From 76d3ead61bfc54d208f094a6bef0b8e0cae8bda0 Mon Sep 17 00:00:00 2001 From: Ross Scroggs Date: Mon, 26 Feb 2024 10:58:25 -0800 Subject: [PATCH] Updated `gam oauth create` and `gam update serviceaccount` --- docs/GamUpdates.md | 5 ++++ docs/How-to-Upgrade-from-Standard-GAM.md | 4 ++-- docs/Users-Drive-Permissions.md | 6 ++--- docs/Version-and-Help.md | 12 +++++----- src/GamUpdate.txt | 5 ++++ src/gam/__init__.py | 30 ++++++++++++++---------- src/gam/gamlib/glapi.py | 2 ++ 7 files changed, 41 insertions(+), 23 deletions(-) diff --git a/docs/GamUpdates.md b/docs/GamUpdates.md index efb293e3..e3461b52 100644 --- a/docs/GamUpdates.md +++ b/docs/GamUpdates.md @@ -10,6 +10,11 @@ Add the `-s` option to the end of the above commands to suppress creating the `g See [Downloads](https://github.com/taers232c/GAMADV-XTD3/wiki/Downloads) for Windows or other options, including manual installation +### 6.70.07 + +Updated user instructions in `gam oauth create` and `gam update serviceaccount` +and changed `s` from selecting all scopes to selecting default scopes. + ### 6.70.06 Updated `gam info users ` to not include group tree infornation unless option `grouptree` is specified. diff --git a/docs/How-to-Upgrade-from-Standard-GAM.md b/docs/How-to-Upgrade-from-Standard-GAM.md index 34d299b0..de8d659a 100644 --- a/docs/How-to-Upgrade-from-Standard-GAM.md +++ b/docs/How-to-Upgrade-from-Standard-GAM.md @@ -334,7 +334,7 @@ writes the credentials into the file oauth2.txt. admin@server:/Users/admin/bin/gamadv-xtd3$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam version WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found -GAMADV-XTD3 6.70.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.70.07 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.2 64-bit final MacOS Sonoma 14.2.1 x86_64 @@ -1002,7 +1002,7 @@ writes the credentials into the file oauth2.txt. C:\GAMADV-XTD3>del C:\GAMConfig\oauth2.txt C:\GAMADV-XTD3>gam version WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found -GAMADV-XTD3 6.70.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.70.07 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.2 64-bit final Windows-10-10.0.17134 AMD64 diff --git a/docs/Users-Drive-Permissions.md b/docs/Users-Drive-Permissions.md index 98e315bb..1075d858 100644 --- a/docs/Users-Drive-Permissions.md +++ b/docs/Users-Drive-Permissions.md @@ -327,16 +327,16 @@ gam redirect csv ./allUsersFiles.csv multiprocess all users print filelist field * Delete ACLs with olddomain.com ``` -gam redirect stdout ./DeleteOldDomainACLs.csv multiprocess redirect stderr stdout csv ./allUsersFiles.csv gam user "~Owner" delete drivefileacl "~id" "id:~~permission.id~~" +gam redirect stdout ./DeleteOldDomainACLs.txt multiprocess redirect stderr stdout csv ./allUsersFiles.csv gam user "~Owner" delete drivefileacl "~id" "id:~~permission.id~~" ``` * Add user/group ACLs replacing olddomain.com with newdomain.com ``` -gam config csv_input_row_filter "permission.type:regex:user|group" redirect stdout ./AddNewDomainACLsUserGroupShares.csv multiprocess redirect stderr stdout csv ./allUsersFiles.csv gam user "~Owner" create drivefileacl "~id" "~permission.type" "~permission.emailAddress" role "~permission.role" mappermissionsdomain olddomain.com newdomain.com +gam config csv_input_row_filter "permission.type:regex:user|group" redirect stdout ./AddNewDomainACLsUserGroupShares.txt multiprocess redirect stderr stdout csv ./allUsersFiles.csv gam user "~Owner" create drivefileacl "~id" "~permission.type" "~permission.emailAddress" role "~permission.role" mappermissionsdomain olddomain.com newdomain.com ``` * Add domain ACLs replacing olddomain.com with newdomain.com ``` -gam config csv_input_row_filter "permission.type:regex:domain" redirect stdout ./AddNewDomainACLsDomainShares.csv multiprocess redirect stderr stdout csv ./allUsersFiles.csv gam user "~Owner" create drivefileacl "~id" "~permission.type" "~permission.domain" role "~permission.role" allowfilediscovery "~permission.allowFileDiscovery" mappermissionsdomain olddomain.com newdomain.com +gam config csv_input_row_filter "permission.type:regex:domain" redirect stdout ./AddNewDomainACLsDomainShares.txt multiprocess redirect stderr stdout csv ./allUsersFiles.csv gam user "~Owner" create drivefileacl "~id" "~permission.type" "~permission.domain" role "~permission.role" allowfilediscovery "~permission.allowFileDiscovery" mappermissionsdomain olddomain.com newdomain.com ``` diff --git a/docs/Version-and-Help.md b/docs/Version-and-Help.md index da1a6bbb..0d0d9c5a 100644 --- a/docs/Version-and-Help.md +++ b/docs/Version-and-Help.md @@ -3,7 +3,7 @@ Print the current version of Gam with details ``` gam version -GAMADV-XTD3 6.70.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.70.07 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.2 64-bit final MacOS Sonoma 14.2.1 x86_64 @@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00 Print the current version of Gam with details and time offset information ``` gam version timeoffset -GAMADV-XTD3 6.70.