mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 20:31:35 +00:00
Added option types <AdminAssigneeTypeList> to gam print|show admins
This commit is contained in:
@@ -368,6 +368,7 @@ If an item contains spaces, it should be surrounded by ".
|
|||||||
## Named items
|
## Named items
|
||||||
|
|
||||||
<AccessToken> ::= <String>
|
<AccessToken> ::= <String>
|
||||||
|
<AdminAssigneeType> ::= group|user|serviceaccount|unknown
|
||||||
<AlertID> ::= <String>
|
<AlertID> ::= <String>
|
||||||
<APIScopeURL> ::= <String>
|
<APIScopeURL> ::= <String>
|
||||||
<APPID> ::= <String>
|
<APPID> ::= <String>
|
||||||
@@ -691,6 +692,7 @@ If an item contains spaces, it should be surrounded by ".
|
|||||||
|
|
||||||
## Lists of basic items
|
## Lists of basic items
|
||||||
|
|
||||||
|
<AdminAssigneeTypeList> ::= "<AdminAssigneeType>(,<AdminAssigneeType>)*"
|
||||||
<APIScopeURLList> ::= "<APIScopeURL>(,<APIScopeURL>)*"
|
<APIScopeURLList> ::= "<APIScopeURL>(,<APIScopeURL>)*"
|
||||||
<ASPIDList> ::= "<ASPID>(,<ASPID>)*"
|
<ASPIDList> ::= "<ASPID>(,<ASPID>)*"
|
||||||
<AssetTagList> ::= "<AssetTag>(,<AssetTag>)*"
|
<AssetTagList> ::= "<AssetTag>(,<AssetTag>)*"
|
||||||
@@ -1553,9 +1555,11 @@ gam delete admin <RoleAssignmentId>
|
|||||||
|
|
||||||
gam print admins [todrive <ToDriveAttribute>*]
|
gam print admins [todrive <ToDriveAttribute>*]
|
||||||
[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
||||||
|
[types <AdminAssigneeTypeList>]
|
||||||
[recursive] [condition] [privileges] [oneitemperrow]
|
[recursive] [condition] [privileges] [oneitemperrow]
|
||||||
gam show admins
|
gam show admins
|
||||||
[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
||||||
|
[types <AdminAssigneeTypeList>]
|
||||||
[recursive] [condition] [privileges]
|
[recursive] [condition] [privileges]
|
||||||
|
|
||||||
# Alert Center
|
# Alert Center
|
||||||
|
|||||||
@@ -1,7 +1,16 @@
|
|||||||
|
7.23.06
|
||||||
|
|
||||||
|
Added option `types <AdminAssigneeTypeList>` to `gam print|show admins` that allows filtering
|
||||||
|
of admin assignments by the type of the assignee; by default, all assignee types are displayed.
|
||||||
|
```
|
||||||
|
<AdminAssigneeType> ::= group|user|serviceaccount|unknown
|
||||||
|
<AdminAssigneeTypeList> ::= "<AdminAssigneeType>(,<AdminAssigneeType>)*"
|
||||||
|
```
|
||||||
|
|
||||||
7.23.05
|
7.23.05
|
||||||
|
|
||||||
Added option `recursive` to `gam print|show admins` that will display assignments to the members
|
Added option `recursive` that will display assignments to the members
|
||||||
of security groups assigned to roles; the security group membershop is recursively expanded.
|
of security groups assigned to roles; the security group membership is recursively expanded.
|
||||||
|
|
||||||
7.23.04
|
7.23.04
|
||||||
|
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.23.05'
|
__version__ = '7.23.06'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -16990,21 +16990,37 @@ def doDeleteAdmin():
|
|||||||
except (GAPI.forbidden, GAPI.permissionDenied) as e:
|
except (GAPI.forbidden, GAPI.permissionDenied) as e:
|
||||||
ClientAPIAccessDeniedExit(str(e))
|
ClientAPIAccessDeniedExit(str(e))
|
||||||
|
|
||||||
ASSIGNEE_EMAILTYPE_TOFIELD_MAP = {
|
ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP = {
|
||||||
'user': 'assignedToUser',
|
'user': 'assignedToUser',
|
||||||
'group': 'assignedToGroup',
|
'group': 'assignedToGroup',
|
||||||
'serviceaccount': 'assignedToServiceAccount',
|
'serviceaccount': 'assignedToServiceAccount',
|
||||||
|
'unknown': 'assignedToUnknown',
|
||||||
}
|
}
|
||||||
|
ALL_ASSIGNEE_TYPES = ['user', 'group', 'serviceaccount']
|
||||||
|
|
||||||
PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId', 'assigneeType']
|
PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId', 'assigneeType']
|
||||||
PRINT_ADMIN_TITLES = ['roleAssignmentId', 'roleId', 'role',
|
PRINT_ADMIN_TITLES = ['roleAssignmentId', 'roleId', 'role',
|
||||||
'assignedTo', 'assignedToUser', 'assignedToGroup', 'assignedToServiceAccount', 'assignedToUnknown',
