Updated gam info|print|show policies to make additional API calls for settings/workspace_marketplace.apps_allowlist
Some checks are pending
Build and test GAM / build (Win64, build, 8, VC-WIN64A, windows-2022) (push) Waiting to run
Build and test GAM / build (aarch64, build, 3, linux-aarch64, [self-hosted linux arm64]) (push) Waiting to run
Build and test GAM / build (aarch64, build, 5, linux-aarch64, [self-hosted linux arm64], yes) (push) Waiting to run
Build and test GAM / build (aarch64, build, 7, darwin64-arm64, macos-14) (push) Waiting to run
Build and test GAM / build (x86_64, build, 1, linux-x86_64, ubuntu-22.04) (push) Waiting to run
Build and test GAM / build (x86_64, build, 2, linux-x86_64, ubuntu-24.04) (push) Waiting to run
Build and test GAM / build (x86_64, build, 4, linux-x86_64, ubuntu-22.04, yes) (push) Waiting to run
Build and test GAM / build (x86_64, build, 6, darwin64-x86_64, macos-13) (push) Waiting to run
Build and test GAM / build (x86_64, test, 10, ubuntu-24.04, 3.10) (push) Waiting to run
Build and test GAM / build (x86_64, test, 11, ubuntu-24.04, 3.11) (push) Waiting to run
Build and test GAM / build (x86_64, test, 12, ubuntu-24.04, 3.12) (push) Waiting to run
Build and test GAM / build (x86_64, test, 9, ubuntu-24.04, 3.9) (push) Waiting to run
Build and test GAM / merge (push) Blocked by required conditions
Build and test GAM / publish (push) Blocked by required conditions
CodeQL / Analyze (python) (push) Waiting to run
Check for Google Root CA Updates / check-apis (push) Waiting to run

This commit is contained in:
Ross Scroggs
2024-10-26 19:20:29 -07:00
parent 40899de989
commit bb198c8c1a
7 changed files with 83 additions and 34 deletions

View File

@@ -27,17 +27,19 @@ gam oauth create
## Policies ## Policies
These are the supported policies GAM can show today. These are the supported policies GAM can show today.
See: https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings
``` ```
user_takeout_status (is takeout enabled for service) user_takeout_status (is takeout enabled for service)
blogger blogger.user_takeout
books books.user_takeout
location_history location_history.user_takeout
maps maps.user_takeout
pay pay.user_takeout
photos photos.user_takeout
play play.user_takeout
play_console play_console.user_takeout
youtube youtube.user_takeout
service_status (is service enabled) service_status (is service enabled)
ad_manager ad_manager
ads ads
@@ -311,39 +313,48 @@ workspace_marketplace.apps_allowlist
Display selected policies. Display selected policies.
``` ```
gam info policies <CIPolicyEntity> gam info policies <CIPolicyEntity>
[nowarnings] [nowarnings] [noappnames]
[formatjson] [formatjson]
``` ```
By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display. By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display.
By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist`
to get the application name for the application ID. Use option `noappnames` to suppress these calls.
By default, Gam displays the information as an indented list of keys and values. By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.
Display all or filtered policies. Display all or filtered policies.
``` ```
gam show policies gam show policies
[filter <String>] [nowarnings] [filter <String>] [nowarnings] [noappnames]
[formatjson] [formatjson]
``` ```
By default, all policies are displayed. By default, all policies are displayed.
* `filter <String>` - Display filtered policies, See https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Policies * `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list
By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display. By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display.
By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist`
to get the application name for the application ID. Use option `noappnames` to suppress these calls.
By default, Gam displays the information as an indented list of keys and values. By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.
``` ```
gam print policies [todrive <ToDriveAttribute>*] gam print policies [todrive <ToDriveAttribute>*]
[filter <String>] [nowarnings] [filter <String>] [nowarnings] [noappnames]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
``` ```
By default, all policies are displayed: By default, all policies are displayed:
* `filter <String>` - Display filtered policies, See https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Policies * `filter <String>` - Display filtered policies, See https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies/list
By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display. By default, policy warnings are displayed, use the 'nowarnings` option to suppress their display.
By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist`
to get the application name for the application ID. Use option `noappnames` to suppress these calls.
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format, By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.

View File

@@ -10,6 +10,11 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
### 7.00.31
Updated `gam info|print|show policies` to make additional API calls for `settings/workspace_marketplace.apps_allowlist`
to get the application name for the application ID. Use option `noappnames` to suppress these calls.
### 7.00.30 ### 7.00.30
Added command to display selected Cloud Identity policies. Added command to display selected Cloud Identity policies.

View File

@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
admin@server:/Users/admin$ gam version admin@server:/Users/admin$ gam version
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64
@@ -923,7 +923,7 @@ writes the credentials into the file oauth2.txt.
