Merge branch 'main' of https://github.com/GAM-team/GAM

2026-06-28 18:01:36 +00:00 · 2023-08-18 18:44:05 +00:00
parent 6735c361a4 1243ece157
commit d2bbbb3b73
11 changed files with 46 additions and 29 deletions
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -5135,7 +5135,7 @@ gam download storagefile <StorageBucketObjectName>
        <UserClearAttribute>

 gam create|add user <EmailAddress> [ignorenullpassword] <UserAttribute>*
-        [verifynotinvitable]
+        [verifynotinvitable|alwaysevict]
        (groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
        [alias|aliases <EmailAddressList>]
        [license <SKUIDList> [product|productid <ProductID>]]
@@ -5152,7 +5152,7 @@ gam create|add user <EmailAddress> [ignorenullpassword] <UserAttribute>*
 gam <UserTypeEntity> waitformailbox [retries <Number>]

 gam update user <UserItem> [ignorenullpassword] <UserAttribute>*
-        [verifynotinvitable] [noactionifalias]
+        [verifynotinvitable|alwaysevict] [noactionifalias]
        [updateprimaryemail <RegularExpression> <EmailReplacement>]
        [updateoufromgroup <FileName> [charset <CharSet>]
            [columndelimiter <Character>] [quotechar <Character>]
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -2,6 +2,18 @@

 Merged GAM-Team version

+6.63.01
+
+Following Jay's lead, added option `alwaysevict` to `gam create|update user` that is used to specify GAM's
+behavior when `verifynotinvitable` is not specified and there is a conflict with an unmanaged account.
+
+By default, when creating a user that has a conflict with an unmanaged account, GAM will honor the setting on this page:
+  * https://admin.google.com/ac/accountsettings/conflictaccountmanagement
+
+Specifying `alwaysevict` forces GAM to select this setting: `Replace conflicting unmanaged accounts with managed ones`
+
+With `gam update user`, `alwaysevict` only applies if `createifnotfound` is specified and the user was not found to update and must be created.
+
 6.63.00

 Added support for calendar working location events.
--- a/src/gam/init.py
+++ b/src/gam/init.py
@@ -12223,7 +12223,7 @@ def doCreateGCPServiceAccount():
    systemErrorExit(API_ACCESS_DENIED_RC, str(e))
  sa_info['client_id'] = token_info['issued_to']
  sa_output = json.dumps(sa_info, ensure_ascii=False, sort_keys=True, indent=2)
-  print(f'Writing SignJWT service account data:\n\n{sa_output}')
+  writeStdout(f'Writing SignJWT service account data:\n\n{sa_output}\n')
  writeFile(GC.Values[GC.OAUTH2SERVICE_JSON], sa_output, continueOnError=False)

 # Audit command utilities
@@ -40367,6 +40367,7 @@ def createUserAddAliases(cd, user, aliasList, i, count):
  Act.Set(action)

 # gam create user <EmailAddress> <UserAttribute>
+#	[verifynotinvitable|alwaysevict]
 #	(groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
 #	[alias|aliases <EmailAddressList>]
 #	[license <SKUID> [product|productid <ProductID>]]
@@ -40382,8 +40383,9 @@ def createUserAddAliases(cd, user, aliasList, i, count):
 #	[addnumericsuffixonduplicate <Number>]
 def doCreateUser():
  cd = buildGAPIObject(API.DIRECTORY)
-  body, notify, tagReplacements, addGroups, addAliases, PwdOpts, _, _, _, \
-  parameters, resolveConflictAccount = getUserAttributes(cd,
+  body, notify, tagReplacements, addGroups, addAliases, PwdOpts, \
+    _, _, _, \
+    parameters, resolveConflictAccount = getUserAttributes(cd,
                                                           False,
                                                           noUid=True)
  suffix = 0
@@ -40463,7 +40465,8 @@ def verifyUserPrimaryEmail(cd, user, createIfNotFound, i, count):
  entityUnknownWarning(Ent.USER, user, i, count)
  return False

-# gam <UserTypeEntity> update user <UserAttribute>* [noactionifalias]
+# gam <UserTypeEntity> update user <UserAttribute>*
+#	[verifynotinvitable|alwaysevict] [noactionifalias]
 #	[updateprimaryemail <RegularExpression> <EmailReplacement>]
 #	[updateoufromgroup <CSVFileInput> [keyfield <FieldName>] [datafield <FieldName>]]
 #	[immutableous <OrgUnitEntity>]|
@@ -40480,13 +40483,13 @@ def verifyUserPrimaryEmail(cd, user, createIfNotFound, i, count):
 #	    (replace <Tag> <UserReplacement>)*]
 #	[notifyonupdate [<Boolean>]]
 #	[lograndompassword <FileName>] [ignorenullpassword]
-#	[verifynotinvitable]
 def updateUsers(entityList):
  cd = buildGAPIObject(API.DIRECTORY)
  ci = None
  body, notify, tagReplacements, addGroups, addAliases, PwdOpts, \
-  updatePrimaryEmail, notFoundBody, groupOrgUnitMap, parameters, \
-  _ = getUserAttributes(cd, True)
+    updatePrimaryEmail, notFoundBody, groupOrgUnitMap, \
+    parameters, resolveConflictAccount = getUserAttributes(cd,
+                                                           True)
  vfe = 'primaryEmail' in body and body['primaryEmail'][:4].lower() == 'vfe@'
  if body.get('orgUnitPath', '') and parameters['immutableOUs']:
    ubody = body.copy()
@@ -40582,7 +40585,9 @@ def updateUsers(entityList):
                                  throwReasons=[GAPI.DUPLICATE, GAPI.DOMAIN_NOT_FOUND, GAPI.FORBIDDEN,
                                                GAPI.INVALID, GAPI.INVALID_INPUT, GAPI.INVALID_PARAMETER,
                                                GAPI.INVALID_ORGUNIT, GAPI.INVALID_SCHEMA_VALUE],
-                                  body=body, fields=fields)
+                                  body=body,
+                                  fields=fields,
+                                  resolveConflictAccount=resolveConflictAccount)
                entityActionPerformed([Ent.USER, body['primaryEmail']], i, count)
                if PwdOpts.filename and PwdOpts.notFoundPassword:
                  writeFile(PwdOpts.filename, f'{user},{PwdOpts.notFoundPassword}\n', mode='a', continueOnError=True)