|
|
|
|
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
|
|
|
|
__version__ = '7.02.00'
|
|
|
|
|
__version__ = '7.02.07'
|
|
|
|
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
|
|
|
|
|
|
|
|
|
#pylint: disable=wrong-import-position
|
|
|
|
|
@@ -628,7 +628,7 @@ def formatKeyValueList(prefixStr, kvList, suffixStr):
|
|
|
|
|
msg += suffixStr
|
|
|
|
|
return msg
|
|
|
|
|
|
|
|
|
|
# Something's wrong with CustomerID
|
|
|
|
|
# Something's wrong with CustomerID??
|
|
|
|
|
def accessErrorMessage(cd, errMsg=None):
|
|
|
|
|
if cd is None:
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
@@ -652,10 +652,12 @@ def accessErrorMessage(cd, errMsg=None):
|
|
|
|
|
Ent.DOMAIN, GC.Values[GC.DOMAIN],
|
|
|
|
|
Ent.USER, GM.Globals[GM.ADMIN]])+[Msg.ACCESS_FORBIDDEN],
|
|
|
|
|
'')
|
|
|
|
|
return formatKeyValueList('',
|
|
|
|
|
[Ent.Singular(Ent.CUSTOMER_ID), GC.Values[GC.CUSTOMER_ID],
|
|
|
|
|
errMsg],
|
|
|
|
|
'')
|
|
|
|
|
if errMsg:
|
|
|
|
|
return formatKeyValueList('',
|
|
|
|
|
[Ent.Singular(Ent.CUSTOMER_ID), GC.Values[GC.CUSTOMER_ID],
|
|
|
|
|
errMsg],
|
|
|
|
|
'')
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
def accessErrorExit(cd, errMsg=None):
|
|
|
|
|
systemErrorExit(INVALID_DOMAIN_RC, accessErrorMessage(cd or buildGAPIObject(API.DIRECTORY), errMsg))
|
|
|
|
|
@@ -5791,6 +5793,8 @@ def convertUIDtoEmailAddressWithType(emailAddressOrUID, cd=None, sal=None, email
|
|
|
|
|
def convertUIDtoEmailAddress(emailAddressOrUID, cd=None, emailTypes=None,
|
|
|
|
|
checkForCustomerId=False, ciGroupsAPI=False, aliasAllowed=True):
|
|
|
|
|
if ciGroupsAPI:
|
|
|
|
|
if emailAddressOrUID.startswith('cbcm-browser.') or emailAddressOrUID.startswith('chrome-os-device.'):
|
|
|
|
|
return emailAddressOrUID
|
|
|
|
|
normalizedEmailAddressOrUID = normalizeEmailAddressOrUID(emailAddressOrUID, ciGroupsAPI=ciGroupsAPI)
|
|
|
|
|
if normalizedEmailAddressOrUID.startswith('cbcm-browser.') or normalizedEmailAddressOrUID.startswith('chrome-os-device.'):
|
|
|
|
|
return normalizedEmailAddressOrUID
|
|
|
|
|
@@ -5974,11 +5978,8 @@ def _checkMemberCategory(member, memberDisplayOptions):
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
CIGROUP_MEMBER_API = API.CLOUDIDENTITY_GROUPS
|
|
|
|
|
CIGROUP_MEMBERKEY = 'preferredMemberKey'
|
|
|
|
|
|
|
|
|
|
def _checkCIMemberCategory(member, memberDisplayOptions):
|
|
|
|
|
member_email = member.get(CIGROUP_MEMBERKEY,{}).get('id', '')
|
|
|
|
|
member_email = member.get('preferredMemberKey', {}).get('id', '')
|
|
|
|
|
if member_email.find('@') > 0:
|
|
|
|
|
_, domain = member_email.lower().split('@', 1)
|
|
|
|
|
category = 'internal' if domain in memberDisplayOptions['internalDomains'] else 'external'
|
|
|
|
|
@@ -5992,7 +5993,7 @@ def _checkCIMemberCategory(member, memberDisplayOptions):
|
|
|
|
|
def getCIGroupMemberRoleFixType(member):
|
|
|
|
|
''' fixes missing type and returns the highest role of member '''
|
|
|
|
|
if 'type' not in member:
|
|
|
|
|
if member[CIGROUP_MEMBERKEY]['id'] == GC.Values[GC.CUSTOMER_ID]:
|
|
|
|
|
if member['preferredMemberKey']['id'] == GC.Values[GC.CUSTOMER_ID]:
|
|
|
|
|
member['type'] = Ent.TYPE_CUSTOMER
|
|
|
|
|
else:
|
|
|
|
|
member['type'] = Ent.TYPE_OTHER
|
|
|
|
|
@@ -6012,7 +6013,7 @@ def getCIGroupTransitiveMemberRoleFixType(groupName, tmember):
|
|
|
|
|
''' map transitive member to normal member '''
|
|
|
|
|
tid = tmember['preferredMemberKey'][0].get('id', GC.Values[GC.CUSTOMER_ID]) if tmember['preferredMemberKey'] else ''
|
|
|
|
|
ttype, tname = tmember['member'].split('/')
|
|
|
|
|
member = {'name': f'{groupName}/membershipd/{tname}', CIGROUP_MEMBERKEY: {'id': tid}}
|
|
|
|
|
member = {'name': f'{groupName}/membershipd/{tname}', 'preferredMemberKey': {'id': tid}}
|
|
|
|
|
if 'type' not in tmember:
|
|
|
|
|
if tid == GC.Values[GC.CUSTOMER_ID]:
|
|
|
|
|
member['type'] = Ent.TYPE_CUSTOMER
|
|
|
|
|
@@ -6091,6 +6092,11 @@ def convertGroupEmailToCloudID(ci, group, i=0, count=0):
|
|
|
|
|
Act.Set(action)
|
|
|
|
|
return (ci, None, None)
|
|
|
|
|
|
|
|
|
|
CIGROUP_DISCUSSION_FORUM_LABEL = 'cloudidentity.googleapis.com/groups.discussion_forum'
|
|
|
|
|
CIGROUP_DYNAMIC_LABEL = 'cloudidentity.googleapis.com/groups.dynamic'
|
|
|
|
|
CIGROUP_SECURITY_LABEL = 'cloudidentity.googleapis.com/groups.security'
|
|
|
|
|
CIGROUP_LOCKED_LABEL = 'cloudidentity.googleapis.com/groups.locked'
|
|
|
|
|
|
|
|
|
|
def getCIGroupMembershipGraph(ci, member):
|
|
|
|
|
if not ci:
|
|
|
|
|
ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
|
|
|
|
|
@@ -6099,7 +6105,7 @@ def getCIGroupMembershipGraph(ci, member):
|
|
|
|
|
result = callGAPI(ci.groups().memberships(), 'getMembershipGraph',
|
|
|
|
|
throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
parent=parent,
|
|
|
|
|
query=f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels")
|
|
|
|
|
query=f"member_key_id == '{member}' && CIGROUP_DISCUSSION_FORUM_LABEL in labels")
|
|
|
|
|
return (ci, result.get('response', {}))
|
|
|
|
|
except (GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
|
|
|
|
|
GAPI.forbidden, GAPI.badRequest, GAPI.invalid, GAPI.invalidArgument,
|
|
|
|
|
@@ -6190,7 +6196,7 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
|
|
|
|
|
pageMessage=getPageMessageForWhom(),
|
|
|
|
|
throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
parent=groupName, view='FULL',
|
|
|
|
|
fields=f'nextPageToken,memberships(name,{CIGROUP_MEMBERKEY}(id),roles(name),type)', pageSize=GC.Values[GC.MEMBER_MAX_RESULTS])
|
|
|
|
|
fields='nextPageToken,memberships(name,preferredMemberKey(id),roles(name),type)', pageSize=GC.Values[GC.MEMBER_MAX_RESULTS])
|
|
|
|
|
except (GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
|
|
|
|
|
GAPI.forbidden, GAPI.badRequest, GAPI.invalid, GAPI.invalidArgument,
|
|
|
|
|
GAPI.systemError, GAPI.permissionDenied, GAPI.serviceNotAvailable):
|
|
|
|
|
@@ -6200,7 +6206,7 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
|
|
|
|
|
for member in result:
|
|
|
|
|
getCIGroupMemberRoleFixType(member)
|
|
|
|
|
if member['type'] == Ent.TYPE_USER:
|
|
|
|
|
email = member.get(CIGROUP_MEMBERKEY, {}).get('id', '')
|
|
|
|
|
email = member.get('preferredMemberKey', {}).get('id', '')
|
|
|
|
|
if (email and _checkMemberRole(member, validRoles) and email not in entitySet):
|
|
|
|
|
entitySet.add(email)
|
|
|
|
|
entityList.append(email)
|
|
|
|
|
@@ -6350,7 +6356,7 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
|
|
|
|
|
else:
|
|
|
|
|
_showInvalidEntity(Ent.GROUP, group)
|
|
|
|
|
elif entityType in {Cmd.ENTITY_CIGROUP, Cmd.ENTITY_CIGROUPS}:
|
|
|
|
|
ci = buildGAPIObject(CIGROUP_MEMBER_API)
|
|
|
|
|
ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
|
|
|
|
|
groups = convertEntityToList(entity, nonListEntityType=entityType in {Cmd.ENTITY_CIGROUP})
|
|
|
|
|
for group in groups:
|
|
|
|
|
if validateEmailAddressOrUID(group, checkPeople=False, ciGroupsAPI=True):
|
|
|
|
|
@@ -6362,7 +6368,7 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
