mirror of
https://github.com/GAM-team/GAM.git
synced 2026-06-05 06:41:38 +00:00
Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
bdc763c91a | ||
|
|
2ec19cc197 | ||
|
|
387ad7f9d9 | ||
|
|
ed8af7d81c | ||
|
|
d955f49684 | ||
|
|
bcd75a979f | ||
|
|
5cc46fc4ee |
14
.github/ISSUE_TEMPLATE.txt
vendored
14
.github/ISSUE_TEMPLATE.txt
vendored
@@ -1,14 +0,0 @@
|
||||
The issue tracker is for reporting product deficiencies. "How do I?" questions should be posted to the discussion forum at https://groups.google.com/group/google-apps-manager. When in doubt, start at the discussion forum and return here only when instructed to do so.
|
||||
|
||||
Please confirm the following:
|
||||
* I have upgraded to the latest GAM release from https://github.com/GAM-team/GAM/releases and I still have this issue.
|
||||
* I am typing the command as described in the GAM Wiki at https://github.com/GAM-team/GAM/wiki
|
||||
|
||||
Full steps to reproduce the issue:
|
||||
1.
|
||||
2.
|
||||
3.
|
||||
|
||||
Expected outcome (what are you trying to do?):
|
||||
|
||||
Actual outcome (what errors or bad behavior do you see instead?):
|
||||
14
.github/ISSUE_TEMPLATE/aa-question.md
vendored
14
.github/ISSUE_TEMPLATE/aa-question.md
vendored
@@ -1,14 +0,0 @@
|
||||
---
|
||||
name: Question about using GAM
|
||||
about: Help with using GAM or running it for the first time
|
||||
title: Please use the GAM discussion group
|
||||
labels: invalid
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
If you need help with GAM, please do not file an issue here, it will be closed and ignored.
|
||||
|
||||
Please post your question to the GAM discussion group where other admins are ready and willing to help:
|
||||
|
||||
https://groups.google.com/g/google-apps-manager
|
||||
23
.github/ISSUE_TEMPLATE/za-bug-report.md
vendored
23
.github/ISSUE_TEMPLATE/za-bug-report.md
vendored
@@ -1,23 +0,0 @@
|
||||
---
|
||||
name: Bug report
|
||||
about: Create a report to help us improve
|
||||
title: ''
|
||||
labels: bug
|
||||
assignees: jay0lee
|
||||
|
||||
---
|
||||
|
||||
The issue tracker is for reporting product deficiencies. "How do I?" questions should be posted to the discussion forum at https://groups.google.com/group/google-apps-manager. When in doubt, start at the discussion forum and return here only when instructed to do so.
|
||||
|
||||
Please confirm the following:
|
||||
* I have upgraded to the latest GAM release from https://github.com/GAM-team/GAM/releases and I still have this issue.
|
||||
* I am typing the command as described in the GAM Wiki at https://github.com/jay0lee/gam/wiki
|
||||
|
||||
Full steps to reproduce the issue:
|
||||
1.
|
||||
2.
|
||||
3.
|
||||
|
||||
Expected outcome (what are you trying to do?):
|
||||
|
||||
Actual outcome (what errors or bad behavior do you see instead?):
|
||||
20
.github/ISSUE_TEMPLATE/zz-feature-request.md
vendored
20
.github/ISSUE_TEMPLATE/zz-feature-request.md
vendored
@@ -1,20 +0,0 @@
|
||||
---
|
||||
name: Feature request
|
||||
about: Suggest an idea for GAM
|
||||
title: ''
|
||||
labels: enhancement
|
||||
assignees: jay0lee
|
||||
|
||||
---
|
||||
|
||||
**Is your feature request related to a problem? Please describe.**
|
||||
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
|
||||
|
||||
**Describe the solution you'd like**
|
||||
A clear and concise description of what you want to happen.
|
||||
|
||||
**Describe alternatives you've considered**
|
||||
A clear and concise description of any alternative solutions or features you've considered.
|
||||
|
||||
**Additional context**
|
||||
Add any other context or screenshots about the feature request here.
|
||||
BIN
.github/actions/creds.tar.xz.gpg
vendored
BIN
.github/actions/creds.tar.xz.gpg
vendored
Binary file not shown.
18
.github/actions/decrypt.sh
vendored
18
.github/actions/decrypt.sh
vendored
@@ -1,18 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
gpgfile="$1"
|
||||
echo "source file is ${gpgfile}"
|
||||
credsfile="$2"
|
||||
echo "target file is ${credsfile}"
|
||||
if [ -z ${PASSCODE+x} ]; then
|
||||
echo "PASSCODE is unset";
|
||||
else
|
||||
echo "PASSCODE is set";
|
||||
fi
|
||||
|
||||
gpg --quiet --batch --yes --decrypt --passphrase="${PASSCODE}" \
|
||||
--output "${credsfile}" "${gpgfile}"
|
||||
|
||||
tar xvvf "${credsfile}" --directory "${gampath}"
|
||||
rm -rvf "${gpgfile}"
|
||||
rm -rvf "${credsfile}"
|
||||
7
.github/actions/package_exclusions.txt
vendored
7
.github/actions/package_exclusions.txt
vendored
@@ -1,7 +0,0 @@
|
||||
oauth2.txt
|
||||
nobrowser.txt
|
||||
enabledasa.txt
|
||||
lastupdatecheck.txt
|
||||
*.json
|
||||
*.lck
|
||||
*.csv
|
||||
61
.github/stale.yml
vendored
61
.github/stale.yml
vendored
@@ -1,61 +0,0 @@
|
||||
# Configuration for probot-stale - https://github.com/probot/stale
|
||||
|
||||
# Number of days of inactivity before an Issue or Pull Request becomes stale
|
||||
daysUntilStale: 90
|
||||
|
||||
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
|
||||
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
|
||||
daysUntilClose: 7
|
||||
|
||||
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
|
||||
onlyLabels: []
|
||||
|
||||
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
|
||||
exemptLabels:
|
||||
- pinned
|
||||
- enhancement
|
||||
- help wanted
|
||||
- security
|
||||
|
||||
# Set to true to ignore issues in a project (defaults to false)
|
||||
exemptProjects: false
|
||||
|
||||
# Set to true to ignore issues in a milestone (defaults to false)
|
||||
exemptMilestones: false
|
||||
|
||||
# Set to true to ignore issues with an assignee (defaults to false)
|
||||
exemptAssignees: false
|
||||
|
||||
# Label to use when marking as stale
|
||||
staleLabel: wontfix
|
||||
|
||||
# Comment to post when marking as stale. Set to `false` to disable
|
||||
markComment: >
|
||||
This issue has been automatically marked as stale because it has not had
|
||||
recent activity. It will be closed if no further activity occurs.
|
||||
|
||||
# Comment to post when removing the stale label.
|
||||
# unmarkComment: >
|
||||
# Your comment here.
|
||||
|
||||
# Comment to post when closing a stale Issue or Pull Request.
|
||||
# closeComment: >
|
||||
# Your comment here.
|
||||
|
||||
# Limit the number of actions per hour, from 1-30. Default is 30
|
||||
limitPerRun: 30
|
||||
|
||||
# Limit to only `issues` or `pulls`
|
||||
# only: issues
|
||||
|
||||
# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
|
||||
# pulls:
|
||||
# daysUntilStale: 30
|
||||
# markComment: >
|
||||
# This pull request has been automatically marked as stale because it has not had
|
||||
# recent activity. It will be closed if no further activity occurs. Thank you
|
||||
# for your contributions.
|
||||
|
||||
# issues:
|
||||
# exemptLabels:
|
||||
# - confirmed
|
||||
793
.github/workflows/build.yml
vendored
793
.github/workflows/build.yml
vendored
@@ -1,793 +0,0 @@
|
||||
name: Build and test GAM
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
schedule:
|
||||
- cron: '37 22 * * *'
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
working-directory: src
|
||||
|
||||
env:
|
||||
OPENSSL_CONFIG_OPTS: no-fips
|
||||
OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
|
||||
OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
|
||||
PYTHON_INSTALL_PATH: ${{ github.workspace }}/bin/python
|
||||
PYTHON_SOURCE_PATH: ${{ github.workspace }}/src/cpython
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- os: ubuntu-20.04
|
||||
jid: 1
|
||||
goal: build
|
||||
arch: x86_64
|
||||
openssl_archs: linux-x86_64
|
||||
- os: [self-hosted, linux, arm64, gcp]
|
||||
jid: 2
|
||||
goal: build
|
||||
arch: aarch64
|
||||
openssl_archs: linux-aarch64
|
||||
- os: ubuntu-20.04
|
||||
jid: 3
|
||||
goal: build
|
||||
arch: x86_64
|
||||
openssl_archs: linux-x86_64
|
||||
staticx: yes
|
||||
- os: [self-hosted, linux, arm64, gcp]
|
||||
jid: 4
|
||||
goal: build
|
||||
arch: aarch64
|
||||
openssl_archs: linux-aarch64
|
||||
staticx: yes
|
||||
- os: macos-12
|
||||
jid: 5
|
||||
goal: build
|
||||
arch: universal2
|
||||
openssl_archs: darwin64-x86_64 darwin64-arm64
|
||||
- os: windows-2022
|
||||
jid: 6
|
||||
goal: build
|
||||
arch: Win64
|
||||
openssl_archs: VC-WIN64A
|
||||
- os: windows-2022
|
||||
jid: 7
|
||||
goal: build
|
||||
arch: Win32
|
||||
openssl_archs: VC-WIN32
|
||||
- os: ubuntu-22.04
|
||||
goal: test
|
||||
python: "3.7"
|
||||
jid: 8
|
||||
arch: x86_64
|
||||
- os: ubuntu-22.04
|
||||
goal: test
|
||||
python: "3.8"
|
||||
jid: 9
|
||||
arch: x86_64
|
||||
- os: ubuntu-22.04
|
||||
goal: test
|
||||
python: "3.9"
|
||||
jid: 10
|
||||
arch: x86_64
|
||||
- os: ubuntu-22.04
|
||||
goal: test
|
||||
python: "3.10"
|
||||
jid: 11
|
||||
arch: x86_64
|
||||
- os: ubuntu-22.04
|
||||
goal: test
|
||||
python: "3.12.0-alpha - 3.12"
|
||||
jid: 12
|
||||
arch: x86_64
|
||||
|
||||
steps:
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
persist-credentials: false
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Cache multiple paths
|
||||
if: matrix.goal == 'build'
|
||||
uses: actions/cache@v3
|
||||
id: cache-python-ssl
|
||||
with:
|
||||
path: |
|
||||
bin.tar.xz
|
||||
src/cpython
|
||||
key: gam-${{ matrix.jid }}-20230208
|
||||
|
||||
- name: Untar Cache archive
|
||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
|
||||
working-directory: ${{ github.workspace }}
|
||||
run: |
|
||||
tar xvvf bin.tar.xz
|
||||
|
||||
- name: Use pre-compiled Python for testing
|
||||
if: matrix.python != ''
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: ${{ matrix.python }}
|
||||
|
||||
- name: Set env variables for test
|
||||
if: matrix.goal == 'test'
|
||||
env:
|
||||
JID: ${{ matrix.jid }}
|
||||
ACTIONS_CACHE: ${{ steps.cache-python-ssl.outputs.cache-hit }}
|
||||
ACTIONS_GOAL: ${{ matrix.goal }}
|
||||
run: |
|
||||
export PYTHON=$(which python3)
|
||||
export PIP=$(which pip3)
|
||||
export gam="${PYTHON} -m gam"
|
||||
export gampath="$(readlink -e .)"
|
||||
echo -e "PYTHON: ${PYTHON}\nPIP: ${PIP}\gam: ${gam}\ngampath: ${gampath}"
|
||||
echo "PYTHON=${PYTHON}" >> $GITHUB_ENV
|
||||
echo "PIP=${PIP}" >> $GITHUB_ENV
|
||||
echo "gam=${gam}" >> $GITHUB_ENV
|
||||
echo "gampath=${gampath}" >> $GITHUB_ENV
|
||||
echo "JID=${JID}" >> $GITHUB_ENV
|
||||
echo "ACTIONS_CACHE=${ACTIONS_CACHE}" >> $GITHUB_ENV
|
||||
echo "ACTIONS_GOAL=${ACTIONS_GOAL}" >> $GITHUB_ENV
|
||||
|
||||
- name: Install necessary Github-hosted Linux packages
|
||||
if: runner.os == 'Linux' && runner.arch == 'X64'
|
||||
run: |
|
||||
echo "RUNNING: apt update..."
|
||||
sudo apt-get -qq --yes update
|
||||
sudo apt-get -qq --yes install swig libpcsclite-dev
|
||||
|
||||
#- name: MacOS remove Homebrew
|
||||
# if: runner.os == 'macOS'
|
||||
# run: |
|
||||
# # remove everything except the libraries needed by yubikey-manager
|
||||
# brew uninstall $(brew list | grep -v 'pcre\|swig\|pcsc-lite')
|
||||
|
||||
- name: MacOS install tools
|
||||
if: runner.os == 'macOS'
|
||||
run: |
|
||||
# Install latest Rust
|
||||
curl --retry 5 --retry-connrefused -fsS -o rust.sh https://sh.rustup.rs
|
||||
bash ./rust.sh -y
|
||||
source $HOME/.cargo/env
|
||||
# needed for Rust to compile cryptography Python package for universal2
|
||||
rustup target add aarch64-apple-darwin
|
||||
|
||||
- name: Windows Configure VCode
|
||||
uses: ilammy/msvc-dev-cmd@v1
|
||||
if: runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
with:
|
||||
arch: ${{ matrix.arch }}
|
||||
|
||||
- name: Set Env Variables for build
|
||||
if: matrix.goal == 'build'
|
||||
env:
|
||||
arch: ${{ matrix.arch }}
|
||||
jid: ${{ matrix.jid }}
|
||||
openssl_archs: ${{ matrix.openssl_archs }}
|
||||
staticx: ${{ matrix.staticx }}
|
||||
run: |
|
||||
echo "We are running on ${RUNNER_OS}"
|
||||
LD_LIBRARY_PATH="${OPENSSL_INSTALL_PATH}/lib:${PYTHON_INSTALL_PATH}/lib"
|
||||
if [[ "${arch}" == "Win64" ]]; then
|
||||
PYEXTERNALS_PATH="amd64"
|
||||
PYBUILDRELEASE_ARCH="x64"
|
||||
GAM_ARCHIVE_ARCH="x86_64"
|
||||
WIX_ARCH="x64"
|
||||
CHOC_OPS=""
|
||||
elif [[ "${arch}" == "Win32" ]]; then
|
||||
PYEXTERNALS_PATH="win32"
|
||||
PYBUILDRELEASE_ARCH="Win32"
|
||||
GAM_ARCHIVE_ARCH="x86"
|
||||
WIX_ARCH="x86"
|
||||
CHOC_OPS="--forcex86"
|
||||
fi
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
#brew install coreutils
|
||||
#brew install bash
|
||||
MAKE=make
|
||||
MAKEOPT="-j$(sysctl -n hw.logicalcpu)"
|
||||
PERL=perl
|
||||
echo "MACOSX_DEPLOYMENT_TARGET=10.15" >> $GITHUB_ENV
|
||||
echo "PYTHON=${PYTHON_INSTALL_PATH}/bin/python3" >> $GITHUB_ENV
|
||||
echo "PIP_ARGS=--no-binary=:all:" >> $GITHUB_ENV
|
||||
elif [[ "${RUNNER_OS}" == "Linux" ]]; then
|
||||
MAKE=make
|
||||
MAKEOPT="-j$(nproc)"
|
||||
PERL=perl
|
||||
echo "PYTHON=${PYTHON_INSTALL_PATH}/bin/python3" >> $GITHUB_ENV
|
||||
elif [[ "${RUNNER_OS}" == "Windows" ]]; then
|
||||
MAKE=nmake
|
||||
MAKEOPT=""
|
||||
PERL="c:\strawberry\perl\bin\perl.exe"
|
||||
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${PYTHON_SOURCE_PATH}/PCbuild/${PYEXTERNALS_PATH}"
|
||||
echo "PYTHON=${PYTHON_SOURCE_PATH}/PCbuild/${PYEXTERNALS_PATH}/python.exe" >> $GITHUB_ENV
|
||||
echo "GAM_ARCHIVE_ARCH=${GAM_ARCHIVE_ARCH}" >> $GITHUB_ENV
|
||||
echo "WIX_ARCH=${WIX_ARCH}" >> $GITHUB_ENV
|
||||
fi
|
||||
echo "We'll run make with: ${MAKEOPT}"
|
||||
echo "JID=${jid}" >> $GITHUB_ENV
|
||||
echo "staticx=${staticx}" >> $GITHUB_ENV
|
||||
echo "arch=${arch}" >> $GITHUB_ENV
|
||||
echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}" >> $GITHUB_ENV
|
||||
echo "MAKE=${MAKE}" >> $GITHUB_ENV
|
||||
echo "MAKEOPT=${MAKEOPT}" >> $GITHUB_ENV
|
||||
echo "PERL=${PERL}" >> $GITHUB_ENV
|
||||
echo "PYEXTERNALS_PATH=${PYEXTERNALS_PATH}" >> $GITHUB_ENV
|
||||
echo "PYBUILDRELEASE_ARCH=${PYBUILDRELEASE_ARCH}" >> $GITHUB_ENV
|
||||
echo "openssl_archs=${openssl_archs}" >> $GITHUB_ENV
|
||||
|
||||
- name: Get latest stable OpenSSL source
|
||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
mkdir -vp "${GITHUB_WORKSPACE}/src"
|
||||
cd "${GITHUB_WORKSPACE}/src"
|
||||
git clone https://github.com/openssl/openssl.git
|
||||
cd "${OPENSSL_SOURCE_PATH}"
|
||||
export LATEST_STABLE_TAG=$(git tag --list openssl-* | grep -v alpha | grep -v beta | sort -Vr | head -n1)
|
||||
echo "Checking out version ${LATEST_STABLE_TAG}"
|
||||
git checkout "${LATEST_STABLE_TAG}"
|
||||
export COMPILED_OPENSSL_VERSION=${LATEST_STABLE_TAG:8} # Trim the openssl- prefix
|
||||
echo "COMPILED_OPENSSL_VERSION=${COMPILED_OPENSSL_VERSION}" >> $GITHUB_ENV
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
for openssl_arch in $openssl_archs; do
|
||||
ssldir="${OPENSSL_SOURCE_PATH}-${openssl_arch}"
|
||||
mkdir -v "${ssldir}"
|
||||
cp -vrf ${OPENSSL_SOURCE_PATH}/* "${ssldir}/"
|
||||
done
|
||||
rm -vrf "${OPENSSL_SOURCE_PATH}"
|
||||
else
|
||||
mv -v "${OPENSSL_SOURCE_PATH}" "${OPENSSL_SOURCE_PATH}-${openssl_archs}"
|
||||
fi
|
||||
|
||||
- name: Windows NASM Install
|
||||
uses: ilammy/setup-nasm@v1
|
||||
if: matrix.goal == 'build' && runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
|
||||
- name: Config OpenSSL
|
||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
for openssl_arch in $openssl_archs; do
|
||||
cd "${GITHUB_WORKSPACE}/src/openssl-${openssl_arch}"
|
||||
# --libdir=lib is needed so Python can find OpenSSL libraries
|
||||
"${PERL}" ./Configure "${openssl_arch}" --libdir=lib --prefix="${OPENSSL_INSTALL_PATH}" $OPENSSL_CONFIG_OPTS
|
||||
done
|
||||
|
||||
- name: Rename GNU link on Windows
|
||||
if: matrix.goal == 'build' && runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
shell: bash
|
||||
run: mv /usr/bin/link /usr/bin/gnulink
|
||||
|
||||
- name: Make OpenSSL
|
||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
for openssl_arch in $openssl_archs; do
|
||||
cd "${GITHUB_WORKSPACE}/src/openssl-${openssl_arch}"
|
||||
$MAKE "${MAKEOPT}"
|
||||
done
|
||||
|
||||
- name: Install OpenSSL
|
||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
for openssl_arch in $openssl_archs; do
|
||||
cd "${GITHUB_WORKSPACE}/src/openssl-${openssl_arch}"
|
||||
# install_sw saves us ages processing man pages :-)
|
||||
$MAKE install_sw
|
||||
mv "${OPENSSL_INSTALL_PATH}" "${GITHUB_WORKSPACE}/bin/ssl-${openssl_arch}"
|
||||
done
|
||||
mkdir -vp "${OPENSSL_INSTALL_PATH}/lib"
|
||||
mkdir -vp "${OPENSSL_INSTALL_PATH}/bin"
|
||||
for archlib in libcrypto.3.dylib libssl.3.dylib libcrypto.a libssl.a; do
|
||||
lipo -create "${GITHUB_WORKSPACE}/bin/ssl-darwin64-x86_64/lib/${archlib}" \
|
||||
"${GITHUB_WORKSPACE}/bin/ssl-darwin64-arm64/lib/${archlib}" \
|
||||
-output "${GITHUB_WORKSPACE}/bin/ssl/lib/${archlib}"
|
||||
done
|
||||
mv ${GITHUB_WORKSPACE}/bin/ssl-darwin64-x86_64/include ${GITHUB_WORKSPACE}/bin/ssl/
|
||||
lipo -create "${GITHUB_WORKSPACE}/bin/ssl-darwin64-x86_64/bin/openssl" \
|
||||
"${GITHUB_WORKSPACE}/bin/ssl-darwin64-arm64/bin/openssl" \
|
||||
-output "${GITHUB_WORKSPACE}/bin/ssl/bin/openssl"
|
||||
rm -rf ${GITHUB_WORKSPACE}/bin/ssl-darwin64-x86_64
|
||||
rm -rf ${GITHUB_WORKSPACE}/bin/ssl-darwin64-arm64
|
||||
echo "LDFLAGS=-L${OPENSSL_INSTALL_PATH}/lib" >> $GITHUB_ENV
|
||||
echo "CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1" >> $GITHUB_ENV
|
||||
echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include -arch arm64 -arch x86_64" >> $GITHUB_ENV
|
||||
echo "ARCHFLAGS=-arch x86_64 -arch arm64" >> $GITHUB_ENV
|
||||
else
|
||||
cd "${GITHUB_WORKSPACE}/src/openssl-${openssl_archs}"
|
||||
# install_sw saves us ages processing man pages :-)
|
||||
$MAKE install_sw
|
||||
fi
|
||||
|
||||
- name: Run OpenSSL
|
||||
if: matrix.goal == 'build'
|
||||
run: |
|
||||
"${OPENSSL_INSTALL_PATH}/bin/openssl" version
|
||||
file "${OPENSSL_INSTALL_PATH}/bin/openssl"
|
||||
|
||||
- name: Get latest stable Python source
|
||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
cd "${GITHUB_WORKSPACE}/src"
|
||||
git clone https://github.com/python/cpython.git
|
||||
cd "${PYTHON_SOURCE_PATH}"
|
||||
export LATEST_STABLE_TAG=$(git tag --list | grep -v a | grep -v rc | grep -v b | sort -Vr | head -n1)
|
||||
git checkout "${LATEST_STABLE_TAG}"
|
||||
export COMPILED_PYTHON_VERSION=${LATEST_STABLE_TAG:1} # Trim the "v" prefix
|
||||
echo "COMPILED_PYTHON_VERSION=${COMPILED_PYTHON_VERSION}" >> $GITHUB_ENV
|
||||
|
||||
- name: Mac/Linux Configure Python
|
||||
if: matrix.goal == 'build' && runner.os != 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
cd "${PYTHON_SOURCE_PATH}"
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
extra_args=( "--enable-universalsdk" "--with-universal-archs=universal2" )
|
||||
else
|
||||
extra_args=( )
|
||||
fi
|
||||
./configure --with-openssl="${OPENSSL_INSTALL_PATH}" \
|
||||
--prefix="${PYTHON_INSTALL_PATH}" \
|
||||
--enable-shared \
|
||||
--with-ensurepip=upgrade \
|
||||
--enable-optimizations \
|
||||
--with-lto \
|
||||
"${extra_args[@]}"
|
||||
|
||||
- name: Windows Get External Python deps
|
||||
if: matrix.goal == 'build' && runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
shell: powershell
|
||||
run: |
|
||||
cd "${env:PYTHON_SOURCE_PATH}"
|
||||
PCBuild\get_externals.bat
|
||||
|
||||
- name: Windows overwrite external OpenSSL with local
|
||||
if: matrix.goal == 'build' && runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
shell: powershell
|
||||
run: |
|
||||
cd "${env:PYTHON_SOURCE_PATH}"
|
||||
$env:OPENSSL_EXT_PATH = "$(Get-Item externals\openssl-bin-* | Select -exp FullName)\"
|
||||
echo "External OpenSSL was downloaded to ${env:OPENSSL_EXT_PATH}"
|
||||
Remove-Item -recurse -force "${env:OPENSSL_EXT_PATH}*"
|
||||
# Emulate what this script does:
|
||||
# https://github.com/python/cpython/blob/main/PCbuild/openssl.vcxproj
|
||||
$env:OPENSSL_EXT_TARGET_PATH = "${env:OPENSSL_EXT_PATH}${env:PYEXTERNALS_PATH}"
|
||||
echo "Copying our OpenSSL to ${env:OPENSSL_EXT_TARGET_PATH}"
|
||||
mkdir "${env:OPENSSL_EXT_TARGET_PATH}\include\openssl\"
|
||||
Copy-Item -Path "${env:GITHUB_WORKSPACE}/src/openssl-${env:openssl_archs}\LICENSE.txt" -Destination "${env:OPENSSL_EXT_TARGET_PATH}\LICENSE" -Verbose
|
||||
cp -v "$env:OPENSSL_INSTALL_PATH\lib\*" "${env:OPENSSL_EXT_TARGET_PATH}"
|
||||
cp -v "$env:OPENSSL_INSTALL_PATH\bin\*" "${env:OPENSSL_EXT_TARGET_PATH}"
|
||||
cp -v "$env:OPENSSL_INSTALL_PATH\include\openssl\*" "${env:OPENSSL_EXT_TARGET_PATH}\include\openssl\"
|
||||
cp -v "$env:OPENSSL_INSTALL_PATH\include\openssl\applink.c" "${env:OPENSSL_EXT_TARGET_PATH}\include\"
|
||||
|
||||
- name: Windows Install sphinx-build
|
||||
if: matrix.goal == 'build' && runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
shell: powershell
|
||||
run: |
|
||||
pip install --upgrade pip
|
||||
pip install --upgrade sphinx
|
||||
sphinx-build --version
|
||||
|
||||
- name: Windows Config/Build Python
|
||||
if: matrix.goal == 'build' && runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
shell: powershell
|
||||
run: |
|
||||
cd "${env:PYTHON_SOURCE_PATH}"
|
||||
# We need out custom openssl.props which uses OpenSSL 3 DLL names
|
||||
Copy-Item -Path "${env:GITHUB_WORKSPACE}\src\tools\openssl.props" -Destination PCBuild\ -Verbose
|
||||
echo "Building for ${env:PYBUILDRELEASE_ARCH}..."
|
||||
PCBuild\build.bat -m --pgo -c Release -p "${env:PYBUILDRELEASE_ARCH}"
|
||||
|
||||
- name: Mac/Linux Build Python
|
||||
if: matrix.goal == 'build' && runner.os != 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
cd "${PYTHON_SOURCE_PATH}"
|
||||
echo "Running: ${MAKE} ${MAKEOPT}"
|
||||
$MAKE $MAKEOPT
|
||||
|
||||
- name: Mac/Linux Install Python
|
||||
if: matrix.goal == 'build' && runner.os != 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
cd "${PYTHON_SOURCE_PATH}"
|
||||
$MAKE altinstall
|
||||
$MAKE bininstall
|
||||
export PATH="${PATH}:${PYTHON_INSTALL_PATH}/bin"
|
||||
echo "PATH=${PATH}" >> $GITHUB_ENV
|
||||
echo "PATH: ${PATH}"
|
||||
|
||||
- name: Run Python
|
||||
run: |
|
||||
"${PYTHON}" -V
|
||||
|
||||
- name: Upgrade pip, wheel, etc
|
||||
run: |
|
||||
curl --retry 5 --retry-connrefused -O https://bootstrap.pypa.io/get-pip.py
|
||||
"${PYTHON}" get-pip.py
|
||||
"${PYTHON}" -m pip install --upgrade pip
|
||||
"${PYTHON}" -m pip install --upgrade wheel
|
||||
"${PYTHON}" -m pip install --upgrade setuptools
|
||||
|
||||
- name: Install pip requirements
|
||||
run: |
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
"${PYTHON}" -m pip install --upgrade cffi ${PIP_ARGS}
|
||||
"${PYTHON}" -m pip download --only-binary :all: \
|
||||
--dest . \
|
||||
--no-cache \
|
||||
--no-deps \
|
||||
--platform macosx_10_15_universal2 \
|
||||
cryptography
|
||||
"${PYTHON}" -m pip install --force-reinstall --no-deps cryptography*.whl
|
||||
fi
|
||||
"${PYTHON}" -m pip install --upgrade -r requirements.txt ${PIP_ARGS}
|
||||
"${PYTHON}" -m pip list
|
||||
|
||||
- name: Install PyInstaller
|
||||
if: matrix.goal == 'build'
|
||||
run: |
|
||||
git clone https://github.com/pyinstaller/pyinstaller.git
|
||||
cd pyinstaller
|
||||
export latest_release=$(git tag --list | grep -v dev | grep -v rc | sort -Vr | head -n1)
|
||||
git checkout "${latest_release}"
|
||||
# remove pre-compiled bootloaders so we fail if bootloader compile fails
|
||||
rm -rvf PyInstaller/bootloader/*-*/*
|
||||
cd bootloader
|
||||
case "${arch}" in
|
||||
"Win32")
|
||||
export PYINSTALLER_BUILD_ARGS="--target-arch=32bit"
|
||||
;;
|
||||
"Win64")
|
||||
export PYINSTALLER_BUILD_ARGS="--target-arch=64bit"
|
||||
;;
|
||||
esac
|
||||
echo "PyInstaller build arguments: ${PYINSTALLER_BUILD_ARGS}"
|
||||
"${PYTHON}" ./waf all $PYINSTALLER_BUILD_ARGS
|
||||
cd ..
|
||||
echo "---- Installing PyInstaller ----"
|
||||
"${PYTHON}" -m pip install .
|
||||
|
||||
- name: Build GAM with PyInstaller
|
||||
if: matrix.goal != 'test'
|
||||
run: |
|
||||
if [[ "${staticx}" == "yes" ]]; then
|
||||
export distpath="./dist/gam"
|
||||
export gampath="${distpath}"
|
||||
else
|
||||
export distpath="./dist"
|
||||
export gampath="${distpath}/gam"
|
||||
fi
|
||||
mkdir -p -v "${gampath}"
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
export gampath=$($PYTHON -c "import os; print(os.path.realpath('$gampath'))")
|
||||
elif [[ "${RUNNER_OS}" == "Windows" ]]; then
|
||||
# Work around issue where PyInstaller picks up python3.dll from other Python versions
|
||||
# https://github.com/pyinstaller/pyinstaller/issues/7102
|
||||
export PATH="/usr/bin"
|
||||
else
|
||||
export gampath=$(realpath "${gampath}")
|
||||
fi
|
||||
export gam="${gampath}/gam"
|
||||
echo "gampath=${gampath}" >> $GITHUB_ENV
|
||||
echo "gam=${gam}" >> $GITHUB_ENV
|
||||
echo -e "GAM: ${gam}\nGAMPATH: ${gampath}"
|
||||
# TEMP force everything back to one file.
|
||||
export PYINSTALLER_BUILD_ONEFILE="yes"
|
||||
export distpath="./dist/gam"
|
||||
export gampath="${distpath}"
|
||||
"${PYTHON}" -m PyInstaller --clean --noconfirm --distpath="${distpath}" gam.spec
|
||||
|
||||
- name: Copy extra package files
|
||||
if: matrix.goal == 'build'
|
||||
run: |
|
||||
cp -v roots.pem $gampath
|
||||
cp -v LICENSE $gampath
|
||||
cp -v GamCommands.txt $gampath
|
||||
if [[ "${RUNNER_OS}" == "Windows" ]]; then
|
||||
cp -v gam-setup.bat $gampath
|
||||
fi
|
||||
|
||||
- name: Basic Tests all jobs
|
||||
run: |
|
||||
$PYTHON -m unittest discover --start-directory ./ --pattern "*_test.py" --buffer
|
||||
$gam version extended
|
||||
export GAMVERSION=$($gam version simple)
|
||||
echo "GAM Version ${GAMVERSION}"
|
||||
echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV
|
||||
|
||||
- name: Linux/MacOS package
|
||||
if: runner.os != 'Windows' && matrix.goal == 'build' && matrix.staticx != 'yes'
|
||||
run: |
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
GAM_ARCHIVE="gam-${GAMVERSION}-macos-universal2.tar.xz"
|
||||
elif [[ "${RUNNER_OS}" == "Linux" ]]; then
|
||||
this_glibc_ver=$(ldd --version | awk '/ldd/{print $NF}')
|
||||
GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(arch)-glibc${this_glibc_ver}.tar.xz"
|
||||
fi
|
||||
tar -C dist/ --create --verbose --exclude-from "${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" --file $GAM_ARCHIVE --xz gam
|
||||
|
||||
- name: Install StaticX
|
||||
if: matrix.staticx == 'yes'
|
||||
run: |
|
||||
"${PYTHON}" -m pip install --upgrade patchelf-wrapper
|
||||
"${PYTHON}" -m pip install --upgrade staticx
|
||||
|
||||
- name: Make StaticX
|
||||
if: matrix.staticx == 'yes'
|
||||
run: |
|
||||
case $RUNNER_ARCH in
|
||||
X64)
|
||||
ldlib=/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
|
||||
;;
|
||||
ARM64)
|
||||
ldlib=/lib/aarch64-linux-gnu/ld-linux-aarch64.so.1
|
||||
;;
|
||||
esac
|
||||
echo "ldlib=${ldlib}"
|
||||
$PYTHON -m staticx -l "${ldlib}" "${gam}" "${gam}-staticx"
|
||||
|
||||
- name: Run StaticX
|
||||
if: matrix.staticx == 'yes'
|
||||
run: |
|
||||
"${gam}-staticx" version extended
|
||||
mv -v "${gam}-staticx" "${gam}"
|
||||
|
||||
- name: Linux package staticx
|
||||
if: matrix.staticx == 'yes'
|
||||
run: |
|
||||
GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(uname -m)-legacy.tar.xz"
|
||||
tar -C dist/ --create --verbose --exclude-from "${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" --file $GAM_ARCHIVE --xz gam
|
||||
|
||||
- name: Windows package
|
||||
if: runner.os == 'Windows' && matrix.goal != 'test'
|
||||
run: |
|
||||
cd dist/
|
||||
GAM_ARCHIVE="../gam-${GAMVERSION}-windows-${GAM_ARCHIVE_ARCH}.zip"
|
||||
/c/Program\ Files/7-Zip/7z.exe a -tzip $GAM_ARCHIVE gam "-xr@${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" -bb3
|
||||
cd ..
|
||||
/c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.11/bin/candle.exe -arch "${WIX_ARCH}" gam.wxs
|
||||
/c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.11/bin/light.exe -ext /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.11/bin/WixUIExtension.dll gam.wixobj -o "gam-${GAMVERSION}-windows-${GAM_ARCHIVE_ARCH}.msi" || true;
|
||||
rm -v -f *.wixpdb
|
||||
|
||||
- name: Basic Tests build jobs only
|
||||
if: matrix.goal != 'test' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
export voutput=$($gam version extended)
|
||||
export python_line=$(echo -e "${voutput}" | grep "Python ")
|
||||
export python_arr=($python_line)
|
||||
export this_python=${python_arr[1]}
|
||||
if [[ "${this_python}" != "${COMPILED_PYTHON_VERSION}" ]]; then
|
||||
echo "ERROR: Tried to compile Python ${COMPILED_PYTHON_VERSION} but ended up with ${this_python}"
|
||||
exit 1
|
||||
fi
|
||||
export openssl_line=$(echo -e "${voutput}" | grep "OpenSSL ")
|
||||
export openssl_arr=($openssl_line)
|
||||
export this_openssl="${openssl_arr[1]}"
|
||||
if [[ "${this_openssl}" != "${COMPILED_OPENSSL_VERSION}" ]]; then
|
||||
echo "ERROR: Tried to compile OpenSSL ${COMPILED_OPENSSL_VERSION} but ended up with ${this_openssl}"
|
||||
exit 1
|
||||
fi
|
||||
echo "We successfully compiled Python ${this_python} and OpenSSL ${this_openssl}"
|
||||
|
||||
- name: Live API tests push only
|
||||
if: github.event_name == 'push' || github.event_name == 'schedule'
|
||||
env:
|
||||
PASSCODE: ${{ secrets.PASSCODE }}
|
||||
run: |
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
brew install gnupg
|
||||
fi
|
||||
source ../.github/actions/decrypt.sh ../.github/actions/creds.tar.xz.gpg creds.tar.xz
|
||||
export OAUTHFILE="oauth2.txt-gam-gha-${JID}"
|
||||
echo "OAUTHFILE=${OAUTHFILE}" >> $GITHUB_ENV
|
||||
export gam_user="gam-gha-${JID}@pdl.jaylee.us"
|
||||
echo "gam_user=${gam_user}" >> $GITHUB_ENV
|
||||
$gam checkconn
|
||||
$gam oauth info
|
||||
$gam info domain
|
||||
$gam oauth refresh
|
||||
$gam info user
|
||||
export tstamp=$($PYTHON -c "import time; print(time.time_ns())")
|
||||
export newbase="gha_test_${JID}_${tstamp}"
|
||||
export newuser="${newbase}@pdl.jaylee.us"
|
||||
export newgroup="${newbase}-group@pdl.jaylee.us"
|
||||
export newalias="${newbase}-alias@pdl.jaylee.us"
|
||||
export newbuilding="${newbase}-building"
|
||||
export newresource="${newbase}-resource"
|
||||
export newou="aaaGithub Actions/${newbase}"
|
||||
|
||||
# cleanup old runs
|
||||
GAM_CSV_ROW_FILTER="name:regex:gha_test_${JID}_" $gam print vaultholds | $gam csv - gam delete vaulthold "id:~~holdId~~" matter "id:~~matterId~~"
|
||||
GAM_CSV_ROW_FILTER="name:regex:gha_test_${JID}_" $gam print features | $gam csv - gam delete feature ~name
|
||||
GAM_CSV_ROW_FILTER="name:regex:^gha_test_${JID}_" $gam user $gam_user print shareddrives asadmin | $gam csv - gam user $gam_user delete shareddrive ~id nukefromorbit
|
||||
$gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail
|
||||
GAM_CSV_ROW_FILTER="name:regex:^gha_test_${JID}_" $gam print ous fromparent "aaaGithub Actions" | $gam csv - gam delete ou ~orgUnitId
|
||||
GAM_CSV_ROW_FILTER="groupKey.id:regex:^gha_test_${JID}_" $gam print cigroups | $gam csv - gam delete cigroup ~groupKey.id
|
||||
GAM_CSV_ROW_FILTER="resourceId:regex:^gha_test_${JID}_" $gam print resources | $gam csv - gam delete resource ~resourceId
|
||||
GAM_CSV_ROW_FILTER="buildingId:regex:^gha_test_${JID}_" $gam print buildings | $gam csv - gam delete building ~buildingId
|
||||
|
||||
echo "Creating OrgUnit ${newou}"
|
||||
$gam create ou "${newou}"
|
||||
export GAM_THREADS=5
|
||||
echo email > sample.csv;
|
||||
for i in {1..10}; do
|
||||
echo "${newbase}-bulkuser-$i" >> sample.csv;
|
||||
done
|
||||
$gam create user $newuser firstname GHA lastname $JID displayname "Github Actions ${JID}" password random ou "${newou}" recoveryphone 12125121110 recoveryemail jay0lee@gmail.com gha.jid $JID languages en+,en-GB-
|
||||
$gam user $newuser update photo https://dummyimage.com/400x600/000/fff
|
||||
$gam user $newuser get photo
|
||||
$gam user $newuser delete photo
|
||||
$gam create group $newgroup name "GHA $JID group" description "This is a description" isarchived true
|
||||
$gam user $gam_user sendemail recipient $newuser subject "test message $newbase" message "GHA test message"
|
||||
$gam user $gam_user sendemail recipient exchange@pdl.jaylee.us subject "test ${tstamp}" message "test message"
|
||||
$gam user $newuser add license workspaceenterpriseplus
|
||||
$gam print privileges
|
||||
$gam update cigroup $newgroup memberrestriction 'member.type == 1 || member.customer_id == groupCustomerId()'
|
||||
$gam info cigroup $newgroup
|
||||
$gam update group $newgroup add owner $gam_user
|
||||
$gam update group $newgroup add member $newuser
|
||||
$gam create admin $newuser _GROUPS_EDITOR_ROLE CUSTOMER # condition nonsecuritygroup
|
||||
$gam csv sample.csv gam create user ~~email~~ firstname "GHA Bulk" lastname ~~email~~ gha.jid $JID ou "${newou}"
|
||||
$gam csv sample.csv gam update user ~~email~~ recoveryphone 12125121110 recoveryemail jay0lee@gmail.com password random displayname "GitHub Actions Bulk ${JID}"
|
||||
$gam csv sample.csv gam update user ~~email~~ recoveryphone "" recoveryemail ""
|
||||
$gam csv sample.csv gam user ~email add license workspaceenterpriseplus
|
||||
$gam csv sample.csv gam user $gam_user sendemail recipient ~~email~~@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
|
||||
$gam csv sample.csv gam update group $newgroup add member ~email
|
||||
$gam info group $newgroup
|
||||
$gam info cigroup $newgroup membertree
|
||||
$gam user $gam_user check serviceaccount
|
||||
# confirm mailbox is provisoned before continuing
|
||||
$gam user $newuser waitformailbox
|
||||
$gam user $newuser imap on
|
||||
$gam user $newuser show imap
|
||||
$gam user $newuser show delegates
|
||||
#$gam user $newuser add contactdelegate "${newbase}-bulkuser-1"
|
||||
#$gam user $newuser print contactdelegates
|
||||
export biohazard=$(echo -e '\xe2\x98\xa3')
|
||||
$gam user $newuser label "$biohazard unicode biohazard $biohazard"
|
||||
$gam user $newuser show labels
|
||||
$gam user $newuser show labels > labels.txt
|
||||
$gam user $gam_user importemail subject "GHA import $newbase" message "This is a test import" labels IMPORTANT,UNREAD,INBOX,STARRED
|
||||
$gam user $gam_user insertemail subject "GHA insert $newbase" file gam.py labels INBOX,UNREAD # yep body is gam code
|
||||
$gam user $gam_user sendemail subject "GHA send $gam_user $newbase" file gam.py recipient admin@pdl.jaylee.us
|
||||
$gam user $gam_user draftemail subject "GHA draft $newbase" message "Draft message test"
|
||||
$gam csvfile sample.csv:email waitformailbox
|
||||
$gam user $newuser delegate to "${newbase}-bulkuser-1"
|
||||
$gam users "$gam_user $newbase-bulkuser-1 $newbase-bulkuser-2 $newbase-bulkuser-3" delete messages query in:anywhere maxtodelete 99999 doit
|
||||
$gam users "$newbase-bulkuser-4 $newbase-bulkuser-5 $newbase-bulkuser-6" trash messages query in:anywhere maxtotrash 99999 doit
|
||||
$gam users "$newbase-bulkuser-7 $newbase-bulkuser-8 $newbase-bulkuser-9" modify messages query in:anywhere maxtomodify 99999 addlabel IMPORTANT addlabel STARRED doit
|
||||
$gam user $newuser delete label --ALL_LABELS--
|
||||
GAM_CSV_ROW_FILTER="name:regex:gha-test-${JID}" $gam print features | $gam csv - gam delete feature ~name
|
||||
$gam create feature name VC-$newbase
|
||||
$gam create feature name Whiteboard-$newbase
|
||||
$gam create building "My Building - $newbase" id $newbuilding floors 1,2,3,4,5,6,7,8,9,10,11,12,14,15 description "No 13th floor here..."
|
||||
$gam create resource $newresource "Resource Calendar $tstamp" capacity 25 features Whiteboard-$newbase,VC-$newbase building $newbuilding floor 15 type Room
|
||||
$gam info resource $newresource
|
||||
$gam user $newuser show filelist
|
||||
$gam calendar $gam_user printacl | $gam csv - gam calendar $gam_user delete id ~id # clear ACLs
|
||||
$gam calendar $gam_user update read domain
|
||||
$gam calendar $gam_user update freebusy default
|
||||
$gam calendar $gam_user add editor $newuser
|
||||
$gam calendar $gam_user showacl
|
||||
$gam calendar $gam_user printacl | $gam csv - gam calendar $gam_user delete id ~id
|
||||
starttime=$($PYTHON -c "import datetime; print((datetime.datetime.now() + datetime.timedelta(hours=1)).strftime('%Y-%m-%dT%H:%M:%S.%f+00:00'))")
|
||||
endtime=$($PYTHON -c "import datetime; print((datetime.datetime.now() + datetime.timedelta(hours=2)).strftime('%Y-%m-%dT%H:%M:%S.%f+00:00'))")
|
||||
$gam calendar $gam_user addevent summary "GHA test event" start "${starttime}" end "${endtime}" attendee $newgroup hangoutsmeet guestscanmodify true sendupdates all
|
||||
$gam calendar $gam_user printevents after -0d
|
||||
matterid=uid:$($gam create vaultmatter name "GHA matter $newbase" description "test matter" collaborators $newuser | head -1 | cut -d ' ' -f 3)
|
||||
$gam create vaulthold matter $matterid name "GHA hold $newbase" corpus mail accounts $newuser
|
||||
$gam print vaultmatters matterstate open
|
||||
$gam print vaultholds matter $matterid
|
||||
$gam print vaultcount matter $matterid corpus mail everyone todrive
|
||||
$gam create vaultexport matter $matterid name "GHA export $newbase" corpus mail accounts $newuser use_new_export false
|
||||
$gam print exports matter $matterid | $gam csv - gam info export $matterid id:~~id~~
|
||||
$gam csv sample.csv gam user ~email add calendar id:$newresource
|
||||
$gam delete resource $newresource
|
||||
$gam delete feature Whiteboard-$newbase
|
||||
$gam delete feature VC-$newbase
|
||||
$gam delete building $newbuilding
|
||||
$gam delete group $newgroup
|
||||
$gam create alias $newalias user $newuser
|
||||
$gam user $newuser delete license workspaceenterpriseplus
|
||||
$gam whatis $newuser
|
||||
$gam user $gam_user show tokens
|
||||
$gam print exports matter $matterid | $gam csv - gam download export $matterid id:~~id~~
|
||||
$gam delete hold "GHA hold $newbase" matter $matterid
|
||||
$gam update matter $matterid action close
|
||||
$gam update matter $matterid action delete
|
||||
# shakes off vault hold on user so we can delete
|
||||
$gam print users query "email:${newuser}" orgunitpath | $gam csv - gam update user ~primaryEmail ou ~orgUnitPath
|
||||
$gam user $newuser show holds
|
||||
$gam delete user $newuser
|
||||
$gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail
|
||||
$gam print mobile
|
||||
$gam print devices
|
||||
$gam print browsers
|
||||
export sn="$JID$JID$JID$JID-$(openssl rand -base64 32 | sed 's/[^a-zA-Z0-9]//g')"
|
||||
$gam create device serialnumber $sn devicetype android
|
||||
$gam print cros allfields orderby serialnumber
|
||||
$gam show crostelemetry storagepercentonly
|
||||
$gam report usageparameters customer
|
||||
$gam report usage customer parameters gmail:num_emails_sent,accounts:num_1day_logins
|
||||
$gam report customer todrive
|
||||
$gam report users fields accounts:is_less_secure_apps_access_allowed,gmail:last_imap_time,gmail:last_pop_time filters "accounts:last_login_time>2019-01-01T00:00:00.000Z" todrive
|
||||
$gam report admin start -3d todrive
|
||||
$gam print devices nopersonaldevices nodeviceusers filter "serial:$JID$JID$JID$JID-" | $gam csv - gam delete device id ~name
|
||||
$gam print userinvitations
|
||||
$gam print userinvitations | $gam csv - gam send userinvitation ~name
|
||||
$gam create caalevel "zzz_${newbase}" basic condition ipsubnetworks 1.1.1.1/32,2.2.2.2/32 endcondition
|
||||
$gam print caalevels
|
||||
$gam delete caalevel "zzz_${newbase}"
|
||||
driveid=$($gam user $gam_user add shareddrive "${newbase}" | awk '{print $NF}')
|
||||
echo "Created shared drive ${driveid}"
|
||||
$gam user $gam_user add drivefile localfile gam.py parentid "${driveid}"
|
||||
$gam user $gam_user update shareddrive "${driveid}" ou "${newou}"
|
||||
$gam user $gam_user show shareddrives asadmin
|
||||
$gam user $gam_user update shareddrive "${driveid}" ou "aaaGithub Actions" # so we can delete our OU...
|
||||
$gam user $gam_user delete shareddrive "${driveid}" nukefromorbit
|
||||
echo "printer model count:"
|
||||
$gam print printermodels | wc -l
|
||||
#ssoprofile=$($gam create inboundssoprofile name "El Goog ${newbase}" loginurl https://www.google.com logouturl https://www.google.com changepasswordurl https://www.google.com entityid ElGoog return_name_only)
|
||||
#$gam create inboundssocredential profile "id:${ssoprofile}" generate_key
|
||||
#$gam create inboundssoassignment profile "id:${ssoprofile}" orgunit "${newou}" mode SAML_SSO
|
||||
$gam delete ou "${newou}"
|
||||
#$gam delete inboundssoprofile "id:${ssoprofile}"
|
||||
#$gam print printers
|
||||
#$gam create printer displayname "${newbase}" uri ipp://localhost:631 driverless description "made by $(gam_user)" ou /
|
||||
export CUSTOMER_ID="C01wfv983"
|
||||
export GA_DOMAIN="pdl.jaylee.us"
|
||||
touch $gampath/enabledasa.txt
|
||||
echo "using delegated admin service account"
|
||||
$gam print users
|
||||
|
||||
- name: Archive production artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal != 'test'
|
||||
with:
|
||||
name: gam-binaries
|
||||
path: |
|
||||
src/*.tar.xz
|
||||
src/*.zip
|
||||
src/*.msi
|
||||
|
||||
- name: Tar Cache archive
|
||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
|
||||
working-directory: ${{ github.workspace }}
|
||||
run: |
|
||||
tar cJvvf bin.tar.xz bin/
|
||||
|
||||
publish:
|
||||
if: github.event_name == 'push'
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
steps:
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
persist-credentials: false
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download artifacts
|
||||
uses: actions/download-artifact@v3
|
||||
|
||||
- name: VirusTotal Scan
|
||||
uses: crazy-max/ghaction-virustotal@v3
|
||||
with:
|
||||
vt_api_key: ${{ secrets.VT_API_KEY }}
|
||||
files: |
|
||||
gam-binaries/*
|
||||
|
||||
- uses: "marvinpinto/action-automatic-releases@latest"
|
||||
name: Publish draft release
|
||||
with:
|
||||
repo_token: "${{ secrets.GITHUB_TOKEN }}"
|
||||
automatic_release_tag: latest
|
||||
prerelease: false
|
||||
draft: true
|
||||
files: |
|
||||
gam-binaries/*
|
||||
70
.github/workflows/codeql-analysis.yml
vendored
70
.github/workflows/codeql-analysis.yml
vendored
@@ -1,70 +0,0 @@
|
||||
# For most projects, this workflow file will not need changing; you simply need
|
||||
# to commit it to your repository.
|
||||
#
|
||||
# You may wish to alter this file to override the set of languages analyzed,
|
||||
# or to provide custom queries or build logic.
|
||||
#
|
||||
# ******** NOTE ********
|
||||
# We have attempted to detect the languages in your repository. Please check
|
||||
# the `language` matrix defined below to confirm you have the correct set of
|
||||
# supported CodeQL languages.
|
||||
#
|
||||
name: "CodeQL"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ main ]
|
||||
schedule:
|
||||
- cron: '25 10 * * 1'
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language: [ 'python' ]
|
||||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
|
||||
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v2
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
# By default, queries listed here will override any specified in a config file.
|
||||
# Prefix the list here with "+" to use these queries and those in the config file.
|
||||
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
||||
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@v2
|
||||
|
||||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 https://git.io/JvXDl
|
||||
|
||||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
||||
# and modify them (or add more) to build your code if your project
|
||||
# uses a compiled language
|
||||
|
||||
#- run: |
|
||||
# make bootstrap
|
||||
# make release
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v2
|
||||
36
.github/workflows/get-roots.yml
vendored
36
.github/workflows/get-roots.yml
vendored
@@ -1,36 +0,0 @@
|
||||
name: Check for Google Root CA Updates
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
schedule:
|
||||
- cron: '23 23 * * *'
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
working-directory: src
|
||||
|
||||
jobs:
|
||||
check-apis:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
with:
|
||||
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
|
||||
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
|
||||
|
||||
- name: Check for updates
|
||||
run: curl -o ./roots.pem -vvvv https://pki.goog/roots.pem
|
||||
|
||||
- name: Commit file
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git add roots.pem
|
||||
git diff --quiet && git diff --staged --quiet || git commit -am '[ci skip] Updated roots.pem'
|
||||
|
||||
- name: Push changes
|
||||
uses: ad-m/github-push-action@master
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -1,32 +0,0 @@
|
||||
# See https://pre-commit.com for more information
|
||||
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v2.5.0
|
||||
hooks:
|
||||
- id: trailing-whitespace
|
||||
- id: end-of-file-fixer
|
||||
- id: double-quote-string-fixer
|
||||
- id: check-yaml
|
||||
- id: check-docstring-first
|
||||
- id: name-tests-test
|
||||
- id: requirements-txt-fixer
|
||||
- id: check-merge-conflict
|
||||
|
||||
- repo: https://github.com/pre-commit/mirrors-yapf
|
||||
rev: v0.30.0
|
||||
hooks:
|
||||
- id: yapf
|
||||
args: [--style=google, --in-place]
|
||||
|
||||
- repo: https://github.com/PyCQA/pylint
|
||||
rev: pylint-2.5.0
|
||||
hooks:
|
||||
- id: pylint
|
||||
args: [--output-format=colorized]
|
||||
|
||||
- repo: https://github.com/asottile/pyupgrade
|
||||
rev: v2.31.0
|
||||
hooks:
|
||||
- id: pyupgrade
|
||||
args: [--py37-plus]
|
||||
201
LICENSE
201
LICENSE
@@ -1,201 +0,0 @@
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
66
README.md
66
README.md
@@ -1,41 +1,43 @@
|
||||
GAM is a command line tool for Google Workspace admins to manage domain and user settings quickly and easily.
|
||||
GAM
|
||||
============================
|
||||
GAM is a free, open source command line tool for
|
||||
Google Apps Administrators to manage
|
||||
domain and user settings quickly and easily. GAM supports
|
||||
|
||||
|
||||
* creating, deleting, and updating users, aliases, groups,
|
||||
organizations, and resource calendars
|
||||
* modifying user email settings such as IMAP, signatures,
|
||||
vacation messages, profile sharing, email forwarding,
|
||||
send as address, labels, and features.
|
||||
* modifying calendar access rights for users and resource calendars.
|
||||
* generating detailed reports for users, groups, resources,
|
||||
account activity, email clients, and quotas.
|
||||
* and many more commands
|
||||
|
||||
# Quick Start
|
||||
|
||||
## Linux / MacOS
|
||||
|
||||
Open a terminal and run:
|
||||
|
||||
```sh
|
||||
bash <(curl -s -S -L https://gam-shortn.appspot.com/gam-install)
|
||||
```
|
||||
|
||||
this will download GAM, install it and start setup.
|
||||
|
||||
## Windows
|
||||
|
||||
Download the MSI Installer from the [GitHub Releases] page. Install the MSI and you'll be prompted to setup GAM.
