From 448d58f9baaaad3082664c45e852de451db9b291 Mon Sep 17 00:00:00 2001
From: Ross Scroggs <ross.scroggs@gmail.com>
Date: Wed, 13 Mar 2024 15:13:46 -0700
Subject: [PATCH] Updated `gam create project` to handle the following error:

ERROR: 403: permissionDenied - Authentication error: 7; Error Details: User not allowed to access GCP services.
---
 docs/GamUpdates.md                       |  9 +++++++++
 docs/How-to-Upgrade-from-Standard-GAM.md |  4 ++--
 docs/Version-and-Help.md                 | 12 ++++++------
 src/GamCommands.txt                      |  2 +-
 src/GamUpdate.txt                        |  9 +++++++++
 src/gam/__init__.py                      | 20 +++++++++++++-------
 6 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/docs/GamUpdates.md b/docs/GamUpdates.md
index b005aed9..f92b79c6 100644
--- a/docs/GamUpdates.md
+++ b/docs/GamUpdates.md
@@ -10,6 +10,15 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
 
 See [Downloads](https://github.com/taers232c/GAMADV-XTD3/wiki/Downloads) for Windows or other options, including manual installation
 
+### 6.71.15
+
+Updated `gam create project` to handle the following error:
+```
+ERROR: 403: permissionDenied - Authentication error: 7; Error Details: User not allowed to access GCP services.
+```
+This error occurs when the Google Workspace admin or GCP project manager email address used in the command
+is in an OU where Google Cloud Platform is not enabled in Apps/Additional Google services.
+
 ### 6.71.14
 
 Added a command to update a Gmail label's settings by specifying it's ID rather than it's name.
diff --git a/docs/How-to-Upgrade-from-Standard-GAM.md b/docs/How-to-Upgrade-from-Standard-GAM.md
index 04fe07ac..a73791e0 100644
--- a/docs/How-to-Upgrade-from-Standard-GAM.md
+++ b/docs/How-to-Upgrade-from-Standard-GAM.md
@@ -334,7 +334,7 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin/bin/gamadv-xtd3$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.2 64-bit final
 MacOS Sonoma 14.2.1 x86_64
@@ -1006,7 +1006,7 @@ writes the credentials into the file oauth2.txt.
 C:\GAMADV-XTD3>del C:\GAMConfig\oauth2.txt
 C:\GAMADV-XTD3>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.2 64-bit final
 Windows-10-10.0.17134 AMD64
diff --git a/docs/Version-and-Help.md b/docs/Version-and-Help.md
index e4a6a16e..23e36903 100644
--- a/docs/Version-and-Help.md
+++ b/docs/Version-and-Help.md
@@ -3,7 +3,7 @@
 Print the current version of Gam with details
 ```
 gam version
-GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.2 64-bit final
 MacOS Sonoma 14.2.1 x86_64
@@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.2 64-bit final
 MacOS Sonoma 14.2.1 x86_64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.2 64-bit final
 MacOS Sonoma 14.2.1 x86_64
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gamadv-xtd3
 Version Check:
   Current: 5.35.08
-   Latest: 6.71.14
+   Latest: 6.71.15
 echo $?
 1
 ```
@@ -72,7 +72,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-6.71.14
+6.71.15
 ```
 In Linux/MacOS you can do:
 ```
@@ -82,7 +82,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 6.71.14 - https://github.com/taers232c/GAMADV-XTD3
+GAM 6.71.15 - https://github.com/taers232c/GAMADV-XTD3
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.2 64-bit final
 MacOS Sonoma 14.2.1 x86_64
diff --git a/src/GamCommands.txt b/src/GamCommands.txt
index 8ca9bc14..6b87aff1 100644
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -1843,7 +1843,7 @@ gam calendar <CalendarEntity> deleteevent (id|eventid <EventID>)+ [doit] [<Event
         [csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]]]
 gam calendar <CalendarEntity> moveevent (id|eventid <EventID>)+ destination <CalendarItem> [<EventNotificationAttribute>]
 gam calendar <CalendarEntity> wipe
-gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayProperty>* [fields <EventFieldNameList>]
+gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayProperty>*
         [fields <EventFieldNameList>] [showdayofweek]
         [countsonly]
         [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
diff --git a/src/GamUpdate.txt b/src/GamUpdate.txt
index 8cd93aab..55f551df 100644
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -2,6 +2,15 @@
 