|
|
|
|
|
pageMessage=getPageMessageForWhom(),
|
|
|
|
|
throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
parent=name, view='FULL',
|
|
|
|
|
fields=f'nextPageToken,memberships({CIGROUP_MEMBERKEY}(id),roles(name),type)',
|
|
|
|
|
fields='nextPageToken,memberships(preferredMemberKey(id),roles(name),type)',
|
|
|
|
|
pageSize=GC.Values[GC.MEMBER_MAX_RESULTS])
|
|
|
|
|
except (GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
|
|
|
|
|
GAPI.forbidden, GAPI.badRequest, GAPI.invalid, GAPI.invalidArgument,
|
|
|
|
|
@@ -6372,7 +6378,7 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
|
|
|
|
|
continue
|
|
|
|
|
for member in result:
|
|
|
|
|
getCIGroupMemberRoleFixType(member)
|
|
|
|
|
email = member.get(CIGROUP_MEMBERKEY, {}).get('id', '')
|
|
|
|
|
email = member.get('preferredMemberKey', {}).get('id', '')
|
|
|
|
|
if (email and (groupMemberType in ('ALL', member['type'])) and
|
|
|
|
|
_checkMemberRole(member, validRoles) and email not in entitySet):
|
|
|
|
|
entitySet.add(email)
|
|
|
|
|
@@ -22682,7 +22688,7 @@ def _processPeopleContactPhotos(users, function):
|
|
|
|
|
with open(os.path.expanduser(filename), 'rb') as f:
|
|
|
|
|
image_data = f.read()
|
|
|
|
|
callGAPI(people.people(), function,
|
|
|
|
|
throwReasons=[GAPI.NOT_FOUND, GAPI.INTERNAL_ERROR]+GAPI.PEOPLE_ACCESS_THROW_REASONS,
|
|
|
|
|
throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.INTERNAL_ERROR]+GAPI.PEOPLE_ACCESS_THROW_REASONS,
|
|
|
|
|
resourceName=resourceName,
|
|
|
|
|
body={'photoBytes': base64.urlsafe_b64encode(image_data).decode(UTF8)})
|
|
|
|
|
entityActionPerformed([entityType, user, peopleEntityType, resourceName, Ent.PHOTO, filename], j, jcount)
|
|
|
|
|
@@ -22718,7 +22724,7 @@ def _processPeopleContactPhotos(users, function):
|
|
|
|
|
else: #elif function == 'deleteContactPhoto':
|
|
|
|
|
filename = ''
|
|
|
|
|
callGAPI(people.people(), function,
|
|
|
|
|
throwReasons=[GAPI.NOT_FOUND, GAPI.INTERNAL_ERROR, GAPI.PHOTO_NOT_FOUND]+GAPI.PEOPLE_ACCESS_THROW_REASONS,
|
|
|
|
|
throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.INTERNAL_ERROR, GAPI.PHOTO_NOT_FOUND]+GAPI.PEOPLE_ACCESS_THROW_REASONS,
|
|
|
|
|
resourceName=resourceName)
|
|
|
|
|
entityActionPerformed([entityType, user, peopleEntityType, resourceName, Ent.PHOTO, filename], j, jcount)
|
|
|
|
|
except (GAPI.notFound, GAPI.internalError):
|
|
|
|
|
@@ -22726,7 +22732,7 @@ def _processPeopleContactPhotos(users, function):
|
|
|
|
|
continue
|
|
|
|
|
except GAPI.photoNotFound:
|
|
|
|
|
entityDoesNotHaveItemWarning([entityType, user, peopleEntityType, resourceName, Ent.PHOTO, filename], j, jcount)
|
|
|
|
|
except (OSError, IOError) as e:
|
|
|
|
|
except (GAPI.invalidArgument, OSError, IOError) as e:
|
|
|
|
|
entityActionFailedWarning([entityType, user, peopleEntityType, resourceName, Ent.PHOTO, filename], str(e), j, jcount)
|
|
|
|
|
except (GAPI.serviceNotAvailable, GAPI.forbidden):
|
|
|
|
|
ClientAPIAccessDeniedExit()
|
|
|
|
|
@@ -23165,8 +23171,8 @@ def printShowContactDelegates(users):
|
|
|
|
|
continue
|
|
|
|
|
jcount = len(delegates)
|
|
|
|
|
if not csvPF:
|
|
|
|
|
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.CONTACT_DELEGATE, i, count)
|
|
|
|
|
if not csvStyle:
|
|
|
|
|
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.CONTACT_DELEGATE, i, count)
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
j = 0
|
|
|
|
|
for delegate in delegates:
|
|
|
|
|
@@ -27888,14 +27894,28 @@ def _getPolicyGroupTarget(cd, cp, myarg, orgUnit):
|
|
|
|
|
targetResource = f"groups/{convertEmailAddressToUID(targetName, cd, emailType='group')}"
|
|
|
|
|
return (targetName, targetName, targetResource, Ent.GROUP, cp.customers().policies().groups())
|
|
|
|
|
|
|
|
|
|
def checkPolicyArgs(targetResource, printer_id, app_id):
|
|
|
|
|
if not targetResource:
|
|
|
|
|
missingArgumentExit('ou|org|orgunit|group')
|
|
|
|
|
if printer_id and app_id:
|
|
|
|
|
usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('printerid', 'appid'))
|
|
|
|
|
|
|
|
|
|
def setPolicyKVList(baseList, printer_id, app_id):
|
|
|
|
|
kvList = baseList[:]
|
|
|
|
|
if app_id:
|
|
|
|
|
kvList.extend([Ent.APP_ID, app_id])
|
|
|
|
|
elif printer_id:
|
|
|
|
|
kvList.extend([Ent.PRINTER_ID, printer_id])
|
|
|
|
|
return kvList
|
|
|
|
|
|
|
|
|
|
def updatePolicyRequests(body, targetResource, printer_id, app_id):
|
|
|
|
|
for request in body['requests']:
|
|
|
|
|
request.setdefault('policyTargetKey', {})
|
|
|
|
|
request['policyTargetKey']['targetResource'] = targetResource
|
|
|
|
|
if printer_id:
|
|
|
|
|
request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
|
|
|
|
elif app_id:
|
|
|
|
|
if app_id:
|
|
|
|
|
request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
|
|
|
|
|
elif printer_id:
|
|
|
|
|
request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
|
|
|
|
|
|
|
|
|
# gam delete chromepolicy
|
|
|
|
|
# (<SchemaName> [<JSONData>])+
|
|
|
|
|
@@ -27931,15 +27951,14 @@ def doDeleteChromePolicy():
|
|
|
|
|
body['requests'][-1].setdefault('policyTargetKey', {})
|
|
|
|
|
for atk in jsonData['additionalTargetKeys']:
|
|
|
|
|
body['requests'][-1]['policyTargetKey']['additionalTargetKeys'] = {atk['name']: atk['value']}
|
|
|
|
|
if not targetResource:
|
|
|
|
|
missingArgumentExit('ou|org|orgunit|group')
|
|
|
|
|
checkPolicyArgs(targetResource, printer_id, app_id)
|
|
|
|
|
count = len(body['requests'])
|
|
|
|
|
if count != 1:
|
|
|
|
|
entityPerformActionNumItems([entityType, targetName], count, Ent.CHROME_POLICY)
|
|
|
|
|
if count == 0:
|
|
|
|
|
return
|
|
|
|
|
kvList = setPolicyKVList([entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)], printer_id, app_id)
|
|
|
|
|
updatePolicyRequests(body, targetResource, printer_id, app_id)
|
|
|
|
|
kvList = [entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)]
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(service, function,
|
|
|
|
|
throwReasons=[GAPI.NOT_FOUND, GAPI.PERMISSION_DENIED,
|
|
|
|
|
@@ -28185,12 +28204,11 @@ def doUpdateChromePolicy():
|
|
|
|
|
invalidArgumentExit(Msg.CHROME_TARGET_VERSION_FORMAT)
|
|
|
|
|
body['requests'][-1]['policyValue']['value'][casedField] = value
|
|
|
|
|
body['requests'][-1]['updateMask'] += f'{casedField},'
|
|
|
|
|
if not targetResource:
|
|
|
|
|
missingArgumentExit('ou|org|orgunit|group')
|
|
|
|
|
checkPolicyArgs(targetResource, printer_id, app_id)
|
|
|
|
|
count = len(body['requests'])
|
|
|
|
|
if count > 0 and not body['requests'][-1]['updateMask']:
|
|
|
|
|
body['requests'].pop()
|
|
|
|
|
kvList = [entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)]
|
|
|
|
|
kvList = setPolicyKVList([entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)], printer_id, app_id)
|
|
|
|
|
if count != 1:
|
|
|
|
|
entityPerformActionNumItems(kvList, count, Ent.CHROME_POLICY)
|
|
|
|
|
if count == 0:
|
|
|
|
|
@@ -28232,10 +28250,10 @@ CHROME_POLICY_SHOW_CHOICE_MAP = {
|
|
|
|
|