|
'assignedTo', 'assignedToUser', 'assignedToGroup', 'assignedToServiceAccount', 'assignedToUnknown',
|
||||||
'scopeType', 'orgUnitId', 'orgUnit']
|
'scopeType', 'orgUnitId', 'orgUnit']
|
||||||
|
|
||||||
|
def getAssigneeTypes(myarg, typesSet):
|
||||||
|
if myarg in {'type', 'types'}:
|
||||||
|
for gtype in getString(Cmd.OB_ADMIN_ASSIGNEE_TYPE_LIST).lower().replace(',', ' ').split():
|
||||||
|
if gtype in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
|
||||||
|
typesSet.add(ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[gtype])
|
||||||
|
else:
|
||||||
|
invalidChoiceExit(gtype, ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP, True)
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
# gam print admins [todrive <ToDriveAttribute>*]
|
# gam print admins [todrive <ToDriveAttribute>*]
|
||||||
# [user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
# [user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
||||||
|
# [types <AdminAssigneeTypeList>]
|
||||||
# [recursive] [condition] [privileges] [oneitemperrow]
|
# [recursive] [condition] [privileges] [oneitemperrow]
|
||||||
# gam show admins
|
# gam show admins
|
||||||
# [user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
# [user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
||||||
|
# [types <AdminAssigneeTypeList>]
|
||||||
# [recursive] [condition] [privileges]
|
# [recursive] [condition] [privileges]
|
||||||
def doPrintShowAdmins():
|
def doPrintShowAdmins():
|
||||||
def _getPrivileges(admin):
|
def _getPrivileges(admin):
|
||||||
@@ -17034,14 +17050,16 @@ def doPrintShowAdmins():
|
|||||||
assignedTo = admin['assignedTo']
|
assignedTo = admin['assignedTo']
|
||||||
if assignedTo not in assignedToIdEmailMap:
|
if assignedTo not in assignedToIdEmailMap:
|
||||||
assigneeEmail, assigneeType = convertUIDtoEmailAddressWithType(f'uid:{assignedTo}', cd, sal,
|
assigneeEmail, assigneeType = convertUIDtoEmailAddressWithType(f'uid:{assignedTo}', cd, sal,
|
||||||
emailTypes=allAssigneeTypes if admin.get('assigneeType') != 'group' else ['group'])
|
emailTypes=ALL_ASSIGNEE_TYPES if admin.get('assigneeType') != 'group' else ['group'])
|
||||||
if assigneeType in ASSIGNEE_EMAILTYPE_TOFIELD_MAP:
|
if assigneeType in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
|
||||||
assignedToField = ASSIGNEE_EMAILTYPE_TOFIELD_MAP[assigneeType]
|
assignedToField = ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[assigneeType]
|
||||||
else:
|
else:
|
||||||
assignedToField = 'assignedToUnknown'
|
assignedToField = 'assignedToUnknown'
|
||||||
|
if assignedToField == 'assignedToUnknown':
|
||||||
assigneeEmail = True
|
assigneeEmail = True
|
||||||
assignedToIdEmailMap[assignedTo] = {'assignedToField': assignedToField, 'assigneeEmail': assigneeEmail}
|
assignedToIdEmailMap[assignedTo] = {'assignedToField': assignedToField, 'assigneeEmail': assigneeEmail}
|
||||||
admin[assignedToIdEmailMap[assignedTo]['assignedToField']] = assignedToIdEmailMap[assignedTo]['assigneeEmail']
|
admin[assignedToIdEmailMap[assignedTo]['assignedToField']] = assignedToIdEmailMap[assignedTo]['assigneeEmail']
|
||||||
|
admin['assignedToField'] = assignedToIdEmailMap[assignedTo]['assignedToField']
|
||||||
if privileges is not None:
|
if privileges is not None:
|
||||||
admin.update(privileges)
|
admin.update(privileges)
|
||||||
if 'orgUnitId' in admin:
|
if 'orgUnitId' in admin:
|
||||||
@@ -17058,11 +17076,11 @@ def doPrintShowAdmins():
|
|||||||
roleId = None
|
roleId = None
|
||||||
userKey = None
|
userKey = None
|
||||||
oneItemPerRow = recursive = showPrivileges = False
|
oneItemPerRow = recursive = showPrivileges = False
|
||||||
|
typesSet = set()
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
rolePrivileges = {}
|
rolePrivileges = {}
|
||||||
fieldsList = PRINT_ADMIN_FIELDS
|
fieldsList = PRINT_ADMIN_FIELDS
|
||||||
assignedToIdEmailMap = {}
|
assignedToIdEmailMap = {}
|
||||||
allAssigneeTypes = list(ASSIGNEE_EMAILTYPE_TOFIELD_MAP.keys())
