Eliminate CI Groups Beta scope #1728

This commit is contained in:
Ross Scroggs
2025-10-29 13:10:06 -07:00
parent 3a160874cf
commit 4150bef601
3 changed files with 7 additions and 19 deletions

View File

@@ -3,6 +3,9 @@
Added option `addcsvdata <FieldName> <String>` to `gam print courses` Added option `addcsvdata <FieldName> <String>` to `gam print courses`
that adds additional columns of data to the CSV file output. that adds additional columns of data to the CSV file output.
The following scope is no longer necessary: `Cloud Identity API - Groups Beta (Enables group locking/unlocking)`
as this scope `Cloud Identity API - Groups` now provides group locking/unlocking.
7.27.04 7.27.04
Added options to `gam <UserTypeEntity> create delegate` that support Added options to `gam <UserTypeEntity> create delegate` that support

View File

@@ -35921,7 +35921,7 @@ def doPrintShowGroupTree():
# gam create cigroup <EmailAddress> # gam create cigroup <EmailAddress>
# [copyfrom <GroupItem>] <GroupAttribute> # [copyfrom <GroupItem>] <GroupAttribute>
# [makeowner] [alias|aliases <CIGroupAliasList>] # [makeowner] [alias|aliases <CIGroupAliasList>]
# [security|makesecuritygroup] # [security|makesecuritygroup] [locked]
# [dynamic <QueryDynamicGroup>] # [dynamic <QueryDynamicGroup>]
def doCreateCIGroup(): def doCreateCIGroup():
doCreateGroup(ciGroupsAPI=True) doCreateGroup(ciGroupsAPI=True)
@@ -36105,7 +36105,6 @@ def doUpdateCIGroups():
cd = buildGAPIObject(API.DIRECTORY) cd = buildGAPIObject(API.DIRECTORY)
ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS) ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
cib = None
entityType = Ent.CLOUD_IDENTITY_GROUP entityType = Ent.CLOUD_IDENTITY_GROUP
csvPF = None csvPF = None
getBeforeUpdate = preview = False getBeforeUpdate = preview = False
@@ -36214,7 +36213,6 @@ def doUpdateCIGroups():
_, name, _ = convertGroupEmailToCloudID(ci, group, i, count) _, name, _ = convertGroupEmailToCloudID(ci, group, i, count)
if not name: if not name:
continue continue
cipl = ci
twoUpdates = False twoUpdates = False
if 'labels' in ci_body or lockGroup is not None: if 'labels' in ci_body or lockGroup is not None:
try: try:
@@ -36243,20 +36241,16 @@ def doUpdateCIGroups():
else: else:
if CIGROUP_LOCKED_LABEL in ci_body['labels']: if CIGROUP_LOCKED_LABEL in ci_body['labels']:
ci_body['labels'].pop(CIGROUP_LOCKED_LABEL) ci_body['labels'].pop(CIGROUP_LOCKED_LABEL)
if CIGROUP_LOCKED_LABEL in ci_body['labels']:
if cib is None:
cib = buildGAPIObject(API.CLOUDIDENTITY_GROUPS_BETA)
cipl = cib
if ci_body: if ci_body:
try: try:
if twoUpdates: if twoUpdates:
ci_body['labels'].pop(CIGROUP_LOCKED_LABEL) ci_body['labels'].pop(CIGROUP_LOCKED_LABEL)
callGAPI(cipl.groups(), 'patch', callGAPI(ci.groups(), 'patch',
throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS, throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS,
retryReasons=GAPI.CIGROUP_RETRY_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
name=name, body=ci_body, updateMask=','.join(list(ci_body.keys()))) name=name, body=ci_body, updateMask=','.join(list(ci_body.keys())))
ci_body['labels'][CIGROUP_LOCKED_LABEL] = '' ci_body['labels'][CIGROUP_LOCKED_LABEL] = ''
callGAPI(cipl.groups(), 'patch', callGAPI(ci.groups(), 'patch',
throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS, throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS,
retryReasons=GAPI.CIGROUP_RETRY_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
name=name, body=ci_body, updateMask=','.join(list(ci_body.keys()))) name=name, body=ci_body, updateMask=','.join(list(ci_body.keys())))
@@ -37240,20 +37234,17 @@ def doPrintCIGroups():
else: else:
getFullFieldsList = list(CIGROUP_FULL_FIELDS) getFullFieldsList = list(CIGROUP_FULL_FIELDS)
getFullFields = ','.join(getFullFieldsList)# getFullFields = ','.join(getFullFieldsList)#
cipl = ci
if query: if query:
method = 'search' method = 'search'
if 'parent' not in query: if 'parent' not in query:
query += f" && parent == '{parent}'" query += f" && parent == '{parent}'"
kwargs = {'query': query} kwargs = {'query': query}
if CIGROUP_LOCKED_LABEL in query:
cipl = buildGAPIObject(API.CLOUDIDENTITY_GROUPS_BETA)
else: else:
method = 'list' method = 'list'
kwargs = {'parent': parent} kwargs = {'parent': parent}
printGettingAllAccountEntities(Ent.CLOUD_IDENTITY_GROUP, query) printGettingAllAccountEntities(Ent.CLOUD_IDENTITY_GROUP, query)
try: try:
entityList = callGAPIpages(cipl.groups(), method, 'groups', entityList = callGAPIpages(ci.groups(), method, 'groups',
pageMessage=getPageMessage(showFirstLastItems=True), messageAttribute=['groupKey', 'id'], pageMessage=getPageMessage(showFirstLastItems=True), messageAttribute=['groupKey', 'id'],
throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS, throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
view='FULL', fields=fieldsnp, pageSize=pageSize, **kwargs) view='FULL', fields=fieldsnp, pageSize=pageSize, **kwargs)

