diff --git a/docs/Basic-Items.md b/docs/Basic-Items.md index f9a89324..ceccc91f 100644 --- a/docs/Basic-Items.md +++ b/docs/Basic-Items.md @@ -282,7 +282,7 @@ ::= ::= ||groups/ ::= customer|group|other|serviceaccount|user - ::= policies/ + ::= policies/|settings/| ::= ::= ::= diff --git a/docs/Cloud-Identity-Policies.md b/docs/Cloud-Identity-Policies.md index 941bec02..211f7884 100644 --- a/docs/Cloud-Identity-Policies.md +++ b/docs/Cloud-Identity-Policies.md @@ -19,7 +19,7 @@ gam oauth create ## Definitions ``` - ::= policies/ + ::= policies/|settings/| ::= "(,)*" ::= | | @@ -317,6 +317,11 @@ gam info policies [formatjson] ``` +Select policies:: +* `polices/` - A policy name, `policies/ahv4hg7qc24kvaghb7zihwf4riid4` +* `settings/` - A policy setting type, `settings/workspace_marketplace.apps_allowlist' +* `` - A policy setting type, `workspace_marketplace.apps_allowlist' + By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display. By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist` diff --git a/docs/GamUpdates.md b/docs/GamUpdates.md index 3c9780d3..23a3ab8a 100644 --- a/docs/GamUpdates.md +++ b/docs/GamUpdates.md @@ -10,6 +10,13 @@ Add the `-s` option to the end of the above commands to suppress creating the `g See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation +### 7.00.32 + +Updated `gam info policies` to accept different policy specifications: +* `polices/` - A policy name, `policies/ahv4hg7qc24kvaghb7zihwf4riid4` +* `settings/` - A policy setting type, `settings/workspace_marketplace.apps_allowlist' +* `` - A policy setting type, `workspace_marketplace.apps_allowlist' + ### 7.00.31 Updated `gam info|print|show policies` to make additional API calls for `settings/workspace_marketplace.apps_allowlist` diff --git a/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md b/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md index e7f161b7..988d7b2a 100644 --- a/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md +++ b/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md @@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt. admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin$ gam version WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found -GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.32 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -923,7 +923,7 @@ writes the credentials into the file oauth2.txt. C:\>del C:\GAMConfig\oauth2.txt C:\>gam version WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found -GAM7 7.00.31 - https://github.com/GAM-team/GAM - pythonsource +GAM7 7.00.32 - https://github.com/GAM-team/GAM - pythonsource GAM Team Python 3.13.0 64-bit final Windows-10-10.0.17134 AMD64 diff --git a/docs/Version-and-Help.md b/docs/Version-and-Help.md index 654d8510..07b0852c 100644 --- a/docs/Version-and-Help.md +++ b/docs/Version-and-Help.md @@ -3,7 +3,7 @@ Print the current version of Gam with details ``` gam version -GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.32 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00 Print the current version of Gam with details and time offset information ``` gam version timeoffset -GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.32 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second Print the current version of Gam with extended details and SSL information ``` gam version extended -GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.32 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64 Path: /Users/Admin/bin/gam7 Version Check: Current: 5.35.08 - Latest: 7.00.31 + Latest: 7.00.32 echo $? 1 ``` @@ -72,7 +72,7 @@ echo $? Print the current version number without details ``` gam version simple -7.00.31 +7.00.32 ``` In Linux/MacOS you can do: ``` @@ -82,7 +82,7 @@ echo $VER Print the current version of Gam and address of this Wiki ``` gam help -GAM 7.00.31 - https://github.com/GAM-team/GAM +GAM 7.00.32 - https://github.com/GAM-team/GAM GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 diff --git a/src/GamCommands.txt b/src/GamCommands.txt index 0fe1d9e2..580a859a 100644 --- a/src/GamCommands.txt +++ b/src/GamCommands.txt @@ -378,7 +378,7 @@ If an item contains spaces, it should be surrounded by ". ::= ::= ||groups/ ::= customer|group|other|serviceaccount|user - ::= policies/ + ::= policies/|settings/| ::= ::= ::= diff --git a/src/GamUpdate.txt b/src/GamUpdate.txt index 0a4343f1..4294ff14 100644 --- a/src/GamUpdate.txt +++ b/src/GamUpdate.txt @@ -1,3 +1,10 @@ +7.00.32 + +Updated `gam info policies` to accept different policy specifications: +* `polices/` - A policy name, `policies/ahv4hg7qc24kvaghb7zihwf4riid4` +* `settings/` - A policy setting type, `settings/workspace_marketplace.apps_allowlist' +* `` - A policy setting type, `workspace_marketplace.apps_allowlist' + 7.00.31 Updated `gam