|
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
if csvPF and myarg == 'todrive':
|
if csvPF and myarg == 'todrive':
|
||||||
@@ -17071,6 +17089,8 @@ def doPrintShowAdmins():
|
|||||||
userKey = kwargs['userKey'] = getEmailAddress()
|
userKey = kwargs['userKey'] = getEmailAddress()
|
||||||
elif myarg == 'role':
|
elif myarg == 'role':
|
||||||
_, roleId = getRoleId()
|
_, roleId = getRoleId()
|
||||||
|
elif getAssigneeTypes(myarg, typesSet):
|
||||||
|
pass
|
||||||
elif myarg == 'recursive':
|
elif myarg == 'recursive':
|
||||||
recursive = True
|
recursive = True
|
||||||
allGroupRoles = ','.join(sorted(ALL_GROUP_ROLES))
|
allGroupRoles = ','.join(sorted(ALL_GROUP_ROLES))
|
||||||
@@ -17093,6 +17113,8 @@ def doPrintShowAdmins():
|
|||||||
if roleId and not kwargs:
|
if roleId and not kwargs:
|
||||||
kwargs['roleId'] = roleId
|
kwargs['roleId'] = roleId
|
||||||
roleId = None
|
roleId = None
|
||||||
|
if not typesSet:
|
||||||
|
typesSet = set(ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP.values())
|
||||||
fields = getItemFieldsFromFieldsList('items', fieldsList)
|
fields = getItemFieldsFromFieldsList('items', fieldsList)
|
||||||
printGettingAllAccountEntities(Ent.ADMIN_ROLE_ASSIGNMENT)
|
printGettingAllAccountEntities(Ent.ADMIN_ROLE_ASSIGNMENT)
|
||||||
try:
|
try:
|
||||||
@@ -17123,11 +17145,12 @@ def doPrintShowAdmins():
|
|||||||
i += 1
|
i += 1
|
||||||
if roleId and roleId != admin['roleId']:
|
if roleId and roleId != admin['roleId']:
|
||||||
continue
|
continue
|
||||||
|
assignedTo = admin['assignedTo']
|
||||||
if admin['assigneeType'] != 'group' or not recursive:
|
if admin['assigneeType'] != 'group' or not recursive:
|
||||||
_setNamesFromIds(admin, _getPrivileges(admin))
|
_setNamesFromIds(admin, _getPrivileges(admin))
|
||||||
|
if admin['assignedToField'] in typesSet:
|
||||||
expandedAdmins.append(admin)
|
expandedAdmins.append(admin)
|
||||||
continue
|
continue
|
||||||
assignedTo = admin['assignedTo']
|
|
||||||
if assignedTo not in groupMembers:
|
if assignedTo not in groupMembers:
|
||||||
membersList = []
|
membersList = []
|
||||||
membersSet = set()
|
membersSet = set()
|
||||||
@@ -17136,6 +17159,9 @@ def doPrintShowAdmins():
|
|||||||
memberOptions, memberDisplayOptions, level, {Ent.TYPE_USER})
|
memberOptions, memberDisplayOptions, level, {Ent.TYPE_USER})
|
||||||
groupMembers[assignedTo] = membersList[:]
|
groupMembers[assignedTo] = membersList[:]
|
||||||
_setNamesFromIds(admin, _getPrivileges(admin))
|
_setNamesFromIds(admin, _getPrivileges(admin))
|
||||||
|
if admin[assignedToIdEmailMap[assignedTo]['assignedToField']] not in typesSet:
|
||||||
|
continue
|
||||||
|
expandedAdmins.append(admin)
|
||||||
if not groupMembers[assignedTo]:
|
if not groupMembers[assignedTo]:
|
||||||
expandedAdmins.append(admin)
|
expandedAdmins.append(admin)
|
||||||
continue
|
continue
|
||||||
@@ -17173,6 +17199,7 @@ def doPrintShowAdmins():
|
|||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
else:
|
else:
|
||||||
for admin in expandedAdmins:
|
for admin in expandedAdmins:
|
||||||
|
admin.pop('assignedToField')
|
||||||
if not oneItemPerRow or 'rolePrivileges' not in admin:
|
if not oneItemPerRow or 'rolePrivileges' not in admin:
|
||||||
csvPF.WriteRowTitles(flattenJSON(admin))
|
csvPF.WriteRowTitles(flattenJSON(admin))
|
||||||
else:
|
else:
|
||||||
|
|||||||
@@ -1138,6 +1138,7 @@ class GamCLArgs():
|
|||||||
OB_ARGUMENT = 'argument'
|
OB_ARGUMENT = 'argument'
|
||||||
OB_ASP_ID_LIST = 'ASPIDList'
|
OB_ASP_ID_LIST = 'ASPIDList'
|
||||||
OB_ASSET_ID = 'AssetID'
|
OB_ASSET_ID = 'AssetID'
|
||||||
|
OB_ADMIN_ASSIGNEE_TYPE_LIST = 'AdminAssigneeTypeList'
|
||||||
OB_BROWSER_ENROLLEMNT_TOKEN_ID = 'BrowserEnrollmentTokenID'
|
OB_BROWSER_ENROLLEMNT_TOKEN_ID = 'BrowserEnrollmentTokenID'
|
||||||
OB_BROWSER_ENTITY = 'BrowserEntity'
|
OB_BROWSER_ENTITY = 'BrowserEntity'
|
||||||
OB_BUILDING_ID = 'BuildingID'
|
OB_BUILDING_ID = 'BuildingID'
|
||||||
|
|||||||
Reference in New Issue
Block a user