Updated gam create|use|update project

2025-05-11 11:47:21 +00:00 · 2025-04-22 13:50:04 -07:00 · 2025-04-22 13:50:04 -07:00 · 73333f921d
commit 73333f921d
parent c5d194489f
6 changed files with 52 additions and 22 deletions
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@ -1,3 +1,14 @@
+7.06.07
+
+Updated private key rotation progress messages in `gam create|use|update project`
+and `gam upload sakey`.
+
+Updated `gam use project` to display the following error message when the specifed project
+already has a service account.
+```
+Re-run the command specify a new service account name with: saname <ServiceAccountName>'
+```
+
 7.06.06

 Native support for Windows 11 Arm-based devices.
--- a/src/gam/init.py
+++ b/src/gam/init.py
@ -11384,25 +11384,26 @@ def _waitForSvcAcctCompletion(i):
    sys.stdout.write(Msg.WAITING_FOR_ITEM_CREATION_TO_COMPLETE_SLEEPING.format(Ent.Singular(Ent.SVCACCT), sleep_time))
  time.sleep(sleep_time)

-def _grantRotateRights(iam, projectId, service_account, email, account_type='serviceAccount'):
+def _grantRotateRights(iam, projectId, service_account, account_type='serviceAccount'):
  body = {'policy': {'bindings': [{'role': 'roles/iam.serviceAccountKeyAdmin',
-                                   'members': [f'{account_type}:{email}']}]}}
+                                   'members': [f'{account_type}:{service_account}']}]}}
  maxRetries = 10
-  printEntityMessage([Ent.PROJECT, projectId, Ent.SVCACCT, email],
-                     Msg.HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY.format(email, service_account))
+  kvList = [Ent.PROJECT, projectId, Ent.SVCACCT, service_account]
+  printEntityMessage(kvList, Msg.GRANTING_RIGHTS_TO_ROTATE_ITS_OWN_PRIVATE_KEY.format('Granting'))
  for retry in range(1, maxRetries+1):
    try:
      callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
               throwReasons=[GAPI.INVALID_ARGUMENT],
               resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)
+      printEntityMessage(kvList, Msg.GRANTING_RIGHTS_TO_ROTATE_ITS_OWN_PRIVATE_KEY.format('Granted'))
      return True
    except GAPI.invalidArgument as e:
-      entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
+      entityActionFailedWarning(kvList, str(e))
      if 'does not exist' not in str(e) or retry == maxRetries:
        return False
      _waitForSvcAcctCompletion(retry)
    except Exception as e:
-      entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
+      entityActionFailedWarning(kvList, str(e))
      return False

 def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True):
@ -11420,6 +11421,7 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True)
    return False
  except GAPI.alreadyExists as e:
    entityActionFailedWarning([Ent.PROJECT, projectInfo['projectId'], Ent.SVCACCT, svcAcctInfo['name']], str(e))
+    writeStderr(Msg.RERUN_THE_COMMAND_AND_SPECIFY_A_NEW_SANAME)
    return False
  GM.Globals[GM.SVCACCT_SCOPES_DEFINED] = False
  if create_key and not doProcessSvcAcctKeys(mode='retainexisting', iam=iam,
@ -11428,7 +11430,7 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True)
                                             clientId=service_account['uniqueId']):
    return False
  sa_email = service_account['name'].rsplit('/', 1)[-1]
-  return _grantRotateRights(iam, projectInfo['projectId'], sa_email, sa_email)
+  return _grantRotateRights(iam, projectInfo['projectId'], sa_email)

 def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key=True):
  def _checkClientAndSecret(csHttpObj, client_id, client_secret):
@ -11921,9 +11923,7 @@ def doUpdateProject():
      continue
    iam = getAPIService(API.IAM, httpObj)
    _getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
-    _grantRotateRights(iam, projectId,
-                       GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email'],
-                       GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email'])
+    _grantRotateRights(iam, projectId, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email'])
  Ind.Decrement()

 # gam delete project [[admin] <EmailAddress>] [<ProjectIDEntity>]
@ -12786,7 +12786,7 @@ def doUploadSvcAcctKeys():
  iam = getAPIService(API.IAM, httpObj)
  if doProcessSvcAcctKeys(mode='upload', iam=iam):
    sa_email = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email']
-    _grantRotateRights(iam, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['project_id'], sa_email, sa_email)
+    _grantRotateRights(iam, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['project_id'], sa_email)
    sys.stdout.write(Msg.YOUR_GAM_PROJECT_IS_CREATED_AND_READY_TO_USE)