View File

@@ -46,7 +46,6 @@ CLASSROOM = 'classroom'
CLOUDCHANNEL = 'cloudchannel' CLOUDCHANNEL = 'cloudchannel'
CLOUDIDENTITY_DEVICES = 'cloudidentitydevices' CLOUDIDENTITY_DEVICES = 'cloudidentitydevices'
CLOUDIDENTITY_GROUPS = 'cloudidentitygroups' CLOUDIDENTITY_GROUPS = 'cloudidentitygroups'
CLOUDIDENTITY_GROUPS_BETA = 'cloudidentitygroupsbeta'
CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso' CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso'
CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits' CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits'
CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta' CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta'
@@ -242,7 +241,6 @@ _INFO = {
CLOUDCHANNEL: {'name': 'Cloud Channel API', 'version': 'v1', 'v2discovery': True}, CLOUDCHANNEL: {'name': 'Cloud Channel API', 'version': 'v1', 'v2discovery': True},
CLOUDIDENTITY_DEVICES: {'name': 'Cloud Identity API - Devices', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'}, CLOUDIDENTITY_DEVICES: {'name': 'Cloud Identity API - Devices', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
CLOUDIDENTITY_GROUPS: {'name': 'Cloud Identity API - Groups', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'}, CLOUDIDENTITY_GROUPS: {'name': 'Cloud Identity API - Groups', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
CLOUDIDENTITY_GROUPS_BETA: {'name': 'Cloud Identity API - Groups Beta', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity API - Inbound SSO Settings', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'}, CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity API - Inbound SSO Settings', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity API - OrgUnits', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'}, CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity API - OrgUnits', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity API - OrgUnits Beta', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'}, CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity API - OrgUnits Beta', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
@@ -387,10 +385,6 @@ _CLIENT_SCOPES = [
'api': CLOUDIDENTITY_GROUPS, 'api': CLOUDIDENTITY_GROUPS,
'subscopes': READONLY, 'subscopes': READONLY,
'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'}, 'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
{'name': 'Cloud Identity API - Groups Beta (Enables group locking/unlocking)',
'api': CLOUDIDENTITY_GROUPS_BETA,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
{'name': 'Cloud Identity API - Inbound SSO Settings', {'name': 'Cloud Identity API - Inbound SSO Settings',
'api': CLOUDIDENTITY_INBOUND_SSO, 'api': CLOUDIDENTITY_INBOUND_SSO,
'subscopes': READONLY, 'subscopes': READONLY,