|
||||
|
||||
# Documentation
|
||||
Downloads
|
||||
---------
|
||||
You can download the current GAM release from
|
||||
the [GitHub Releases] page.
|
||||
|
||||
Documentation
|
||||
------------------
|
||||
The GAM documentation is hosted in the [GitHub Wiki]
|
||||
|
||||
# Mailing List / Discussion group
|
||||
Mailing List / Discussion group
|
||||
-------------------------------
|
||||
The GAM mailing list / discussion group is hosted
|
||||
on [Google Groups]. You can join the list and interact
|
||||
via email, or just post from the web itself.
|
||||
|
||||
The GAM mailing list / discussion group is hosted on [Google Groups]. You can join the list and interact via email, or just post from the web itself.
|
||||
Source Repository
|
||||
-----------------
|
||||
The official GAM source repository is on [GitHub] in the master branch.
|
||||
|
||||
# Chat Room
|
||||
Author
|
||||
------
|
||||
GAM is maintained by <a href="mailto:jay0lee@gmail.com">Jay Lee</a>.
|
||||
|
||||
There is a public chat room hosted in Google Chat. [Instructions to join](https://github.com/GAM-team/GAM/wiki/GAM-Public-Chat-Room).
|
||||
|
||||
# Author
|
||||
|
||||
GAM is maintained by [Jay Lee](mailto:jay0lee@gmail.com). Please direct "how do I?" questions to [Google Groups].
|
||||
|
||||
[GAM release]: https://github.com/GAM-team/GAM/releases
|
||||
[GitHub Releases]: https://github.com/GAM-team/GAM/releases
|
||||
[GitHub]: https://github.com/GAM-team/GAM/tree/master
|
||||
[GitHub Wiki]: https://github.com/GAM-team/GAM/wiki/
|
||||
[GitHub Releases]: https://github.com/jay0lee/GAM/releases
|
||||
[GitHub]: https://github.com/jay0lee/GAM/tree/master
|
||||
[GitHub Wiki]: https://github.com/jay0lee/GAM/wiki/
|
||||
[Google Groups]: http://groups.google.com/group/google-apps-manager
|
||||
|
||||
72
src/.gitignore
vendored
72
src/.gitignore
vendored
@@ -1,72 +0,0 @@
|
||||
# Byte-compiled / optimized / DLL files
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
|
||||
# C extensions
|
||||
*.so
|
||||
|
||||
# Distribution / packaging
|
||||
.Python
|
||||
env/
|
||||
bin/
|
||||
build/
|
||||
develop-eggs/
|
||||
dist/
|
||||
eggs/
|
||||
lib/
|
||||
lib64/
|
||||
parts/
|
||||
sdist/
|
||||
var/
|
||||
*.egg-info/
|
||||
.installed.cfg
|
||||
*.egg
|
||||
|
||||
# Installer logs
|
||||
pip-log.txt
|
||||
pip-delete-this-directory.txt
|
||||
|
||||
# Unit test / coverage reports
|
||||
htmlcov/
|
||||
.tox/
|
||||
.coverage
|
||||
.cache
|
||||
nosetests.xml
|
||||
coverage.xml
|
||||
|
||||
# Translations
|
||||
*.mo
|
||||
|
||||
# Mr Developer
|
||||
.mr.developer.cfg
|
||||
.project
|
||||
.pydevproject
|
||||
|
||||
# Rope
|
||||
.ropeproject
|
||||
|
||||
# Django stuff:
|
||||
*.log
|
||||
*.pot
|
||||
|
||||
# Sphinx documentation
|
||||
docs/_build/
|
||||
|
||||
# GAM specific
|
||||
client_secrets.json
|
||||
oauth2.txt*
|
||||
oauth2service*
|
||||
debug.gam
|
||||
lastupdatecheck.txt
|
||||
noupdatecheck.txt
|
||||
nodito.txt
|
||||
nobrowser.txt
|
||||
nocache.txt
|
||||
noverifyssl.txt
|
||||
gamcache/
|
||||
dist/
|
||||
gam-64/
|
||||
*.zip
|
||||
*.msi
|
||||
*.wixobj
|
||||
*.wixpdb
|
||||
1914
src/GamCommands.txt
1914
src/GamCommands.txt
File diff suppressed because it is too large
Load Diff
@@ -1 +0,0 @@
|
||||
../LICENSE
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,594 +0,0 @@
|
||||
{
|
||||
"auth": {
|
||||
"oauth2": {
|
||||
"scopes": {
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers": {
|
||||
"description": "View and manage your Chrome browsers registered with Cloud Management"
|
||||
},
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly": {
|
||||
"description": "View your Chrome browsers registered with Cloud Management"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"basePath": "",
|
||||
"baseUrl": "https://admin.googleapis.com/admin/directory/v1.1beta1/customer/",
|
||||
"batchPath": "batch",
|
||||
"canonicalName": "cbcm",
|
||||
"discoveryVersion": "v1",
|
||||
"documentationLink": "https://support.google.com/chrome/a/answer/9681204",
|
||||
"fullyEncodeReservedExpansion": true,
|
||||
"icons": {
|
||||
"x16": "http://www.google.com/images/icons/product/search-16.gif",
|
||||
"x32": "http://www.google.com/images/icons/product/search-32.gif"
|
||||
},
|
||||
"id": "cbcm:v1.1beta1",
|
||||
"kind": "discovery#restDescription",
|
||||
"mtlsRootUrl": "https://admin.mtls.googleapis.com/",
|
||||
"name": "cbcm",
|
||||
"ownerDomain": "google.com",
|
||||
"ownerName": "Jay Lee",
|
||||
"packagePath": "cbcm",
|
||||
"parameters": {
|
||||
"$.xgafv": {
|
||||
"description": "V1 error format.",
|
||||
"enum": [
|
||||
"1",
|
||||
"2"
|
||||
],
|
||||
"enumDescriptions": [
|
||||
"v1 error format",
|
||||
"v2 error format"
|
||||
],
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"access_token": {
|
||||
"description": "OAuth access token.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"alt": {
|
||||
"default": "json",
|
||||
"description": "Data format for response.",
|
||||
"enum": [
|
||||
"json",
|
||||
"media",
|
||||
"proto"
|
||||
],
|
||||
"enumDescriptions": [
|
||||
"Responses with Content-Type of application/json",
|
||||
"Media download with context-dependent Content-Type",
|
||||
"Responses with Content-Type of application/x-protobuf"
|
||||
],
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"callback": {
|
||||
"description": "JSONP",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"fields": {
|
||||
"description": "Selector specifying which fields to include in a partial response.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"key": {
|
||||
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"oauth_token": {
|
||||
"description": "OAuth 2.0 token for the current user.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"prettyPrint": {
|
||||
"default": "true",
|
||||
"description": "Returns response with indentations and line breaks.",
|
||||
"location": "query",
|
||||
"type": "boolean"
|
||||
},
|
||||
"quotaUser": {
|
||||
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"uploadType": {
|
||||
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"upload_protocol": {
|
||||
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"protocol": "rest",
|
||||
"resources": {
|
||||
"chromebrowsers": {
|
||||
"methods": {
|
||||
"delete": {
|
||||
"description": "Deletes a browser.",
|
||||
"flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
|
||||
"httpMethod": "DELETE",
|
||||
"id": "cbcm.chromebrowsers.delete",
|
||||
"parameterOrder": [
|
||||
"customer",
|
||||
"deviceId"
|
||||
],
|
||||
"parameters": {
|
||||
"customer": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"deviceId": {
|
||||
"description": "Immutable ID of the browser.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "{customer}/devices/chromebrowsers/{deviceId}",
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
|
||||
]
|
||||
},
|
||||
"get": {
|
||||
"description": "Retrieves a browser.",
|
||||
"flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
|
||||
"httpMethod": "GET",
|
||||
"id": "cbcm.chromebrowsers.get",
|
||||
"parameterOrder": [
|
||||
"customer",
|
||||
"deviceId"
|
||||
],
|
||||
"parameters": {
|
||||
"customer": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"deviceId": {
|
||||
"description": "Immutable ID of the browser.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"projection": {
|
||||
"description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "{customer}/devices/chromebrowsers/{deviceId}",
|
||||
"response": {
|
||||
"$ref": "ChromeBrowser"
|
||||
},
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
|
||||
]
|
||||
},
|
||||
"list": {
|
||||
"description": "Retrieves a paginated list of all the browsers in a domain.",
|
||||
"flatPath": "{customer}/devices/chromebrowsers",
|
||||
"httpMethod": "GET",
|
||||
"id": "cbcm.chromebrowsers.list",
|
||||
"parameterOrder": [
|
||||
"customer"
|
||||
],
|
||||
"parameters": {
|
||||
"customer": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"maxResults": {
|
||||
"description": "Maximum number of results to return.",
|
||||
"format": "int32",
|
||||
"location": "query",
|
||||
"maximum": "100",
|
||||
"minimum": "1",
|
||||
"type": "integer"
|
||||
},
|
||||
"orderBy": {
|
||||
"description": "property to use for sorting results.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"orgUnitPath": {
|
||||
"description": "The full path of the organizational unit or its unique ID.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"pageToken": {
|
||||
"description": "Token to specify the next page in the list.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"projection": {
|
||||
"description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"query": {
|
||||
"description": "Search string using the list page query language.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"sortOrder": {
|
||||
"description": "Whether to return results in ascending or descending order. Must be used with the orderBy parameter.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "{customer}/devices/chromebrowsers",
|
||||
"response": {
|
||||
"$ref": "ChromeBrowsers"
|
||||
},
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
|
||||
]
|
||||
},
|
||||
"moveChromeBrowsersToOu": {
|
||||
"description": "Move Chrome Browsers Device between Organization Units",
|
||||
"flatPath": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
|
||||
"httpMethod": "POST",
|
||||
"id": "cbcm.chromebrowsers.moveChromeBrowsersToOu",
|
||||
"parameterOrder": [
|
||||
"customer"
|
||||
],
|
||||
"parameters": {
|
||||
"customer": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
|
||||
"request": {
|
||||
"$ref": "MoveChromeBrowsersRequest"
|
||||
},
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
|
||||
]
|
||||
},
|
||||
"update": {
|
||||
"description": "Updates a browser.",
|
||||
"flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
|
||||
"httpMethod": "PUT",
|
||||
"id": "cbcm.chromebrowsers.update",
|
||||
"parameterOrder": [
|
||||
"customer",
|
||||
"deviceId"
|
||||
],
|
||||
"parameters": {
|
||||
"customer": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"deviceId": {
|
||||
"description": "Immutable ID of the browser.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"projection": {
|
||||
"description": "BASIC or FULL",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "{customer}/devices/chromebrowsers/{deviceId}",
|
||||
"request": {
|
||||
"$ref": "ChromeBrowser"
|
||||
},
|
||||
"response": {
|
||||
"$ref": "ChromeBrowser"
|
||||
},
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"enrollmentTokens": {
|
||||
"methods": {
|
||||
"list": {
|
||||
"description": "Retrieves a paginated list of all the browser entollment tokens in a domain.",
|
||||
"flatPath": "{customer}/chrome/enrollmentTokens",
|
||||
"httpMethod": "GET",
|
||||
"id": "cbcm.enrollmentTokens.list",
|
||||
"parameterOrder": [
|
||||
"customer"
|
||||
],
|
||||
"parameters": {
|
||||
"customer": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"pageSize": {
|
||||
"description": "Maximum number of results to return.",
|
||||
"format": "int32",
|
||||
"location": "query",
|
||||
"maximum": "100",
|
||||
"minimum": "1",
|
||||
"type": "integer"
|
||||
},
|
||||
"orgUnitPath": {
|
||||
"description": "The full path of the organizational unit or its unique ID.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"pageToken": {
|
||||
"description": "Token to specify the next page in the list.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"query": {
|
||||
"description": "Search string using the list page query language.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "{customer}/chrome/enrollmentTokens",
|
||||
"response": {
|
||||
"$ref": "EnrollmentTokens"
|
||||
},
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
|
||||
]
|
||||
},
|
||||
"create": {
|
||||
"description": "Creates a browser enrollment token in a domain.",
|
||||
"flatPath": "{customer}/chrome/enrollmentTokens",
|
||||
"httpMethod": "POST",
|
||||
"id": "cbcm.enrollmentTokens.create",
|
||||
"parameterOrder": [
|
||||
"customer"
|
||||
],
|
||||
"parameters": {
|
||||
"customer": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "{customer}/chrome/enrollmentTokens",
|
||||
"request": {
|
||||
"$ref": "CreateEnrollmentTokenRequest"
|
||||
},
|
||||
"response": {
|
||||
"$ref": "EnrollmentToken"
|
||||
},
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
|
||||
]
|
||||
},
|
||||
"revoke": {
|
||||
"description": "Revokes a browser enrollment token in a domain.",
|
||||
"flatPath": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
|
||||
"httpMethod": "POST",
|
||||
"id": "cbcm.enrollmentTokens.revoke",
|
||||
"parameterOrder": [
|
||||
"customer",
|
||||
"tokenPermanentId"
|
||||
],
|
||||
"parameters": {
|
||||
"customer": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"tokenPermanentId": {
|
||||
"description": "Unique identifier for an enrollment token.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"revision": "20201203",
|
||||
"rootUrl": "https://www.googleapis.com/admin/directory/v1.1beta1/customer/",
|
||||
"schemas": {
|
||||
"ChromeBrowser": {
|
||||
"id": "ChromeBrowser",
|
||||
"properties": {
|
||||
"annotatedAssetId": {
|
||||
"description": "Asset identifier as annotated by the administrator or specified during enrollment.",
|
||||
"type": "string"
|
||||
},
|
||||
"annotatedLocation": {
|
||||
"description": "Address or location of the device as annotated by the administrator.",
|
||||
"type": "string"
|
||||
},
|
||||
"annotatedNotes": {
|
||||
"description": "Notes about this device as annotated by the administrator",
|
||||
"type": "string"
|
||||
},
|
||||
"annotatedUser": {
|
||||
"description": "User of the device as annotated by the administrator.",
|
||||
"type": "string"
|
||||
},
|
||||
"deviceId": {
|
||||
"annotations": {
|
||||
"required": [
|
||||
"cbcm.chromebrowsers.update"
|
||||
]
|
||||
},
|
||||
"description": "The unique ID of the device.",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
},
|
||||
"ChromeBrowsers": {
|
||||
"id": "ChromeBrowsers",
|
||||
"properties": {
|
||||
"browsers": {
|
||||
"description": "List of Chrome browser objects.",
|
||||
"items": {
|
||||
"$ref": "ChromeBrowser"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"etag": {
|
||||
"description": "ETag of the resource.",
|
||||
"type": "string"
|
||||
},
|
||||
"kind": {
|
||||
"default": "admin#directory#chromeosdevices",
|
||||
"description": "Kind of resource this is.",
|
||||
"type": "string"
|
||||
},
|
||||
"nextPageToken": {
|
||||
"description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
},
|
||||
"EnrollmentToken": {
|
||||
"id": "EnrollmentToken",
|
||||
"properties": {
|
||||
"kind": {
|
||||
"default": "admin#directory#chromeEnrollmentToken",
|
||||
"description": "Kind of resource this is.",
|
||||
"type": "string"
|
||||
},
|
||||
"tokenId": {
|
||||
"description": "Enrollment Token ID.",
|
||||
"type": "string"
|
||||
},
|
||||
"tokenPermanentId": {
|
||||
"description": "Enrollment Token Permanent ID.",
|
||||
"type": "string"
|
||||
},
|
||||
"customerId": {
|
||||
"description": "Immutable ID of the G Suite account.",
|
||||
"type": "string"
|
||||
},
|
||||
"orgUnitPath": {
|
||||
"description": "The full path of the organizational unit or its unique ID.",
|
||||
"type": "string"
|
||||
},
|
||||
"creatorId": {
|
||||
"description": "Creator ID.",
|
||||
"type": "string"
|
||||
},
|
||||
"createTime": {
|
||||
"description": "Creation Time.",
|
||||
"type": "string"
|
||||
},
|
||||
"revokerId": {
|
||||
"description": "Revoker ID.",
|
||||
"type": "string"
|
||||
},
|
||||
"revokeTime": {
|
||||
"description": "Revoke Time",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
},
|
||||
"EnrollmentTokens": {
|
||||
"id": "EnrollmentTokens",
|
||||
"properties": {
|
||||
"chrome_enrollment_tokens": {
|
||||
"description": "List of Chrome browser enrollment token objects.",
|
||||
"items": {
|
||||
"$ref": "EnrollmentToken"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"kind": {
|
||||
"default": "admin#directory#chromeEnrollmentTokens",
|
||||
"description": "Kind of resource this is.",
|
||||
"type": "string"
|
||||
},
|
||||
"nextPageToken": {
|
||||
"description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
},
|
||||
"CreateEnrollmentTokenRequest": {
|
||||
"id": "CreateEnrollmentTokenRequest",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"org_unit_path": {
|
||||
"description": "The full path of the organizational unit or its unique ID.",
|
||||
"type": "string"
|
||||
},
|
||||
"expire_time": {
|
||||
"description": "Expiration Time.",
|
||||
"type": "string"
|
||||
},
|
||||
"token_type": {
|
||||
"id": "token_type",
|
||||
"annotations": {
|
||||
"required": [
|
||||
"cbcm.enrollmentTokens.create"
|
||||
]
|
||||
},
|
||||
"description": "CHROME_BROWSER.",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"MoveChromeBrowsersRequest": {
|
||||
"id": "MoveChromeBrowsersRequest",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"org_unit_path": {
|
||||
"annotations": {
|
||||
"required": [
|
||||
"cbcm.chromebrowsers.moveChromeBrowsersToOu"
|
||||
]
|
||||
},
|
||||
"description": "Destination organization unit to move devices to. Full path of the organizational unit or its ID prefixed with id:",
|
||||
"type": "string"
|
||||
},
|
||||
"resource_ids": {
|
||||
"annotations": {
|
||||
"required": [
|
||||
"cbcm.chromebrowsers.moveChromeBrowsersToOu"
|
||||
]
|
||||
},
|
||||
"description": "List of unique device IDs of Chrome Browser Devices to move. A maximum of 600 browsers may be moved per request.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"servicePath": "",
|
||||
"title": "Admin SDK API",
|
||||
"version": "cbcm_v1.1beta1"
|
||||
}
|
||||
@@ -1,249 +0,0 @@
|
||||
{
|
||||
"auth": {
|
||||
"oauth2": {
|
||||
"scopes": {
|
||||
"https://www.googleapis.com/auth/admin.contact.delegation": {
|
||||
"description": "View and manage your Contact Delegation"
|
||||
},
|
||||
"https://www.googleapis.com/auth/admin.contact.delegation.readonly": {
|
||||
"description": "View your Contact Delegation"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"basePath": "",
|
||||
"baseUrl": "https://admin.googleapis.com/admin/contacts/v1/",
|
||||
"batchPath": "batch",
|
||||
"canonicalName": "contactdelegation",
|
||||
"description": "The Contact Delegation API allows Admins to delegate access of one user's, called the delegator, contacts to another user, called the delegate.",
|
||||
"discoveryVersion": "v1",
|
||||
"documentationLink": "https://developers.google.com/admin-sdk/contact-delegation",
|
||||
"fullyEncodeReservedExpansion": true,
|
||||
"icons": {
|
||||
"x16": "http://www.google.com/images/icons/product/search-16.gif",
|
||||
"x32": "http://www.google.com/images/icons/product/search-32.gif"
|
||||
},
|
||||
"id": "contactdelegation:v1",
|
||||
"kind": "discovery#restDescription",
|
||||
"name": "contactdelegation",
|
||||
"ownerDomain": "google.com",
|
||||
"ownerName": "Google",
|
||||
"packagePath": "admin",
|
||||
"parameters": {
|
||||
"$.xgafv": {
|
||||
"description": "V1 error format.",
|
||||
"enum": [
|
||||
"1",
|
||||
"2"
|
||||
],
|
||||
"enumDescriptions": [
|
||||
"v1 error format",
|
||||
"v2 error format"
|
||||
],
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"access_token": {
|
||||
"description": "OAuth access token.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"alt": {
|
||||
"default": "json",
|
||||
"description": "Data format for response.",
|
||||
"enum": [
|
||||
"json",
|
||||
"media",
|
||||
"proto"
|
||||
],
|
||||
"enumDescriptions": [
|
||||
"Responses with Content-Type of application/json",
|
||||
"Media download with context-dependent Content-Type",
|
||||
"Responses with Content-Type of application/x-protobuf"
|
||||
],
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"callback": {
|
||||
"description": "JSONP",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"fields": {
|
||||
"description": "Selector specifying which fields to include in a partial response.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"key": {
|
||||
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"oauth_token": {
|
||||
"description": "OAuth 2.0 token for the current user.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"prettyPrint": {
|
||||
"default": "true",
|
||||
"description": "Returns response with indentations and line breaks.",
|
||||
"location": "query",
|
||||
"type": "boolean"
|
||||
},
|
||||
"quotaUser": {
|
||||
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"uploadType": {
|
||||
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"upload_protocol": {
|
||||
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"protocol": "rest",
|
||||
"resources": {
|
||||
"delegates": {
|
||||
"methods": {
|
||||
"create": {
|
||||
"description": "Creates a contact delegations",
|
||||
"flatPath": "users/{user}/delegates",
|
||||
"httpMethod": "POST",
|
||||
"id": "contactdelegations.delegates.create",
|
||||
"parameterOrder": [
|
||||
"user"
|
||||
],
|
||||
"parameters": {
|
||||
"user": {
|
||||
"description": "Email address of the delegator.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "users/{user}/delegates/{delegate}",
|
||||
"request": {
|
||||
"$ref": "Delegate"
|
||||
},
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.contact.delegation"
|
||||
]
|
||||
},
|
||||
"delete": {
|
||||
"description": "Deletes a contact delegation.",
|
||||
"flatPath": "users/{user}/delegates/{delegate}",
|
||||
"httpMethod": "DELETE",
|
||||
"id": "contactdelegations.delegates.delete",
|
||||
"parameterOrder": [
|
||||
"user",
|
||||
"delegate"
|
||||
],
|
||||
"parameters": {
|
||||
"delegate": {
|
||||
"description": "Email address of the delegate",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
},
|
||||
"user": {
|
||||
"description": "Email address of the delegator.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "users/{user}/delegates/{delegate}",
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.contact.delegation"
|
||||
]
|
||||
},
|
||||
"list": {
|
||||
"description": "Lists contact delegates for a user",
|
||||
"flatPath": "users/{user}/delegates",
|
||||
"httpMethod": "GET",
|
||||
"id": "contactdelegations.delegates.list",
|
||||
"parameterOrder": [
|
||||
"user"
|
||||
],
|
||||
"parameters": {
|
||||
"pageSize": {
|
||||
"description": "Determines how many delegates are returned in each response. ",
|
||||
"format": "int32",
|
||||
"location": "query",
|
||||
"minimum": "1",
|
||||
"type": "integer"
|
||||
},
|
||||
"pageToken": {
|
||||
"description": "Token to specify the next page in the list.",
|
||||
"location": "query",
|
||||
"type": "string"
|
||||
},
|
||||
"user": {
|
||||
"description": "Email address of the delegator.",
|
||||
"location": "path",
|
||||
"required": true,
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"path": "users/{user}/delegates",
|
||||
"response": {
|
||||
"$ref": "Delegates"
|
||||
},
|
||||
"scopes": [
|
||||
"https://www.googleapis.com/auth/admin.contact.delegation",
|
||||
"https://www.googleapis.com/auth/admin.contact.delegation.readonly"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"rootUrl": "https://admin.googleapis.com/admin/contacts/v1/",
|
||||
"schemas": {
|
||||
"Delegate": {
|
||||
"description": "JSON template for a delegate.",
|
||||
"id": "Delegate",
|
||||
"properties": {
|
||||
"email": {
|
||||
"description": "Email of the delegate.",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
},
|
||||
"Delegates": {
|
||||
"id": "Delegates",
|
||||
"properties": {
|
||||
"delegates": {
|
||||
"description": "List of delegates.",
|
||||
"items": {
|
||||
"$ref": "Delegate"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"etag": {
|
||||
"description": "ETag of the resource.",
|
||||
"type": "string"
|
||||
},
|
||||
"kind": {
|
||||
"default": "",
|
||||
"description": "Kind of resource this is.",
|
||||
"type": "string"
|
||||
},
|
||||
"nextPageToken": {
|
||||
"description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
}
|
||||
},
|
||||
"servicePath": "",
|
||||
"title": "Contact Delegation API",
|
||||
"version": "v1",
|
||||
"version_module": true
|
||||
}
|
||||
@@ -1,380 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
usage()
|
||||
{
|
||||
cat << EOF
|
||||
GAM installation script.
|
||||
|
||||
OPTIONS:
|
||||
-h show help.
|
||||
-d Directory where gam folder will be installed. Default is \$HOME/bin/
|
||||
-a Architecture to install (i386, x86_64, x86_64_legacy, arm, arm64). Default is to detect your arch with "uname -m".
|
||||
-o OS we are running (linux, macos). Default is to detect your OS with "uname -s".
|
||||
-b OS version. Default is to detect on MacOS and Linux.
|
||||
-l Just upgrade GAM to latest version. Skips project creation and auth.
|
||||
-p Profile update (true, false). Should script add gam command to environment. Default is true.
|
||||
-u Admin user email address to use with GAM. Default is to prompt.
|
||||
-r Regular user email address. Used to test service account access to user data. Default is to prompt.
|
||||
-v Version to install (latest, prerelease, draft, 3.8, etc). Default is latest.
|
||||
EOF
|
||||
}
|
||||
|
||||
target_dir="$HOME/bin"
|
||||
gamarch=$(uname -m)
|
||||
gamos=$(uname -s)
|
||||
osversion=""
|
||||
update_profile=true
|
||||
upgrade_only=false
|
||||
gamversion="latest"
|
||||
adminuser=""
|
||||
regularuser=""
|
||||
gam_glibc_vers="2.35"
|
||||
|
||||
while getopts "hd:a:o:b:lp:u:r:v:" OPTION
|
||||
do
|
||||
case $OPTION in
|
||||
h) usage; exit;;
|
||||
d) target_dir="$OPTARG";;
|
||||
a) gamarch="$OPTARG";;
|
||||
o) gamos="$OPTARG";;
|
||||
b) osversion="$OPTARG";;
|
||||
l) upgrade_only=true;;
|
||||
p) update_profile="$OPTARG";;
|
||||
u) adminuser="$OPTARG";;
|
||||
r) regularuser="$OPTARG";;
|
||||
v) gamversion="$OPTARG";;
|
||||
?) usage; exit;;
|
||||
esac
|
||||
done
|
||||
|
||||
# remove possible / from end of target_dir
|
||||
target_dir=${target_dir%/}
|
||||
|
||||
update_profile() {
|
||||
[ "$2" -eq 1 ] || [ -f "$1" ] || return 1
|
||||
|
||||
grep -F "$alias_line" "$1" > /dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo_yellow "Adding gam alias to profile file $1."
|
||||
echo -e "\n$alias_line" >> "$1"
|
||||
else
|
||||
echo_yellow "gam alias already exists in profile file $1. Skipping add."
|
||||
fi
|
||||
}
|
||||
|
||||
echo_red()
|
||||
{
|
||||
echo -e "\x1B[1;31m$1"
|
||||
echo -e '\x1B[0m'
|
||||
}
|
||||
|
||||
echo_green()
|
||||
{
|
||||
echo -e "\x1B[1;32m$1"
|
||||
echo -e '\x1B[0m'
|
||||
}
|
||||
|
||||
echo_yellow()
|
||||
{
|
||||
echo -e "\x1B[1;33m$1"
|
||||
echo -e '\x1B[0m'
|
||||
}
|
||||
|
||||
version_gt()
|
||||
{
|
||||
# MacOS < 10.13 doesn't support sort -V
|
||||
echo "" | sort -V > /dev/null 2>&1
|
||||
vsort_failed=$?
|
||||
if [ "${1}" = "${2}" ]; then
|
||||
true
|
||||
elif (( $vsort_failed != 0 )); then
|
||||
false
|
||||
else
|
||||
test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
case $gamos in
|
||||
[lL]inux)
|
||||
gamos="linux"
|
||||
if [ "$osversion" == "" ]; then
|
||||
this_glibc_ver=$(ldd --version | awk '/ldd/{print $NF}')
|
||||
else
|
||||
this_glibc_ver=$osversion
|
||||
fi
|
||||
echo "This Linux distribution uses glibc $this_glibc_ver"
|
||||
useglibc="legacy"
|
||||
for gam_glibc_ver in $gam_glibc_vers; do
|
||||
if version_gt "$this_glibc_ver" "$gam_glibc_ver"; then
|
||||
useglibc="glibc$gam_glibc_ver"
|
||||
echo_green "Using GAM compiled against $useglibc"
|
||||
break
|
||||
fi
|
||||
done
|
||||
case $gamarch in
|
||||
x86_64) gamfile="linux-x86_64-$useglibc.tar.xz";;
|
||||
arm64|aarch64) gamfile="linux-aarch64-$useglibc.tar.xz";;
|
||||
*)
|
||||
echo_red "ERROR: this installer currently only supports x86_64 and arm64 Linux. Looks like you're running on $gamarch. Exiting."
|
||||
exit
|
||||
esac
|
||||
;;
|
||||
[Mm]ac[Oo][sS]|[Dd]arwin)
|
||||
gamos="macos"
|
||||
if [ "$osversion" == "" ]; then
|
||||
this_macos_ver=$(sw_vers -productVersion)
|
||||
else
|
||||
this_macos_ver=$osversion
|
||||
fi
|
||||
echo "You are running MacOS $this_macos_ver"
|
||||
gamfile="macos-universal2.tar.xz"
|
||||
;;
|
||||
MINGW64_NT*)
|
||||
gamos="windows"
|
||||
echo "You are running Windows"
|
||||
gamfile="-windows-x86_64.zip"
|
||||
;;
|
||||
*)
|
||||
echo_red "Sorry, this installer currently only supports Linux and MacOS. Looks like you're running on $gamos. Exiting."
|
||||
exit
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "$gamversion" == "latest" -o "$gamversion" == "prerelease" -o "$gamversion" == "draft" ]; then
|
||||
release_url="https://api.github.com/repos/GAM-team/GAM/releases"
|
||||
else
|
||||
release_url="https://api.github.com/repos/GAM-team/GAM/releases/tags/v$gamversion"
|
||||
fi
|
||||
|
||||
if [ -z ${GHCLIENT+x} ]; then
|
||||
check_type="unauthenticated"
|
||||
else
|
||||
check_type="authenticated"
|
||||
fi
|
||||
|
||||
echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
|
||||
release_json=$(curl -s "$GHCLIENT" "$release_url" 2>&1 /dev/null)
|
||||
|
||||
echo_yellow "Getting file and download URL..."
|
||||
# Python is sadly the nearest to universal way to safely handle JSON with Bash
|
||||
# At least this code should be compatible with just about any Python version ever
|
||||
# unlike GAM itself. If some users don't have Python we can try grep / sed / etc
|
||||
# but that gets really ugly
|
||||
pycode="import json
|
||||
import sys
|
||||
|
||||
attrib = sys.argv[1]
|
||||
gamversion = sys.argv[2]
|
||||
|
||||
release = json.load(sys.stdin)
|
||||
if type(release) is list:
|
||||
for a_release in release:
|
||||
if a_release['prerelease'] and gamversion != 'prerelease':
|
||||
continue
|
||||
elif a_release['draft'] and gamversion != 'draft':
|
||||
continue
|
||||
release = a_release
|
||||
break
|
||||
try:
|
||||
for asset in release['assets']:
|
||||
if asset[attrib].endswith('$gamfile'):
|
||||
print(asset[attrib])
|
||||
break
|
||||
else:
|
||||
print('ERROR: Attribute: {0} for $gamfile version {1} not found'.format(attrib, gamversion))
|
||||
except KeyError:
|
||||
print('ERROR: assets value not found in JSON value of:\n\n%s' % release)"
|
||||
|
||||
pycmd="python3"
|
||||
$pycmd -V >/dev/null 2>&1
|
||||
rc=$?
|
||||
if (( $rc != 0 )); then
|
||||
pycmd="python"
|
||||
fi
|
||||
$pycmd -V >/dev/null 2>&1
|
||||
rc=$?
|
||||
if (( $rc != 0 )); then
|
||||
pycmd="python2"
|
||||
fi
|
||||
$pycmd -V >/dev/null 2>&1
|
||||
rc=$?
|
||||
if (( $rc != 0 )); then
|
||||
echo_red "ERROR: No version of python installed."
|
||||
exit
|
||||
fi
|
||||
|
||||
browser_download_url=$(echo "$release_json" | $pycmd -c "$pycode" browser_download_url "$gamversion")
|
||||
if [[ ${browser_download_url:0:5} = "ERROR" ]]; then
|
||||
echo_red "${browser_download_url}"
|
||||
exit
|
||||
fi
|
||||
name=$(echo "$release_json" | $pycmd -c "$pycode" name "$gamversion")
|
||||
if [[ ${name:0:5} = "ERROR" ]]; then
|
||||
echo_red "${name}"
|
||||
exit
|
||||
fi
|
||||
# Temp dir for archive
|
||||
#temp_archive_dir=$(mktemp -d)
|
||||
temp_archive_dir=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
|
||||
|
||||
# Clean up after ourselves even if we are killed with CTRL-C
|
||||
trap "rm -rf $temp_archive_dir" EXIT
|
||||
|
||||
echo_yellow "Downloading file $name from $browser_download_url to $temp_archive_dir ($check_type)..."
|
||||
# Save archive to temp w/o losing our path
|
||||
(cd "$temp_archive_dir" && curl -# -O -L $GHCLIENT $browser_download_url)
|
||||
|
||||
mkdir -p "$target_dir"
|
||||
|
||||
echo_yellow "Extracting archive to $target_dir"
|
||||
if [[ "${name}" == *.tar.xz ]]; then
|
||||
tar xf "$temp_archive_dir"/"$name" -C "$target_dir"
|
||||
else
|
||||
unzip "${temp_archive_dir}/${name}" -d "${target_dir}"
|
||||
fi
|
||||
rc=$?
|
||||
if (( $rc != 0 )); then
|
||||
echo_red "ERROR: extracting the GAM archive with tar failed with error $rc. Exiting."
|
||||
exit
|
||||
else
|
||||
echo_green "Finished extracting GAM archive."
|
||||
fi
|
||||
|
||||
# Update profile to add gam command
|
||||
if [ "$update_profile" = true ]; then
|
||||
alias_line="function gam() { \"$target_dir/gam/gam\" \"\$@\" ; }"
|
||||
if [ "$gamos" == "linux" ]; then
|
||||
update_profile "$HOME/.bash_aliases" 0 || update_profile "$HOME/.bash_profile" 0 || update_profile "$HOME/.bashrc" 0
|
||||
update_profile "$HOME/.zshrc" 0
|
||||
elif [ "$gamos" == "macos" ]; then
|
||||
update_profile "$HOME/.bash_aliases" 0 || update_profile "$HOME/.bash_profile" 0 || update_profile "$HOME/.bashrc" 0 || update_profile "$HOME/.profile" 1
|
||||
update_profile "$HOME/.zshrc" 1
|
||||
fi
|
||||
else
|
||||
echo_yellow "skipping profile update."
|
||||
fi
|
||||
|
||||
if [ "$upgrade_only" = true ]; then
|
||||
echo_green "Here's information about your GAM upgrade:"
|
||||
"$target_dir/gam/gam" version extended
|
||||
rc=$?
|
||||
if (( $rc != 0 )); then
|
||||
echo_red "ERROR: Failed running GAM for the first time with $rc. Please report this error to GAM mailing list. Exiting."
|
||||
exit
|
||||
fi
|
||||
|
||||
echo_green "GAM upgrade complete!"
|
||||
exit
|
||||
fi
|
||||
|
||||
while true; do
|
||||
read -p "Can you run a full browser on this machine? (usually Y for MacOS, N for Linux if you SSH into this machine) " yn
|
||||
case $yn in
|
||||
[Yy]*)
|
||||
break
|
||||
;;
|
||||
[Nn]*)
|
||||
touch "$target_dir/gam/nobrowser.txt" > /dev/null 2>&1
|
||||
break
|
||||
;;
|
||||
*)
|
||||
echo_red "Please answer yes or no."
|
||||
;;
|
||||
esac
|
||||
done
|
||||
echo
|
||||
|
||||
project_created=false
|
||||
while true; do
|
||||
read -p "GAM is now installed. Are you ready to set up a Google API project for GAM? (yes or no) " yn
|
||||
case $yn in
|
||||
[Yy]*)
|
||||
if [ "$adminuser" == "" ]; then
|
||||
read -p "Please enter your Google Workspace admin email address: " adminuser
|
||||
fi
|
||||
"$target_dir/gam/gam" create project "$adminuser"
|
||||
rc=$?
|
||||
if (( $rc == 0 )); then
|
||||
echo_green "Project creation complete."
|
||||
project_created=true
|
||||
break
|
||||
else
|
||||
echo_red "Project creation failed. Trying again. Say N to skip project creation."
|
||||
fi
|
||||
;;
|
||||
[Nn]*)
|
||||
echo -e "\nYou can create an API project later by running:\n\ngam create project\n"
|
||||
break
|
||||
;;
|
||||
*)
|
||||
echo_red "Please answer yes or no."
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
admin_authorized=false
|
||||
while $project_created; do
|
||||
read -p "Are you ready to authorize GAM to perform Google Workspace management operations as your admin account? (yes or no) " yn
|
||||
case $yn in
|
||||
[Yy]*)
|
||||
"$target_dir/gam/gam" oauth create "$adminuser"
|
||||
rc=$?
|
||||
if (( $rc == 0 )); then
|
||||
echo_green "Admin authorization complete."
|
||||
admin_authorized=true
|
||||
break
|
||||
else
|
||||
echo_red "Admin authorization failed. Trying again. Say N to skip admin authorization."
|
||||
fi
|
||||
;;
|
||||
[Nn]*)
|
||||
echo -e "\nYou can authorize an admin later by running:\n\ngam oauth create\n"
|
||||
break
|
||||
;;
|
||||
*)
|
||||
echo_red "Please answer yes or no."
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
service_account_authorized=false
|
||||
while $project_created; do
|
||||
read -p "Are you ready to authorize GAM to manage Google Workspace user data and settings? (yes or no) " yn
|
||||
case $yn in
|
||||
[Yy]*)
|
||||
if [ "$regularuser" == "" ]; then
|
||||
read -p "Please enter the email address of a regular Google Workspace user: " regularuser
|
||||
fi
|
||||
echo_yellow "Great! Checking service account scopes.This will fail the first time. Follow the steps to authorize and retry. It can take a few minutes for scopes to PASS after they've been authorized in the admin console."
|
||||
"$target_dir/gam/gam" user "$adminuser" check serviceaccount
|
||||
rc=$?
|
||||
if (( $rc == 0 )); then
|
||||
echo_green "Service account authorization complete."
|
||||
service_account_authorized=true
|
||||
break
|
||||
else
|
||||
echo_red "Service account authorization failed. Confirm you entered the scopes correctly in the admin console. It can take a few minutes for scopes to PASS after they are entered in the admin console so if you're sure you entered them correctly, go grab a coffee and then hit Y to try again. Say N to skip admin authorization."
|
||||
fi
|
||||
;;
|
||||
[Nn]*)
|
||||
echo -e "\nYou can authorize a service account later by running:\n\ngam check serviceaccount\n"
|
||||
break
|
||||
;;
|
||||
*)
|
||||
echo_red "Please answer yes or no."
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
echo_green "Here's information about your new GAM installation:"
|
||||
"$target_dir/gam/gam" version extended
|
||||
rc=$?
|
||||
if (( $rc != 0 )); then
|
||||
echo_red "ERROR: Failed running GAM for the first time with $rc. Please report this error to GAM mailing list. Exiting."
|
||||
exit
|
||||
fi
|
||||
|
||||
echo_green "GAM installation and setup complete!"
|
||||
if [ "$update_profile" = true ]; then
|
||||
echo_green "Please restart your terminal shell or to get started right away run:\n\n$alias_line"
|
||||
fi
|
||||
@@ -1,87 +0,0 @@
|
||||
:neworupgrade
|
||||
@echo(
|
||||
@set /p nu= "Is this a new install or an upgrade? [n or u] "
|
||||
@if /I "%nu%"=="u" (
|
||||
@ echo GAM installation and setup complete!
|
||||
@ goto alldone
|
||||
)
|
||||
@if /I not "%nu%"=="n" (
|
||||
@ echo(
|
||||
@ echo Please answer n or u.
|
||||
@ goto neworupgrade
|
||||
)
|
||||
|
||||
:createproject
|
||||
@echo(
|
||||
@set /p yn= "Are you ready to set up a Google API project for GAM? [y or n] "
|
||||
@if /I "%yn%"=="n" (
|
||||
@ echo(
|
||||
@ echo You can create an API project later by running:
|
||||
@ echo(
|
||||
@ echo gam create project
|
||||
@ goto alldone
|
||||
)
|
||||
@if /I not "%yn%"=="y" (
|
||||
@ echo(
|
||||
@ echo Please answer y or n.
|
||||
@ goto createproject
|
||||
)
|
||||
@echo(
|
||||
@set /p adminemail= "Please enter your Google Workspace admin email address: "
|
||||
@gam create project %adminemail%
|
||||
@if not ERRORLEVEL 1 goto projectdone
|
||||
@echo(
|
||||
@echo Project creation failed. Trying again. Say n to skip project creation.
|
||||
@goto createproject
|
||||
:projectdone
|
||||
|
||||
:adminauth
|
||||
@echo(
|
||||
@set /p yn= "Are you ready to authorize GAM to perform Google Workspace management operations as your admin account? [y or n] "
|
||||
@if /I "%yn%"=="n" (
|
||||
@ echo(
|
||||
@ echo You can authorize an admin later by running:
|
||||
@ echo(
|
||||
@ echo gam oauth create %adminemail%
|
||||
@ goto admindone
|
||||
)
|
||||
@if /I not "%yn%"=="y" (
|
||||
@ echo(
|
||||
@ echo Please answer y or n.
|
||||
@ goto adminauth
|
||||
)
|
||||
@gam oauth create %adminemail%
|
||||
@if not ERRORLEVEL 1 goto admindone
|
||||
@echo(
|
||||
@echo Admin authorization failed. Trying again. Say n to skip admin authorization.
|
||||
@goto adminauth
|
||||
:admindone
|
||||
|
||||
:saauth
|
||||
@echo(
|
||||
@set /p yn= "Are you ready to authorize GAM to manage Google Workspace user data and settings? [y or n] "
|
||||
@if /I "%yn%"=="n" (
|
||||
@ echo(
|
||||
@ echo You can authorize a service account later by running:
|
||||
@ echo(
|
||||
@ echo gam user %adminemail% check serviceaccount
|
||||
@ goto sadone
|
||||
)
|
||||
@if /I not "%yn%"=="y" (
|
||||
@ echo(
|
||||
@ echo Please answer y or n.
|
||||
@ goto saauth
|
||||
)
|
||||
@echo(
|
||||
@set /p regularuser= "Please enter the email address of a regular Google Workspace user: "
|
||||
@echo Great! Checking service account scopes. This will fail the first time. Follow the steps to authorize and retry. It can take a few minutes for scopes to PASS after they've been authorized in the admin console.
|
||||
@gam user %regularuser% check serviceaccount
|
||||
@if not ERRORLEVEL 1 goto sadone
|
||||
@echo(
|
||||
@echo Service account authorization failed. Confirm you entered the scopes correctly in the admin console. It can take a few minutes for scopes to PASS after they are entered in the admin console so if you're sure you entered them correctly, go grab a coffee and then hit Y to try again. Say N to skip admin authorization.
|
||||
@goto saauth
|
||||
:sadone
|
||||
|
||||
@echo GAM installation and setup complete!
|
||||
:alldone
|
||||
@pause
|
||||
10
src/gam.py
10
src/gam.py
@@ -1,10 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Provides backwards compatibility for calling gam as a single .py file"""
|
||||
|
||||
import sys
|
||||
|
||||
from gam.__main__ import main
|
||||
|
||||
# Run from command line
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
110
src/gam.spec
110
src/gam.spec
@@ -1,110 +0,0 @@
|
||||
# -*- mode: python ; coding: utf-8 -*-
|
||||
from os import getenv
|
||||
from sys import platform
|
||||
|
||||
from PyInstaller.utils.hooks import copy_metadata
|
||||
|
||||
|
||||
extra_files = []
|
||||
extra_files += copy_metadata('google-api-python-client')
|
||||
extra_files += [('cbcm-v1.1beta1.json', '.')]
|
||||
extra_files += [('contactdelegation-v1.json', '.')]
|
||||
extra_files += [('admin-directory_v1.1beta1.json', '.')]
|
||||
extra_files += [('roots.pem', '.')]
|
||||
hidden_imports = [
|
||||
'gam.auth.yubikey',
|
||||
]
|
||||
a = Analysis(
|
||||
['gam/__main__.py'],
|
||||
pathex=[],
|
||||
binaries=[],
|
||||
datas=extra_files,
|
||||
hiddenimports=hidden_imports,
|
||||
hookspath=[],
|
||||
hooksconfig={},
|
||||
runtime_hooks=[],
|
||||
excludes=[],
|
||||
win_no_prefer_redirects=False,
|
||||
win_private_assemblies=False,
|
||||
cipher=None,
|
||||
noarchive=False,
|
||||
)
|
||||
for d in a.datas:
|
||||
if 'pyconfig' in d[0]:
|
||||
a.datas.remove(d)
|
||||
break
|
||||
pyz = PYZ(a.pure,
|
||||
a.zipped_data,
|
||||
cipher=None)
|
||||
# requires Python 3.10+ but no one should be compiling
|
||||
# GAM with older versions anyway
|
||||
match platform:
|
||||
case "darwin":
|
||||
target_arch = "universal2"
|
||||
strip = True
|
||||
case "win32":
|
||||
target_arch = None
|
||||
strip = False
|
||||
case _:
|
||||
target_arch = None
|
||||
strip = True
|
||||
name = 'gam'
|
||||
debug = False
|
||||
bootloader_ignore_signals = False
|
||||
upx = False
|
||||
console = True
|
||||
disable_windowed_traceback = False
|
||||
argv_emulation = False
|
||||
codesign_identity = None
|
||||
entitlements_file = None
|
||||
if getenv('PYINSTALLER_BUILD_ONEFILE') == 'yes':
|
||||
# Build one file
|
||||
exe = EXE(
|
||||
pyz,
|
||||
a.scripts,
|
||||
a.binaries,
|
||||
a.zipfiles,
|
||||
a.datas,
|
||||
[],
|
||||
name=name,
|
||||
debug=debug,
|
||||
bootloader_ignore_signals=bootloader_ignore_signals,
|
||||
strip=strip,
|
||||
upx=upx,
|
||||
console=console,
|
||||
disable_windowed_traceback=disable_windowed_traceback,
|
||||
argv_emulation=argv_emulation,
|
||||
target_arch=target_arch,
|
||||
codesign_identity=codesign_identity,
|
||||
entitlements_file=entitlements_file,
|
||||
)
|
||||
else:
|
||||
# Build one folder
|
||||
exe = EXE(
|
||||
pyz,
|
||||
a.scripts,
|
||||
[],
|
||||
exclude_binaries=True,
|
||||
name=name,
|
||||
debug=debug,
|
||||
bootloader_ignore_signals=bootloader_ignore_signals,
|
||||
strip=strip,
|
||||
upx=upx,
|
||||
console=console,
|
||||
disable_windowed_traceback=disable_windowed_traceback,
|
||||
argv_emulation=argv_emulation,
|
||||
target_arch=target_arch,
|
||||
codesign_identity=codesign_identity,
|
||||
entitlements_file=entitlements_file,
|
||||
)
|
||||
coll = COLLECT(
|
||||
exe,
|
||||
a.binaries,
|
||||
a.zipfiles,
|
||||
a.datas,
|
||||
strip=strip,
|
||||
upx=upx,
|
||||
upx_exclude=[],
|
||||
name=name,
|
||||
)
|
||||
|
||||
74
src/gam.wxs
74
src/gam.wxs
@@ -1,74 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" >
|
||||
<Product
|
||||
Id="*"
|
||||
Name="GAM"
|
||||
Language="1033"
|
||||
Version="$(env.GAMVERSION)"
|
||||
Manufacturer="Jay Lee - jay0lee@gmail.com"
|
||||
UpgradeCode="15C5FD61-B04C-4E04-A26D-CD8424C19D9F">
|
||||
<Package
|
||||
InstallerVersion="200" Compressed="yes" InstallScope="perMachine" />
|
||||
|
||||
<MajorUpgrade
|
||||
DowngradeErrorMessage=
|
||||
"A newer version of [ProductName] is already installed."
|
||||
Schedule="afterInstallExecute" />
|
||||
<MediaTemplate EmbedCab="yes" />
|
||||
|
||||
<Property Id="WIXUI_INSTALLDIR" Value="INSTALLFOLDER" />
|
||||
<WixVariable Id="WixUILicenseRtf" Value="LICENSE.rtf" />
|
||||
<UIRef Id="WixUI_InstallDir" />
|
||||
|
||||
<Feature
|
||||
Id="gam"
|
||||
Title="GAM"
|
||||
Level="1">
|
||||
<ComponentGroupRef Id="ProductComponents" />
|
||||
</Feature>
|
||||
</Product>
|
||||
|
||||
<Fragment>
|
||||
<Directory Id="TARGETDIR" Name="SourceDir">
|
||||
<Directory Id="ROOTDRIVE">
|
||||
<Directory Id="INSTALLFOLDER" Name="GAM" />
|
||||
</Directory>
|
||||
</Directory>
|
||||
</Fragment>
|
||||
|
||||
<Fragment>
|
||||
<!-- Group of components that are our main application items -->
|
||||
<ComponentGroup
|
||||
Id="ProductComponents"
|
||||
Directory="INSTALLFOLDER"
|
||||
Source="dist/gam">
|
||||
<Component Id="gam_exe" Guid="886abc07-73c5-4acc-9f71-58daf62aabc1">
|
||||
<File Name="gam.exe" KeyPath="yes" />
|
||||
<Environment Id="PATH" Name="PATH" Value="[INSTALLFOLDER]" Permanent="yes" Part="last" Action="set" System="yes" />
|
||||
</Component>
|
||||
<Component Id="license" Guid="7a15de2e-fb91-4d0a-b8bf-c8b19c68f569">
|
||||
<File Name="LICENSE" KeyPath="yes" />
|
||||
</Component>
|
||||
<Component Id="gam_setup_bat" Guid="ef01f93a-4b50-488a-9c04-ec5e13e66218">
|
||||
<File Name="gam-setup.bat" KeyPath="yes" />
|
||||
</Component>
|
||||
<Component Id="gamcommands_txt" Guid="58ff9c45-a7c9-4e22-8845-a9a92610c1f3">
|
||||
<File Name="gamcommands.txt" KeyPath="yes" />
|
||||
</Component>
|
||||
<Component Id="roots_pem" Guid="18ff9c45-a3c9-4e22-8445-a8a92610c1f3">
|
||||
<File Name="roots.pem" KeyPath="yes" />
|
||||
</Component>
|
||||
</ComponentGroup>
|
||||
</Fragment>
|
||||
|
||||
<Fragment>
|
||||
<InstallUISequence>
|
||||
<ExecuteAction />
|
||||
<Show Dialog="WelcomeDlg" Before="ProgressDlg" />
|
||||
</InstallUISequence>
|
||||
<CustomAction Id="setup_gam" ExeCommand="[INSTALLFOLDER]gam-setup.bat" Directory="INSTALLFOLDER" Execute="commit" Impersonate="yes" Return="asyncWait"/>
|
||||
<InstallExecuteSequence>
|
||||
<Custom Action="setup_gam" After="InstallFiles" >NOT Installed AND NOT UPGRADINGPRODUCTCODE AND NOT WIX_UPGRADE_DETECTED</Custom>
|
||||
</InstallExecuteSequence>
|
||||
</Fragment>
|
||||
</Wix>
|
||||
12480
src/gam/__init__.py
12480
src/gam/__init__.py
File diff suppressed because it is too large
Load Diff
@@ -1,49 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
#
|
||||
# GAM
|
||||
#
|
||||
# Copyright 2019, LLC All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
"""GAM is a command line tool which allows Administrators to control their Google Workspace domain and accounts.
|
||||
|
||||
With GAM you can programmatically create users, turn on/off services for users like POP and Forwarding and much more.
|
||||
For more information, see https://jaylee.us/gam
|
||||
"""
|
||||
|
||||
import sys
|
||||
from multiprocessing import freeze_support
|
||||
from multiprocessing import set_start_method
|
||||
|
||||
from gam import controlflow
|
||||
import gam
|
||||
|
||||
|
||||
def main():
|
||||
freeze_support()
|
||||
if sys.platform == 'darwin':
|
||||
# https://bugs.python.org/issue33725 in Python 3.8.0 seems
|
||||
# to break parallel operations with errors about extra -b
|
||||
# command line arguments
|
||||
set_start_method('fork')
|
||||
if sys.version_info[0] < 3 or sys.version_info[1] < 7:
|
||||
controlflow.system_error_exit(
|
||||
5,
|
||||
f'GAM requires Python 3.7 or newer. You are running %s.%s.%s. Please upgrade your Python version or use one of the binary GAM downloads.'
|
||||
% sys.version_info[:3])
|
||||
sys.exit(gam.ProcessGAMCommand(sys.argv))
|
||||
|
||||
|
||||
# Run from command line
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
@@ -1,57 +0,0 @@
|
||||
"""Authentication/Credentials general purpose and convenience methods."""
|
||||
|
||||
import json
|
||||
import os
|
||||
|
||||
from google.auth.jwt import Credentials as JWTCredentials
|
||||
|
||||
import gam
|
||||
from gam import utils
|
||||
|
||||
from gam.auth import oauth
|
||||
from gam.var import _FN_OAUTH2_TXT
|
||||
from gam.var import _FN_OAUTH2SERVICE_JSON
|
||||
from gam.var import GC_OAUTH2_TXT
|
||||
from gam.var import GC_OAUTH2SERVICE_JSON
|
||||
from gam.var import GC_ENABLE_DASA
|
||||
from gam.var import GC_Values
|
||||
|
||||
yubikey = utils.LazyLoader('yubikey', globals(), 'gam.auth.yubikey')
|
||||
# TODO: Move logic that determines file name into this module. We should be able
|
||||
# to discover the file location without accessing a private member or waiting
|
||||
# for a global initialization.
|
||||
|
||||
|
||||
def get_admin_credentials_filename():
|
||||
"""Gets the name of the file that stores the admin account credentials."""
|
||||
# If the environment globals are loaded, use the set global value. It may have
|
||||
# some custom name in it. Otherwise, just use the default name.
|
||||
if GC_Values[GC_ENABLE_DASA]:
|
||||
return GC_Values[GC_OAUTH2SERVICE_JSON] if GC_Values[GC_OAUTH2SERVICE_JSON] else _FN_OAUTH2SERVICE_JSON
|
||||
else:
|
||||
return GC_Values[GC_OAUTH2_TXT] if GC_Values[GC_OAUTH2_TXT] else _FN_OAUTH2_TXT
|
||||
|
||||
|
||||
def get_admin_credentials(api=None):
|
||||
"""Gets oauth.Credentials that are authenticated as the domain's admin user."""
|
||||
credential_file = get_admin_credentials_filename()
|
||||
if not os.path.isfile(credential_file):
|
||||
raise oauth.InvalidCredentialsFileError
|
||||
with open(credential_file) as f:
|
||||
creds_data = json.load(f)
|
||||
# Validate that enable DASA matches content of authorization file
|
||||
if GC_Values[GC_ENABLE_DASA] and 'private_key_id' in creds_data:
|
||||
audience = f'https://{api}.googleapis.com/'
|
||||
key_type = creds_data.get('key_type', 'default')
|
||||
if key_type == 'default':
|
||||
return JWTCredentials.from_service_account_info(creds_data,
|
||||
audience=audience)
|
||||
elif key_type == 'yubikey':
|
||||
yksigner = yubikey.YubiKey(creds_data)
|
||||
return JWTCredentials._from_signer_and_info(yksigner,
|
||||
creds_data,
|
||||
audience=audience)
|
||||
elif not GC_Values[GC_ENABLE_DASA] and 'token' in creds_data:
|
||||
return oauth.Credentials.from_credentials_file(credential_file)
|
||||
else:
|
||||
raise oauth.InvalidCredentialsFileError
|
||||
@@ -1,690 +0,0 @@
|
||||
"""OAuth2.0 user credentials."""