 # gam delete sakeys <ServiceAccountKeyList>
--- a/src/gam/gamlib/glmsgs.py
+++ b/src/gam/gamlib/glmsgs.py
@ -72,7 +72,7 @@ Please go to:
 24. Paste it at the "Enter your Client Secret: " prompt in your terminal
 25. Press return/enter in your terminal
 26. Switch back to the browser
-27. Click "CANCEL"
+27. Click "OK"
 28. These steps are complete
 '''
 ENTER_YOUR_CLIENT_ID = '\nEnter your Client ID: '
@ -287,6 +287,7 @@ GAM_OUT_OF_MEMORY = 'GAM has run out of memory. If this is a large Google Worksp
 GENERATING_NEW_PRIVATE_KEY = 'Generating new private key'
 GETTING = 'Getting'
 GETTING_ALL = 'Getting all'
+GRANTING_RIGHTS_TO_ROTATE_ITS_OWN_PRIVATE_KEY = '{0} rights to rotate its own private key'
 GOOGLE_DELEGATION_ERROR = 'Google delegation error, delegator and delegate both exist and are valid for delegation'
 GOT = 'Got'
 GROUP_MAPS_TO_MULTIPLE_OUS = 'File: {0}, Group: {1} references multiple OUs: {2}'
@ -294,13 +295,12 @@ GROUP_MAPS_TO_OU_INVALID_ROW = 'File: {0}, Invalid row, must contain non-blank <
 GUARDIAN_INVITATION_STATUS_NOT_PENDING = 'Guardian invitation status is not PENDING'
 HAS_CHILD_ORGS = 'Has child {0}'
 HAS_INVALID_FORMAT = '{0}: {1}, Has invalid format'
-HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY = 'Giving account {0} rights to rotate {1} private key'
 HEADER_NOT_FOUND_IN_CSV_HEADERS = 'Header "{0}" not found in CSV headers of "{1}".'
 HELP_SYNTAX = 'Help: Syntax in file {0}\n'
 HELP_WIKI = 'Help: Documentation is at {0}\n'
 IGNORED = 'Ignored'
 INSTRUCTIONS_CLIENT_SECRETS_JSON = 'Please run\n\ngam create|use project\ngam oauth create\n\nto create and authorize a Client account.\n'
-INSTRUCTIONS_OAUTH2SERVICE_JSON = 'Please run\n\ngam create|use project\ngam user <user> check serviceaccount\n\nto create and authorize a Service account.\n'
+INSTRUCTIONS_OAUTH2SERVICE_JSON = 'Please run\n\ngam create|use project\ngam user <user> update serviceaccount\n\nto create and authorize a Service account.\n'
 INSUFFICIENT_PERMISSIONS_TO_PERFORM_TASK = 'Insufficient permissions to perform this task'
 INTER_BATCH_WAIT_INCREASED = 'inter_batch_wait increased to {0:.2f}'
 INVALID = 'Invalid'
@ -468,6 +468,10 @@ REFUSING_TO_DEPROVISION_DEVICES = 'Refusing to deprovision {0} devices because a
 REPLY_TO_CUSTOM_REQUIRES_EMAIL_ADDRESS = 'replyto REPLY_TO_CUSTOM requires customReplyTo <EmailAddress>'
 REQUEST_COMPLETED_NO_FILES = 'Request completed but no results/files were returned, try requesting again'
 REQUEST_NOT_COMPLETE = 'Request needs to be completed before downloading, current status is: {0}'
+RERUN_THE_COMMAND_AND_SPECIFY_A_NEW_SANAME = """
+Re-run the command specify a new service account name with: saname <ServiceAccountName>
+See: https://github.com/GAM-team/GAM/wiki/Authorization#advanced-use
+"""
 RESOURCE_CAPACITY_FLOOR_REQUIRED = 'Options "capacity <Number>" (<Number> > 0) and "floor <String>" required'
 RESOURCE_FLOOR_REQUIRED = 'Option "floor <String>" required'
 RESULTS_TOO_LARGE_FOR_GOOGLE_SPREADSHEET = 'Results are too large for Google Spreadsheets. Uploading as a regular CSV file.'
--- a/wiki/GamUpdates.md
+++ b/wiki/GamUpdates.md
@ -10,6 +10,21 @@ Add the `-s` option to the end of the above commands to suppress creating the `g

 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation

+### 7.06.07
+
+Updated private key rotation progress messages in `gam create|use|update project`
+and `gam upload sakey`.
+
+Updated `gam use project` to display the following error message when the specifed project
+already has a service account.
+```
+Re-run the command specify a new service account name with: saname <ServiceAccountName>'
+```
+
+### 7.06.06
+
+Native support for Windows 11 Arm-based devices.
+
 ### 7.06.05

 Updated code in `gam delete|update chromepolicy` to handle the `policyTargetKey[additionalTargetKeys]`
--- a/wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md
+++ b/wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md
@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin$ gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@ -989,7 +989,7 @@ writes the credentials into the file oauth2.txt.
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 Windows-10-10.0.17134 AMD64
--- a/wiki/Version-and-Help.md
+++ b/wiki/Version-and-Help.md
@ -4,7 +4,7 @@ k
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@ -16,7 +16,7 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@ -28,7 +28,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@ -65,7 +65,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gam7
 Version Check:
  Current: 5.35.08
-   Latest: 7.06.05
+   Latest: 7.06.07
 echo $?
 1
 ```
@ -73,7 +73,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.06.05
+7.06.07
 ```
 In Linux/MacOS you can do:
 ```
@ -83,7 +83,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.06.05 - https://github.com/GAM-team/GAM
+GAM 7.06.07 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64