mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 20:31:35 +00:00
Initial support for group membership expiration
This commit is contained in:
@@ -407,6 +407,7 @@ def update():
|
|||||||
def _getRoleAndUsers():
|
def _getRoleAndUsers():
|
||||||
checkSuspended = None
|
checkSuspended = None
|
||||||
role = None
|
role = None
|
||||||
|
expireTime = None
|
||||||
i = 5
|
i = 5
|
||||||
if sys.argv[i].lower() in GROUP_ROLES_MAP:
|
if sys.argv[i].lower() in GROUP_ROLES_MAP:
|
||||||
role = GROUP_ROLES_MAP[sys.argv[i].lower()]
|
role = GROUP_ROLES_MAP[sys.argv[i].lower()]
|
||||||
@@ -414,6 +415,9 @@ def update():
|
|||||||
if sys.argv[i].lower() in ['suspended', 'notsuspended']:
|
if sys.argv[i].lower() in ['suspended', 'notsuspended']:
|
||||||
checkSuspended = sys.argv[i].lower() == 'suspended'
|
checkSuspended = sys.argv[i].lower() == 'suspended'
|
||||||
i += 1
|
i += 1
|
||||||
|
if sys.argv[i].lower() in ['expire', 'expires']:
|
||||||
|
expireTime = sys.argv[i+1]
|
||||||
|
i += 2
|
||||||
if sys.argv[i].lower() in usergroup_types:
|
if sys.argv[i].lower() in usergroup_types:
|
||||||
users_email = gam.getUsersToModify(entity_type=sys.argv[i].lower(),
|
users_email = gam.getUsersToModify(entity_type=sys.argv[i].lower(),
|
||||||
entity=sys.argv[i + 1],
|
entity=sys.argv[i + 1],
|
||||||
@@ -424,7 +428,7 @@ def update():
|
|||||||
gam.normalizeEmailAddressOrUID(sys.argv[i],
|
gam.normalizeEmailAddressOrUID(sys.argv[i],
|
||||||
checkForCustomerId=True)
|
checkForCustomerId=True)
|
||||||
]
|
]
|
||||||
return (role, users_email)
|
return (role, expireTime, users_email)
|
||||||
|
|
||||||
ci = gapi_cloudidentity.build('cloudidentity_beta')
|
ci = gapi_cloudidentity.build('cloudidentity_beta')
|
||||||
group = sys.argv[3]
|
group = sys.argv[3]
|
||||||
@@ -439,7 +443,7 @@ def update():
|
|||||||
if not parent:
|
if not parent:
|
||||||
return
|
return
|
||||||
if myarg == 'add':
|
if myarg == 'add':
|
||||||
role, users_email = _getRoleAndUsers()
|
role, expireTime, users_email = _getRoleAndUsers()
|
||||||
if not role:
|
if not role:
|
||||||
role = ROLE_MEMBER
|
role = ROLE_MEMBER
|
||||||
if len(users_email) > 1:
|
if len(users_email) > 1:
|
||||||
@@ -448,8 +452,10 @@ def update():
|
|||||||
for user_email in users_email:
|
for user_email in users_email:
|
||||||
item = [
|
item = [
|
||||||
'gam', 'update', 'cigroup', f'id:{parent}', 'add', role,
|
'gam', 'update', 'cigroup', f'id:{parent}', 'add', role,
|
||||||
user_email
|
|
||||||
]
|
]
|
||||||
|
if expireTime:
|
||||||
|
item.extend(['expires', expireTime])
|
||||||
|
item.append(user_email)
|
||||||
items.append(item)
|
items.append(item)
|
||||||
elif len(users_email) > 0:
|
elif len(users_email) > 0:
|
||||||
body = {
|
body = {
|
||||||
@@ -462,6 +468,10 @@ def update():
|
|||||||
}
|
}
|
||||||
if role != ROLE_MEMBER:
|
if role != ROLE_MEMBER:
|
||||||
body['roles'].append({'name': role})
|
body['roles'].append({'name': role})
|
||||||
|
if expireTime:
|
||||||
|
for role in body['roles']:
|
||||||
|
if role['name'] == ROLE_MEMBER:
|
||||||
|
role['expiryDetail'] = {'expireTime': expireTime}
|
||||||
add_text = [f'as {role}']
|
add_text = [f'as {role}']
|
||||||
for i in range(2):
|
for i in range(2):
|
||||||
try:
|
try:
|
||||||
@@ -494,7 +504,7 @@ def update():
|
|||||||
elif myarg == 'sync':
|
elif myarg == 'sync':
|
||||||
syncMembersSet = set()
|
syncMembersSet = set()
|
||||||
syncMembersMap = {}
|
syncMembersMap = {}
|
||||||
role, users_email = _getRoleAndUsers()
|
role, expireTime, users_email = _getRoleAndUsers()
|
||||||
for user_email in users_email:
|
for user_email in users_email:
|
||||||
if user_email in ('*', GC_Values[GC_CUSTOMER_ID]):
|
if user_email in ('*', GC_Values[GC_CUSTOMER_ID]):
|
||||||
syncMembersSet.add(GC_Values[GC_CUSTOMER_ID])
