Updated gam create project to handle the following error:

ERROR: 403: permissionDenied - Authentication error: 7; Error Details: User not allowed to access GCP services.
This commit is contained in:
Ross Scroggs
2024-03-13 15:13:46 -07:00
parent bdc330405e
commit 448d58f9ba
6 changed files with 40 additions and 16 deletions

View File

@@ -10,6 +10,15 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
See [Downloads](https://github.com/taers232c/GAMADV-XTD3/wiki/Downloads) for Windows or other options, including manual installation See [Downloads](https://github.com/taers232c/GAMADV-XTD3/wiki/Downloads) for Windows or other options, including manual installation
### 6.71.15
Updated `gam create project` to handle the following error:
```
ERROR: 403: permissionDenied - Authentication error: 7; Error Details: User not allowed to access GCP services.
```
This error occurs when the Google Workspace admin or GCP project manager email address used in the command
is in an OU where Google Cloud Platform is not enabled in Apps/Additional Google services.
### 6.71.14 ### 6.71.14
Added a command to update a Gmail label's settings by specifying it's ID rather than it's name. Added a command to update a Gmail label's settings by specifying it's ID rather than it's name.

View File

@@ -334,7 +334,7 @@ writes the credentials into the file oauth2.txt.
admin@server:/Users/admin/bin/gamadv-xtd3$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin/bin/gamadv-xtd3$ rm -f /Users/admin/GAMConfig/oauth2.txt
admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam version admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam version
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
Ross Scroggs <ross.scroggs@gmail.com> Ross Scroggs <ross.scroggs@gmail.com>
Python 3.12.2 64-bit final Python 3.12.2 64-bit final
MacOS Sonoma 14.2.1 x86_64 MacOS Sonoma 14.2.1 x86_64
@@ -1006,7 +1006,7 @@ writes the credentials into the file oauth2.txt.
C:\GAMADV-XTD3>del C:\GAMConfig\oauth2.txt C:\GAMADV-XTD3>del C:\GAMConfig\oauth2.txt
C:\GAMADV-XTD3>gam version C:\GAMADV-XTD3>gam version
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
Ross Scroggs <ross.scroggs@gmail.com> Ross Scroggs <ross.scroggs@gmail.com>
Python 3.12.2 64-bit final Python 3.12.2 64-bit final
Windows-10-10.0.17134 AMD64 Windows-10-10.0.17134 AMD64

View File

@@ -3,7 +3,7 @@
Print the current version of Gam with details Print the current version of Gam with details
``` ```
gam version gam version
GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
Ross Scroggs <ross.scroggs@gmail.com> Ross Scroggs <ross.scroggs@gmail.com>
Python 3.12.2 64-bit final Python 3.12.2 64-bit final
MacOS Sonoma 14.2.1 x86_64 MacOS Sonoma 14.2.1 x86_64
@@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00
Print the current version of Gam with details and time offset information Print the current version of Gam with details and time offset information
``` ```
gam version timeoffset gam version timeoffset
GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
Ross Scroggs <ross.scroggs@gmail.com> Ross Scroggs <ross.scroggs@gmail.com>
Python 3.12.2 64-bit final Python 3.12.2 64-bit final
MacOS Sonoma 14.2.1 x86_64 MacOS Sonoma 14.2.1 x86_64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
Print the current version of Gam with extended details and SSL information Print the current version of Gam with extended details and SSL information
``` ```
gam version extended gam version extended
GAMADV-XTD3 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource GAMADV-XTD3 6.71.15 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
Ross Scroggs <ross.scroggs@gmail.com> Ross Scroggs <ross.scroggs@gmail.com>
Python 3.12.2 64-bit final Python 3.12.2 64-bit final
MacOS Sonoma 14.2.1 x86_64 MacOS Sonoma 14.2.1 x86_64
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
Path: /Users/Admin/bin/gamadv-xtd3 Path: /Users/Admin/bin/gamadv-xtd3
Version Check: Version Check:
Current: 5.35.08 Current: 5.35.08
Latest: 6.71.14 Latest: 6.71.15
echo $? echo $?
1 1
``` ```
@@ -72,7 +72,7 @@ echo $?
Print the current version number without details Print the current version number without details
``` ```
gam version simple gam version simple
6.71.14 6.71.15
``` ```
In Linux/MacOS you can do: In Linux/MacOS you can do:
``` ```
@@ -82,7 +82,7 @@ echo $VER
Print the current version of Gam and address of this Wiki Print the current version of Gam and address of this Wiki
``` ```
gam help gam help
GAM 6.71.14 - https://github.com/taers232c/GAMADV-XTD3 GAM 6.71.15 - https://github.com/taers232c/GAMADV-XTD3
Ross Scroggs <ross.scroggs@gmail.com> Ross Scroggs <ross.scroggs@gmail.com>
Python 3.12.2 64-bit final Python 3.12.2 64-bit final
MacOS Sonoma 14.2.1 x86_64 MacOS Sonoma 14.2.1 x86_64

