From d90c884cf251b29b7b5522d3e76cdafeaec3881c Mon Sep 17 00:00:00 2001 From: Jay Lee Date: Thu, 18 Mar 2021 10:01:35 -0400 Subject: [PATCH] chromepolicy cleanup --- src/gam/gapi/chromepolicy.py | 213 +++++++++++------- src/gam/gapi/cloudidentity/userinvitations.py | 3 +- 2 files changed, 132 insertions(+), 84 deletions(-) diff --git a/src/gam/gapi/chromepolicy.py b/src/gam/gapi/chromepolicy.py index e1082a60..619883f2 100644 --- a/src/gam/gapi/chromepolicy.py +++ b/src/gam/gapi/chromepolicy.py @@ -1,24 +1,23 @@ """Chrome Browser Cloud Management API calls""" -import json import sys +import googleapiclient.errors + import gam -from gam.var import * +from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER from gam import controlflow from gam import gapi from gam.gapi import errors as gapi_errors from gam.gapi.directory import orgunits as gapi_directory_orgunits from gam import utils -import googleapiclient.errors - def _get_customerid(): - customer = GC_Values[GC_CUSTOMER_ID] - if customer != MY_CUSTOMER and customer[0] != 'C': - customer = 'C' + customer - return f'customers/{customer}' + customer = GC_Values[GC_CUSTOMER_ID] + if customer != MY_CUSTOMER and customer[0] != 'C': + customer = 'C' + customer + return f'customers/{customer}' def _get_orgunit(orgunit): @@ -33,12 +32,26 @@ def build(): def print_policies(): - cp = build() + svc = build() customer = _get_customerid() - if len(sys.argv) < 4: - orgunit = '/' - else: - orgunit = sys.argv[3] + orgunit = '/' + printer_id = None + app_id = None + i = 3 + while i < len(sys.argv): + myarg = sys.argv[i].lower().replace('_', '') + if myarg in ['orgunit', 'ou']: + orgunit = sys.argv[i+1] + i += 2 + elif myarg == 'printerid': + printer_id = sys.argv[i+1] + i += 2 + elif myarg == 'appid': + app_id = sys.argv[i+1] + i += 2 + else: + msg = f'{myarg} is not a valid argument to "gam print chromepolicy"' + controlflow.system_error_exit(3, msg) orgunit = _get_orgunit(orgunit) namespaces = [ 'chrome.users', @@ -48,18 +61,22 @@ def print_policies(): # 'chrome.devices.managedGuest.apps', # 'chrome.devices.kiosk', # 'chrome.devices.kiosk.apps', -# 'chrome.printers', + 'chrome.printers', ] body = { 'policyTargetKey': { 'targetResource': orgunit, } } + if printer_id: + body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id} + elif app_id: + body['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id} throw_reasons = [gapi_errors.ErrorReason.FOUR_O_O,] for namespace in namespaces: body['policySchemaFilter'] = f'{namespace}.*' try: - policies = gapi.get_all_pages(cp.customers().policies(), 'resolve', + policies = gapi.get_all_pages(svc.customers().policies(), 'resolve', items='resolvedPolicies', throw_reasons=throw_reasons, customer=customer, @@ -67,8 +84,6 @@ def print_policies(): except googleapiclient.errors.HttpError: policies = [] for policy in policies: - #print(json.dumps(policy, indent=2)) - #print() name = policy.get('value', {}).get('policySchema', '') print(name) values = policy.get('value', {}).get('value', {}) @@ -78,24 +93,22 @@ def print_policies(): print(f' {setting}: {value}') print() -def build_schemas(cp=None): - if not cp: - cp = build() +def build_schemas(svc=None): + if not svc: + svc = build() parent = _get_customerid() - schemas = gapi.get_all_pages(cp.customers().policySchemas(), 'list', + schemas = gapi.get_all_pages(svc.customers().policySchemas(), 'list', items='policySchemas', parent=parent) schema_objects = {} for schema in schemas: schema_name = schema.get('name', '').split('/')[-1] - #print(schema) - #continue schema_dict = { 'name': schema_name, 'description': schema.get('policyDescription', ''), 'settings': {}, } - for mt in schema.get('definition', {}).get('messageType', {}): - for setting in mt.get('field', {}): + for mtype in schema.get('definition', {}).get('messageType', {}): + for setting in mtype.get('field', {}): setting_name = setting.get('name', '') setting_dict = { 'name': setting_name, @@ -103,7 +116,8 @@ def build_schemas(cp=None): 'descriptions': [], 'type': setting.get('type'), } - if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED': + if setting_dict['type'] == 'TYPE_STRING' and \ + setting.get('label') == 'LABEL_REPEATED': setting_dict['type'] = 'TYPE_LIST' if setting_dict['type'] == 'TYPE_ENUM': type_name = setting['typeName'] @@ -112,95 +126,116 @@ def