handle >1 access policies in org, action tests

2026-06-23 23:51:36 +00:00 · 2022-04-07 01:21:15 +00:00
parent 119538c10c
commit 41a10932cb
2 changed files with 12 additions and 5 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -661,6 +661,9 @@ jobs:
             touch $gampath/enabledasa.txt
             echo "printer model count:"
             $gam print printermodels | wc -l
+             $gam create caalevel "zzz_${newbase}" basic condition ipsubnetworks 1.1.1.1/32,2.2.2.2/32 endcondition
+             $gam print caalevels
+             $gam delete caalevel "zzz_${newbase}"
             #$gam print printers
             #$gam create printer displayname "${newbase}" uri ipp://localhost:631 driverless description "made by $(gam_user)"
             rm -f -v $gampath/enabledasa.txt
--- a/src/gam/gapi/caa.py
+++ b/src/gam/gapi/caa.py
@@ -29,13 +29,17 @@ def get_access_policy(caa=None):
                                 'accessPolicies',
                                 throw_reasons=THROW_REASONS,
                                 parent=parent,
-                                 fields='accessPolicies/name')
+                                 fields='accessPolicies(name,title)')
    except googleapiclient.errors.HttpError:
        controlflow.system_error_exit(2, 'Your service account needs the Access Context Manager Reader or Editor role for your organization.')
-    if len(aps) != 1:
-        print(f'expected 1 access policy, got {len(aps)}.')
-        return
-    return aps[0]['name']
+    if not aps:
+        controlflow.system_error_exit(2, 'You don\'t seem to have any access policies. That is odd.')
+    elif len(aps) == 1:
+        return aps[0]['name']
+    for ap in aps:
+        if ap.get('title') == 'Access policy created in Cloud Identity Console':
+            return ap['name']
+    controlflow.system_error_exit(2, ' Could not find a org level access policy. That is odd.')


 def print_access_levels():