|
||||
|
||||
import datetime
|
||||
import ipaddress
|
||||
import json
|
||||
import multiprocessing
|
||||
import os
|
||||
import re
|
||||
from socket import gethostbyname
|
||||
import sys
|
||||
from time import sleep
|
||||
import threading
|
||||
from urllib.parse import urlencode, urlparse, parse_qs
|
||||
import wsgiref.simple_server
|
||||
import wsgiref.util
|
||||
import webbrowser
|
||||
|
||||
from filelock import FileLock
|
||||
import google_auth_oauthlib.flow
|
||||
import google.oauth2.credentials
|
||||
import google.oauth2.id_token
|
||||
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import fileutils
|
||||
from gam import transport
|
||||
from gam.var import (GC_CA_FILE,
|
||||
GC_Values,
|
||||
GM_Globals,
|
||||
GM_WINDOWS)
|
||||
from gam import utils
|
||||
|
||||
|
||||
MESSAGE_CONSOLE_AUTHORIZATION_PROMPT = '''\nGo to the following link in your browser:
|
||||
|
||||
\t{url}
|
||||
|
||||
IMPORTANT: If you get a browser error that the site can't be reached AFTER you
|
||||
click the Allow button, copy the URL from the browser where the error occurred
|
||||
and paste that here instead.
|
||||
'''
|
||||
MESSAGE_CONSOLE_AUTHORIZATION_CODE = 'Enter verification code or browser URL: '
|
||||
MESSAGE_LOCAL_SERVER_AUTHORIZATION_PROMPT = ('\nYour browser has been opened to'
|
||||
' visit:\n\n\t{url}\n\nIf your '
|
||||
'browser is on a different machine'
|
||||
' then press CTRL+C and create a '
|
||||
'file called nobrowser.txt in the '
|
||||
'same folder as GAM.\n')
|
||||
MESSAGE_LOCAL_SERVER_SUCCESS = ('The authentication flow has completed. You may'
|
||||
' close this browser window and return to GAM.')
|
||||
|
||||
MESSAGE_AUTHENTICATION_COMPLETE = ('\nThe authentication flow has completed.\n')
|
||||
|
||||
|
||||
class CredentialsError(Exception):
|
||||
"""Base error class."""
|
||||
pass
|
||||
|
||||
|
||||
class InvalidCredentialsFileError(CredentialsError):
|
||||
"""Error raised when a file cannot be opened into a credentials object."""
|
||||
pass
|
||||
|
||||
|
||||
class EmptyCredentialsFileError(InvalidCredentialsFileError):
|
||||
"""Error raised when a credentials file contains no content."""
|
||||
pass
|
||||
|
||||
|
||||
class InvalidClientSecretsFileFormatError(CredentialsError):
|
||||
"""Error raised when a client secrets file format is invalid."""
|
||||
pass
|
||||
|
||||
|
||||
class InvalidClientSecretsFileError(CredentialsError):
|
||||
"""Error raised when client secrets file cannot be read."""
|
||||
pass
|
||||
|
||||
|
||||
class Credentials(google.oauth2.credentials.Credentials):
|
||||
"""Google OAuth2.0 Credentials with GAM-specific properties and methods."""
|
||||
|
||||
DATETIME_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
|
||||
|
||||
def __init__(self,
|
||||
token,
|
||||
refresh_token=None,
|
||||
id_token=None,
|
||||
token_uri=None,
|
||||
client_id=None,
|
||||
client_secret=None,
|
||||
scopes=None,
|
||||
quota_project_id=None,
|
||||
expiry=None,
|
||||
id_token_data=None,
|
||||
filename=None):
|
||||
"""A thread-safe OAuth2.0 credentials object.
|
||||
|
||||
Credentials adds additional utility properties and methods to a
|
||||
standard OAuth2.0 credentials object. When used to store credentials on
|
||||
disk, it implements a file lock to avoid collision during writes.
|
||||
|
||||
Args:
|
||||
token: Optional String, The OAuth 2.0 access token. Can be None if refresh
|
||||
information is provided.
|
||||
refresh_token: String, The OAuth 2.0 refresh token. If specified,
|
||||
credentials can be refreshed.
|
||||
id_token: String, The Open ID Connect ID Token.
|
||||
token_uri: String, The OAuth 2.0 authorization server's token endpoint
|
||||
URI. Must be specified for refresh, can be left as None if the token can
|
||||
not be refreshed.
|
||||
client_id: String, The OAuth 2.0 client ID. Must be specified for refresh,
|
||||
can be left as None if the token can not be refreshed.
|
||||
client_secret: String, The OAuth 2.0 client secret. Must be specified for
|
||||
refresh, can be left as None if the token can not be refreshed.
|
||||
scopes: Sequence[str], The scopes used to obtain authorization.
|
||||
This parameter is used by :meth:`has_scopes`. OAuth 2.0 credentials can
|
||||
not request additional scopes after authorization. The scopes must be
|
||||
derivable from the refresh token if refresh information is provided
|
||||
(e.g. The refresh token scopes are a superset of this or contain a
|
||||
wild card scope like
|
||||
'https://www.googleapis.com/auth/any-api').
|
||||
quota_project_id: String, The project ID used for quota and billing. This
|
||||
project may be different from the project used to create the
|
||||
credentials.
|
||||
expiry: datetime.datetime, The time at which the provided token will
|
||||
expire.
|
||||
id_token_data: Oauth2.0 ID Token data which was previously fetched for
|
||||
this access token against the google.oauth2.id_token library.
|
||||
filename: String, Path to a file that will be used to store the
|
||||
credentials. If provided, a lock file of the same name and a ".lock"
|
||||
extension will be created for concurrency controls. Note: New
|
||||
credentials are not saved to disk until write() or refresh() are
|
||||
called.
|
||||
|
||||
Raises:
|
||||
TypeError: If id_token_data is not the required dict type.
|
||||
"""
|
||||
super().__init__(token=token,
|
||||
refresh_token=refresh_token,
|
||||
id_token=id_token,
|
||||
token_uri=token_uri,
|
||||
client_id=client_id,
|
||||
client_secret=client_secret,
|
||||
scopes=scopes,
|
||||
quota_project_id=quota_project_id)
|
||||
|
||||
# Load data not restored by the super class
|
||||
self.expiry = expiry
|
||||
if id_token_data and not isinstance(id_token_data, dict):
|
||||
raise TypeError(f'Expected type id_token_data dict but received '
|
||||
f'{type(id_token_data)}')
|
||||
self._id_token_data = id_token_data.copy() if id_token_data else None
|
||||
|
||||
# If a filename is provided, use a lock file to control concurrent access
|
||||
# to the resource. If no filename is provided, use a thread lock that has
|
||||
# the same interface as FileLock in order to simplify the implementation.
|
||||
if filename:
|
||||
# Convert relative paths into absolute
|
||||
self._filename = os.path.abspath(filename)
|
||||
lock_file = os.path.abspath(f'{self._filename}.lock')
|
||||
self._lock = FileLock(lock_file)
|
||||
else:
|
||||
self._filename = None
|
||||
self._lock = _FileLikeThreadLock()
|
||||
|
||||
# Use a property to prevent external mutation of the filename.
|
||||
@property
|
||||
def filename(self):
|
||||
return self._filename
|
||||
|
||||
@classmethod
|
||||
def from_authorized_user_info(cls, info, filename=None):
|
||||
"""Generates Credentials from JSON containing authorized user info.
|
||||
|
||||
Args:
|
||||
info: Dict, authorized user info in Google format.
|
||||
filename: String, the filename used to store these credentials on disk. If
|
||||
no filename is provided, the credentials will not be saved to disk.
|
||||
|
||||
Raises:
|
||||
ValueError: If missing fields are detected in the info.
|
||||
"""
|
||||
# We need all of these keys
|
||||
keys_needed = {'client_id', 'client_secret'}
|
||||
# We need 1 or more of these keys
|
||||
keys_need_one_of = {'refresh_token', 'auth_token', 'token'}
|
||||
missing = keys_needed.difference(info.keys())
|
||||
has_one_of = set(info) & keys_need_one_of
|
||||
if missing or not has_one_of:
|
||||
raise ValueError(
|
||||
'Authorized user info was not in the expected format, missing '
|
||||
f'fields {", ".join(missing)} and one of '
|
||||
f'{", ".join(keys_need_one_of)}.')
|
||||
|
||||
expiry = info.get('token_expiry')
|
||||
if expiry:
|
||||
# Convert the raw expiry to datetime
|
||||
expiry = datetime.datetime.strptime(expiry,
|
||||
Credentials.DATETIME_FORMAT)
|
||||
id_token_data = info.get('decoded_id_token')
|
||||
|
||||
# Provide backwards compatibility with field names when loading from JSON.
|
||||
# Some field names may be different, depending on when/how the credentials
|
||||
# were pickled.
|
||||
return cls(token=info.get('token', info.get('auth_token', '')),
|
||||
refresh_token=info.get('refresh_token', ''),
|
||||
id_token=info.get('id_token_jwt', info.get('id_token')),
|
||||
token_uri=info.get('token_uri'),
|
||||
client_id=info['client_id'],
|
||||
client_secret=info['client_secret'],
|
||||
scopes=info.get('scopes'),
|
||||
quota_project_id=info.get('quota_project_id'),
|
||||
expiry=expiry,
|
||||
id_token_data=id_token_data,
|
||||
filename=filename)
|
||||
|
||||
@classmethod
|
||||
def from_google_oauth2_credentials(cls, credentials, filename=None):
|
||||
"""Generates Credentials from a google.oauth2.Credentials object."""
|
||||
info = json.loads(credentials.to_json())
|
||||
# Add properties which are not exported with the native to_json() output.
|
||||
info['id_token'] = credentials.id_token
|
||||
if credentials.expiry:
|
||||
info['token_expiry'] = credentials.expiry.strftime(
|
||||
Credentials.DATETIME_FORMAT)
|
||||
info['quota_project_id'] = credentials.quota_project_id
|
||||
|
||||
return cls.from_authorized_user_info(info, filename=filename)
|
||||
|
||||
@classmethod
|
||||
def from_credentials_file(cls, filename):
|
||||
"""Generates Credentials from a stored Credentials file.
|
||||
|
||||
The same file will be used to save the credentials when the access token is
|
||||
refreshed.
|
||||
|
||||
Args:
|
||||
filename: String, the name of a file containing JSON credentials to load.
|
||||
The same filename will be used to save credentials back to disk.
|
||||
|
||||
Returns:
|
||||
The credentials loaded from disk.
|
||||
|
||||
Raises:
|
||||
InvalidCredentialsFileError: When the credentials file cannot be opened.
|
||||
EmptyCredentialsFileError: When the provided file contains no credentials.
|
||||
"""
|
||||
file_content = fileutils.read_file(filename,
|
||||
continue_on_error=True,
|
||||
display_errors=False)
|
||||
if file_content is None:
|
||||
raise InvalidCredentialsFileError(
|
||||
f'File {filename} could not be opened')
|
||||
info = json.loads(file_content)
|
||||
if not info:
|
||||
raise EmptyCredentialsFileError(
|
||||
f'File {filename} contains no credential data')
|
||||
|
||||
try:
|
||||
# We read the existing data from the passed in file, but we also want to
|
||||
# save future data/tokens in the same place.
|
||||
return cls.from_authorized_user_info(info, filename=filename)
|
||||
except ValueError as e:
|
||||
raise InvalidCredentialsFileError(str(e))
|
||||
|
||||
@classmethod
|
||||
def from_client_secrets(cls,
|
||||
client_id,
|
||||
client_secret,
|
||||
scopes,
|
||||
access_type='offline',
|
||||
login_hint=None,
|
||||
filename=None,
|
||||
open_browser=True,
|
||||
use_console_flow=False):
|
||||
"""Runs an OAuth Flow from client secrets to generate credentials.
|
||||
|
||||
Args:
|
||||
client_id: String, The OAuth2.0 Client ID.
|
||||
client_secret: String, The OAuth2.0 Client Secret.
|
||||
scopes: Sequence[str], A list of scopes to include in the credentials.
|
||||
access_type: String, 'offline' or 'online'. Indicates whether your
|
||||
application can refresh access tokens when the user is not present at
|
||||
the browser. Valid parameter values are online, which is the default
|
||||
value, and offline. Set the value to offline if your application needs
|
||||
to refresh access tokens when the user is not present at the browser.
|
||||
This is the method of refreshing access tokens described later in this
|
||||
document. This value instructs the Google authorization server to return
|
||||
a refresh token and an access token the first time that your application
|
||||
exchanges an authorization code for tokens.
|
||||
login_hint: String, The email address that will be displayed on the Google
|
||||
login page as a hint for the user to login to the correct account.
|
||||
filename: String, the path to a file to use to save the credentials.
|
||||
use_console_flow: OBSOLETE: Boolean, True if the authentication flow
|
||||
should be run strictly from a console; False to launch a browser
|
||||
for authentication.
|
||||
open_browser: Boolean: whether or not GAM should try to open the browser
|
||||
automatically.
|
||||
|
||||
Returns:
|
||||
Credentials
|
||||
"""
|
||||
client_config = {
|
||||
'installed': {
|
||||
'client_id': client_id,
|
||||
'client_secret': client_secret,
|
||||
'redirect_uris': [
|
||||
'http://localhost', 'urn:ietf:wg:oauth:2.0:oob'
|
||||
],
|
||||
'auth_uri': 'https://accounts.google.com/o/oauth2/v2/auth',
|
||||
'token_uri': 'https://oauth2.googleapis.com/token',
|
||||
}
|
||||
}
|
||||
|
||||
flow = _ShortURLFlow.from_client_config(client_config,
|
||||
scopes,
|
||||
autogenerate_code_verifier=True)
|
||||
flow_kwargs = {'access_type': access_type,
|
||||
'open_browser': open_browser}
|
||||
if login_hint:
|
||||
flow_kwargs['login_hint'] = login_hint
|
||||
flow.run_dual(**flow_kwargs)
|
||||
return cls.from_google_oauth2_credentials(flow.credentials,
|
||||
filename=filename)
|
||||
|
||||
@classmethod
|
||||
def from_client_secrets_file(cls,
|
||||
client_secrets_file,
|
||||
scopes,
|
||||
access_type='offline',
|
||||
login_hint=None,
|
||||
credentials_file=None,
|
||||
open_browser=True,
|
||||
use_console_flow=False):
|
||||
"""Runs an OAuth Flow from secrets stored on disk to generate credentials.
|
||||
|
||||
Args:
|
||||
client_secrets_file: String, path to a file containing a client ID and
|
||||
secret.
|
||||
scopes: Sequence[str], A list of scopes to include in the credentials.
|
||||
access_type: String, 'offline' or 'online'. Indicates whether your
|
||||
application can refresh access tokens when the user is not present at
|
||||
the browser. Valid parameter values are online, which is the default
|
||||
value, and offline. Set the value to offline if your application needs
|
||||
to refresh access tokens when the user is not present at the browser.
|
||||
This is the method of refreshing access tokens described later in this
|
||||
document. This value instructs the Google authorization server to return
|
||||
a refresh token and an access token the first time that your application
|
||||
exchanges an authorization code for tokens.
|
||||
login_hint: String, The email address that will be displayed on the Google
|
||||
login page as a hint for the user to login to the correct account.
|
||||
credentials_file: String, the path to a file to use to save the
|
||||
credentials.
|
||||
use_console_flow: OBSOLETE: Boolean, True if the authentication flow
|
||||
should be run strictly from a console; False to launch a browser for
|
||||
authentication.
|
||||
open_browser: Boolean, whether or not GAM should try to open the browser
|
||||
directly.
|
||||
|
||||
Raises:
|
||||
InvalidClientSecretsFileError: If the client secrets file cannot be
|
||||
opened.
|
||||
InvalidClientSecretsFileFormatError: If the client secrets file does not
|
||||
contain the required data or the data is malformed.
|
||||
|
||||
Returns:
|
||||
Credentials
|
||||
"""
|
||||
cs_data = fileutils.read_file(client_secrets_file,
|
||||
continue_on_error=True,
|
||||
display_errors=False)
|
||||
if not cs_data:
|
||||
raise InvalidClientSecretsFileError(
|
||||
f'File {client_secrets_file} could not be opened')
|
||||
try:
|
||||
cs_json = json.loads(cs_data)
|
||||
client_id = cs_json['installed']['client_id']
|
||||
# Chop off .apps.googleusercontent.com suffix as it's not needed
|
||||
# and we need to keep things short for the Auth URL.
|
||||
client_id = re.sub(r'\.apps\.googleusercontent\.com$', '',
|
||||
client_id)
|
||||
client_secret = cs_json['installed']['client_secret']
|
||||
except (ValueError, IndexError, KeyError):
|
||||
raise InvalidClientSecretsFileFormatError(
|
||||
f'Could not extract Client ID or Client Secret from file {client_secrets_file}'
|
||||
)
|
||||
return cls.from_client_secrets(client_id,
|
||||
client_secret,
|
||||
scopes,
|
||||
access_type=access_type,
|
||||
login_hint=login_hint,
|
||||
filename=credentials_file,
|
||||
open_browser=open_browser)
|
||||
|
||||
def _fetch_id_token_data(self):
|
||||
"""Fetches verification details from Google for the OAuth2.0 token.
|
||||
|
||||
See more: https://developers.google.com/identity/sign-in/web/backend-auth
|
||||
|
||||
Raises:
|
||||
CredentialsError: If no id_token is present.
|
||||
"""
|
||||
if not self.id_token:
|
||||
raise CredentialsError(
|
||||
'Failed to fetch token data. No id_token present.')
|
||||
|
||||
request = transport.create_request()
|
||||
if self.expired:
|
||||
# The id_token needs to be unexpired, in order to request data about it.
|
||||
self.refresh(request)
|
||||
|
||||
self._id_token_data = google.oauth2.id_token.verify_oauth2_token(
|
||||
self.id_token, request, clock_skew_in_seconds=10)
|
||||
|
||||
def get_token_value(self, field):
|
||||
"""Retrieves data from the OAuth ID token.
|
||||
|
||||
See more: https://developers.google.com/identity/sign-in/web/backend-auth
|
||||
|
||||
Args:
|
||||
field: The name of the key/field to fetch
|
||||
|
||||
Returns:
|
||||
The value associated with the given key or 'Unknown' if the key data can
|
||||
not be found in the access token data.
|
||||
"""
|
||||
if not self._id_token_data:
|
||||
self._fetch_id_token_data()
|
||||
# Maintain legacy GAM behavior here to return "Unknown" if the field is
|
||||
# otherwise unpopulated.
|
||||
return self._id_token_data.get(field, 'Unknown')
|
||||
|
||||
def to_json(self, strip=None):
|
||||
"""Creates a JSON representation of a Credentials.
|
||||
|
||||
Args:
|
||||
strip: Sequence[str], Optional list of members to exclude from the
|
||||
generated JSON.
|
||||
|
||||
Returns:
|
||||
str: A JSON representation of this instance, suitable to pass to
|
||||
from_json().
|
||||
"""
|
||||
expiry = self.expiry.strftime(
|
||||
Credentials.DATETIME_FORMAT) if self.expiry else None
|
||||
prep = {
|
||||
'token': self.token,
|
||||
'refresh_token': self.refresh_token,
|
||||
'token_uri': self.token_uri,
|
||||
'client_id': self.client_id,
|
||||
'client_secret': self.client_secret,
|
||||
'id_token': self.id_token,
|
||||
# Google auth doesn't currently give us scopes back on refresh.
|
||||
# 'scopes': sorted(self.scopes),
|
||||
'token_expiry': expiry,
|
||||
'decoded_id_token': self._id_token_data,
|
||||
}
|
||||
|
||||
# Remove empty entries
|
||||
prep = {k: v for k, v in prep.items() if v is not None}
|
||||
|
||||
# Remove entries that explicitly need to be removed
|
||||
if strip is not None:
|
||||
prep = {k: v for k, v in prep.items() if k not in strip}
|
||||
|
||||
return json.dumps(prep, indent=2, sort_keys=True)
|
||||
|
||||
def refresh(self, request=None):
|
||||
"""Refreshes the credential's access token.
|
||||
|
||||
Args:
|
||||
request: google.auth.transport.Request, The object used to make HTTP
|
||||
requests. If not provided, a default request will be used.
|
||||
|
||||
Raises:
|
||||
google.auth.exceptions.RefreshError: If the credentials could not be
|
||||
refreshed.
|
||||
"""
|
||||
with self._lock:
|
||||
if request is None:
|
||||
request = transport.create_request()
|
||||
self._locked_refresh(request)
|
||||
# Save the new tokens back to disk, if these credentials are disk-backed.
|
||||
if self._filename:
|
||||
self._locked_write()
|
||||
|
||||
def _locked_refresh(self, request):
|
||||
"""Refreshes the credential's access token while the file lock is held."""
|
||||
assert self._lock.is_locked
|
||||
try:
|
||||
super().refresh(request)
|
||||
except google.auth.exceptions.RefreshError as e:
|
||||
controlflow.system_error_exit(9, str(e))
|
||||
|
||||
|
||||
def write(self):
|
||||
"""Writes credentials to disk."""
|
||||
with self._lock:
|
||||
self._locked_write()
|
||||
|
||||
def _locked_write(self):
|
||||
"""Writes credentials to disk while the file lock is held."""
|
||||
assert self._lock.is_locked
|
||||
if not self.filename:
|
||||
# If no filename was provided to the constructor, these credentials cannot
|
||||
# be saved to disk.
|
||||
raise CredentialsError(
|
||||
'The credentials have no associated filename and cannot be saved '
|
||||
'to disk.')
|
||||
fileutils.write_file(self._filename, self.to_json())
|
||||
|
||||
def delete(self):
|
||||
"""Deletes all files on disk related to these credentials."""
|
||||
with self._lock:
|
||||
# Only attempt to remove the file if the lock we're using is a FileLock.
|
||||
if isinstance(self._lock, FileLock):
|
||||
os.remove(self._filename)
|
||||
if self._lock.lock_file and not GM_Globals[GM_WINDOWS]:
|
||||
os.remove(self._lock.lock_file)
|
||||
|
||||
_REVOKE_TOKEN_BASE_URI = 'https://accounts.google.com/o/oauth2/revoke'
|
||||
|
||||
def revoke(self, http=None):
|
||||
"""Revokes this credential's access token with the server.
|
||||
|
||||
Args:
|
||||
http: httplib2.Http compatible object for use as a transport. If no http
|
||||
is provided, a default will be used.
|
||||
"""
|
||||
with self._lock:
|
||||
if http is None:
|
||||
http = transport.create_http()
|
||||
params = urlencode({'token': self.refresh_token})
|
||||
revoke_uri = f'{Credentials._REVOKE_TOKEN_BASE_URI}?{params}'
|
||||
http.request(revoke_uri, 'GET')
|
||||
|
||||
|
||||
def _localhost_to_ip():
|
||||
'''returns IPv4 or IPv6 loopback address which localhost resolves to.
|
||||
If localhost does not resolve to valid loopback IP address then returns
|
||||
127.0.0.1'''
|
||||
# TODO gethostbyname() will only ever return ipv4
|
||||
# find a way to support IPv6 here and get preferred IP
|
||||
# note that IPv6 may be broken on some systems also :-(
|
||||
# for now IPv4 should do.
|
||||
local_ip = gethostbyname('localhost')
|
||||
local_ipaddress = ipaddress.ip_address(local_ip)
|
||||
ip4_local_range = ipaddress.ip_network('127.0.0.0/8')
|
||||
ip6_local_range = ipaddress.ip_network('::1/128')
|
||||
if local_ipaddress not in ip4_local_range and \
|
||||
local_ipaddress not in ip6_local_range:
|
||||
local_ip = '127.0.0.1'
|
||||
return local_ip
|
||||
|
||||
def _wait_for_http_client(d):
|
||||
wsgi_app = google_auth_oauthlib.flow._RedirectWSGIApp(MESSAGE_LOCAL_SERVER_SUCCESS)
|
||||
wsgiref.simple_server.WSGIServer.allow_reuse_address = False
|
||||
# Convert hostn to IP since apparently binding to the IP
|
||||
# reduces odds of firewall blocking us
|
||||
local_ip = _localhost_to_ip()
|
||||
for port in range(8080, 8099):
|
||||
try:
|
||||
local_server = wsgiref.simple_server.make_server(
|
||||
local_ip,
|
||||
port,
|
||||
wsgi_app,
|
||||
handler_class=wsgiref.simple_server.WSGIRequestHandler
|
||||
)
|
||||
break
|
||||
except OSError:
|
||||
pass
|
||||
redirect_uri_format = (
|
||||
"http://{}:{}/" if d['trailing_slash'] else "http://{}:{}"
|
||||
)
|
||||
# provide redirect_uri to main process so it can formulate auth_url
|
||||
d['redirect_uri'] = redirect_uri_format.format(*local_server.server_address)
|
||||
# wait until main process provides auth_url
|
||||
# so we can open it in web browser.
|
||||
while 'auth_url' not in d:
|
||||
sleep(0.1)
|
||||
if d['open_browser']:
|
||||
webbrowser.open(d['auth_url'], new=1, autoraise=True)
|
||||
local_server.handle_request()
|
||||
authorization_response = wsgi_app.last_request_uri.replace("http", "https")
|
||||
d['code'] = authorization_response
|
||||
local_server.server_close()
|
||||
|
||||
|
||||
def _wait_for_user_input(d):
|
||||
sys.stdin = open(0)
|
||||
code = input(MESSAGE_CONSOLE_AUTHORIZATION_CODE)
|
||||
d['code'] = code
|
||||
|
||||
|
||||
class _ShortURLFlow(google_auth_oauthlib.flow.InstalledAppFlow):
|
||||
"""InstalledAppFlow which utilizes a URL shortener for authorization URLs."""
|
||||
|
||||
|
||||
def authorization_url(self, http=None, **kwargs):
|
||||
"""Gets a shortened authorization URL."""
|
||||
long_url, state = super().authorization_url(**kwargs)
|
||||
short_url = utils.shorten_url(long_url)
|
||||
return short_url, state
|
||||
|
||||
|
||||
def run_dual(self,
|
||||
authorization_prompt_message='',
|
||||
console_prompt_message='',
|
||||
web_success_message='',
|
||||
open_browser=True,
|
||||
redirect_uri_trailing_slash=True,
|
||||
**kwargs):
|
||||
mgr = multiprocessing.Manager()
|
||||
d = mgr.dict()
|
||||
d['trailing_slash'] = redirect_uri_trailing_slash
|
||||
d['open_browser'] = open_browser
|
||||
http_client = multiprocessing.Process(target=_wait_for_http_client,
|
||||
args=(d,))
|
||||
user_input = multiprocessing.Process(target=_wait_for_user_input,
|
||||
args=(d,))
|
||||
http_client.start()
|
||||
# we need to wait until web server starts on avail port
|
||||
# so we know redirect_uri to use
|
||||
while 'redirect_uri' not in d:
|
||||
sleep(0.1)
|
||||
self.redirect_uri = d['redirect_uri']
|
||||
d['auth_url'], _ = self.authorization_url(**kwargs)
|
||||
print(MESSAGE_CONSOLE_AUTHORIZATION_PROMPT.format(url=d['auth_url']))
|
||||
user_input.start()
|
||||
userInput = False
|
||||
while True:
|
||||
sleep(0.1)
|
||||
if not http_client.is_alive():
|
||||
user_input.terminate()
|
||||
break
|
||||
elif not user_input.is_alive():
|
||||
userInput = True
|
||||
http_client.terminate()
|
||||
break
|
||||
while True:
|
||||
code = d['code']
|
||||
if code.startswith('http'):
|
||||
parsed_url = urlparse(code)
|
||||
parsed_params = parse_qs(parsed_url.query)
|
||||
code = parsed_params.get('code', [None])[0]
|
||||
try:
|
||||
fetch_args = {'code': code}
|
||||
if GC_Values.get(GC_CA_FILE):
|
||||
fetch_args['verify'] = GC_Values.get(GC_CA_FILE)
|
||||
self.fetch_token(**fetch_args)
|
||||
break
|
||||
except Exception as e:
|
||||
if not userInput:
|
||||
controlflow.system_error_exit(8, str(e))
|
||||
display.print_error(str(e))
|
||||
_wait_for_user_input(d)
|
||||
sys.stdout.write(MESSAGE_AUTHENTICATION_COMPLETE)
|
||||
return self.credentials
|
||||
|
||||
class _FileLikeThreadLock:
|
||||
"""A threading.lock which has the same interface as filelock.Filelock."""
|
||||
|
||||
def __init__(self):
|
||||
"""A shell object that holds a threading.Lock.
|
||||
|
||||
Since we cannot inherit from built-in classes such as threading.Lock, we
|
||||
just use a shell object and maintain a lock inside of it.
|
||||
"""
|
||||
self._lock = threading.Lock()
|
||||
|
||||
def __enter__(self, *args, **kwargs):
|
||||
return self._lock.__enter__(*args, **kwargs)
|
||||
|
||||
def __exit__(self, *args, **kwargs):
|
||||
return self._lock.__exit__(*args, **kwargs)
|
||||
|
||||
def acquire(self, **kwargs):
|
||||
return self._lock.acquire(**kwargs)
|
||||
|
||||
def release(self):
|
||||
return self._lock.release()
|
||||
|
||||
@property
|
||||
def is_locked(self):
|
||||
return self._lock.locked()
|
||||
|
||||
@property
|
||||
def lock_file(self):
|
||||
return None
|
||||
@@ -1,700 +0,0 @@
|
||||
"""Tests for oauth."""
|
||||
|
||||
import datetime
|
||||
import json
|
||||
import os
|
||||
import platform
|
||||
import unittest
|
||||
from unittest.mock import MagicMock
|
||||
from unittest.mock import patch
|
||||
|
||||
import google.oauth2.credentials
|
||||
|
||||
from gam.auth import oauth
|
||||
|
||||
|
||||
class CredentialsTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.fake_token = 'fake_token'
|
||||
self.fake_refresh_token = 'fake_refresh_token'
|
||||
self.fake_id_token = 'fake_id_token'
|
||||
self.fake_token_uri = 'https://fake.token.uri'
|
||||
self.fake_client_id = 'fake_client_id'
|
||||
self.fake_client_secret = 'fake_client_secret'
|
||||
self.fake_scopes = [
|
||||
'fake_api.readonly',
|
||||
'fake_other_api.write',
|
||||
]
|
||||
self.fake_quota_project_id = 'fake_quota_project_id'
|
||||
self.fake_token_expiry = datetime.datetime(2020, 1, 1, 10)
|
||||
self.fake_filename = 'fake_filename'
|
||||
self.fake_token_data = {
|
||||
'field': 'value',
|
||||
'another-field': 'another-value',
|
||||
}
|
||||
self.info_with_only_required_fields = {
|
||||
'refresh_token': self.fake_refresh_token,
|
||||
'client_id': self.fake_client_id,
|
||||
'client_secret': self.fake_client_secret,
|
||||
}
|
||||
super().setUp()
|
||||
|
||||
def tearDown(self):
|
||||
# Remove any credential files that may have been created.
|
||||
if os.path.exists(self.fake_filename):
|
||||
os.remove(self.fake_filename)
|
||||
if os.path.exists(f'{self.fake_filename}.lock'):
|
||||
os.remove(f'{self.fake_filename}.lock')
|
||||
super().tearDown()
|
||||
|
||||
def test_from_authorized_user_info_only_required_info(self):
|
||||
creds = oauth.Credentials.from_authorized_user_info(
|
||||
self.info_with_only_required_fields)
|
||||
self.assertEqual(self.fake_refresh_token, creds.refresh_token)
|
||||
self.assertEqual(self.fake_client_id, creds.client_id)
|
||||
self.assertEqual(self.fake_client_secret, creds.client_secret)
|
||||
self.assertIsNone(creds.id_token)
|
||||
self.assertIsNone(creds.expiry)
|
||||
self.assertIsNone(creds.filename)
|
||||
|
||||
def test_from_authorized_user_info_all_info_provided(self):
|
||||
info = {
|
||||
'token':
|
||||
self.fake_token,
|
||||
'refresh_token':
|
||||
self.fake_refresh_token,
|
||||
'id_token':
|
||||
self.fake_id_token,
|
||||
'token_uri':
|
||||
self.fake_token_uri,
|
||||
'client_id':
|
||||
self.fake_client_id,
|
||||
'client_secret':
|
||||
self.fake_client_secret,
|
||||
'token_expiry':
|
||||
self.fake_token_expiry.strftime(
|
||||
oauth.Credentials.DATETIME_FORMAT),
|
||||
'id_token_data':
|
||||
self.fake_token_data,
|
||||
}
|
||||
creds = oauth.Credentials.from_authorized_user_info(info)
|
||||
self.assertEqual(self.fake_refresh_token, creds.refresh_token)
|
||||
self.assertEqual(self.fake_client_id, creds.client_id)
|
||||
self.assertEqual(self.fake_client_secret, creds.client_secret)
|
||||
self.assertEqual(self.fake_id_token, creds.id_token)
|
||||
self.assertEqual(self.fake_token_uri, creds.token_uri)
|
||||
self.assertEqual(self.fake_token_expiry, creds.expiry)
|
||||
self.assertIsNone(creds.filename)
|
||||
|
||||
def test_from_authorized_user_info_missing_required_info(self):
|
||||
info_with_missing_fields = {'token': self.fake_token}
|
||||
with self.assertRaises(ValueError):
|
||||
oauth.Credentials.from_authorized_user_info(
|
||||
info_with_missing_fields)
|
||||
|
||||
def test_from_authorized_user_info_no_expiry_in_info(self):
|
||||
info_with_no_token_expiry = self.info_with_only_required_fields.copy()
|
||||
self.assertIsNone(info_with_no_token_expiry.get('expiry'))
|
||||
creds = oauth.Credentials.from_authorized_user_info(
|
||||
info_with_no_token_expiry)
|
||||
self.assertIsNone(creds.expiry)
|
||||
|
||||
def test_init_saves_filename(self):
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
filename=self.fake_filename)
|
||||
self.assertEqual(os.path.abspath(self.fake_filename), creds.filename)
|
||||
|
||||
@patch.object(oauth.google.oauth2.id_token, 'verify_oauth2_token')
|
||||
def test_init_loads_decoded_id_token_data(self, mock_verify_token):
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token=self.fake_id_token,
|
||||
id_token_data=self.fake_token_data)
|
||||
self.assertEqual(self.fake_token_data.get('field'),
|
||||
creds.get_token_value('field'))
|
||||
# Verify the fetching method was not called, since the token
|
||||
# data was supposed to be loaded from the passed in info.
|
||||
self.assertEqual(mock_verify_token.call_count, 0)
|
||||
|
||||
def test_credentials_uses_file_lock_when_filename_provided(self):
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
filename=self.fake_filename)
|
||||
self.assertIsInstance(creds._lock, oauth.FileLock)
|
||||
self.assertEqual(creds._lock.lock_file, f'{creds.filename}.lock')
|
||||
|
||||
def test_credentials_uses_thread_lock_when_filename_not_provided(self):
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
filename=None)
|
||||
self.assertIsInstance(creds._lock, oauth._FileLikeThreadLock)
|
||||
self.assertIsNone(creds.filename)
|
||||
|
||||
def test_from_oauth2credentials(self):
|
||||
google_creds = google.oauth2.credentials.Credentials(
|
||||
token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token=self.fake_id_token)
|
||||
creds = oauth.Credentials.from_google_oauth2_credentials(
|
||||
google_creds, filename=self.fake_filename)
|
||||
self.assertEqual(google_creds.token, creds.token)
|
||||
self.assertEqual(google_creds.refresh_token, creds.refresh_token)
|
||||
self.assertEqual(google_creds.client_id, creds.client_id)
|
||||
self.assertEqual(google_creds.client_secret, creds.client_secret)
|
||||
self.assertEqual(google_creds.id_token, creds.id_token)
|
||||
self.assertEqual(google_creds.expiry, creds.expiry)
|
||||
self.assertEqual(google_creds.quota_project_id, creds.quota_project_id)
|
||||
self.assertEqual(os.path.abspath(self.fake_filename), creds.filename)
|
||||
|
||||
def test_from_credentials_file_corrupt_or_missing_file_raises_error(self):
|
||||
self.assertFalse(os.path.exists(self.fake_filename))
|
||||
with self.assertRaises(oauth.InvalidCredentialsFileError) as e:
|
||||
oauth.Credentials.from_credentials_file(self.fake_filename)
|
||||
self.assertIn('could not be opened', str(e.exception))
|
||||
|
||||
@patch.object(oauth.fileutils, 'read_file')
|
||||
def test_from_credentials_file_no_serialized_data_in_file_raises_error(
|
||||
self, mock_read_file):
|
||||
mock_read_file.return_value = json.dumps({})
|
||||
with self.assertRaises(oauth.EmptyCredentialsFileError):
|
||||
oauth.Credentials.from_credentials_file(self.fake_filename)
|
||||
|
||||
@patch.object(oauth.fileutils, 'read_file')
|
||||
def test_from_credentials_file_missing_any_token_raises_error(
|
||||
self, mock_read_file):
|
||||
mock_read_file.return_value = json.dumps({
|
||||
# This data is missing a token key/value pair
|
||||
'client_id': self.fake_client_id,
|
||||
'client_secret': self.fake_client_secret,
|
||||
})
|
||||
with self.assertRaises(oauth.InvalidCredentialsFileError):
|
||||
oauth.Credentials.from_credentials_file(self.fake_filename)
|
||||
|
||||
@patch.object(oauth.fileutils, 'read_file')
|
||||
def test_from_credentials_file_missing_required_raises_error(
|
||||
self, mock_read_file):
|
||||
mock_read_file.return_value = json.dumps({
|
||||
# This data is missing a client_secret key/value pair
|
||||
'client_id': self.fake_client_id,
|
||||
'refresh_token': self.fake_refresh_token,
|
||||
})
|
||||
with self.assertRaises(oauth.InvalidCredentialsFileError):
|
||||
oauth.Credentials.from_credentials_file(self.fake_filename)
|
||||
|
||||
@unittest.skip('disabled for oob fixes')
|
||||
@patch.object(oauth._ShortURLFlow, 'from_client_config')
|
||||
def test_from_client_secrets_console_flow(self, mock_flow):
|
||||
flow_creds = google.oauth2.credentials.Credentials(
|
||||
token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token=self.fake_id_token)
|
||||
mock_flow.return_value.credentials = flow_creds
|
||||
|
||||
creds = oauth.Credentials.from_client_secrets(self.fake_client_id,
|
||||
self.fake_client_secret,
|
||||
self.fake_scopes,
|
||||
use_console_flow=True)
|
||||
self.assertTrue(mock_flow.return_value.run_console.called)
|
||||
self.assertFalse(mock_flow.return_value.run_local_server.called)
|
||||
self.assertEqual(flow_creds.token, creds.token)
|
||||
self.assertEqual(flow_creds.refresh_token, creds.refresh_token)
|
||||
self.assertEqual(flow_creds.client_id, creds.client_id)
|
||||
self.assertEqual(flow_creds.client_secret, creds.client_secret)
|
||||
self.assertEqual(flow_creds.id_token, creds.id_token)
|
||||
|
||||
@unittest.skip('disabled for oob fixes')
|
||||
@patch.object(oauth._ShortURLFlow, 'from_client_config')
|
||||
def test_from_client_secrets_local_server_flow(self, mock_flow):
|
||||
flow_creds = google.oauth2.credentials.Credentials(
|
||||
token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token=self.fake_id_token)
|
||||
mock_flow.return_value.credentials = flow_creds
|
||||
|
||||
creds = oauth.Credentials.from_client_secrets(self.fake_client_id,
|
||||
self.fake_client_secret,
|
||||
self.fake_scopes,
|
||||
use_console_flow=False)
|
||||
self.assertFalse(mock_flow.return_value.run_console.called)
|
||||
self.assertTrue(mock_flow.return_value.run_local_server.called)
|
||||
self.assertEqual(flow_creds.token, creds.token)
|
||||
self.assertEqual(flow_creds.refresh_token, creds.refresh_token)
|
||||
self.assertEqual(flow_creds.client_id, creds.client_id)
|
||||
self.assertEqual(flow_creds.client_secret, creds.client_secret)
|
||||
self.assertEqual(flow_creds.id_token, creds.id_token)
|
||||
|
||||
@unittest.skip('disabled for oob fixes')
|
||||
@patch.object(oauth._ShortURLFlow, 'from_client_config')
|
||||
def test_from_client_secrets_uses_login_hint(self, mock_flow):
|
||||
flow_creds = google.oauth2.credentials.Credentials(
|
||||
token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token=self.fake_id_token)
|
||||
mock_flow.return_value.credentials = flow_creds
|
||||
|
||||
oauth.Credentials.from_client_secrets(self.fake_client_id,
|
||||
self.fake_client_secret,
|
||||
self.fake_scopes,
|
||||
login_hint='someone@domain.com')
|
||||
|
||||
run_flow_args = mock_flow.return_value.run_local_server.call_args[1]
|
||||
self.assertEqual('someone@domain.com', run_flow_args.get('login_hint'))
|
||||
|
||||
def test_from_client_secrets_uses_shortened_url_flow(self):
|
||||
with patch.object(oauth._ShortURLFlow,
|
||||
'from_client_config') as mock_flow:
|
||||
flow_creds = google.oauth2.credentials.Credentials(
|
||||
token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token=self.fake_id_token)
|
||||
mock_flow.return_value.credentials = flow_creds
|
||||
oauth.Credentials.from_client_secrets(self.fake_client_id,
|
||||
self.fake_client_secret,
|
||||
self.fake_scopes)
|
||||
self.assertTrue(mock_flow.called)
|
||||
|
||||
@patch.object(oauth._ShortURLFlow, 'from_client_config')
|
||||
def test_from_client_secrets_passes_credentials_filename(self, mock_flow):
|
||||
flow_creds = google.oauth2.credentials.Credentials(
|
||||
token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token=self.fake_id_token)
|
||||
mock_flow.return_value.credentials = flow_creds
|
||||
|
||||
creds = oauth.Credentials.from_client_secrets(
|
||||
self.fake_client_id,
|
||||
self.fake_client_secret,
|
||||
self.fake_scopes,
|
||||
filename=self.fake_filename)
|
||||
self.assertEqual(os.path.abspath(self.fake_filename), creds.filename)
|
||||
|
||||
def test_from_client_secrets_file_corrupt_or_missing_file_raises_error(
|
||||
self):
|
||||
self.assertFalse(os.path.exists(self.fake_filename))
|
||||
with self.assertRaises(oauth.InvalidClientSecretsFileError):
|
||||
oauth.Credentials.from_client_secrets_file(self.fake_filename,
|
||||
self.fake_scopes)
|
||||
|
||||
@patch.object(oauth.fileutils, 'read_file')
|
||||
def test_from_client_secrets_file_missing_required_json_raises_error(
|
||||
self, mock_read_file):
|
||||
mock_read_file.return_value = json.dumps({})
|
||||
with self.assertRaises(oauth.InvalidClientSecretsFileFormatError) as e:
|
||||
oauth.Credentials.from_client_secrets_file(self.fake_filename,
|
||||
self.fake_scopes)
|
||||
self.assertIn('Could not extract Client ID or Client Secret',
|
||||
str(e.exception))
|
||||
|
||||
@patch.object(oauth.Credentials, 'from_client_secrets')
|
||||
@patch.object(oauth.fileutils, 'read_file')
|
||||
def test_from_client_secrets_file_strips_domain_from_client_id(
|
||||
self, mock_read_file, mock_creds_from_client_secrets):
|
||||
mock_read_file.return_value = json.dumps({
|
||||
'installed': {
|
||||
'client_id':
|
||||
self.fake_client_id + '.apps.googleusercontent.com',
|
||||
'client_secret':
|
||||
self.fake_client_secret,
|
||||
}
|
||||
})
|
||||
|
||||
oauth.Credentials.from_client_secrets_file(self.fake_filename,
|
||||
self.fake_scopes)
|
||||
self.assertEqual(self.fake_client_id,
|
||||
mock_creds_from_client_secrets.call_args[0][0])
|
||||
|
||||
def test_get_token_value_known_token_field(self):
|
||||
token_data = {'known-field': 'known-value'}
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token_data=token_data)
|
||||
self.assertEqual('known-value', creds.get_token_value('known-field'))
|
||||
|
||||
def test_get_token_value_unknown_field_returns_unknown(self):
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
id_token_data=self.fake_token_data)
|
||||
self.assertEqual('Unknown', creds.get_token_value('unknown-field'))
|
||||
|
||||
@patch.object(oauth.google.oauth2.id_token, 'verify_oauth2_token')
|
||||
def test_get_token_value_credentials_expired(self,
|
||||
mock_verify_oauth2_token):
|
||||
mock_verify_oauth2_token.return_value = {
|
||||
'fetched-field': 'fetched-value'
|
||||
}
|
||||
time_earlier_than_now = datetime.datetime.now() - datetime.timedelta(
|
||||
minutes=5)
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
expiry=time_earlier_than_now,
|
||||
id_token=self.fake_id_token,
|
||||
id_token_data=None)
|
||||
self.assertTrue(creds.expired)
|
||||
creds.refresh = MagicMock()
|
||||
|
||||
token_value = creds.get_token_value('fetched-field')
|
||||
|
||||
self.assertEqual('fetched-value', token_value)
|
||||
self.assertTrue(creds.refresh.called)
|
||||
|
||||
def test_to_json_contains_all_required_fields(self):
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
id_token=self.fake_id_token,
|
||||
id_token_data=self.fake_token_data,
|
||||
token_uri=self.fake_token_uri,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
scopes=self.fake_scopes,
|
||||
quota_project_id=self.fake_quota_project_id,
|
||||
expiry=self.fake_token_expiry)
|
||||
json_string = creds.to_json()
|
||||
json_data = json.loads(json_string)
|
||||
keys = json_data.keys()
|
||||
self.assertIn('token', keys)
|
||||
self.assertEqual(self.fake_token, json_data['token'])
|
||||
self.assertIn('refresh_token', keys)
|
||||
self.assertEqual(self.fake_refresh_token, json_data['refresh_token'])
|
||||
self.assertIn('id_token', keys)
|
||||
self.assertEqual(self.fake_id_token, json_data['id_token'])
|
||||
self.assertIn('token_uri', keys)
|
||||
self.assertEqual(self.fake_token_uri, json_data['token_uri'])
|
||||
self.assertIn('client_id', keys)
|
||||
self.assertEqual(self.fake_client_id, json_data['client_id'])
|
||||
self.assertIn('client_secret', keys)
|
||||
self.assertEqual(self.fake_client_secret, json_data['client_secret'])
|
||||
self.assertNotIn('scopes', keys) # Scopes are not currently saved
|
||||
self.assertIn('token_expiry', keys)
|
||||
self.assertEqual(
|
||||
self.fake_token_expiry.strftime(oauth.Credentials.DATETIME_FORMAT),
|
||||
json_data['token_expiry'])
|
||||
self.assertIn('decoded_id_token', keys)
|
||||
self.assertEqual(self.fake_token_data, json_data['decoded_id_token'])
|
||||
|
||||
def test_credentials_to_json_and_back(self):
|
||||
original_creds = oauth.Credentials(
|
||||
token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
id_token=self.fake_id_token,
|
||||
id_token_data=self.fake_token_data,
|
||||
token_uri=self.fake_token_uri,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
scopes=self.fake_scopes,
|
||||
quota_project_id=self.fake_quota_project_id,
|
||||
expiry=self.fake_token_expiry)
|
||||
pickled_creds = original_creds.to_json()
|
||||
serialized_json = json.loads(pickled_creds)
|
||||
unpickled_creds = oauth.Credentials.from_authorized_user_info(
|
||||
serialized_json)
|
||||
self.assertEqual(original_creds.token, unpickled_creds.token)
|
||||
self.assertEqual(original_creds.refresh_token,
|
||||
unpickled_creds.refresh_token)
|
||||
self.assertEqual(original_creds.id_token, unpickled_creds.id_token)
|
||||
self.assertEqual(original_creds.token_uri, unpickled_creds.token_uri)
|
||||
self.assertEqual(original_creds.client_id, unpickled_creds.client_id)
|
||||
self.assertEqual(original_creds.client_secret,
|
||||
unpickled_creds.client_secret)
|
||||
self.assertEqual(original_creds.expiry, unpickled_creds.expiry)
|
||||
|
||||
@patch.object(oauth.google.oauth2.credentials.Credentials, 'refresh')
|
||||
def test_refresh_calls_super_refresh(self, mock_super_refresh):
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret)
|
||||
request = MagicMock()
|
||||
|
||||
creds.refresh(request)
|
||||
self.assertTrue(mock_super_refresh.called)
|
||||
self.assertEqual(request, mock_super_refresh.call_args[0][0])
|
||||
|
||||
def test_refresh_locks_resource_during_refresh(self):
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret)
|
||||
lock = creds._lock
|
||||
|
||||
def check_lock_is_locked(*unused_args, **unused_kwargs):
|
||||
self.assertTrue(lock.is_locked)
|
||||
|
||||
# We need to mock the superclass refresh so it doesn't actually try to
|
||||
# refresh our fake token.
|
||||
# At the same time, we'll make sure the lock is held during the refresh.
|
||||
with patch.object(oauth.google.oauth2.credentials.Credentials,
|
||||
'refresh') as mock_refresh:
|
||||
mock_refresh.side_effect = check_lock_is_locked
|
||||
creds.refresh(request=MagicMock())
|
||||
|
||||
# Make sure our side effect was actually performed.
|
||||
self.assertTrue(mock_refresh.called)
|
||||
# The lock should be released after refresh
|
||||
self.assertFalse(lock.is_locked)
|
||||
|
||||
@patch.object(oauth.google.oauth2.credentials.Credentials, 'refresh')
|
||||
@patch.object(oauth.fileutils, 'write_file')
|
||||
def test_refresh_writes_new_credentials_to_disk_after_refresh(
|
||||
self, mock_write_file, mock_super_refresh):
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
filename=self.fake_filename)
|
||||
|
||||
def update_access_token(unused_request):
|
||||
creds.token = 'refreshed_access_token'
|
||||
|
||||
mock_super_refresh.side_effect = update_access_token
|
||||
|
||||
self.assertIsNone(creds.token)
|
||||
creds.refresh(request=MagicMock())
|
||||
self.assertEqual('refreshed_access_token', creds.token,
|
||||
'Access token was not refreshed')
|
||||
text_written_to_file = mock_write_file.call_args[0][1]
|
||||
self.assertIsNotNone(text_written_to_file,
|
||||
'Nothing was written to file')
|
||||
saved_json = json.loads(text_written_to_file)
|
||||
self.assertEqual('refreshed_access_token', saved_json['token'],
|
||||
'Refreshed access token was not saved to disk')
|
||||
|
||||
def test_write_writes_credentials_to_disk(self):
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
filename=self.fake_filename)
|
||||
|
||||
self.assertFalse(os.path.exists(self.fake_filename))
|
||||
creds.write()
|
||||
self.assertTrue(os.path.exists(self.fake_filename))
|
||||
|
||||
def test_write_raises_error_when_no_credentials_file_is_set(self):
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret)
|
||||
|
||||
self.assertIsNone(creds.filename)
|
||||
with self.assertRaises(oauth.CredentialsError):
|
||||
creds.write()
|
||||
|
||||
@patch.object(oauth.google.oauth2.credentials.Credentials, 'refresh')
|
||||
@patch.object(oauth.fileutils, 'write_file')
|
||||
def test_write_locks_resource_during_write(self, mock_write_file,
|
||||
unused_mock_super_refresh):
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
filename=self.fake_filename)
|
||||
lock = creds._lock
|
||||
|
||||
def check_lock_is_locked(*unused_args, **unused_kwargs):
|
||||
self.assertTrue(creds._lock.is_locked)
|
||||
|
||||
mock_write_file.side_effect = check_lock_is_locked
|
||||
|
||||
self.assertFalse(lock.is_locked)
|
||||
creds.refresh(request=MagicMock())
|
||||
self.assertFalse(lock.is_locked)
|
||||
self.assertTrue(mock_write_file.called)
|
||||
|
||||
def test_delete_removes_credentials_file(self):
|
||||
self.assertFalse(os.path.exists(self.fake_filename))
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
filename=self.fake_filename)
|
||||
creds.write()
|
||||
self.assertTrue(os.path.exists(self.fake_filename))
|
||||
creds.delete()
|
||||
self.assertFalse(os.path.exists(self.fake_filename))
|
||||
|
||||
@unittest.skipIf(
|
||||
platform.system() == 'Windows',
|
||||
reason=('On Windows, Filelock deletes the lock file each time the lock '
|
||||
'is released. Delete does not remove it.'))
|
||||
def test_delete_removes_lock_file(self):
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret,
|
||||
filename=self.fake_filename)
|
||||
lock_file = f'{creds.filename}.lock'
|
||||
creds.write()
|
||||
self.assertTrue(os.path.exists(lock_file))
|
||||
creds.delete()
|
||||
self.assertFalse(os.path.exists(lock_file))
|
||||
|
||||
def test_delete_is_noop_when_not_using_filelock(self):
|
||||
creds = oauth.Credentials(token=None,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret)
|
||||
self.assertIsNone(creds.filename)
|
||||
creds.delete() # This should not raise an exception.
|
||||
|
||||
def test_revoke_requests_credential_revoke(self):
|
||||
creds = oauth.Credentials(token=self.fake_token,
|
||||
refresh_token=self.fake_refresh_token,
|
||||
client_id=self.fake_client_id,
|
||||
client_secret=self.fake_client_secret)
|
||||
mock_http = MagicMock()
|
||||
|
||||
creds.revoke(http=mock_http)
|
||||
|
||||
uri = mock_http.request.call_args[0][0]
|
||||
self.assertRegex(uri, f'^{oauth.Credentials._REVOKE_TOKEN_BASE_URI}')
|
||||
params = uri[uri.index('?'):]
|
||||
self.assertIn(f'token={creds.refresh_token}', params)
|
||||
self.assertEqual('GET', mock_http.request.call_args[0][1])
|
||||
|
||||
|
||||
class ShortUrlFlowTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.fake_client_id = 'fake_client_id'
|
||||
self.fake_client_secret = 'fake_client_secret'
|
||||
self.fake_scopes = [
|
||||
'fake_api.readonly',
|
||||
'fake_other_api.write',
|
||||
]
|
||||
self.fake_client_config = {
|
||||
'installed': {
|
||||
'client_id': self.fake_client_id,
|
||||
'client_secret': self.fake_client_secret,
|
||||
'redirect_uris': [
|
||||
'http://localhost', 'urn:ietf:wg:oauth:2.0:oob'
|
||||
],
|
||||
'auth_uri': 'https://accounts.google.com/o/oauth2/v2/auth',
|
||||
'token_uri': 'https://oauth2.googleapis.com/token',
|
||||
}
|
||||
}
|
||||
self.long_url = 'http://example.com/some/long/url'
|
||||
self.short_url = 'http://ex.co/short'
|
||||
super().setUp()
|
||||
|
||||
@patch.object(oauth.google_auth_oauthlib.flow.InstalledAppFlow,
|
||||
'authorization_url')
|
||||
@unittest.skip('disable short url tests temporarily.')
|
||||
def test_shorturlflow_returns_shortened_url(self, mock_super_auth_url):
|
||||
url_flow = oauth._ShortURLFlow.from_client_config(
|
||||
self.fake_client_config, scopes=self.fake_scopes)
|
||||
mock_super_auth_url.return_value = (self.long_url, 'fake_state')
|
||||
|
||||
mock_http = MagicMock()
|
||||
mock_response = MagicMock()
|
||||
mock_response.status = 200
|
||||
content = json.dumps({'short_url': self.short_url})
|
||||
mock_http.request.return_value = (mock_response, content)
|
||||
|
||||
url, state = url_flow.authorization_url(http=mock_http)
|
||||
self.assertEqual(self.short_url, url)
|
||||
self.assertEqual('fake_state', state)
|
||||
|
||||
# Verify request() was called with the expected arguments.
|
||||
self.assertEqual(oauth._ShortURLFlow.URL_SHORTENER_ENDPOINT,
|
||||
mock_http.request.call_args[0][0])
|
||||
self.assertEqual('POST', mock_http.request.call_args[0][1])
|
||||
self.assertIn(self.long_url, mock_http.request.call_args[0][2])
|
||||
|
||||
@patch.object(oauth.google_auth_oauthlib.flow.InstalledAppFlow,
|
||||
'authorization_url')
|
||||
@unittest.skip('disable short url tests temporarily.')
|
||||
def test_shorturlflow_falls_back_to_long_url_on_request_error(
|
||||
self, mock_super_auth_url):
|
||||
url_flow = oauth._ShortURLFlow.from_client_config(
|
||||
self.fake_client_config, scopes=self.fake_scopes)
|
||||
mock_super_auth_url.return_value = (self.long_url, 'fake_state')
|
||||
|
||||
mock_http = MagicMock()
|
||||
mock_http.request.side_effect = Exception()
|
||||
|
||||
url, state = url_flow.authorization_url(http=mock_http)
|
||||
self.assertEqual(self.long_url, url)
|
||||
self.assertEqual('fake_state', state)
|
||||
|
||||
@patch.object(oauth.google_auth_oauthlib.flow.InstalledAppFlow,
|
||||
'authorization_url')
|
||||
@unittest.skip('disable short url tests temporarily.')
|
||||
def test_shorturlflow_falls_back_to_long_url_on_non_200_response_status(
|
||||
self, mock_super_auth_url):
|
||||
url_flow = oauth._ShortURLFlow.from_client_config(
|
||||
self.fake_client_config, scopes=self.fake_scopes)
|
||||
mock_super_auth_url.return_value = (self.long_url, 'fake_state')
|
||||
|
||||
mock_http = MagicMock()
|
||||
mock_response = MagicMock()
|
||||
mock_response.status = 404 # Use a status that is not 200
|
||||
content = json.dumps({'short_url': self.short_url})
|
||||
mock_http.request.return_value = (mock_response, content)
|
||||
|
||||
url, state = url_flow.authorization_url(http=mock_http)
|
||||
self.assertEqual(self.long_url, url)
|
||||
self.assertEqual('fake_state', state)
|
||||
|
||||
@patch.object(oauth.google_auth_oauthlib.flow.InstalledAppFlow,
|
||||
'authorization_url')
|
||||
@unittest.skip('disable short url tests temporarily.')
|
||||
def test_shorturlflow_falls_back_to_long_url_on_bad_json_response(
|
||||
self, mock_super_auth_url):
|
||||
url_flow = oauth._ShortURLFlow.from_client_config(
|
||||
self.fake_client_config, scopes=self.fake_scopes)
|
||||
mock_super_auth_url.return_value = (self.long_url, 'fake_state')
|
||||
|
||||
mock_http = MagicMock()
|
||||
mock_response = MagicMock()
|
||||
mock_response.status = 200
|
||||
content = None
|
||||
mock_http.request.return_value = (mock_response, content)
|
||||
|
||||
url, state = url_flow.authorization_url(http=mock_http)
|
||||
self.assertEqual(self.long_url, url)
|
||||
self.assertEqual('fake_state', state)
|
||||
|
||||
@patch.object(oauth.google_auth_oauthlib.flow.InstalledAppFlow,
|
||||
'authorization_url')
|
||||
@unittest.skip('disable short url tests temporarily.')
|
||||
def test_shorturlflow_falls_back_to_long_url_on_empty_short_url_field(
|
||||
self, mock_super_auth_url):
|
||||
url_flow = oauth._ShortURLFlow.from_client_config(
|
||||
self.fake_client_config, scopes=self.fake_scopes)
|
||||
mock_super_auth_url.return_value = (self.long_url, 'fake_state')
|
||||
|
||||
mock_http = MagicMock()
|
||||
mock_response = MagicMock()
|
||||
mock_response.status = 200
|
||||
content = json.dumps(
|
||||
{}) # This json content contains no "short-url" key
|
||||
mock_http.request.return_value = (mock_response, content)
|
||||
|
||||
url, state = url_flow.authorization_url(http=mock_http)
|
||||
self.assertEqual(self.long_url, url)
|
||||
self.assertEqual('fake_state', state)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
@@ -1,178 +0,0 @@
|
||||
from base64 import b64encode
|
||||
import datetime
|
||||
from secrets import SystemRandom
|
||||
import string
|
||||
import sys
|
||||
from threading import Timer
|
||||
|
||||
from cryptography.hazmat.primitives import hashes, serialization
|
||||
from cryptography.hazmat.primitives.asymmetric import padding
|
||||
from smartcard.Exceptions import CardConnectionException
|
||||
from ykman.device import list_all_devices
|
||||
from ykman.piv import generate_self_signed_certificate, \
|
||||
generate_chuid
|
||||
from yubikit.piv import DEFAULT_MANAGEMENT_KEY, \
|
||||
InvalidPinError, \
|
||||
KEY_TYPE, \
|
||||
MANAGEMENT_KEY_TYPE, \
|
||||
PIN_POLICY, \
|
||||
PivSession, \
|
||||
OBJECT_ID, \
|
||||
SLOT, \
|
||||
TOUCH_POLICY
|
||||
from yubikit.core.smartcard import ApduError, \
|
||||
SmartCardConnection
|
||||
from gam import controlflow
|
||||
|
||||
|
||||
class YubiKey():
|
||||
|
||||
|
||||
def __init__(self, service_account_info=None):
|
||||
self.key_type = None
|
||||
self.slot = None
|
||||
self.serial_number = None
|
||||
self.pin = None
|
||||
self.key_id = None
|
||||
if service_account_info:
|
||||
key_type = service_account_info.get('yubikey_key_type', 'RSA2048')
|
||||
try:
|
||||
self.key_type = getattr(KEY_TYPE, key_type.upper())
|
||||
except AttributeError:
|
||||
controlflow.system_error_exit(6, f'{key_type} is not a valid value for yubikey_key_type')
|
||||
slot = service_account_info.get('yubikey_slot', 'AUTHENTICATION')
|
||||
try:
|
||||
self.slot = getattr(SLOT, slot.upper())
|
||||
except AttributeError:
|
||||
controlflow.system_error_exit(6, f'{slot} is not a valid value for yubikey_slot')
|
||||
self.serial_number = service_account_info.get('yubikey_serial_number')
|
||||
self.pin = service_account_info.get('yubikey_pin')
|
||||
self.key_id = service_account_info.get('private_key_id')
|
||||
|
||||
|
||||
def _connect(self):
|
||||
try:
|
||||
devices = list_all_devices()
|
||||
for (device, info) in devices:
|
||||
if info.serial == self.serial_number:
|
||||
return device.open_connection(SmartCardConnection)
|
||||
except CardConnectionException as err:
|
||||
controlflow.system_error_exit(9, f'YubiKey - {err}')
|
||||
|
||||
|
||||
def get_certificate(self):
|
||||
try:
|
||||
conn = self._connect()
|
||||
with conn:
|
||||
session = PivSession(conn)
|
||||
if self.pin:
|
||||
try:
|
||||
session.verify_pin(self.pin)
|
||||
except InvalidPinError as err:
|
||||
controlflow.system_error_exit(7, f'YubiKey - {err}')
|
||||
try:
|
||||
cert = session.get_certificate(self.slot)
|
||||
except ApduError as err:
|
||||
controlflow.system_error_exit(9, f'YubiKey - {err}')
|
||||
cert_pem = cert.public_bytes(
|
||||
serialization.Encoding.PEM).decode()
|
||||
publicKeyData = b64encode(cert_pem.encode())
|
||||
if isinstance(publicKeyData, bytes):
|
||||
publicKeyData = publicKeyData.decode()
|
||||
return publicKeyData
|
||||
except ValueError as err:
|
||||
controlflow.system_error_exit(9, f'YubiKey - {err}')
|
||||
|
||||
|
||||
def get_serial_number(self):
|
||||
try:
|
||||
devices = list_all_devices()
|
||||
if self.serial_number:
|
||||
for (device, info) in devices:
|
||||
if info.serial == self.serial_number:
|
||||
return info.serial
|
||||
msg = f'Could not find YubiKey with serial {self.serial_number}'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if len(devices) > 1:
|
||||
serials = ', '.join([str(info.serial) for (_, info) in devices])
|
||||
msg = f'Multiple YubiKeys connected. Specify yubikey_serial_number and one of {serials}'
|
||||
controlflow.system_error_exit(4, msg)
|
||||
return devices[0][1].serial
|
||||
except ValueError as err:
|
||||
controlflow.system_error_exit(9, f'YubiKey - {err}')
|
||||
|
||||
|
||||
def reset_piv(self):
|
||||
'''Resets YubiKey PIV app and generates new key for GAM to use.'''
|
||||
reply = str(input('This will wipe all PIV keys and configuration from your YubiKey. Are you sure? (y/N) ').lower().strip())
|
||||
if reply != 'y':
|
||||
sys.exit(1)
|
||||
try:
|
||||
conn = self._connect()
|
||||
with conn:
|
||||
piv = PivSession(conn)
|
||||
piv.reset()
|
||||
rnd = SystemRandom()
|
||||
pin_puk_chars = string.ascii_letters + \
|
||||
string.digits + \
|
||||
string.punctuation
|
||||
new_puk = ''.join(rnd.choice(pin_puk_chars) for _ in range(8))
|
||||
new_pin = ''.join(rnd.choice(pin_puk_chars) for _ in range(8))
|
||||
piv.change_puk('12345678', new_puk)
|
||||
piv.change_pin('123456', new_pin)
|
||||
print(f'PIN set to: {new_pin}')
|
||||
piv.authenticate(MANAGEMENT_KEY_TYPE.TDES,
|
||||
DEFAULT_MANAGEMENT_KEY)
|
||||
|
||||
piv.verify_pin(new_pin)
|
||||
print('YubiKey is generating a non-exportable private key...')
|
||||
pubkey = piv.generate_key(SLOT.AUTHENTICATION,
|
||||
KEY_TYPE.RSA2048,
|
||||
PIN_POLICY.ALWAYS,
|
||||
TOUCH_POLICY.NEVER)
|
||||
now = datetime.datetime.utcnow()
|
||||
valid_to = now + datetime.timedelta(days=36500)
|
||||
subject = 'CN=GAM Created Key'
|
||||
piv.authenticate(MANAGEMENT_KEY_TYPE.TDES,
|
||||
DEFAULT_MANAGEMENT_KEY)
|
||||
piv.verify_pin(new_pin)
|
||||
cert = generate_self_signed_certificate(piv,
|
||||
SLOT.AUTHENTICATION,
|
||||
pubkey,
|
||||
subject,
|
||||
now,
|
||||
valid_to)
|
||||
piv.put_certificate(SLOT.AUTHENTICATION,
|
||||
cert)
|
||||
piv.put_object(OBJECT_ID.CHUID,
|
||||
generate_chuid())
|
||||
except ValueError as err:
|
||||
controlflow.system_error_exit(8, f'YubiKey - {err}')
|
||||
|
||||
|
||||
def sign(self, message):
|
||||
if 'mplock' in globals():
|
||||
mplock.acquire()
|
||||
try:
|
||||
conn = self._connect()
|
||||
with conn:
|
||||
session = PivSession(conn)
|
||||
if self.pin:
|
||||
try:
|
||||
session.verify_pin(self.pin)
|
||||
except InvalidPinError as err:
|
||||
controlflow.system_error_exit(7, f'YubiKey - {err}')
|
||||
try:
|
||||
signed = session.sign(slot=self.slot,
|
||||
key_type=self.key_type,
|
||||
message=message,
|
||||
hash_algorithm=hashes.SHA256(),
|
||||
padding=padding.PKCS1v15())
|
||||
except ApduError as err:
|
||||
controlflow.system_error_exit(8, f'YubiKey - {err}')
|
||||
except ValueError as err:
|
||||
controlflow.system_error_exit(9, f'YubiKey - {err}')
|
||||
if 'mplock' in globals():
|
||||
mplock.release()
|
||||
return signed
|
||||
|
||||
@@ -1,99 +0,0 @@
|
||||
"""Methods related to the central control flow of an application."""
|
||||
import random
|
||||
import sys
|
||||
import time
|
||||
|
||||
from gam import display
|
||||
from gam.var import MESSAGE_HEADER_NOT_FOUND_IN_CSV_HEADERS
|
||||
from gam.var import MESSAGE_INVALID_JSON
|
||||
|
||||
|
||||
def system_error_exit(return_code, message):
|
||||
"""Raises a system exit with the given return code and message.
|
||||
|
||||
Args:
|
||||
return_code: Int, the return code to yield when the system exits.
|
||||
message: An error message to print before the system exits.
|
||||
"""
|
||||
if message:
|
||||
display.print_error(message)
|
||||
sys.exit(return_code)
|
||||
|
||||
|
||||
def invalid_argument_exit(argument, command):
|
||||
"""Indicate that the argument is not valid for the command.
|
||||
|
||||
Args:
|
||||
argument: the invalid argument
|
||||
command: the base GAM command
|
||||
"""
|
||||
system_error_exit(2, f'{argument} is not a valid argument for "{command}"')
|
||||
|
||||
|
||||
def missing_argument_exit(argument, command):
|
||||
"""Indicate that the argument is missing for the command.
|
||||
|
||||
Args:
|
||||
argument: the missing argument
|
||||
command: the base GAM command
|
||||
"""
|
||||
system_error_exit(2, f'missing argument {argument} for "{command}"')
|
||||
|
||||
|
||||
def expected_argument_exit(name, expected, argument):
|
||||
"""Indicate that the argument does not have an expected value for the command.
|
||||
|
||||
Args:
|
||||
name: the field name
|
||||
expected: the expected values
|
||||
argument: the invalid argument
|
||||
"""
|
||||
system_error_exit(2, f'{name} must be one of {expected}; got {argument}')
|
||||
|
||||
|
||||
def csv_field_error_exit(field_name, field_names):
|
||||
"""Raises a system exit when a CSV field is malformed.
|
||||
|
||||
Args:
|
||||
field_name: The CSV field name for which a header does not exist in the
|
||||
existing CSV headers.
|
||||
field_names: The known list of CSV headers.
|
||||
"""
|
||||
system_error_exit(
|
||||
2,
|
||||
MESSAGE_HEADER_NOT_FOUND_IN_CSV_HEADERS.format(field_name,
|
||||
','.join(field_names)))
|
||||
|
||||
|
||||
def invalid_json_exit(file_name, err=None):
|
||||
"""Raises a system exit when invalid JSON content is encountered."""
|
||||
err_msg = MESSAGE_INVALID_JSON.format(file_name)
|
||||
if err:
|
||||
err_msg += f'\n\n{err}'
|
||||
system_error_exit(17, err_msg)
|
||||
|
||||
|
||||
def wait_on_failure(current_attempt_num,
|
||||
total_num_retries,
|
||||
error_message,
|
||||
error_print_threshold=3):
|
||||
"""Executes an exponential backoff-style system sleep.
|
||||
|
||||
Args:
|
||||
current_attempt_num: Int, the current number of retries.
|
||||
total_num_retries: Int, the total number of times the current action will be
|
||||
retried.
|
||||
error_message: String, a message to be displayed that will give more context
|
||||
around why the action is being retried.
|
||||
error_print_threshold: Int, the number of attempts which will have their
|
||||
error messages suppressed. Any current_attempt_num greater than
|
||||
error_print_threshold will print the prescribed error.
|
||||
"""
|
||||
wait_on_fail = min(2**current_attempt_num,
|
||||
60) + float(random.randint(1, 1000)) / 1000
|
||||
if current_attempt_num > error_print_threshold:
|
||||
sys.stderr.write(f'Temporary error: {error_message}, Backing off: '
|
||||
f'{int(wait_on_fail)} seconds, Retry: '
|
||||
f'{current_attempt_num}/{total_num_retries}\n')
|
||||
sys.stderr.flush()
|
||||
time.sleep(wait_on_fail)
|
||||
@@ -1,108 +0,0 @@
|
||||
"""Tests for controlflow."""
|
||||
|
||||
import unittest
|
||||
from unittest.mock import patch
|
||||
|
||||
from gam import controlflow
|
||||
|
||||
|
||||
class ControlFlowTest(unittest.TestCase):
|
||||
|
||||
def test_system_error_exit_raises_systemexit_error(self):
|
||||
with self.assertRaises(SystemExit):
|
||||
controlflow.system_error_exit(1, 'exit message')
|
||||
|
||||
def test_system_error_exit_raises_systemexit_with_return_code(self):
|
||||
with self.assertRaises(SystemExit) as context_manager:
|
||||
controlflow.system_error_exit(100, 'exit message')
|
||||
self.assertEqual(context_manager.exception.code, 100)
|
||||
|
||||
@patch.object(controlflow.display, 'print_error')
|
||||
def test_system_error_exit_prints_error_before_exiting(
|
||||
self, mock_print_err):
|
||||
with self.assertRaises(SystemExit):
|
||||
controlflow.system_error_exit(100, 'exit message')
|
||||
self.assertIn('exit message', mock_print_err.call_args[0][0])
|
||||
|
||||
def test_csv_field_error_exit_raises_systemexit_error(self):
|
||||
with self.assertRaises(SystemExit):
|
||||
controlflow.csv_field_error_exit('aField',
|
||||
['unusedField1', 'unusedField2'])
|
||||
|
||||
def test_csv_field_error_exit_exits_code_2(self):
|
||||
with self.assertRaises(SystemExit) as context_manager:
|
||||
controlflow.csv_field_error_exit('aField',
|
||||
['unusedField1', 'unusedField2'])
|
||||
self.assertEqual(context_manager.exception.code, 2)
|
||||
|
||||
@patch.object(controlflow.display, 'print_error')
|
||||
def test_csv_field_error_exit_prints_error_details(self, mock_print_err):
|
||||
with self.assertRaises(SystemExit):
|
||||
controlflow.csv_field_error_exit('aField',
|
||||
['unusedField1', 'unusedField2'])
|
||||
printed_message = mock_print_err.call_args[0][0]
|
||||
self.assertIn('aField', printed_message)
|
||||
self.assertIn('unusedField1', printed_message)
|
||||
self.assertIn('unusedField2', printed_message)
|
||||
|
||||
def test_invalid_json_exit_raises_systemexit_error(self):
|
||||
with self.assertRaises(SystemExit):
|
||||
controlflow.invalid_json_exit('filename')
|
||||
|
||||
def test_invalid_json_exit_exit_exits_code_17(self):
|
||||
with self.assertRaises(SystemExit) as context_manager:
|
||||
controlflow.invalid_json_exit('filename')
|
||||
self.assertEqual(context_manager.exception.code, 17)
|
||||
|
||||
@patch.object(controlflow.display, 'print_error')
|
||||
def test_invalid_json_exit_prints_error_details(self, mock_print_err):
|
||||
with self.assertRaises(SystemExit):
|
||||
controlflow.invalid_json_exit('filename')
|
||||
printed_message = mock_print_err.call_args[0][0]
|
||||
self.assertIn('filename', printed_message)
|
||||
|
||||
@patch.object(controlflow.time, 'sleep')
|
||||
def test_wait_on_failure_waits_exponentially(self, mock_sleep):
|
||||
controlflow.wait_on_failure(1, 5, 'Backoff attempt #1')
|
||||
controlflow.wait_on_failure(2, 5, 'Backoff attempt #2')
|
||||
controlflow.wait_on_failure(3, 5, 'Backoff attempt #3')
|
||||
|
||||
sleep_calls = mock_sleep.call_args_list
|
||||
self.assertGreaterEqual(sleep_calls[0][0][0], 2**1)
|
||||
self.assertGreaterEqual(sleep_calls[1][0][0], 2**2)
|
||||
self.assertGreaterEqual(sleep_calls[2][0][0], 2**3)
|
||||
|
||||
@patch.object(controlflow.time, 'sleep')
|
||||
def test_wait_on_failure_does_not_exceed_60_secs_wait(self, mock_sleep):
|
||||
total_attempts = 20
|
||||
for attempt in range(1, total_attempts + 1):
|
||||
controlflow.wait_on_failure(
|
||||
attempt,
|
||||
total_attempts,
|
||||
f'Attempt #{attempt}',
|
||||
# Suppress messages while we make a lot of attempts.
|
||||
error_print_threshold=total_attempts + 1)
|
||||
# Wait time may be between 60 and 61 secs, due to rand addition.
|
||||
self.assertLessEqual(mock_sleep.call_args[0][0], 61)
|
||||
|
||||
# Prevent the system from actually sleeping and thus slowing down the test.
|
||||
@patch.object(controlflow.time, 'sleep')
|
||||
def test_wait_on_failure_prints_errors(self, unused_mock_sleep):
|
||||
message = 'An error message to display'
|
||||
with patch.object(controlflow.sys.stderr, 'write') as mock_stderr_write:
|
||||
controlflow.wait_on_failure(1, 5, message, error_print_threshold=0)
|
||||
self.assertIn(message, mock_stderr_write.call_args[0][0])
|
||||
|
||||
@patch.object(controlflow.time, 'sleep')
|
||||
def test_wait_on_failure_only_prints_after_threshold(
|
||||
self, unused_mock_sleep):
|
||||
total_attempts = 5
|
||||
threshold = 3
|
||||
with patch.object(controlflow.sys.stderr, 'write') as mock_stderr_write:
|
||||
for attempt in range(1, total_attempts + 1):
|
||||
controlflow.wait_on_failure(attempt,
|
||||
total_attempts,
|
||||
f'Attempt #{attempt}',
|
||||
error_print_threshold=threshold)
|
||||
self.assertEqual(total_attempts - threshold,
|
||||
mock_stderr_write.call_count)
|
||||
@@ -1,342 +0,0 @@
|
||||
"""Methods related to display of information to the user."""
|
||||
|
||||
import csv
|
||||
import datetime
|
||||
import io
|
||||
import sys
|
||||
import webbrowser
|
||||
|
||||
import dateutil
|
||||
import googleapiclient.http
|
||||
|
||||
#TODO: get rid of these hacks
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import gapi
|
||||
|
||||
|
||||
def current_count(i, count):
|
||||
return f' ({i}/{count})' if (count > GC_Values[GC_SHOW_COUNTS_MIN]) else ''
|
||||
|
||||
|
||||
def current_count_nl(i, count):
|
||||
return f' ({i}/{count})\n' if (
|
||||
count > GC_Values[GC_SHOW_COUNTS_MIN]) else '\n'
|
||||
|
||||
|
||||
def add_field_to_fields_list(fieldName, fieldsChoiceMap, fieldsList):
|
||||
fields = fieldsChoiceMap[fieldName.lower()]
|
||||
if isinstance(fields, list):
|
||||
fieldsList.extend(fields)
|
||||
else:
|
||||
fieldsList.append(fields)
|
||||
|
||||
|
||||
# Write a CSV file
|
||||
def add_titles_to_csv_file(addTitles, titles):
|
||||
for title in addTitles:
|
||||
if title not in titles:
|
||||
titles.append(title)
|
||||
|
||||
|
||||
def add_row_titles_to_csv_file(row, csvRows, titles):
|
||||
csvRows.append(row)
|
||||
for title in row:
|
||||
if title not in titles:
|
||||
titles.append(title)
|
||||
|
||||
|
||||
# fieldName is command line argument
|
||||
# fieldNameMap maps fieldName to API field names; CSV file header will be API field name
|
||||
#ARGUMENT_TO_PROPERTY_MAP = {
|
||||
# u'admincreated': [u'adminCreated'],
|
||||
# u'aliases': [u'aliases', u'nonEditableAliases'],
|
||||
# }
|
||||
# fieldsList is the list of API fields
|
||||
# fieldsTitles maps the API field name to the CSV file header
|
||||
def add_field_to_csv_file(fieldName, fieldNameMap, fieldsList, fieldsTitles,
|
||||
titles):
|
||||
for ftList in fieldNameMap[fieldName]:
|
||||
if ftList not in fieldsTitles:
|
||||
fieldsList.append(ftList)
|
||||
fieldsTitles[ftList] = ftList
|
||||
add_titles_to_csv_file([ftList], titles)
|
||||
|
||||
|
||||
# fieldName is command line argument
|
||||
# fieldNameTitleMap maps fieldName to API field name and CSV file header
|
||||
#ARGUMENT_TO_PROPERTY_TITLE_MAP = {
|
||||
# u'admincreated': [u'adminCreated', u'Admin_Created'],
|
||||
# u'aliases': [u'aliases', u'Aliases', u'nonEditableAliases', u'NonEditableAliases'],
|
||||
# }
|
||||
# fieldsList is the list of API fields
|
||||
# fieldsTitles maps the API field name to the CSV file header
|
||||
def add_field_title_to_csv_file(fieldName, fieldNameTitleMap, fieldsList,
|
||||
fieldsTitles, titles):
|
||||
ftList = fieldNameTitleMap[fieldName]
|
||||
for i in range(0, len(ftList), 2):
|
||||
if ftList[i] not in fieldsTitles:
|
||||
fieldsList.append(ftList[i])
|
||||
fieldsTitles[ftList[i]] = ftList[i + 1]
|
||||
add_titles_to_csv_file([ftList[i + 1]], titles)
|
||||
|
||||
|
||||
def sort_csv_titles(firstTitle, titles):
|
||||
restoreTitles = []
|
||||
for title in firstTitle:
|
||||
if title in titles:
|
||||
titles.remove(title)
|
||||
restoreTitles.append(title)
|
||||
titles.sort()
|
||||
for title in restoreTitles[::-1]:
|
||||
titles.insert(0, title)
|
||||
|
||||
|
||||
def QuotedArgumentList(items):
|
||||
return ' '.join([
|
||||
item if item and (item.find(' ') == -1) and
|
||||
(item.find(',') == -1) else '"' + item + '"' for item in items
|
||||
])
|
||||
|
||||
|
||||
def write_csv_file(csvRows, titles, list_type, todrive):
|
||||
|
||||
def rowDateTimeFilterMatch(dateMode, rowDate, op, filterDate):
|
||||
if not rowDate or not isinstance(rowDate, str):
|
||||
return False
|
||||
try:
|
||||
rowTime = dateutil.parser.parse(rowDate, ignoretz=True)
|
||||
if dateMode:
|
||||
rowDate = datetime.datetime(rowTime.year, rowTime.month,
|
||||
rowTime.day).isoformat() + 'Z'
|
||||
except ValueError:
|
||||
rowDate = NEVER_TIME
|
||||
if op == '<':
|
||||
return rowDate < filterDate
|
||||
if op == '<=':
|
||||
return rowDate <= filterDate
|
||||
if op == '>':
|
||||
return rowDate > filterDate
|
||||
if op == '>=':
|
||||
return rowDate >= filterDate
|
||||
if op == '!=':
|
||||
return rowDate != filterDate
|
||||
return rowDate == filterDate
|
||||
|
||||
def rowCountFilterMatch(rowCount, op, filterCount):
|
||||
if isinstance(rowCount, str):
|
||||
if not rowCount.isdigit():
|
||||
return False
|
||||
rowCount = int(rowCount)
|
||||
elif not isinstance(rowCount, int):
|
||||
return False
|
||||
if op == '<':
|
||||
return rowCount < filterCount
|
||||
if op == '<=':
|
||||
return rowCount <= filterCount
|
||||
if op == '>':
|
||||
return rowCount > filterCount
|
||||
if op == '>=':
|
||||
return rowCount >= filterCount
|
||||
if op == '!=':
|
||||
return rowCount != filterCount
|
||||
return rowCount == filterCount
|
||||
|
||||
def rowBooleanFilterMatch(rowBoolean, filterBoolean):
|
||||
if not isinstance(rowBoolean, bool):
|
||||
return False
|
||||
return rowBoolean == filterBoolean
|
||||
|
||||
def headerFilterMatch(filters, title):
|
||||
for filterStr in filters:
|
||||
if filterStr.match(title):
|
||||
return True
|
||||
return False
|
||||
|
||||
def filterMatch(filterVal, columns, row):
|
||||
for column in columns:
|
||||
if filterVal[1] == 'regex':
|
||||
if filterVal[2].search(str(row.get(column, ''))):
|
||||
return True
|
||||
elif filterVal[1] == 'notregex':
|
||||
if not filterVal[2].search(str(row.get(column, ''))):
|
||||
return True
|
||||
elif filterVal[1] in ['date', 'time']:
|
||||
if rowDateTimeFilterMatch(
|
||||
filterVal[1] == 'date', row.get(column, ''),
|
||||
filterVal[2], filterVal[3]):
|
||||
return True
|
||||
elif filterVal[1] == 'count':
|
||||
if rowCountFilterMatch(
|
||||
row.get(column, 0), filterVal[2], filterVal[3]):
|
||||
return True
|
||||
else: #boolean
|
||||
if rowBooleanFilterMatch(
|
||||
row.get(column, False), filterVal[2]):
|
||||
return True
|
||||
return False
|
||||
|
||||
def rowFilterMatch(filters, columns, row):
|
||||
for c, filterVal in iter(filters.items()):
|
||||
if not filterMatch(filterVal, columns[c], row):
|
||||
return False
|
||||
return True
|
||||
|
||||
def rowDropFilterMatch(filters, columns, row):
|
||||
for c, filterVal in iter(filters.items()):
|
||||
if filterMatch(filterVal, columns[c], row):
|
||||
return True
|
||||
return False
|
||||
|
||||
if GC_Values[GC_CSV_ROW_FILTER] or GC_Values[GC_CSV_ROW_DROP_FILTER]:
|
||||
if GC_Values[GC_CSV_ROW_FILTER]:
|
||||
keepColumns = {}
|
||||
for column, filterVal in iter(GC_Values[GC_CSV_ROW_FILTER].items()):
|
||||
columns = [t for t in titles if filterVal[0].match(t)]
|
||||
if columns:
|
||||
keepColumns[column] = columns
|
||||
else:
|
||||
keepColumns[column] = [None]
|
||||
sys.stderr.write(
|
||||
f'WARNING: Row filter column pattern "{column}" does not match any output columns\n'
|
||||
)
|
||||
else:
|
||||
keepColumns = None
|
||||
if GC_Values[GC_CSV_ROW_DROP_FILTER]:
|
||||
dropColumns = {}
|
||||
for column, filterVal in iter(GC_Values[GC_CSV_ROW_DROP_FILTER].items()):
|
||||
columns = [t for t in titles if filterVal[0].match(t)]
|
||||
if columns:
|
||||
dropColumns[column] = columns
|
||||
else:
|
||||
dropColumns[column] = [None]
|
||||
sys.stderr.write(
|
||||
f'WARNING: Row drop filter column pattern "{column}" does not match any output columns\n'
|
||||
)
|
||||
else:
|
||||
dropColumns = None
|
||||
rows = []
|
||||
for row in csvRows:
|
||||
if (((keepColumns is None) or
|
||||
rowFilterMatch(GC_Values[GC_CSV_ROW_FILTER], keepColumns, row)) and
|
||||
((dropColumns is None) or
|
||||
not rowDropFilterMatch(GC_Values[GC_CSV_ROW_DROP_FILTER], dropColumns, row))):
|
||||
rows.append(row)
|
||||
csvRows = rows
|
||||
|
||||
if GC_Values[GC_CSV_HEADER_FILTER] or GC_Values[GC_CSV_HEADER_DROP_FILTER]:
|
||||
if GC_Values[GC_CSV_HEADER_DROP_FILTER]:
|
||||
titles = [
|
||||
t for t in titles if
|
||||
not headerFilterMatch(GC_Values[GC_CSV_HEADER_DROP_FILTER], t)
|
||||
]
|
||||
if GC_Values[GC_CSV_HEADER_FILTER]:
|
||||
titles = [
|
||||
t for t in titles
|
||||
if headerFilterMatch(GC_Values[GC_CSV_HEADER_FILTER], t)
|
||||
]
|
||||
if not titles:
|
||||
controlflow.system_error_exit(
|
||||
3,
|
||||
'No columns selected with GAM_CSV_HEADER_FILTER and GAM_CSV_HEADER_DROP_FILTER\n'
|
||||
)
|
||||
return
|
||||
nixstdout_dialect = {'lineterminator': '\n',
|
||||
'quoting': csv.QUOTE_MINIMAL}
|
||||
# fix issue with Python 3.10.0 and no escape char
|
||||
# 3.10.1+ may fix this within Python so hopefully
|
||||
# this is short-lived.
|
||||
if sys.version_info.minor >= 10:
|
||||
nixstdout_dialect['escapechar'] = '\\'
|
||||
csv.register_dialect('nixstdout', **nixstdout_dialect)
|
||||
if todrive:
|
||||
write_to = io.StringIO()
|
||||
else:
|
||||
write_to = sys.stdout
|
||||
writer = csv.DictWriter(write_to,
|
||||
fieldnames=titles,
|
||||
dialect='nixstdout',
|
||||
extrasaction='ignore')
|
||||
try:
|
||||
writer.writerow({item: item for item in writer.fieldnames})
|
||||
writer.writerows(csvRows)
|
||||
except OSError as e:
|
||||
controlflow.system_error_exit(6, e)
|
||||
if todrive:
|
||||
admin_email = gam._get_admin_email()
|
||||
_, drive = gam.buildDrive3GAPIObject(admin_email)
|
||||
if not drive:
|
||||
print(f'''\nGAM is not authorized to create Drive files. Please run:
|
||||
gam user {admin_email} check serviceaccount
|
||||
and follow recommend steps to authorize GAM for Drive access.''')
|
||||
sys.exit(5)
|
||||
result = gapi.call(drive.about(), 'get', fields='maxImportSizes')
|
||||
columns = len(titles)
|
||||
rows = len(csvRows)
|
||||
cell_count = rows * columns
|
||||
data_size = len(write_to.getvalue())
|
||||
max_sheet_bytes = int(result['maxImportSizes'][MIMETYPE_GA_SPREADSHEET])
|
||||
if cell_count > MAX_GOOGLE_SHEET_CELLS or data_size > max_sheet_bytes:
|
||||
print(
|
||||
f'{WARNING_PREFIX}{MESSAGE_RESULTS_TOO_LARGE_FOR_GOOGLE_SPREADSHEET}'
|
||||
)
|
||||
mimeType = 'text/csv'
|
||||
else:
|
||||
mimeType = MIMETYPE_GA_SPREADSHEET
|
||||
body = {
|
||||
'description': QuotedArgumentList(sys.argv),
|
||||
'name': f'{GC_Values[GC_DOMAIN]} - {list_type}',
|
||||
'mimeType': mimeType
|
||||
}
|
||||
result = gapi.call(drive.files(),
|
||||
'create',
|
||||
fields='webViewLink',
|
||||
body=body,
|
||||
media_body=googleapiclient.http.MediaInMemoryUpload(
|
||||
write_to.getvalue().encode(),
|
||||
mimetype='text/csv'))
|
||||
file_url = result['webViewLink']
|
||||
if GC_Values[GC_NO_BROWSER]:
|
||||
msg_txt = f'Drive file uploaded to:\n {file_url}'
|
||||
msg_subj = f'{GC_Values[GC_DOMAIN]} - {list_type}'
|
||||
if not GC_Values[GC_NO_TDEMAIL]:
|
||||
gam.send_email(msg_subj, msg_txt)
|
||||
print(msg_txt)
|
||||
else:
|
||||
webbrowser.open(file_url)
|
||||
|
||||
|
||||
def print_error(message):
|
||||
"""Prints a one-line error message to stderr in a standard format."""
|
||||
sys.stderr.write(f'\n{ERROR_PREFIX}{message}\n')
|
||||
|
||||
|
||||
def print_warning(message):
|
||||
"""Prints a one-line warning message to stderr in a standard format."""
|
||||
sys.stderr.write(f'\n{WARNING_PREFIX}{message}\n')
|
||||
|
||||
|
||||
def print_json(object_value, spacing=''):
|
||||
"""Prints Dict or Array to screen in clean human-readable format.."""
|
||||
if isinstance(object_value, list):
|
||||
if len(object_value) == 1 and isinstance(object_value[0],
|
||||
(str, int, bool)):
|
||||
sys.stdout.write(f'{object_value[0]}\n')
|
||||
return
|
||||
if spacing:
|
||||
sys.stdout.write('\n')
|
||||
for i, a_value in enumerate(object_value):
|
||||
if isinstance(a_value, (str, int, bool)):
|
||||
sys.stdout.write(f' {spacing}{i+1}) {a_value}\n')
|
||||
else:
|
||||
sys.stdout.write(f' {spacing}{i+1}) ')
|
||||
print_json(a_value, f' {spacing}')
|
||||
elif isinstance(object_value, dict):
|
||||
for key in ['kind', 'etag', 'etags', '@type']:
|
||||
object_value.pop(key, None)
|
||||
for another_object, another_value in object_value.items():
|
||||
sys.stdout.write(f' {spacing}{another_object}: ')
|
||||
print_json(another_value, f' {spacing}')
|
||||
else:
|
||||
sys.stdout.write(f'{object_value}\n')
|
||||
@@ -1,59 +0,0 @@
|
||||
"""Tests for display."""
|
||||
|
||||
import unittest
|
||||
from unittest.mock import patch
|
||||
|
||||
from gam import display
|
||||
from gam.var import ERROR_PREFIX
|
||||
from gam.var import WARNING_PREFIX
|
||||
|
||||
|
||||
class DisplayTest(unittest.TestCase):
|
||||
|
||||
def test_print_error_prints_to_stderr(self):
|
||||
message = 'test error'
|
||||
with patch.object(display.sys.stderr, 'write') as mock_write:
|
||||
display.print_error(message)
|
||||
printed_message = mock_write.call_args[0][0]
|
||||
self.assertIn(message, printed_message)
|
||||
|
||||
def test_print_error_prints_error_prefix(self):
|
||||
message = 'test error'
|
||||
with patch.object(display.sys.stderr, 'write') as mock_write:
|
||||
display.print_error(message)
|
||||
printed_message = mock_write.call_args[0][0]
|
||||
self.assertLess(
|
||||
printed_message.find(ERROR_PREFIX), printed_message.find(message),
|
||||
'The error prefix does not appear before the error message')
|
||||
|
||||
def test_print_error_ends_message_with_newline(self):
|
||||
message = 'test error'
|
||||
with patch.object(display.sys.stderr, 'write') as mock_write:
|
||||
display.print_error(message)
|
||||
printed_message = mock_write.call_args[0][0]
|
||||
self.assertRegex(printed_message, '\n$',
|
||||
'The error message does not end in a newline.')
|
||||
|
||||
def test_print_warning_prints_to_stderr(self):
|
||||
message = 'test warning'
|
||||
with patch.object(display.sys.stderr, 'write') as mock_write:
|
||||
display.print_error(message)
|
||||
printed_message = mock_write.call_args[0][0]
|
||||
self.assertIn(message, printed_message)
|
||||
|
||||
def test_print_warning_prints_error_prefix(self):
|
||||
message = 'test warning'
|
||||
with patch.object(display.sys.stderr, 'write') as mock_write:
|
||||
display.print_error(message)
|
||||
printed_message = mock_write.call_args[0][0]
|
||||
self.assertLess(
|
||||
printed_message.find(WARNING_PREFIX), printed_message.find(message),
|
||||
'The warning prefix does not appear before the error message')
|
||||
|
||||
def test_print_warning_ends_message_with_newline(self):
|
||||
message = 'test warning'
|
||||
with patch.object(display.sys.stderr, 'write') as mock_write:
|
||||
display.print_error(message)
|
||||
printed_message = mock_write.call_args[0][0]
|
||||
self.assertRegex(printed_message, '\n$',
|
||||
'The warning message does not end in a newline.')
|
||||
@@ -1,183 +0,0 @@
|
||||
"""Common file operations."""
|
||||
|
||||
import io
|
||||
import os
|
||||
import sys
|
||||
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam.var import GM_Globals
|
||||
from gam.var import GM_SYS_ENCODING
|
||||
from gam.var import UTF8_SIG
|
||||
|
||||
|
||||
def _open_file(filename, mode, encoding=None, newline=None):
|
||||
"""Opens a file with no error handling."""
|
||||
# Determine which encoding to use
|
||||
if 'b' in mode:
|
||||
encoding = None
|
||||
elif not encoding:
|
||||
encoding = GM_Globals[GM_SYS_ENCODING]
|
||||
elif 'r' in mode and encoding.lower().replace('-', '') == 'utf8':
|
||||
encoding = UTF8_SIG
|
||||
|
||||
return open(os.path.expanduser(filename),
|
||||
mode,
|
||||
newline=newline,
|
||||
encoding=encoding)
|
||||
|
||||
|
||||
def open_file(filename,
|
||||
mode='r',
|
||||
encoding=None,
|
||||
newline=None,
|
||||
strip_utf_bom=False):
|
||||
"""Opens a file.
|
||||
|
||||
Args:
|
||||
filename: String, the name of the file to open, or '-' to use stdin/stdout,
|
||||
to read/write, depending on the mode param, respectively.
|
||||
mode: String, the common file mode to open the file with. Default is read.
|
||||
encoding: String, the name of the encoding used to decode or encode the
|
||||
file. This should only be used in text mode.
|
||||
newline: See param description in
|
||||
https://docs.python.org/3.7/library/functions.html#open
|
||||
strip_utf_bom: Boolean, True if the file being opened should seek past the
|
||||
UTF Byte Order Mark before being returned.
|
||||
See more: https://en.wikipedia.org/wiki/UTF-8#Byte_order_mark
|
||||
|
||||
Returns:
|
||||
The opened file.
|
||||
"""
|
||||
try:
|
||||
if filename == '-':
|
||||
# Read from stdin, rather than a file
|
||||
if 'r' in mode:
|
||||
return io.StringIO(str(sys.stdin.read()))
|
||||
return sys.stdout
|
||||
|
||||
# Open a file on disk
|
||||
f = _open_file(filename, mode, newline=newline, encoding=encoding)
|
||||
if strip_utf_bom:
|
||||
utf_bom = '\ufeff'
|
||||
has_bom = False
|
||||
|
||||
if 'b' in mode:
|
||||
has_bom = f.read(3).decode('UTF-8') == utf_bom
|
||||
elif f.encoding and not f.encoding.lower().startswith('utf'):
|
||||
# Convert UTF BOM into ISO-8859-1 via Bytes
|
||||
utf8_bom_bytes = utf_bom.encode('UTF-8')
|
||||
iso_8859_1_bom = utf8_bom_bytes.decode('iso-8859-1').encode(
|
||||
'iso-8859-1')
|
||||
has_bom = f.read(3).encode('iso-8859-1',
|
||||
'replace') == iso_8859_1_bom
|
||||
else:
|
||||
has_bom = f.read(1) == utf_bom
|
||||
|
||||
if not has_bom:
|
||||
f.seek(0)
|
||||
|
||||
return f
|
||||
|
||||
except OSError as e:
|
||||
controlflow.system_error_exit(6, e)
|
||||
|
||||
|
||||
def close_file(f, force_flush=False):
|
||||
"""Closes a file.
|
||||
|
||||
Args:
|
||||
f: The file to close
|
||||
force_flush: Flush file to disk emptying Python and OS caches. See:
|
||||
https://stackoverflow.com/a/13762137/1503886
|
||||
|
||||
Returns:
|
||||
Boolean, True if the file was successfully closed. False if an error
|
||||
was encountered while closing.
|
||||
"""
|
||||
if force_flush:
|
||||
f.flush()
|
||||
os.fsync(f.fileno())
|
||||
try:
|
||||
f.close()
|
||||
return True
|
||||
except OSError as e:
|
||||
display.print_error(e)
|
||||
return False
|
||||
|
||||
|
||||
def read_file(filename,
|
||||
mode='r',
|
||||
encoding=None,
|
||||
newline=None,
|
||||
continue_on_error=False,
|
||||
display_errors=True):
|
||||
"""Reads a file from disk.
|
||||
|
||||
Args:
|
||||
filename: String, the path of the file to open from disk, or "-" to read
|
||||
from stdin.
|
||||
mode: String, the mode in which to open the file.
|
||||
encoding: String, the name of the encoding used to decode or encode the
|
||||
file. This should only be used in text mode.
|
||||
newline: See param description in
|
||||
https://docs.python.org/3.7/library/functions.html#open
|
||||
continue_on_error: Boolean, If True, suppresses any IO errors and returns to
|
||||
the caller without any externalities.
|
||||
display_errors: Boolean, If True, prints error messages when errors are
|
||||
encountered and continue_on_error is True.
|
||||
|
||||
Returns:
|
||||
The contents of the file, or stdin if filename == "-". Returns None if
|
||||
an error is encountered and continue_on_errors is True.
|
||||
"""
|
||||
try:
|
||||
if filename == '-':
|
||||
# Read from stdin, rather than a file.
|
||||
return str(sys.stdin.read())
|
||||
|
||||
with _open_file(filename, mode, newline=newline,
|
||||
encoding=encoding) as f:
|
||||
return f.read()
|
||||
|
||||
except OSError as e:
|
||||
if continue_on_error:
|
||||
if display_errors:
|
||||
display.print_warning(e)
|
||||
return None
|
||||
controlflow.system_error_exit(6, e)
|
||||
except (LookupError, UnicodeDecodeError, UnicodeError) as e:
|
||||
controlflow.system_error_exit(2, str(e))
|
||||
|
||||
|
||||
def write_file(filename,
|
||||
data,
|
||||
mode='w',
|
||||
continue_on_error=False,
|
||||
display_errors=True):
|
||||
"""Writes data to a file.
|
||||
|
||||
Args:
|
||||
filename: String, the path of the file to write to disk.
|
||||
data: Serializable data to write to the file.
|
||||
mode: String, the mode in which to open the file and write to it.
|
||||
continue_on_error: Boolean, If True, suppresses any IO errors and returns to
|
||||
the caller without any externalities.
|
||||
display_errors: Boolean, If True, prints error messages when errors are
|
||||
encountered and continue_on_error is True.
|
||||
|
||||
Returns:
|
||||
Boolean, True if the write operation succeeded, or False if not.
|
||||
"""
|
||||
try:
|
||||
with _open_file(filename, mode) as f:
|
||||
f.write(data)
|
||||
return True
|
||||
|
||||
except OSError as e:
|
||||
if continue_on_error:
|
||||
if display_errors:
|
||||
display.print_error(e)
|
||||
return False
|
||||
else:
|
||||
controlflow.system_error_exit(6, e)
|
||||
@@ -1,244 +0,0 @@
|
||||
"""Tests for fileutils."""
|
||||
|
||||
import io
|
||||
import os
|
||||
import unittest
|
||||
from unittest.mock import MagicMock
|
||||
from unittest.mock import patch
|
||||
|
||||
from gam import fileutils
|
||||
|
||||
|
||||
class FileutilsTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.fake_path = '/some/path/to/file'
|
||||
super().setUp()
|
||||
|
||||
@patch.object(fileutils.sys, 'stdin')
|
||||
def test_open_file_stdin(self, mock_stdin):
|
||||
mock_stdin.read.return_value = 'some stdin content'
|
||||
f = fileutils.open_file('-', mode='r')
|
||||
self.assertIsInstance(f, fileutils.io.StringIO)
|
||||
self.assertEqual(f.getvalue(), mock_stdin.read.return_value)
|
||||
|
||||
def test_open_file_stdout(self):
|
||||
f = fileutils.open_file('-', mode='w')
|
||||
self.assertEqual(fileutils.sys.stdout, f)
|
||||
|
||||
@patch.object(fileutils, 'open', new_callable=unittest.mock.mock_open)
|
||||
def test_open_file_opens_correct_path(self, mock_open):
|
||||
f = fileutils.open_file(self.fake_path)
|
||||
self.assertEqual(self.fake_path, mock_open.call_args[0][0])
|
||||
self.assertEqual(mock_open.return_value, f)
|
||||
|
||||
@patch.object(fileutils, 'open', new_callable=unittest.mock.mock_open)
|
||||
def test_open_file_expands_user_file_path(self, mock_open):
|
||||
file_path = '~/some/path/containing/tilde/shortcut/to/home'
|
||||
fileutils.open_file(file_path)
|
||||
opened_path = mock_open.call_args[0][0]
|
||||
home_path = os.environ.get('HOME')
|
||||
self.assertIsNotNone(home_path)
|
||||
self.assertIn(home_path, opened_path)
|
||||
|
||||
@patch.object(fileutils, 'open', new_callable=unittest.mock.mock_open)
|
||||
def test_open_file_opens_correct_mode(self, mock_open):
|
||||
fileutils.open_file(self.fake_path)
|
||||
self.assertEqual('r', mock_open.call_args[0][1])
|
||||
|
||||
@patch.object(fileutils, 'open', new_callable=unittest.mock.mock_open)
|
||||
def test_open_file_encoding_for_binary(self, mock_open):
|
||||
fileutils.open_file(self.fake_path, mode='b')
|
||||
self.assertIsNone(mock_open.call_args[1]['encoding'])
|
||||
|
||||
@patch.object(fileutils, 'open', new_callable=unittest.mock.mock_open)
|
||||
def test_open_file_default_system_encoding(self, mock_open):
|
||||
fileutils.open_file(self.fake_path)
|
||||
self.assertEqual(fileutils.GM_Globals[fileutils.GM_SYS_ENCODING],
|
||||
mock_open.call_args[1]['encoding'])
|
||||
|
||||
@patch.object(fileutils, 'open', new_callable=unittest.mock.mock_open)
|
||||
def test_open_file_utf8_encoding_specified(self, mock_open):
|
||||
fileutils.open_file(self.fake_path, encoding='UTF-8')
|
||||
self.assertEqual(fileutils.UTF8_SIG, mock_open.call_args[1]['encoding'])
|
||||
|
||||
def test_open_file_strips_utf_bom_in_utf(self):
|
||||
bom_prefixed_data = '\ufefffoobar'
|
||||
fake_file = io.StringIO(bom_prefixed_data)
|
||||
mock_open = MagicMock(spec=open, return_value=fake_file)
|
||||
with patch.object(fileutils, 'open', mock_open):
|
||||
f = fileutils.open_file(self.fake_path, strip_utf_bom=True)
|
||||
self.assertEqual('foobar', f.read())
|
||||
|
||||
def test_open_file_strips_utf_bom_in_non_utf(self):
|
||||
bom_prefixed_data = b'\xef\xbb\xbffoobar'.decode('iso-8859-1')
|
||||
|
||||
# We need to trick the method under test into believing that a StringIO
|
||||
# instance is a file with an encoding. Since StringIO does not usually have,
|
||||
# an encoding, we'll mock it and add our own encoding, but send the other
|
||||
# methods in use (read and seek) back to the real StringIO object.
|
||||
real_stringio = io.StringIO(bom_prefixed_data)
|
||||
mock_file = MagicMock(spec=io.StringIO)
|
||||
mock_file.read.side_effect = real_stringio.read
|
||||
mock_file.seek.side_effect = real_stringio.seek
|
||||
mock_file.encoding = 'iso-8859-1'
|
||||
|
||||
mock_open = MagicMock(spec=open, return_value=mock_file)
|
||||
with patch.object(fileutils, 'open', mock_open):
|
||||
f = fileutils.open_file(self.fake_path, strip_utf_bom=True)
|
||||
self.assertEqual('foobar', f.read())
|
||||
|
||||
def test_open_file_strips_utf_bom_in_binary(self):
|
||||
bom_prefixed_data = '\ufefffoobar'.encode()
|
||||
fake_file = io.BytesIO(bom_prefixed_data)
|
||||
mock_open = MagicMock(spec=open, return_value=fake_file)
|
||||
with patch.object(fileutils, 'open', mock_open):
|
||||
f = fileutils.open_file(self.fake_path,
|
||||
mode='rb',
|
||||
strip_utf_bom=True)
|
||||
self.assertEqual(b'foobar', f.read())
|
||||
|
||||
def test_open_file_strip_utf_bom_when_no_bom_in_data(self):
|
||||
no_bom_data = 'This data has no BOM'
|
||||
fake_file = io.StringIO(no_bom_data)
|
||||
mock_open = MagicMock(spec=open, return_value=fake_file)
|
||||
|
||||
with patch.object(fileutils, 'open', mock_open):
|
||||
f = fileutils.open_file(self.fake_path, strip_utf_bom=True)
|
||||
# Since there was no opening BOM, we should be back at the beginning of
|
||||
# the file.
|
||||
self.assertEqual(fake_file.tell(), 0)
|
||||
self.assertEqual(f.read(), no_bom_data)
|
||||
|
||||
@patch.object(fileutils, 'open', new_callable=unittest.mock.mock_open)
|
||||
def test_open_file_exits_on_io_error(self, mock_open):
|
||||
mock_open.side_effect = IOError('Fake IOError')
|
||||
with self.assertRaises(SystemExit) as context:
|
||||
fileutils.open_file(self.fake_path)
|
||||
self.assertEqual(context.exception.code, 6)
|
||||
|
||||
def test_close_file_closes_file_successfully(self):
|
||||
mock_file = MagicMock()
|
||||
self.assertTrue(fileutils.close_file(mock_file))
|
||||
self.assertEqual(mock_file.close.call_count, 1)
|
||||
|
||||
def test_close_file_with_error(self):
|
||||
mock_file = MagicMock()
|
||||
mock_file.close.side_effect = IOError()
|
||||
self.assertFalse(fileutils.close_file(mock_file))
|
||||
self.assertEqual(mock_file.close.call_count, 1)
|
||||
|
||||
@patch.object(fileutils.sys, 'stdin')
|
||||
def test_read_file_from_stdin(self, mock_stdin):
|
||||
mock_stdin.read.return_value = 'some stdin content'
|
||||
self.assertEqual(fileutils.read_file('-'), mock_stdin.read.return_value)
|
||||
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_read_file_default_params(self, mock_open_file):
|
||||
fake_content = 'some fake content'
|
||||
mock_open_file.return_value.__enter__().read.return_value = fake_content
|
||||
self.assertEqual(fileutils.read_file(self.fake_path), fake_content)
|
||||
self.assertEqual(mock_open_file.call_args[0][0], self.fake_path)
|
||||
self.assertEqual(mock_open_file.call_args[0][1], 'r')
|
||||
self.assertIsNone(mock_open_file.call_args[1]['newline'])
|
||||
|
||||
@patch.object(fileutils.display, 'print_warning')
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_read_file_continues_on_errors_without_displaying(
|
||||
self, mock_open_file, mock_print_warning):
|
||||
mock_open_file.side_effect = IOError()
|
||||
contents = fileutils.read_file(self.fake_path,
|
||||
continue_on_error=True,
|
||||
display_errors=False)
|
||||
self.assertIsNone(contents)
|
||||
self.assertFalse(mock_print_warning.called)
|
||||
|
||||
@patch.object(fileutils.display, 'print_warning')
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_read_file_displays_errors(self, mock_open_file,
|
||||
mock_print_warning):
|
||||
mock_open_file.side_effect = IOError()
|
||||
fileutils.read_file(self.fake_path,
|
||||
continue_on_error=True,
|
||||
display_errors=True)
|
||||
self.assertTrue(mock_print_warning.called)
|
||||
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_read_file_exits_code_6_when_continue_on_error_is_false(
|
||||
self, mock_open_file):
|
||||
mock_open_file.side_effect = IOError()
|
||||
with self.assertRaises(SystemExit) as context:
|
||||
fileutils.read_file(self.fake_path, continue_on_error=False)
|
||||
self.assertEqual(context.exception.code, 6)
|
||||
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_read_file_exits_code_2_on_lookuperror(self, mock_open_file):
|
||||
mock_open_file.return_value.__enter__().read.side_effect = LookupError()
|
||||
with self.assertRaises(SystemExit) as context:
|
||||
fileutils.read_file(self.fake_path)
|
||||
self.assertEqual(context.exception.code, 2)
|
||||
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_read_file_exits_code_2_on_unicodeerror(self, mock_open_file):
|
||||
mock_open_file.return_value.__enter__().read.side_effect = UnicodeError(
|
||||
)
|
||||
with self.assertRaises(SystemExit) as context:
|
||||
fileutils.read_file(self.fake_path)
|
||||
self.assertEqual(context.exception.code, 2)
|
||||
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_read_file_exits_code_2_on_unicodedecodeerror(self, mock_open_file):
|
||||
fake_decode_error = UnicodeDecodeError('fake-encoding', b'fakebytes', 0,
|
||||
1, 'testing only')
|
||||
mock_open_file.return_value.__enter__(
|
||||
).read.side_effect = fake_decode_error
|
||||
with self.assertRaises(SystemExit) as context:
|
||||
fileutils.read_file(self.fake_path)
|
||||
self.assertEqual(context.exception.code, 2)
|
||||
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_write_file_writes_data_to_file(self, mock_open_file):
|
||||
fake_data = 'some fake data'
|
||||
fileutils.write_file(self.fake_path, fake_data)
|
||||
self.assertEqual(mock_open_file.call_args[0][0], self.fake_path)
|
||||
self.assertEqual(mock_open_file.call_args[0][1], 'w')
|
||||
|
||||
opened_file = mock_open_file.return_value.__enter__()
|
||||
self.assertTrue(opened_file.write.called)
|
||||
self.assertEqual(opened_file.write.call_args[0][0], fake_data)
|
||||
|
||||
@patch.object(fileutils.display, 'print_error')
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_write_file_continues_on_errors_without_displaying(
|
||||
self, mock_open_file, mock_print_error):
|
||||
mock_open_file.side_effect = IOError()
|
||||
status = fileutils.write_file(self.fake_path,
|
||||
'foo data',
|
||||
continue_on_error=True,
|
||||
display_errors=False)
|
||||
self.assertFalse(status)
|
||||
self.assertFalse(mock_print_error.called)
|
||||
|
||||
@patch.object(fileutils.display, 'print_error')
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_write_file_displays_errors(self, mock_open_file, mock_print_error):
|
||||
mock_open_file.side_effect = IOError()
|
||||
fileutils.write_file(self.fake_path,
|
||||
'foo data',
|
||||
continue_on_error=True,
|
||||
display_errors=True)
|
||||
self.assertTrue(mock_print_error.called)
|
||||
|
||||
@patch.object(fileutils, '_open_file')
|
||||
def test_write_file_exits_code_6_when_continue_on_error_is_false(
|
||||
self, mock_open_file):
|
||||
mock_open_file.side_effect = IOError()
|
||||
with self.assertRaises(SystemExit) as context:
|
||||
fileutils.write_file(self.fake_path,
|
||||
'foo data',
|
||||
continue_on_error=False)
|
||||
self.assertEqual(context.exception.code, 6)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
@@ -1,391 +0,0 @@
|
||||
"""Methods related to execution of GAPI requests."""
