Cloud Identity v1 only uses preferredMemberKey (#1378)

* Cloud Identity v1 only uses preferredMemberKey * Document print labels * Cleanup/bug fix info user grouptree; fix todrive for print labels * Standardize write_csv_file call in print labels * Use cloudidentity_beta for calls that process memberKey * Code cleanup
2026-06-28 09:51:36 +00:00 · 2021-05-06 05:10:36 -07:00
parent 4159a5cbb8
commit b712f7a344
3 changed files with 49 additions and 63 deletions
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -1365,7 +1365,7 @@ gam update cigroup <GroupItem> sync [owner|manager|member] [notsuspended|suspend
 gam update cigroup <GroupItem> update [owner|manager|member] [notsuspended|suspended] [expires never|<Time>] <UserTypeEntity>
 gam update cigroup <GroupItem> clear [member] [manager] [owner] [notsuspended|suspended]
 gam delete cigroup <GroupItem>
-gam info cigroup <GroupItem> [nousers] [nojoindate] [showupdatedate]
+gam info cigroup <GroupItem> [nousers] [nojoindate] [showupdatedate] [membertree]

 gam print cigroups [todrive]
 	[enterprisemember <UserItem>]
@@ -1438,7 +1438,7 @@ gam create user <EmailAddress> <UserAttribute>* [verifynotinvitable]
 gam update user <UserItem> <UserAttribute>* [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>] [verifynotinvitable]
 gam delete user <UserItem>
 gam undelete user <UserItem> [org|ou <OrgUnitPath>]
-gam info user [<UserItem>] [noaliases] [nogroups] [nolicenses|nolicences] [noschemas] [schemas|custom <SchemaNameList>] [userview] [skus|sku <SKUIDList>]
+gam info user [<UserItem>] [noaliases] [nogroups] [nolicenses|nolicences] [noschemas] [schemas|custom <SchemaNameList>] [userview] [skus|sku <SKUIDList>] [grouptree]

 Print fields for selected users; use domain, query/queries and deleted_only to select users to print;
 if none of these options are specified, all users are printed.
@@ -1600,6 +1600,7 @@ gam <UserTypeEntity> update labelsettings <LabelName> [name <Name>] [messagelist
 gam <UserTypeEntity> update label|labels [search <RegularExpression>] [replace <LabelReplacement>] [merge]
 gam <UserTypeEntity> delete|del label|labels <LabelName>|regex:<RegularExpression>|--ALL_LABELS--
 gam <UserTypeEntity> show labels|label [onlyuser] [showcounts]
+gam <UserTypeEntity> print labels|label [todrive] [onlyuser] [showcounts]

 gam <UserTypeEntity> delete messages query <QueryGmail> [doit] [max_to_delete|max_to_process <Number>]
 gam <UserTypeEntity> modify messages query <QueryGmail> [doit] [max_to_modify|max_to_process <Number>] (addlabel <LabelName>)* (removelabel <LabelName>)*
--- a/src/gam/init.py
+++ b/src/gam/init.py
@@ -5417,9 +5417,9 @@ def printShowLabels(users, show=True):
                label['email'] = user
        if not show:
            display.write_csv_file(labels,
-                           titles,
-                           list_type='Gmail Labels',
-                           todrive=False)
+                                   titles,
+                                   'Gmail Labels',
+                                   todrive)


