mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
Group member restrictions
This commit is contained in:
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
@@ -256,6 +256,8 @@ jobs:
|
|||||||
$gam user $gam_user sendemail recipient $newuser subject "test message $newbase" message "GHA test message"
|
$gam user $gam_user sendemail recipient $newuser subject "test message $newbase" message "GHA test message"
|
||||||
$gam user $gam_user sendemail recipient exchange@pdl.jaylee.us subject "test ${tstamp}" message "test message"
|
$gam user $gam_user sendemail recipient exchange@pdl.jaylee.us subject "test ${tstamp}" message "test message"
|
||||||
$gam create group $newgroup name "GHA $JID group" description "This is a description" isarchived true
|
$gam create group $newgroup name "GHA $JID group" description "This is a description" isarchived true
|
||||||
|
$gam update cigroup $newgroup memberrestriction 'member.type == 1 || member.customer_id == groupCustomerId()'
|
||||||
|
$gam info cigroup $newgroup
|
||||||
$gam user $newuser add license gsuitebusiness
|
$gam user $newuser add license gsuitebusiness
|
||||||
$gam update group $newgroup add owner $gam_user
|
$gam update group $newgroup add owner $gam_user
|
||||||
$gam update group $newgroup add member $newuser
|
$gam update group $newgroup add member $newuser
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ import sys
|
|||||||
import googleapiclient
|
import googleapiclient
|
||||||
|
|
||||||
import gam
|
import gam
|
||||||
from gam.var import *
|
from gam.var import * # pylint: disable=unused-wildcard-import
|
||||||
from gam import controlflow
|
from gam import controlflow
|
||||||
from gam import display
|
from gam import display
|
||||||
from gam import gapi
|
from gam import gapi
|
||||||
@@ -76,6 +76,7 @@ def info():
|
|||||||
ci = gapi_cloudidentity.build('cloudidentity_beta')
|
ci = gapi_cloudidentity.build('cloudidentity_beta')
|
||||||
group = gam.normalizeEmailAddressOrUID(sys.argv[3])
|
group = gam.normalizeEmailAddressOrUID(sys.argv[3])
|
||||||
getUsers = True
|
getUsers = True
|
||||||
|
getSecuritySettings = True
|
||||||
showJoinDate = True
|
showJoinDate = True
|
||||||
showUpdateDate = False
|
showUpdateDate = False
|
||||||
showMemberTree = False
|
showMemberTree = False
|
||||||
@@ -94,11 +95,20 @@ def info():
|
|||||||
elif myarg == 'membertree':
|
elif myarg == 'membertree':
|
||||||
showMemberTree = True
|
showMemberTree = True
|
||||||
i += 1
|
i += 1
|
||||||
|
elif myarg in ['nosecurity', 'nosecuritysettings']:
|
||||||
|
getSecuritySettings = False
|
||||||
else:
|
else:
|
||||||
controlflow.invalid_argument_exit(myarg, 'gam info cigroup')
|
controlflow.invalid_argument_exit(myarg, 'gam info cigroup')
|
||||||
name = group_email_to_id(ci, group)
|
name = group_email_to_id(ci, group)
|
||||||
basic_info = gapi.call(ci.groups(), 'get', name=name)
|
basic_info = gapi.call(ci.groups(), 'get', name=name)
|
||||||
display.print_json(basic_info)
|
display.print_json(basic_info)
|
||||||
|
if getSecuritySettings:
|
||||||
|
sec_info = gapi.call(ci.groups(),
|
||||||
|
'getSecuritySettings',
|
||||||
|
name=f'{name}/securitySettings',
|
||||||
|
readMask='*')
|
||||||
|
print(' Security settings:')
|
||||||
|
display.print_json(sec_info, spacing=' ')
|
||||||
if getUsers and not showMemberTree:
|
if getUsers and not showMemberTree:
|
||||||
if not showJoinDate and not showUpdateDate:
|
if not showJoinDate and not showUpdateDate:
|
||||||
view = 'BASIC'
|
view = 'BASIC'
|
||||||
@@ -189,7 +199,13 @@ GROUP_ROLES_MAP = {
|
|||||||
def print_():
|
def print_():
|
||||||
ci = gapi_cloudidentity.build('cloudidentity_beta')
|
ci = gapi_cloudidentity.build('cloudidentity_beta')
|
||||||
i = 3
|
i = 3
|
||||||
members = membersCountOnly = managers = managersCountOnly = owners = ownersCountOnly = False
|
members = False
|
||||||
|
membersCountOnly = False
|
||||||
|
managers = False
|
||||||
|
managersCountOnly = False
|
||||||
|
owners = False
|
||||||
|
ownersCountOnly = False
|
||||||
|
memberRestrictions = False
|
||||||
gapi_directory_customer.setTrueCustomerId()
|