|
||||
|
||||
import os.path
|
||||
import sys
|
||||
from tempfile import TemporaryDirectory
|
||||
|
||||
import googleapiclient.errors
|
||||
import google.auth.exceptions
|
||||
import httplib2
|
||||
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam.gapi import errors
|
||||
from gam import transport
|
||||
from gam.var import (GC_Values, GM_Globals,
|
||||
GM_CURRENT_API_SCOPES, GM_CURRENT_API_USER,
|
||||
GM_EXTRA_ARGS_DICT, GM_OAUTH2SERVICE_ACCOUNT_CLIENT_ID,
|
||||
MAX_RESULTS_API_EXCEPTIONS, MESSAGE_API_ACCESS_CONFIG,
|
||||
MESSAGE_API_ACCESS_DENIED, MESSAGE_SERVICE_NOT_APPLICABLE)
|
||||
|
||||
|
||||
def call(service,
|
||||
function,
|
||||
silent_errors=False,
|
||||
soft_errors=False,
|
||||
throw_reasons=None,
|
||||
retry_reasons=None,
|
||||
**kwargs):
|
||||
"""Executes a single request on a Google service function.
|
||||
|
||||
Args:
|
||||
service: A Google service object for the desired API.
|
||||
function: String, The name of a service request method to execute.
|
||||
silent_errors: Bool, If True, error messages are suppressed when
|
||||
encountered.
|
||||
soft_errors: Bool, If True, writes non-fatal errors to stderr.
|
||||
throw_reasons: A list of Google HTTP error reason strings indicating the
|
||||
errors generated by this request should be re-thrown. All other HTTP
|
||||
errors are consumed.
|
||||
retry_reasons: A list of Google HTTP error reason strings indicating which
|
||||
error should be retried, using exponential backoff techniques, when the
|
||||
error reason is encountered.
|
||||
**kwargs: Additional params to pass to the request method.
|
||||
|
||||
Returns:
|
||||
A response object for the corresponding Google API call.
|
||||
"""
|
||||
if throw_reasons is None:
|
||||
throw_reasons = []
|
||||
if retry_reasons is None:
|
||||
retry_reasons = []
|
||||
|
||||
method = getattr(service, function)
|
||||
retries = 10
|
||||
parameters = dict(
|
||||
list(kwargs.items()) + list(GM_Globals[GM_EXTRA_ARGS_DICT].items()))
|
||||
for n in range(1, retries + 1):
|
||||
try:
|
||||
return method(**parameters).execute()
|
||||
except googleapiclient.errors.HttpError as e:
|
||||
http_status, reason, message = errors.get_gapi_error_detail(
|
||||
e,
|
||||
soft_errors=soft_errors,
|
||||
silent_errors=silent_errors,
|
||||
retry_on_http_error=n < 3)
|
||||
if http_status == -1:
|
||||
# The error detail indicated that we should retry this request
|
||||
# We'll refresh credentials and make another pass
|
||||
service._http.credentials.refresh(transport.create_http())
|
||||
continue
|
||||
if http_status == 0:
|
||||
return None
|
||||
|
||||
is_known_error_reason = reason in [
|
||||
r.value for r in errors.ErrorReason
|
||||
]
|
||||
if is_known_error_reason and errors.ErrorReason(
|
||||
reason) in throw_reasons:
|
||||
if errors.ErrorReason(
|
||||
reason) in errors.ERROR_REASON_TO_EXCEPTION:
|
||||
raise errors.ERROR_REASON_TO_EXCEPTION[errors.ErrorReason(
|
||||
reason)](message)
|
||||
raise e
|
||||
if (n != retries) and (is_known_error_reason and errors.ErrorReason(
|
||||
reason) in errors.DEFAULT_RETRY_REASONS + retry_reasons):
|
||||
controlflow.wait_on_failure(n, retries, reason)
|
||||
continue
|
||||
if soft_errors:
|
||||
display.print_error(
|
||||
f'{http_status}: {message} - {reason}{["", ": Giving up."][n > 1]}'
|
||||
)
|
||||
return None
|
||||
controlflow.system_error_exit(
|
||||
int(http_status), f'{http_status}: {message} - {reason}')
|
||||
except google.auth.exceptions.RefreshError as e:
|
||||
handle_oauth_token_error(
|
||||
e, soft_errors or
|
||||
errors.ErrorReason.SERVICE_NOT_AVAILABLE in throw_reasons)
|
||||
if errors.ErrorReason.SERVICE_NOT_AVAILABLE in throw_reasons:
|
||||
raise errors.GapiServiceNotAvailableError(str(e))
|
||||
display.print_error(
|
||||
f'User {GM_Globals[GM_CURRENT_API_USER]}: {str(e)}')
|
||||
return None
|
||||
except ValueError as e:
|
||||
if hasattr(service._http,
|
||||
'cache') and service._http.cache is not None:
|
||||
service._http.cache = None
|
||||
continue
|
||||
controlflow.system_error_exit(4, str(e))
|
||||
except (httplib2.ServerNotFoundError, RuntimeError) as e:
|
||||
if n != retries:
|
||||
service._http.connections = {}
|
||||
controlflow.wait_on_failure(n, retries, str(e))
|
||||
continue
|
||||
controlflow.system_error_exit(4, str(e))
|
||||
except TypeError as e:
|
||||
controlflow.system_error_exit(4, str(e))
|
||||
|
||||
|
||||
def get_items(service,
|
||||
function,
|
||||
items='items',
|
||||
throw_reasons=None,
|
||||
retry_reasons=None,
|
||||
**kwargs):
|
||||
"""Gets a single page of items from a Google service function that is paged.
|
||||
|
||||
Args:
|
||||
service: A Google service object for the desired API.
|
||||
function: String, The name of a service request method to execute.
|
||||
items: String, the name of the resulting "items" field within the service
|
||||
method's response object.
|
||||
throw_reasons: A list of Google HTTP error reason strings indicating the
|
||||
errors generated by this request should be re-thrown. All other HTTP
|
||||
errors are consumed.
|
||||
retry_reasons: A list of Google HTTP error reason strings indicating which
|
||||
error should be retried, using exponential backoff techniques, when the
|
||||
error reason is encountered.
|
||||
**kwargs: Additional params to pass to the request method.
|
||||
|
||||
Returns:
|
||||
The list of items in the first page of a response.
|
||||
"""
|
||||
results = call(service,
|
||||
function,
|
||||
throw_reasons=throw_reasons,
|
||||
retry_reasons=retry_reasons,
|
||||
**kwargs)
|
||||
if results:
|
||||
return results.get(items, [])
|
||||
return []
|
||||
|
||||
|
||||
def _get_max_page_size_for_api_call(service, function, **kwargs):
|
||||
"""Gets the maximum number of results supported for a single API call.
|
||||
|
||||
Args:
|
||||
service: A Google service object for the desired API.
|
||||
function: String, The name of the service method to check for max page size.
|
||||
**kwargs: Additional params that will be passed to the request method.
|
||||
|
||||
Returns:
|
||||
Int, A value from discovery if it exists, otherwise value from
|
||||
MAX_RESULTS_API_EXCEPTIONS, otherwise None
|
||||
"""
|
||||
method = getattr(service, function)
|
||||
api_id = method(**kwargs).methodId
|
||||
for resource in service._rootDesc.get('resources', {}).values():
|
||||
for a_method in resource.get('methods', {}).values():
|
||||
if a_method.get('id') == api_id:
|
||||
if not a_method.get('parameters') or a_method['parameters'].get(
|
||||
'pageSize'
|
||||
) or not a_method['parameters'].get('maxResults'):
|
||||
# Make sure API call supports maxResults. For now we don't care to
|
||||
# set pageSize since all known pageSize API calls have
|
||||
# default pageSize == max pageSize.
|
||||
return None
|
||||
known_api_max = MAX_RESULTS_API_EXCEPTIONS.get(api_id)
|
||||
max_results = a_method['parameters']['maxResults'].get(
|
||||
'maximum', known_api_max)
|
||||
return {'maxResults': max_results}
|
||||
|
||||
return None
|
||||
|
||||
|
||||
TOTAL_ITEMS_MARKER = '%%total_items%%'
|
||||
FIRST_ITEM_MARKER = '%%first_item%%'
|
||||
LAST_ITEM_MARKER = '%%last_item%%'
|
||||
|
||||
|
||||
def got_total_items_msg(items, eol):
|
||||
"""Format a page_message to be used by get_all_pages
|
||||
|
||||
The page message indicates the number of items returned
|
||||
|
||||
Args:
|
||||
items: String, the description of the items being returned by get_all_pages
|
||||
eol: String, the line terminator
|
||||
Values used: '', '...', '\n', '...\n'
|
||||
|
||||
Returns:
|
||||
The formatted page_message
|
||||
"""
|
||||
|
||||
return f'Got {TOTAL_ITEMS_MARKER} {items}{eol}'
|
||||
|
||||
|
||||
def got_total_items_first_last_msg(items):
|
||||
"""Format a page_message to be used by get_all_pages
|
||||
|
||||
The page message indicates the number of items returned and the
|
||||
value of the first and list items
|
||||
|
||||
Args:
|
||||
items: String, the description of the items being returned by get_all_pages
|
||||
|
||||
Returns:
|
||||
The formatted page_message
|
||||
"""
|
||||
|
||||
return f'Got {TOTAL_ITEMS_MARKER} {items}: {FIRST_ITEM_MARKER} - {LAST_ITEM_MARKER}' + '\n'
|
||||
|
||||
|
||||
def process_page(page, items, all_items, total_items, page_message, message_attribute):
|
||||
"""Process one page of a Google service function response.
|
||||
|
||||
Append a list of items to the aggregate list of items
|
||||
|
||||
Args:
|
||||
page: list of items
|
||||
items: see get_all_pages
|
||||
all_items: aggregate list of items
|
||||
total_items: length of all_items
|
||||
page_message: see get_all_pages
|
||||
message_attribute: get_all_pages
|
||||
Returns:
|
||||
The page token and total number of items
|
||||
"""
|
||||
if page:
|
||||
page_token = page.get('nextPageToken')
|
||||
page_items = page.get(items, [])
|
||||
num_page_items = len(page_items)
|
||||
total_items += num_page_items
|
||||
if type(all_items) is list:
|
||||
all_items.extend(page_items)
|
||||
elif all_items is not None:
|
||||
i = len(all_items)
|
||||
for item in page_items:
|
||||
all_items[str(i)] = item
|
||||
i += 1
|
||||
else:
|
||||
page_token = None
|
||||
num_page_items = 0
|
||||
|
||||
# Show a paging message to the user that indicates paging progress
|
||||
if page_message:
|
||||
show_message = page_message.replace(TOTAL_ITEMS_MARKER,
|
||||
str(total_items))
|
||||
if message_attribute:
|
||||
first_item = page_items[0] if num_page_items > 0 else {}
|
||||
last_item = page_items[-1] if num_page_items > 1 else first_item
|
||||
if isinstance(message_attribute, str):
|
||||
first_item = str(first_item.get(message_attribute, ''))
|
||||
last_item = str(last_item.get(message_attribute, ''))
|
||||
else:
|
||||
for attr in message_attribute:
|
||||
first_item = first_item.get(attr, {})
|
||||
last_item = last_item.get(attr, {})
|
||||
first_item = str(first_item)
|
||||
last_item = str(last_item)
|
||||
show_message = show_message.replace(FIRST_ITEM_MARKER, first_item)
|
||||
show_message = show_message.replace(LAST_ITEM_MARKER, last_item)
|
||||
sys.stderr.write('\r')
|
||||
sys.stderr.flush()
|
||||
sys.stderr.write(show_message)
|
||||
return (page_token, total_items)
|
||||
|
||||
def finalize_page_message(page_message):
|
||||
""" Issue final page_message """
|
||||
if page_message and (page_message[-1] != '\n'):
|
||||
sys.stderr.write('\r\n')
|
||||
sys.stderr.flush()
|
||||
|
||||
|
||||
def get_all_pages(service,
|
||||
function,
|
||||
items='items',
|
||||
page_message=None,
|
||||
message_attribute=None,
|
||||
soft_errors=False,
|
||||
throw_reasons=None,
|
||||
retry_reasons=None,
|
||||
page_args_in_body=False,
|
||||
**kwargs):
|
||||
"""Aggregates and returns all pages of a Google service function response.
|
||||
|
||||
All pages of items are aggregated and returned as a single list.
|
||||
|
||||
Args:
|
||||
service: A Google service object for the desired API.
|
||||
function: String, The name of a service request method to execute.
|
||||
items: String, the name of the resulting "items" field within the method's
|
||||
response object. The items in this field will be aggregated across all
|
||||
pages and returned.
|
||||
page_message: String, a message to be displayed to the user during paging.
|
||||
Template strings allow for dynamic content to be inserted during paging.
|
||||
Supported template strings:
|
||||
TOTAL_ITEMS_MARKER : The current number of items discovered across all
|
||||
pages.
|
||||
FIRST_ITEM_MARKER : In conjunction with `message_attribute` arg, will
|
||||
display a unique property of the first item in the current page.
|
||||
LAST_ITEM_MARKER : In conjunction with `message_attribute` arg, will
|
||||
display a unique property of the last item in the current page.
|
||||
message_attribute: String or list, the name of a signature field within a
|
||||
single returned item which identifies that unique item. This field is used
|
||||
with `page_message` to templatize a paging status message.
|
||||
soft_errors: Bool, If True, writes non-fatal errors to stderr.
|
||||
throw_reasons: A list of Google HTTP error reason strings indicating the
|
||||
errors generated by this request should be re-thrown. All other HTTP
|
||||
errors are consumed.
|
||||
retry_reasons: A list of Google HTTP error reason strings indicating which
|
||||
error should be retried, using exponential backoff techniques, when the
|
||||
error reason is encountered.
|
||||
page_args_in_body: Some APIs like Chrome Policy want pageToken and pageSize
|
||||
in the body.
|
||||
**kwargs: Additional params to pass to the request method.
|
||||
|
||||
Returns:
|
||||
A list of all items received from all paged responses.
|
||||
"""
|
||||
if page_args_in_body:
|
||||
kwargs.setdefault('body', {})
|
||||
if 'maxResults' not in kwargs and 'pageSize' not in kwargs and 'pageSize' not in kwargs.get('body', {}):
|
||||
page_key = _get_max_page_size_for_api_call(service, function, **kwargs)
|
||||
if page_key:
|
||||
if page_args_in_body:
|
||||
kwargs['body'].update(page_key)
|
||||
else:
|
||||
kwargs.update(page_key)
|
||||
all_items = []
|
||||
page_token = None
|
||||
total_items = 0
|
||||
while True:
|
||||
page = call(service,
|
||||
function,
|
||||
soft_errors=soft_errors,
|
||||
throw_reasons=throw_reasons,
|
||||
retry_reasons=retry_reasons,
|
||||
**kwargs)
|
||||
page_token, total_items = process_page(page, items, all_items, total_items, page_message, message_attribute)
|
||||
if not page_token:
|
||||
finalize_page_message(page_message)
|
||||
if type(all_items) is not list:
|
||||
all_items = all_items.values()
|
||||
return all_items
|
||||
if page_args_in_body:
|
||||
kwargs['body']['pageToken'] = page_token
|
||||
else:
|
||||
kwargs['pageToken'] = page_token
|
||||
|
||||
# TODO: Make this private once all execution related items that use this method
|
||||
# have been brought into this file
|
||||
def handle_oauth_token_error(e, soft_errors):
|
||||
"""On a token error, exits the application and writes a message to stderr.
|
||||
|
||||
Args:
|
||||
e: google.auth.exceptions.RefreshError, The error to handle.
|
||||
soft_errors: Boolean, if True, suppresses any applicable errors and instead
|
||||
returns to the caller.
|
||||
"""
|
||||
token_error = str(e).replace('.', '')
|
||||
if token_error in errors.OAUTH2_TOKEN_ERRORS or token_error.startswith(
|
||||
'Invalid response'):
|
||||
if soft_errors:
|
||||
return
|
||||
if not GM_Globals[GM_CURRENT_API_USER]:
|
||||
display.print_error(
|
||||
MESSAGE_API_ACCESS_DENIED.format(
|
||||
GM_Globals[GM_OAUTH2SERVICE_ACCOUNT_CLIENT_ID],
|
||||
','.join(GM_Globals[GM_CURRENT_API_SCOPES])))
|
||||
controlflow.system_error_exit(12, MESSAGE_API_ACCESS_CONFIG)
|
||||
else:
|
||||
controlflow.system_error_exit(
|
||||
19,
|
||||
MESSAGE_SERVICE_NOT_APPLICABLE.format(
|
||||
GM_Globals[GM_CURRENT_API_USER]))
|
||||
controlflow.system_error_exit(18, f'Authentication Token Error - {str(e)}')
|
||||
|
||||
|
||||
def get_enum_values_minus_unspecified(values):
|
||||
return [a_type for a_type in values if '_UNSPECIFIED' not in a_type]
|
||||
@@ -1,520 +0,0 @@
|
||||
"""Tests for gapi."""
|
||||
|
||||
import json
|
||||
import unittest
|
||||
from unittest.mock import MagicMock
|
||||
from unittest.mock import patch
|
||||
|
||||
from gam import SetGlobalVariables
|
||||
import gam.gapi as gapi
|
||||
from gam.gapi import errors
|
||||
import httplib2
|
||||
|
||||
|
||||
def create_http_error(status, reason, message):
|
||||
"""Creates a HttpError object similar to most Google API Errors.
|
||||
|
||||
Args:
|
||||
status: Int, the error's HTTP response status number.
|
||||
reason: String, a camelCase reason for the HttpError being given.
|
||||
message: String, a general error message describing the error that occurred.
|
||||
|
||||
Returns:
|
||||
googleapiclient.errors.HttpError
|
||||
"""
|
||||
response = httplib2.Response({
|
||||
'status': status,
|
||||
'content-type': 'application/json',
|
||||
})
|
||||
content = {
|
||||
'error': {
|
||||
'code': status,
|
||||
'errors': [{
|
||||
'reason': str(reason),
|
||||
'message': message,
|
||||
}]
|
||||
}
|
||||
}
|
||||
content_bytes = json.dumps(content).encode('UTF-8')
|
||||
return gapi.googleapiclient.errors.HttpError(response, content_bytes)
|
||||
|
||||
|
||||
class GapiTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
SetGlobalVariables()
|
||||
self.mock_service = MagicMock()
|
||||
self.mock_method_name = 'mock_method'
|
||||
self.mock_method = getattr(self.mock_service, self.mock_method_name)
|
||||
|
||||
self.simple_3_page_response = [
|
||||
{
|
||||
'items': [{
|
||||
'position': 'page1,item1'
|
||||
}, {
|
||||
'position': 'page1,item2'
|
||||
}, {
|
||||
'position': 'page1,item3'
|
||||
}],
|
||||
'nextPageToken': 'page2'
|
||||
},
|
||||
{
|
||||
'items': [{
|
||||
'position': 'page2,item1'
|
||||
}, {
|
||||
'position': 'page2,item2'
|
||||
}, {
|
||||
'position': 'page2,item3'
|
||||
}],
|
||||
'nextPageToken': 'page3'
|
||||
},
|
||||
{
|
||||
'items': [{
|
||||
'position': 'page3,item1'
|
||||
}, {
|
||||
'position': 'page3,item2'
|
||||
}, {
|
||||
'position': 'page3,item3'
|
||||
}],
|
||||
},
|
||||
]
|
||||
self.empty_items_response = {'items': []}
|
||||
|
||||
super().setUp()
|
||||
|
||||
def test_call_returns_basic_200_response(self):
|
||||
response = gapi.call(self.mock_service, self.mock_method_name)
|
||||
self.assertEqual(response, self.mock_method().execute.return_value)
|
||||
|
||||
def test_call_passes_target_method_params(self):
|
||||
gapi.call(self.mock_service,
|
||||
self.mock_method_name,
|
||||
my_param_1=1,
|
||||
my_param_2=2)
|
||||
self.assertEqual(self.mock_method.call_count, 1)
|
||||
method_kwargs = self.mock_method.call_args[1]
|
||||
self.assertEqual(method_kwargs.get('my_param_1'), 1)
|
||||
self.assertEqual(method_kwargs.get('my_param_2'), 2)
|
||||
|
||||
@patch.object(gapi.errors, 'get_gapi_error_detail')
|
||||
def test_call_retries_with_soft_errors(self, mock_error_detail):
|
||||
mock_error_detail.return_value = (-1, 'aReason', 'some message')
|
||||
|
||||
# Make the request fail first, then return the proper response on the retry.
|
||||
fake_http_error = create_http_error(403, 'aReason', 'unused message')
|
||||
fake_200_response = MagicMock()
|
||||
self.mock_method.return_value.execute.side_effect = [
|
||||
fake_http_error, fake_200_response
|
||||
]
|
||||
|
||||
response = gapi.call(self.mock_service,
|
||||
self.mock_method_name,
|
||||
soft_errors=True)
|
||||
self.assertEqual(response, fake_200_response)
|
||||
self.assertEqual(self.mock_service._http.credentials.refresh.call_count,
|
||||
1)
|
||||
self.assertEqual(self.mock_method.return_value.execute.call_count, 2)
|
||||
|
||||
def test_call_throws_for_provided_reason(self):
|
||||
throw_reason = errors.ErrorReason.USER_NOT_FOUND
|
||||
fake_http_error = create_http_error(404, throw_reason, 'forced throw')
|
||||
self.mock_method.return_value.execute.side_effect = fake_http_error
|
||||
|
||||
gam_exception = errors.ERROR_REASON_TO_EXCEPTION[throw_reason]
|
||||
with self.assertRaises(gam_exception):
|
||||
gapi.call(self.mock_service,
|
||||
self.mock_method_name,
|
||||
throw_reasons=[throw_reason])
|
||||
|
||||
# Prevent wait_on_failure from performing actual backoff unnecessarily, since
|
||||
# we're not actually testing over a network connection
|
||||
@patch.object(gapi.controlflow, 'wait_on_failure')
|
||||
def test_call_retries_request_for_default_retry_reasons(
|
||||
self, mock_wait_on_failure):
|
||||
|
||||
# Test using one of the default retry reasons
|
||||
default_throw_reason = errors.ErrorReason.BACKEND_ERROR
|
||||
self.assertIn(default_throw_reason, errors.DEFAULT_RETRY_REASONS)
|
||||
|
||||
fake_http_error = create_http_error(404, default_throw_reason,
|
||||
'message')
|
||||
fake_200_response = MagicMock()
|
||||
# Fail once, then succeed on retry
|
||||
self.mock_method.return_value.execute.side_effect = [
|
||||
fake_http_error, fake_200_response
|
||||
]
|
||||
|
||||
response = gapi.call(self.mock_service,
|
||||
self.mock_method_name,
|
||||
retry_reasons=[])
|
||||
self.assertEqual(response, fake_200_response)
|
||||
self.assertEqual(self.mock_method.return_value.execute.call_count, 2)
|
||||
# Make sure a backoff technique was used for retry.
|
||||
self.assertEqual(mock_wait_on_failure.call_count, 1)
|
||||
|
||||
# Prevent wait_on_failure from performing actual backoff unnecessarily, since
|
||||
# we're not actually testing over a network connection
|
||||
@patch.object(gapi.controlflow, 'wait_on_failure')
|
||||
def test_call_retries_requests_for_provided_retry_reasons(
|
||||
self, unused_mock_wait_on_failure):
|
||||
|
||||
retry_reason1 = errors.ErrorReason.INTERNAL_ERROR
|
||||
fake_retrieable_error1 = create_http_error(400, retry_reason1,
|
||||
'Forced Error 1')
|
||||
retry_reason2 = errors.ErrorReason.SYSTEM_ERROR
|
||||
fake_retrieable_error2 = create_http_error(400, retry_reason2,
|
||||
'Forced Error 2')
|
||||
non_retriable_reason = errors.ErrorReason.SERVICE_NOT_AVAILABLE
|
||||
fake_non_retriable_error = create_http_error(
|
||||
400, non_retriable_reason,
|
||||
'This error should not cause the request to be retried')
|
||||
# Fail once, then succeed on retry
|
||||
self.mock_method.return_value.execute.side_effect = [
|
||||
fake_retrieable_error1, fake_retrieable_error2,
|
||||
fake_non_retriable_error
|
||||
]
|
||||
|
||||
with self.assertRaises(SystemExit):
|
||||
# The third call should raise the SystemExit when non_retriable_error is
|
||||
# raised.
|
||||
gapi.call(self.mock_service,
|
||||
self.mock_method_name,
|
||||
retry_reasons=[retry_reason1, retry_reason2])
|
||||
|
||||
self.assertEqual(self.mock_method.return_value.execute.call_count, 3)
|
||||
|
||||
def test_call_exits_on_oauth_token_error(self):
|
||||
# An error with any OAUTH2_TOKEN_ERROR
|
||||
fake_token_error = gapi.google.auth.exceptions.RefreshError(
|
||||
errors.OAUTH2_TOKEN_ERRORS[0])
|
||||
self.mock_method.return_value.execute.side_effect = fake_token_error
|
||||
|
||||
with self.assertRaises(SystemExit):
|
||||
gapi.call(self.mock_service, self.mock_method_name)
|
||||
|
||||
def test_call_exits_on_nonretriable_error(self):
|
||||
error_reason = 'unknownReason'
|
||||
fake_http_error = create_http_error(500, error_reason,
|
||||
'Testing unretriable errors')
|
||||
self.mock_method.return_value.execute.side_effect = fake_http_error
|
||||
|
||||
with self.assertRaises(SystemExit):
|
||||
gapi.call(self.mock_service, self.mock_method_name)
|
||||
|
||||
def test_call_exits_on_request_valueerror(self):
|
||||
self.mock_method.return_value.execute.side_effect = ValueError()
|
||||
|
||||
with self.assertRaises(SystemExit):
|
||||
gapi.call(self.mock_service, self.mock_method_name)
|
||||
|
||||
def test_call_clears_bad_http_cache_on_request_failure(self):
|
||||
self.mock_service._http.cache = 'something that is not None'
|
||||
fake_200_response = MagicMock()
|
||||
self.mock_method.return_value.execute.side_effect = [
|
||||
ValueError(), fake_200_response
|
||||
]
|
||||
|
||||
self.assertIsNotNone(self.mock_service._http.cache)
|
||||
response = gapi.call(self.mock_service, self.mock_method_name)
|
||||
self.assertEqual(response, fake_200_response)
|
||||
# Assert the cache was cleared
|
||||
self.assertIsNone(self.mock_service._http.cache)
|
||||
|
||||
# Prevent wait_on_failure from performing actual backoff unnecessarily, since
|
||||
# we're not actually testing over a network connection
|
||||
@patch.object(gapi.controlflow, 'wait_on_failure')
|
||||
def test_call_retries_requests_with_backoff_on_servernotfounderror(
|
||||
self, mock_wait_on_failure):
|
||||
fake_servernotfounderror = gapi.httplib2.ServerNotFoundError()
|
||||
fake_200_response = MagicMock()
|
||||
# Fail once, then succeed on retry
|
||||
self.mock_method.return_value.execute.side_effect = [
|
||||
fake_servernotfounderror, fake_200_response
|
||||
]
|
||||
|
||||
http_connections = self.mock_service._http.connections
|
||||
response = gapi.call(self.mock_service, self.mock_method_name)
|
||||
self.assertEqual(response, fake_200_response)
|
||||
# HTTP cached connections should be cleared on receiving this error
|
||||
self.assertNotEqual(http_connections,
|
||||
self.mock_service._http.connections)
|
||||
self.assertEqual(self.mock_method.return_value.execute.call_count, 2)
|
||||
# Make sure a backoff technique was used for retry.
|
||||
self.assertEqual(mock_wait_on_failure.call_count, 1)
|
||||
|
||||
def test_get_items_calls_correct_service_function(self):
|
||||
gapi.get_items(self.mock_service, self.mock_method_name)
|
||||
self.assertTrue(self.mock_method.called)
|
||||
|
||||
def test_get_items_returns_one_page(self):
|
||||
fake_response = {'items': [{}, {}, {}]}
|
||||
self.mock_method.return_value.execute.return_value = fake_response
|
||||
page = gapi.get_items(self.mock_service, self.mock_method_name)
|
||||
self.assertEqual(page, fake_response['items'])
|
||||
|
||||
def test_get_items_non_default_page_field_name(self):
|
||||
field_name = 'things'
|
||||
fake_response = {field_name: [{}, {}, {}]}
|
||||
self.mock_method.return_value.execute.return_value = fake_response
|
||||
page = gapi.get_items(self.mock_service,
|
||||
self.mock_method_name,
|
||||
items=field_name)
|
||||
self.assertEqual(page, fake_response[field_name])
|
||||
|
||||
def test_get_items_passes_additional_kwargs_to_service(self):
|
||||
gapi.get_items(self.mock_service,
|
||||
self.mock_method_name,
|
||||
my_param_1=1,
|
||||
my_param_2=2)
|
||||
self.assertEqual(self.mock_method.call_count, 1)
|
||||
method_kwargs = self.mock_method.call_args[1]
|
||||
self.assertEqual(1, method_kwargs.get('my_param_1'))
|
||||
self.assertEqual(2, method_kwargs.get('my_param_2'))
|
||||
|
||||
def test_get_items_returns_empty_list_when_no_items_returned(self):
|
||||
non_items_response = {'noItemsInThisResponse': {}}
|
||||
self.mock_method.return_value.execute.return_value = non_items_response
|
||||
page = gapi.get_items(self.mock_service, self.mock_method_name)
|
||||
self.assertIsInstance(page, list)
|
||||
self.assertEqual(0, len(page))
|
||||
|
||||
def test_get_all_pages_returns_all_items(self):
|
||||
page_1 = {'items': ['1-1', '1-2', '1-3'], 'nextPageToken': '2'}
|
||||
page_2 = {'items': ['2-1', '2-2', '2-3'], 'nextPageToken': '3'}
|
||||
page_3 = {'items': ['3-1', '3-2', '3-3']}
|
||||
self.mock_method.return_value.execute.side_effect = [
|
||||
page_1, page_2, page_3
|
||||
]
|
||||
response_items = gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name)
|
||||
self.assertListEqual(
|
||||
response_items, page_1['items'] + page_2['items'] + page_3['items'])
|
||||
|
||||
def test_get_all_pages_includes_next_pagetoken_in_request(self):
|
||||
page_1 = {'items': ['1-1', '1-2', '1-3'], 'nextPageToken': 'someToken'}
|
||||
page_2 = {'items': ['2-1', '2-2', '2-3']}
|
||||
self.mock_method.return_value.execute.side_effect = [page_1, page_2]
|
||||
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
pageSize=100)
|
||||
self.assertEqual(self.mock_method.call_count, 2)
|
||||
call_2_kwargs = self.mock_method.call_args_list[1][1]
|
||||
self.assertIn('pageToken', call_2_kwargs)
|
||||
self.assertEqual(call_2_kwargs['pageToken'], page_1['nextPageToken'])
|
||||
|
||||
def test_get_all_pages_uses_default_max_page_size(self):
|
||||
sample_api_id = list(gapi.MAX_RESULTS_API_EXCEPTIONS.keys())[0]
|
||||
sample_api_max_results = gapi.MAX_RESULTS_API_EXCEPTIONS[sample_api_id]
|
||||
self.mock_method.return_value.methodId = sample_api_id
|
||||
self.mock_service._rootDesc = {
|
||||
'resources': {
|
||||
'someResource': {
|
||||
'methods': {
|
||||
'someMethod': {
|
||||
'id': sample_api_id,
|
||||
'parameters': {
|
||||
'maxResults': {
|
||||
'maximum': sample_api_max_results
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
self.mock_method.return_value.execute.return_value = self.empty_items_response
|
||||
|
||||
gapi.get_all_pages(self.mock_service, self.mock_method_name)
|
||||
request_method_kwargs = self.mock_method.call_args[1]
|
||||
self.assertIn('maxResults', request_method_kwargs)
|
||||
self.assertEqual(request_method_kwargs['maxResults'],
|
||||
gapi.MAX_RESULTS_API_EXCEPTIONS.get(sample_api_id))
|
||||
|
||||
def test_get_all_pages_max_page_size_overrided(self):
|
||||
self.mock_method.return_value.execute.return_value = self.empty_items_response
|
||||
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
pageSize=123456)
|
||||
request_method_kwargs = self.mock_method.call_args[1]
|
||||
self.assertIn('pageSize', request_method_kwargs)
|
||||
self.assertEqual(123456, request_method_kwargs['pageSize'])
|
||||
|
||||
def test_get_all_pages_prints_paging_message(self):
|
||||
self.mock_method.return_value.execute.side_effect = self.simple_3_page_response
|
||||
|
||||
paging_message = 'A simple string displayed during paging'
|
||||
with patch.object(gapi.sys.stderr, 'write') as mock_write:
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
page_message=paging_message)
|
||||
messages_written = [
|
||||
call_args[0][0] for call_args in mock_write.call_args_list
|
||||
]
|
||||
self.assertIn(paging_message, messages_written)
|
||||
|
||||
def test_get_all_pages_prints_paging_message_inline(self):
|
||||
self.mock_method.return_value.execute.side_effect = self.simple_3_page_response
|
||||
|
||||
paging_message = 'A simple string displayed during paging'
|
||||
with patch.object(gapi.sys.stderr, 'write') as mock_write:
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
page_message=paging_message)
|
||||
messages_written = [
|
||||
call_args[0][0] for call_args in mock_write.call_args_list
|
||||
]
|
||||
|
||||
# Make sure a return carriage was written between two pages
|
||||
paging_message_call_positions = [
|
||||
i for i, message in enumerate(messages_written)
|
||||
if message == paging_message
|
||||
]
|
||||
self.assertGreater(len(paging_message_call_positions), 1)
|
||||
printed_between_page_messages = messages_written[
|
||||
paging_message_call_positions[0]:paging_message_call_positions[1]]
|
||||
self.assertIn('\r', printed_between_page_messages)
|
||||
|
||||
def test_get_all_pages_ends_paging_message_with_newline(self):
|
||||
self.mock_method.return_value.execute.side_effect = self.simple_3_page_response
|
||||
|
||||
paging_message = 'A simple string displayed during paging'
|
||||
with patch.object(gapi.sys.stderr, 'write') as mock_write:
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
page_message=paging_message)
|
||||
messages_written = [
|
||||
call_args[0][0] for call_args in mock_write.call_args_list
|
||||
]
|
||||
last_page_message_index = len(
|
||||
messages_written) - messages_written[::-1].index(paging_message)
|
||||
last_carriage_return_index = len(
|
||||
messages_written) - messages_written[::-1].index('\r\n')
|
||||
self.assertGreater(last_carriage_return_index, last_page_message_index)
|
||||
|
||||
def test_get_all_pages_prints_attribute_total_items_in_paging_message(self):
|
||||
self.mock_method.return_value.execute.side_effect = self.simple_3_page_response
|
||||
|
||||
paging_message = 'Total number of items discovered: %%total_items%%'
|
||||
with patch.object(gapi.sys.stderr, 'write') as mock_write:
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
page_message=paging_message)
|
||||
|
||||
messages_written = [
|
||||
call_args[0][0] for call_args in mock_write.call_args_list
|
||||
]
|
||||
page_1_item_count = len(self.simple_3_page_response[0]['items'])
|
||||
page_1_message = paging_message.replace('%%total_items%%',
|
||||
str(page_1_item_count))
|
||||
self.assertIn(page_1_message, messages_written)
|
||||
|
||||
page_2_item_count = len(self.simple_3_page_response[1]['items'])
|
||||
page_2_message = paging_message.replace(
|
||||
'%%total_items%%', str(page_1_item_count + page_2_item_count))
|
||||
self.assertIn(page_2_message, messages_written)
|
||||
|
||||
page_3_item_count = len(self.simple_3_page_response[2]['items'])
|
||||
page_3_message = paging_message.replace(
|
||||
'%%total_items%%',
|
||||
str(page_1_item_count + page_2_item_count + page_3_item_count))
|
||||
self.assertIn(page_3_message, messages_written)
|
||||
|
||||
# Assert that the template text is always replaced.
|
||||
for message in messages_written:
|
||||
self.assertNotIn('%%total_items', message)
|
||||
|
||||
def test_get_all_pages_prints_attribute_first_item_in_paging_message(self):
|
||||
self.mock_method.return_value.execute.side_effect = self.simple_3_page_response
|
||||
|
||||
paging_message = 'First item in page: %%first_item%%'
|
||||
|
||||
with patch.object(gapi.sys.stderr, 'write') as mock_write:
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
page_message=paging_message,
|
||||
message_attribute='position')
|
||||
|
||||
messages_written = [
|
||||
call_args[0][0] for call_args in mock_write.call_args_list
|
||||
]
|
||||
page_1_message = paging_message.replace(
|
||||
'%%first_item%%',
|
||||
self.simple_3_page_response[0]['items'][0]['position'])
|
||||
self.assertIn(page_1_message, messages_written)
|
||||
|
||||
page_2_message = paging_message.replace(
|
||||
'%%first_item%%',
|
||||
self.simple_3_page_response[1]['items'][0]['position'])
|
||||
self.assertIn(page_2_message, messages_written)
|
||||
|
||||
# Assert that the template text is always replaced.
|
||||
for message in messages_written:
|
||||
self.assertNotIn('%%first_item', message)
|
||||
|
||||
def test_get_all_pages_prints_attribute_last_item_in_paging_message(self):
|
||||
self.mock_method.return_value.execute.side_effect = self.simple_3_page_response
|
||||
|
||||
paging_message = 'Last item in page: %%last_item%%'
|
||||
with patch.object(gapi.sys.stderr, 'write') as mock_write:
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
page_message=paging_message,
|
||||
message_attribute='position')
|
||||
|
||||
messages_written = [
|
||||
call_args[0][0] for call_args in mock_write.call_args_list
|
||||
]
|
||||
page_1_message = paging_message.replace(
|
||||
'%%last_item%%',
|
||||
self.simple_3_page_response[0]['items'][-1]['position'])
|
||||
self.assertIn(page_1_message, messages_written)
|
||||
|
||||
page_2_message = paging_message.replace(
|
||||
'%%last_item%%',
|
||||
self.simple_3_page_response[1]['items'][-1]['position'])
|
||||
self.assertIn(page_2_message, messages_written)
|
||||
|
||||
# Assert that the template text is always replaced.
|
||||
for message in messages_written:
|
||||
self.assertNotIn('%%last_item', message)
|
||||
|
||||
def test_get_all_pages_prints_all_attributes_in_paging_message(self):
|
||||
pass
|
||||
|
||||
def test_get_all_pages_passes_additional_kwargs_to_service_method(self):
|
||||
self.mock_method.return_value.execute.return_value = self.empty_items_response
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
my_param_1=1,
|
||||
my_param_2=2)
|
||||
method_kwargs = self.mock_method.call_args[1]
|
||||
self.assertEqual(method_kwargs.get('my_param_1'), 1)
|
||||
self.assertEqual(method_kwargs.get('my_param_2'), 2)
|
||||
|
||||
@patch.object(gapi, 'call')
|
||||
def test_get_all_pages_passes_throw_and_retry_reasons(self, mock_call):
|
||||
throw_for = MagicMock()
|
||||
retry_for = MagicMock()
|
||||
mock_call.return_value = self.empty_items_response
|
||||
gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
throw_reasons=throw_for,
|
||||
retry_reasons=retry_for)
|
||||
method_kwargs = mock_call.call_args[1]
|
||||
self.assertEqual(method_kwargs.get('throw_reasons'), throw_for)
|
||||
self.assertEqual(method_kwargs.get('retry_reasons'), retry_for)
|
||||
|
||||
def test_get_all_pages_non_default_items_field_name(self):
|
||||
field_name = 'things'
|
||||
fake_response = {field_name: [{}, {}, {}]}
|
||||
self.mock_method.return_value.execute.return_value = fake_response
|
||||
page = gapi.get_all_pages(self.mock_service,
|
||||
self.mock_method_name,
|
||||
items=field_name)
|
||||
self.assertEqual(page, fake_response[field_name])
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
@@ -1,274 +0,0 @@
|
||||
import string
|
||||
import sys
|
||||
|
||||
import googleapiclient.errors
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi import cloudresourcemanager as gapi_crm
|
||||
|
||||
|
||||
THROW_REASONS = [gapi_errors.ErrorReason.FOUR_O_THREE]
|
||||
|
||||
def _gen_role_error(caa):
|
||||
sa_email = caa._http.credentials.signer_email
|
||||
role_error = f'Please grant service account {sa_email} the Access Context Manager Editor role to your GCP organization.'
|
||||
controlflow.system_error_exit(2, role_error)
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIServiceObject('accesscontextmanager',
|
||||
act_as=None)
|
||||
|
||||
|
||||
def get_access_policy(caa=None):
|
||||
if not caa:
|
||||
caa = build()
|
||||
parent = gapi_crm.get_org_id()
|
||||
if not parent:
|
||||
_gen_role_error(caa)
|
||||
try:
|
||||
aps = gapi.get_all_pages(caa.accessPolicies(),
|
||||
'list',
|
||||
'accessPolicies',
|
||||
throw_reasons=THROW_REASONS,
|
||||
parent=parent,
|
||||
fields='accessPolicies(name,title)')
|
||||
except googleapiclient.errors.HttpError:
|
||||
_gen_role_error(caa)
|
||||
if not aps:
|
||||
controlflow.system_error_exit(2, 'You don\'t seem to have any access policies. That is odd.')
|
||||
elif len(aps) == 1:
|
||||
return aps[0]['name']
|
||||
for ap in aps:
|
||||
if ap.get('title') == 'Access policy created in Cloud Identity Console':
|
||||
return ap['name']
|
||||
controlflow.system_error_exit(2, ' Could not find a org level access policy. That is odd.')
|
||||
|
||||
|
||||
def printshow_access_levels(csvFormat):
|
||||
caa = build()
|
||||
ap_name = get_access_policy(caa)
|
||||
if csvFormat:
|
||||
todrive = False
|
||||
csvRows = []
|
||||
titles = ['name', 'title']
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if csvFormat and myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
f"gam {['show', 'print'][csvFormat]} caalevels")
|
||||
try:
|
||||
levels = gapi.get_all_pages(caa.accessPolicies().accessLevels(),
|
||||
'list',
|
||||
'accessLevels',
|
||||
throw_reasons=THROW_REASONS,
|
||||
parent=ap_name,
|
||||
accessLevelFormat='CEL', fields='*')
|
||||
except googleapiclient.errors.HttpError:
|
||||
_gen_role_error(caa)
|
||||
if not csvFormat:
|
||||
for level in levels:
|
||||
display.print_json(level)
|
||||
print()
|
||||
else:
|
||||
for level in levels:
|
||||
display.add_row_titles_to_csv_file(
|
||||
utils.flatten_json(level),
|
||||
csvRows, titles)
|
||||
display.write_csv_file(csvRows, titles, 'CAA Levels', todrive)
|
||||
|
||||
|
||||
def build_os_constraints(constraints):
|
||||
consts_obj = []
|
||||
constraints = constraints.upper().split(',')
|
||||
valid_os_types = ['DESKTOP_MAC', 'DESKTOP_WINDOWS', 'DESKTOP_LINUX',
|
||||
'DESKTOP_CHROME_OS', 'VERIFIED_DESKTOP_CHROME_OS', 'ANDROID', 'IOS']
|
||||
for constraint in constraints:
|
||||
new_const = {}
|
||||
if ':' in constraint:
|
||||
new_const['osType'], new_const['minimumVersion'] = constraint.split(':')
|
||||
else:
|
||||
new_const['osType'] = constraint
|
||||
if new_const['osType'] not in valid_os_types:
|
||||
controlflow.system_error_exit(2, f'expected os type of {", ".join(valid_os_types)} got {new_const["osType"]}')
|
||||
if new_const['osType'] == 'VERIFIED_DESKTOP_CHROME_OS':
|
||||
new_const['osType'] = 'DESKTOP_CHROME_OS'
|
||||
new_const['requireVerifiedChromeOs'] = True
|
||||
consts_obj.append(new_const)
|
||||
return consts_obj
|
||||
|
||||
|
||||
def build_device_policy(i, schemas):
|
||||
device_policy = {}
|
||||
while True:
|
||||
myarg = sys.argv[i].replace('_', '').lower()
|
||||
if myarg == 'requirescreenlock':
|
||||
device_policy['requireScreenLock'] = gam.getBoolean(sys.argv[i+1], myarg)
|
||||
i += 2
|
||||
elif myarg == 'allowedencryptionstatuses':
|
||||
allowed_statuses = gapi.get_enum_values_minus_unspecified(schemas["DevicePolicy"]["properties"]["allowedEncryptionStatuses"]["items"]["enum"])
|
||||
device_policy['allowedEncryptionStatuses'] = sys.argv[i+1].upper().split(',')
|
||||
for status in device_policy['allowedEncryptionStatuses']:
|
||||
if status not in allowed_statuses:
|
||||
controlflow.system_error_exit(2, f'expected encryption status of {", ".join(allowed_statuses)} got {status}')
|
||||
i += 2
|
||||
elif myarg == 'osconstraints':
|
||||
device_policy['osConstraints'] = build_os_constraints(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'alloweddevicemanagementlevels':
|
||||
allowed_levels = gapi.get_enum_values_minus_unspecified(schemas["DevicePolicy"]["properties"]["allowedDeviceManagementLevels"]["items"]["enum"])
|
||||
device_policy['allowedDeviceManagementLevels'] = sys.argv[i+1].upper().split(',')
|
||||
for level in device_policy['allowedDeviceManagementLevels']:
|
||||
if level == 'ADVANCED':
|
||||
level = 'COMPLETE'
|
||||
if level not in allowed_levels:
|
||||
controlflow.system_error_exit(2, f'expected device management level of {", ".join(allowed_levels)} got {level}')
|
||||
i += 2
|
||||
elif myarg == 'requireadminapproval':
|
||||
device_policy['requireAdminApproval'] = gam.getBoolean(sys.argv[i+1], myarg)
|
||||
i += 2
|
||||
elif myarg == 'requirecorpowned':
|
||||
device_policy['requireCorpOwned'] = gam.getBoolean(sys.argv[i+1], myarg)
|
||||
i += 2
|
||||
elif myarg == 'enddevicepolicy':
|
||||
i += 1
|
||||
break
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam create/update caalevel')
|
||||
return i, device_policy
|
||||
|
||||
|
||||
def build_condition(i, schemas):
|
||||
condition = {}
|
||||
while True:
|
||||
myarg = sys.argv[i].replace('_', '').lower()
|
||||
if myarg == 'ipsubnetworks':
|
||||
condition['ipSubnetworks'] = sys.argv[i+1].split(',')
|
||||
i += 2
|
||||
elif myarg == 'devicepolicy':
|
||||
i += 1
|
||||
i, condition['devicePolicy'] = build_device_policy(i, schemas)
|
||||
elif myarg == 'requiredaccesslevels':
|
||||
condition['requiredAccessLevels'] = sys.argv[i+1].split(',')
|
||||
i += 2
|
||||
elif myarg == 'negate':
|
||||
condition['negate'] = gam.getBoolean(sys.argv[i+1], myarg)
|
||||
i += 2
|
||||
elif myarg == 'members':
|
||||
condition['members'] = sys.argv[i+1].split(',')
|
||||
i += 2
|
||||
elif myarg == 'regions':
|
||||
condition['regions'] = sys.argv[i+1].upper().split(',')
|
||||
i += 2
|
||||
elif myarg == 'endcondition':
|
||||
i += 1
|
||||
break
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam create/update caalevel')
|
||||
return i, condition
|
||||
|
||||
|
||||
def build_basic_level(i, schemas):
|
||||
basic_level = {'conditions': []}
|
||||
valid_functions = gapi.get_enum_values_minus_unspecified(schemas['BasicLevel']['properties']['combiningFunction']['enum'])
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].replace('_', '').lower()
|
||||
if myarg == 'combiningfunction':
|
||||
combiningFunction = sys.argv[i+1].upper()
|
||||
if combiningFunction not in valid_functions:
|
||||
controlflow.system_error_exit(2, f'expected combining function of {",".join(valid_functions)} got {combiningFunction}')
|
||||
basic_level['combiningFunction'] = combiningFunction
|
||||
i += 2
|
||||
elif myarg == 'condition':
|
||||
i += 1
|
||||
i, condition = build_condition(i, schemas)
|
||||
basic_level['conditions'].append(condition)
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam create/update caalevel')
|
||||
return i, basic_level
|
||||
|
||||
|
||||
def build_caa_level(i, caa, body):
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'basic':
|
||||
schemas = caa._rootDesc['schemas']
|
||||
i += 1
|
||||
i, body['basic'] = build_basic_level(i, schemas)
|
||||
elif myarg == 'custom':
|
||||
body['custom'] = {'expr': {'expression': sys.argv[i+1], 'title': 'expr'}}
|
||||
i += 2
|
||||
elif myarg == 'description':
|
||||
body['description'] = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam create/update caalevel')
|
||||
|
||||
|
||||
def create_access_level():
|
||||
caa = build()
|
||||
ap_name = get_access_policy(caa)
|
||||
title = sys.argv[3].replace(' ', '_')
|
||||
allowed_title_chars = string.ascii_letters + string.digits + '_'
|
||||
name = ''.join([c for c in title if c in allowed_title_chars])[:50]
|
||||
name = f'{ap_name}/accessLevels/{name}'
|
||||
body = {
|
||||
'name': name,
|
||||
'title': title,
|
||||
}
|
||||
build_caa_level(4, caa, body)
|
||||
print(f'Creating access level {name}...')
|
||||
try:
|
||||
gapi.call(caa.accessPolicies().accessLevels(),
|
||||
'create',
|
||||
throw_reasons=THROW_REASONS,
|
||||
parent=ap_name,
|
||||
body=body)
|
||||
except googleapiclient.errors.HttpError:
|
||||
_gen_role_error(caa)
|
||||
|
||||
def get_access_level_name(i, caa):
|
||||
name = sys.argv[i]
|
||||
if not name.startswith('accessPolicies/'):
|
||||
ap_name = get_access_policy(caa)
|
||||
name = f'{ap_name}/accessLevels/{name}'
|
||||
return name
|
||||
|
||||
|
||||
def update_access_level():
|
||||
caa = build()
|
||||
name = get_access_level_name(3, caa)
|
||||
body = {}
|
||||
build_caa_level(4, caa, body)
|
||||
updateMask = ','.join(body.keys())
|
||||
print(f'Updating access level {name}...')
|
||||
try:
|
||||
gapi.call(caa.accessPolicies().accessLevels(),
|
||||
'patch',
|
||||
throw_reasons=THROW_REASONS,
|
||||
name=name,
|
||||
updateMask=updateMask,
|
||||
body=body)
|
||||
except googleapiclient.errors.HttpError:
|
||||
_gen_role_error(caa)
|
||||
|
||||
def delete_access_level():
|
||||
caa = build()
|
||||
name = get_access_level_name(3, caa)
|
||||
print(f'Deleting access level {name}...')
