mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
initial support for security and dynamic groups
This commit is contained in:
@@ -17,11 +17,14 @@ def create():
|
||||
initialGroupConfig = 'EMPTY'
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
|
||||
body = {'groupKey': {
|
||||
body = {
|
||||
'groupKey': {
|
||||
'id': gam.normalizeEmailAddressOrUID(sys.argv[3], noUid=True)
|
||||
},
|
||||
'parent': parent,
|
||||
'labels': {'cloudidentity.googleapis.com/groups.discussion_forum': ''},
|
||||
'labels': {
|
||||
'cloudidentity.googleapis.com/groups.discussion_forum': ''
|
||||
},
|
||||
}
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
@@ -41,7 +44,12 @@ def create():
|
||||
i += 2
|
||||
elif myarg in ['dynamic']:
|
||||
# As of 2020/06/25 this doesn't work (yet?)
|
||||
body['dynamicGroupMetadata'] = {'queries': [{'query': sys.argv[i+1]}]}
|
||||
body['dynamicGroupMetadata'] = {
|
||||
'queries': [{
|
||||
'query': sys.argv[i + 1],
|
||||
'resourceType': 'USER'
|
||||
}]
|
||||
}
|
||||
i += 2
|
||||
elif myarg in ['makeowner']:
|
||||
initialGroupConfig = 'WITH_INITIAL_OWNER'
|
||||
@@ -50,9 +58,12 @@ def create():
|
||||
print('should not get here')
|
||||
sys.exit(5)
|
||||
print(f'Creating group {body["groupKey"]["id"]}')
|
||||
gapi.call(ci.groups(), 'create', initialGroupConfig=initialGroupConfig,
|
||||
gapi.call(ci.groups(),
|
||||
'create',
|
||||
initialGroupConfig=initialGroupConfig,
|
||||
body=body)
|
||||
|
||||
|
||||
def delete():
|
||||
ci = gapi_cloudidentity.build()
|
||||
group = sys.argv[3]
|
||||
@@ -91,8 +102,7 @@ def info():
|
||||
else:
|
||||
view = 'FULL'
|
||||
pageSize = 500
|
||||
members = gapi.get_all_pages(
|
||||
ci.groups().memberships(),
|
||||
members = gapi.get_all_pages(ci.groups().memberships(),
|
||||
'list',
|
||||
'memberships',
|
||||
parent=name,
|
||||
@@ -121,12 +131,17 @@ def info_member():
|
||||
ci = gapi_cloudidentity.build()
|
||||
member = gam.normalizeEmailAddressOrUID(sys.argv[3])
|
||||
group = gam.normalizeEmailAddressOrUID(sys.argv[4])
|
||||
group_name = gapi.call(ci.groups(), 'lookup',
|
||||
groupKey_id=group, fields='name').get('name')
|
||||
member_name = gapi.call(ci.groups().memberships(), 'lookup',
|
||||
parent=group_name, memberKey_id=member,
|
||||
group_name = gapi.call(ci.groups(),
|
||||
'lookup',
|
||||
groupKey_id=group,
|
||||
fields='name').get('name')
|
||||
member_details = gapi.call(ci.groups().memberships(), 'get',
|
||||
member_name = gapi.call(ci.groups().memberships(),
|
||||
'lookup',
|
||||
parent=group_name,
|
||||
memberKey_id=member,
|
||||
fields='name').get('name')
|
||||
member_details = gapi.call(ci.groups().memberships(),
|
||||
'get',
|
||||
name=member_name)
|
||||
display.print_json(member_details)
|
||||
|
||||
@@ -233,7 +248,8 @@ def print_():
|
||||
groupKey_id = groupEntity['name']
|
||||
if roles:
|
||||
sys.stderr.write(
|
||||
f' Getting {roles} for {groupEmail}{gam.currentCountNL(i, count)}')
|
||||
f' Getting {roles} for {groupEmail}{gam.currentCountNL(i, count)}'
|
||||
)
|
||||
page_message = gapi.got_total_items_first_last_msg('Members')
|
||||
validRoles, listRoles, listFields = gam._getRoleVerification(
|
||||
roles, 'nextPageToken,members(email,id,role)')
|
||||
@@ -332,7 +348,8 @@ def print_members():
|
||||
if not groups_to_get:
|
||||
gam.printGettingAllItems('Groups', None)
|
||||
page_message = gapi.got_total_items_first_last_msg('Groups')
|
||||
groups_to_get = gapi.get_all_pages(ci.groups(),
|
||||
groups_to_get = gapi.get_all_pages(
|
||||
ci.groups(),
|
||||
'list',
|
||||
'groups',
|
||||
message_attribute=['groupKey', 'id'],
|
||||
@@ -433,7 +450,10 @@ def update():
|
||||
sys.stderr.write(
|
||||
f'Group: {group}, Will add {len(users_email)} {role}s.\n')
|
||||
for user_email in users_email:
|
||||
item = ['gam', 'update', 'cigroup', f'id:{parent}', 'add', role, user_email]
|
||||
item = [
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'add', role,
|
||||
user_email
|
||||
]
|
||||
items.append(item)
|
||||
elif len(users_email) > 0:
|
||||
body = {
|
||||
@@ -511,19 +531,25 @@ def update():
|
||||
f'Group: {group}, Will add {len(to_add)} and remove {len(to_remove)} {role}s.\n'
|
||||
)
|
||||
for user in to_add:
|
||||
item = ['gam', 'update', 'cigroup', f'id:{parent}', 'add', role, user]
|
||||
item = [
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'add', role,
|
||||
user
|
||||
]
|
||||
items.append(item)
|
||||
for user in to_remove:
|
||||
items.append(
|
||||