def doPrintShowChromePolicies():
|
|
|
|
|
def normalizedPolicy(policy):
|
|
|
|
|
norm = {'name': policy['value']['policySchema']}
|
|
|
|
|
if printerId:
|
|
|
|
|
norm['printerId'] = printerId
|
|
|
|
|
elif appId:
|
|
|
|
|
norm['appId'] = appId
|
|
|
|
|
if app_id:
|
|
|
|
|
norm['appId'] = app_id
|
|
|
|
|
elif printer_id:
|
|
|
|
|
norm['printerId'] = printer_id
|
|
|
|
|
if entityType == Ent.ORGANIZATIONAL_UNIT:
|
|
|
|
|
orgUnitId = policy.get('targetKey', {}).get('targetResource')
|
|
|
|
|
norm['orgUnitPath'] = convertOrgUnitIDtoPath(cd, orgUnitId) if orgUnitId else UNKNOWN
|
|
|
|
|
@@ -28331,7 +28349,7 @@ def doPrintShowChromePolicies():
|
|
|
|
|
if csvPF:
|
|
|
|
|
csvPF.SetNoEscapeChar(True)
|
|
|
|
|
FJQC = FormatJSONQuoteChar(csvPF)
|
|
|
|
|
appId = groupEmail = orgUnit = printerId = None
|
|
|
|
|
app_id = groupEmail = orgUnit = printer_id = None
|
|
|
|
|
showPolicies = CHROME_POLICY_SHOW_ALL
|
|
|
|
|
psFilters = []
|
|
|
|
|
while Cmd.ArgumentsRemaining():
|
|
|
|
|
@@ -28342,10 +28360,10 @@ def doPrintShowChromePolicies():
|
|
|
|
|
orgUnit, targetName, targetResource, entityType, _ = _getPolicyOrgUnitTarget(cd, cp, myarg, groupEmail)
|
|
|
|
|
elif myarg == 'group':
|
|
|
|
|
groupEmail, targetName, targetResource, entityType, _ = _getPolicyGroupTarget(cd, cp, myarg, orgUnit)
|
|
|
|
|
elif (not printerId and not appId) and myarg == 'printerid':
|
|
|
|
|
printerId = getString(Cmd.OB_PRINTER_ID)
|
|
|
|
|
elif (not printerId and not appId) and myarg == 'appid':
|
|
|
|
|
appId = getString(Cmd.OB_APP_ID)
|
|
|
|
|
elif myarg == 'printerid':
|
|
|
|
|
printer_id = getString(Cmd.OB_PRINTER_ID)
|
|
|
|
|
elif myarg == 'appid':
|
|
|
|
|
app_id = getString(Cmd.OB_APP_ID)
|
|
|
|
|
elif myarg == 'filter':
|
|
|
|
|
for psFilter in getString(Cmd.OB_STRING).replace(',', ' ').split():
|
|
|
|
|
psFilters.append(psFilter)
|
|
|
|
|
@@ -28359,20 +28377,19 @@ def doPrintShowChromePolicies():
|
|
|
|
|
showPolicies = getChoice(CHROME_POLICY_SHOW_CHOICE_MAP, mapChoice=True)
|
|
|
|
|
else:
|
|
|
|
|
FJQC.GetFormatJSONQuoteChar(myarg, False)
|
|
|
|
|
if not targetResource:
|
|
|
|
|
missingArgumentExit('ou|org|orgunit|group')
|
|
|
|
|
checkPolicyArgs(targetResource, printer_id, app_id)
|
|
|
|
|
body = {'policyTargetKey': {'targetResource': targetResource}}
|
|
|
|
|
if printerId:
|
|
|
|
|
body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printerId}
|
|
|
|
|
if not psFilters:
|
|
|
|
|
psFilters = ['chrome.printers.*']
|
|
|
|
|
elif appId:
|
|
|
|
|
body['policyTargetKey']['additionalTargetKeys'] = {'app_id': appId}
|
|
|
|
|
if app_id:
|
|
|
|
|
body['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
|
|
|
|
|
if not psFilters:
|
|
|
|
|
psFilters = ['chrome.users.apps.*',
|
|
|
|
|
'chrome.devices.kiosk.apps.*',
|
|
|
|
|
'chrome.devices.managedguest.apps.*',
|
|
|
|
|
]
|
|
|
|
|
elif printer_id:
|
|
|
|
|
body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
|
|
|
|
if not psFilters:
|
|
|
|
|
psFilters = ['chrome.printers.*']
|
|
|
|
|
elif not psFilters:
|
|
|
|
|
if entityType == Ent.ORGANIZATIONAL_UNIT:
|
|
|
|
|
psFilters = ['chrome.users.*',
|
|
|
|
|
@@ -28406,10 +28423,10 @@ def doPrintShowChromePolicies():
|
|
|
|
|
csvPF.AddTitles(['group'])
|
|
|
|
|
csvPF.SetSortAllTitles()
|
|
|
|
|
if not FJQC.formatJSON:
|
|
|
|
|
if printerId:
|
|
|
|
|
csvPF.AddSortTitles(['printerId'])
|
|
|
|
|
elif appId:
|
|
|
|
|
if app_id:
|
|
|
|
|
csvPF.AddSortTitles(['appId'])
|
|
|
|
|
elif printer_id:
|
|
|
|
|
csvPF.AddSortTitles(['printerId'])
|
|
|
|
|
else:
|
|
|
|
|
csvPF.SetJSONTitles(csvPF.titlesList+['JSON'])
|
|
|
|
|
policies = []
|
|
|
|
|
@@ -28436,11 +28453,7 @@ def doPrintShowChromePolicies():
|
|
|
|
|
if not csvPF:
|
|
|
|
|
jcount = len(policies)
|
|
|
|
|
if not FJQC.formatJSON:
|
|
|
|
|
kvList = [entityType, targetName]
|
|
|
|
|
if printerId:
|
|
|
|
|
kvList.extend([Ent.PRINTER_ID, printerId])
|
|
|
|
|
elif appId:
|
|
|
|
|
kvList.extend([Ent.APP_ID, appId])
|
|
|
|
|
kvList = setPolicyKVList([entityType, targetName], printer_id, app_id)
|
|
|
|
|
entityPerformActionModifierNumItems(kvList, Msg.MAXIMUM_OF, jcount, Ent.CHROME_POLICY)
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
j = 0
|
|
|
|
|
@@ -31649,7 +31662,7 @@ def doCreateGroup(ciGroupsAPI=False):
|
|
|
|
|
parent = f'customers/{GC.Values[GC.CUSTOMER_ID]}'
|
|
|
|
|
body = {'groupKey': {'id': groupEmail},
|
|
|
|
|
'parent': parent,
|
|
|
|
|
'labels': {'cloudidentity.googleapis.com/groups.discussion_forum': ''},
|
|
|
|
|
'labels': {CIGROUP_DISCUSSION_FORUM_LABEL: ''},
|
|
|
|
|
}
|
|
|
|
|
gs_body = {}
|
|
|
|
|
while Cmd.ArgumentsRemaining():
|
|
|
|
|
@@ -32171,8 +32184,8 @@ def doUpdateGroups():
|
|
|
|
|
elif myarg == 'getbeforeupdate':
|
|
|
|
|
getBeforeUpdate = True
|
|
|
|
|
elif myarg in {'security', 'makesecuritygroup'}:
|
|
|
|
|
ci_body['labels'] = {'cloudidentity.googleapis.com/groups.discussion_forum': '',
|
|
|
|
|
'cloudidentity.googleapis.com/groups.security': ''}
|
|
|
|
|
ci_body['labels'] = {CIGROUP_DISCUSSION_FORUM_LABEL: '',
|
|
|
|
|
CIGROUP_SECURITY_LABEL: ''}
|
|
|
|
|
elif myarg == 'json':
|
|
|
|
|
gs_body.update(getJSON(GROUP_JSON_SKIP_FIELDS))
|
|
|
|
|
elif myarg == 'accesstype':
|
|
|
|
|
@@ -32691,7 +32704,7 @@ def checkMemberMatch(member, memberOptions):
|
|
|
|
|
def checkCIMemberMatch(member, memberOptions):
|
|
|
|
|
if not memberOptions[MEMBEROPTION_MATCHPATTERN]:
|
|
|
|
|
return True
|
|
|
|
|
if memberOptions[MEMBEROPTION_MATCHPATTERN].match(member.get(CIGROUP_MEMBERKEY, {}).get('id', '')):
|
|
|
|
|
if memberOptions[MEMBEROPTION_MATCHPATTERN].match(member.get('preferredMemberKey', {}).get('id', '')):
|
|
|
|
|
return memberOptions[MEMBEROPTION_DISPLAYMATCH]
|
|
|
|
|
return not memberOptions[MEMBEROPTION_DISPLAYMATCH]
|
|
|
|
|
|
|
|
|
|
@@ -33279,7 +33292,7 @@ def addMemberInfoToRow(row, groupMembers, typesSet, memberOptions, memberDisplay
|
|
|
|
|
if not ciGroupsAPI:
|
|
|
|
|
member_email = member.get('email', member.get('id', None))
|
|
|
|
|
else:
|
|
|
|
|
member_email = member.get(CIGROUP_MEMBERKEY, {}).get('id', member['name'])
|
|
|
|
|
member_email = member.get('preferredMemberKey', {}).get('id', member['name'])
|
|
|
|
|
if not member_email:
|
|
|
|
|
writeStderr(f' Not sure what to do with: {member}\n')
|
|
|
|
|
continue
|
|
|
|
|
@@ -33789,9 +33802,9 @@ def doPrintGroups():
|
|
|
|
|
csvPF.writeCSVfile('Groups')
|
|
|
|
|
|
|
|
|
|
def mapCIGroupMemberFieldNames(member):
|
|
|
|
|
member['email'] = member[CIGROUP_MEMBERKEY].pop('id')
|
|
|
|
|
if not member[CIGROUP_MEMBERKEY]:
|
|
|
|
|
member.pop(CIGROUP_MEMBERKEY)
|
|
|
|
|
member['email'] = member['preferredMemberKey'].pop('id')
|
|
|
|
|
if not member['preferredMemberKey']:
|
|
|
|
|
member.pop('preferredMemberKey')
|
|
|
|
|
if 'name' in member:
|
|
|
|
|
member['id'] = member.pop('name')
|
|
|
|
|
|
|
|
|
|
@@ -34556,7 +34569,8 @@ def doCreateCIGroup():
|
|
|
|
|
