deepblue/GoogleDriveManagement
1
0
Fork 0
mirror of https://github.com/GAM-team/GAM.git synced 2025-05-12 20:27:20 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Document create admin condition (#1476)

Browse Source 
* Document create admin condition

* Print condition  in original form
This commit is contained in:
Ross Scroggs 2022-02-11 17:43:50 -08:00 committed by GitHub
parent 536fded762
commit f6c4e26b3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/GamCommands.txt
View File

@ -992,9 +992,9 @@ gam report <ActivityApplicationName> [todrive]
[filter|filters <String>] [event <String>] [ip <String>] [filter|filters <String>] [event <String>] [ip <String>]
[groupidfilter <String>] [groupidfilter <String>]
gam create admin <UserItem> <RoleItem> customer|(org_unit <OrgUnitItem>) gam create admin <UserItem> <RoleItem> customer|(org_unit <OrgUnitItem>) [condition securitygroup|nonsecuritygroup]
gam delete admin <RoleAssignmentId> gam delete admin <RoleAssignmentId>
gam print admins [todrive] [user <UserItem>] [role <RoleItem>] gam print admins [todrive] [user <UserItem>] [role <RoleItem>] [condition]
gam create adminrole <String> privileges all|all_ou|<PrivilegesList> [description <String>] gam create adminrole <String> privileges all|all_ou|<PrivilegesList> [description <String>]
gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegesList>] [description <String>] gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegesList>] [description <String>]
gam delete adminrole <RoleItem> gam delete adminrole <RoleItem>

13
src/gam/gapi/directory/roleassignments.py
View File

@ -10,6 +10,9 @@ from gam.gapi.directory import orgunits as gapi_directory_orgunits
from gam.gapi.directory import roles as gapi_directory_roles from gam.gapi.directory import roles as gapi_directory_roles
SECURITY_GROUP_CONDITION = "api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'"
NONSECURITY_GROUP_CONDITION = f'!{SECURITY_GROUP_CONDITION}'
def create(): def create():
cd = gapi_directory.build() cd = gapi_directory.build()
user = gam.normalizeEmailAddressOrUID(sys.argv[3]) user = gam.normalizeEmailAddressOrUID(sys.argv[3])
@ -24,9 +27,9 @@ def create():
cd = gapi_directory.build_beta() cd = gapi_directory.build_beta()
body['condition'] = sys.argv[i+1] body['condition'] = sys.argv[i+1]
if body['condition'] == 'securitygroup': if body['condition'] == 'securitygroup':
body['condition'] = "api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'" body['condition'] = SECURITY_GROUP_CONDITION
elif body['condition'] == 'nonsecuritygroup': elif body['condition'] == 'nonsecuritygroup':
body['condition'] = "!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'" body['condition'] = NONSECURITY_GROUP_CONDITION
i += 2 i += 2
else: else:
controlflow.invalid_argument_exit(sys.argv[i], 'gam create admin') controlflow.invalid_argument_exit(sys.argv[i], 'gam create admin')
@ -111,9 +114,13 @@ def print_():
admin_attrib[ admin_attrib[
'orgUnit'] = gapi_directory_orgunits.orgunit_from_orgunitid( 'orgUnit'] = gapi_directory_orgunits.orgunit_from_orgunitid(
value, cd) value, cd)
elif key == 'condition':
if value == SECURITY_GROUP_CONDITION:
value = 'securitygroup'
elif value == NONSECURITY_GROUP_CONDITION:
value = 'nonsecuritygroup'
if key not in titles: if key not in titles:
titles.append(key) titles.append(key)
admin_attrib[key] = value admin_attrib[key] = value
csvRows.append(admin_attrib) csvRows.append(admin_attrib)
display.write_csv_file(csvRows, titles, 'Admins', todrive) display.write_csv_file(csvRows, titles, 'Admins', todrive)