C:\>del C:\GAMConfig\oauth2.txt C:\>del C:\GAMConfig\oauth2.txt
C:\>gam version C:\>gam version
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
GAM7 7.00.30 - https://github.com/GAM-team/GAM - pythonsource GAM7 7.00.31 - https://github.com/GAM-team/GAM - pythonsource
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
Windows-10-10.0.17134 AMD64 Windows-10-10.0.17134 AMD64

View File

@@ -3,7 +3,7 @@
Print the current version of Gam with details Print the current version of Gam with details
``` ```
gam version gam version
GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64
@@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00
Print the current version of Gam with details and time offset information Print the current version of Gam with details and time offset information
``` ```
gam version timeoffset gam version timeoffset
GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
Print the current version of Gam with extended details and SSL information Print the current version of Gam with extended details and SSL information
``` ```
gam version extended gam version extended
GAM 7.00.30 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.00.31 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Version Check: Version Check:
Current: 5.35.08 Current: 5.35.08
Latest: 7.00.30 Latest: 7.00.31
echo $? echo $?
1 1
``` ```
@@ -72,7 +72,7 @@ echo $?
Print the current version number without details Print the current version number without details
``` ```
gam version simple gam version simple
7.00.30 7.00.31
``` ```
In Linux/MacOS you can do: In Linux/MacOS you can do:
``` ```
@@ -82,7 +82,7 @@ echo $VER
Print the current version of Gam and address of this Wiki Print the current version of Gam and address of this Wiki
``` ```
gam help gam help
GAM 7.00.30 - https://github.com/GAM-team/GAM GAM 7.00.31 - https://github.com/GAM-team/GAM
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.0 64-bit final Python 3.13.0 64-bit final
MacOS Sonoma 14.5 x86_64 MacOS Sonoma 14.5 x86_64

View File

@@ -4076,14 +4076,13 @@ gam update deviceuserstate <DeviceUserEntity> [clientid <String>]
# Cloud Identity Policies # Cloud Identity Policies
gam info policies <CIPolicyNameEntity> gam info policies <CIPolicyNameEntity>
[nowarnings] [nowarnings] [noappnames]
[formatjson] [formatjson]
gam print policies [todrive <ToDriveAttribute>*] gam print policies [todrive <ToDriveAttribute>*]
[filter <String>] [nowarnings] [filter <String>] [nowarnings] [noappnames]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
gam show policies gam show policies
[filter <String>] [nowarnings] [filter <String>] [nowarnings] [noappnames]
[formatjson] [formatjson]
# Inbound SSO # Inbound SSO

View File

@@ -1,3 +1,8 @@
7.00.31
Updated `gam info|print|show policies` to make additional API calls for `settings/workspace_marketplace.apps_allowlist`
to get the application name for the application ID. Use option `noappnames` to suppress these calls.
7.00.30 7.00.30
Added command to display selected Cloud Identity policies. Added command to display selected Cloud Identity policies.

View File

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
""" """
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>' __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
__version__ = '7.00.30' __version__ = '7.00.31'
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)' __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
#pylint: disable=wrong-import-position #pylint: disable=wrong-import-position
@@ -35097,10 +35097,32 @@ CIPOLICY_ADDITIONAL_WARNINGS = {
} }
} }
def _cleanPolicy(policy, add_warnings, cd, groups_ci): def _getPolicyAppNameFromId(httpObj, app):
app['applicationName'] = UNKNOWN
appId = app['applicationId']
url = f'https://workspace.google.com/marketplace/app/_/{appId}'
try:
resp, content = httpObj.request(url, 'GET')
except:
return
if resp.status != 200:
return
if isinstance(content, bytes):
content = content.decode()
pattern = f'https://workspace.google.com/marketplace/app/(.+?)/{appId}'
a = re.search(pattern, content)
if a:
app['applicationName'] = a.group(1)
def _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci):
# convert any wordlists into spaced strings to reduce output complexity # convert any wordlists into spaced strings to reduce output complexity
if policy['setting']['type'] == 'settings/detector.word_list': if policy['setting']['type'] == 'settings/detector.word_list':
policy['setting']['value']['wordList'] = ' '.join(policy['setting']['value']['wordList']['words']) policy['setting']['value']['wordList'] = ' '.join(policy['setting']['value']['wordList']['words'])