# [security|makesecuritygroup|dynamicsecurity|makedynamicsecuritygroup]
|
|
|
|
|
# [dynamic <QueryDynamicGroup>]
|
|
|
|
|
# [memberrestrictions <QueryMemberRestrictions>]
|
|
|
|
|
# gam update cigroups <GroupEntity> create [<GroupRole>]
|
|
|
|
|
# [locked|unlocked]
|
|
|
|
|
# gam update cigroups <GroupEntity> add|create [<GroupRole>]
|
|
|
|
|
# [usersonly|groupsonly]
|
|
|
|
|
# [notsuspended|suspended] [notarchived|archived]
|
|
|
|
|
# [expire|expires <Time>] [preview] [actioncsv]
|
|
|
|
|
@@ -34613,14 +34627,14 @@ def doUpdateCIGroups():
|
|
|
|
|
def _getMemberEmail(member):
|
|
|
|
|
if member['type'] == Ent.TYPE_CUSTOMER:
|
|
|
|
|
return member['id']
|
|
|
|
|
return member.get(CIGROUP_MEMBERKEY, {}).get('id', '')
|
|
|
|
|
return member.get('preferredMemberKey', {}).get('id', '')
|
|
|
|
|
|
|
|
|
|
def checkDynamicGroup(ci, group, i, count):
|
|
|
|
|
try:
|
|
|
|
|
result = callGAPI(ci.groups(), 'get',
|
|
|
|
|
throwReasons=GAPI.CIGROUP_GET_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
name=group, fields='labels')
|
|
|
|
|
if 'cloudidentity.googleapis.com/groups.dynamic' in result.get('labels', {}):
|
|
|
|
|
if CIGROUP_DYNAMIC_LABEL in result.get('labels', {}):
|
|
|
|
|
entityActionNotPerformedWarning([entityType, group], Msg.DYNAMIC_GROUP_MEMBERSHIP_CANNOT_BE_MODIFIED, i, count)
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
@@ -34681,7 +34695,7 @@ def doUpdateCIGroups():
|
|
|
|
|
j = 0
|
|
|
|
|
for member in addMembers:
|
|
|
|
|
j += 1
|
|
|
|
|
body = {CIGROUP_MEMBERKEY: {'id': member}, 'roles': [{'name': Ent.ROLE_MEMBER}]}
|
|
|
|
|
body = {'preferredMemberKey': {'id': member}, 'roles': [{'name': Ent.ROLE_MEMBER}]}
|
|
|
|
|
if role != Ent.ROLE_MEMBER:
|
|
|
|
|
body['roles'].append({'name': role})
|
|
|
|
|
elif expireTime not in {None, NEVER_TIME}:
|
|
|
|
|
@@ -34728,12 +34742,14 @@ def doUpdateCIGroups():
|
|
|
|
|
Ind.Decrement()
|
|
|
|
|
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
ci = buildGAPIObject(CIGROUP_MEMBER_API)
|
|
|
|
|
ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
|
|
|
|
|
cib = None
|
|
|
|
|
entityType = Ent.CLOUD_IDENTITY_GROUP
|
|
|
|
|
csvPF = None
|
|
|
|
|
getBeforeUpdate = preview = False
|
|
|
|
|
entityList = getEntityList(Cmd.OB_GROUP_ENTITY)
|
|
|
|
|
CL_subCommand = getChoice(UPDATE_GROUP_SUBCMDS, defaultChoice=None)
|
|
|
|
|
lockGroup = None
|
|
|
|
|
if not CL_subCommand:
|
|
|
|
|
gs_body = {}
|
|
|
|
|
ci_body = {}
|
|
|
|
|
@@ -34749,22 +34765,26 @@ def doUpdateCIGroups():
|
|
|
|
|
ci_body['dynamicGroupMetadata']['queries'].append({'resourceType': 'USER',
|
|
|
|
|
'query': getString(Cmd.OB_QUERY)})
|
|
|
|
|
elif myarg in {'security', 'makesecuritygroup'}:
|
|
|
|
|
ci_body['labels'] = {'cloudidentity.googleapis.com/groups.discussion_forum': '',
|
|
|
|
|
'cloudidentity.googleapis.com/groups.security': ''}
|
|
|
|
|
ci_body['labels'] = {CIGROUP_DISCUSSION_FORUM_LABEL: '',
|
|
|
|
|
CIGROUP_SECURITY_LABEL: ''}
|
|
|
|
|
elif myarg in {'dynamicsecurity', 'makedynamicsecuritygroup'}:
|
|
|
|
|
ci_body['labels'] = {'cloudidentity.googleapis.com/groups.discussion_forum': '',
|
|
|
|
|
'cloudidentity.googleapis.com/groups.dynamic': '',
|
|
|
|
|
'cloudidentity.googleapis.com/groups.security': ''}
|
|
|
|
|
elif myarg in {'locked', 'makelockedsecuritygroup'}:
|
|
|
|
|
ci_body['labels'] = {'cloudidentity.googleapis.com/groups.discussion_forum': '',
|
|
|
|
|
'cloudidentity.googleapis.com/groups.locked': '',
|
|
|
|
|
'cloudidentity.googleapis.com/groups.security': ''}
|
|
|
|
|
ci_body['labels'] = {CIGROUP_DISCUSSION_FORUM_LABEL: '',
|
|
|
|
|
CIGROUP_DYNAMIC_LABEL: '',
|
|
|
|
|
CIGROUP_SECURITY_LABEL: ''}
|
|
|
|
|
elif myarg in {'lockedsecurity', 'makelockedsecuritygroup'}:
|
|
|
|
|
ci_body['labels'] = {CIGROUP_DISCUSSION_FORUM_LABEL: '',
|
|
|
|
|
CIGROUP_LOCKED_LABEL: '',
|
|
|
|
|
CIGROUP_SECURITY_LABEL: ''}
|
|
|
|
|
elif myarg in ['memberrestriction', 'memberrestrictions']:
|
|
|
|
|
query = getString(Cmd.OB_QUERY, minLen=0)
|
|
|
|
|
member_types = {'USER': '1', 'SERVICE_ACCOUNT': '2', 'GROUP': '3',}
|
|
|
|
|
for key, val in iter(member_types.items()):
|
|
|
|
|
query = query.replace(key, val)
|
|
|
|
|
se_body['memberRestriction'] = {'query': query}
|
|
|
|
|
elif myarg == 'locked':
|
|
|
|
|
lockGroup = True
|
|
|
|
|
elif myarg == 'unlocked':
|
|
|
|
|
lockGroup = False
|
|
|
|
|
elif myarg == 'json':
|
|
|
|
|
gs_body.update(getJSON(GROUP_JSON_SKIP_FIELDS))
|
|
|
|
|
elif myarg == 'accesstype':
|
|
|
|
|
@@ -34782,7 +34802,7 @@ def doUpdateCIGroups():
|
|
|
|
|
settings = gs_body
|
|
|
|
|
elif not ci_body:
|
|
|
|
|
return
|
|
|
|
|
elif not ci_body and not se_body:
|
|
|
|
|
elif not ci_body and not se_body and lockGroup is None:
|
|
|
|
|
return
|
|
|
|
|
Act.Set(Act.UPDATE)
|
|
|
|
|
i = 0
|
|
|
|
|
@@ -34828,14 +34848,55 @@ def doUpdateCIGroups():
|
|
|
|
|
except GAPI.required:
|
|
|
|
|
entityActionFailedWarning([entityType, group], Msg.INVALID_JSON_SETTING, i, count)
|
|
|
|
|
continue
|
|
|
|
|
if ci_body or se_body:
|
|
|
|
|
if ci_body or se_body or lockGroup is not None:
|
|
|
|
|
_, name, _ = convertGroupEmailToCloudID(ci, group, i, count)
|
|
|
|
|
if not name:
|
|
|
|
|
continue
|
|
|
|
|
cipl = ci
|
|
|
|
|
twoUpdates = False
|
|
|
|
|
if 'labels' in ci_body or lockGroup is not None:
|
|
|
|
|
try:
|
|
|
|
|
cigInfo = callGAPI(ci.groups(), 'get',
|
|
|
|
|
throwReasons=GAPI.CIGROUP_GET_THROW_REASONS,
|
|
|
|
|
retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
name=name, fields='labels')
|
|
|
|
|
except (GAPI.notFound, GAPI.groupNotFound, GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.backendError,
|
|
|
|
|
GAPI.invalid, GAPI.invalidMember, GAPI.invalidParameter, GAPI.invalidInput, GAPI.forbidden, GAPI.badRequest,
|
|
|
|
|
GAPI.permissionDenied, GAPI.systemError, GAPI.serviceLimit, GAPI.serviceNotAvailable) as e:
|
|
|
|
|
entityActionFailedWarning([Ent.CLOUD_IDENTITY_GROUP, group], str(e), i, count)
|
|
|
|
|
continue
|
|
|
|
|
# If a group currently isn't a security group or locked, and we want to add security and locked,
|
|
|
|
|
# we have to do two commands to meet a beta requirement
|
|
|
|
|
ci_body.setdefault('labels', {})
|
|
|
|
|
if ((CIGROUP_SECURITY_LABEL not in cigInfo['labels']) and
|
|
|
|
|
(CIGROUP_LOCKED_LABEL not in cigInfo['labels']) and
|
|
|
|
|
((CIGROUP_SECURITY_LABEL in ci_body['labels']) and
|
|
|
|
|
((CIGROUP_LOCKED_LABEL in ci_body['labels']) or lockGroup))):
|
|
|
|
|
twoUpdates = True
|
|
|
|
|
ci_body['labels'].update(cigInfo['labels'])
|
|
|
|
|
if lockGroup is not None:
|
|
|
|
|
if lockGroup:
|
|
|
|
|
if CIGROUP_LOCKED_LABEL not in ci_body['labels']:
|
|
|
|
|
ci_body['labels'][CIGROUP_LOCKED_LABEL] = ''
|
|
|
|
|
else:
|
|
|
|
|
if CIGROUP_LOCKED_LABEL in ci_body['labels']:
|
|
|
|
|
ci_body['labels'].pop(CIGROUP_LOCKED_LABEL)
|
|
|
|
|
if CIGROUP_LOCKED_LABEL in ci_body['labels']:
|
|
|
|
|
if cib is None:
|
|
|
|
|
cib = buildGAPIObject(API.CLOUDIDENTITY_GROUPS_BETA)
|
|
|