View File

@@ -1843,7 +1843,7 @@ gam calendar <CalendarEntity> deleteevent (id|eventid <EventID>)+ [doit] [<Event
[csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]]] [csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]]]
gam calendar <CalendarEntity> moveevent (id|eventid <EventID>)+ destination <CalendarItem> [<EventNotificationAttribute>] gam calendar <CalendarEntity> moveevent (id|eventid <EventID>)+ destination <CalendarItem> [<EventNotificationAttribute>]
gam calendar <CalendarEntity> wipe gam calendar <CalendarEntity> wipe
gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayProperty>* [fields <EventFieldNameList>] gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayProperty>*
[fields <EventFieldNameList>] [showdayofweek] [fields <EventFieldNameList>] [showdayofweek]
[countsonly] [countsonly]
[formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]

View File

@@ -2,6 +2,15 @@
Merged GAM-Team version Merged GAM-Team version
6.71.15
Updated `gam create project` to handle the following error:
```
ERROR: 403: permissionDenied - Authentication error: 7; Error Details: User not allowed to access GCP services.
```
This error occurs when the Google Workspace admin or GCP project manager email address used in the command
is in an OU where Google Cloud Platform is not enabled in Apps/Additional Google services.
6.71.14 6.71.14
Added a command to update a Gmail label's settings by specifying it's ID rather than it's name. Added a command to update a Gmail label's settings by specifying it's ID rather than it's name.