 def showGmailProfile(users):
@@ -9019,30 +9019,30 @@ def doGetUserInfo(user_email=None):
    elif getCIGroups:
        memberships = gapi_cloudidentity_groups.get_membership_graph(user_email)
        print('\nGroup Membership Tree:')
-        group_name_mapping = {}
-        group_displayname_mapping = {}
-        groups = memberships.get('groups', [])
-        for group in groups:
-            group_name = group.get('name')
-            group_key = group.get('groupKey', {})
-            group_email = group_key.get('id', '')
-            group_display_name = group.get('displayName', '')
-            group_name_mapping[group_name] = group_email
-            group_displayname_mapping[group_email] = group_display_name
-        edges = []
-        seen_group_count = {}
-        groups_with_multi_memberships = []
-        for adj in memberships.get('adjacencyList', []):
-            group_name = adj.get('group', '')
-            group_email = group_name_mapping[group_name]
-            for edge in adj.get('edges', []):
-                seen_group_count[group_email] = seen_group_count.get(group_email, 0) + 1
-                member_email = edge.get('preferredMemberKey', {}).get('id')
-                edges.append((member_email, group_email))
-        print_group_map(user_email, group_displayname_mapping, seen_group_count, edges, spaces=3, direct=True)
-        if max(seen_group_count.values()) > 1:
-            print()
-            print('   * user has multiple direct or inherited memberships in group')
+        if memberships:
+            group_name_mapping = {}
+            group_displayname_mapping = {}
+            groups = memberships.get('groups', [])
+            for group in groups:
+                group_name = group.get('name')
+                group_key = group.get('groupKey', {})
+                group_email = group_key.get('id', '')
+                group_display_name = group.get('displayName', '')
+                group_name_mapping[group_name] = group_email
+                group_displayname_mapping[group_email] = group_display_name
+            edges = []
+            seen_group_count = {}
+            for adj in memberships.get('adjacencyList', []):
+                group_name = adj.get('group', '')
+                group_email = group_name_mapping[group_name]
+                for edge in adj.get('edges', []):
+                    seen_group_count[group_email] = seen_group_count.get(group_email, 0) + 1
+                    member_email = edge.get('preferredMemberKey', {}).get('id')
+                    edges.append((member_email, group_email))
+            print_group_map(user_email, group_displayname_mapping, seen_group_count, edges, 3, 'direct')
+            if seen_group_count and max(seen_group_count.values()) > 1:
+                print()
+                print('   * user has multiple direct or inherited memberships in group')
        print()
    if getLicenses:
        print('Licenses:')
@@ -9059,19 +9059,15 @@ def doGetUserInfo(user_email=None):
        for user_license in user_licenses:
            print(f'  {gapi_licensing._formatSKUIdDisplayName(user_license)}')

-def print_group_map(parent, group_name_mappings, seen_group_count, edges, spaces=3, direct=False):
+def print_group_map(parent, group_name_mappings, seen_group_count, edges, spaces, direction):
    for a_parent, a_child in edges:
        if a_parent == parent:
            group_display_name = group_name_mappings[a_child]
-            if direct:
-                direction = 'direct'
-            else:
-                direction = 'inherited'
            output = f'{" " * spaces}{group_display_name} <{a_child}> ({direction})'
            if seen_group_count[a_child] > 1:
                output += ' *'
            print(output)
-            print_group_map(a_child, group_name_mappings, seen_group_count, edges, spaces+2)
+            print_group_map(a_child, group_name_mappings, seen_group_count, edges, spaces+2, 'inherited')

 def doGetAliasInfo(alias_email=None):
    cd = buildGAPIObject('directory')
--- a/src/gam/gapi/cloudidentity/groups.py
+++ b/src/gam/gapi/cloudidentity/groups.py
@@ -13,12 +13,8 @@ from gam.gapi import cloudidentity as gapi_cloudidentity
 from gam.gapi.directory import customer as gapi_directory_customer


-def build():
-    return gapi_cloudidentity.build('cloudidentity')
-
-
 def create():
-    ci = build()
+    ci = gapi_cloudidentity.build()
    initialGroupConfig = 'EMPTY'
    gapi_directory_customer.setTrueCustomerId()
    parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
@@ -70,7 +66,7 @@ def create():


 def delete():
-    ci = build()
+    ci = gapi_cloudidentity.build()
    group = sys.argv[3]
    name = group_email_to_id(ci, group)
    print(f'Deleting group {group}')
@@ -78,7 +74,7 @@ def delete():