|
|
cipl = cib
|
|
|
|
|
if ci_body:
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(ci.groups(), 'patch',
|
|
|
|
|
throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
if twoUpdates:
|
|
|
|
|
ci_body['labels'].pop(CIGROUP_LOCKED_LABEL)
|
|
|
|
|
callGAPI(cipl.groups(), 'patch',
|
|
|
|
|
throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS,
|
|
|
|
|
retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
name=name, body=ci_body, updateMask=','.join(list(ci_body.keys())))
|
|
|
|
|
ci_body['labels'][CIGROUP_LOCKED_LABEL] = ''
|
|
|
|
|
callGAPI(cipl.groups(), 'patch',
|
|
|
|
|
throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS,
|
|
|
|
|
retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
name=name, body=ci_body, updateMask=','.join(list(ci_body.keys())))
|
|
|
|
|
except (GAPI.notFound, GAPI.groupNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
|
|
|
|
|
GAPI.forbidden, GAPI.badRequest, GAPI.invalid, GAPI.invalidInput, GAPI.invalidArgument,
|
|
|
|
|
@@ -35010,7 +35071,7 @@ def doUpdateCIGroups():
|
|
|
|
|
pageMessage=getPageMessageForWhom(),
|
|
|
|
|
throwReasons=GAPI.MEMBERS_THROW_REASONS, retryReasons=GAPI.MEMBERS_RETRY_REASONS,
|
|
|
|
|
parent=parent, view='FULL',
|
|
|
|
|
fields=f'nextPageToken,memberships(name,{CIGROUP_MEMBERKEY}(id),roles(name),type)',
|
|
|
|
|
fields='nextPageToken,memberships(name,preferredMemberKey(id),roles(name),type)',
|
|
|
|
|
pageSize=GC.Values[GC.MEMBER_MAX_RESULTS])
|
|
|
|
|
except (GAPI.groupNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.invalid, GAPI.forbidden):
|
|
|
|
|
entityUnknownWarning(Ent.CLOUD_IDENTITY_GROUP, group)
|
|
|
|
|
@@ -35025,7 +35086,7 @@ def doUpdateCIGroups():
|
|
|
|
|
for member in result:
|
|
|
|
|
getCIGroupMemberRoleFixType(member)
|
|
|
|
|
role = member['role'] if not ignoreRole else Ent.ROLE_ALL
|
|
|
|
|
email = member.get(CIGROUP_MEMBERKEY, {}).get('id', '')
|
|
|
|
|
email = member.get('preferredMemberKey', {}).get('id', '')
|
|
|
|
|
if groupMemberType in ('ALL', member['type']) and role in rolesSet:
|
|
|
|
|
cleanAddress = _cleanConsumerAddress(email, currentMembersMaps[role])
|
|
|
|
|
currentMembersSets[role].add(cleanAddress)
|
|
|
|
|
@@ -35099,7 +35160,7 @@ def doUpdateCIGroups():
|
|
|
|
|
removeRoles = []
|
|
|
|
|
postUpdateRoles = []
|
|
|
|
|
memberRoles = callGAPI(ci.groups().memberships(), 'get',
|
|
|
|
|
name=memberName, fields=f'name,{CIGROUP_MEMBERKEY},roles,type')
|
|
|
|
|
name=memberName, fields='name,preferredMemberKey,roles,type')
|
|
|
|
|
getCIGroupMemberRoleFixType(memberRoles)
|
|
|
|
|
current_roles = [crole['name'] for crole in memberRoles['roles']]
|
|
|
|
|
# When upgrading role, strip any expiryDetail from member before role changes
|
|
|
|
|
@@ -35185,7 +35246,7 @@ def doUpdateCIGroups():
|
|
|
|
|
pageMessage=getPageMessageForWhom(),
|
|
|
|
|
throwReasons=GAPI.MEMBERS_THROW_REASONS, retryReasons=GAPI.MEMBERS_RETRY_REASONS,
|
|
|
|
|
parent=parent, view='FULL',
|
|
|
|
|
fields=f'nextPageToken,memberships(name,{CIGROUP_MEMBERKEY}(id),roles(name),type)',
|
|
|
|
|
fields='nextPageToken,memberships(name,preferredMemberKey(id),roles(name),type)',
|
|
|
|
|
pageSize=GC.Values[GC.MEMBER_MAX_RESULTS])
|
|
|
|
|
except (GAPI.groupNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.invalid, GAPI.forbidden):
|
|
|
|
|
entityUnknownWarning(entityType, group, i, count)
|
|
|
|
|
@@ -35274,7 +35335,7 @@ def doInfoCIGroups():
|
|
|
|
|
for member in cachedGroupMembers[group_id]:
|
|
|
|
|
member_id = member.get('name', '')
|
|
|
|
|
member_id = member_id.split('/')[-1]
|
|
|
|
|
member_email = member.get(CIGROUP_MEMBERKEY, {}).get('id')
|
|
|
|
|
member_email = member.get('preferredMemberKey', {}).get('id')
|
|
|
|
|
member_type = member.get('type', 'USER').lower()
|
|
|
|
|
if showRole:
|
|
|
|
|
getCIGroupMemberRoleFixType(member)
|
|
|
|
|
@@ -35290,7 +35351,7 @@ def doInfoCIGroups():
|
|
|
|
|
if not groupFieldsLists['ci']:
|
|
|
|
|
groupFieldsLists['ci'] = ['groupKey']
|
|
|
|
|
|
|
|
|
|
ci = buildGAPIObject(CIGROUP_MEMBER_API)
|
|
|
|
|
ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
|
|
|
|
|
entityList = getEntityList(Cmd.OB_GROUP_ENTITY)
|
|
|
|
|
getAliases = getSecuritySettings = getUsers = True
|
|
|
|
|
showJoinDate = True
|
|
|
|
|
@@ -35394,7 +35455,7 @@ def doInfoCIGroups():
|
|
|
|
|
printEntitiesCount(entityType, members)
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
for member in members:
|
|
|
|
|
memberEmail = member.get(CIGROUP_MEMBERKEY, {}).get('id', member['name'])
|
|
|
|
|
memberEmail = member.get('preferredMemberKey', {}).get('id', member['name'])
|
|
|
|
|
getCIGroupMemberRoleFixType(member)
|
|
|
|
|
memberDetails = [member['role'].lower(), f'{memberEmail} ({member["type"].lower()})']
|
|
|
|
|
if checkCategory:
|
|
|
|
|
@@ -35425,7 +35486,7 @@ def doInfoCIGroups():
|
|
|
|
|
|
|
|
|
|
def checkCIGroupShowOwnedBy(showOwnedBy, members):
|
|
|
|
|
for member in members:
|
|
|
|
|
if member[CIGROUP_MEMBERKEY]['id'] == showOwnedBy:
|
|
|
|
|
if member['preferredMemberKey']['id'] == showOwnedBy:
|
|
|
|
|
if member['role'] == Ent.ROLE_OWNER:
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
@@ -35692,7 +35753,7 @@ def doPrintCIGroups():
|
|
|
|
|
False, False, True)
|
|
|
|
|
csvPF.WriteRow(row)
|
|
|
|
|
|
|
|
|
|
ci = buildGAPIObject(CIGROUP_MEMBER_API)
|
|
|
|
|
ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
|
|
|
|
|
setTrueCustomerId()
|
|
|
|
|
delimiter = GC.Values[GC.CSV_OUTPUT_FIELD_DELIMITER]
|
|
|
|
|
memberRestrictions = sortHeaders = False
|
|
|
|
|
@@ -35716,7 +35777,7 @@ def doPrintCIGroups():
|
|
|
|
|
showOwnedBy = convertUIDtoEmailAddress(getEmailAddress(), emailTypes=['user'])
|
|
|
|
|
elif myarg in {'cimember', 'enterprisemember', 'ciowner'}:
|
|
|
|
|
emailAddress = convertUIDtoEmailAddress(getEmailAddress(), emailTypes=['user', 'group'])
|
|
|
|
|
memberQuery = f"member_key_id == '{emailAddress}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
|
|
|
|
|
memberQuery = f"member_key_id == '{emailAddress}' && CIGROUP_DISCUSSION_FORUM_LABEL in labels"
|
|
|
|
|
entitySelection = None
|
|
|
|
|
if myarg == 'ciowner':
|
|
|
|
|
showOwnedBy = emailAddress
|
|
|
|
|
@@ -35809,18 +35870,21 @@ def doPrintCIGroups():
|
|
|
|
|
getFullFieldsList.append(field)
|
|
|
|
|
else:
|
|
|
|
|
getFullFieldsList = list(CIGROUP_FULL_FIELDS)
|
|
|
|
|
getFullFields = ','.join(getFullFieldsList)
|
|
|
|
|
getFullFields = ','.join(getFullFieldsList)#
|
|
|
|
|
cipl = ci
|
|
|
|
|
if query:
|
|
|
|
|
method = 'search'
|
|
|
|
|
if 'parent' not in query:
|
|
|
|
|
query += f" && parent == '{parent}'"
|
|
|
|
|
kwargs = {'query': query}
|
|
|
|
|
if CIGROUP_LOCKED_LABEL in query:
|
|
|
|
|
cipl = buildGAPIObject(API.CLOUDIDENTITY_GROUPS_BETA)
|
|
|
|
|
else:
|
|
|
|
|
method = 'list'
|
|
|
|
|
kwargs = {'parent': parent}
|
|
|
|
|
printGettingAllAccountEntities(Ent.CLOUD_IDENTITY_GROUP, query)
|
|
|
|
|
try:
|
|
|
|
|