gapi_directory_customer.setTrueCustomerId()
|
||||||
parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
|
parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
|
||||||
usemember = None
|
usemember = None
|
||||||
@@ -232,6 +248,15 @@ def print_():
|
|||||||
if myarg == 'managerscount':
|
if myarg == 'managerscount':
|
||||||
managersCountOnly = True
|
managersCountOnly = True
|
||||||
i += 1
|
i += 1
|
||||||
|
elif myarg in ['memberrestrictions']:
|
||||||
|
memberRestrictions = True
|
||||||
|
display.add_titles_to_csv_file(
|
||||||
|
['memberRestrictionQuery',],
|
||||||
|
titles)
|
||||||
|
display.add_titles_to_csv_file(
|
||||||
|
['memberRestrictionEvaluation',],
|
||||||
|
titles)
|
||||||
|
i += 1
|
||||||
else:
|
else:
|
||||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroups')
|
controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroups')
|
||||||
if roles:
|
if roles:
|
||||||
@@ -363,6 +388,16 @@ def print_():
|
|||||||
group['OwnersCount'] = ownersCount
|
group['OwnersCount'] = ownersCount
|
||||||
if not ownersCountOnly:
|
if not ownersCountOnly:
|
||||||
group['Owners'] = memberDelimiter.join(ownersList)
|
group['Owners'] = memberDelimiter.join(ownersList)
|
||||||
|
if memberRestrictions:
|
||||||
|
name = f'{groupKey_id}/securitySettings'
|
||||||
|
print(f'Getting member restrictions for {groupEmail} ({i}/{count}')
|
||||||
|
sec_info = gapi.call(ci.groups(),
|
||||||
|
'getSecuritySettings',
|
||||||
|
name=name,
|
||||||
|
readMask='*')
|
||||||
|
if 'memberRestriction' in sec_info:
|
||||||
|
group['memberRestrictionQuery'] = sec_info['memberRestriction'].get('query', '')
|
||||||
|
group['memberRestrictionEvaluation'] = sec_info['memberRestriction'].get('evaluation', {}).get('state', '')
|
||||||
csvRows.append(group)
|
csvRows.append(group)
|
||||||
if sortHeaders:
|
if sortHeaders:
|
||||||
display.sort_csv_titles([
|
display.sort_csv_titles([
|
||||||
@@ -808,6 +843,7 @@ def update():
|
|||||||
else:
|
else:
|
||||||
i = 4
|
i = 4
|
||||||
body = {}
|
body = {}
|
||||||
|
sec_body = {}
|
||||||
while i < len(sys.argv):
|
while i < len(sys.argv):
|
||||||
myarg = sys.argv[i].lower().replace('_', '')
|
myarg = sys.argv[i].lower().replace('_', '')
|
||||||
if myarg == 'name':
|
if myarg == 'name':
|
||||||
@@ -830,9 +866,21 @@ def update():
|
|||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
i += 2
|
i += 2
|
||||||
|
elif myarg in ['memberrestriction', 'memberrestrictions']:
|
||||||
|
query = sys.argv[i + 1]
|
||||||
|
member_types = {
|
||||||
|
'USER': '1',
|
||||||
|
'SERVICE_ACCOUNT': '2',
|
||||||
|
'GROUP': '3',
|
||||||
|
}
|
||||||
|
for key, val in member_types.items():
|
||||||
|
query = query.replace(key, val)
|
||||||
|
sec_body['memberRestriction'] = {'query': query}
|
||||||
|
i += 2
|
||||||
else:
|
else:
|
||||||
controlflow.invalid_argument_exit(sys.argv[i],
|
controlflow.invalid_argument_exit(sys.argv[i],
|
||||||
'gam update cigroup')
|
'gam update cigroup')
|
||||||
|
if body:
|
||||||
updateMask = ','.join(body.keys())
|
updateMask = ','.join(body.keys())
|
||||||
name = group_email_to_id(ci, group)
|
name = group_email_to_id(ci, group)
|
||||||
print(f'Updating group {group}')
|
print(f'Updating group {group}')
|
||||||
@@ -841,6 +889,18 @@ def update():
|
|||||||
updateMask=updateMask,
|
updateMask=updateMask,
|
||||||
name=name,
|
name=name,
|
||||||
body=body)
|
body=body)
|
||||||
|
if sec_body:
|
||||||
|
updateMask = 'member_restriction.query'
|
||||||
|
# it seems like a bug that API requires /securitySettings
|
||||||
|
# appended to name. We'll see if Google servers change this
|
||||||
|
# at some point.
|
||||||
|
name = f'{group_email_to_id(ci, group)}/securitySettings'
|
||||||
|
print(f'Updating group {group} security settings')
|
||||||
|
gapi.call(ci.groups(),
|
||||||
|
'updateSecuritySettings',
|
||||||
|
name=name,
|
||||||
|
updateMask=updateMask,
|
||||||
|
body=sec_body)
|
||||||
|
|
||||||
|
|
||||||
def group_email_to_id(ci, group, i=0, count=0):
|
def group_email_to_id(ci, group, i=0, count=0):
|
||||||
|
|||||||
Reference in New Issue
Block a user