info|print|show policies` to make additional API calls for `settings/workspace_marketplace.apps_allowlist` diff --git a/src/gam/__init__.py b/src/gam/__init__.py index 09c77e41..209c4a5a 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki """ __author__ = 'GAM Team ' -__version__ = '7.00.31' +__version__ = '7.00.32' __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)' #pylint: disable=wrong-import-position @@ -9253,6 +9253,7 @@ def doCheckConnection(): hosts = ['api.github.com', 'raw.githubusercontent.com', 'accounts.google.com', + 'workspace.google.com', 'oauth2.googleapis.com', 'www.googleapis.com'] fix_hosts = {'calendar-json.googleapis.com': 'www.googleapis.com', @@ -35089,6 +35090,20 @@ def updateFieldsForCIGroupMatchPatterns(matchPatterns, fieldsList, csvPF=None): CIPOLICY_TIME_OBJECTS = {'createTime', 'updateTime'} +def _filterPolicies(ci, pageMessage, ifilter): + try: + policies = callGAPIpages(ci.policies(), 'list', 'policies', + pageMessage=pageMessage, + throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED], + filter=ifilter, + fields='nextPageToken,policies(name,policyQuery(group,orgUnit,sortOrder),type,setting)', + pageSize=100) + # Google returns unordered results, sort them by setting type + return sorted(policies, key=lambda p: p.get('setting', {}).get('type', '')) + except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied) as e: + entityActionFailedWarning([Ent.POLICY, ifilter], str(e)) + return [] + # Policies where GAM should offer additional guidance and information CIPOLICY_ADDITIONAL_WARNINGS = { 'settings/drive_and_docs.external_sharing': { @@ -35146,6 +35161,17 @@ def _showPolicy(policy, FJQC, i=0, count=0): printBlankLine() Ind.Decrement() +def _showPolicies(policies, FJQC, add_warnings, no_appnames, cd, groups_ci): + count = len(policies) + performActionNumItems(count, Ent.POLICY) + Ind.Increment() + i = 0 + for policy in policies: + i += 1 + _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci) + _showPolicy(policy, FJQC, i, count) + Ind.Decrement() + # gam info policies # [nowarnings] [noappnames] # [formatjson] @@ -35169,20 +35195,24 @@ def doInfoCIPolicies(): count = len(entityList) for pname in entityList: i += 1 - if not pname.startswith('policies/'): - pname = 'policies/'+pname - try: - policy = callGAPI(ci.policies(), 'get', - bailOnInternalError=True, - throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.INTERNAL_ERROR], - name=pname, - fields='name,policyQuery(group,orgUnit,sortOrder),type,setting') - _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci) - _showPolicy(policy, FJQC, i, count) - except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.internalError) as e: - entityActionFailedWarning([Ent.POLICY, pname], str(e), i, count) - continue - + if pname.startswith('policies/'): + try: + policies = [callGAPI(ci.policies(), 'get', + bailOnInternalError=True, + throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.INTERNAL_ERROR], + name=pname, + fields='name,policyQuery(group,orgUnit,sortOrder),type,setting')] + except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.internalError) as e: + entityActionFailedWarning([Ent.POLICY, pname], str(e), i, count) + continue + else: + if pname.startswith('settings/'): + pname = pname.split('/')[1] + ifilter = f"setting.type.matches('{pname}')" + printGettingAllAccountEntities(Ent.POLICY, ifilter) + policies = _filterPolicies(ci, getPageMessage(), ifilter) + _showPolicies(policies, FJQC, add_warnings, no_appnames, cd, groups_ci) + # gam print policies [todrive *] # [filter ] [nowarnings] [noappnames] # [formatjson [quotechar ]] @@ -35222,28 +35252,9 @@ def doPrintShowCIPolicies(): else: FJQC.GetFormatJSONQuoteChar(myarg, True) printGettingAllAccountEntities(Ent.POLICY, ifilter) - pageMessage = getPageMessage() - try: - policies = callGAPIpages(ci.policies(), 'list', 'policies', - pageMessage=pageMessage, - throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED], - filter=ifilter, - fields='nextPageToken,policies(name,policyQuery(group,orgUnit,sortOrder),type,setting)', - pageSize=100) - except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied) as e: - entityActionFailedExit([Ent.POLICY, None], str(e)) - # Google returns unordered results, sort them by setting type - policies = sorted(policies, key=lambda p: p.get('setting', {}).get('type', '')) + policies = _filterPolicies(ci, getPageMessage(), ifilter) if not csvPF: - count = len(policies) - performActionNumItems(count, Ent.POLICY) - Ind.Increment() - i = 0 - for policy in policies: - i += 1 - _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci) - _showPolicy(policy, FJQC, i, count) - Ind.Decrement() + _showPolicies(policies, FJQC, add_warnings, no_appnames, cd, groups_ci) else: for policy in policies: _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci)