From d2495f0ed8f2a1763ba72ab3c933a0aa27563de1 Mon Sep 17 00:00:00 2001 From: Ross Scroggs Date: Thu, 21 Aug 2025 05:32:58 -0700 Subject: [PATCH] Additional Meet API changes #1822 --- src/GamUpdate.txt | 4 +- src/gam/__init__.py | 41 ++++++++++------ src/gam/cacerts.pem | 100 ---------------------------------------- src/gam/gamlib/glapi.py | 21 +++++---- 4 files changed, 39 insertions(+), 127 deletions(-) diff --git a/src/GamUpdate.txt b/src/GamUpdate.txt index b1046b24..89c27d70 100644 --- a/src/GamUpdate.txt +++ b/src/GamUpdate.txt @@ -4,8 +4,8 @@ Eliminated `drive_v3_beta` and `meet_v2_beta` from `gam.cfg` as the API betas ar Updated `Meet API` scopes so that GAM can read metadata about additional Meet spaces. ``` -[*] 34) Meet API - Display Meets regardless of creator -[*] 35) Meet API - Manage/Display Meets created by this GAM +[*] 34) Meet API - Display Meet Conference Records +[*] 35) Meet API - Manage/Display Meet Spaces ``` 7.18.07 diff --git a/src/gam/__init__.py b/src/gam/__init__.py index 6d3ea0df..4f6e1d1d 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -10706,14 +10706,21 @@ Continue to authorization by entering a 'c' api = a_scope['api'] possibleScope = a_scope['scope'] if api in currentScopes: - for scope in currentScopes[api]: - if scope == possibleScope: - selectedScopes[i] = '*' - break - if 'readonly' in a_scope['subscopes']: - if (scope == possibleScope+'.readonly') or (scope == a_scope.get('roscope')): - selectedScopes[i] = 'R' + if not isinstance(possibleScope, list): + for scope in currentScopes[api]: + if scope == possibleScope: + selectedScopes[i] = '*' break + if 'readonly' in a_scope['subscopes']: + if (scope == possibleScope+'.readonly') or (scope == a_scope.get('roscope')): + selectedScopes[i] = 'R' + break + else: + for scope in possibleScope: + if scope not in currentScopes[api]: + break + else: + selectedScopes[i] = '*' i += 1 else: i = 0 @@ -12324,8 +12331,12 @@ def checkServiceAccount(users): for scope in scopesList: if selectedScopes[i] == '*': saScopes.setdefault(scope['api'], []) - saScopes[scope['api']].append(scope['scope']) - checkScopesSet.add(scope['scope']) + if not isinstance(scope['scope'], list): + saScopes[scope['api']].append(scope['scope']) + checkScopesSet.add(scope['scope']) + else: + saScopes[scope['api']].extend(scope['scope']) + checkScopesSet.update(scope['scope']) elif selectedScopes[i] == 'R': saScopes.setdefault(scope['api'], []) if 'roscope' not in scope: @@ -28342,7 +28353,7 @@ def createMeetSpace(users): i, count, users = getEntityArgument(users) for user in users: i += 1 - user, meet, kvList = buildMeetServiceObject(API.MEET, user, i, count, [Ent.MEET_SPACE, None]) + user, meet, kvList = buildMeetServiceObject(API.MEET_SPACES, user, i, count, [Ent.MEET_SPACE, None]) if not meet: continue try: @@ -28381,7 +28392,7 @@ def updateMeetSpace(users): i, count, users = getEntityArgument(users) for user in users: i += 1 - user, meet, kvList = buildMeetServiceObject(API.MEET, user, i, count, [Ent.MEET_SPACE, name]) + user, meet, kvList = buildMeetServiceObject(API.MEET_SPACES, user, i, count, [Ent.MEET_SPACE, name]) if not meet: continue try: @@ -28412,7 +28423,7 @@ def infoMeetSpace(users): i, count, users = getEntityArgument(users) for user in users: i += 1 - user, meet, kvList = buildMeetServiceObject(API.MEET_READONLY, user, i, count, [Ent.MEET_SPACE, name]) + user, meet, kvList = buildMeetServiceObject(API.MEET_SPACES, user, i, count, [Ent.MEET_SPACE, name]) if not meet: continue try: @@ -28441,7 +28452,7 @@ def endMeetConference(users): i, count, users = getEntityArgument(users) for user in users: i += 1 - user, meet, kvList = buildMeetServiceObject(API.MEET, user, i, count, [Ent.MEET_SPACE, name, Ent.MEET_CONFERENCE, None]) + user, meet, kvList = buildMeetServiceObject(API.MEET_SPACES, user, i, count, [Ent.MEET_SPACE, name, Ent.MEET_CONFERENCE, None]) if not meet: continue try: @@ -28522,7 +28533,7 @@ def printShowMeetConferences(users): i, count, users = getEntityArgument(users) for user in users: i += 1 - user, meet, kvList = buildMeetServiceObject(API.MEET_READONLY, user, i, count, [Ent.MEET_CONFERENCE, None]) + user, meet, kvList = buildMeetServiceObject(API.MEET_CONFRECS, user, i, count, [Ent.MEET_CONFERENCE, None]) if not meet: continue try: @@ -28598,7 +28609,7 @@ def _printShowMeetItems(users, entityType): i, count, users = getEntityArgument(users) for user in users: i += 1 - user, meet, kvList = buildMeetServiceObject(API.MEET_READONLY, user, i, count, [Ent.MEET_CONFERENCE, parent]) + user, meet, kvList = buildMeetServiceObject(API.MEET_CONFRECS, user, i, count, [Ent.MEET_CONFERENCE, parent]) if not meet: continue if entityType == Ent.MEET_PARTICIPANT: diff --git a/src/gam/cacerts.pem b/src/gam/cacerts.pem index 6e9389df..e94a8310 100644 --- a/src/gam/cacerts.pem +++ b/src/gam/cacerts.pem @@ -433,106 +433,6 @@ pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 -----END CERTIFICATE----- -# Operating CA: GoDaddy -# Issuer: O=Starfield Technologies, Inc. OU=Starfield Class 2 Certification Authority -# Subject: O=Starfield Technologies, Inc. OU=Starfield Class 2 Certification Authority -# Label: "Starfield Class 2 CA" -# Serial: 0 -# MD5 Fingerprint: 32:4a:4b:bb:c8:63:69:9b:be:74:9a:c6:dd:1d:46:24 -# SHA1 Fingerprint: ad:7e:1c:28:b0:64:ef:8f:60:03:40:20:14:c3:d0:e3:37:0e:b5:8a -# SHA256 Fingerprint: 14:65:fa:20:53:97:b8:76:fa:a6:f0:a9:95:8e:55:90:e4:0f:cc:7f:aa:4f:b7:c2:c8:67:75:21:fb:5f:b6:58 ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl -MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp -U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw -NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE -ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp -ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 -DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf -8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN -+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 -X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa -K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA -1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G -A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR -zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 -YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD -bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 -L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D -eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl -xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp -VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY -WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= ------END CERTIFICATE----- - -# Operating CA: GoDaddy -# Issuer: O=The Go Daddy Group, Inc. OU=Go Daddy Class 2 Certification Authority -# Subject: O=The Go Daddy Group, Inc. OU=Go Daddy Class 2 Certification Authority -# Label: "Go Daddy Class 2 CA" -# Serial: 0 -# MD5 Fingerprint: 91:de:06:25:ab:da:fd:32:17:0c:bb:25:17:2a:84:67 -# SHA1 Fingerprint: 27:96:ba:e6:3f:18:01:e2:77:26:1b:a0:d7:77:70:02:8f:20:ee:e4 -# SHA256 Fingerprint: c3:84:6b:f2:4b:9e:93:ca:64:27:4c:0e:c6:7c:1e:cc:5e:02:4f:fc:ac:d2:d7:40:19:35:0e:81:fe:54:6a:e4 ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh -MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE -YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 -MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo -ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg -MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN -ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA -PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w -wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi -EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY -avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ -YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE -sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h -/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 -IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD -ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy -OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P -TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ -HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER -dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf -ReYNnyicsbkqWletNw+vHX/bvZ8= ------END CERTIFICATE----- - -# Operating CA: Sectigo -# Issuer: CN=AAA Certificate Services O=Comodo CA Limited -# Subject: CN=AAA Certificate Services O=Comodo CA Limited -# Label: "Comodo AAA Services root" -# Serial: 1 -# MD5 Fingerprint: 49:79:04:b0:eb:87:19:ac:47:b0:bc:11:51:9b:74:d0 -# SHA1 Fingerprint: d1:eb:23:a4:6d:17:d6:8f:d9:25:64:c2:f1:f1:60:17:64:d8:e3:49 -# SHA256 Fingerprint: d7:a7:a0:fb:5d:7e:27:31:d7:71:e9:48:4e:bc:de:f7:1d:5f:0c:3e:0a:29:48:78:2b:c8:3e:e0:ea:69:9e:f4 ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - # Operating CA: Sectigo # Issuer: CN=COMODO Certification Authority O=COMODO CA Limited # Subject: CN=COMODO Certification Authority O=COMODO CA Limited diff --git a/src/gam/gamlib/glapi.py b/src/gam/gamlib/glapi.py index 2e7d71c0..a2a9780a 100644 --- a/src/gam/gamlib/glapi.py +++ b/src/gam/gamlib/glapi.py @@ -75,8 +75,8 @@ IAM_CREDENTIALS = 'iamcredentials' KEEP = 'keep' LICENSING = 'licensing' LOOKERSTUDIO = 'datastudio' -MEET = 'meet' -MEET_READONLY = 'meetreadonly' +MEET_CONFRECS = 'meetreadonly' +MEET_SPACES = 'meet' OAUTH2 = 'oauth2' ORGPOLICY = 'orgpolicy' PEOPLE = 'people' @@ -267,8 +267,8 @@ _INFO = { KEEP: {'name': 'Keep API', 'version': 'v1', 'v2discovery': True}, LICENSING: {'name': 'License Manager API', 'version': 'v1', 'v2discovery': True}, LOOKERSTUDIO: {'name': 'Looker Studio API', 'version': 'v1', 'v2discovery': True, 'localjson': True}, - MEET: {'name': 'Meet API - Manage/Display Meets created by this GAM', 'version': 'v2', 'v2discovery': True}, - MEET_READONLY: {'name': 'Meet API - Display Meets regardless of creator', 'version': 'v2', 'v2discovery': True, 'mappedAPI': MEET}, + MEET_CONFRECS: {'name': 'Meet API - Display Meet Conference Records', 'version': 'v2', 'v2discovery': True, 'mappedAPI': MEET_SPACES}, + MEET_SPACES: {'name': 'Meet API - Manage/Display Meet Spaces', 'version': 'v2', 'v2discovery': True}, OAUTH2: {'name': 'OAuth2 API', 'version': 'v2', 'v2discovery': False}, ORGPOLICY: {'name': 'Organization Policy API', 'version': 'v2', 'v2discovery': True}, PEOPLE: {'name': 'People API', 'version': 'v1', 'v2discovery': True}, @@ -689,14 +689,15 @@ _SVCACCT_SCOPES = [ 'api': LOOKERSTUDIO, 'subscopes': READONLY, 'scope': 'https://www.googleapis.com/auth/datastudio'}, - {'name': 'Meet API - Manage/Display Meets created by this GAM', - 'api': MEET, - 'subscopes': [], - 'scope': 'https://www.googleapis.com/auth/meetings.space.created'}, - {'name': 'Meet API - Display Meets regardless of creator', - 'api': MEET_READONLY, + {'name': 'Meet API - Display Meet Conference Records', + 'api': MEET_CONFRECS, 'subscopes': [], 'scope': 'https://www.googleapis.com/auth/meetings.space.readonly'}, + {'name': 'Meet API - Manage/Display Meet Spaces', + 'api': MEET_SPACES, + 'subscopes': [], + 'scope': ['https://www.googleapis.com/auth/meetings.space.created', + 'https://www.googleapis.com/auth/meetings.space.settings']}, {'name': 'OAuth2 API', 'api': OAUTH2, 'subscopes': [],