entityList = callGAPIpages(ci.groups(), method, 'groups',
|
|
|
|
|
entityList = callGAPIpages(cipl.groups(), method, 'groups',
|
|
|
|
|
pageMessage=getPageMessage(showFirstLastItems=True), messageAttribute=['groupKey', 'id'],
|
|
|
|
|
throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
|
|
|
|
|
view='FULL', fields=fieldsnp, pageSize=pageSize, **kwargs)
|
|
|
|
|
@@ -35876,7 +35940,7 @@ def doPrintCIGroups():
|
|
|
|
|
try:
|
|
|
|
|
groupMembers = callGAPIpages(ci.groups().memberships(), 'list', 'memberships',
|
|
|
|
|
throwReasons=GAPI.MEMBERS_THROW_REASONS, retryReasons=GAPI.MEMBERS_RETRY_REASONS,
|
|
|
|
|
pageMessage=getPageMessage(), messageAttribute=[CIGROUP_MEMBERKEY, 'id'],
|
|
|
|
|
pageMessage=getPageMessage(), messageAttribute=['preferredMemberKey', 'id'],
|
|
|
|
|
parent=groupEntity['name'], view='FULL', fields='*', pageSize=pageSize)
|
|
|
|
|
except (GAPI.groupNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.invalid, GAPI.forbidden):
|
|
|
|
|
entityUnknownWarning(Ent.CLOUD_IDENTITY_GROUP, groupEmail, i, count)
|
|
|
|
|
@@ -35994,7 +36058,7 @@ def getCIGroupMembers(ci, groupName, memberRoles, membersList, membersSet, i, co
|
|
|
|
|
if memberOptions[MEMBEROPTION_NODUPLICATES]:
|
|
|
|
|
for member in groupMembers:
|
|
|
|
|
getCIGroupMemberRoleFixType(member)
|
|
|
|
|
memberName = member.get(CIGROUP_MEMBERKEY, {}).get('id', '')
|
|
|
|
|
memberName = member.get('preferredMemberKey', {}).get('id', '')
|
|
|
|
|
if (_checkMemberRole(member, validRoles) and
|
|
|
|
|
(not checkCategory or _checkCIMemberCategory(member, memberDisplayOptions)) and
|
|
|
|
|
memberName not in membersSet):
|
|
|
|
|
@@ -36012,7 +36076,7 @@ def getCIGroupMembers(ci, groupName, memberRoles, membersList, membersSet, i, co
|
|
|
|
|
groupMemberList = []
|
|
|
|
|
for member in groupMembers:
|
|
|
|
|
getCIGroupMemberRoleFixType(member)
|
|
|
|
|
memberName = member.get(CIGROUP_MEMBERKEY, {}).get('id', '')
|
|
|
|
|
memberName = member.get('preferredMemberKey', {}).get('id', '')
|
|
|
|
|
if member['type'] != Ent.TYPE_GROUP:
|
|
|
|
|
if (member['type'] in typesSet and
|
|
|
|
|
checkCIMemberMatch(member, memberOptions) and
|
|
|
|
|
@@ -36063,21 +36127,20 @@ CIGROUPMEMBERS_FIELDS_CHOICE_MAP = {
|
|
|
|
|
'createtime': 'createTime',
|
|
|
|
|
'expiretime': 'expireTime',
|
|
|
|
|
'id': 'name',
|
|
|
|
|
'memberkey': CIGROUP_MEMBERKEY,
|
|
|
|
|
'memberkey': 'preferredMemberKey',
|
|
|
|
|
'name': 'name',
|
|
|
|
|
'preferredmemberkey': CIGROUP_MEMBERKEY,
|
|
|
|
|
'preferredmemberkey': 'preferredMemberKey',
|
|
|
|
|
'role': 'roles',
|
|
|
|
|
'roles': 'roles',
|
|
|
|
|
'type': 'type',
|
|
|
|
|
'updatetime': 'updateTime',
|
|
|
|
|
'useremail': CIGROUP_MEMBERKEY,
|
|
|
|
|
'useremail': 'preferredMemberKey',
|
|
|
|
|
}
|
|
|
|
|
CIGROUPMEMBERS_DEFAULT_FIELDS = [
|
|
|
|
|
# 'type', 'roles', 'name', 'memberkey', 'preferredmemberkey', 'createtime', 'updatetime', 'expiretime']
|
|
|
|
|
'type', 'roles', 'name', CIGROUP_MEMBERKEY.lower(), 'createtime', 'updatetime', 'expiretime']
|
|
|
|
|
'type', 'roles', 'name', 'preferredmemberkey', 'createtime', 'updatetime', 'expiretime']
|
|
|
|
|
CIGROUPMEMBERS_SORT_FIELDS = [
|
|
|
|
|
'type', 'role', 'id', 'email',
|
|
|
|
|
'name', f'{CIGROUP_MEMBERKEY}.id', f'{CIGROUP_MEMBERKEY}.namespace',
|
|
|
|
|
'name', 'preferredMemberKey.id', 'preferredMemberKey.namespace',
|
|
|
|
|
'createTime', 'updateTime', 'expireTime'
|
|
|
|
|
]
|
|
|
|
|
CIGROUPMEMBERS_TIME_OBJECTS = {'createTime', 'updateTime', 'expireTime'}
|
|
|
|
|
@@ -36094,7 +36157,7 @@ CIGROUPMEMBERS_TIME_OBJECTS = {'createTime', 'updateTime', 'expireTime'}
|
|
|
|
|
# [(recursive [noduplicates])|includederivedmembership] [nogroupeemail]
|
|
|
|
|
# [formatjson [quotechar <Character>]]
|
|
|
|
|
def doPrintCIGroupMembers():
|
|
|
|
|
ci = buildGAPIObject(CIGROUP_MEMBER_API)
|
|
|
|
|
ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
|
|
|
|
|
setTrueCustomerId()
|
|
|
|
|
memberOptions = initMemberOptions()
|
|
|
|
|
memberDisplayOptions = initIPSGMGroupMemberDisplayOptions()
|
|
|
|
|
@@ -36116,7 +36179,7 @@ def doPrintCIGroupMembers():
|
|
|
|
|
showOwnedBy = convertUIDtoEmailAddress(getEmailAddress(), emailTypes=['user'])
|
|
|
|
|
elif myarg in {'cimember', 'enterprisemember', 'ciowner'}:
|
|
|
|
|
emailAddress = convertUIDtoEmailAddress(getEmailAddress(), emailTypes=['user', 'group'])
|
|
|
|
|
query = f"member_key_id == '{emailAddress}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
|
|
|
|
|
query = f"member_key_id == '{emailAddress}' && CIGROUP_DISCUSSION_FORUM_LABEL in labels"
|
|
|
|
|
entityList = None
|
|
|
|
|
if myarg == 'ciowner':
|
|
|
|
|
showOwnedBy = emailAddress
|
|
|
|
|
@@ -36292,7 +36355,7 @@ def doShowCIGroupMembers():
|
|
|
|
|
if (_checkMemberRole(member, rolesSet) and
|
|
|
|
|
member['type'] in typesSet and
|
|
|
|
|
checkCIMemberMatch(member, memberOptions)):
|
|
|
|
|
memberDetails = f'{member.get("role", Ent.ROLE_MEMBER)}, {member["type"]}, {member[CIGROUP_MEMBERKEY]["id"]}'
|
|
|
|
|
memberDetails = f'{member.get("role", Ent.ROLE_MEMBER)}, {member["type"]}, {member["preferredMemberKey"]["id"]}'
|
|
|
|
|
if checkCategory:
|
|
|
|
|
memberDetails += f', {member["category"]}'
|
|
|
|
|
for field in ['createTime', 'updateTime', 'expireTime']:
|
|
|
|
|
@@ -36301,11 +36364,11 @@ def doShowCIGroupMembers():
|
|
|
|
|
printKeyValueList([memberDetails])
|
|
|
|
|
if not includeDerivedMembership and (member['type'] == Ent.TYPE_GROUP) and (maxdepth == -1 or depth < maxdepth):
|
|
|
|
|
_, gname = member['name'].rsplit('/', 1)
|
|
|
|
|
_showGroup(f'groups/{gname}', member[CIGROUP_MEMBERKEY]['id'], depth+1)
|
|
|
|
|
_showGroup(f'groups/{gname}', member['preferredMemberKey']['id'], depth+1)
|
|
|
|
|
if depth == 0 or Ent.TYPE_GROUP in typesSet:
|
|
|
|
|
Ind.Decrement()
|
|
|
|
|
|
|
|
|
|
ci = buildGAPIObject(CIGROUP_MEMBER_API)
|
|
|
|
|
ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
|
|
|
|
|
setTrueCustomerId()
|
|
|
|
|
subTitle = f'{Msg.ALL} {Ent.Plural(Ent.CLOUD_IDENTITY_GROUP)}'
|
|
|
|
|
groupFieldsLists = {'ci': ['groupKey', 'name']}
|
|
|
|
|
@@ -36323,7 +36386,7 @@ def doShowCIGroupMembers():
|
|
|
|
|
showOwnedBy = convertUIDtoEmailAddress(getEmailAddress(), emailTypes=['user'])
|
|
|
|
|
elif myarg in {'cimember', 'enterprisemember', 'ciowner'}:
|
|
|
|
|
emailAddress = convertUIDtoEmailAddress(getEmailAddress(), emailTypes=['user', 'group'])
|
|
|
|
|
query = f"member_key_id == '{emailAddress}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
|
|
|
|
|
query = f"member_key_id == '{emailAddress}' && CIGROUP_DISCUSSION_FORUM_LABEL in labels"
|
|
|
|
|
entityList = None
|
|
|
|
|
if myarg == 'ciowner':
|
|
|
|
|
showOwnedBy = emailAddress
|
|
|
|
|
@@ -43337,11 +43400,7 @@ def getUserAttributes(cd, updateCmd, noUid=False):
|
|
|
|
|
body['name'][up] = getString(Cmd.OB_STRING, minLen=0, maxLen=60)
|
|
|
|
|
elif up == 'displayName':
|
|
|
|
|
body.setdefault('name', {})