|
||||
try:
|
||||
gapi.call(caa.accessPolicies().accessLevels(),
|
||||
'delete',
|
||||
name=name)
|
||||
except googleapiclient.errors.HttpError:
|
||||
_gen_role_error(caa)
|
||||
@@ -1,988 +0,0 @@
|
||||
import csv
|
||||
import sys
|
||||
import uuid
|
||||
|
||||
# TODO: get rid of these hacks
|
||||
import gam
|
||||
from gam.var import *
|
||||
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import fileutils
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
|
||||
|
||||
def normalizeCalendarId(calname, checkPrimary=False):
|
||||
if checkPrimary and calname.lower() == 'primary':
|
||||
return calname
|
||||
if not GC_Values[GC_DOMAIN]:
|
||||
GC_Values[GC_DOMAIN] = gam._getValueFromOAuth('hd')
|
||||
return gam.convertUIDtoEmailAddress(calname,
|
||||
email_types=['user', 'resource'])
|
||||
|
||||
|
||||
def buildCalendarGAPIObject(calname):
|
||||
calendarId = normalizeCalendarId(calname)
|
||||
return (calendarId, gam.buildGAPIServiceObject('calendar', calendarId))
|
||||
|
||||
|
||||
def buildCalendarDataGAPIObject(calname):
|
||||
calendarId = normalizeCalendarId(calname)
|
||||
|
||||
# Try to impersonate the calendar owner. If we fail, fall back to using
|
||||
# admin for authentication. Resource calendars cannot be impersonated,
|
||||
# so we need to access them as the admin.
|
||||
cal = None
|
||||
if not calname.endswith('.calendar.google.com'):
|
||||
cal = gam.buildGAPIServiceObject('calendar', calendarId, False)
|
||||
if cal is None:
|
||||
_, cal = buildCalendarGAPIObject(gam._get_admin_email())
|
||||
return (calendarId, cal)
|
||||
|
||||
|
||||
def printShowACLs(csvFormat):
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
toDrive = False
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if csvFormat and myarg == 'todrive':
|
||||
toDrive = True
|
||||
i += 1
|
||||
else:
|
||||
action = ['showacl', 'printacl'][csvFormat]
|
||||
message = f'gam calendar <email> {action}'
|
||||
controlflow.invalid_argument_exit(sys.argv[i], message)
|
||||
acls = gapi.get_all_pages(cal.acl(), 'list', 'items', calendarId=calendarId)
|
||||
i = 0
|
||||
if csvFormat:
|
||||
titles = []
|
||||
rows = []
|
||||
else:
|
||||
count = len(acls)
|
||||
for rule in acls:
|
||||
i += 1
|
||||
if csvFormat:
|
||||
row = utils.flatten_json(rule, None)
|
||||
for key in row:
|
||||
if key not in titles:
|
||||
titles.append(key)
|
||||
rows.append(row)
|
||||
else:
|
||||
formatted_acl = formatACLRule(rule)
|
||||
current_count = display.current_count(i, count)
|
||||
print(
|
||||
f'Calendar: {calendarId}, ACL: {formatted_acl}{current_count}')
|
||||
if csvFormat:
|
||||
display.write_csv_file(rows, titles, f'{calendarId} Calendar ACLs',
|
||||
toDrive)
|
||||
|
||||
|
||||
def _getCalendarACLScope(i, body):
|
||||
body['scope'] = {}
|
||||
myarg = sys.argv[i].lower()
|
||||
body['scope']['type'] = myarg
|
||||
i += 1
|
||||
if myarg in ['user', 'group']:
|
||||
body['scope']['value'] = gam.normalizeEmailAddressOrUID(sys.argv[i],
|
||||
noUid=True)
|
||||
i += 1
|
||||
elif myarg == 'domain':
|
||||
if i < len(sys.argv) and \
|
||||
sys.argv[i].lower().replace('_', '') != 'sendnotifications':
|
||||
body['scope']['value'] = sys.argv[i].lower()
|
||||
i += 1
|
||||
else:
|
||||
body['scope']['value'] = GC_Values[GC_DOMAIN]
|
||||
elif myarg != 'default':
|
||||
body['scope']['type'] = 'user'
|
||||
body['scope']['value'] = gam.normalizeEmailAddressOrUID(myarg,
|
||||
noUid=True)
|
||||
return i
|
||||
|
||||
|
||||
CALENDAR_ACL_ROLES_MAP = {
|
||||
'editor': 'writer',
|
||||
'freebusy': 'freeBusyReader',
|
||||
'freebusyreader': 'freeBusyReader',
|
||||
'owner': 'owner',
|
||||
'read': 'reader',
|
||||
'reader': 'reader',
|
||||
'writer': 'writer',
|
||||
'none': 'none',
|
||||
}
|
||||
|
||||
|
||||
def addACL(function):
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
myarg = sys.argv[4].lower().replace('_', '')
|
||||
if myarg not in CALENDAR_ACL_ROLES_MAP:
|
||||
controlflow.expected_argument_exit('Role',
|
||||
', '.join(CALENDAR_ACL_ROLES_MAP),
|
||||
myarg)
|
||||
body = {'role': CALENDAR_ACL_ROLES_MAP[myarg]}
|
||||
i = _getCalendarACLScope(5, body)
|
||||
sendNotifications = True
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'sendnotifications':
|
||||
sendNotifications = gam.getBoolean(sys.argv[i + 1], myarg)
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(
|
||||
sys.argv[i], f'gam calendar <email> {function.lower()}')
|
||||
print(f'Calendar: {calendarId}, {function} ACL: {formatACLRule(body)}')
|
||||
gapi.call(cal.acl(),
|
||||
'insert',
|
||||
calendarId=calendarId,
|
||||
body=body,
|
||||
sendNotifications=sendNotifications)
|
||||
|
||||
|
||||
def delACL():
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
if sys.argv[4].lower() == 'id':
|
||||
ruleId = sys.argv[5]
|
||||
print(f'Removing rights for {ruleId} to {calendarId}')
|
||||
gapi.call(cal.acl(), 'delete', calendarId=calendarId, ruleId=ruleId)
|
||||
else:
|
||||
body = {'role': 'none'}
|
||||
i = 4
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in CALENDAR_ACL_ROLES_MAP:
|
||||
i += 1
|
||||
_getCalendarACLScope(i, body)
|
||||
print(f'Calendar: {calendarId}, Delete ACL: {formatACLScope(body)}')
|
||||
gapi.call(cal.acl(),
|
||||
'insert',
|
||||
calendarId=calendarId,
|
||||
body=body,
|
||||
sendNotifications=False)
|
||||
|
||||
|
||||
def wipeData():
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
gapi.call(cal.calendars(), 'clear', calendarId=calendarId)
|
||||
|
||||
|
||||
def printEvents():
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
q = showDeleted = showHiddenInvitations = timeMin = \
|
||||
timeMax = timeZone = updatedMin = None
|
||||
toDrive = False
|
||||
titles = []
|
||||
csvRows = []
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'query':
|
||||
q = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'includedeleted':
|
||||
showDeleted = True
|
||||
i += 1
|
||||
elif myarg == 'includehidden':
|
||||
showHiddenInvitations = True
|
||||
i += 1
|
||||
elif myarg == 'after':
|
||||
timeMin = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'before':
|
||||
timeMax = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'timezone':
|
||||
timeZone = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'updated':
|
||||
updatedMin = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
toDrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(
|
||||
sys.argv[i], 'gam calendar <email> printevents')
|
||||
page_message = gapi.got_total_items_msg(f'Events for {calendarId}', '')
|
||||
results = gapi.get_all_pages(cal.events(),
|
||||
'list',
|
||||
'items',
|
||||
page_message=page_message,
|
||||
calendarId=calendarId,
|
||||
q=q,
|
||||
showDeleted=showDeleted,
|
||||
showHiddenInvitations=showHiddenInvitations,
|
||||
timeMin=timeMin,
|
||||
timeMax=timeMax,
|
||||
timeZone=timeZone,
|
||||
updatedMin=updatedMin)
|
||||
for result in results:
|
||||
row = {'calendarId': calendarId}
|
||||
display.add_row_titles_to_csv_file(
|
||||
utils.flatten_json(result, flattened=row), csvRows, titles)
|
||||
display.sort_csv_titles(['calendarId', 'id', 'summary', 'status'], titles)
|
||||
display.write_csv_file(csvRows, titles, 'Calendar Events', toDrive)
|
||||
|
||||
|
||||
def formatACLScope(rule):
|
||||
if rule['scope']['type'] != 'default':
|
||||
return f'(Scope: {rule["scope"]["type"]}:{rule["scope"]["value"]})'
|
||||
return f'(Scope: {rule["scope"]["type"]})'
|
||||
|
||||
|
||||
def formatACLRule(rule):
|
||||
if rule['scope']['type'] != 'default':
|
||||
return f'(Scope: {rule["scope"]["type"]}:{rule["scope"]["value"]}, ' \
|
||||
f'Role: {rule["role"]})'
|
||||
return f'(Scope: {rule["scope"]["type"]}, Role: {rule["role"]})'
|
||||
|
||||
|
||||
def getSendUpdates(myarg, i, cal):
|
||||
if myarg == 'notifyattendees':
|
||||
sendUpdates = 'all'
|
||||
i += 1
|
||||
elif myarg == 'sendnotifications':
|
||||
sendUpdates = 'all' if gam.getBoolean(sys.argv[i +
|
||||
1], myarg) else 'none'
|
||||
i += 2
|
||||
else: # 'sendupdates':
|
||||
sendUpdatesMap = {}
|
||||
for val in cal._rootDesc['resources']['events']['methods']['delete'][
|
||||
'parameters']['sendUpdates']['enum']:
|
||||
sendUpdatesMap[val.lower()] = val
|
||||
sendUpdates = sendUpdatesMap.get(sys.argv[i + 1].lower(), False)
|
||||
if not sendUpdates:
|
||||
controlflow.expected_argument_exit('sendupdates',
|
||||
', '.join(sendUpdatesMap),
|
||||
sys.argv[i + 1])
|
||||
i += 2
|
||||
return (sendUpdates, i)
|
||||
|
||||
|
||||
def moveOrDeleteEvent(moveOrDelete):
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
sendUpdates = 'none'
|
||||
doit = False
|
||||
kwargs = {}
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['notifyattendees', 'sendnotifications', 'sendupdates']:
|
||||
sendUpdates, i = getSendUpdates(myarg, i, cal)
|
||||
elif myarg in ['id', 'eventid']:
|
||||
eventId = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['query', 'eventquery']:
|
||||
controlflow.system_error_exit(
|
||||
2, f'query is no longer supported for {moveOrDelete}event. ' \
|
||||
f'Use "gam calendar <email> printevents query <query> | ' \
|
||||
f'gam csv - gam {moveOrDelete}event id ~id" instead.')
|
||||
elif myarg == 'doit':
|
||||
doit = True
|
||||
i += 1
|
||||
elif moveOrDelete == 'move' and myarg == 'destination':
|
||||
kwargs['destination'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(
|
||||
sys.argv[i], f'gam calendar <email> {moveOrDelete}event')
|
||||
if doit:
|
||||
print(f' going to {moveOrDelete} eventId {eventId}')
|
||||
gapi.call(cal.events(),
|
||||
moveOrDelete,
|
||||
calendarId=calendarId,
|
||||
eventId=eventId,
|
||||
sendUpdates=sendUpdates,
|
||||
**kwargs)
|
||||
else:
|
||||
print(
|
||||
f' would {moveOrDelete} eventId {eventId}. Add doit to command ' \
|
||||
f'to actually {moveOrDelete} event')
|
||||
|
||||
|
||||
def infoEvent():
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
eventId = sys.argv[4]
|
||||
result = gapi.call(cal.events(),
|
||||
'get',
|
||||
calendarId=calendarId,
|
||||
eventId=eventId)
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
def addOrUpdateEvent(action):
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
# only way for non-Google calendars to get updates is via email
|
||||
kwargs = {}
|
||||
body = {}
|
||||
if action == 'add':
|
||||
i = 4
|
||||
func = 'insert'
|
||||
else:
|
||||
eventId = sys.argv[4]
|
||||
kwargs = {'eventId': eventId}
|
||||
i = 5
|
||||
func = 'patch'
|
||||
requires_full_update = [
|
||||
'attendee', 'optionalattendee', 'removeattendee',
|
||||
'replacedescription'
|
||||
]
|
||||
for arg in sys.argv[i:]:
|
||||
if arg.replace('_', '').lower() in requires_full_update:
|
||||
func = 'update'
|
||||
body = gapi.call(cal.events(),
|
||||
'get',
|
||||
calendarId=calendarId,
|
||||
eventId=eventId)
|
||||
break
|
||||
sendUpdates, body = getEventAttributes(i, calendarId, cal, body, action)
|
||||
result = gapi.call(cal.events(),
|
||||
func,
|
||||
conferenceDataVersion=1,
|
||||
supportsAttachments=True,
|
||||
calendarId=calendarId,
|
||||
sendUpdates=sendUpdates,
|
||||
body=body,
|
||||
fields='id',
|
||||
**kwargs)
|
||||
print(f'Event {result["id"]} {action} finished')
|
||||
|
||||
|
||||
def _remove_attendee(attendees, remove_email):
|
||||
return [
|
||||
attendee for attendee in attendees
|
||||
if not attendee['email'].lower() == remove_email
|
||||
]
|
||||
|
||||
|
||||
def getEventAttributes(i, calendarId, cal, body, action):
|
||||
# Default to external only so non-Google
|
||||
# calendars are notified of changes
|
||||
sendUpdates = 'externalOnly'
|
||||
action = 'update' if body else 'add'
|
||||
timeZone = None
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['notifyattendees', 'sendnotifications', 'sendupdates']:
|
||||
sendUpdates, i = getSendUpdates(myarg, i, cal)
|
||||
elif myarg == 'attendee':
|
||||
body.setdefault('attendees', [])
|
||||
body['attendees'].append({'email': sys.argv[i + 1]})
|
||||
i += 2
|
||||
elif myarg == 'removeattendee' and action == 'update':
|
||||
remove_email = sys.argv[i + 1].lower()
|
||||
if 'attendees' in body:
|
||||
body['attendees'] = _remove_attendee(body['attendees'],
|
||||
remove_email)
|
||||
i += 2
|
||||
elif myarg == 'optionalattendee':
|
||||
body.setdefault('attendees', [])
|
||||
body['attendees'].append({
|
||||
'email': sys.argv[i + 1],
|
||||
'optional': True
|
||||
})
|
||||
i += 2
|
||||
elif myarg == 'anyonecanaddself':
|
||||
body['anyoneCanAddSelf'] = True
|
||||
i += 1
|
||||
elif myarg == 'description':
|
||||
body['description'] = sys.argv[i + 1].replace('\\n', '\n')
|
||||
i += 2
|
||||
elif myarg == 'replacedescription' and action == 'update':
|
||||
search = sys.argv[i + 1]
|
||||
replace = sys.argv[i + 2]
|
||||
if 'description' in body:
|
||||
body['description'] = re.sub(search, replace,
|
||||
body['description'])
|
||||
i += 3
|
||||
elif myarg == 'start':
|
||||
if sys.argv[i + 1].lower() == 'allday':
|
||||
body['start'] = {'date': utils.get_yyyymmdd(sys.argv[i + 2])}
|
||||
i += 3
|
||||
else:
|
||||
start_time = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
body['start'] = {'dateTime': start_time}
|
||||
i += 2
|
||||
elif myarg == 'end':
|
||||
if sys.argv[i + 1].lower() == 'allday':
|
||||
body['end'] = {'date': utils.get_yyyymmdd(sys.argv[i + 2])}
|
||||
i += 3
|
||||
else:
|
||||
end_time = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
body['end'] = {'dateTime': end_time}
|
||||
i += 2
|
||||
elif myarg == 'guestscantinviteothers':
|
||||
body['guestsCanInviteOthers'] = False
|
||||
i += 1
|
||||
elif myarg == 'guestscaninviteothers':
|
||||
body['guestsCanInviteTohters'] = gam.getBoolean(
|
||||
sys.argv[i + 1], 'guestscaninviteothers')
|
||||
i += 2
|
||||
elif myarg == 'guestscantseeothers':
|
||||
body['guestsCanSeeOtherGuests'] = False
|
||||
i += 1
|
||||
elif myarg == 'guestscanseeothers':
|
||||
body['guestsCanSeeOtherGuests'] = gam.getBoolean(
|
||||
sys.argv[i + 1], 'guestscanseeothers')
|
||||
i += 2
|
||||
elif myarg == 'guestscanmodify':
|
||||
body['guestsCanModify'] = gam.getBoolean(sys.argv[i + 1],
|
||||
'guestscanmodify')
|
||||
i += 2
|
||||
elif myarg == 'id':
|
||||
if action == 'update':
|
||||
controlflow.invalid_argument_exit(
|
||||
'id', 'gam calendar <calendar> updateevent')
|
||||
body['id'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'summary':
|
||||
body['summary'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'location':
|
||||
body['location'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'available':
|
||||
body['transparency'] = 'transparent'
|
||||
i += 1
|
||||
elif myarg == 'transparency':
|
||||
validTransparency = ['opaque', 'transparent']
|
||||
if sys.argv[i + 1].lower() in validTransparency:
|
||||
body['transparency'] = sys.argv[i + 1].lower()
|
||||
else:
|
||||
controlflow.expected_argument_exit('transparency',
|
||||
', '.join(validTransparency),
|
||||
sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'visibility':
|
||||
validVisibility = ['default', 'public', 'private']
|
||||
if sys.argv[i + 1].lower() in validVisibility:
|
||||
body['visibility'] = sys.argv[i + 1].lower()
|
||||
else:
|
||||
controlflow.expected_argument_exit('visibility',
|
||||
', '.join(validVisibility),
|
||||
sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'tentative':
|
||||
body['status'] = 'tentative'
|
||||
i += 1
|
||||
elif myarg == 'status':
|
||||
validStatus = ['confirmed', 'tentative', 'cancelled']
|
||||
if sys.argv[i + 1].lower() in validStatus:
|
||||
body['status'] = sys.argv[i + 1].lower()
|
||||
else:
|
||||
controlflow.expected_argument_exit('visibility',
|
||||
', '.join(validStatus),
|
||||
sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'source':
|
||||
body['source'] = {'title': sys.argv[i + 1], 'url': sys.argv[i + 2]}
|
||||
i += 3
|
||||
elif myarg == 'noreminders':
|
||||
body['reminders'] = {'useDefault': False}
|
||||
i += 1
|
||||
elif myarg == 'reminder':
|
||||
minutes = \
|
||||
gam.getInteger(sys.argv[i+1], myarg, minVal=0,
|
||||
maxVal=CALENDAR_REMINDER_MAX_MINUTES)
|
||||
reminder = {'minutes': minutes, 'method': sys.argv[i + 2]}
|
||||
body.setdefault('reminders', {'overrides': [], 'useDefault': False})
|
||||
body['reminders']['overrides'].append(reminder)
|
||||
i += 3
|
||||
elif myarg == 'recurrence':
|
||||
body.setdefault('recurrence', [])
|
||||
body['recurrence'].append(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'timezone':
|
||||
timeZone = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'privateproperty':
|
||||
if 'extendedProperties' not in body:
|
||||
body['extendedProperties'] = {'private': {}, 'shared': {}}
|
||||
body['extendedProperties']['private'][sys.argv[i +
|
||||
1]] = sys.argv[i + 2]
|
||||
i += 3
|
||||
elif myarg == 'sharedproperty':
|
||||
if 'extendedProperties' not in body:
|
||||
body['extendedProperties'] = {'private': {}, 'shared': {}}
|
||||
body['extendedProperties']['shared'][sys.argv[i + 1]] = sys.argv[i +
|
||||
2]
|
||||
i += 3
|
||||
elif myarg == 'colorindex':
|
||||
body['colorId'] = gam.getInteger(sys.argv[i + 1], myarg,
|
||||
CALENDAR_EVENT_MIN_COLOR_INDEX,
|
||||
CALENDAR_EVENT_MAX_COLOR_INDEX)
|
||||
i += 2
|
||||
elif myarg == 'hangoutsmeet':
|
||||
body['conferenceData'] = {
|
||||
'createRequest': {
|
||||
'requestId': f'{str(uuid.uuid4())}'
|
||||
}
|
||||
}
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(
|
||||
sys.argv[i], f'gam calendar <email> {action}event')
|
||||
if ('recurrence' in body) and (('start' in body) or ('end' in body)):
|
||||
if not timeZone:
|
||||
timeZone = gapi.call(cal.calendars(),
|
||||
'get',
|
||||
calendarId=calendarId,
|
||||
fields='timeZone')['timeZone']
|
||||
if 'start' in body:
|
||||
body['start']['timeZone'] = timeZone
|
||||
if 'end' in body:
|
||||
body['end']['timeZone'] = timeZone
|
||||
return (sendUpdates, body)
|
||||
|
||||
|
||||
def modifySettings():
|
||||
calendarId, cal = buildCalendarDataGAPIObject(sys.argv[2])
|
||||
if not cal:
|
||||
return
|
||||
body = {}
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'description':
|
||||
body['description'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'location':
|
||||
body['location'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'summary':
|
||||
body['summary'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'timezone':
|
||||
body['timeZone'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam calendar <email> modify')
|
||||
gapi.call(cal.calendars(), 'patch', calendarId=calendarId, body=body)
|
||||
|
||||
|
||||
def changeAttendees(users):
|
||||
do_it = True
|
||||
i = 5
|
||||
allevents = False
|
||||
start_date = end_date = None
|
||||
while len(sys.argv) > i:
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'csv':
|
||||
csv_file = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'dryrun':
|
||||
do_it = False
|
||||
i += 1
|
||||
elif myarg == 'start':
|
||||
start_date = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'end':
|
||||
end_date = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'allevents':
|
||||
allevents = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(
|
||||
sys.argv[i], 'gam <users> update calattendees')
|
||||
attendee_map = {}
|
||||
f = fileutils.open_file(csv_file)
|
||||
csvFile = csv.reader(f)
|
||||
for row in csvFile:
|
||||
attendee_map[row[0].lower()] = row[1].lower()
|
||||
fileutils.close_file(f)
|
||||
for user in users:
|
||||
sys.stdout.write(f'Checking user {user}\n')
|
||||
user, cal = buildCalendarGAPIObject(user)
|
||||
if not cal:
|
||||
continue
|
||||
page_token = None
|
||||
while True:
|
||||
events_page = gapi.call(cal.events(),
|
||||
'list',
|
||||
calendarId=user,
|
||||
pageToken=page_token,
|
||||
timeMin=start_date,
|
||||
timeMax=end_date,
|
||||
showDeleted=False,
|
||||
showHiddenInvitations=False)
|
||||
print(f'Got {len(events_page.get("items", []))}')
|
||||
for event in events_page.get('items', []):
|
||||
if event['status'] == 'cancelled':
|
||||
# print u' skipping cancelled event'
|
||||
continue
|
||||
try:
|
||||
event_summary = event['summary']
|
||||
except (KeyError, UnicodeEncodeError, UnicodeDecodeError):
|
||||
event_summary = event['id']
|
||||
try:
|
||||
organizer = event['organizer']['email'].lower()
|
||||
if not allevents and organizer != user:
|
||||
#print(f' skipping not-my-event {event_summary}')
|
||||
continue
|
||||
except KeyError:
|
||||
pass # no email for organizer
|
||||
needs_update = False
|
||||
try:
|
||||
for attendee in event['attendees']:
|
||||
try:
|
||||
if attendee['email'].lower() in attendee_map:
|
||||
old_email = attendee['email'].lower()
|
||||
new_email = attendee_map[
|
||||
attendee['email'].lower()]
|
||||
print(f' SWITCHING attendee {old_email} to ' \
|
||||
f'{new_email} for {event_summary}')
|
||||
event['attendees'].remove(attendee)
|
||||
event['attendees'].append({'email': new_email})
|
||||
needs_update = True
|
||||
except KeyError: # no email for that attendee
|
||||
pass
|
||||
except KeyError:
|
||||
continue # no attendees
|
||||
if needs_update:
|
||||
body = {}
|
||||
body['attendees'] = event['attendees']
|
||||
print(f'UPDATING {event_summary}')
|
||||
if do_it:
|
||||
gapi.call(cal.events(),
|
||||
'patch',
|
||||
calendarId=user,
|
||||
eventId=event['id'],
|
||||
sendNotifications=False,
|
||||
body=body)
|
||||
else:
|
||||
print(' not pulling the trigger.')
|
||||
# else:
|
||||
# print(f' no update needed for {event_summary}')
|
||||
try:
|
||||
page_token = events_page['nextPageToken']
|
||||
except KeyError:
|
||||
break
|
||||
|
||||
|
||||
def deleteCalendar(users):
|
||||
calendarId = normalizeCalendarId(sys.argv[5])
|
||||
for user in users:
|
||||
user, cal = buildCalendarGAPIObject(user)
|
||||
if not cal:
|
||||
continue
|
||||
gapi.call(cal.calendarList(),
|
||||
'delete',
|
||||
soft_errors=True,
|
||||
calendarId=calendarId)
|
||||
|
||||
|
||||
CALENDAR_REMINDER_MAX_MINUTES = 40320
|
||||
|
||||
CALENDAR_MIN_COLOR_INDEX = 1
|
||||
CALENDAR_MAX_COLOR_INDEX = 24
|
||||
|
||||
CALENDAR_EVENT_MIN_COLOR_INDEX = 1
|
||||
CALENDAR_EVENT_MAX_COLOR_INDEX = 11
|
||||
|
||||
|
||||
def getCalendarAttributes(i, body, function):
|
||||
colorRgbFormat = False
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'selected':
|
||||
body['selected'] = gam.getBoolean(sys.argv[i + 1], myarg)
|
||||
i += 2
|
||||
elif myarg == 'hidden':
|
||||
body['hidden'] = gam.getBoolean(sys.argv[i + 1], myarg)
|
||||
i += 2
|
||||
elif myarg == 'summary':
|
||||
body['summaryOverride'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'colorindex':
|
||||
body['colorId'] = gam.getInteger(sys.argv[i + 1],
|
||||
myarg,
|
||||
minVal=CALENDAR_MIN_COLOR_INDEX,
|
||||
maxVal=CALENDAR_MAX_COLOR_INDEX)
|
||||
i += 2
|
||||
elif myarg == 'backgroundcolor':
|
||||
body['backgroundColor'] = gam.getColor(sys.argv[i + 1])
|
||||
colorRgbFormat = True
|
||||
i += 2
|
||||
elif myarg == 'foregroundcolor':
|
||||
body['foregroundColor'] = gam.getColor(sys.argv[i + 1])
|
||||
colorRgbFormat = True
|
||||
i += 2
|
||||
elif myarg == 'reminder':
|
||||
body.setdefault('defaultReminders', [])
|
||||
method = sys.argv[i + 1].lower()
|
||||
if method not in CLEAR_NONE_ARGUMENT:
|
||||
if method not in CALENDAR_REMINDER_METHODS:
|
||||
controlflow.expected_argument_exit(
|
||||
'Method', ', '.join(CALENDAR_REMINDER_METHODS +
|
||||
CLEAR_NONE_ARGUMENT), method)
|
||||
minutes = gam.getInteger(sys.argv[i + 2],
|
||||
myarg,
|
||||
minVal=0,
|
||||
maxVal=CALENDAR_REMINDER_MAX_MINUTES)
|
||||
body['defaultReminders'].append({
|
||||
'method': method,
|
||||
'minutes': minutes
|
||||
})
|
||||
i += 3
|
||||
else:
|
||||
i += 2
|
||||
elif myarg == 'notification':
|
||||
body.setdefault('notificationSettings', {'notifications': []})
|
||||
method = sys.argv[i + 1].lower()
|
||||
if method not in CLEAR_NONE_ARGUMENT:
|
||||
if method not in CALENDAR_NOTIFICATION_METHODS:
|
||||
controlflow.expected_argument_exit(
|
||||
'Method', ', '.join(CALENDAR_NOTIFICATION_METHODS +
|
||||
CLEAR_NONE_ARGUMENT), method)
|
||||
eventType = sys.argv[i + 2].lower()
|
||||
if eventType not in CALENDAR_NOTIFICATION_TYPES_MAP:
|
||||
controlflow.expected_argument_exit(
|
||||
'Event', ', '.join(CALENDAR_NOTIFICATION_TYPES_MAP),
|
||||
eventType)
|
||||
notice = {
|
||||
'method': method,
|
||||
'type': CALENDAR_NOTIFICATION_TYPES_MAP[eventType]
|
||||
}
|
||||
body['notificationSettings']['notifications'].append(notice)
|
||||
i += 3
|
||||
else:
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
f'gam {function} calendar')
|
||||
return colorRgbFormat
|
||||
|
||||
|
||||
def addCalendar(users):
|
||||
calendarId = normalizeCalendarId(sys.argv[5])
|
||||
body = {'id': calendarId, 'selected': True, 'hidden': False}
|
||||
colorRgbFormat = getCalendarAttributes(6, body, 'add')
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
user, cal = buildCalendarGAPIObject(user)
|
||||
if not cal:
|
||||
continue
|
||||
current_count = display.current_count(i, count)
|
||||
print(f'Subscribing {user} to calendar {calendarId}{current_count}')
|
||||
gapi.call(cal.calendarList(),
|
||||
'insert',
|
||||
soft_errors=True,
|
||||
body=body,
|
||||
colorRgbFormat=colorRgbFormat)
|
||||
|
||||
|
||||
def updateCalendar(users):
|
||||
calendarId = normalizeCalendarId(sys.argv[5], checkPrimary=True)
|
||||
body = {}
|
||||
colorRgbFormat = getCalendarAttributes(6, body, 'update')
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
user, cal = buildCalendarGAPIObject(user)
|
||||
if not cal:
|
||||
continue
|
||||
current_count = display.current_count(i, count)
|
||||
print(f"Updating {user}'s subscription to calendar ' \
|
||||
f'{calendarId}{current_count}")
|
||||
calId = calendarId if calendarId != 'primary' else user
|
||||
gapi.call(cal.calendarList(),
|
||||
'patch',
|
||||
soft_errors=True,
|
||||
calendarId=calId,
|
||||
body=body,
|
||||
colorRgbFormat=colorRgbFormat)
|
||||
|
||||
|
||||
def _showCalendar(userCalendar, j, jcount):
|
||||
current_count = display.current_count(j, jcount)
|
||||
summary = userCalendar.get('summaryOverride', userCalendar['summary'])
|
||||
print(f' Calendar: {userCalendar["id"]}{current_count}')
|
||||
print(f' Summary: {summary}')
|
||||
print(f' Description: {userCalendar.get("description", "")}')
|
||||
print(f' Access Level: {userCalendar["accessRole"]}')
|
||||
print(f' Timezone: {userCalendar["timeZone"]}')
|
||||
print(f' Location: {userCalendar.get("location", "")}')
|
||||
print(f' Hidden: {userCalendar.get("hidden", "False")}')
|
||||
print(f' Selected: {userCalendar.get("selected", "False")}')
|
||||
print(f' Color ID: {userCalendar["colorId"]}, ' \
|
||||
f'Background Color: {userCalendar["backgroundColor"]}, ' \
|
||||
f'Foreground Color: {userCalendar["foregroundColor"]}')
|
||||
print(' Default Reminders:')
|
||||
for reminder in userCalendar.get('defaultReminders', []):
|
||||
print(f' Method: {reminder["method"]}, ' \
|
||||
f'Minutes: {reminder["minutes"]}')
|
||||
print(' Notifications:')
|
||||
if 'notificationSettings' in userCalendar:
|
||||
notifications = userCalendar['notificationSettings'].get(
|
||||
'notifications', [])
|
||||
for notification in notifications:
|
||||
print(f' Method: {notification["method"]}, ' \
|
||||
f'Type: {notification["type"]}')
|
||||
|
||||
|
||||
def infoCalendar(users):
|
||||
calendarId = normalizeCalendarId(sys.argv[5], checkPrimary=True)
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
user, cal = buildCalendarGAPIObject(user)
|
||||
if not cal:
|
||||
continue
|
||||
result = gapi.call(cal.calendarList(),
|
||||
'get',
|
||||
soft_errors=True,
|
||||
calendarId=calendarId)
|
||||
if result:
|
||||
print(f'User: {user}, Calendar:{display.current_count(i, count)}')
|
||||
_showCalendar(result, 1, 1)
|
||||
|
||||
|
||||
def printShowCalendars(users, csvFormat):
|
||||
if csvFormat:
|
||||
todrive = False
|
||||
titles = []
|
||||
csvRows = []
|
||||
i = 5
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if csvFormat and myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(
|
||||
myarg, f"gam <users> {['show', 'print'][csvFormat]} calendars")
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
user, cal = buildCalendarGAPIObject(user)
|
||||
if not cal:
|
||||
continue
|
||||
result = gapi.get_all_pages(cal.calendarList(),
|
||||
'list',
|
||||
'items',
|
||||
soft_errors=True)
|
||||
jcount = len(result)
|
||||
if not csvFormat:
|
||||
print(f'User: {user}, Calendars:{display.current_count(i, count)}')
|
||||
if jcount == 0:
|
||||
continue
|
||||
j = 0
|
||||
for userCalendar in result:
|
||||
j += 1
|
||||
_showCalendar(userCalendar, j, jcount)
|
||||
else:
|
||||
if jcount == 0:
|
||||
continue
|
||||
for userCalendar in result:
|
||||
row = {'primaryEmail': user}
|
||||
display.add_row_titles_to_csv_file(
|
||||
utils.flatten_json(userCalendar, flattened=row), csvRows,
|
||||
titles)
|
||||
if csvFormat:
|
||||
display.sort_csv_titles(['primaryEmail', 'id'], titles)
|
||||
display.write_csv_file(csvRows, titles, 'Calendars', todrive)
|
||||
|
||||
|
||||
def showCalSettings(users):
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
user, cal = buildCalendarGAPIObject(user)
|
||||
if not cal:
|
||||
continue
|
||||
feed = gapi.get_all_pages(cal.settings(),
|
||||
'list',
|
||||
'items',
|
||||
soft_errors=True)
|
||||
if feed:
|
||||
current_count = display.current_count(i, count)
|
||||
print(f'User: {user}, Calendar Settings:{current_count}')
|
||||
settings = {}
|
||||
for setting in feed:
|
||||
settings[setting['id']] = setting['value']
|
||||
for attr, value in sorted(settings.items()):
|
||||
print(f' {attr}: {value}')
|
||||
|
||||
|
||||
def transferSecCals(users):
|
||||
target_user = sys.argv[5]
|
||||
remove_source_user = sendNotifications = True
|
||||
i = 6
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'keepuser':
|
||||
remove_source_user = False
|
||||
i += 1
|
||||
elif myarg == 'sendnotifications':
|
||||
sendNotifications = gam.getBoolean(sys.argv[i + 1], myarg)
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam <users> transfer seccals')
|
||||
if remove_source_user:
|
||||
target_user, target_cal = buildCalendarGAPIObject(target_user)
|
||||
if not target_cal:
|
||||
return
|
||||
for user in users:
|
||||
user, source_cal = buildCalendarGAPIObject(user)
|
||||
if not source_cal:
|
||||
continue
|
||||
calendars = gapi.get_all_pages(source_cal.calendarList(),
|
||||
'list',
|
||||
'items',
|
||||
soft_errors=True,
|
||||
minAccessRole='owner',
|
||||
showHidden=True,
|
||||
fields='items(id),nextPageToken')
|
||||
for calendar in calendars:
|
||||
calendarId = calendar['id']
|
||||
if calendarId.find('@group.calendar.google.com') != -1:
|
||||
body = {
|
||||
'role': 'owner',
|
||||
'scope': {
|
||||
'type': 'user',
|
||||
'value': target_user
|
||||
}
|
||||
}
|
||||
gapi.call(source_cal.acl(),
|
||||
'insert',
|
||||
calendarId=calendarId,
|
||||
body=body,
|
||||
sendNotifications=sendNotifications)
|
||||
if remove_source_user:
|
||||
body = {
|
||||
'role': 'none',
|
||||
'scope': {
|
||||
'type': 'user',
|
||||
'value': user
|
||||
}
|
||||
}
|
||||
gapi.call(target_cal.acl(),
|
||||
'insert',
|
||||
calendarId=calendarId,
|
||||
body=body,
|
||||
sendNotifications=sendNotifications)
|
||||
@@ -1,303 +0,0 @@
|
||||
"""Chrome Browser Cloud Management API calls"""
|
||||
|
||||
import csv
|
||||
import os.path
|
||||
import sys
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import fileutils
|
||||
from gam import gapi
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
from gam import utils
|
||||
|
||||
|
||||
def _get_customerid():
|
||||
''' returns customer id without C prefix'''
|
||||
customer_id = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer_id[0] == 'C':
|
||||
customer_id = customer_id[1:]
|
||||
return customer_id
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('cbcm')
|
||||
|
||||
|
||||
def delete():
|
||||
cbcm = build()
|
||||
device_id = sys.argv[3]
|
||||
customer_id = _get_customerid()
|
||||
gapi.call(cbcm.chromebrowsers(), 'delete', deviceId=device_id,
|
||||
customer=customer_id)
|
||||
print(f'Deleted browser {device_id}')
|
||||
|
||||
|
||||
def info():
|
||||
cbcm = build()
|
||||
device_id = sys.argv[3]
|
||||
projection = 'BASIC'
|
||||
fields = None
|
||||
customer_id = _get_customerid()
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['basic', 'full']:
|
||||
projection = myarg.upper()
|
||||
i += 1
|
||||
elif myarg == 'fields':
|
||||
fields = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam info browser')
|
||||
browser = gapi.call(cbcm.chromebrowsers(), 'get',
|
||||
customer=customer_id,
|
||||
fields=fields, deviceId=device_id,
|
||||
projection=projection)
|
||||
display.print_json(browser)
|
||||
|
||||
|
||||
def move():
|
||||
cbcm = build()
|
||||
body = {'resource_ids': []}
|
||||
customer_id = _get_customerid()
|
||||
i = 3
|
||||
resource_ids = []
|
||||
batch_size = 600
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'ids':
|
||||
resource_ids.extend(sys.argv[i + 1].split(','))
|
||||
i += 2
|
||||
elif myarg == 'query':
|
||||
query = sys.argv[i + 1]
|
||||
page_message = gapi.got_total_items_msg('Browsers', '...\n')
|
||||
browsers = gapi.get_all_pages(cbcm.chromebrowsers(), 'list',
|
||||
'browsers', page_message=page_message,
|
||||
customer=customer_id,
|
||||
query=query, projection='BASIC',
|
||||
fields='browsers(deviceId),nextPageToken')
|
||||
ids = [browser['deviceId'] for browser in browsers]
|
||||
resource_ids.extend(ids)
|
||||
i += 2
|
||||
elif myarg == 'file':
|
||||
with fileutils.open_file(sys.argv[i+1], strip_utf_bom=True) as filed:
|
||||
for row in filed:
|
||||
rid = row.strip()
|
||||
if rid:
|
||||
resource_ids.append(rid)
|
||||
i += 2
|
||||
elif myarg == 'csvfile':
|
||||
drive, fname_column = os.path.splitdrive(sys.argv[i+1])
|
||||
if fname_column.find(':') == -1:
|
||||
controlflow.system_error_exit(
|
||||
2, 'Expected csvfile FileName:FieldName')
|
||||
(filename, column) = fname_column.split(':')
|
||||
with fileutils.open_file(drive + filename) as filed:
|
||||
input_file = csv.DictReader(filed, restval='')
|
||||
if column not in input_file.fieldnames:
|
||||
controlflow.csv_field_error_exit(column,
|
||||
input_file.fieldnames)
|
||||
for row in input_file:
|
||||
rid = row[column].strip()
|
||||
if rid:
|
||||
resource_ids.append(rid)
|
||||
i += 2
|
||||
elif myarg in ['ou', 'orgunit', 'org']:
|
||||
org_unit = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
|
||||
body['org_unit_path'] = org_unit
|
||||
i += 2
|
||||
elif myarg == 'batchsize':
|
||||
batch_size = int(sys.argv[i+1])
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam move browsers')
|
||||
if 'org_unit_path' not in body:
|
||||
controlflow.missing_argument_exit('ou', 'gam move browsers')
|
||||
elif not resource_ids:
|
||||
controlflow.missing_argument_exit('query or ids',
|
||||
'gam move browsers')
|
||||
# split moves into max 600 devices per batch
|
||||
for chunk in range(0, len(resource_ids), batch_size):
|
||||
body['resource_ids'] = resource_ids[chunk:chunk + batch_size]
|
||||
print(f' moving {len(body["resource_ids"])} browsers to ' \
|
||||
f'{body["org_unit_path"]}')
|
||||
gapi.call(cbcm.chromebrowsers(), 'moveChromeBrowsersToOu',
|
||||
customer=customer_id, body=body)
|
||||
|
||||
|
||||
def print_():
|
||||
cbcm = build()
|
||||
customer_id = _get_customerid()
|
||||
projection = 'BASIC'
|
||||
orgUnitPath = query = None
|
||||
fields = None
|
||||
titles = []
|
||||
csv_rows = []
|
||||
todrive = False
|
||||
sort_headers = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'query':
|
||||
query = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
orgUnitPath = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1], pathOnly=True, absolutePath=True)
|
||||
i += 2
|
||||
elif myarg == 'projection':
|
||||
projection = sys.argv[i + 1].upper()
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg == 'sortheaders':
|
||||
sort_headers = True
|
||||
i += 1
|
||||
elif myarg == 'fields':
|
||||
fields = sys.argv[i + 1].replace(',', ' ').split()
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print browsers')
|
||||
if fields:
|
||||
fields.append('deviceId')
|
||||
fields = f'browsers({",".join(set(fields))}),nextPageToken'
|
||||
page_message = gapi.got_total_items_msg('Browsers', '...\n')
|
||||
browsers = gapi.get_all_pages(cbcm.chromebrowsers(), 'list',
|
||||
'browsers', page_message=page_message,
|
||||
customer=customer_id,
|
||||
orgUnitPath=orgUnitPath, query=query, projection=projection,
|
||||
fields=fields)
|
||||
for browser in browsers:
|
||||
browser = utils.flatten_json(browser)
|
||||
for a_key in browser:
|
||||
if a_key not in titles:
|
||||
titles.append(a_key)
|
||||
csv_rows.append(browser)
|
||||
if sort_headers:
|
||||
display.sort_csv_titles(['deviceId',], titles)
|
||||
display.write_csv_file(csv_rows, titles, 'Browsers', todrive)
|
||||
|
||||
|
||||
attributes = {
|
||||
'assetid': 'annotatedAssetId',
|
||||
'location': 'annotatedLocation',
|
||||
'notes': 'annotatedNotes',
|
||||
'user': 'annotatedUser'
|
||||
}
|
||||
attribute_fields = ','.join(list(attributes.values()))
|
||||
|
||||
def update():
|
||||
cbcm = build()
|
||||
customer_id = _get_customerid()
|
||||
device_id = sys.argv[3]
|
||||
body = {'deviceId': device_id}
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in attributes:
|
||||
body[attributes[myarg]] = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam update browser')
|
||||
browser = gapi.call(cbcm.chromebrowsers(), 'get', deviceId=device_id,
|
||||
customer=customer_id,
|
||||
projection='BASIC', fields=attribute_fields)
|
||||
browser.update(body)
|
||||
result = gapi.call(cbcm.chromebrowsers(), 'update', deviceId=device_id,
|
||||
customer=customer_id, body=browser,
|
||||
projection='BASIC', fields='deviceId')
|
||||
print(f'Updated browser {result["deviceId"]}')
|
||||
|
||||
|
||||
def createtoken():
|
||||
cbcm = build()
|
||||
customer_id = _get_customerid()
|
||||
body = {'token_type': 'CHROME_BROWSER'}
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['ou', 'orgunit', 'org']:
|
||||
body['org_unit_path'] = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg in ['expire', 'expires']:
|
||||
body['expire_time'] = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam create browsertoken')
|
||||
browser = gapi.call(cbcm.enrollmentTokens(), 'create',
|
||||
customer=customer_id, body=body)
|
||||
print(f'Created browser enrollment token {browser["token"]}')
|
||||
|
||||
|
||||
def revoketoken():
|
||||
cbcm = build()
|
||||
customer_id = _get_customerid()
|
||||
token_permanent_id = sys.argv[3]
|
||||
gapi.call(cbcm.enrollmentTokens(), 'revoke', tokenPermanentId=token_permanent_id,
|
||||
customer=customer_id)
|
||||
print(f'Deleted browser enrollment token {token_permanent_id}')
|
||||
|
||||
|
||||
def printshowtokens(csvFormat):
|
||||
cbcm = build()
|
||||
customer_id = _get_customerid()
|
||||
query = None
|
||||
fields = None
|
||||
if csvFormat:
|
||||
titles = ['token']
|
||||
csv_rows = []
|
||||
todrive = False
|
||||
sort_headers = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'query':
|
||||
query = sys.argv[i+1]
|
||||
i += 2
|
||||
elif csvFormat and myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif csvFormat and myarg == 'sortheaders':
|
||||
sort_headers = True
|
||||
i += 1
|
||||
elif myarg == 'fields':
|
||||
fields = sys.argv[i + 1].replace(',', ' ').split()
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
f"gam {['show', 'print'][csvFormat]} browsertokens")
|
||||
if fields:
|
||||
fields.append('token')
|
||||
fields = f'chromeEnrollmentTokens({",".join(set(fields))}),nextPageToken'
|
||||
page_message = gapi.got_total_items_msg('Chrome Browser Enrollment Tokens', '...\n')
|
||||
browsers = gapi.get_all_pages(cbcm.enrollmentTokens(), 'list',
|
||||
'chromeEnrollmentTokens', page_message=page_message,
|
||||
customer=customer_id,
|
||||
query=query, fields=fields)
|
||||
if not csvFormat:
|
||||
count = len(browsers)
|
||||
print(f'Show {count} Chrome Browser Enrollment Tokens')
|
||||
i = 0
|
||||
for browser in browsers:
|
||||
i += 1
|
||||
print(f' Chrome Browser Enrollment Token: {browser["token"]}{gam.currentCount(i, count)}')
|
||||
browser.pop('kind', None)
|
||||
for field in browser:
|
||||
print(f' {field}: {browser[field]}')
|
||||
else:
|
||||
for browser in browsers:
|
||||
browser = utils.flatten_json(browser)
|
||||
for a_key in browser:
|
||||
if a_key not in titles:
|
||||
titles.append(a_key)
|
||||
csv_rows.append(browser)
|
||||
if sort_headers:
|
||||
display.sort_csv_titles(['token',], titles)
|
||||
display.write_csv_file(csv_rows, titles, 'Chrome Browser Enrollment Tokens', todrive)
|
||||
@@ -1,207 +0,0 @@
|
||||
import sys
|
||||
|
||||
import googleapiclient.errors
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import fileutils
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
from gam.gapi import errors as gapi_errors
|
||||
|
||||
# Chat scope isn't in discovery doc so need to manually set
|
||||
CHAT_SCOPES = ['https://www.googleapis.com/auth/chat.bot']
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIServiceObject('chat',
|
||||
act_as=None,
|
||||
scopes=CHAT_SCOPES)
|
||||
|
||||
|
||||
THROW_REASONS = [
|
||||
gapi_errors.ErrorReason.FOUR_O_FOUR, # Chat API not configured
|
||||
]
|
||||
|
||||
def _chat_error_handler(chat, err):
|
||||
if err.status_code == 404:
|
||||
project_id = chat._http.credentials.project_id
|
||||
url = f'https://console.cloud.google.com/apis/api/chat.googleapis.com/hangouts-chat?project={project_id}'
|
||||
print('ERROR: you need to configure Google Chat for your API project. Please go to:')
|
||||
print()
|
||||
print(f' {url}')
|
||||
print()
|
||||
print('and complete all fields.')
|
||||
else:
|
||||
raise err
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
def print_spaces():
|
||||
chat = build()
|
||||
todrive = False
|
||||
i =3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam print chatspaces')
|
||||
try:
|
||||
spaces = gapi.get_all_pages(chat.spaces(), 'list', 'spaces', throw_reasons=THROW_REASONS)
|
||||
except googleapiclient.errors.HttpError as err:
|
||||
_chat_error_handler(chat, err)
|
||||
if not spaces:
|
||||
print('Bot not added to any Chat rooms or users yet.')
|
||||
else:
|
||||
display.write_csv_file(spaces, spaces[0].keys(), 'Chat Spaces', todrive)
|
||||
|
||||
|
||||
def print_members():
|
||||
chat = build()
|
||||
space = None
|
||||
todrive = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'space':
|
||||
space = sys.argv[i+1]
|
||||
if space[:7] != 'spaces/':
|
||||
space = f'spaces/{space}'
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam print chatmembers')
|
||||
if not space:
|
||||
controlflow.system_error_exit(2,
|
||||
'space <ChatSpace> is required.')
|
||||
try:
|
||||
results = gapi.get_all_pages(chat.spaces().members(), 'list', 'memberships', parent=space)
|
||||
except googleapiclient.errors.HttpError as err:
|
||||
_chat_error_handler(chat, err)
|
||||
members = []
|
||||
titles = []
|
||||
for result in results:
|
||||
member = utils.flatten_json(result)
|
||||
for key in member:
|
||||
if key not in titles:
|
||||
titles.append(key)
|
||||
members.append(utils.flatten_json(result))
|
||||
display.write_csv_file(members, titles, 'Chat Members', todrive)
|
||||
|
||||
|
||||
def create_message():
|
||||
chat = build()
|
||||
body = {}
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'text':
|
||||
body['text'] = sys.argv[i+1].replace('\\r', '\r').replace('\\n', '\n')
|
||||
i += 2
|
||||
elif myarg == 'textfile':
|
||||
filename = sys.argv[i + 1]
|
||||
i, encoding = gam.getCharSet(i + 2)
|
||||
body['text'] = fileutils.read_file(filename, encoding=encoding)
|
||||
elif myarg == 'space':
|
||||
space = sys.argv[i+1]
|
||||
if space[:7] != 'spaces/':
|
||||
space = f'spaces/{space}'
|
||||
i += 2
|
||||
elif myarg == 'thread':
|
||||
body['thread'] = {'name': sys.argv[i+1]}
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam create chat')
|
||||
if not space:
|
||||
controlflow.system_error_exit(2,
|
||||
'space <ChatSpace> is required.')
|
||||
if 'text' not in body:
|
||||
controlflow.system_error_exit(2,
|
||||
'text <String> or textfile <FileName> is required.')
|
||||
if len(body['text']) > 4096:
|
||||
body['text'] = body['text'][:4095]
|
||||
print('WARNING: trimmed message longer than 4k to be 4k in length.')
|
||||
try:
|
||||
resp = gapi.call(chat.spaces().messages(),
|
||||
'create',
|
||||
parent=space,
|
||||
body=body,
|
||||
throw_reasons=THROW_REASONS)
|
||||
except googleapiclient.errors.HttpError as err:
|
||||
_chat_error_handler(chat, err)
|
||||
if 'thread' in body:
|
||||
print(f'responded to thread {resp["thread"]["name"]}')
|
||||
else:
|
||||
print(f'started new thread {resp["thread"]["name"]}')
|
||||
print(f'message {resp["name"]}')
|
||||
|
||||
def delete_message():
|
||||
chat = build()
|
||||
name = None
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'name':
|
||||
name = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam delete chat')
|
||||
if not name:
|
||||
controlflow.system_error_exit(2,
|
||||
'name <String> is required.')
|
||||
try:
|
||||
gapi.call(chat.spaces().messages(),
|
||||
'delete',
|
||||
name=name)
|
||||
except googleapiclient.errors.HttpError as err:
|
||||
_chat_error_handler(chat, err)
|
||||
|
||||
|
||||
def update_message():
|
||||
chat = build()
|
||||
body = {}
|
||||
name = None
|
||||
updateMask = 'text'
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'text':
|
||||
body['text'] = sys.argv[i+1].replace('\\r', '\r').replace('\\n', '\n')
|
||||
i += 2
|
||||
elif myarg == 'textfile':
|
||||
filename = sys.argv[i + 1]
|
||||
i, encoding = gam.getCharSet(i + 2)
|
||||
body['text'] = fileutils.read_file(filename, encoding=encoding)
|
||||
elif myarg == 'name':
|
||||
name = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam update chat')
|
||||
if not name:
|
||||
controlflow.system_error_exit(2,
|
||||
'name <String> is required.')
|
||||
if 'text' not in body:
|
||||
controlflow.system_error_exit(2,
|
||||
'text <String> or textfile <FileName> is required.')
|
||||
if len(body['text']) > 4096:
|
||||
body['text'] = body['text'][:4095]
|
||||
print('WARNING: trimmed message longer than 4k to be 4k in length.')
|
||||
try:
|
||||
resp = gapi.call(chat.spaces().messages(),
|
||||
'update',
|
||||
name=name,
|
||||
updateMask=updateMask,
|
||||
body=body)
|
||||
except googleapiclient.errors.HttpError as err:
|
||||
_chat_error_handler(chat, err)
|
||||
if 'thread' in body:
|
||||
print(f'updated response to thread {resp["thread"]["name"]}')
|
||||
else:
|
||||
print(f'updated message on thread {resp["thread"]["name"]}')
|
||||
print(f'message {resp["name"]}')
|
||||
@@ -1,229 +0,0 @@
|
||||
"""Chrome Version History API calls"""
|
||||
|
||||
import re
|
||||
import sys
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObjectNoAuthentication('versionhistory')
|
||||
|
||||
|
||||
CHROME_HISTORY_ENTITY_CHOICES = {
|
||||
'platforms',
|
||||
'channels',
|
||||
'versions',
|
||||
'releases',
|
||||
}
|
||||
|
||||
CHROME_VERSIONHISTORY_ORDERBY_CHOICE_MAP = {
|
||||
'versions': {
|
||||
'channel': 'channel',
|
||||
'name': 'name',
|
||||
'platform': 'platform',
|
||||
'version': 'version'
|
||||
},
|
||||
'releases': {
|
||||
'channel': 'channel',
|
||||
'endtime': 'endtime',
|
||||
'fraction': 'fraction',
|
||||
'name': 'name',
|
||||
'platform': 'platform',
|
||||
'starttime': 'starttime',
|
||||
'version': 'version'
|
||||
}
|
||||
}
|
||||
|
||||
CHROME_VERSIONHISTORY_TITLES = {
|
||||
'platforms': ['platform'],
|
||||
'channels': ['channel', 'platform'],
|
||||
'versions': ['version', 'channel', 'platform',
|
||||
'major_version', 'minor_version', 'build', 'patch'],
|
||||
'releases': ['version', 'channel', 'platform',
|
||||
'major_version', 'minor_version', 'build', 'patch',
|
||||
'fraction', 'serving.startTime','serving.endTime']
|
||||
}
|
||||
|
||||
def get_relative_milestone(channel='stable', minus=0):
|
||||
'''
|
||||
takes a channel and minus like stable and -1.
|
||||
returns current given milestone number
|
||||
'''
|
||||
cv = build()
|
||||
parent = f'chrome/platforms/all/channels/{channel}/versions/all'
|
||||
releases = gapi.get_all_pages(cv.platforms().channels().versions().releases(),
|
||||
'list',
|
||||
'releases',
|
||||
parent=parent,
|
||||
fields='releases/version,nextPageToken')
|
||||
milestones = []
|
||||
# Note that milestones are usually sequential but some numbers
|
||||
# may be skipped. For example, there was no Chrome 82 stable.
|
||||
# Thus we need to do more than find the latest version and subtract.
|
||||
for release in releases:
|
||||
milestone = release.get('version').split('.')[0]
|
||||
if milestone not in milestones:
|
||||
milestones.append(milestone)
|
||||
milestones.sort(reverse=True)
|
||||
try:
|
||||
return milestones[minus]
|
||||
except IndexError:
|
||||
return ''
|
||||
|
||||
def get_platform_map(cv=None):
|
||||
'''returns dict mapping of platform choices'''
|
||||
if cv is None:
|
||||
cv = build()
|
||||
result = gapi.get_all_pages(cv.platforms(),
|
||||
'list',
|
||||
'platforms',
|
||||
parent='chrome')
|
||||
platforms = [p.get('platformType', '').lower() for p in result]
|
||||
platform_map = {'all': 'all'}
|
||||
for cplatform in platforms:
|
||||
key = cplatform.replace('_', '')
|
||||
platform_map[key] = cplatform
|
||||
return platform_map
|
||||
|
||||
|
||||
def get_channel_map(cv=None):
|
||||
'''returns dict mapping of channel choices'''
|
||||
if cv is None:
|
||||
cv = build()
|
||||
result = gapi.get_all_pages(cv.platforms().channels(),
|
||||
'list',
|
||||
'channels',
|
||||
parent='chrome/platforms/all')
|
||||
channels = [c.get('channelType', '').lower() for c in result]
|
||||
channels = list(set(channels))
|
||||
channel_map = {'all': 'all'}
|
||||
for channel in channels:
|
||||
key = channel.replace('_', '')
|
||||
channel_map[key] = channel
|
||||
return channel_map
|
||||
|
||||
def printHistory():
|
||||
cv = build()
|
||||
entityType = sys.argv[3].lower().replace('_', '')
|
||||
if entityType not in CHROME_HISTORY_ENTITY_CHOICES:
|
||||
msg = f'{entityType} is not a valid argument to "gam print chromehistory"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
todrive = False
|
||||
csvRows = []
|
||||
cplatform = 'all'
|
||||
channel = 'all'
|
||||
version = 'all'
|
||||
kwargs = {}
|
||||
orderByList = []
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif entityType != 'platforms' and myarg == 'platform':
|
||||
cplatform = sys.argv[i + 1].lower().replace('_', '')
|
||||
platform_map = get_platform_map(cv)
|
||||
if cplatform not in platform_map:
|
||||
controlflow.expected_argument_exit('platform',
|
||||
', '.join(platform_map),
|
||||
cplatform)
|
||||
cplatform = platform_map[cplatform]
|
||||
i += 2
|
||||
elif entityType in {'versions', 'releases'} and myarg == 'channel':
|
||||
channel = sys.argv[i + 1].lower().replace('_', '')
|
||||
channel_map = get_channel_map(cv)
|
||||
if channel not in channel_map:
|
||||
controlflow.expected_argument_exit('channel',
|
||||
', '.join(channel_map),
|
||||
channel)
|
||||
channel = channel_map[channel]
|
||||
i += 2
|
||||
elif entityType == 'releases' and myarg == 'version':
|
||||
version = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif entityType in {'versions', 'releases'} and myarg == 'orderby':
|
||||
fieldName = sys.argv[i + 1].lower().replace('_', '')
|
||||
i += 2
|
||||
if fieldName in CHROME_VERSIONHISTORY_ORDERBY_CHOICE_MAP[entityType]:
|
||||
fieldName = CHROME_VERSIONHISTORY_ORDERBY_CHOICE_MAP[entityType][fieldName]
|
||||
orderBy = ''
|
||||
if i < len(sys.argv):
|
||||
orderBy = sys.argv[i].lower()
|
||||
if orderBy in SORTORDER_CHOICES_MAP:
|
||||
orderBy = SORTORDER_CHOICES_MAP[orderBy]
|
||||
i += 1
|
||||
if orderBy != 'DESCENDING':
|
||||
orderByList.append(fieldName)
|
||||
else:
|
||||
orderByList.append(f'{fieldName} desc')
|
||||
else:
|
||||
controlflow.expected_argument_exit('orderby',
|
||||
', '.join(CHROME_VERSIONHISTORY_ORDERBY_CHOICE_MAP[entityType]),
|
||||
fieldName)
|
||||
elif entityType in {'versions', 'releases'} and myarg == 'filter':
|
||||
kwargs['filter'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print chromehistory {entityType}"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if orderByList:
|
||||
kwargs['orderBy'] = ','.join(orderByList)
|
||||
if entityType == 'platforms':
|
||||
svc = cv.platforms()
|
||||
parent = 'chrome'
|
||||
elif entityType == 'channels':
|
||||
svc = cv.platforms().channels()
|
||||
parent = f'chrome/platforms/{cplatform}'
|
||||
elif entityType == 'versions':
|
||||
svc = cv.platforms().channels().versions()
|
||||
parent = f'chrome/platforms/{cplatform}/channels/{channel}'
|
||||
else: #elif entityType == 'releases'
|
||||
svc = cv.platforms().channels().versions().releases()
|
||||
parent = f'chrome/platforms/{cplatform}/channels/{channel}/versions/{version}'
|
||||
reportTitle = f'Chrome Version History {entityType.capitalize()}'
|
||||
page_message = gapi.got_total_items_msg(reportTitle, '...\n')
|
||||
gam.printGettingAllItems(reportTitle, None)
|
||||
citems = gapi.get_all_pages(svc, 'list', entityType,
|
||||
page_message=page_message,
|
||||
parent=parent,
|
||||
fields=f'nextPageToken,{entityType}',
|
||||
**kwargs)
|
||||
for citem in citems:
|
||||
for key in list(citem):
|
||||
if key.endswith('Type'):
|
||||
newkey = key[:-4]
|
||||
citem[newkey] = citem.pop(key)
|
||||
if 'channel' in citem:
|
||||
citem['channel'] = citem['channel'].lower()
|
||||
else:
|
||||
channel_match = re.search(r'\/channels\/([^/]*)', citem['name'])
|
||||
if channel_match:
|
||||
try:
|
||||
citem['channel'] = channel_match.group(1)
|
||||
except IndexError:
|
||||
pass
|
||||
if 'platform' in citem:
|
||||
citem['platform'] = citem['platform'].lower()
|
||||
else:
|
||||
platform_match = re.search(r'\/platforms\/([^/]*)', citem['name'])
|
||||
if platform_match:
|
||||
try:
|
||||
citem['platform'] = platform_match.group(1)
|
||||
except IndexError:
|
||||
pass
|
||||
|
||||
if citem.get('version', '').count('.') == 3:
|
||||
citem['major_version'], \
|
||||
citem['minor_version'], \
|
||||
citem['build'], \
|
||||
citem['patch'] = citem['version'].split('.')
