users)
|
||||||
elif command == u'profile':
|
elif command == u'profile':
|
||||||
doProfile(users)
|
doProfile(users)
|
||||||
elif command == u'imap':
|
elif command == u'imap':
|
||||||
|
Reference in New Issue
Block a user