 def info():
-    ci = build()
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
    group = gam.normalizeEmailAddressOrUID(sys.argv[3])
    getUsers = True
    showJoinDate = True
@@ -118,7 +114,7 @@ def info():
                                     fields='*',
                                     pageSize=pageSize,
                                     view=view)
-        print('Members:')
+        print(' Members:')
        for member in members:
            role = get_single_role(member.get('roles', [])).lower()
            email = member.get('memberKey', {}).get('id')
@@ -130,7 +126,7 @@ def info():
                updated = member.get('updateTime', 'Unknown')
                jc_string += f'  updated {updated}'
            print(
-                f'{role}: {email}{jc_string}'
+                f'  {role}: {email}{jc_string}'
                # f' {member.get("role", ROLE_MEMBER).lower()}: {member.get("email", member["id"])} ({member["type"].lower()})'
            )
        print(f'Total {len(members)} users in group')
@@ -138,10 +134,10 @@ def info():
        print(' Member tree:')
        global cached_group_members
        cached_group_members = {}
-        print_member_tree(ci, name)
+        print_member_tree(ci, name, 2)


-def print_member_tree(ci, group_id, spaces=2):
+def print_member_tree(ci, group_id, spaces):
    if not group_id in cached_group_members:
        cached_group_members[group_id] = gapi.get_all_pages(ci.groups().memberships(),
                                                            'list',
@@ -152,24 +148,17 @@ def print_member_tree(ci, group_id, spaces=2):
    for member in cached_group_members[group_id]:
        member_id = member.get('name', '')
        member_id = member_id.split('/')[-1]
+        member_email = member.get('memberKey', {}).get('id')
        if member_id.isdigit():
-            member_type = 'user'
-        else:
-            member_type = 'group'
-        member_email = member.get('preferredMemberKey', {}).get('id')
-        relation_type = member.get('relationType', '').lower()
-        if member_type == 'user':
            print(f'{" " * spaces}{member_email} - user')
-        elif member_type == 'group':
+        else:
            print(f'{" " * spaces}{member_email} - group')
            group_id = group_email_to_id(ci, member_email)
            print_member_tree(ci, group_id, spaces + 2)
-        else:
-            print(f'unknown member type: {member_type} for {member_email}')


 def info_member():
-    ci = build()
+    ci = gapi_cloudidentity.build()
    member = gam.normalizeEmailAddressOrUID(sys.argv[3])
    group = gam.normalizeEmailAddressOrUID(sys.argv[4])
    group_name = gapi.call(ci.groups(),
@@ -199,7 +188,7 @@ GROUP_ROLES_MAP = {


 def print_():
-    ci = build()
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
    i = 3
    members = membersCountOnly = managers = managersCountOnly = owners = ownersCountOnly = False
    gapi_directory_customer.setTrueCustomerId()
@@ -287,7 +276,7 @@ def print_():
        except googleapiclient.errors.HttpError:
            controlflow.system_error_exit(
                2,
-                f'enterprisemember requires Enterprise license')
+                'enterprisemember requires Enterprise license')
        entityList = []
        for entity in result:
            if entity['relationType'] == 'DIRECT':
@@ -385,7 +374,7 @@ def print_():

 def _get_groups_list(ci=None, member=None, parent=None):
    if not ci:
-        ci = build()
+        ci = gapi_cloudidentity.build()
    if not parent:
            gapi_directory_customer.setTrueCustomerId()
            parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
@@ -407,7 +396,7 @@ def _get_groups_list(ci=None, member=None, parent=None):
        except googleapiclient.errors.HttpError:
            controlflow.system_error_exit(
                    2,
-                    f'enterprisemember requires Enterprise license')
+                    'enterprisemember requires Enterprise license')
        return [group['groupKey']['id'] for group in groups_to_get if group['relationType'] == 'DIRECT']
    else:
        groups_to_get = gapi.get_all_pages(
@@ -424,7 +413,7 @@ def _get_groups_list(ci=None, member=None, parent=None):


 def get_membership_graph(member):
-    ci = build()
+    ci = gapi_cloudidentity.build()
    query = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
    result = gapi.call(ci.groups().memberships(),
                     'getMembershipGraph',
@@ -434,7 +423,7 @@ def get_membership_graph(member):


 def print_members():
-    ci = build()
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
    todrive = False
    gapi_directory_customer.setTrueCustomerId()
    parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
@@ -550,7 +539,7 @@ def update():
            ]
        return (role, expireTime, users_email)

-    ci = build()
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
    group = sys.argv[3]
    myarg = sys.argv[4].lower()
    items = []