|
||||
citem.pop('name')
|
||||
csvRows.append(utils.flatten_json(citem))
|
||||
display.write_csv_file(csvRows, CHROME_VERSIONHISTORY_TITLES[entityType], reportTitle, todrive)
|
||||
@@ -1,469 +0,0 @@
|
||||
"""Chrome Management API calls"""
|
||||
|
||||
import sys
|
||||
|
||||
import gam
|
||||
from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER
|
||||
from gam.var import CROS_START_ARGUMENTS, CROS_END_ARGUMENTS
|
||||
from gam.var import YYYYMMDD_FORMAT
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
from gam.gapi.directory.cros import _getFilterDate
|
||||
|
||||
|
||||
def _get_customerid():
|
||||
customer = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer != MY_CUSTOMER and customer[0] != 'C':
|
||||
customer = 'C' + customer
|
||||
return f'customers/{customer}'
|
||||
|
||||
|
||||
def _get_orgunit(orgunit):
|
||||
if orgunit.startswith('orgunits/'):
|
||||
return orgunit
|
||||
_, orgunitid = gapi_directory_orgunits.getOrgUnitId(orgunit)
|
||||
return f'{orgunitid[3:]}'
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('chromemanagement')
|
||||
|
||||
|
||||
CHROME_APPS_ORDERBY_CHOICE_MAP = {
|
||||
'appname': 'app_name',
|
||||
'apptype': 'appType',
|
||||
'installtype': 'install_type',
|
||||
'numberofpermissions': 'number_of_permissions',
|
||||
'totalinstallcount': 'total_install_count',
|
||||
}
|
||||
CHROME_APPS_TITLES = [
|
||||
'appId', 'displayName',
|
||||
'browserDeviceCount', 'osUserCount',
|
||||
'appType', 'description',
|
||||
'appInstallType', 'appSource',
|
||||
'disabled', 'homepageUri',
|
||||
'permissions'
|
||||
]
|
||||
|
||||
def printApps():
|
||||
cm = build()
|
||||
customer = _get_customerid()
|
||||
todrive = False
|
||||
titles = CHROME_APPS_TITLES
|
||||
csvRows = []
|
||||
orgunit = None
|
||||
pfilter = None
|
||||
orderBy = None
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = _get_orgunit(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'filter':
|
||||
pfilter = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'orderby':
|
||||
orderBy = sys.argv[i + 1].lower().replace('_', '')
|
||||
if orderBy not in CHROME_APPS_ORDERBY_CHOICE_MAP:
|
||||
controlflow.expected_argument_exit('orderby',
|
||||
', '.join(CHROME_APPS_ORDERBY_CHOICE_MAP),
|
||||
orderBy)
|
||||
orderBy = CHROME_APPS_ORDERBY_CHOICE_MAP[orderBy]
|
||||
i += 2
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print chromeapps"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if orgunit:
|
||||
orgUnitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit, None)
|
||||
titles.append('orgUnitPath')
|
||||
else:
|
||||
orgUnitPath = '/'
|
||||
gam.printGettingAllItems('Chrome Installed Applications', pfilter)
|
||||
page_message = gapi.got_total_items_msg('Chrome Installed Applications', '...\n')
|
||||
apps = gapi.get_all_pages(cm.customers().reports(),
|
||||
'countInstalledApps',
|
||||
'installedApps',
|
||||
page_message=page_message,
|
||||
customer=customer, orgUnitId=orgunit,
|
||||
filter=pfilter, orderBy=orderBy)
|
||||
for app in apps:
|
||||
if orgunit:
|
||||
app['orgUnitPath'] = orgUnitPath
|
||||
if 'permissions'in app:
|
||||
app['permissions'] = ' '.join(app['permissions'])
|
||||
csvRows.append(app)
|
||||
display.write_csv_file(csvRows, titles, 'Chrome Installed Applications', todrive)
|
||||
|
||||
|
||||
CHROME_APP_DEVICES_APPTYPE_CHOICE_MAP = {
|
||||
'extension': 'EXTENSION',
|
||||
'app': 'APP',
|
||||
'theme': 'THEME',
|
||||
'hostedapp': 'HOSTED_APP',
|
||||
'androidapp': 'ANDROID_APP',
|
||||
}
|
||||
CHROME_APP_DEVICES_ORDERBY_CHOICE_MAP = {
|
||||
'deviceid': 'deviceId',
|
||||
'machine': 'machine',
|
||||
}
|
||||
CHROME_APP_DEVICES_TITLES = [
|
||||
'appId', 'appType', 'deviceId', 'machine'
|
||||
]
|
||||
|
||||
def printAppDevices():
|
||||
cm = build()
|
||||
customer = _get_customerid()
|
||||
todrive = False
|
||||
titles = CHROME_APP_DEVICES_TITLES
|
||||
csvRows = []
|
||||
orgunit = None
|
||||
appId = None
|
||||
appType = None
|
||||
startDate = None
|
||||
endDate = None
|
||||
pfilter = None
|
||||
orderBy = None
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = _get_orgunit(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'appid':
|
||||
appId = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'apptype':
|
||||
appType = sys.argv[i + 1].lower().replace('_', '')
|
||||
if appType not in CHROME_APP_DEVICES_APPTYPE_CHOICE_MAP:
|
||||
controlflow.expected_argument_exit('orderby',
|
||||
', '.join(CHROME_APP_DEVICES_APPTYPE_CHOICE_MAP),
|
||||
appType)
|
||||
appType = CHROME_APP_DEVICES_APPTYPE_CHOICE_MAP[appType]
|
||||
i += 2
|
||||
elif myarg in CROS_START_ARGUMENTS:
|
||||
startDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
|
||||
i += 2
|
||||
elif myarg in CROS_END_ARGUMENTS:
|
||||
endDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
|
||||
i += 2
|
||||
elif myarg == 'orderby':
|
||||
orderBy = sys.argv[i + 1].lower().replace('_', '')
|
||||
if orderBy not in CHROME_APP_DEVICES_ORDERBY_CHOICE_MAP:
|
||||
controlflow.expected_argument_exit('orderby',
|
||||
', '.join(CHROME_APP_DEVICES_ORDERBY_CHOICE_MAP),
|
||||
orderBy)
|
||||
orderBy = CHROME_APP_DEVICES_ORDERBY_CHOICE_MAP[orderBy]
|
||||
i += 2
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print chromeappdevices"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if not appId:
|
||||
controlflow.system_error_exit(3, 'You must specify an appid')
|
||||
if not appType:
|
||||
controlflow.system_error_exit(3, 'You must specify an apptype')
|
||||
if endDate:
|
||||
pfilter = f'last_active_date<={endDate}'
|
||||
if startDate:
|
||||
if pfilter:
|
||||
pfilter += ' AND '
|
||||
else:
|
||||
pfilter = ''
|
||||
pfilter += f'last_active_date>={startDate}'
|
||||
if orgunit:
|
||||
orgUnitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit, None)
|
||||
titles.append('orgUnitPath')
|
||||
else:
|
||||
orgUnitPath = '/'
|
||||
gam.printGettingAllItems('Chrome Installed Application Devices', pfilter)
|
||||
page_message = gapi.got_total_items_msg('Chrome Installed Application Devices', '...\n')
|
||||
devices = gapi.get_all_pages(cm.customers().reports(),
|
||||
'findInstalledAppDevices',
|
||||
'devices',
|
||||
page_message=page_message,
|
||||
appId=appId, appType=appType,
|
||||
customer=customer, orgUnitId=orgunit,
|
||||
filter=pfilter, orderBy=orderBy)
|
||||
for device in devices:
|
||||
if orgunit:
|
||||
device['orgUnitPath'] = orgUnitPath
|
||||
device['appId'] = appId
|
||||
device['appType'] = appType
|
||||
csvRows.append(device)
|
||||
display.write_csv_file(csvRows, titles, 'Chrome Installed Application Devices', todrive)
|
||||
|
||||
|
||||
def printShowCrosTelemetry(mode):
|
||||
cm = build()
|
||||
cd = None
|
||||
parent = _get_customerid()
|
||||
todrive = False
|
||||
filter_ = None
|
||||
readMask = []
|
||||
orgUnitIdPathMap = {}
|
||||
diskpercentonly = False
|
||||
showOrgUnitPath = False
|
||||
supported_readmask_values = list(cm._rootDesc['schemas']['GoogleChromeManagementV1TelemetryDevice']['properties'].keys())
|
||||
supported_readmask_values.sort()
|
||||
supported_readmask_map = {item.lower():item for item in supported_readmask_values}
|
||||
i = 3
|
||||
if mode == 'info':
|
||||
if i >= len(sys.argv):
|
||||
controlflow.system_error_exit(3, '<SerialNumber> required for "gam info crostelemetry"')
|
||||
filter_ = f'serialNumber={sys.argv[i]}'
|
||||
i += 1
|
||||
mode = 'show'
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'fields':
|
||||
field_list = sys.argv[i+1].lower().split(',')
|
||||
for field_item in field_list:
|
||||
if field_item not in supported_readmask_map:
|
||||
controlflow.expected_argument_exit('fields',
|
||||
', '.join(supported_readmask_values),
|
||||
field_item)
|
||||
else:
|
||||
readMask.append(supported_readmask_map[field_item])
|
||||
i += 2
|
||||
elif myarg in supported_readmask_map:
|
||||
readMask.append(supported_readmask_map[myarg])
|
||||
i += 1
|
||||
elif myarg == 'filter':
|
||||
filter_ = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
_, orgUnitId = gapi_directory_orgunits.getOrgUnitId(sys.argv[i + 1], None)
|
||||
filter_ = f'orgUnitId={orgUnitId[3:]}'
|
||||
i += 2
|
||||
elif myarg == 'crossn':
|
||||
filter_ = f'serialNumber={sys.argv[i + 1]}'
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg == 'showorgunitpath':
|
||||
showOrgUnitPath = True
|
||||
cd = gapi_directory.build()
|
||||
i += 1
|
||||
elif myarg == 'storagepercentonly':
|
||||
diskpercentonly = True
|
||||
i += 1
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print crostelemetry"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if not readMask:
|
||||
readMask = ','.join(supported_readmask_values)
|
||||
else:
|
||||
if 'deviceId' not in readMask:
|
||||
readMask.append('deviceId')
|
||||
readMask = ','.join(readMask)
|
||||
gam.printGettingAllItems('Chrome Device Telemetry...', filter_)
|
||||
page_message = gapi.got_total_items_msg('Chrome Device Telemetry', '...\n')
|
||||
devices = gapi.get_all_pages(cm.customers().telemetry().devices(),
|
||||
'list',
|
||||
'devices',
|
||||
page_message=page_message,
|
||||
parent=parent,
|
||||
filter=filter_,
|
||||
readMask=readMask)
|
||||
for device in devices:
|
||||
if 'totalDiskBytes' in device.get('storageInfo', {}) and 'availableDiskBytes' in device.get('storageInfo', {}):
|
||||
disk_avail = int(device['storageInfo']['availableDiskBytes'])
|
||||
disk_size = int(device['storageInfo']['totalDiskBytes'])
|
||||
if diskpercentonly:
|
||||
device['storageInfo'] = {}
|
||||
device['storageInfo']['percentDiskFree'] = int((disk_avail / disk_size) * 100)
|
||||
device['storageInfo']['percentDiskUsed'] = 100 - device['storageInfo']['percentDiskFree']
|
||||
for cpuStatusReport in device.get('cpuStatusReport', []):
|
||||
for tempInfo in cpuStatusReport.pop('cpuTemperatureInfo', []):
|
||||
if 'temperatureCelsius' in tempInfo:
|
||||
cpuStatusReport[f"cpuTemperatureInfo.{tempInfo['label'].strip()}"] = tempInfo['temperatureCelsius']
|
||||
if showOrgUnitPath:
|
||||
orgUnitId = device.get('orgUnitId')
|
||||
if orgUnitId not in orgUnitIdPathMap:
|
||||
orgUnitIdPathMap[orgUnitId] = gapi_directory_orgunits.orgunit_from_orgunitid(orgUnitId, cd)
|
||||
device['orgUnitPath'] = orgUnitIdPathMap[orgUnitId]
|
||||
if mode == 'show':
|
||||
for device in devices:
|
||||
display.print_json(device)
|
||||
print()
|
||||
print()
|
||||
else:
|
||||
csvRows = []
|
||||
titles = []
|
||||
for device in devices:
|
||||
display.add_row_titles_to_csv_file(utils.flatten_json(device),
|
||||
csvRows, titles)
|
||||
display.write_csv_file(csvRows, titles, 'Telemetry Devices', todrive)
|
||||
|
||||
|
||||
CHROME_AUES_TITLES = [
|
||||
'model', 'count', 'aueMonth', 'aueYear', 'expired'
|
||||
]
|
||||
def printAUEs():
|
||||
cm = build()
|
||||
customer = _get_customerid()
|
||||
todrive = False
|
||||
titles = CHROME_AUES_TITLES
|
||||
csvRows = []
|
||||
orgunit = None
|
||||
minAueDate = None
|
||||
maxAueDate = None
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = _get_orgunit(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'minauedate':
|
||||
minAueDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
|
||||
i += 2
|
||||
elif myarg == 'maxauedate':
|
||||
maxAueDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
|
||||
i += 2
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print chromeaues"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if orgunit:
|
||||
orgUnitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit, None)
|
||||
query = f'orgUnitPath={orgUnitPath}'
|
||||
titles.append('orgUnitPath')
|
||||
else:
|
||||
orgUnitPath = '/'
|
||||
query = None
|
||||
gam.printGettingAllItems('Chrome Auto Update Expirations', query)
|
||||
aues = gapi.call(cm.customers().reports(),
|
||||
'countChromeDevicesReachingAutoExpirationDate',
|
||||
customer=customer, orgUnitId=orgunit,
|
||||
minAueDate=minAueDate, maxAueDate=maxAueDate).get('deviceAueCountReports', [])
|
||||
for aue in sorted(aues, key=lambda k: k.get('model', 'Unknown')):
|
||||
if orgunit:
|
||||
aue['orgUnitPath'] = orgUnitPath
|
||||
csvRows.append(aue)
|
||||
display.write_csv_file(csvRows, titles, 'Chrome AUEs', todrive)
|
||||
|
||||
|
||||
CHROME_NEEDSATTN_TITLES = [
|
||||
'noRecentPolicySyncCount', 'noRecentUserActivityCount', 'pendingUpdate',
|
||||
'osVersionNotCompliantCount', 'unsupportedPolicyCount'
|
||||
]
|
||||
def printNeedsAttn():
|
||||
cm = build()
|
||||
customer = _get_customerid()
|
||||
todrive = False
|
||||
titles = CHROME_NEEDSATTN_TITLES[:]
|
||||
csvRows = []
|
||||
orgunit = None
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = _get_orgunit(sys.argv[i+1])
|
||||
i += 2
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print chromeneedsattn"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if orgunit:
|
||||
orgUnitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit, None)
|
||||
query = f'orgUnitPath={orgUnitPath}'
|
||||
titles.append('orgUnitPath')
|
||||
else:
|
||||
orgUnitPath = '/'
|
||||
query = None
|
||||
gam.printGettingAllItems('Chrome Devices Needing Attention', query)
|
||||
result = gapi.call(cm.customers().reports(),
|
||||
'countChromeDevicesThatNeedAttention',
|
||||
customer=customer, orgUnitId=orgunit, readMask=','.join(CHROME_NEEDSATTN_TITLES))
|
||||
for field in CHROME_NEEDSATTN_TITLES:
|
||||
result.setdefault(field, 0)
|
||||
if orgunit:
|
||||
result['orgUnitPath'] = orgUnitPath
|
||||
csvRows.append(result)
|
||||
display.write_csv_file(csvRows, titles, 'Chrome Devices Needing Attention', todrive)
|
||||
|
||||
|
||||
CHROME_VERSIONS_TITLES = [
|
||||
'version', 'count', 'channel', 'deviceOsVersion', 'system'
|
||||
]
|
||||
def printVersions():
|
||||
cm = build()
|
||||
customer = _get_customerid()
|
||||
todrive = False
|
||||
titles = CHROME_VERSIONS_TITLES
|
||||
csvRows = []
|
||||
orgunit = None
|
||||
startDate = None
|
||||
endDate = None
|
||||
pfilter = None
|
||||
query = None
|
||||
reverse = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = _get_orgunit(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg in CROS_START_ARGUMENTS:
|
||||
startDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
|
||||
i += 2
|
||||
elif myarg in CROS_END_ARGUMENTS:
|
||||
endDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
|
||||
i += 2
|
||||
elif myarg == 'recentfirst':
|
||||
reverse = True
|
||||
i += 1
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print chromeversions"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if endDate:
|
||||
pfilter = f'last_active_date<={endDate}'
|
||||
if startDate:
|
||||
if pfilter:
|
||||
pfilter += ' AND '
|
||||
else:
|
||||
pfilter = ''
|
||||
pfilter += f'last_active_date>={startDate}'
|
||||
query = pfilter
|
||||
if orgunit:
|
||||
orgUnitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit, None)
|
||||
if query:
|
||||
query += ' AND '
|
||||
else:
|
||||
query = ''
|
||||
query += f'orgUnitPath={orgUnitPath}'
|
||||
titles.append('orgUnitPath')
|
||||
else:
|
||||
orgUnitPath = '/'
|
||||
gam.printGettingAllItems('Chrome Versions', query)
|
||||
page_message = gapi.got_total_items_msg('Chrome Versions', '...\n')
|
||||
versions = gapi.get_all_pages(cm.customers().reports(),
|
||||
'countChromeVersions',
|
||||
'browserVersions',
|
||||
page_message=page_message,
|
||||
customer=customer, orgUnitId=orgunit, filter=pfilter)
|
||||
for version in sorted(versions, key=lambda k: k.get('version', 'Unknown'), reverse=reverse):
|
||||
if orgunit:
|
||||
version['orgUnitPath'] = orgUnitPath
|
||||
if 'version' not in version:
|
||||
version['version'] = 'Unknown'
|
||||
csvRows.append(version)
|
||||
display.write_csv_file(csvRows, titles, 'Chrome Versions', todrive)
|
||||
@@ -1,447 +0,0 @@
|
||||
"""Chrome Browser Cloud Management API calls"""
|
||||
|
||||
import re
|
||||
import sys
|
||||
|
||||
import googleapiclient.errors
|
||||
|
||||
import gam
|
||||
from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER
|
||||
from gam import controlflow
|
||||
from gam import gapi
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi import chromehistory as gapi_chromehistory
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
from gam import utils
|
||||
|
||||
|
||||
def _get_customerid():
|
||||
customer = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer != MY_CUSTOMER and customer[0] != 'C':
|
||||
customer = 'C' + customer
|
||||
return f'customers/{customer}'
|
||||
|
||||
|
||||
def _get_orgunit(orgunit):
|
||||
if orgunit.startswith('orgunits/'):
|
||||
return orgunit
|
||||
_, orgunitid = gapi_directory_orgunits.getOrgUnitId(orgunit)
|
||||
return f'orgunits/{orgunitid[3:]}'
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('chromepolicy')
|
||||
|
||||
|
||||
def printshow_policies():
|
||||
svc = build()
|
||||
customer = _get_customerid()
|
||||
orgunit = None
|
||||
printer_id = None
|
||||
app_id = None
|
||||
body = {}
|
||||
namespaces = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = _get_orgunit(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'printerid':
|
||||
printer_id = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'appid':
|
||||
app_id = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'namespace':
|
||||
namespaces.extend(sys.argv[i+1].replace(',', ' ').split())
|
||||
i += 2
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print chromepolicy"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if not orgunit:
|
||||
controlflow.system_error_exit(3, 'You must specify an orgunit')
|
||||
body['policyTargetKey'] = {'targetResource': orgunit}
|
||||
if printer_id:
|
||||
body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
||||
if not namespaces:
|
||||
namespaces = ['chrome.printers']
|
||||
elif app_id:
|
||||
body['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
|
||||
if not namespaces:
|
||||
namespaces = ['chrome.users.apps',
|
||||
'chrome.devices.managedGuest.apps',
|
||||
'chrome.devices.kiosk.apps']
|
||||
elif not namespaces:
|
||||
namespaces = [
|
||||
'chrome.users',
|
||||
'chrome.users.apps',
|
||||
'chrome.devices',
|
||||
'chrome.devices.kiosk',
|
||||
'chrome.devices.managedGuest',
|
||||
]
|
||||
throw_reasons = [gapi_errors.ErrorReason.FOUR_O_O,]
|
||||
orgunitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit[9:], None)
|
||||
print(f'Organizational Unit: {orgunitPath}')
|
||||
for namespace in namespaces:
|
||||
spacing = ' '
|
||||
body['policySchemaFilter'] = f'{namespace}.*'
|
||||
body['pageToken'] = None
|
||||
try:
|
||||
policies = gapi.get_all_pages(svc.customers().policies(), 'resolve',
|
||||
items='resolvedPolicies',
|
||||
throw_reasons=throw_reasons,
|
||||
customer=customer,
|
||||
body=body,
|
||||
page_args_in_body=True)
|
||||
except googleapiclient.errors.HttpError:
|
||||
policies = []
|
||||
# sort policies first by app/printer id then by schema name
|
||||
policies = sorted(policies,
|
||||
key=lambda k: (
|
||||
list(k.get('targetKey', {}).get('additionalTargetKeys', {}).values()),
|
||||
k.get('value', {}).get('policySchema', '')))
|
||||
printed_ids = []
|
||||
for policy in policies:
|
||||
print()
|
||||
name = policy.get('value', {}).get('policySchema', '')
|
||||
for key, val in policy['targetKey'].get('additionalTargetKeys', {}).items():
|
||||
additional_id = f'{key} - {val}'
|
||||
if additional_id not in printed_ids:
|
||||
print(f' {additional_id}')
|
||||
printed_ids.append(additional_id)
|
||||
spacing = ' '
|
||||
print(f'{spacing}{name}')
|
||||
values = policy.get('value', {}).get('value', {})
|
||||
for setting, value in values.items():
|
||||
# Handle TYPE_MESSAGE fields with durations, values, counts and timeOfDay as special cases
|
||||
schema = CHROME_SCHEMA_TYPE_MESSAGE.get(name, {}).get(setting.lower())
|
||||
if schema and setting == schema['casedField']:
|
||||
vtype = schema['type']
|
||||
if vtype in {'duration', 'value'}:
|
||||
value = value.get(vtype, '')
|
||||
if value:
|
||||
if value.endswith('s'):
|
||||
value = value[:-1]
|
||||
value = int(value) // schema['scale']
|
||||
elif vtype == 'count':
|
||||
pass
|
||||
else: ##timeOfDay
|
||||
hours = value.get(vtype, {}).get('hours', 0)
|
||||
minutes = value.get(vtype, {}).get('minutes', 0)
|
||||
value = f'{hours:02}:{minutes:02}'
|
||||
elif isinstance(value, str) and value.find('_ENUM_') != -1:
|
||||
value = value.split('_ENUM_')[-1]
|
||||
print(f'{spacing}{setting}: {value}')
|
||||
|
||||
|
||||
def build_schemas(svc=None, sfilter=None):
|
||||
if not svc:
|
||||
svc = build()
|
||||
parent = _get_customerid()
|
||||
schemas = gapi.get_all_pages(svc.customers().policySchemas(), 'list',
|
||||
items='policySchemas', parent=parent, filter=sfilter)
|
||||
schema_objects = {}
|
||||
for schema in schemas:
|
||||
schema_name = schema.get('name', '').split('/')[-1]
|
||||
schema_dict = {
|
||||
'name': schema_name,
|
||||
'description': schema.get('policyDescription', ''),
|
||||
'settings': {},
|
||||
}
|
||||
field_descriptions = schema.get('fieldDescriptions', [])
|
||||
for mtype in schema.get('definition', {}).get('messageType', {}):
|
||||
for setting in mtype.get('field', {}):
|
||||
setting_name = setting.get('name', '')
|
||||
setting_dict = {
|
||||
'name': setting_name,
|
||||
'constraints': None,
|
||||
'descriptions': [],
|
||||
'type': setting.get('type'),
|
||||
}
|
||||
if setting_dict['type'] == 'TYPE_STRING' and \
|
||||
setting.get('label') == 'LABEL_REPEATED':
|
||||
setting_dict['type'] = 'TYPE_LIST'
|
||||
if setting_dict['type'] == 'TYPE_ENUM':
|
||||
type_name = setting['typeName']
|
||||
for an_enum in schema['definition']['enumType']:
|
||||
if an_enum['name'] == type_name:
|
||||
setting_dict['enums'] = [enum['name'] for enum in an_enum['value']]
|
||||
setting_dict['enum_prefix'] = utils.commonprefix(setting_dict['enums'], True)
|
||||
prefix_len = len(setting_dict['enum_prefix'])
|
||||
setting_dict['enums'] = [enum[prefix_len:] for enum \
|
||||
in setting_dict['enums'] \
|
||||
if not enum.endswith('UNSPECIFIED')]
|
||||
setting_dict['descriptions'] = ['']*len(setting_dict['enums'])
|
||||
if field_descriptions:
|
||||
for i, an in enumerate(setting_dict['enums']):
|
||||
for fdesc in field_descriptions:
|
||||
if fdesc.get('field') == setting_name:
|
||||
for d in fdesc.get('knownValueDescriptions', []):
|
||||
if d['value'][prefix_len:] == an:
|
||||
setting_dict['descriptions'][i] = d.get('description', '')
|
||||
break
|
||||
break
|
||||
break
|
||||
elif setting_dict['type'] == 'TYPE_MESSAGE':
|
||||
continue
|
||||
else:
|
||||
setting_dict['enums'] = None
|
||||
for fdesc in schema.get('fieldDescriptions', []):
|
||||
if fdesc.get('field') == setting_name:
|
||||
if 'knownValueDescriptions' in fdesc:
|
||||
setting_dict['descriptions'] = fdesc['knownValueDescriptions']
|
||||
elif 'description' in fdesc:
|
||||
setting_dict['descriptions'] = [fdesc['description']]
|
||||
schema_dict['settings'][setting_name.lower()] = setting_dict
|
||||
schema_objects[schema_name.lower()] = schema_dict
|
||||
return schema_objects
|
||||
|
||||
|
||||
def printshow_schemas():
|
||||
svc = build()
|
||||
sfilter = None
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'filter':
|
||||
sfilter = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam print chromeschema"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
schemas = build_schemas(svc, sfilter)
|
||||
for _, value in sorted(iter(schemas.items())):
|
||||
print(f'{value.get("name")}: {value.get("description")}')
|
||||
for val in value['settings'].values():
|
||||
vtype = val.get('type')
|
||||
print(f' {val.get("name")}: {vtype}')
|
||||
if vtype == 'TYPE_ENUM':
|
||||
enums = val.get('enums', [])
|
||||
descriptions = val.get('descriptions', [])
|
||||
for i in range(len(val.get('enums', []))):
|
||||
print(f' {enums[i]}: {descriptions[i]}')
|
||||
elif vtype == 'TYPE_BOOL':
|
||||
pvs = val.get('descriptions')
|
||||
for pvi in pvs:
|
||||
if isinstance(pvi, dict):
|
||||
pvalue = pvi.get('value')
|
||||
pdescription = pvi.get('description')
|
||||
print(f' {pvalue}: {pdescription}')
|
||||
elif isinstance(pvi, list):
|
||||
print(f' {pvi[0]}')
|
||||
else:
|
||||
description = val.get('descriptions')
|
||||
if len(description) > 0:
|
||||
print(f' {description[0]}')
|
||||
print()
|
||||
|
||||
|
||||
def delete_policy():
|
||||
svc = build()
|
||||
customer = _get_customerid()
|
||||
schemas = build_schemas(svc)
|
||||
orgunit = None
|
||||
printer_id = None
|
||||
app_id = None
|
||||
i = 3
|
||||
body = {'requests': []}
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = _get_orgunit(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'printerid':
|
||||
printer_id = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'appid':
|
||||
app_id = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg in schemas:
|
||||
body['requests'].append({'policySchema': schemas[myarg]['name']})
|
||||
i += 1
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam delete chromepolicy"'
|
||||
controlflow.system_error_exit(3, msg)
|
||||
if not orgunit:
|
||||
controlflow.system_error_exit(3, 'You must specify an orgunit')
|
||||
for request in body['requests']:
|
||||
request['policyTargetKey'] = {'targetResource': orgunit}
|
||||
if printer_id:
|
||||
request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
||||
elif app_id:
|
||||
request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
|
||||
gapi.call(svc.customers().policies().orgunits(), 'batchInherit', customer=customer, body=body)
|
||||
|
||||
|
||||
CHROME_SCHEMA_TYPE_MESSAGE = {
|
||||
'chrome.users.AutoUpdateCheckPeriodNew': {
|
||||
'autoupdatecheckperiodminutesnew':
|
||||
{'casedField': 'autoUpdateCheckPeriodMinutesNew',
|
||||
'type': 'duration', 'minVal': 1, 'maxVal': 720, 'scale': 60}},
|
||||
'chrome.users.BrowserSwitcherDelayDuration':
|
||||
{'browserswitcherdelayduration':
|
||||
{'casedField': 'browserSwitcherDelayDuration',
|
||||
'type': 'duration', 'minVal': 0, 'maxVal': 30, 'scale': 1}},
|
||||
'chrome.users.FetchKeepaliveDurationSecondsOnShutdown':
|
||||
{'fetchkeepalivedurationsecondsonshutdown':
|
||||
{'casedField': 'fetchKeepaliveDurationSecondsOnShutdown',
|
||||
'type': 'duration', 'minVal': 0, 'maxVal': 5, 'scale': 1}},
|
||||
'chrome.users.MaxInvalidationFetchDelay':
|
||||
{'maxinvalidationfetchdelay':
|
||||
{'casedField': 'maxInvalidationFetchDelay',
|
||||
'type': 'duration', 'minVal': 1, 'maxVal': 30, 'scale': 1, 'default': 10}},
|
||||
'chrome.users.PrintingMaxSheetsAllowed':
|
||||
{'printingmaxsheetsallowednullable':
|
||||
{'casedField': 'printingMaxSheetsAllowedNullable',
|
||||
'type': 'value', 'minVal': 1, 'maxVal': None, 'scale': 1}},
|
||||
'chrome.users.PrintJobHistoryExpirationPeriodNew':
|
||||
{'printjobhistoryexpirationperioddaysnew':
|
||||
{'casedField': 'printJobHistoryExpirationPeriodDaysNew',
|
||||
'type': 'duration', 'minVal': -1, 'maxVal': None, 'scale': 86400}},
|
||||
'chrome.users.SecurityTokenSessionSettings':
|
||||
{'securitytokensessionnotificationseconds':
|
||||
{'casedField': 'securityTokenSessionNotificationSeconds',
|
||||
'type': 'duration', 'minVal': 0, 'maxVal': 9999, 'scale': 1}},
|
||||
'chrome.users.SessionLength':
|
||||
{'sessiondurationlimit':
|
||||
{'casedField': 'sessionDurationLimit',
|
||||
'type': 'duration', 'minVal': 1, 'maxVal': 1440, 'scale': 60}},
|
||||
'chrome.users.UpdatesSuppressed':
|
||||
{'updatessuppresseddurationmin':
|
||||
{'casedField': 'updatesSuppressedDurationMin',
|
||||
'type': 'count', 'minVal': 1, 'maxVal': 1440, 'scale': 1},
|
||||
'updatessuppressedstarttime':
|
||||
{'casedField': 'updatesSuppressedStartTime',
|
||||
'type': 'timeOfDay'}},
|
||||
}
|
||||
|
||||
|
||||
def update_policy():
|
||||
svc = build()
|
||||
customer = _get_customerid()
|
||||
schemas = build_schemas(svc)
|
||||
orgunit = None
|
||||
printer_id = None
|
||||
app_id = None
|
||||
i = 3
|
||||
body = {'requests': []}
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = _get_orgunit(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'printerid':
|
||||
printer_id = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'appid':
|
||||
app_id = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg in schemas:
|
||||
schemaName = schemas[myarg]['name']
|
||||
body['requests'].append({'policyValue': {'policySchema': schemaName,
|
||||
'value': {}},
|
||||
'updateMask': ''})
|
||||
i += 1
|
||||
while i < len(sys.argv):
|
||||
field = sys.argv[i].lower()
|
||||
if field in ['ou', 'org', 'orgunit', 'printerid', 'appid'] or '.' in field:
|
||||
break # field is actually a new policy, orgunit or app/printer id
|
||||
# Handle TYPE_MESSAGE fields with durations, values, counts and timeOfDay as special cases
|
||||
schema = CHROME_SCHEMA_TYPE_MESSAGE.get(schemaName, {}).get(field)
|
||||
if schema:
|
||||
i += 1
|
||||
casedField = schema['casedField']
|
||||
vtype = schema['type']
|
||||
if vtype != 'timeOfDay':
|
||||
if 'default' not in schema:
|
||||
value = gam.getInteger(sys.argv[i], casedField,
|
||||
minVal=schema['minVal'], maxVal=schema['maxVal'])*schema['scale']
|
||||
i += 1
|
||||
elif i < len(sys.argv) and sys.argv[i].isdigit():
|
||||
value = gam.getInteger(sys.argv[i], casedField,
|
||||
minVal=schema['minVal'], maxVal=schema['maxVal'])*schema['scale']
|
||||
i += 1
|
||||
else: # Handle empty value for fields with default
|
||||
value = schema['default']*schema['scale']
|
||||
if i < len(sys.argv) and not sys.argv[i]:
|
||||
i += 1
|
||||
else:
|
||||
value = utils.get_hhmm(sys.argv[i])
|
||||
i += 1
|
||||
if vtype == 'duration':
|
||||
body['requests'][-1]['policyValue']['value'][casedField] = {vtype: f'{value}s'}
|
||||
elif vtype == 'value':
|
||||
body['requests'][-1]['policyValue']['value'][casedField] = {vtype: value}
|
||||
elif vtype == 'count':
|
||||
body['requests'][-1]['policyValue']['value'][casedField] = value
|
||||
else: ##timeOfDay
|
||||
hours, minutes = value.split(':')
|
||||
body['requests'][-1]['policyValue']['value'][casedField] = {vtype: {'hours': hours, 'minutes': minutes}}
|
||||
body['requests'][-1]['updateMask'] += f'{casedField},'
|
||||
continue
|
||||
expected_fields = ', '.join(schemas[myarg]['settings'])
|
||||
if field not in expected_fields:
|
||||
msg = f'Expected {myarg} field of {expected_fields}. Got {field}.'
|
||||
controlflow.system_error_exit(4, msg)
|
||||
cased_field = schemas[myarg]['settings'][field]['name']
|
||||
value = sys.argv[i+1]
|
||||
vtype = schemas[myarg]['settings'][field]['type']
|
||||
if vtype in ['TYPE_INT64', 'TYPE_INT32', 'TYPE_UINT64']:
|
||||
if not value.isnumeric():
|
||||
msg = f'Value for {myarg} {field} must be a number, got {value}'
|
||||
controlflow.system_error_exit(7, msg)
|
||||
value = int(value)
|
||||
elif vtype in ['TYPE_BOOL']:
|
||||
value = gam.getBoolean(value, field)
|
||||
elif vtype in ['TYPE_ENUM']:
|
||||
value = value.upper()
|
||||
prefix = schemas[myarg]['settings'][field]['enum_prefix']
|
||||
enum_values = schemas[myarg]['settings'][field]['enums']
|
||||
if value in enum_values:
|
||||
value = f'{prefix}{value}'
|
||||
elif value.replace(prefix, '') in enum_values:
|
||||
pass
|
||||
else:
|
||||
expected_enums = ', '.join(enum_values)
|
||||
msg = f'Expected {myarg} {field} value to be one of ' \
|
||||
f'{expected_enums}, got {value}'
|
||||
controlflow.system_error_exit(8, msg)
|
||||
elif vtype in ['TYPE_LIST']:
|
||||
value = value.split(',')
|
||||
if myarg == 'chrome.users.chromebrowserupdates' and \
|
||||
cased_field == 'targetVersionPrefixSetting':
|
||||
mg = re.compile(r'^([a-z]+)-(\d+)$').match(value)
|
||||
if mg:
|
||||
channel = mg.group(1).lower().replace('_', '')
|
||||
minus = mg.group(2)
|
||||
channel_map = gapi_chromehistory.get_channel_map(None)
|
||||
if channel not in channel_map:
|
||||
expected_channels = ', '.join(channel_map)
|
||||
msg = f'Expected {myarg} {cased_field} channel to be one of ' \
|
||||
f'{expected_channels}, got {channel}'
|
||||
controlflow.system_error_exit(8, msg)
|
||||
milestone = gapi_chromehistory.get_relative_milestone(
|
||||
channel_map[channel], int(minus))
|
||||
if not milestone:
|
||||
msg = f'{myarg} {cased_field} channel {channel} offset {minus} does not exist'
|
||||
controlflow.system_error_exit(8, msg)
|
||||
value = f'{milestone}.'
|
||||
body['requests'][-1]['policyValue']['value'][cased_field] = value
|
||||
body['requests'][-1]['updateMask'] += f'{cased_field},'
|
||||
i += 2
|
||||
else:
|
||||
msg = f'{myarg} is not a valid argument to "gam update chromepolicy"'
|
||||
controlflow.system_error_exit(4, msg)
|
||||
if not orgunit:
|
||||
controlflow.system_error_exit(3, 'You must specify an orgunit')
|
||||
for request in body['requests']:
|
||||
request['policyTargetKey'] = {'targetResource': orgunit}
|
||||
if printer_id:
|
||||
request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
|
||||
elif app_id:
|
||||
request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
|
||||
gapi.call(svc.customers().policies().orgunits(),
|
||||
'batchModify',
|
||||
customer=customer,
|
||||
body=body)
|
||||
@@ -1,12 +0,0 @@
|
||||
import gam
|
||||
from gam.var import GC_Values, GC_ENABLE_DASA
|
||||
|
||||
def build(api='cloudidentity'):
|
||||
return gam.buildGAPIObject(api)
|
||||
|
||||
def build_dwd(api='cloudidentity'):
|
||||
# If we are using DASA we don't need to use DwD.
|
||||
if GC_Values[GC_ENABLE_DASA]:
|
||||
return gam.buildGAPIObject(api)
|
||||
admin = gam._get_admin_email()
|
||||
return gam.buildGAPIServiceObject(api, admin, True)
|
||||
@@ -1,570 +0,0 @@
|
||||
import csv
|
||||
import sys
|
||||
|
||||
import googleapiclient
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import fileutils
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi import cloudidentity as gapi_cloudidentity
|
||||
from gam.gapi.directory import customer as gapi_directory_customer
|
||||
|
||||
def _get_device_customerid():
|
||||
customer = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer.startswith('C'):
|
||||
customer = customer[1:]
|
||||
return f'customers/{customer}'
|
||||
|
||||
def create():
|
||||
ci = gapi_cloudidentity.build_dwd()
|
||||
customer = _get_device_customerid()
|
||||
device_types = gapi.get_enum_values_minus_unspecified(
|
||||
ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1Device']['properties']['deviceType']['enum'])
|
||||
body = {'deviceType': '', 'serialNumber': ''}
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'serialnumber':
|
||||
body['serialNumber'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'devicetype':
|
||||
body['deviceType'] = sys.argv[i+1].upper()
|
||||
if body['deviceType'] not in device_types:
|
||||
controlflow.expected_argument_exit('device_type',
|
||||
', '.join(device_types),
|
||||
sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg in {'assettag', 'assetid'}:
|
||||
body['assetTag'] = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam create device')
|
||||
if not body['serialNumber'] or not body['deviceType']:
|
||||
controlflow.system_error_exit(
|
||||
3, 'serial_number and device_type are required arguments for "gam create device".')
|
||||
result = gapi.call(ci.devices(), 'create', customer=customer, body=body)
|
||||
print(f'Created device {result["response"]["name"]}')
|
||||
|
||||
|
||||
def _parse_action(action):
|
||||
kwargs = {}
|
||||
i = 3
|
||||
name = sys.argv[i]
|
||||
if name == 'id':
|
||||
i += 1
|
||||
name = sys.argv[i]
|
||||
i += 1
|
||||
if not name.startswith('devices/'):
|
||||
name = f'devices/{name}'
|
||||
customer = _get_device_customerid()
|
||||
# bah, inconsistencies in API
|
||||
if action == 'delete':
|
||||
kwargs['customer'] = customer
|
||||
else:
|
||||
kwargs['body'] = {'customer': customer}
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if action == 'wipe' and myarg == 'removeresetlock':
|
||||
kwargs['body']['removeResetLock'] = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], f'gam {action} device')
|
||||
return name, kwargs
|
||||
|
||||
|
||||
def info():
|
||||
ci = gapi_cloudidentity.build_dwd()
|
||||
customer = _get_device_customerid()
|
||||
_, name = _get_deviceuser_name()
|
||||
device = gapi.call(ci.devices(), 'get', name=name, customer=customer)
|
||||
device_users = gapi.get_all_pages(ci.devices().deviceUsers(), 'list',
|
||||
'deviceUsers', parent=name, customer=customer)
|
||||
for device_user in device_users:
|
||||
parent = device_user['name']
|
||||
device_user['client_states'] = gapi.get_all_pages(
|
||||
ci.devices().deviceUsers().clientStates(),
|
||||
'list', 'clientStates', parent=parent, customer=customer)
|
||||
display.print_json(device)
|
||||
print('Device Users:')
|
||||
display.print_json(device_users)
|
||||
|
||||
|
||||
def _generic_action(action, device_user=False):
|
||||
ci = gapi_cloudidentity.build_dwd()
|
||||
customer = _get_device_customerid()
|
||||
name, kwargs = _parse_action(action)
|
||||
if device_user:
|
||||
endpoint = ci.devices().deviceUsers()
|
||||
else:
|
||||
endpoint = ci.devices()
|
||||
op = gapi.call(endpoint, action, name=name, **kwargs)
|
||||
print(op)
|
||||
|
||||
|
||||
def delete():
|
||||
_generic_action('delete')
|
||||
|
||||
|
||||
def cancel_wipe():
|
||||
_generic_action('cancelWipe')
|
||||
|
||||
|
||||
def wipe():
|
||||
_generic_action('wipe')
|
||||
|
||||
|
||||
def approve_user():
|
||||
_generic_action('approve', True)
|
||||
|
||||
|
||||
def block_user():
|
||||
_generic_action('block', True)
|
||||
|
||||
|
||||
def cancel_wipe_user():
|
||||
_generic_action('cancelWipe', True)
|
||||
|
||||
|
||||
def delete_user():
|
||||
_generic_action('delete', True)
|
||||
|
||||
|
||||
def wipe_user():
|
||||
_generic_action('wipe', True)
|
||||
|
||||
|
||||
def _get_deviceuser_name():
|
||||
i = 3
|
||||
name = sys.argv[i]
|
||||
if name == 'id':
|
||||
i += 1
|
||||
name = sys.argv[i]
|
||||
if not name.startswith('devices/'):
|
||||
name = f'devices/{name}'
|
||||
return (i+1, name)
|
||||
|
||||
def info_state():
|
||||
ci = gapi_cloudidentity.build_dwd()
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
customer = _get_device_customerid()
|
||||
customer_id = customer[10:]
|
||||
client_id = f'{customer_id}-gam'
|
||||
i, deviceuser = _get_deviceuser_name()
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'clientid':
|
||||
client_id = f'{customer_id}-{sys.argv[i+1]}'
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam info deviceuserstate')
|
||||
name = f'{deviceuser}/clientStates/{client_id}'
|
||||
result = gapi.call(ci.devices().deviceUsers().clientStates(), 'get',
|
||||
name=name, customer=customer)
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
def update_state():
|
||||
ci = gapi_cloudidentity.build_dwd()
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
customer = _get_device_customerid()
|
||||
customer_id = customer[10:]
|
||||
client_id = f'{customer_id}-gam'
|
||||
body = {}
|
||||
i, deviceuser = _get_deviceuser_name()
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'clientid':
|
||||
client_id = f'{customer_id}-{sys.argv[i+1]}'
|
||||
i += 2
|
||||
elif myarg in ['assettag', 'assettags']:
|
||||
body['assetTags'] = gam.shlexSplitList(sys.argv[i+1])
|
||||
if body['assetTags'] == ['clear']:
|
||||
# TODO: this doesn't work to clear
|
||||
# existing values. Figure out why.
|
||||
body['assetTags'] = [None]
|
||||
i += 2
|
||||
elif myarg in ['compliantstate', 'compliancestate']:
|
||||
comp_states = gapi.get_enum_values_minus_unspecified(
|
||||
ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1ClientState']['properties']['complianceState']['enum'])
|
||||
body['complianceState'] = sys.argv[i+1].upper()
|
||||
if body['complianceState'] not in comp_states:
|
||||
controlflow.expected_argument_exit('compliant_state',
|
||||
', '.join(comp_states),
|
||||
sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'customid':
|
||||
body['customId'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'healthscore':
|
||||
health_scores = gapi.get_enum_values_minus_unspecified(
|
||||
ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1ClientState']['properties']['healthScore']['enum'])
|
||||
body['healthScore'] = sys.argv[i+1].upper()
|
||||
if body['healthScore'] == 'CLEAR':
|
||||
body['healthScore'] = None
|
||||
if body['healthScore'] and body['healthScore'] not in health_scores:
|
||||
controlflow.expected_argument_exit('health_score',
|
||||
', '.join(health_scores),
|
||||
sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'customvalue':
|
||||
allowed_types = ['bool', 'number', 'string']
|
||||
value_type = sys.argv[i+1].lower()
|
||||
if value_type not in allowed_types:
|
||||
controlflow.expected_argument_exit('custom_value',
|
||||
', '.join(allowed_types),
|
||||
sys.argv[i+1])
|
||||
key = sys.argv[i+2]
|
||||
value = sys.argv[i+3]
|
||||
if value_type == 'bool':
|
||||
value = gam.getBoolean(value, key)
|
||||
elif value_type == 'number':
|
||||
value = int(value)
|
||||
body.setdefault('keyValuePairs', {})
|
||||
body['keyValuePairs'][key] = {f'{value_type}Value': value}
|
||||
i += 4
|
||||
elif myarg in ['managedstate']:
|
||||
managed_states = gapi.get_enum_values_minus_unspecified(
|
||||
ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1ClientState']['properties']['managed']['enum'])
|
||||
body['managed'] = sys.argv[i+1].upper()
|
||||
if body['managed'] == 'CLEAR':
|
||||
body['managed'] = None
|
||||
if body['managed'] and body['managed'] not in managed_states:
|
||||
controlflow.expected_argument_exit('managed_state',
|
||||
', '.join(managed_states),
|
||||
sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg in ['scorereason']:
|
||||
body['scoreReason'] = sys.argv[i+1]
|
||||
if body['scoreReason'] == 'clear':
|
||||
body['scoreReason'] = None
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam update deviceuserstate')
|
||||
name = f'{deviceuser}/clientStates/{client_id}'
|
||||
updateMask = ','.join(body.keys())
|
||||
result = gapi.call(ci.devices().deviceUsers().clientStates(), 'patch',
|
||||
name=name, customer=customer, updateMask=updateMask, body=body)
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
def print_():
|
||||
# This function is rather messy thanks to
|
||||
# https://github.com/GAM-team/GAM/issues/1534
|
||||
# I'd prefer to keep it all in this function for now but if:
|
||||
# - we find other list() operations that also hit this bug OR
|
||||
# - it looks like this issue is going to exist on Google's side
|
||||
# for a long time.
|
||||
# I'll enterain some cleanup here to "functionalize" (yuck) all of this.
|
||||
ci = gapi_cloudidentity.build_dwd()
|
||||
customer = _get_device_customerid()
|
||||
parent = 'devices/-'
|
||||
device_filter = None
|
||||
get_device_users = True
|
||||
view = None
|
||||
orderByList = []
|
||||
# default sort order needed by our 1 hour bug workaround
|
||||
orderBy = 'create_time'
|
||||
titles = []
|
||||
csvRows = []
|
||||
todrive = False
|
||||
sortHeaders = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['filter', 'query']:
|
||||
device_filter = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'company':
|
||||
view = 'COMPANY_INVENTORY'
|
||||
i += 1
|
||||
elif myarg == 'personal':
|
||||
view = 'USER_ASSIGNED_DEVICES'
|
||||
i += 1
|
||||
elif myarg == 'nocompanydevices':
|
||||
view = 'USER_ASSIGNED_DEVICES'
|
||||
i += 1
|
||||
elif myarg == 'nopersonaldevices':
|
||||
view = 'COMPANY_INVENTORY'
|
||||
i += 1
|
||||
elif myarg == 'nodeviceusers':
|
||||
get_device_users = False
|
||||
i += 1
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg == 'orderby':
|
||||
fieldName = sys.argv[i + 1].lower()
|
||||
i += 2
|
||||
if fieldName in DEVICE_ORDERBY_CHOICES_MAP:
|
||||
fieldName = DEVICE_ORDERBY_CHOICES_MAP[fieldName]
|
||||
orderBy = ''
|
||||
if i < len(sys.argv):
|
||||
orderBy = sys.argv[i].lower()
|
||||
if orderBy in SORTORDER_CHOICES_MAP:
|
||||
orderBy = SORTORDER_CHOICES_MAP[orderBy]
|
||||
i += 1
|
||||
if orderBy != 'DESCENDING':
|
||||
orderByList.append(fieldName)
|
||||
else:
|
||||
orderByList.append(f'{fieldName} desc')
|
||||
else:
|
||||
controlflow.expected_argument_exit(
|
||||
'orderby', ', '.join(sorted(DEVICE_ORDERBY_CHOICES_MAP)),
|
||||
fieldName)
|
||||
elif myarg == 'sortheaders':
|
||||
sortHeaders = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print devices')
|
||||
view_name_map = {
|
||||
None: 'Devices',
|
||||
'COMPANY_INVENTORY': 'Company Devices',
|
||||
'USER_ASSIGNED_DEVICES': 'Personal Devices',
|
||||
}
|
||||
if orderByList:
|
||||
orderBy = ','.join(orderByList)
|
||||
custom_device_filter = bool(device_filter)
|
||||
# we store the devices in a dict keyed by name which is a unique ID.
|
||||
# that way when we get duplicate devices we just overwrite the name
|
||||
# with the latest copy we saw.
|
||||
devices = {}
|
||||
page_message = gapi.got_total_items_msg(view_name_map[view], '...\n')
|
||||
pageToken = None
|
||||
newest_device_date = ''
|
||||
total_items = 0
|
||||
while True:
|
||||
try:
|
||||
a_page = gapi.call(ci.devices(),
|
||||
'list',
|
||||
customer=customer,
|
||||
pageSize=100,
|
||||
pageToken=pageToken,
|
||||
filter=device_filter,
|
||||
view=view,
|
||||
orderBy=orderBy,
|
||||
throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O])
|
||||
except googleapiclient.errors.HttpError:
|
||||
sys.stderr.write('WARNING: GAM hit Google internal bug 237397223. Please file a Google Support ticket stating that you are encountering this bug.\n')
|
||||
if orderBy != 'create_time' or custom_device_filter:
|
||||
controlflow.system_error_exit(5, 'GAM workaround for this issue only works if filter and orderby arguments are not used.\n')
|
||||
sys.stderr.write(f' attempting to work around the bug by filtering for devices created on or after the newest we\'ve seen ({newest_device_date})...')
|
||||
device_filter = f'register:{newest_device_date}..'
|
||||
pageToken = None
|
||||
continue
|
||||
for dev in a_page.get('devices', []):
|
||||
total_items += 1
|
||||
devices[dev['name']] = dev
|
||||
dev_date = dev.get('createTime', '')
|
||||
# remove the Z
|
||||
dev_date = dev_date[:-1]
|
||||
# remove microseconds
|
||||
dev_date = dev_date.split('.')[0]
|
||||
if dev_date > newest_device_date:
|
||||
newest_device_date = dev_date
|
||||
pageToken = a_page.get('nextPageToken')
|
||||
if not pageToken:
|
||||
break
|
||||
sys.stderr.write(page_message.replace('%%total_items%%', str(total_items)))
|
||||
if get_device_users:
|
||||
page_message = gapi.got_total_items_msg('Device Users', '...\n')
|
||||
pageToken = None
|
||||
newest_deviceuser_date = ''
|
||||
total_items = 0
|
||||
device_users = {}
|
||||
if not custom_device_filter:
|
||||
device_filter = None
|
||||
while True:
|
||||
try:
|
||||
a_page = gapi.call(ci.devices().deviceUsers(),
|
||||
'list',
|
||||
customer=customer,
|
||||
parent=parent,
|
||||
pageSize=20,
|
||||
orderBy=orderBy,
|
||||
filter=device_filter,
|
||||
pageToken=pageToken,
|
||||
throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O])
|
||||
except googleapiclient.errors.HttpError:
|
||||
sys.stderr.write('WARNING: GAM hit Google internal bug 237397223. Please file a Google Support ticket stating that you are encountering this bug.\n')
|
||||
if orderBy != 'create_time' or custom_device_filter:
|
||||
controlflow.system_error_exit(5, 'GAM workaround for this issue only works if filter and orderby arguments are not used.\n')
|
||||
sys.stderr.write(f' attempting to work around the bug by filtering for device users created on or after the newest we\'ve seen ({newest_deviceuser_date})...')
