From bb198c8c1ade89ddfaf415738d3092a453965944 Mon Sep 17 00:00:00 2001 From: Ross Scroggs Date: Sat, 26 Oct 2024 19:20:29 -0700 Subject: [PATCH] Updated `gam info|print|show policies` to make additional API calls for `settings/workspace_marketplace.apps_allowlist` --- docs/Cloud-Identity-Policies.md | 39 +++++++++++++------- docs/GamUpdates.md | 5 +++ docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md | 4 +- docs/Version-and-Help.md | 12 +++--- src/GamCommands.txt | 7 ++-- src/GamUpdate.txt | 5 +++ src/gam/__init__.py | 45 +++++++++++++++++++---- 7 files changed, 83 insertions(+), 34 deletions(-) diff --git a/docs/Cloud-Identity-Policies.md b/docs/Cloud-Identity-Policies.md index bac6154b..941bec02 100644 --- a/docs/Cloud-Identity-Policies.md +++ b/docs/Cloud-Identity-Policies.md @@ -27,17 +27,19 @@ gam oauth create ## Policies These are the supported policies GAM can show today. + +See: https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings ``` user_takeout_status (is takeout enabled for service) - blogger - books - location_history - maps - pay - photos - play - play_console - youtube + blogger.user_takeout + books.user_takeout + location_history.user_takeout + maps.user_takeout + pay.user_takeout + photos.user_takeout + play.user_takeout + play_console.user_takeout + youtube.user_takeout service_status (is service enabled) ad_manager ads @@ -311,39 +313,48 @@ workspace_marketplace.apps_allowlist Display selected policies. ``` gam info policies - [nowarnings] + [nowarnings] [noappnames] [formatjson] ``` By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display. +By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist` +to get the application name for the application ID. Use option `noappnames` to suppress these calls. + By default, Gam displays the information as an indented list of keys and values. * `formatjson` - Display the fields in JSON format. Display all or filtered policies. ``` gam show policies - [filter ] [nowarnings] + [filter ] [nowarnings] [noappnames] [formatjson] ``` By default, all policies are displayed. -* `filter ` - Display filtered policies, See https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Policies +* `filter ` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display. +By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist` +to get the application name for the application ID. Use option `noappnames` to suppress these calls. + By default, Gam displays the information as an indented list of keys and values. * `formatjson` - Display the fields in JSON format. ``` gam print policies [todrive *] - [filter ] [nowarnings] + [filter ] [nowarnings] [noappnames] [formatjson [quotechar ]] ``` By default, all policies are displayed: -* `filter ` - Display filtered policies, See https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Policies +* `filter ` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display. +By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist` +to get the application name for the application ID. Use option `noappnames` to suppress these calls. + By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format, * `formatjson` - Display the fields in JSON format. diff --git a/docs/GamUpdates.md b/docs/GamUpdates.md index 354d6760..3c9780d3 100644 --- a/docs/GamUpdates.md +++ b/docs/GamUpdates.md @@ -10,6 +10,11 @@ Add the `-s` option to the end of the above commands to suppress creating the `g See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation +### 7.00.31 + +Updated `gam info|print|show policies` to make additional API calls for `settings/workspace_marketplace.apps_allowlist` +to get the application name for the application ID. Use option `noappnames` to suppress these calls. + ### 7.00.30 Added command to display selected Cloud Identity policies. diff --git a/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md b/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md index c7ddc4b2..e7f161b7 100644 --- a/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md +++ b/docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md @@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt. admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin$ gam version WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found -GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -923,7 +923,7 @@ writes the credentials into the file oauth2.txt. C:\>del C:\GAMConfig\oauth2.txt C:\>gam version WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found -GAM7 7.00.30 - https://github.com/GAM-team/GAM - pythonsource +GAM7 7.00.31 - https://github.com/GAM-team/GAM - pythonsource GAM Team Python 3.13.0 64-bit final Windows-10-10.0.17134 AMD64 diff --git a/docs/Version-and-Help.md b/docs/Version-and-Help.md index ada2772b..654d8510 100644 --- a/docs/Version-and-Help.md +++ b/docs/Version-and-Help.md @@ -3,7 +3,7 @@ Print the current version of Gam with details ``` gam version -GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00 Print the current version of Gam with details and time offset information ``` gam version timeoffset -GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second Print the current version of Gam with extended details and SSL information ``` gam version extended -GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller +GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 @@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64 Path: /Users/Admin/bin/gam7 Version Check: Current: 5.35.08 - Latest: 7.00.30 + Latest: 7.00.31 echo $? 