Fix error; DASA suggestions (#1236)

* userKey and customer is an invalid combination; userkey and domain is allowed * DASA suggestions I would not use OAUTHFILE to distinguish between normal/DASA, it seems to me that this might lead to oauth2service.json getting deleted by accident. By using enabledasa.txt you can flip between the two modes easily. * Update __init__.py Is this what yuou meant?
2026-06-28 09:51:36 +00:00 · 2020-09-11 08:33:06 -07:00
parent 487e1dc4c1
commit 908edff878
3 changed files with 20 additions and 9 deletions
--- a/src/gam/init.py
+++ b/src/gam/init.py
@@ -534,6 +534,7 @@ def SetGlobalVariables():
                      fileAbsentValue=True)
    _getOldSignalFile(GC_NO_SHORT_URLS, 'noshorturls.txt')
    _getOldSignalFile(GC_NO_UPDATE_CHECK, 'noupdatecheck.txt')
+    _getOldSignalFile(GC_ENABLE_DASA, 'enabledasa.txt')
    # Assign directories first
    for itemName in GC_VAR_INFO:
        if GC_VAR_INFO[itemName][GC_VAR_TYPE] == GC_TYPE_DIRECTORY:
@@ -8773,7 +8774,6 @@ def doGetUserInfo(user_email=None):
                'list',
                'groups',
                userKey=user_email,
-                customer=GC_Values[GC_CUSTOMER_ID],
                fields='groups(name,email),nextPageToken',
                throw_reasons=throw_reasons)
            if groups:
--- a/src/gam/auth/init.py
+++ b/src/gam/auth/init.py
@@ -2,28 +2,30 @@

 import json
 import os
-import time

 from google.auth.jwt import Credentials as JWTCredentials

 from gam.auth import oauth
 from gam.var import _FN_OAUTH2_TXT
+from gam.var import _FN_OAUTH2SERVICE_JSON
 from gam.var import GC_OAUTH2_TXT
+from gam.var import GC_OAUTH2SERVICE_JSON
+from gam.var import GC_ENABLE_DASA
 from gam.var import GC_Values

 # TODO: Move logic that determines file name into this module. We should be able
 # to discover the file location without accessing a private member or waiting
 # for a global initialization.
-DEFAULT_OAUTH_STORAGE_FILE = _FN_OAUTH2_TXT


 def get_admin_credentials_filename():
    """Gets the name of the file that stores the admin account credentials."""
    # If the environment globals are loaded, use the set global value. It may have
    # some custom name in it. Otherwise, just use the default name.
-    if GC_Values[GC_OAUTH2_TXT]:
-        return GC_Values[GC_OAUTH2_TXT]
-    return DEFAULT_OAUTH_STORAGE_FILE
+    if GC_Values[GC_ENABLE_DASA]:
+        return GC_Values[GC_OAUTH2SERVICE_JSON] if GC_Values[GC_OAUTH2SERVICE_JSON] else _FN_OAUTH2SERVICE_JSON
+    else:
+        return GC_Values[GC_OAUTH2_TXT] if GC_Values[GC_OAUTH2_TXT] else _FN_OAUTH2_TXT


 def get_admin_credentials(api=None):
@@ -33,9 +35,12 @@ def get_admin_credentials(api=None):
        raise oauth.InvalidCredentialsFileError
    with open(credential_file, 'r') as f:
        creds_data = json.load(f)
-    if 'token' in creds_data:
-        return oauth.Credentials.from_credentials_file(credential_file)
-    elif 'private_key' in creds_data:
+    # Validate that enable DASA matches content of authorization file
+    if GC_Values[GC_ENABLE_DASA] and 'private_key' in creds_data:
        audience = f'https://{api}.googleapis.com/'
        return JWTCredentials.from_service_account_info(creds_data,
                                                        audience=audience)
+    elif not GC_Values[GC_ENABLE_DASA] and 'token' in creds_data:
+        return oauth.Credentials.from_credentials_file(credential_file)
+    else:
+        raise oauth.InvalidCredentialsFileError
--- a/src/gam/var.py
+++ b/src/gam/var.py
@@ -1134,6 +1134,8 @@ GC_DECODED_ID_TOKEN = 'decoded_id_token'
 GC_DOMAIN = 'domain'
 # Google Drive download directory
 GC_DRIVE_DIR = 'drive_dir'
+# Enable Delegated Admin Service Accounts
+GC_ENABLE_DASA = 'enabledasa'
 # If no_browser is False, writeCSVfile won't open a browser when todrive is set
 # and doRequestOAuth prints a link and waits for the verification code when
 # oauth2.txt is being created
@@ -1187,6 +1189,7 @@ GC_Defaults = {
    GC_DECODED_ID_TOKEN: '',
    GC_DOMAIN: '',
    GC_DRIVE_DIR: '',
+    GC_ENABLE_DASA: False,
    GC_NO_BROWSER: False,
    GC_NO_CACHE: False,
    GC_NO_SHORT_URLS: False,
@@ -1263,6 +1266,9 @@ GC_VAR_INFO = {
    GC_DRIVE_DIR: {
        GC_VAR_TYPE: GC_TYPE_DIRECTORY
    },
+    GC_ENABLE_DASA: {
+        GC_VAR_TYPE: GC_TYPE_BOOLEAN
+    },
    GC_NO_BROWSER: {
        GC_VAR_TYPE: GC_TYPE_BOOLEAN
    },