build_schemas(cp=None): setting_dict['enums'] = [enum['name'] for enum in an_enum['value']] setting_dict['enum_prefix'] = utils.commonprefix(setting_dict['enums']) prefix_len = len(setting_dict['enum_prefix']) - setting_dict['enums'] = [enum[prefix_len:] for enum in setting_dict['enums'] if not enum.endswith('UNSPECIFIED')] + setting_dict['enums'] = [enum[prefix_len:] for enum \ + in setting_dict['enums'] \ + if not enum.endswith('UNSPECIFIED')] break - for fd in schema.get('fieldDescriptions', []): - if fd.get('field') == setting_name: - setting_dict['descriptions'] = [d['description'] for d in fd.get('knownValueDescriptions', [])] + for fdesc in schema.get('fieldDescriptions', []): + if fdesc.get('field') == setting_name: + setting_dict['descriptions'] = [d['description'] \ + for d in \ + fdesc.get('knownValueDescriptions', \ + [])] break elif setting_dict['type'] == 'TYPE_MESSAGE': - print(setting_dict) continue else: setting_dict['enums'] = None - for fd in schema.get('fieldDescriptions', []): - if fd.get('field') == setting_name: - if 'knownValueDescriptions' in fd: - setting_dict['descriptions'] = fd['knownValueDescriptions'] - elif 'description' in fd: - setting_dict['descriptions'] = [fd['description']] + for fdesc in schema.get('fieldDescriptions', []): + if fdesc.get('field') == setting_name: + if 'knownValueDescriptions' in fdesc: + setting_dict['descriptions'] = fdesc['knownValueDescriptions'] + elif 'description' in fdesc: + setting_dict['descriptions'] = [fdesc['description']] schema_dict['settings'][setting_name.lower()] = setting_dict schema_objects[schema_name.lower()] = schema_dict - for obj in schema_objects.values(): - print(json.dumps(obj, indent=2)) return schema_objects def print_schemas(): - cp = build() - schemas = build_schemas(cp) - for val in schemas.values(): - print(f'{val.get("name")} - {val.get("description")}') - for v in val['settings'].values(): - vtype = v.get('type') - print(f' {v.get("name")}: {vtype}') + svc = build() + schemas = build_schemas(svc) + for value in schemas.values(): + print(f'{value.get("name")} - {value.get("description")}') + for val in value['settings'].values(): + vtype = val.get('type') + print(f' {val.get("name")}: {vtype}') if vtype == 'TYPE_ENUM': - enums = v.get('enums', []) - descriptions = v.get('descriptions', []) - #print(' ', ', '.join(v.get('enums'))) - for i in range(len(v.get('enums', []))): + enums = val.get('enums', []) + descriptions = val.get('descriptions', []) + for i in range(len(val.get('enums', []))): print(f' {enums[i]} - {descriptions[i]}') elif vtype == 'TYPE_BOOL': - pvs = v.get('descriptions') - for pv in pvs: - if isinstance(pv, dict): - pvalue = pv.get('value') - pdescription = pv.get('description') + pvs = val.get('descriptions') + for pvi in pvs: + if isinstance(pvi, dict): + pvalue = pvi.get('value') + pdescription = pvi.get('description') print(f' {pvalue} - {pdescription}') - elif isinstance(pv, list): - print(f' {pv[0]}') + elif isinstance(pvi, list): + print(f' {pvi[0]}') else: - description = v.get('descriptions') + description = val.get('descriptions') if len(description) > 0: print(f' {description[0]}') print() def delete_policy(): - cp = build() + svc = build() customer = _get_customerid() - schemas = build_schemas(cp) - orgunit = None + schemas = build_schemas(svc) + orgunit = '/' + printer_id = None + app_id = None i = 3 body = {'requests': []} while i < len(sys.argv): - myarg = sys.argv[i].lower() - if myarg == 'orgunit': - orgunit = _get_orgunit(sys.argv[i+1]) + myarg = sys.argv[i].lower().replace('_', '') + if myarg in ['orgunit', 'ou']: + orgunit = sys.argv[i+1] + i += 2 + elif myarg == 'printerid': + printer_id = sys.argv[i+1] + i += 2 + elif myarg == 'appid': + app_id = sys.argv[i+1] i += 2 elif myarg in schemas: - body['requests'].append({'policySchema': schemas[myarg].name}) + body['requests'].append({'policySchema': schemas[myarg]['name']}) i += 1 else: - controlflow.system_error_exit(3, f'{myarg} is not a valid argument to "gam delete chromepolicy"') - if not orgunit: - controlflow.system_error_exit(3, 'You must specify an orgunit.') + msg = f'{myarg} is not a valid argument to "gam delete chromepolicy"' + controlflow.system_error_exit(3, msg) + orgunit = _get_orgunit(orgunit) for request in body['requests']: request['policyTargetKey'] = {'targetResource': orgunit} - gapi.call(cp.customers().policies().orgunits(), 'batchInherit', customer=customer, body=body) + if printer_id: + request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id} + elif app_id: + request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id} + gapi.call(svc.customers().policies().orgunits(), 'batchInherit', customer=customer, body=body) def update_policy(): - cp = build() + svc = build() customer = _get_customerid() - schemas = build_schemas(cp) + schemas = build_schemas(svc) i = 3 body = {'requests': []} orgunit = None + printer_id = None + app_id = None while i < len(sys.argv): - myarg = sys.argv[i].lower() - if myarg == 'orgunit': + myarg = sys.argv[i].lower().replace('_', '') + if myarg in ['orgunit', 'ou']: orgunit = _get_orgunit(sys.argv[i+1]) i += 2 + elif myarg == 'printerid': + printer_id = sys.argv[i+1] + i += 2 + elif myarg == 'appid': + app_id = sys.argv[i+1] + i += 2 elif myarg in schemas: body['requests'].append({'policyValue': {'policySchema': schemas[myarg]['name'], 'value': {}}, @@ -208,27 +243,31 @@ def update_policy(): i += 1 while i < len(sys.argv): field = sys.argv[i].lower() - if field == 'orgunit' or '.' in field: - break # field is actually a new policy name or orgunit + if field in ['orgunit', 'ou', 'printerid', 'appid'] or '.' in field: + break # field is actually a new policy, orgunit or app/printer id expected_fields = ', '.join(schemas[myarg]['settings']) if field not in expected_fields: - controlflow.system_error_exit(4, f'Expected {myarg} field of {expected_fields}. Got {field}.') + msg = f'Expected {myarg} field of {expected_fields}. Got {field}.' + controlflow.system_error_exit(4, msg) cased_field = schemas[myarg]['settings'][field]['name'] value = sys.argv[i+1] vtype = schemas[myarg]['settings'][field]['type'] if vtype in ['TYPE_INT64', 'TYPE_INT32', 'TYPE_UINT64']: if not value.isnumeric(): - controlflow.system_error_exit(7, f'Value for {myarg} {field} must be a number, got {value}') + msg = f'Value for {myarg} {field} must be a number, got {value}' + controlflow.system_error_exit(7, msg) value = int(value) elif vtype in ['TYPE_BOOL']: value = gam.getBoolean(value, field) elif vtype in ['TYPE_ENUM']: value = value.upper() - enum_values = schemas[myarg].settings[field].enums + enum_values = schemas[myarg]['settings'][field]['enums'] if value not in enum_values: expected_enums = ', '.join(enum_values) - controlflow.system_error_exit(8, f'Expected {myarg} {field} value to be one of {expected_enums}, got {value}') - prefix = schemas[myarg].settings[field].enum_prefix + msg = f'Expected {myarg} {field} value to be one of ' \ + f'{expected_enums}, got {value}' + controlflow.system_error_exit(8, msg) + prefix = schemas[myarg]['settings'][field]['enum_prefix'] value = f'{prefix}{value}' elif vtype in ['TYPE_LIST']: value = value.split(',') @@ -236,9 +275,19 @@ def update_policy(): body['requests'][-1]['updateMask'] += f'{cased_field},' i += 2 else: - controlflow.system_error_exit(4, f'{myarg} is not a valid argument to "gam update chromepolicy"') + msg = f'{myarg} is not a valid argument to "gam update chromepolicy"' + controlflow.system_error_exit(4, msg) if not orgunit: controlflow.system_error_exit(3, 'You must specify an orgunit') for request in body['requests']: request['policyTargetKey'] = {'targetResource': orgunit} - gapi.call(cp.customers().policies().orgunits(), 'batchModify', customer=customer, body=body) + if printer_id: + for request in body['requests']: + request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id} + elif app_id: + for request in body['requests']: + request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id} + gapi.call(svc.customers().policies().orgunits(), + 'batchModify', + customer=customer, + body=body) diff --git a/src/gam/gapi/cloudidentity/userinvitations.py b/src/gam/gapi/cloudidentity/userinvitations.py index 8e60f031..bc04508b 100644 --- a/src/gam/gapi/cloudidentity/userinvitations.py +++ b/src/gam/gapi/cloudidentity/userinvitations.py @@ -1,10 +1,9 @@ """Methods related to Cloud Identity User Invitation API""" -# pylint: disable=unused-wildcard-import wildcard-import import sys import googleapiclient -from gam.var import * +from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER from gam import controlflow from gam import display from gam import gapi