add nokey to create project

2025-07-06 04:33:34 +00:00 · 2024-06-21 16:19:39 +00:00
parent c12ee6438c
commit d5ad1cb2fb
2 changed files with 14 additions and 9 deletions
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@ -1345,7 +1345,8 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
        [sadescription <ServiceAccountDescription>]
        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
         (localkeysize 1024|2048|4096 [validityhours <Number>])|
-         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)|
+         (nokey)]
 gam use project [<EmailAddress>] [<ProjectID>]
 gam use project [admin <EmailAddress>] [project <ProjectID>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
--- a/src/gam/init.py
+++ b/src/gam/init.py
@ -11196,7 +11196,7 @@ def _grantRotateRights(iam, projectId, service_account, email, account_type='ser
  callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
           resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)

-def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo):
+def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True):
  iam = getAPIService(API.IAM, httpObj)
  try:
    service_account = callGAPI(iam.projects().serviceAccounts(), 'create',
@ -11213,7 +11213,7 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo):
    entityActionFailedWarning([Ent.PROJECT, projectInfo['projectId'], Ent.SVCACCT, svcAcctInfo['name']], str(e))
    return False
  GM.Globals[GM.SVCACCT_SCOPES_DEFINED] = False
-  if not doProcessSvcAcctKeys(mode='retainexisting', iam=iam, projectId=service_account['projectId'],
+  if create_key and not doProcessSvcAcctKeys(mode='retainexisting', iam=iam, projectId=service_account['projectId'],
                              clientEmail=service_account['email'], clientId=service_account['uniqueId']):
    return False
  sa_email = service_account['name'].rsplit('/', 1)[-1]
@ -11230,7 +11230,7 @@ def setGAMProjectConsentScreen(httpObj, projectId, appInfo):
  except (GAPI.invalidArgument, GAPI.alreadyExists):
    pass

-def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo):
+def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key=True):

  def _checkClientAndSecret(csHttpObj, client_id, client_secret):
    post_data = {'client_id': client_id, 'client_secret': client_secret,
@ -11293,7 +11293,7 @@ def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo,
  sys.stdout.write(Msg.GO_BACK_TO_YOUR_BROWSER_AND_CLICK_OK_TO_CLOSE_THE_OAUTH_CLIENT_POPUP)
  sys.stdout.write(Msg.TRUST_GAM_CLIENT_ID.format(GAM, client_id))
  readStdin('')
-  if not _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo):
+  if not _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key):
    return
  sys.stdout.write(Msg.YOUR_GAM_PROJECT_IS_CREATED_AND_READY_TO_USE)

@ -11385,6 +11385,7 @@ def _generateProjectSvcAcctId(prefix):

 def _getLoginHintProjectInfo(createCmd):
  login_hint = None
+  create_key = True
  appInfo = {'applicationTitle': '', 'supportEmail': ''}
  projectInfo = {'projectId': '', 'parent': '', 'name': ''}
  svcAcctInfo = {'name': '', 'displayName': '', 'description': ''}
@ -11404,6 +11405,8 @@ def _getLoginHintProjectInfo(createCmd):
      myarg = getArgument()
      if myarg == 'admin':
        login_hint = getEmailAddress(noUid=True)
+      elif myarg == 'nokey':
+        create_key = False
      elif myarg == 'project':
        projectInfo['projectId'] = getString(Cmd.OB_STRING, minLen=6, maxLen=30)
        _checkProjectId(projectInfo['projectId'])
@ -11453,7 +11456,7 @@ def _getLoginHintProjectInfo(createCmd):
  else:
    if projects:
      entityActionFailedExit([Ent.USER, login_hint, Ent.PROJECT, projectInfo['projectId']], Msg.DUPLICATE)
-  return (crm, httpObj, login_hint, appInfo, projectInfo, svcAcctInfo)
+  return (crm, httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key)

 def _getCurrentProjectId():
  jsonData = readFile(GC.Values[GC.OAUTH2SERVICE_JSON], continueOnError=True, displayError=False)
@ -11607,12 +11610,13 @@ def doCreateGCPFolder():
 #	[saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>] [sadescription <ServiceAccountDescription>]
 #	[(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
 #	 (localkeysize 1024|2048|4096 [validityhours <Number>])|
-#	 (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber <String>)]
+#	 (yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber <String>)|
+#    (nokey)]
 def doCreateProject():
  _checkForExistingProjectFiles([GC.Values[GC.OAUTH2SERVICE_JSON], GC.Values[GC.CLIENT_SECRETS_JSON]])
  sys.stdout.write(Msg.TRUST_GAM_CLIENT_ID.format(GAM_PROJECT_CREATION, GAM_PROJECT_CREATION_CLIENT_ID))
  readStdin('')
-  crm, httpObj, login_hint, appInfo, projectInfo, svcAcctInfo = _getLoginHintProjectInfo(True)
+  crm, httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key = _getLoginHintProjectInfo(True)
  login_domain = getEmailAddressDomain(login_hint)
  body = {'projectId': projectInfo['projectId'], 'displayName': projectInfo['name']}
  if projectInfo['parent']:
@ -11697,7 +11701,7 @@ def doCreateProject():
 #  except (GAPI.badRequest, GAPI.failedPrecondition, GAPI.permissionDenied):
 #    pass
 # Create client_secrets.json and oauth2service.json
-  _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo)
+  _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key)

 # gam use project [<EmailAddress>] [<ProjectID>]
 # gam use project [admin <EmailAddress>] [project <ProjectID>]