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.70.07 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.2 64-bit final MacOS Sonoma 14.2.1 x86_64 @@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second Print the current version of Gam with extended details and SSL information ``` gam version extended -GAMADV-XTD3 6.70.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource +GAMADV-XTD3 6.70.07 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource Ross Scroggs Python 3.12.2 64-bit final MacOS Sonoma 14.2.1 x86_64 @@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64 Path: /Users/Admin/bin/gamadv-xtd3 Version Check: Current: 5.35.08 - Latest: 6.70.06 + Latest: 6.70.07 echo $? 1 ``` @@ -72,7 +72,7 @@ echo $? Print the current version number without details ``` gam version simple -6.70.06 +6.70.07 ``` In Linux/MacOS you can do: ``` @@ -82,7 +82,7 @@ echo $VER Print the current version of Gam and address of this Wiki ``` gam help -GAM 6.70.06 - https://github.com/taers232c/GAMADV-XTD3 +GAM 6.70.07 - https://github.com/taers232c/GAMADV-XTD3 Ross Scroggs Python 3.12.2 64-bit final MacOS Sonoma 14.2.1 x86_64 diff --git a/src/GamUpdate.txt b/src/GamUpdate.txt index b75fc758..63dd2166 100644 --- a/src/GamUpdate.txt +++ b/src/GamUpdate.txt @@ -2,6 +2,11 @@ Merged GAM-Team version +6.70.07 + +Updated user instructions in `gam oauth create` and `gam update serviceaccount` +and changed `s` from selecting all scopes to selecting default scopes. + 6.70.06 Updated `gam info users ` to not include group tree infornation unless option `grouptree` is specified. diff --git a/src/gam/__init__.py b/src/gam/__init__.py index a1552173..506aad3d 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -10303,11 +10303,7 @@ def getOAuthClientIDAndSecret(): def getScopesFromUser(scopesList, clientAccess, currentScopes=None): OAUTH2_CMDS = ['s', 'u', 'e', 'c'] - oauth2_menu = ''' -Select the authorized scopes by entering a number. -Append an 'r' to grant read-only access or an 'a' to grant action-only access. - -''' + oauth2_menu = '' numScopes = len(scopesList) for a_scope in scopesList: oauth2_menu += f"[%%s] %2d) {a_scope['name']}" @@ -10315,10 +10311,18 @@ Append an 'r' to grant read-only access or an 'a' to grant action-only access. oauth2_menu += f' (supports {" and ".join(a_scope["subscopes"])})' oauth2_menu += '\n' oauth2_menu += ''' - s) Select all scopes - u) Unselect all scopes - e) Exit without changes - c) Continue to authorization +Select an unselected scope [ ] by entering a number; yields [*] +For scopes that support readonly, enter a number and an 'r' to grant read-only access; yields [R] +For scopes that support action, enter a number and an 'a' to grant action-only access; yields [A] +Clear read-only access [R] or action-only access [A] from a scope by entering a number; yields [*] +Unselect a selected scope [*] by entering a number; yields [ ] +Select all default scopes by entering an 's'; yields [*] for default scopes, [ ] for others +Unselect all scopes by entering a 'u'; yields [ ] for all scopes +Exit without changes/authorization by entering an 'e' +Continue to authorization by entering a 'c' +''' + if clientAccess: + oauth2_menu += ''' Note, if all scopes are selected, Google will probably generate an authorization error ''' menu = oauth2_menu % tuple(range(numScopes)) selectedScopes = ['*'] * numScopes @@ -10368,7 +10372,7 @@ Append an 'r' to grant read-only access or an 'a' to grant action-only access. for a_scope in scopesList: selectedScopes[i] = ' ' if a_scope.get('offByDefault', False) else '*' i += 1 - prompt = f'Please enter 0-{numScopes-1}[a|r] or {"|".join(OAUTH2_CMDS)}: ' + prompt = f'\nPlease enter 0-{numScopes-1}[a|r] or {"|".join(OAUTH2_CMDS)}: ' while True: os.system(['clear', 'cls'][sys.platform.startswith('win')]) sys.stdout.write(menu % tuple(selectedScopes)) @@ -10403,8 +10407,10 @@ Append an 'r' to grant read-only access or an 'a' to grant action-only access. break if isinstance(selection, str) and selection in OAUTH2_CMDS: if selection == 's': - for i in range(numScopes): - selectedScopes[i] = '*' + i = 0 + for a_scope in scopesList: + selectedScopes[i] = ' ' if a_scope.get('offByDefault', False) else '*' + i += 1 elif selection == 'u': for i in range(numScopes): selectedScopes[i] = ' ' diff --git a/src/gam/gamlib/glapi.py b/src/gam/gamlib/glapi.py index 22f3bfcf..cb9b4920 100644 --- a/src/gam/gamlib/glapi.py +++ b/src/gam/gamlib/glapi.py @@ -657,10 +657,12 @@ _SVCACCT_SPECIAL_SCOPES = [ {'name': 'Gmail API - Full Access - read only', 'api': GMAIL, 'subscopes': [], + 'offByDefault': True, 'scope': 'https://www.googleapis.com/auth/gmail.readonly'}, {'name': 'Gmail API - Send Messages - including todrive', 'api': GMAIL, 'subscopes': [], + 'offByDefault': True, 'scope': GMAIL_SEND_SCOPE}, {'name': 'Sheets API - todrive', 'api': SHEETSTD,