mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-06 22:01:36 +00:00
Simplify service account DwD by prepopulating fields with clientid/scopes
This commit is contained in:
52
src/gam.py
52
src/gam.py
@@ -1168,18 +1168,19 @@ def doCheckServiceAccount(users):
|
|||||||
user_domain = user[user.find('@')+1:]
|
user_domain = user[user.find('@')+1:]
|
||||||
# Tack on email scope for more accurate checking
|
# Tack on email scope for more accurate checking
|
||||||
check_scopes.append(USERINFO_EMAIL_SCOPE)
|
check_scopes.append(USERINFO_EMAIL_SCOPE)
|
||||||
nl = ',\n'
|
long_url = (f'https://admin.google.com/{user_domain}/ManageOauthClients'
|
||||||
scopes_failed = f'''Some scopes failed! Please go to:
|
f'?clientScopeToAdd={",".join(check_scopes)}'
|
||||||
|
f'&clientNameToAdd={service_account}')
|
||||||
|
short_url = shorten_url(long_url)
|
||||||
|
scopes_failed = f'''Some scopes failed! To authorize them, please go to:
|
||||||
|
|
||||||
https://admin.google.com/{user_domain}/AdminHome?#OGX:ManageOauthClients
|
{short_url}
|
||||||
|
|
||||||
and grant Client name:
|
You will be redirected to the G Suite admin console. The Client Name and API
|
||||||
|
Scopes fields will be pre-populated. Please click Authorize to allow these
|
||||||
{service_account}
|
scopes access. After authorizing it may take some time for this test to pass so
|
||||||
|
go grab a cup of coffee and then try this command again.
|
||||||
Access to scopes:
|
'''
|
||||||
|
|
||||||
{nl.join(check_scopes)}{nl}'''
|
|
||||||
controlflow.system_error_exit(1, scopes_failed)
|
controlflow.system_error_exit(1, scopes_failed)
|
||||||
|
|
||||||
# Batch processing request_id fields
|
# Batch processing request_id fields
|
||||||
@@ -7326,25 +7327,29 @@ def getUserAttributes(i, cd, updateCmd):
|
|||||||
body['hashFunction'] = 'crypt'
|
body['hashFunction'] = 'crypt'
|
||||||
return body
|
return body
|
||||||
|
|
||||||
class ShortURLFlow(google_auth_oauthlib.flow.InstalledAppFlow):
|
def shorten_url(long_url):
|
||||||
def authorization_url(self, **kwargs):
|
|
||||||
long_url, state = super(ShortURLFlow, self).authorization_url(**kwargs)
|
|
||||||
simplehttp = transport.create_http(timeout=10)
|
simplehttp = transport.create_http(timeout=10)
|
||||||
url_shortnr = 'https://gam-shortn.appspot.com/create'
|
url_shortnr = 'https://gam-shortn.appspot.com/create'
|
||||||
headers = {'Content-Type': 'application/json',
|
headers = {'Content-Type': 'application/json',
|
||||||
'user-agent': GAM_INFO}
|
'User-Agent': 'GAM_INFO'}
|
||||||
try:
|
try:
|
||||||
resp, content = simplehttp.request(url_shortnr, 'POST', f'{"long_url": "{long_url}"}', headers=headers)
|
resp, content = simplehttp.request(url_shortnr, 'POST',
|
||||||
except:
|
f'{{"long_url": "{long_url}"}}', headers=headers)
|
||||||
return long_url, state
|
except Exception as e:
|
||||||
|
return long_url
|
||||||
if resp.status != 200:
|
if resp.status != 200:
|
||||||
return long_url, state
|
return long_url
|
||||||
try:
|
try:
|
||||||
if isinstance(content, bytes):
|
return json.loads(content).get('short_url', long_url)
|
||||||
content = content.decode()
|
except Exception as e:
|
||||||
return json.loads(content).get('short_url', long_url), state
|
print(content)
|
||||||
except:
|
return long_url
|
||||||
return long_url, state
|
|
||||||
|
class ShortURLFlow(google_auth_oauthlib.flow.InstalledAppFlow):
|
||||||
|
def authorization_url(self, **kwargs):
|
||||||
|
long_url, state = super(ShortURLFlow, self).authorization_url(**kwargs)
|
||||||
|
short_url = shorten_url(long_url)
|
||||||
|
return short_url, state
|
||||||
|
|
||||||
def _run_oauth_flow(client_id, client_secret, scopes, access_type, login_hint=None):
|
def _run_oauth_flow(client_id, client_secret, scopes, access_type, login_hint=None):
|
||||||
client_config = {
|
client_config = {
|
||||||
@@ -7467,6 +7472,7 @@ def _grantSARotateRights(iam, sa_email):
|
|||||||
body=body)
|
body=body)
|
||||||
|
|
||||||
def setGAMProjectConsentScreen(httpObj, projectId, login_hint):
|
def setGAMProjectConsentScreen(httpObj, projectId, login_hint):
|
||||||
|
print('Setting GAM project consent screen...')
|
||||||
iap = googleapiclient.discovery.build('iap', 'v1',
|
iap = googleapiclient.discovery.build('iap', 'v1',
|
||||||
http=httpObj, cache_discovery=False,
|
http=httpObj, cache_discovery=False,
|
||||||
discoveryServiceUrl=googleapiclient.discovery.V2_DISCOVERY_URI)
|
discoveryServiceUrl=googleapiclient.discovery.V2_DISCOVERY_URI)
|
||||||
|
|||||||
Reference in New Issue
Block a user