1 ``` @@ -72,7 +72,7 @@ echo $? Print the current version number without details ``` gam version simple -7.00.30 +7.00.31 ``` In Linux/MacOS you can do: ``` @@ -82,7 +82,7 @@ echo $VER Print the current version of Gam and address of this Wiki ``` gam help -GAM 7.00.30 - https://github.com/GAM-team/GAM +GAM 7.00.31 - https://github.com/GAM-team/GAM GAM Team Python 3.13.0 64-bit final MacOS Sonoma 14.5 x86_64 diff --git a/src/GamCommands.txt b/src/GamCommands.txt index 2f748eef..0fe1d9e2 100644 --- a/src/GamCommands.txt +++ b/src/GamCommands.txt @@ -4076,14 +4076,13 @@ gam update deviceuserstate [clientid ] # Cloud Identity Policies gam info policies - [nowarnings] + [nowarnings] [noappnames] [formatjson] - gam print policies [todrive *] - [filter ] [nowarnings] + [filter ] [nowarnings] [noappnames] [formatjson [quotechar ]] gam show policies - [filter ] [nowarnings] + [filter ] [nowarnings] [noappnames] [formatjson] # Inbound SSO diff --git a/src/GamUpdate.txt b/src/GamUpdate.txt index e81ec68d..0a4343f1 100644 --- a/src/GamUpdate.txt +++ b/src/GamUpdate.txt @@ -1,3 +1,8 @@ +7.00.31 + +Updated `gam info|print|show policies` to make additional API calls for `settings/workspace_marketplace.apps_allowlist` +to get the application name for the application ID. Use option `noappnames` to suppress these calls. + 7.00.30 Added command to display selected Cloud Identity policies. diff --git a/src/gam/__init__.py b/src/gam/__init__.py index 48723834..09c77e41 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki """ __author__ = 'GAM Team ' -__version__ = '7.00.30' +__version__ = '7.00.31' __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)' #pylint: disable=wrong-import-position @@ -35097,10 +35097,32 @@ CIPOLICY_ADDITIONAL_WARNINGS = { } } -def _cleanPolicy(policy, add_warnings, cd, groups_ci): +def _getPolicyAppNameFromId(httpObj, app): + app['applicationName'] = UNKNOWN + appId = app['applicationId'] + url = f'https://workspace.google.com/marketplace/app/_/{appId}' + try: + resp, content = httpObj.request(url, 'GET') + except: + return + if resp.status != 200: + return + if isinstance(content, bytes): + content = content.decode() + pattern = f'https://workspace.google.com/marketplace/app/(.+?)/{appId}' + a = re.search(pattern, content) + if a: + app['applicationName'] = a.group(1) + +def _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci): # convert any wordlists into spaced strings to reduce output complexity if policy['setting']['type'] == 'settings/detector.word_list': policy['setting']['value']['wordList'] = ' '.join(policy['setting']['value']['wordList']['words']) + # get application name for application id + if policy['setting']['type'] == 'settings/workspace_marketplace.apps_allowlist' and not no_appnames: + httpObj = getHttpObj(timeout=10) + for app in policy['setting']['value'].get('apps', []): + _getPolicyAppNameFromId(httpObj, app) # add any warnings to applicable policies if add_warnings and policy['setting']['type'] in CIPOLICY_ADDITIONAL_WARNINGS: policy['warning'] = CIPOLICY_ADDITIONAL_WARNINGS[policy['setting']['type']] @@ -35125,7 +35147,8 @@ def _showPolicy(policy, FJQC, i=0, count=0): Ind.Decrement() # gam info policies -# [nowarnings] [formatjson] +# [nowarnings] [noappnames] +# [formatjson] def doInfoCIPolicies(): groups_ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS) ci = buildGAPIObject(API.CLOUDIDENTITY_POLICY) @@ -35133,10 +35156,13 @@ def doInfoCIPolicies(): entityList = getEntityList(Cmd.OB_CIPOLICY_NAME_ENTITY) FJQC = FormatJSONQuoteChar() add_warnings = True + no_appnames = False while Cmd.ArgumentsRemaining(): myarg = getArgument() if myarg == 'nowarnings': add_warnings = False + elif myarg == 'noappnames': + no_appnames=True else: FJQC.GetFormatJSON(myarg) i = 0 @@ -35151,17 +35177,17 @@ def doInfoCIPolicies(): throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.INTERNAL_ERROR], name=pname, fields='name,policyQuery(group,orgUnit,sortOrder),type,setting') - _cleanPolicy(policy, add_warnings, cd, groups_ci) + _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci) _showPolicy(policy, FJQC, i, count) except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.internalError) as e: entityActionFailedWarning([Ent.POLICY, pname], str(e), i, count) continue # gam print policies [todrive *] -# [filter ] [nowarnings] +# [filter ] [nowarnings] [noappnames] # [formatjson [quotechar ]] # gam show policies -# [filter ] [nowarnings] +# [filter ] [nowarnings] [noappnames] # [formatjson] def doPrintShowCIPolicies(): @@ -35182,6 +35208,7 @@ def doPrintShowCIPolicies(): FJQC = FormatJSONQuoteChar(csvPF) ifilter = None add_warnings = True + no_appnames = False while Cmd.ArgumentsRemaining(): myarg = getArgument() if csvPF and myarg == 'todrive': @@ -35190,6 +35217,8 @@ def doPrintShowCIPolicies(): ifilter = getString(Cmd.OB_STRING) elif myarg == 'nowarnings': add_warnings = False + elif myarg == 'noappnames': + no_appnames=True else: FJQC.GetFormatJSONQuoteChar(myarg, True) printGettingAllAccountEntities(Ent.POLICY, ifilter) @@ -35212,12 +35241,12 @@ def doPrintShowCIPolicies(): i = 0 for policy in policies: i += 1 - _cleanPolicy(policy, add_warnings, cd, groups_ci) + _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci) _showPolicy(policy, FJQC, i, count) Ind.Decrement() else: for policy in policies: - _cleanPolicy(policy, add_warnings, cd, groups_ci) + _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci) _printPolicy(policy) if csvPF: csvPF.writeCSVfile('Policies')