View File

@@ -11487,9 +11487,13 @@ def _checkForExistingProjectFiles(projectFiles):
if os.path.exists(a_file): if os.path.exists(a_file):
systemErrorExit(JSON_ALREADY_EXISTS_RC, Msg.AUTHORIZATION_FILE_ALREADY_EXISTS.format(a_file, Act.ToPerform())) systemErrorExit(JSON_ALREADY_EXISTS_RC, Msg.AUTHORIZATION_FILE_ALREADY_EXISTS.format(a_file, Act.ToPerform()))
def getGCPOrg(crm, login_domain): def getGCPOrg(crm, login_hint, login_domain):
try:
getorg = callGAPI(crm.organizations(), 'search', getorg = callGAPI(crm.organizations(), 'search',
throwReasons=[GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
query=f'domain:{login_domain}') query=f'domain:{login_domain}')
except (GAPI.invalidArgument, GAPI.permissionDenied) as e:
entityActionFailedExit([Ent.USER, login_hint, Ent.DOMAIN, login_domain], str(e))
try: try:
organization = getorg['organizations'][0]['name'] organization = getorg['organizations'][0]['name']
sys.stdout.write(Msg.YOUR_ORGANIZATION_NAME_IS.format(organization)) sys.stdout.write(Msg.YOUR_ORGANIZATION_NAME_IS.format(organization))
@@ -11519,7 +11523,7 @@ def doCreateGCPFolder():
login_hint = _getValidateLoginHint(login_hint) login_hint = _getValidateLoginHint(login_hint)
login_domain = getEmailAddressDomain(login_hint) login_domain = getEmailAddressDomain(login_hint)
_, crm = getCRMService(login_hint) _, crm = getCRMService(login_hint)
organization = getGCPOrg(crm, login_domain) organization = getGCPOrg(crm, login_hint, login_domain)
try: try:
result = callGAPI(crm.folders(), 'create', result = callGAPI(crm.folders(), 'create',
throwReasons=[GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED], throwReasons=[GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
@@ -11547,9 +11551,10 @@ def doCreateProject():
sys.stdout.write(Msg.CREATING_PROJECT.format(body['displayName'])) sys.stdout.write(Msg.CREATING_PROJECT.format(body['displayName']))
try: try:
create_operation = callGAPI(crm.projects(), 'create', create_operation = callGAPI(crm.projects(), 'create',
throwReasons=[GAPI.BAD_REQUEST, GAPI.ALREADY_EXISTS, GAPI.FAILED_PRECONDITION], throwReasons=[GAPI.BAD_REQUEST, GAPI.ALREADY_EXISTS,
GAPI.FAILED_PRECONDITION, GAPI.PERMISSION_DENIED],
body=body) body=body)
except (GAPI.badRequest, GAPI.alreadyExists, GAPI.failedPrecondition) as e: except (GAPI.badRequest, GAPI.alreadyExists, GAPI.failedPrecondition, GAPI.permissionDenied) as e:
entityActionFailedExit([Ent.USER, login_hint, Ent.PROJECT, projectInfo['projectId']], str(e)) entityActionFailedExit([Ent.USER, login_hint, Ent.PROJECT, projectInfo['projectId']], str(e))
operation_name = create_operation['name'] operation_name = create_operation['name']
time.sleep(5) # Google recommends always waiting at least 5 seconds time.sleep(5) # Google recommends always waiting at least 5 seconds
@@ -11560,7 +11565,7 @@ def doCreateProject():
if 'error' in status: if 'error' in status:
if status['error'].get('message', '') == 'No permission to create project in organization': if status['error'].get('message', '') == 'No permission to create project in organization':
sys.stdout.write(Msg.NO_RIGHTS_GOOGLE_CLOUD_ORGANIZATION) sys.stdout.write(Msg.NO_RIGHTS_GOOGLE_CLOUD_ORGANIZATION)
organization = getGCPOrg(crm, login_domain) organization = getGCPOrg(crm, login_hint, login_domain)
org_policy = callGAPI(crm.organizations(), 'getIamPolicy', org_policy = callGAPI(crm.organizations(), 'getIamPolicy',
resource=organization) resource=organization)
if 'bindings' not in org_policy: if 'bindings' not in org_policy:
@@ -72271,6 +72276,7 @@ MAIN_ADD_CREATE_FUNCTIONS = {
Cmd.ARG_DRIVEFILEACL: doCreateDriveFileACL, Cmd.ARG_DRIVEFILEACL: doCreateDriveFileACL,
Cmd.ARG_DRIVELABELPERMISSION: doCreateDriveLabelPermissions, Cmd.ARG_DRIVELABELPERMISSION: doCreateDriveLabelPermissions,
Cmd.ARG_FEATURE: doCreateFeature, Cmd.ARG_FEATURE: doCreateFeature,
Cmd.ARG_GCPFOLDER: doCreateGCPFolder,
Cmd.ARG_GCPSERVICEACCOUNT: doCreateGCPServiceAccount, Cmd.ARG_GCPSERVICEACCOUNT: doCreateGCPServiceAccount,
Cmd.ARG_GROUP: doCreateGroup, Cmd.ARG_GROUP: doCreateGroup,
Cmd.ARG_GUARDIAN: doInviteGuardian, Cmd.ARG_GUARDIAN: doInviteGuardian,