['gam', 'update', 'cigroup', f'id:{parent}', 'remove', user])
|
||||
items.append([
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'remove', user
|
||||
])
|
||||
elif myarg in ['delete', 'remove']:
|
||||
_, users_email = _getRoleAndUsers()
|
||||
if len(users_email) > 1:
|
||||
sys.stderr.write(
|
||||
f'Group: {group}, Will remove {len(users_email)} emails.\n')
|
||||
for user_email in users_email:
|
||||
items.append(
|
||||
['gam', 'update', 'cigroup', f'id:{parent}', 'remove', user_email])
|
||||
items.append([
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'remove',
|
||||
user_email
|
||||
])
|
||||
elif len(users_email) == 1:
|
||||
name = membership_email_to_id(ci, parent, users_email[0])
|
||||
try:
|
||||
@@ -549,14 +575,19 @@ def update():
|
||||
f'Group: {group}, Will update {len(users_email)} {role}s.\n'
|
||||
)
|
||||
for user_email in users_email:
|
||||
item = ['gam', 'update', 'cigroup', f'id:{parent}', 'update', role, user_email]
|
||||
item = [
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'update',
|
||||
role, user_email
|
||||
]
|
||||
items.append(item)
|
||||
elif len(users_email) > 0:
|
||||
name = membership_email_to_id(ci, parent, users_email[0])
|
||||
addRoles = []
|
||||
removeRoles = []
|
||||
new_role = {'role': role}
|
||||
current_roles = gapi.call(ci.groups().memberships(), 'get', name=name,
|
||||
current_roles = gapi.call(ci.groups().memberships(),
|
||||
'get',
|
||||
name=name,
|
||||
fields='roles').get('roles', [])
|
||||
current_roles = [role['name'] for role in current_roles]
|
||||
for crole in current_roles:
|
||||
@@ -585,9 +616,7 @@ def update():
|
||||
f' Group: {group}, {users_email[0]} Update to {role} Failed: {str(e)}'
|
||||
)
|
||||
break
|
||||
print(
|
||||
f' Group: {group}, {users_email[0]} Updated to {role}'
|
||||
)
|
||||
print(f' Group: {group}, {users_email[0]} Updated to {role}')
|
||||
|
||||
else: # clear
|
||||
roles = []
|
||||
@@ -598,8 +627,8 @@ def update():
|
||||
roles.append(myarg.upper())
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam update cigroup clear')
|
||||
controlflow.invalid_argument_exit(
|
||||
sys.argv[i], 'gam update cigroup clear')
|
||||
if not roles:
|
||||
roles = [ROLE_MEMBER]
|
||||
group = gam.normalizeEmailAddressOrUID(group)
|
||||
@@ -622,13 +651,14 @@ def update():
|
||||
if not result:
|
||||
print('Group already has 0 members')
|
||||
return
|
||||
users_email = [
|
||||
member['memberKey']['id'] for member in result]
|
||||
users_email = [member['memberKey']['id'] for member in result]
|
||||
sys.stderr.write(
|
||||
f'Group: {group}, Will remove {len(users_email)} {", ".join(roles).lower()}s.\n'
|
||||
)
|
||||
for user_email in users_email:
|
||||
items.append(['gam', 'update', 'cigroup', group, 'remove', user_email])
|
||||
items.append([
|
||||
'gam', 'update', 'cigroup', group, 'remove', user_email
|
||||
])
|
||||
except (gapi_errors.GapiGroupNotFoundError,
|
||||
gapi_errors.GapiDomainNotFoundError,
|
||||
gapi_errors.GapiInvalidError,
|
||||
@@ -647,13 +677,22 @@ def update():
|
||||
elif myarg == 'description':
|
||||
body['description'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'security':
|
||||
body['labels'] = {
|
||||
'cloudidentity.googleapis.com/groups.security': '',
|
||||
'cloudidentity.googleapis.com/groups.discussion_forum': ''
|
||||
}
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam update cigroup')
|
||||
updateMask = ','.join(body.keys())
|
||||
name = group_email_to_id(ci, group)
|
||||
print(f'Updating group {group}')
|
||||
gapi.call(ci.groups(), 'patch', updateMask=updateMask, name=name,
|
||||
gapi.call(ci.groups(),
|
||||
'patch',
|
||||
updateMask=updateMask,
|
||||
name=name,
|
||||
body=body)
|
||||
|
||||
|
||||
@@ -673,6 +712,7 @@ def group_email_to_id(ci, group, i=0, count=0):
|
||||
entityUnknownWarning('Group', group, i, count)
|
||||
return None
|
||||
|
||||
|
||||
def membership_email_to_id(ci, parent, membership, i=0, count=0):
|
||||
membership = gam.normalizeEmailAddressOrUID(membership)
|
||||
try:
|
||||
@@ -701,6 +741,7 @@ def get_single_role(roles):
|
||||
return a_role
|
||||
return roles[0]
|
||||
|
||||
|
||||
def filter_members_to_roles(members, roles):
|
||||
filtered_members = []
|
||||
for member in members:
|
||||
@@ -708,4 +749,3 @@ def filter_members_to_roles(members, roles):
|
||||
if role in roles:
|
||||
filtered_members.include(member)
|
||||
return filtered_members
|
||||
|
||||
|
||||
Reference in New Issue
Block a user