# get application name for application id
if policy['setting']['type'] == 'settings/workspace_marketplace.apps_allowlist' and not no_appnames:
httpObj = getHttpObj(timeout=10)
for app in policy['setting']['value'].get('apps', []):
_getPolicyAppNameFromId(httpObj, app)
# add any warnings to applicable policies # add any warnings to applicable policies
if add_warnings and policy['setting']['type'] in CIPOLICY_ADDITIONAL_WARNINGS: if add_warnings and policy['setting']['type'] in CIPOLICY_ADDITIONAL_WARNINGS:
policy['warning'] = CIPOLICY_ADDITIONAL_WARNINGS[policy['setting']['type']] policy['warning'] = CIPOLICY_ADDITIONAL_WARNINGS[policy['setting']['type']]
@@ -35125,7 +35147,8 @@ def _showPolicy(policy, FJQC, i=0, count=0):
Ind.Decrement() Ind.Decrement()
# gam info policies <CIPolicyNameEntity> # gam info policies <CIPolicyNameEntity>
# [nowarnings] [formatjson] # [nowarnings] [noappnames]
# [formatjson]
def doInfoCIPolicies(): def doInfoCIPolicies():
groups_ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS) groups_ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
ci = buildGAPIObject(API.CLOUDIDENTITY_POLICY) ci = buildGAPIObject(API.CLOUDIDENTITY_POLICY)
@@ -35133,10 +35156,13 @@ def doInfoCIPolicies():
entityList = getEntityList(Cmd.OB_CIPOLICY_NAME_ENTITY) entityList = getEntityList(Cmd.OB_CIPOLICY_NAME_ENTITY)
FJQC = FormatJSONQuoteChar() FJQC = FormatJSONQuoteChar()
add_warnings = True add_warnings = True
no_appnames = False
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
if myarg == 'nowarnings': if myarg == 'nowarnings':
add_warnings = False add_warnings = False
elif myarg == 'noappnames':
no_appnames=True
else: else:
FJQC.GetFormatJSON(myarg) FJQC.GetFormatJSON(myarg)
i = 0 i = 0
@@ -35151,17 +35177,17 @@ def doInfoCIPolicies():
throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.INTERNAL_ERROR], throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.INTERNAL_ERROR],
name=pname, name=pname,
fields='name,policyQuery(group,orgUnit,sortOrder),type,setting') fields='name,policyQuery(group,orgUnit,sortOrder),type,setting')
_cleanPolicy(policy, add_warnings, cd, groups_ci) _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci)
_showPolicy(policy, FJQC, i, count) _showPolicy(policy, FJQC, i, count)
except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.internalError) as e: except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.internalError) as e:
entityActionFailedWarning([Ent.POLICY, pname], str(e), i, count) entityActionFailedWarning([Ent.POLICY, pname], str(e), i, count)
continue continue
# gam print policies [todrive <ToDriveAttribute>*] # gam print policies [todrive <ToDriveAttribute>*]
# [filter <String>] [nowarnings] # [filter <String>] [nowarnings] [noappnames]
# [formatjson [quotechar <Character>]] # [formatjson [quotechar <Character>]]
# gam show policies # gam show policies
# [filter <String>] [nowarnings] # [filter <String>] [nowarnings] [noappnames]
# [formatjson] # [formatjson]
def doPrintShowCIPolicies(): def doPrintShowCIPolicies():
@@ -35182,6 +35208,7 @@ def doPrintShowCIPolicies():
FJQC = FormatJSONQuoteChar(csvPF) FJQC = FormatJSONQuoteChar(csvPF)
ifilter = None ifilter = None
add_warnings = True add_warnings = True
no_appnames = False
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
if csvPF and myarg == 'todrive': if csvPF and myarg == 'todrive':
@@ -35190,6 +35217,8 @@ def doPrintShowCIPolicies():
ifilter = getString(Cmd.OB_STRING) ifilter = getString(Cmd.OB_STRING)
elif myarg == 'nowarnings': elif myarg == 'nowarnings':
add_warnings = False add_warnings = False
elif myarg == 'noappnames':
no_appnames=True
else: else:
FJQC.GetFormatJSONQuoteChar(myarg, True) FJQC.GetFormatJSONQuoteChar(myarg, True)
printGettingAllAccountEntities(Ent.POLICY, ifilter) printGettingAllAccountEntities(Ent.POLICY, ifilter)
@@ -35212,12 +35241,12 @@ def doPrintShowCIPolicies():
i = 0 i = 0
for policy in policies: for policy in policies:
i += 1 i += 1
_cleanPolicy(policy, add_warnings, cd, groups_ci) _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci)
_showPolicy(policy, FJQC, i, count) _showPolicy(policy, FJQC, i, count)
Ind.Decrement() Ind.Decrement()
else: else:
for policy in policies: for policy in policies:
_cleanPolicy(policy, add_warnings, cd, groups_ci) _cleanPolicy(policy, add_warnings, no_appnames, cd, groups_ci)
_printPolicy(policy) _printPolicy(policy)
if csvPF: if csvPF:
csvPF.writeCSVfile('Policies') csvPF.writeCSVfile('Policies')