|
syncMembersSet.add(GC_Values[GC_CUSTOMER_ID])
|
||||||
@@ -527,17 +537,18 @@ def update():
|
|||||||
f'Group: {group}, Will add {len(to_add)} and remove {len(to_remove)} {role}s.\n'
|
f'Group: {group}, Will add {len(to_add)} and remove {len(to_remove)} {role}s.\n'
|
||||||
)
|
)
|
||||||
for user in to_add:
|
for user in to_add:
|
||||||
item = [
|
item = ['gam', 'update', 'cigroup', f'id:{parent}', 'add',
|
||||||
'gam', 'update', 'cigroup', f'id:{parent}', 'add', role,
|
role,]
|
||||||
user
|
if expireTime:
|
||||||
]
|
item.extend(['expires', expireTime])
|
||||||
|
item.append(user)
|
||||||
items.append(item)
|
items.append(item)
|
||||||
for user in to_remove:
|
for user in to_remove:
|
||||||
items.append([
|
items.append([
|
||||||
'gam', 'update', 'cigroup', f'id:{parent}', 'remove', user
|
'gam', 'update', 'cigroup', f'id:{parent}', 'remove', user
|
||||||
])
|
])
|
||||||
elif myarg in ['delete', 'remove']:
|
elif myarg in ['delete', 'remove']:
|
||||||
_, users_email = _getRoleAndUsers()
|
_, _, users_email = _getRoleAndUsers()
|
||||||
if len(users_email) > 1:
|
if len(users_email) > 1:
|
||||||
sys.stderr.write(
|
sys.stderr.write(
|
||||||
f'Group: {group}, Will remove {len(users_email)} emails.\n')
|
f'Group: {group}, Will remove {len(users_email)} emails.\n')
|
||||||
@@ -563,7 +574,7 @@ def update():
|
|||||||
f' Group: {group}, {users_email[0]} Remove Failed: {str(e)}'
|
f' Group: {group}, {users_email[0]} Remove Failed: {str(e)}'
|
||||||
)
|
)
|
||||||
elif myarg == 'update':
|
elif myarg == 'update':
|
||||||
role, users_email = _getRoleAndUsers()
|
role, expireTime, users_email = _getRoleAndUsers()
|
||||||
if not role:
|
if not role:
|
||||||
role = ROLE_MEMBER
|
role = ROLE_MEMBER
|
||||||
if len(users_email) > 1:
|
if len(users_email) > 1:
|
||||||
@@ -573,8 +584,10 @@ def update():
|
|||||||
for user_email in users_email:
|
for user_email in users_email:
|
||||||
item = [
|
item = [
|
||||||
'gam', 'update', 'cigroup', f'id:{parent}', 'update',
|
'gam', 'update', 'cigroup', f'id:{parent}', 'update',
|
||||||
role, user_email
|
role,]
|
||||||
]
|
if expireTime:
|
||||||
|
item.extend(['expires', expireTime])
|
||||||
|
item.append(user_email)
|
||||||
items.append(item)
|
items.append(item)
|
||||||
elif len(users_email) > 0:
|
elif len(users_email) > 0:
|
||||||
name = membership_email_to_id(ci, parent, users_email[0])
|
name = membership_email_to_id(ci, parent, users_email[0])
|
||||||
@@ -589,12 +602,25 @@ def update():
|
|||||||
if crole not in {ROLE_MEMBER, role}:
|
if crole not in {ROLE_MEMBER, role}:
|
||||||
removeRoles.append(crole)
|
removeRoles.append(crole)
|
||||||
if role not in current_roles:
|
if role not in current_roles:
|
||||||
addRoles.append({'name': role})
|
new_role = {'name': role}
|
||||||
|
if role == ROLE_MEMBER and expireTime:
|
||||||
|
new_role['expiryDetail'] = {'expireTime': expireTime}
|
||||||
|
expireTime = None
|
||||||
|
addRoles.append(new_role)
|
||||||
bodys = []
|
bodys = []
|
||||||
if addRoles:
|
if addRoles:
|
||||||
bodys.append({'addRoles': addRoles})
|
bodys.append({'addRoles': addRoles})
|
||||||
if removeRoles:
|
if removeRoles:
|
||||||
bodys.append({'removeRoles': removeRoles})
|
bodys.append({'removeRoles': removeRoles})
|
||||||
|
if expireTime:
|
||||||
|
bodys.append({
|
||||||
|
'name': ROLE_MEMBER,
|
||||||
|
# Note this doesn't actually work for some reason. Only known method to change
|
||||||
|
# expire time right now is to remove/re-add member.
|
||||||
|
'expiryDetail': {
|
||||||
|
'expireTime': expireTime
|
||||||
|
}
|
||||||
|
})
|
||||||
for body in bodys:
|
for body in bodys:
|
||||||
try:
|
try:
|
||||||
gapi.call(ci.groups().memberships(),
|
gapi.call(ci.groups().memberships(),
|
||||||
|
|||||||
Reference in New Issue
Block a user