|
|
|
|
|
# sigh, the API is wonky. If we set just displayName
|
|
|
|
|
# we get an error. But if we also "set" fullName which is
|
|
|
|
|
# really just a concat of first/last name and can't be set
|
|
|
|
|
# then it works. Go figure.
|
|
|
|
|
body['name']['displayName'] = body['name']['fullName'] = getString(Cmd.OB_STRING, minLen=0, maxLen=256)
|
|
|
|
|
body['name']['displayName'] = getString(Cmd.OB_STRING, minLen=0, maxLen=256)
|
|
|
|
|
elif PwdOpts.ProcessPropertyArgument(myarg, up, body):
|
|
|
|
|
pass
|
|
|
|
|
elif propertyClass == UProp.PC_BOOLEAN:
|
|
|
|
|
@@ -44833,7 +44892,7 @@ def infoUsers(entityList):
|
|
|
|
|
group_email = group_name_mapping[group_name]
|
|
|
|
|
for edge in adj.get('edges', []):
|
|
|
|
|
seen_group_count[group_email] = seen_group_count.get(group_email, 0) + 1
|
|
|
|
|
member_email = edge.get(CIGROUP_MEMBERKEY, {}).get('id')
|
|
|
|
|
member_email = edge.get('preferredMemberKey', {}).get('id')
|
|
|
|
|
edges.append((member_email, group_email))
|
|
|
|
|
printUserCIGroupMap(user['primaryEmail'], group_displayname_mapping, seen_group_count, edges, 'direct')
|
|
|
|
|
if max(seen_group_count.values()) > 1:
|
|
|
|
|
@@ -53517,7 +53576,7 @@ def printDriveActivity(users):
|
|
|
|
|
except GAPI.badRequest as e:
|
|
|
|
|
entityActionFailedWarning([Ent.USER, user, entityType, fileId], str(e), i, count)
|
|
|
|
|
continue
|
|
|
|
|
except GAPI.serviceNotAvailable:
|
|
|
|
|
except GAPI.serviceNotAvailable as e:
|
|
|
|
|
userDriveServiceNotEnabledWarning(user, str(e), i, count)
|
|
|
|
|
continue
|
|
|
|
|
csvPF.writeCSVfile('Drive Activity')
|
|
|
|
|
@@ -65516,31 +65575,29 @@ def printShowSharedDrives(users, useDomainAdminAccess=False):
|
|
|
|
|
else:
|
|
|
|
|
matchedFeed = feed
|
|
|
|
|
jcount = len(matchedFeed)
|
|
|
|
|
if jcount == 0:
|
|
|
|
|
setSysExitRC(NO_ENTITIES_FOUND_RC)
|
|
|
|
|
if not csvPF:
|
|
|
|
|
if not FJQC.formatJSON:
|
|
|
|
|
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
|
|
|
|
|
if jcount == 0:
|
|
|
|
|
setSysExitRC(NO_ENTITIES_FOUND_RC)
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
j = 0
|
|
|
|
|
for shareddrive in matchedFeed:
|
|
|
|
|
j += 1
|
|
|
|
|
shareddrive = stripNonShowFields(shareddrive)
|
|
|
|
|
_showSharedDrive(user, shareddrive, j, jcount, FJQC)
|
|
|
|
|
Ind.Decrement()
|
|
|
|
|
else:
|
|
|
|
|
if not csvPF:
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
j = 0
|
|
|
|
|
for shareddrive in matchedFeed:
|
|
|
|
|
j += 1
|
|
|
|
|
shareddrive = stripNonShowFields(shareddrive)
|
|
|
|
|
_showSharedDrive(user, shareddrive, j, jcount, FJQC)
|
|
|
|
|
Ind.Decrement()
|
|
|
|
|
else:
|
|
|
|
|
for shareddrive in matchedFeed:
|
|
|
|
|
shareddrive = stripNonShowFields(shareddrive)
|
|
|
|
|
if FJQC.formatJSON:
|
|
|
|
|
row = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name']}
|
|
|
|
|
if not useDomainAdminAccess:
|
|
|
|
|
row['role'] = shareddrive['role'] if not guiRoles else SHAREDDRIVE_API_GUI_ROLES_MAP[shareddrive['role']]
|
|
|
|
|
row['JSON'] = json.dumps(cleanJSON(shareddrive, timeObjects=SHAREDDRIVE_TIME_OBJECTS), ensure_ascii=False, sort_keys=True)
|
|
|
|
|
csvPF.WriteRow(row)
|
|
|
|
|
else:
|
|
|
|
|
csvPF.WriteRowTitles(flattenJSON(shareddrive, flattened={'User': user}, timeObjects=SHAREDDRIVE_TIME_OBJECTS))
|
|
|
|
|
for shareddrive in matchedFeed:
|
|
|
|
|
shareddrive = stripNonShowFields(shareddrive)
|
|
|
|
|
if FJQC.formatJSON:
|
|
|
|
|
row = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name']}
|
|
|
|
|
if not useDomainAdminAccess:
|
|
|
|
|
row['role'] = shareddrive['role'] if not guiRoles else SHAREDDRIVE_API_GUI_ROLES_MAP[shareddrive['role']]
|
|
|
|
|
row['JSON'] = json.dumps(cleanJSON(shareddrive, timeObjects=SHAREDDRIVE_TIME_OBJECTS), ensure_ascii=False, sort_keys=True)
|
|
|
|
|
csvPF.WriteRow(row)
|
|
|
|
|
else:
|
|
|
|
|
csvPF.WriteRowTitles(flattenJSON(shareddrive, flattened={'User': user}, timeObjects=SHAREDDRIVE_TIME_OBJECTS))
|
|
|
|
|
if csvPF:
|
|
|
|
|
csvPF.writeCSVfile('SharedDrives')
|
|
|
|
|
|
|
|
|
|
@@ -65599,29 +65656,27 @@ def doPrintShowOrgunitSharedDrives():
|
|
|
|
|
customer=_getCustomersCustomerIdWithC(),
|
|
|
|
|
filter="type == 'shared_drive'")
|
|
|
|
|
jcount = len(sds)
|
|
|
|
|
if jcount == 0:
|
|
|
|
|
setSysExitRC(NO_ENTITIES_FOUND_RC)
|
|
|
|
|
if not csvPF:
|
|
|
|
|
if not FJQC.formatJSON:
|
|
|
|
|
entityPerformActionNumItems([Ent.ORGANIZATIONAL_UNIT, orgUnitPath], jcount, Ent.SHAREDDRIVE)
|
|
|
|
|
if jcount == 0:
|
|
|
|
|
setSysExitRC(NO_ENTITIES_FOUND_RC)
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
j = 0
|
|
|
|
|
for shareddrive in sds:
|
|
|
|
|
j += 1
|
|
|
|
|
_getOrgUnitSharedDriveInfo(shareddrive)
|
|
|
|
|
_showOrgUnitSharedDrive(shareddrive, j, jcount, FJQC)
|
|
|
|
|
Ind.Decrement()
|
|
|
|
|
else:
|
|
|
|
|
if not csvPF:
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
j = 0
|
|
|
|
|
for shareddrive in sds:
|
|
|
|
|
j += 1
|
|
|
|
|
_getOrgUnitSharedDriveInfo(shareddrive)
|
|
|
|
|
_showOrgUnitSharedDrive(shareddrive, j, jcount, FJQC)
|
|
|
|
|
Ind.Decrement()
|
|
|
|
|
else:
|
|
|
|
|
for shareddrive in sds:
|
|
|
|
|
_getOrgUnitSharedDriveInfo(shareddrive)
|
|
|
|
|
if FJQC.formatJSON:
|
|
|
|
|
row = {'name': shareddrive['name']}
|
|
|
|
|
row['JSON'] = json.dumps(cleanJSON(shareddrive), ensure_ascii=False, sort_keys=True)
|
|
|
|
|
csvPF.WriteRow(row)
|
|
|
|
|
else:
|
|
|
|
|
csvPF.WriteRowTitles(flattenJSON(shareddrive))
|
|
|
|
|
for shareddrive in sds:
|
|
|
|
|
_getOrgUnitSharedDriveInfo(shareddrive)
|
|
|
|
|
if FJQC.formatJSON:
|
|
|
|
|
row = {'name': shareddrive['name']}
|
|
|
|
|
row['JSON'] = json.dumps(cleanJSON(shareddrive), ensure_ascii=False, sort_keys=True)
|
|
|
|
|
csvPF.WriteRow(row)
|
|
|
|
|
else:
|
|
|
|
|
csvPF.WriteRowTitles(flattenJSON(shareddrive))
|
|
|
|
|
if csvPF:
|
|
|
|
|
csvPF.writeCSVfile('OrgUnit {orgUnitPath} SharedDrives')
|
|
|
|
|
|
|
|
|
|
@@ -65706,7 +65761,7 @@ SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP = {
|
|
|
|
|
# [oneitemperrow] [maxitems <Integer>]
|
|
|
|
|
# [shownopermissionsdrives false|true|only]
|
|
|
|
|
# [<DrivePermissionsFieldName>*|(fields <DrivePermissionsFieldNameList>)]
|
|
|
|
|
# [formatjsn]
|
|
|
|
|
# [formatjson]
|
|
|
|
|
def printShowSharedDriveACLs(users, useDomainAdminAccess=False):
|
|
|
|
|
def _printPermissionRow(baserow, permission):
|
|
|
|
|
row = baserow.copy()
|
|
|
|
|
@@ -65896,7 +65951,8 @@ def printShowSharedDriveACLs(users, useDomainAdminAccess=False):
|
|
|
|
|
if jcount == 0:
|
|
|
|
|
setSysExitRC(NO_ENTITIES_FOUND_RC)
|
|
|
|
|
if not csvPF:
|
|
|
|
|
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
|
|
|
|
|
if not FJQC.formatJSON:
|
|
|
|
|
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
|
|
|
|
|
Ind.Increment()
|
|
|
|
|
j = 0
|
|
|
|
|