 Merged GAM-Team version
 
+6.71.15
+
+Updated `gam create project` to handle the following error:
+```
+ERROR: 403: permissionDenied - Authentication error: 7; Error Details: User not allowed to access GCP services.
+```
+This error occurs when the Google Workspace admin or GCP project manager email address used in the command
+is in an OU where Google Cloud Platform is not enabled in Apps/Additional Google services.
+
 6.71.14
 
 Added a command to update a Gmail label's settings by specifying it's ID rather than it's name.
diff --git a/src/gam/__init__.py b/src/gam/__init__.py
index 4b6f17d3..7728ad76 100755
--- a/src/gam/__init__.py
+++ b/src/gam/__init__.py
@@ -11487,9 +11487,13 @@ def _checkForExistingProjectFiles(projectFiles):
     if os.path.exists(a_file):
       systemErrorExit(JSON_ALREADY_EXISTS_RC, Msg.AUTHORIZATION_FILE_ALREADY_EXISTS.format(a_file, Act.ToPerform()))
 
-def getGCPOrg(crm, login_domain):
-  getorg = callGAPI(crm.organizations(), 'search',
-                    query=f'domain:{login_domain}')
+def getGCPOrg(crm, login_hint, login_domain):
+  try:
+    getorg = callGAPI(crm.organizations(), 'search',
+                      throwReasons=[GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
+                      query=f'domain:{login_domain}') 
+  except (GAPI.invalidArgument, GAPI.permissionDenied) as e:
+    entityActionFailedExit([Ent.USER, login_hint, Ent.DOMAIN, login_domain], str(e))
   try:
     organization = getorg['organizations'][0]['name']
     sys.stdout.write(Msg.YOUR_ORGANIZATION_NAME_IS.format(organization))
@@ -11519,7 +11523,7 @@ def doCreateGCPFolder():
   login_hint = _getValidateLoginHint(login_hint)
   login_domain = getEmailAddressDomain(login_hint)
   _, crm = getCRMService(login_hint)
-  organization = getGCPOrg(crm, login_domain)
+  organization = getGCPOrg(crm, login_hint, login_domain)
   try:
     result = callGAPI(crm.folders(), 'create',
                       throwReasons=[GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
@@ -11547,9 +11551,10 @@ def doCreateProject():
     sys.stdout.write(Msg.CREATING_PROJECT.format(body['displayName']))
     try:
       create_operation = callGAPI(crm.projects(), 'create',
-                                  throwReasons=[GAPI.BAD_REQUEST, GAPI.ALREADY_EXISTS, GAPI.FAILED_PRECONDITION],
+                                  throwReasons=[GAPI.BAD_REQUEST, GAPI.ALREADY_EXISTS,
+                                                GAPI.FAILED_PRECONDITION, GAPI.PERMISSION_DENIED],
                                   body=body)
-    except (GAPI.badRequest, GAPI.alreadyExists, GAPI.failedPrecondition) as e:
+    except (GAPI.badRequest, GAPI.alreadyExists, GAPI.failedPrecondition, GAPI.permissionDenied) as e:
       entityActionFailedExit([Ent.USER, login_hint, Ent.PROJECT, projectInfo['projectId']], str(e))
     operation_name = create_operation['name']
     time.sleep(5) # Google recommends always waiting at least 5 seconds
@@ -11560,7 +11565,7 @@ def doCreateProject():
       if 'error' in status:
         if status['error'].get('message', '') == 'No permission to create project in organization':
           sys.stdout.write(Msg.NO_RIGHTS_GOOGLE_CLOUD_ORGANIZATION)
-          organization = getGCPOrg(crm, login_domain)
+          organization = getGCPOrg(crm, login_hint, login_domain)
           org_policy = callGAPI(crm.organizations(), 'getIamPolicy',
                                 resource=organization)
           if 'bindings' not in org_policy:
@@ -72271,6 +72276,7 @@ MAIN_ADD_CREATE_FUNCTIONS = {
   Cmd.ARG_DRIVEFILEACL:		doCreateDriveFileACL,
   Cmd.ARG_DRIVELABELPERMISSION:	doCreateDriveLabelPermissions,
   Cmd.ARG_FEATURE:		doCreateFeature,
+  Cmd.ARG_GCPFOLDER:		doCreateGCPFolder,
   Cmd.ARG_GCPSERVICEACCOUNT:	doCreateGCPServiceAccount,
   Cmd.ARG_GROUP:		doCreateGroup,
   Cmd.ARG_GUARDIAN:		doInviteGuardian,