for shareddrive in matchFeed:
|
|
|
|
|
@@ -67123,7 +67179,7 @@ LICENSE_PREVIEW_TITLES = ['user', 'productId', 'skuId', 'action', 'message']
|
|
|
|
|
|
|
|
|
|
def getLicenseParameters(operation):
|
|
|
|
|
lic = buildGAPIObject(API.LICENSING)
|
|
|
|
|
parameters = {LICENSE_PRODUCT_SKUIDS: [], 'csvPF': None, 'preview': False, 'syncOperation': 'addremove', 'syncACLsMode': None}
|
|
|
|
|
parameters = {LICENSE_PRODUCT_SKUIDS: [], 'csvPF': None, 'preview': False, 'syncOperation': 'addremove', 'syncACLsMode': None, 'archive': False}
|
|
|
|
|
skuLocation = Cmd.Location()
|
|
|
|
|
if operation != 'patch':
|
|
|
|
|
parameters[LICENSE_PRODUCT_SKUIDS] = getGoogleSKUList(allowUnknownProduct=True)
|
|
|
|
|
@@ -67153,6 +67209,10 @@ def getLicenseParameters(operation):
|
|
|
|
|
if operation == 'patch':
|
|
|
|
|
titles.insert(2, 'oldskuId')
|
|
|
|
|
parameters['csvPF'] = CSVPrintFile(titles)
|
|
|
|
|
elif operation == 'patch' and myarg == 'archive':
|
|
|
|
|
if skuId not in SKU.ARCHIVABLE_SKUS:
|
|
|
|
|
usageErrorExit(Msg.SKU_HAS_NO_MATCHING_ARCHIVED_USER_SKU.format(skuId))
|
|
|
|
|
parameters['archive'] = True
|
|
|
|
|
else:
|
|
|
|
|
unknownArgumentExit()
|
|
|
|
|
for productSku in parameters[LICENSE_PRODUCT_SKUIDS]:
|
|
|
|
|
@@ -67258,13 +67318,17 @@ def createLicense(users):
|
|
|
|
|
if parameters['csvPF']:
|
|
|
|
|
parameters['csvPF'].writeCSVfile('Create Licenses')
|
|
|
|
|
|
|
|
|
|
# gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID> [preview] [actioncsv]
|
|
|
|
|
# gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID>
|
|
|
|
|
# [preview] [actioncsv] [archive]
|
|
|
|
|
def updateLicense(users):
|
|
|
|
|
lic, parameters = getLicenseParameters('patch')
|
|
|
|
|
j, jcount, users = getEntityArgument(users)
|
|
|
|
|
Act.Set([Act.UPDATE, Act.UPDATE_PREVIEW][parameters['preview']])
|
|
|
|
|
cd = None
|
|
|
|
|
if parameters['preview']:
|
|
|
|
|
message = Act.PREVIEW
|
|
|
|
|
elif parameters['archive']:
|
|
|
|
|
cd = buildGAPIObject(API.DIRECTORY)
|
|
|
|
|
productId, skuId, oldSkuId = parameters[LICENSE_PRODUCT_SKUIDS][0]
|
|
|
|
|
body = {'skuId': skuId}
|
|
|
|
|
entityPerformActionModifierNumItems([Ent.LICENSE, SKU.skuIdToDisplayName(skuId)], Msg.FOR, jcount, Ent.USER)
|
|
|
|
|
@@ -67290,6 +67354,22 @@ def updateLicense(users):
|
|
|
|
|
except GAPI.userNotFound as e:
|
|
|
|
|
message = str(e)
|
|
|
|
|
entityUnknownWarning(Ent.USER, user, j, jcount)
|
|
|
|
|
if parameters['archive'] and message == Act.SUCCESS:
|
|
|
|
|
Act.Set(Act.ARCHIVE)
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(cd.users(), 'update',
|
|
|
|
|
throwReasons=[GAPI.USER_NOT_FOUND, GAPI.DOMAIN_NOT_FOUND,
|
|
|
|
|
GAPI.FORBIDDEN, GAPI.BAD_REQUEST,
|
|
|
|
|
GAPI.INSUFFICIENT_ARCHIVED_USER_LICENSES],
|
|
|
|
|
retryReasons=[GAPI.INSUFFICIENT_ARCHIVED_USER_LICENSES],
|
|
|
|
|
userKey=user, body={'archived': True})
|
|
|
|
|
entityActionPerformed([Ent.USER, user], j, jcount)
|
|
|
|
|
except GAPI.userNotFound:
|
|
|
|
|
entityUnknownWarning(Ent.USER, user, j, jcount)
|
|
|
|
|
except (GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.forbidden, GAPI.badRequest,
|
|
|
|
|
GAPI.insufficientArchivedUserLicenses) as e:
|
|
|
|
|
entityActionFailedWarning([Ent.USER, user], str(e), j, jcount)
|
|
|
|
|
Act.Set(Act.UPDATE)
|
|
|
|
|
if parameters['csvPF']:
|
|
|
|
|
_writeLicenseAction(productId, skuId, oldSkuId, parameters, user, Act.UPDATE, message)
|
|
|
|
|
Ind.Decrement()
|
|
|
|
|
@@ -69629,8 +69709,9 @@ def archiveMessages(users):
|
|
|
|
|
stream.write(base64.urlsafe_b64decode(str(message['raw'])))
|
|
|
|
|
try:
|
|
|
|
|
callGAPI(gm.archive(), 'insert',
|
|
|
|
|
throwReasons=GAPI.GMAIL_THROW_REASONS+[GAPI.BAD_REQUEST, GAPI.INVALID,
|
|
|
|
|
throwReasons=GAPI.GMAIL_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.BAD_REQUEST, GAPI.INVALID,
|
|
|
|
|
GAPI.FAILED_PRECONDITION, GAPI.FORBIDDEN],
|
|
|
|
|
retryReasons=[GAPI.NOT_FOUND],
|
|
|
|
|
groupId=group, media_body=googleapiclient.http.MediaIoBaseUpload(stream, mimetype='message/rfc822', resumable=True))
|
|
|
|
|
if not csvPF:
|
|
|
|
|
entityActionPerformed([Ent.USER, user, entityType, messageId], j, jcount)
|
|
|
|
|
@@ -69639,6 +69720,9 @@ def archiveMessages(users):
|
|
|
|
|
except GAPI.serviceNotAvailable:
|
|
|
|
|
userGmailServiceNotEnabledWarning(user, i, count)
|
|
|
|
|
break
|
|
|
|
|
except GAPI.notFound as e:
|
|
|
|
|
_processMessageFailed(user, messageId, str(e), j, jcount)
|
|
|
|
|
break
|
|
|
|
|
except (GAPI.badRequest, GAPI.invalid, GAPI.failedPrecondition, GAPI.forbidden,
|
|
|
|
|
googleapiclient.errors.MediaUploadSizeError) as e:
|
|
|
|
|
_processMessageFailed(user, messageId, str(e), j, jcount)
|
|
|
|
|
@@ -71907,7 +71991,8 @@ def updateFormRequestUpdateMasks(ubody):
|
|
|
|
|
v['updateMask'] = ','.join(v['updateMask'])
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
# gam <UserTypeEntity> create form title <String> [description <String>] [isquiz [<Boolean>]]
|
|
|
|
|
# gam <UserTypeEntity> create form
|
|
|
|
|
# title <String> [description <String>] [isquiz [<Boolean>]] [<JSONData>]
|
|
|
|
|
# [drivefilename <DriveFileName>] [<DriveFileParentAttribute>]
|
|
|
|
|
# [(csv [todrive <ToDriveAttribute>*]) | returnidonly]
|
|
|
|
|
def createForm(users):
|
|
|
|
|
@@ -71926,6 +72011,9 @@ def createForm(users):
|
|
|
|
|
updateFormInfoRequest(myarg, getString(Cmd.OB_STRING, minLen=0), ubody)
|
|
|
|
|
elif myarg == 'isquiz':
|
|
|
|
|
updateFormSettingsRequest('isQuiz', getBoolean(), ubody)
|
|
|
|
|
elif myarg == 'json':
|
|
|
|
|
jsonData = getJSON([])
|
|
|
|
|
ubody['requests'].extend(jsonData.get('requests', []))
|
|
|
|
|
elif myarg == 'drivefilename':
|
|
|
|
|
body['name'] = getString(Cmd.OB_DRIVE_FILE_NAME)
|
|
|
|
|
elif getDriveFileParentAttribute(myarg, parentParms):
|
|
|
|
|
@@ -71988,7 +72076,8 @@ def createForm(users):
|
|
|
|
|
if csvPF:
|
|
|
|
|
csvPF.writeCSVfile('Forms')
|
|
|
|
|
|
|
|
|
|
# gam <UserTypeEntity> update form <DriveFileEntity> [title <String>] [description <String>] [isquiz [Boolean>]
|
|
|
|
|
# gam <UserTypeEntity> update form <DriveFileEntity>
|
|
|
|
|
# [title <String>] [description <String>] [isquiz [Boolean>]] [<JSONData>]
|
|
|
|
|
def updateForm(users):
|
|
|
|
|
ubody = {'includeFormInResponse': False, 'requests': []}
|
|
|
|
|
fileIdEntity = getDriveFileEntity()
|
|
|
|
|
@@ -72000,6 +72089,9 @@ def updateForm(users):
|
|
|
|
|
updateFormInfoRequest(myarg, getString(Cmd.OB_STRING, minLen=0), ubody)
|
|
|
|
|
elif myarg == 'isquiz':
|
|
|
|
|
updateFormSettingsRequest('isQuiz', getBoolean(), ubody)
|
|
|
|
|
elif myarg == 'json':
|
|
|
|
|
jsonData = getJSON([])
|
|
|
|
|
ubody['requests'].extend(jsonData.get('requests', []))
|
|
|
|
|
else:
|
|
|
|
|
unknownArgumentExit()
|
|
|
|
|
updateFormRequestUpdateMasks(ubody)
|
|
|
|
|
|