|
||||
device_filter = f'register:{newest_deviceuser_date}..'
|
||||
pageToken = None
|
||||
continue
|
||||
for device_user in a_page.get('deviceUsers', []):
|
||||
total_items += 1
|
||||
dev_date = device_user.get('createTime', '')
|
||||
# remove the Z
|
||||
dev_date = dev_date[:-1]
|
||||
# remove microseconds
|
||||
dev_date = dev_date.split('.')[0]
|
||||
if dev_date > newest_deviceuser_date:
|
||||
newest_deviceuser_date = dev_date
|
||||
deviceuser_name = device_user['name']
|
||||
device_users[deviceuser_name] = device_user
|
||||
pageToken = a_page.get('nextPageToken')
|
||||
if not pageToken:
|
||||
break
|
||||
sys.stderr.write(page_message.replace('%%total_items%%', str(total_items)))
|
||||
for deviceuser_name, device_user in device_users.items():
|
||||
device_id = deviceuser_name.split('/')[1]
|
||||
device_name = f'devices/{device_id}'
|
||||
if 'users' not in devices[device_name]:
|
||||
devices[device_name]['users'] = []
|
||||
devices[device_name]['users'].append(device_user)
|
||||
for device in devices.values():
|
||||
device = utils.flatten_json(device)
|
||||
for a_key in device:
|
||||
if a_key not in titles:
|
||||
titles.append(a_key)
|
||||
csvRows.append(device)
|
||||
if sortHeaders:
|
||||
display.sort_csv_titles(['name',], titles)
|
||||
display.write_csv_file(csvRows, titles, 'Devices', todrive)
|
||||
|
||||
|
||||
def sync():
|
||||
ci = gapi_cloudidentity.build_dwd()
|
||||
device_types = gapi.get_enum_values_minus_unspecified(
|
||||
ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1Device']['properties']['deviceType']['enum'])
|
||||
customer = _get_device_customerid()
|
||||
device_filter = None
|
||||
csv_file = None
|
||||
serialnumber_column = 'serialNumber'
|
||||
devicetype_column = 'deviceType'
|
||||
static_devicetype = None
|
||||
assettag_column = None
|
||||
unassigned_missing_action = 'delete'
|
||||
assigned_missing_action = 'donothing'
|
||||
missing_actions = ['delete', 'wipe', 'donothing']
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['filter', 'query']:
|
||||
device_filter = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'csvfile':
|
||||
csv_file = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'serialnumbercolumn':
|
||||
serialnumber_column = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'devicetypecolumn':
|
||||
devicetype_column = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'staticdevicetype':
|
||||
static_devicetype = sys.argv[i+1].upper()
|
||||
if static_devicetype not in device_types:
|
||||
controlflow.expected_argument_exit('device_type',
|
||||
', '.join(device_types),
|
||||
sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg in {'assettagcolumn', 'assetidcolumn'}:
|
||||
assettag_column = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'unassignedmissingaction':
|
||||
unassigned_missing_action = sys.argv[i+1].lower().replace('_', '')
|
||||
if unassigned_missing_action not in missing_actions:
|
||||
controlflow.expected_argument_exit('unassigned_missing_action',
|
||||
', '.join(missing_actions),
|
||||
sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'assignedmissingaction':
|
||||
assigned_missing_action = sys.argv[i+1].lower().replace('_', '')
|
||||
if assigned_missing_action not in missing_actions:
|
||||
controlflow.expected_argument_exit('assigned_missing_action',
|
||||
', '.join(missing_actions),
|
||||
sys.argv[i+1])
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam sync devices')
|
||||
if not csv_file:
|
||||
controlflow.system_error_exit(
|
||||
3, 'csvfile is a required argument for "gam sync devices".')
|
||||
f = fileutils.open_file(csv_file)
|
||||
input_file = csv.DictReader(f, restval='')
|
||||
if serialnumber_column not in input_file.fieldnames:
|
||||
controlflow.csv_field_error_exit(serialnumber_column, input_file.fieldnames)
|
||||
if not static_devicetype and devicetype_column not in input_file.fieldnames:
|
||||
controlflow.csv_field_error_exit(devicetype_column, input_file.fieldnames)
|
||||
if assettag_column and assettag_column not in input_file.fieldnames:
|
||||
controlflow.csv_field_error_exit(assettag_column, input_file.fieldnames)
|
||||
local_devices = {}
|
||||
for row in input_file:
|
||||
# upper() is very important to comparison since Google
|
||||
# always return uppercase serials
|
||||
local_device = {'serialNumber': row[serialnumber_column].strip().upper()}
|
||||
if static_devicetype:
|
||||
local_device['deviceType'] = static_devicetype
|
||||
else:
|
||||
local_device['deviceType'] = row[devicetype_column].strip()
|
||||
sndt = f"{local_device['serialNumber']}-{local_device['deviceType']}"
|
||||
if assettag_column:
|
||||
local_device['assetTag'] = row[assettag_column].strip()
|
||||
sndt += f"-{local_device['assetTag']}"
|
||||
local_devices[sndt] = local_device
|
||||
fileutils.close_file(f)
|
||||
page_message = gapi.got_total_items_msg('Company Devices', '...\n')
|
||||
device_fields = ['serialNumber', 'deviceType', 'lastSyncTime', 'name']
|
||||
if assettag_column:
|
||||
device_fields.append('assetTag')
|
||||
fields = f'nextPageToken,devices({",".join(device_fields)})'
|
||||
remote_devices = {}
|
||||
remote_device_map = {}
|
||||
result = gapi.get_all_pages(ci.devices(), 'list', 'devices',
|
||||
customer=customer, page_message=page_message,
|
||||
pageSize=100, filter=device_filter, view='COMPANY_INVENTORY', fields=fields)
|
||||
for remote_device in result:
|
||||
sn = remote_device['serialNumber']
|
||||
last_sync = remote_device.pop('lastSyncTime', NEVER_TIME_NOMS)
|
||||
name = remote_device.pop('name')
|
||||
sndt = f"{remote_device['serialNumber']}-{remote_device['deviceType']}"
|
||||
if assettag_column:
|
||||
if 'assetTag' not in remote_device:
|
||||
remote_device['assetTag'] = ''
|
||||
sndt += f"-{remote_device['assetTag']}"
|
||||
remote_devices[sndt] = remote_device
|
||||
remote_device_map[sndt] = {'name': name}
|
||||
if last_sync == NEVER_TIME_NOMS:
|
||||
remote_device_map[sndt]['unassigned'] = True
|
||||
devices_to_add = []
|
||||
for sndt, device in iter(local_devices.items()):
|
||||
if sndt not in remote_devices:
|
||||
devices_to_add.append(device)
|
||||
missing_devices = []
|
||||
for sndt, device in iter(remote_devices.items()):
|
||||
if sndt not in local_devices:
|
||||
missing_devices.append(device)
|
||||
print(f'Need to add {len(devices_to_add)} and remove {len(missing_devices)} devices...')
|
||||
for add_device in devices_to_add:
|
||||
print(f'Creating {add_device["serialNumber"]}')
|
||||
try:
|
||||
result = gapi.call(ci.devices(), 'create', customer=customer,
|
||||
throw_reasons=[gapi_errors.ErrorReason.FOUR_O_NINE], body=add_device)
|
||||
print(f' created {result["response"]["deviceType"]} device {result["response"]["name"]} with serial {result["response"]["serialNumber"]}')
|
||||
except googleapiclient.errors.HttpError:
|
||||
print(f' {add_device["serialNumber"]} already exists')
|
||||
for missing_device in missing_devices:
|
||||
sn = missing_device['serialNumber']
|
||||
sndt = f"{sn}-{missing_device['deviceType']}"
|
||||
if assettag_column:
|
||||
sndt += f"-{missing_device['assetTag']}"
|
||||
name = remote_device_map[sndt]['name']
|
||||
unassigned = remote_device_map[sndt].get('unassigned')
|
||||
action = unassigned_missing_action if unassigned else assigned_missing_action
|
||||
if action == 'donothing':
|
||||
pass
|
||||
else:
|
||||
if action == 'delete':
|
||||
kwargs = {'customer': customer}
|
||||
else:
|
||||
kwargs = {'body': {'customer': customer}}
|
||||
gapi.call(ci.devices(), action,
|
||||
name=name, **kwargs)
|
||||
print(f'{action}d {sn}')
|
||||
@@ -1,989 +0,0 @@
|
||||
import sys
|
||||
|
||||
import googleapiclient
|
||||
|
||||
import gam
|
||||
from gam.var import * # pylint: disable=unused-wildcard-import
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi import cloudidentity as gapi_cloudidentity
|
||||
from gam.gapi.directory import customer as gapi_directory_customer
|
||||
|
||||
# This allows easy switching between v1 and v1beta1
|
||||
# v1
|
||||
CIGROUP_API_BETA = 'cloudidentity'
|
||||
CIGROUP_MEMBERKEY = 'preferredMemberKey'
|
||||
# v1beta1
|
||||
#CIGROUP_API_BETA = 'cloudidentity_beta'
|
||||
#CIGROUP_MEMBERKEY = 'memberKey'
|
||||
|
||||
|
||||
def create():
|
||||
ci = gapi_cloudidentity.build()
|
||||
initialGroupConfig = 'EMPTY'
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
|
||||
body = {
|
||||
'groupKey': {
|
||||
'id': gam.normalizeEmailAddressOrUID(sys.argv[3], noUid=True)
|
||||
},
|
||||
'parent': parent,
|
||||
'labels': {
|
||||
'cloudidentity.googleapis.com/groups.discussion_forum': ''
|
||||
},
|
||||
}
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'name':
|
||||
body['displayName'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'description':
|
||||
body['description'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['alias', 'aliases']:
|
||||
# As of 2020/06/25 this doesn't work (yet?)
|
||||
aliases = sys.argv[i + 1].split(' ')
|
||||
body['additionalGroupKeys'] = []
|
||||
for alias in aliases:
|
||||
body['additionalGroupKeys'].append({'id': alias})
|
||||
i += 2
|
||||
elif myarg in ['dynamic']:
|
||||
body['dynamicGroupMetadata'] = {
|
||||
'queries': [{
|
||||
'query': sys.argv[i + 1],
|
||||
'resourceType': 'USER'
|
||||
}]
|
||||
}
|
||||
i += 2
|
||||
elif myarg in ['makeowner']:
|
||||
initialGroupConfig = 'WITH_INITIAL_OWNER'
|
||||
i += 1
|
||||
else:
|
||||
print('should not get here')
|
||||
sys.exit(5)
|
||||
print(f'Creating group {body["groupKey"]["id"]}')
|
||||
gapi.call(ci.groups(),
|
||||
'create',
|
||||
initialGroupConfig=initialGroupConfig,
|
||||
body=body)
|
||||
|
||||
|
||||
def delete():
|
||||
ci = gapi_cloudidentity.build()
|
||||
group = sys.argv[3]
|
||||
name = group_email_to_id(ci, group)
|
||||
print(f'Deleting group {group}')
|
||||
gapi.call(ci.groups(), 'delete', name=name)
|
||||
|
||||
|
||||
def info():
|
||||
ci = gapi_cloudidentity.build(CIGROUP_API_BETA)
|
||||
group = gam.normalizeEmailAddressOrUID(sys.argv[3])
|
||||
getUsers = True
|
||||
getSecuritySettings = True
|
||||
showJoinDate = True
|
||||
showUpdateDate = False
|
||||
showMemberTree = False
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'nousers':
|
||||
getUsers = False
|
||||
i += 1
|
||||
elif myarg == 'nojoindate':
|
||||
showJoinDate = False
|
||||
i += 1
|
||||
elif myarg == 'showupdatedate':
|
||||
showUpdateDate = True
|
||||
i += 1
|
||||
elif myarg == 'membertree':
|
||||
showMemberTree = True
|
||||
i += 1
|
||||
elif myarg in ['nosecurity', 'nosecuritysettings']:
|
||||
getSecuritySettings = False
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam info cigroup')
|
||||
name = group_email_to_id(ci, group)
|
||||
basic_info = gapi.call(ci.groups(), 'get', name=name)
|
||||
display.print_json(basic_info)
|
||||
if getSecuritySettings:
|
||||
sec_info = gapi.call(ci.groups(),
|
||||
'getSecuritySettings',
|
||||
name=f'{name}/securitySettings',
|
||||
readMask='*')
|
||||
print(' Security settings:')
|
||||
display.print_json(sec_info, spacing=' ')
|
||||
if getUsers and not showMemberTree:
|
||||
if not showJoinDate and not showUpdateDate:
|
||||
view = 'BASIC'
|
||||
pageSize = 1000
|
||||
else:
|
||||
view = 'FULL'
|
||||
pageSize = 500
|
||||
members = gapi.get_all_pages(ci.groups().memberships(),
|
||||
'list',
|
||||
'memberships',
|
||||
parent=name,
|
||||
fields='*',
|
||||
pageSize=pageSize,
|
||||
view=view)
|
||||
print(' Members:')
|
||||
for member in members:
|
||||
role = get_single_role(member.get('roles', [])).lower()
|
||||
email = member.get(CIGROUP_MEMBERKEY, {}).get('id')
|
||||
member_type = member.get('type', 'USER').lower()
|
||||
jc_string = ''
|
||||
if showJoinDate:
|
||||
joined = member.get('createTime', 'Unknown')
|
||||
jc_string += f' joined {joined}'
|
||||
if showUpdateDate:
|
||||
updated = member.get('updateTime', 'Unknown')
|
||||
jc_string += f' updated {updated}'
|
||||
print(f' {role}: {email} ({member_type}){jc_string}')
|
||||
print(f'Total {len(members)} users in group')
|
||||
elif showMemberTree:
|
||||
print(' Membership Tree:')
|
||||
cached_group_members = {}
|
||||
print_member_tree(ci, name, cached_group_members, 2, True)
|
||||
|
||||
|
||||
def print_member_tree(ci, group_id, cached_group_members, spaces, show_role):
|
||||
if not group_id in cached_group_members:
|
||||
cached_group_members[group_id] = gapi.get_all_pages(ci.groups().memberships(),
|
||||
'list',
|
||||
'memberships',
|
||||
parent=group_id,
|
||||
view='FULL',
|
||||
fields='*',
|
||||
pageSize=1000)
|
||||
for member in cached_group_members[group_id]:
|
||||
member_id = member.get('name', '')
|
||||
member_id = member_id.split('/')[-1]
|
||||
email = member.get(CIGROUP_MEMBERKEY, {}).get('id')
|
||||
member_type = member.get('type', 'USER').lower()
|
||||
if show_role:
|
||||
role = get_single_role(member.get('roles', [])).lower()
|
||||
print(f'{" " * spaces}{role}: {email} ({member_type})')
|
||||
else:
|
||||
print(f'{" " * spaces}{email} ({member_type})')
|
||||
if member_type == 'group':
|
||||
print_member_tree(ci, f'groups/{member_id}', cached_group_members, spaces + 2, False)
|
||||
|
||||
|
||||
def info_member():
|
||||
ci = gapi_cloudidentity.build()
|
||||
member = gam.normalizeEmailAddressOrUID(sys.argv[3])
|
||||
group = gam.normalizeEmailAddressOrUID(sys.argv[4])
|
||||
group_name = gapi.call(ci.groups(),
|
||||
'lookup',
|
||||
groupKey_id=group,
|
||||
fields='name').get('name')
|
||||
member_name = gapi.call(ci.groups().memberships(),
|
||||
'lookup',
|
||||
parent=group_name,
|
||||
memberKey_id=member,
|
||||
fields='name').get('name')
|
||||
member_details = gapi.call(ci.groups().memberships(),
|
||||
'get',
|
||||
name=member_name)
|
||||
display.print_json(member_details)
|
||||
|
||||
|
||||
UPDATE_GROUP_SUBCMDS = ['add', 'clear', 'delete', 'remove', 'sync', 'update']
|
||||
GROUP_ROLES_MAP = {
|
||||
'owner': ROLE_OWNER,
|
||||
'owners': ROLE_OWNER,
|
||||
'manager': ROLE_MANAGER,
|
||||
'managers': ROLE_MANAGER,
|
||||
'member': ROLE_MEMBER,
|
||||
'members': ROLE_MEMBER,
|
||||
}
|
||||
|
||||
|
||||
def print_():
|
||||
ci = gapi_cloudidentity.build(CIGROUP_API_BETA)
|
||||
i = 3
|
||||
members = False
|
||||
membersCountOnly = False
|
||||
managers = False
|
||||
managersCountOnly = False
|
||||
owners = False
|
||||
ownersCountOnly = False
|
||||
memberRestrictions = False
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
|
||||
usemember = None
|
||||
query = None
|
||||
memberDelimiter = '\n'
|
||||
todrive = False
|
||||
titles = []
|
||||
csvRows = []
|
||||
roles = []
|
||||
sortHeaders = False
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg == 'enterprisemember':
|
||||
member = gam.convertUIDtoEmailAddress(sys.argv[i + 1], email_types=['user', 'group'])
|
||||
usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
|
||||
i += 2
|
||||
elif myarg == 'delimiter':
|
||||
memberDelimiter = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'query':
|
||||
query = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'sortheaders':
|
||||
sortHeaders = True
|
||||
i += 1
|
||||
elif myarg in ['members', 'memberscount']:
|
||||
roles.append(ROLE_MEMBER)
|
||||
members = True
|
||||
if myarg == 'memberscount':
|
||||
membersCountOnly = True
|
||||
i += 1
|
||||
elif myarg in ['owners', 'ownerscount']:
|
||||
roles.append(ROLE_OWNER)
|
||||
owners = True
|
||||
if myarg == 'ownerscount':
|
||||
ownersCountOnly = True
|
||||
i += 1
|
||||
elif myarg in ['managers', 'managerscount']:
|
||||
roles.append(ROLE_MANAGER)
|
||||
managers = True
|
||||
if myarg == 'managerscount':
|
||||
managersCountOnly = True
|
||||
i += 1
|
||||
elif myarg in ['memberrestrictions']:
|
||||
memberRestrictions = True
|
||||
display.add_titles_to_csv_file(
|
||||
['memberRestrictionQuery',],
|
||||
titles)
|
||||
display.add_titles_to_csv_file(
|
||||
['memberRestrictionEvaluation',],
|
||||
titles)
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroups')
|
||||
if roles:
|
||||
if members:
|
||||
display.add_titles_to_csv_file([
|
||||
'MembersCount',
|
||||
], titles)
|
||||
if not membersCountOnly:
|
||||
display.add_titles_to_csv_file([
|
||||
'Members',
|
||||
], titles)
|
||||
if managers:
|
||||
display.add_titles_to_csv_file([
|
||||
'ManagersCount',
|
||||
], titles)
|
||||
if not managersCountOnly:
|
||||
display.add_titles_to_csv_file([
|
||||
'Managers',
|
||||
], titles)
|
||||
if owners:
|
||||
display.add_titles_to_csv_file([
|
||||
'OwnersCount',
|
||||
], titles)
|
||||
if not ownersCountOnly:
|
||||
display.add_titles_to_csv_file([
|
||||
'Owners',
|
||||
], titles)
|
||||
gam.printGettingAllItems('Groups', usemember)
|
||||
page_message = gapi.got_total_items_first_last_msg('Groups')
|
||||
if usemember:
|
||||
try:
|
||||
result = gapi.get_all_pages(ci.groups().memberships(),
|
||||
'searchTransitiveGroups',
|
||||
'memberships',
|
||||
throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O],
|
||||
page_message=page_message,
|
||||
message_attribute=['groupKey', 'id'],
|
||||
parent='groups/-', query=usemember,
|
||||
fields='nextPageToken,memberships(group,groupKey(id),relationType)',
|
||||
pageSize=1000)
|
||||
except googleapiclient.errors.HttpError:
|
||||
controlflow.system_error_exit(
|
||||
2,
|
||||
'enterprisemember requires Enterprise license')
|
||||
entityList = []
|
||||
for entity in result:
|
||||
if entity['relationType'] == 'DIRECT':
|
||||
entityList.append(gapi.call(ci.groups(), 'get', name=entity['group']))
|
||||
else:
|
||||
if query:
|
||||
method = 'search'
|
||||
kwargs = {'query': query}
|
||||
else:
|
||||
method = 'list'
|
||||
kwargs = {'parent': parent}
|
||||
entityList = gapi.get_all_pages(ci.groups(),
|
||||
method,
|
||||
'groups',
|
||||
page_message=page_message,
|
||||
message_attribute=['groupKey', 'id'],
|
||||
view='FULL',
|
||||
pageSize=500,
|
||||
**kwargs)
|
||||
i = 0
|
||||
count = len(entityList)
|
||||
for groupEntity in entityList:
|
||||
i += 1
|
||||
groupEmail = groupEntity['groupKey']['id']
|
||||
for k, v in iter(groupEntity.pop('labels', {}).items()):
|
||||
if v == '':
|
||||
groupEntity[f'labels.{k}'] = True
|
||||
else:
|
||||
groupEntity[f'labels.{k}'] = v
|
||||
group = utils.flatten_json(groupEntity)
|
||||
for a_key in group:
|
||||
if a_key not in titles:
|
||||
titles.append(a_key)
|
||||
groupKey_id = groupEntity['name']
|
||||
if roles:
|
||||
sys.stderr.write(
|
||||
f' Getting {roles} for {groupEmail}{gam.currentCountNL(i, count)}'
|
||||
)
|
||||
page_message = gapi.got_total_items_first_last_msg('Members')
|
||||
validRoles, _, _ = gam._getRoleVerification(
|
||||
','.join(roles), 'nextPageToken,members(email,id,role)')
|
||||
groupMembers = gapi.get_all_pages(ci.groups().memberships(),
|
||||
'list',
|
||||
'memberships',
|
||||
page_message=page_message,
|
||||
message_attribute=[CIGROUP_MEMBERKEY, 'id'],
|
||||
soft_errors=True,
|
||||
parent=groupKey_id,
|
||||
view='BASIC')
|
||||
if members:
|
||||
membersList = []
|
||||
membersCount = 0
|
||||
if managers:
|
||||
managersList = []
|
||||
managersCount = 0
|
||||
if owners:
|
||||
ownersList = []
|
||||
ownersCount = 0
|
||||
for member in groupMembers:
|
||||
member_email = member[CIGROUP_MEMBERKEY]['id']
|
||||
role = get_single_role(member.get('roles', []))
|
||||
if not validRoles or role in validRoles:
|
||||
if role == ROLE_MEMBER:
|
||||
if members:
|
||||
membersCount += 1
|
||||
if not membersCountOnly:
|
||||
membersList.append(member_email)
|
||||
elif role == ROLE_MANAGER:
|
||||
if managers:
|
||||
managersCount += 1
|
||||
if not managersCountOnly:
|
||||
managersList.append(member_email)
|
||||
elif role == ROLE_OWNER:
|
||||
if owners:
|
||||
ownersCount += 1
|
||||
if not ownersCountOnly:
|
||||
ownersList.append(member_email)
|
||||
elif members:
|
||||
membersCount += 1
|
||||
if not membersCountOnly:
|
||||
membersList.append(member_email)
|
||||
if members:
|
||||
group['MembersCount'] = membersCount
|
||||
if not membersCountOnly:
|
||||
group['Members'] = memberDelimiter.join(membersList)
|
||||
if managers:
|
||||
group['ManagersCount'] = managersCount
|
||||
if not managersCountOnly:
|
||||
group['Managers'] = memberDelimiter.join(managersList)
|
||||
if owners:
|
||||
group['OwnersCount'] = ownersCount
|
||||
if not ownersCountOnly:
|
||||
group['Owners'] = memberDelimiter.join(ownersList)
|
||||
if memberRestrictions:
|
||||
name = f'{groupKey_id}/securitySettings'
|
||||
print(f'Getting member restrictions for {groupEmail} ({i}/{count}')
|
||||
sec_info = gapi.call(ci.groups(),
|
||||
'getSecuritySettings',
|
||||
name=name,
|
||||
readMask='*')
|
||||
if 'memberRestriction' in sec_info:
|
||||
group['memberRestrictionQuery'] = sec_info['memberRestriction'].get('query', '')
|
||||
group['memberRestrictionEvaluation'] = sec_info['memberRestriction'].get('evaluation', {}).get('state', '')
|
||||
csvRows.append(group)
|
||||
if sortHeaders:
|
||||
display.sort_csv_titles([
|
||||
'name', 'groupKey.id'
|
||||
], titles)
|
||||
display.write_csv_file(csvRows, titles, 'Groups', todrive)
|
||||
|
||||
|
||||
def _get_groups_list(ci=None, member=None, parent=None):
|
||||
if not ci:
|
||||
ci = gapi_cloudidentity.build()
|
||||
if not parent:
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
|
||||
gam.printGettingAllItems('Groups', member)
|
||||
page_message = gapi.got_total_items_first_last_msg('Groups')
|
||||
if member:
|
||||
fields = 'nextPageToken,memberships(groupKey(id),relationType)'
|
||||
try:
|
||||
groups_to_get = gapi.get_all_pages(ci.groups().memberships(),
|
||||
'searchTransitiveGroups',
|
||||
'memberships',
|
||||
throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O],
|
||||
message_attribute=['groupKey', 'id'],
|
||||
page_message=page_message,
|
||||
parent='groups/-',
|
||||
query=member,
|
||||
pageSize=1000,
|
||||
fields=fields)
|
||||
except googleapiclient.errors.HttpError:
|
||||
controlflow.system_error_exit(
|
||||
2,
|
||||
'enterprisemember requires Enterprise license')
|
||||
return [group['groupKey']['id'] for group in groups_to_get if group['relationType'] == 'DIRECT']
|
||||
else:
|
||||
groups_to_get = gapi.get_all_pages(
|
||||
ci.groups(),
|
||||
'list',
|
||||
'groups',
|
||||
message_attribute=['groupKey', 'id'],
|
||||
page_message=page_message,
|
||||
parent=parent,
|
||||
view='BASIC',
|
||||
pageSize=1000,
|
||||
fields='nextPageToken,groups(groupKey(id))')
|
||||
return [group['groupKey']['id'] for group in groups_to_get]
|
||||
|
||||
|
||||
def get_membership_graph(member):
|
||||
ci = gapi_cloudidentity.build(CIGROUP_API_BETA)
|
||||
query = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
|
||||
result = gapi.call(ci.groups().memberships(),
|
||||
'getMembershipGraph',
|
||||
parent='groups/-',
|
||||
query=query)
|
||||
return result.get('response')
|
||||
|
||||
|
||||
def print_members():
|
||||
ci = gapi_cloudidentity.build(CIGROUP_API_BETA)
|
||||
todrive = False
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
|
||||
usemember = None
|
||||
roles = []
|
||||
titles = ['group']
|
||||
csvRows = []
|
||||
groups_to_get = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['role', 'roles']:
|
||||
for role in sys.argv[i + 1].lower().replace(',', ' ').split():
|
||||
if role in GROUP_ROLES_MAP:
|
||||
roles.append(GROUP_ROLES_MAP[role])
|
||||
else:
|
||||
controlflow.system_error_exit(
|
||||
2,
|
||||
f'{role} is not a valid role for "gam print group-members {myarg}"'
|
||||
)
|
||||
i += 2
|
||||
elif myarg == 'enterprisemember':
|
||||
member = gam.convertUIDtoEmailAddress(sys.argv[i + 1], email_types=['user', 'group'])
|
||||
usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
|
||||
i += 2
|
||||
elif myarg in ['cigroup', 'cigroups']:
|
||||
group_email = gam.normalizeEmailAddressOrUID(sys.argv[i + 1])
|
||||
groups_to_get = [group_email]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print cigroup-members')
|
||||
if not groups_to_get:
|
||||
groups_to_get = _get_groups_list(ci, usemember, parent)
|
||||
i = 0
|
||||
count = len(groups_to_get)
|
||||
for group_email in groups_to_get:
|
||||
i += 1
|
||||
|
||||
sys.stderr.write(
|
||||
f'Getting members for {group_email}{gam.currentCountNL(i, count)}')
|
||||
group_id = group_email_to_id(ci, group_email)
|
||||
print(f'Getting members of cigroup {group_email}...')
|
||||
page_message = f' {gapi.got_total_items_first_last_msg("Members")}'
|
||||
group_members = gapi.get_all_pages(
|
||||
ci.groups().memberships(),
|
||||
'list',
|
||||
'memberships',
|
||||
soft_errors=True,
|
||||
parent=group_id,
|
||||
view='FULL',
|
||||
pageSize=500,
|
||||
page_message=page_message,
|
||||
message_attribute=[CIGROUP_MEMBERKEY, 'id'])
|
||||
#fields=f'nextPageToken,memberships({CIGROUP_MEMBERKEY},roles,createTime,updateTime)')
|
||||
if roles:
|
||||
group_members = filter_members_to_roles(group_members, roles)
|
||||
for member in group_members:
|
||||
# reduce role to a single value
|
||||
member['role'] = get_single_role(member.pop('roles'))
|
||||
member = utils.flatten_json(member)
|
||||
for title in member:
|
||||
if title not in titles:
|
||||
titles.append(title)
|
||||
member['group'] = group_email
|
||||
csvRows.append(member)
|
||||
display.write_csv_file(csvRows, titles, 'Group Members', todrive)
|
||||
|
||||
|
||||
def update():
|
||||
|
||||
# Convert foo@googlemail.com to foo@gmail.com; eliminate periods in name for foo.bar@gmail.com
|
||||
def _cleanConsumerAddress(emailAddress, mapCleanToOriginal):
|
||||
atLoc = emailAddress.find('@')
|
||||
if atLoc > 0:
|
||||
if emailAddress[atLoc + 1:] in ['gmail.com', 'googlemail.com']:
|
||||
cleanEmailAddress = emailAddress[:atLoc].replace(
|
||||
'.', '') + '@gmail.com'
|
||||
if cleanEmailAddress != emailAddress:
|
||||
mapCleanToOriginal[cleanEmailAddress] = emailAddress
|
||||
return cleanEmailAddress
|
||||
return emailAddress
|
||||
|
||||
def _getRoleAndUsers():
|
||||
checkSuspended = None
|
||||
role = ROLE_MEMBER
|
||||
expireTime = None
|
||||
i = 5
|
||||
if sys.argv[i].lower() in GROUP_ROLES_MAP:
|
||||
role = GROUP_ROLES_MAP[sys.argv[i].lower()]
|
||||
i += 1
|
||||
if sys.argv[i].lower() in ['suspended', 'notsuspended']:
|
||||
checkSuspended = sys.argv[i].lower() == 'suspended'
|
||||
i += 1
|
||||
if sys.argv[i].lower() in ['expire', 'expires']:
|
||||
if role != ROLE_MEMBER:
|
||||
controlflow.invalid_argument_exit(
|
||||
sys.argv[i], f'role {role}')
|
||||
expireTime = utils.get_time_or_delta_from_now(sys.argv[i+1])
|
||||
i += 2
|
||||
if sys.argv[i].lower() in usergroup_types:
|
||||
users_email = gam.getUsersToModify(entity_type=sys.argv[i].lower(),
|
||||
entity=sys.argv[i + 1],
|
||||
checkSuspended=checkSuspended,
|
||||
groupUserMembersOnly=False)
|
||||
else:
|
||||
users_email = [
|
||||
gam.normalizeEmailAddressOrUID(sys.argv[i],
|
||||
checkForCustomerId=True)
|
||||
]
|
||||
return (role, expireTime, users_email)
|
||||
|
||||
ci = gapi_cloudidentity.build(CIGROUP_API_BETA)
|
||||
group = sys.argv[3]
|
||||
myarg = sys.argv[4].lower()
|
||||
items = []
|
||||
if myarg in UPDATE_GROUP_SUBCMDS:
|
||||
group = gam.normalizeEmailAddressOrUID(group)
|
||||
if group.startswith('groups/'):
|
||||
parent = group
|
||||
else:
|
||||
parent = group_email_to_id(ci, group)
|
||||
if not parent:
|
||||
return
|
||||
if myarg == 'add':
|
||||
role, expireTime, users_email = _getRoleAndUsers()
|
||||
if len(users_email) > 1:
|
||||
sys.stderr.write(
|
||||
f'Group: {group}, Will add {len(users_email)} {role}s.\n')
|
||||
for user_email in users_email:
|
||||
item = [
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'add', role,
|
||||
]
|
||||
if expireTime:
|
||||
item.extend(['expires', expireTime])
|
||||
item.append(user_email)
|
||||
items.append(item)
|
||||
elif len(users_email) > 0:
|
||||
body = {
|
||||
CIGROUP_MEMBERKEY: {
|
||||
'id': users_email[0]
|
||||
},
|
||||
'roles': [{
|
||||
'name': ROLE_MEMBER
|
||||
}]
|
||||
}
|
||||
if role != ROLE_MEMBER:
|
||||
body['roles'].append({'name': role})
|
||||
elif expireTime not in {None, NEVER_TIME}:
|
||||
for role in body['roles']:
|
||||
if role['name'] == ROLE_MEMBER:
|
||||
role['expiryDetail'] = {'expireTime': expireTime}
|
||||
add_text = [f'as {role}']
|
||||
for i in range(2):
|
||||
try:
|
||||
gapi.call(
|
||||
ci.groups().memberships(),
|
||||
'create',
|
||||
throw_reasons=[
|
||||
gapi_errors.ErrorReason.FOUR_O_NINE,
|
||||
gapi_errors.ErrorReason.MEMBER_NOT_FOUND,
|
||||
gapi_errors.ErrorReason.RESOURCE_NOT_FOUND,
|
||||
gapi_errors.ErrorReason.INVALID_MEMBER,
|
||||
gapi_errors.ErrorReason.
|
||||
CYCLIC_MEMBERSHIPS_NOT_ALLOWED
|
||||
],
|
||||
parent=parent,
|
||||
body=body)
|
||||
print(
|
||||
f' Group: {group}, {users_email[0]} Added {" ".join(add_text)}'
|
||||
)
|
||||
break
|
||||
except (gapi_errors.GapiMemberNotFoundError,
|
||||
gapi_errors.GapiResourceNotFoundError,
|
||||
gapi_errors.GapiInvalidMemberError,
|
||||
gapi_errors.GapiCyclicMembershipsNotAllowedError
|
||||
) as e:
|
||||
print(
|
||||
f' Group: {group}, {users_email[0]} Add {" ".join(add_text)} Failed: {str(e)}'
|
||||
)
|
||||
break
|
||||
elif myarg == 'sync':
|
||||
syncMembersSet = set()
|
||||
syncMembersMap = {}
|
||||
role, expireTime, users_email = _getRoleAndUsers()
|
||||
for user_email in users_email:
|
||||
if user_email in ('*', GC_Values[GC_CUSTOMER_ID]):
|
||||
syncMembersSet.add(GC_Values[GC_CUSTOMER_ID])
|
||||
else:
|
||||
syncMembersSet.add(
|
||||
_cleanConsumerAddress(user_email.lower(),
|
||||
syncMembersMap))
|
||||
currentMembersSet = set()
|
||||
currentMembersMap = {}
|
||||
for current_email in gam.getUsersToModify(
|
||||
entity_type='cigroup',
|
||||
entity=group,
|
||||
member_type=role,
|
||||
groupUserMembersOnly=False):
|
||||
if current_email == GC_Values[GC_CUSTOMER_ID]:
|
||||
currentMembersSet.add(current_email)
|
||||
else:
|
||||
currentMembersSet.add(
|
||||
_cleanConsumerAddress(current_email.lower(),
|
||||
currentMembersMap))
|
||||
to_add = [
|
||||
syncMembersMap.get(emailAddress, emailAddress)
|
||||
for emailAddress in syncMembersSet - currentMembersSet
|
||||
]
|
||||
to_remove = [
|
||||
currentMembersMap.get(emailAddress, emailAddress)
|
||||
for emailAddress in currentMembersSet - syncMembersSet
|
||||
]
|
||||
sys.stderr.write(
|
||||
f'Group: {group}, Will add {len(to_add)} and remove {len(to_remove)} {role}s.\n'
|
||||
)
|
||||
for user in to_add:
|
||||
item = ['gam', 'update', 'cigroup', f'id:{parent}', 'add',
|
||||
role,]
|
||||
if role == ROLE_MEMBER and expireTime not in {None, NEVER_TIME}:
|
||||
item.extend(['expires', expireTime])
|
||||
item.append(user)
|
||||
items.append(item)
|
||||
for user in to_remove:
|
||||
items.append([
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'remove', user
|
||||
])
|
||||
elif myarg in ['delete', 'remove']:
|
||||
_, _, users_email = _getRoleAndUsers()
|
||||
if len(users_email) > 1:
|
||||
sys.stderr.write(
|
||||
f'Group: {group}, Will remove {len(users_email)} emails.\n')
|
||||
for user_email in users_email:
|
||||
items.append([
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'remove',
|
||||
user_email
|
||||
])
|
||||
elif len(users_email) == 1:
|
||||
name = membership_email_to_id(ci, parent, users_email[0])
|
||||
try:
|
||||
gapi.call(ci.groups().memberships(),
|
||||
'delete',
|
||||
throw_reasons=[
|
||||
gapi_errors.ErrorReason.MEMBER_NOT_FOUND,
|
||||
gapi_errors.ErrorReason.INVALID_MEMBER
|
||||
],
|
||||
name=name)
|
||||
print(f' Group: {group}, {users_email[0]} Removed')
|
||||
except (gapi_errors.GapiMemberNotFoundError,
|
||||
gapi_errors.GapiInvalidMemberError) as e:
|
||||
print(
|
||||
f' Group: {group}, {users_email[0]} Remove Failed: {str(e)}'
|
||||
)
|
||||
elif myarg == 'update':
|
||||
role, expireTime, users_email = _getRoleAndUsers()
|
||||
if len(users_email) > 1:
|
||||
sys.stderr.write(
|
||||
f'Group: {group}, Will update {len(users_email)} {role}s.\n'
|
||||
)
|
||||
for user_email in users_email:
|
||||
item = [
|
||||
'gam', 'update', 'cigroup', f'id:{parent}', 'update',
|
||||
role,]
|
||||
if expireTime:
|
||||
item.extend(['expires', expireTime])
|
||||
item.append(user_email)
|
||||
items.append(item)
|
||||
elif len(users_email) > 0:
|
||||
name = membership_email_to_id(ci, parent, users_email[0])
|
||||
preUpdateRoles = []
|
||||
addRoles = []
|
||||
removeRoles = []
|
||||
postUpdateRoles = []
|
||||
member_roles = gapi.call(ci.groups().memberships(),
|
||||
'get',
|
||||
name=name,
|
||||
fields='roles').get('roles', [{'name': ROLE_MEMBER}])
|
||||
current_roles = [crole['name'] for crole in member_roles]
|
||||
# When upgrading role, strip any expiryDetail from member before role changes
|
||||
if role != ROLE_MEMBER:
|
||||
for crole in member_roles:
|
||||
if 'expiryDetail' in crole:
|
||||
preUpdateRoles.append(
|
||||
{'fieldMask': 'expiryDetail.expireTime',
|
||||
'membershipRole': {'name': ROLE_MEMBER,
|
||||
'expiryDetail': {'expireTime': None}}})
|
||||
break
|
||||
# When downgrading role or simply updating member expireTime, update expiryDetail after role changes
|
||||
elif expireTime:
|
||||
postUpdateRoles.append(
|
||||
{'fieldMask': 'expiryDetail.expireTime',
|
||||
'membershipRole': {'name': role,
|
||||
'expiryDetail': {'expireTime': expireTime if expireTime != NEVER_TIME else None}}})
|
||||
for crole in current_roles:
|
||||
if crole not in {ROLE_MEMBER, role}:
|
||||
removeRoles.append(crole)
|
||||
if role not in current_roles:
|
||||
new_role = {'name': role}
|
||||
if role == ROLE_MEMBER and expireTime not in {None, NEVER_TIME}:
|
||||
new_role['expiryDetail'] = {'expireTime': expireTime}
|
||||
postUpdateRoles = []
|
||||
addRoles.append(new_role)
|
||||
bodys = []
|
||||
if preUpdateRoles:
|
||||
bodys.append({'updateRolesParams': preUpdateRoles})
|
||||
if addRoles:
|
||||
bodys.append({'addRoles': addRoles})
|
||||
if removeRoles:
|
||||
bodys.append({'removeRoles': removeRoles})
|
||||
if postUpdateRoles:
|
||||
bodys.append({'updateRolesParams': postUpdateRoles})
|
||||
for body in bodys:
|
||||
try:
|
||||
gapi.call(ci.groups().memberships(),
|
||||
'modifyMembershipRoles',
|
||||
throw_reasons=[
|
||||
gapi_errors.ErrorReason.MEMBER_NOT_FOUND,
|
||||
gapi_errors.ErrorReason.INVALID_MEMBER
|
||||
],
|
||||
name=name,
|
||||
body=body)
|
||||
except (gapi_errors.GapiMemberNotFoundError,
|
||||
gapi_errors.GapiInvalidMemberError) as e:
|
||||
print(
|
||||
f' Group: {group}, {users_email[0]} Update to {role} Failed: {str(e)}'
|
||||
)
|
||||
break
|
||||
print(
|
||||
f' Group: {group}, {users_email[0]} Updated to {role}'
|
||||
)
|
||||
|
||||
else: # clear
|
||||
roles = []
|
||||
i = 5
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg.upper() in [ROLE_OWNER, ROLE_MANAGER, ROLE_MEMBER]:
|
||||
roles.append(myarg.upper())
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(
|
||||
sys.argv[i], 'gam update cigroup clear')
|
||||
if not roles:
|
||||
roles = [ROLE_MEMBER]
|
||||
group = gam.normalizeEmailAddressOrUID(group)
|
||||
member_type_message = f'{",".join(roles).lower()}s'
|
||||
sys.stderr.write(
|
||||
f'Getting {member_type_message} of {group} (may take some time for large groups)...\n'
|
||||
)
|
||||
page_message = gapi.got_total_items_msg(f'{member_type_message}',
|
||||
'...')
|
||||
try:
|
||||
result = gapi.get_all_pages(
|
||||
ci.groups().memberships(),
|
||||
'list',
|
||||
'memberships',
|
||||
page_message=page_message,
|
||||
throw_reasons=gapi_errors.MEMBERS_THROW_REASONS,
|
||||
parent=parent,
|
||||
fields=f'nextPageToken,memberships({CIGROUP_MEMBERKEY},roles)')
|
||||
result = filter_members_to_roles(result, roles)
|
||||
if not result:
|
||||
print('Group already has 0 members')
|
||||
return
|
||||
users_email = [member[CIGROUP_MEMBERKEY]['id'] for member in result]
|
||||
sys.stderr.write(
|
||||
f'Group: {group}, Will remove {len(users_email)} {", ".join(roles).lower()}s.\n'
|
||||
)
|
||||
for user_email in users_email:
|
||||
items.append([
|
||||
'gam', 'update', 'cigroup', group, 'remove', user_email
|
||||
])
|
||||
except (gapi_errors.GapiGroupNotFoundError,
|
||||
gapi_errors.GapiDomainNotFoundError,
|
||||
gapi_errors.GapiInvalidError,
|
||||
gapi_errors.GapiForbiddenError):
|
||||
gam.entityUnknownWarning('Group', group, 0, 0)
|
||||
if items:
|
||||
gam.run_batch(items)
|
||||
else:
|
||||
i = 4
|
||||
body = {}
|
||||
sec_body = {}
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'name':
|
||||
body['displayName'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'description':
|
||||
body['description'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'security':
|
||||
body['labels'] = {
|
||||
'cloudidentity.googleapis.com/groups.security': '',
|
||||
'cloudidentity.googleapis.com/groups.discussion_forum': ''
|
||||
}
|
||||
i += 1
|
||||
elif myarg == 'dynamicsecurity':
|
||||
body['labels'] = {
|
||||
'cloudidentity.googleapis.com/groups.dynamic': '',
|
||||
'cloudidentity.googleapis.com/groups.security': '',
|
||||
'cloudidentity.googleapis.com/groups.discussion_forum': ''
|
||||
}
|
||||
i += 1
|
||||
elif myarg in ['dynamic']:
|
||||
body['dynamicGroupMetadata'] = {
|
||||
'queries': [{
|
||||
'query': sys.argv[i + 1],
|
||||
'resourceType': 'USER'
|
||||
}]
|
||||
}
|
||||
i += 2
|
||||
elif myarg in ['memberrestriction', 'memberrestrictions']:
|
||||
query = sys.argv[i + 1]
|
||||
member_types = {
|
||||
'USER': '1',
|
||||
'SERVICE_ACCOUNT': '2',
|
||||
'GROUP': '3',
|
||||
}
|
||||
for key, val in member_types.items():
|
||||
query = query.replace(key, val)
|
||||
sec_body['memberRestriction'] = {'query': query}
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam update cigroup')
|
||||
if body:
|
||||
updateMask = ','.join(body.keys())
|
||||
name = group_email_to_id(ci, group)
|
||||
print(f'Updating group {group}')
|
||||
gapi.call(ci.groups(),
|
||||
'patch',
|
||||
updateMask=updateMask,
|
||||
name=name,
|
||||
body=body)
|
||||
if sec_body:
|
||||
updateMask = 'member_restriction.query'
|
||||
# it seems like a bug that API requires /securitySettings
|
||||
# appended to name. We'll see if Google servers change this
|
||||
# at some point.
|
||||
name = f'{group_email_to_id(ci, group)}/securitySettings'
|
||||
print(f'Updating group {group} security settings')
|
||||
gapi.call(ci.groups(),
|
||||
'updateSecuritySettings',
|
||||
name=name,
|
||||
updateMask=updateMask,
|
||||
body=sec_body)
|
||||
|
||||
|
||||
def group_email_to_id(ci, group, i=0, count=0):
|
||||
group = gam.normalizeEmailAddressOrUID(group)
|
||||
try:
|
||||
return gapi.call(ci.groups(),
|
||||
'lookup',
|
||||
throw_reasons=gapi_errors.GROUP_GET_THROW_REASONS,
|
||||
retry_reasons=gapi_errors.GROUP_GET_RETRY_REASONS,
|
||||
groupKey_id=group,
|
||||
fields='name').get('name')
|
||||
except (gapi_errors.GapiGroupNotFoundError,
|
||||
gapi_errors.GapiDomainNotFoundError,
|
||||
gapi_errors.GapiDomainCannotUseApisError,
|
||||
gapi_errors.GapiForbiddenError, gapi_errors.GapiBadRequestError):
|
||||
gam.entityUnknownWarning('Group', group, i, count)
|
||||
return None
|
||||
|
||||
|
||||
def group_id_to_email(ci, group_id):
|
||||
return gapi.call(ci.groups(),
|
||||
'get',
|
||||
fields='groupKey/id',
|
||||
name=group_id).get('groupKey', {}).get('id')
|
||||
|
||||
def membership_email_to_id(ci, parent, membership, i=0, count=0):
|
||||
membership = gam.normalizeEmailAddressOrUID(membership)
|
||||
try:
|
||||
return gapi.call(ci.groups().memberships(),
|
||||
'lookup',
|
||||
throw_reasons=gapi_errors.GROUP_GET_THROW_REASONS,
|
||||
retry_reasons=gapi_errors.GROUP_GET_RETRY_REASONS,
|
||||
parent=parent,
|
||||
memberKey_id=membership,
|
||||
fields='name').get('name')
|
||||
except (gapi_errors.GapiGroupNotFoundError,
|
||||
gapi_errors.GapiDomainNotFoundError,
|
||||
gapi_errors.GapiDomainCannotUseApisError,
|
||||
gapi_errors.GapiForbiddenError, gapi_errors.GapiBadRequestError):
|
||||
gam.entityUnknownWarning('Membership', membership, i, count)
|
||||
return None
|
||||
|
||||
|
||||
def get_single_role(roles):
|
||||
''' returns the highest role of member '''
|
||||
roles = [role.get('name') for role in roles]
|
||||
if not roles:
|
||||
return ROLE_MEMBER
|
||||
for a_role in [ROLE_OWNER, ROLE_MANAGER, ROLE_MEMBER]:
|
||||
if a_role in roles:
|
||||
return a_role
|
||||
return roles[0]
|
||||
|
||||
|
||||
def filter_members_to_roles(members, roles):
|
||||
filtered_members = []
|
||||
for member in members:
|
||||
role = get_single_role(member.get('roles', []))
|
||||
if role in roles:
|
||||
filtered_members.append(member)
|
||||
return filtered_members
|
||||
@@ -1,538 +0,0 @@
|
||||
"""Methods related to Cloud Identity Inbound (Google as SP) SAML SSO"""
|
||||
from datetime import datetime
|
||||
import re
|
||||
import sys
|
||||
|
||||
import dateutil.parser
|
||||
import googleapiclient
|
||||
|
||||
import gam
|
||||
from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import fileutils
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi import cloudidentity as gapi_cloudidentity
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi.cloudidentity import groups as gapi_cloudidentity_groups
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
|
||||
'''returns customer in the format inboundsso requires'''
|
||||
def get_sso_customer():
|
||||
customer = GC_Values[GC_CUSTOMER_ID]
|
||||
return f'customers/{customer}'
|
||||
|
||||
|
||||
'''returns org unit in the format inboundsso requires'''
|
||||
def get_orgunit_id(orgunit):
|
||||
ou_id = gapi_directory_orgunits.getOrgUnitId(orgunit)[1]
|
||||
if ou_id.startswith('id:'):
|
||||
ou_id = ou_id[3:]
|
||||
return f'orgUnits/{ou_id}'
|
||||
|
||||
|
||||
'''build Cloud Identity API'''
|
||||
def build():
|
||||
return gapi_cloudidentity.build('cloudidentity_beta')
|
||||
|
||||
|
||||
'''parse cmd for profile create/update'''
|
||||
def parse_profile(body, i):
|
||||
name_only = False
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'name':
|
||||
body['displayName'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'entityid':
|
||||
body.setdefault('idpConfig', {})['entityId'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'returnnameonly':
|
||||
name_only = True
|
||||
i += 1
|
||||
elif myarg == 'loginurl':
|
||||
body.setdefault('idpConfig', {})['singleSignOnServiceUri'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'logouturl':
|
||||
body.setdefault('idpConfig', {})['logoutRedirectUri'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'changepasswordurl':
|
||||
body.setdefault('idpConfig', {})['changePasswordUri'] = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam create/update inboundssoprofile')
|
||||
return (name_only, body)
|
||||
|
||||
|
||||
'''convert profile nice names to unique ID'''
|
||||
def profile_displayname_to_name(displayName, ci=None):
|
||||
if displayName.lower().startswith('id:') or displayName.lower().startswith('uid:'):
|
||||
displayName = displayName.split(':', 1)[1]
|
||||
if not displayName.startswith('inboundSamlSsoProfiles/'):
|
||||
displayName = f'inboundSamlSsoProfiles/{displayName}'
|
||||
return displayName
|
||||
if not ci:
|
||||
ci = build()
|
||||
customer = get_sso_customer()
|
||||
_filter = f'customer=="{customer}"'
|
||||
profiles = gapi.get_all_pages(ci.inboundSamlSsoProfiles(),
|
||||
'list',
|
||||
'inboundSamlSsoProfiles',
|
||||
filter=_filter)
|
||||
matches = []
|
||||
for profile in profiles:
|
||||
if displayName.lower() == profile.get('displayName', '').lower():
|
||||
matches.append(profile)
|
||||
if len(matches) == 1:
|
||||
return matches[0]['name']
|
||||
if len(matches) == 0:
|
||||
controlflow.system_error_exit(3, f'No Inbound SSO profile matches the name {displayName}')
|
||||
else:
|
||||
err_text = f'Multiple profiles match {displayName}:\n\n'
|
||||
for m in matches:
|
||||
err_text += f' {m["name"]} {m["displayName"]}\n'
|
||||
controlflow.system_error_exit(3, err_text)
|
||||
|
||||
|
||||
'''get an assignment based on target'''
|
||||
def assignment_by_target(target, ci=None):
|
||||
if not ci:
|
||||
ci = build()
|
||||
group_pattern = r'^groups/[^/]+$'
|
||||
ou_pattern = r'^orgUnits/[^/]+$'
|
||||
if re.match(group_pattern, target):
|
||||
target_type = 'targetGroup'
|
||||
elif re.match(ou_pattern, target):
|
||||
target_type = 'targetOrgUnit'
|
||||
elif target.lower().startswith('group:'):
|
||||
target_type = 'targetGroup'
|
||||
group_email = target[6:]
|
||||
target = gapi_cloudidentity_groups.group_email_to_id(
|
||||
ci,
|
||||
group_email)
|
||||
elif target.lower().startswith('orgunit:'):
|
||||
target_type = 'targetOrgUnit'
|
||||
ou_name = target[8:]
|
||||
target = get_orgunit_id(ou_name)
|
||||
else:
|
||||
controlflow.system_error_exit(3, 'assignments should be prefixed with ' +
|
||||
'group:, groups/, orgunit: or orgunits/')
|
||||
customer = get_sso_customer()
|
||||
_filter = f'customer=="{customer}"'
|
||||
assignments = gapi.get_all_pages(ci.inboundSsoAssignments(),
|
||||
'list',
|
||||
'inboundSsoAssignments',
|
||||
filter=_filter)
|
||||
for assignment in assignments:
|
||||
if target_type in assignment and assignment[target_type] == target:
|
||||
return assignment
|
||||
controlflow.system_error_exit(3, f'No SSO profile assigned to {target_type} {target}')
|
||||
|
||||
|
||||
'''gam create inboundssoprofile'''
|
||||
def create_profile():
|
||||
ci = build()
|
||||
body = {
|
||||
'customer': get_sso_customer(),
|
||||
'displayName': 'SSO Profile'
|
||||
}
|
||||
name_only, body = parse_profile(body, 3)
|
||||
result = gapi.call(ci.inboundSamlSsoProfiles(),
|
||||
'create',
|
||||
body=body)
|
||||
if result.get('done'):
|
||||
if name_only:
|
||||
print(result['response']['name'])
|
||||
else:
|
||||
print(f'Created profile {result["response"]["name"]}')
|
||||
display.print_json(result['response'])
|
||||
else:
|
||||
controlflow.system_error_exit(3, 'Create did not finish {result}')
|
||||
|
||||
|
||||
'''gam print inboundssoprofiles'''
|
||||
def print_show_profiles(action='print'):
|
||||
customer = get_sso_customer()
|
||||
_filter = f'customer=="{customer}"'
|
||||
ci = build()
|
||||
todrive = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, f'gam {action} inboundssoprofiles')
|
||||
|
||||
profiles = gapi.get_all_pages(ci.inboundSamlSsoProfiles(),
|
||||
'list',
|
||||
'inboundSamlSsoProfiles',
|
||||
filter=_filter)
|
||||
if action == 'show':
|
||||
for profile in profiles:
|
||||
display.print_json(profile)
|
||||
print()
|
||||
elif action == 'print':
|
||||
csv_rows = []
|
||||
titles = []
|
||||
for profile in profiles:
|
||||
row = utils.flatten_json(profile)
|
||||
for item in row:
|
||||
if item not in titles:
|
||||
titles.append(item)
|
||||
csv_rows.append(row)
|
||||
display.write_csv_file(csv_rows,
|
||||
titles,
|
||||
'Inbound SSO Profiles',
|
||||
todrive)
|
||||
|
||||
|
||||
'''gam update inboundssoprofile'''
|
||||
def update_profile():
|
||||
ci = build()
|
||||
name = profile_displayname_to_name(sys.argv[3], ci)
|
||||
body = {}
|
||||
name_only, body = parse_profile(body, 4)
|
||||
updateMask = ','.join(body.keys())
|
||||
result = gapi.call(ci.inboundSamlSsoProfiles(),
|
||||
'patch',
|
||||
name=name,
|
||||
updateMask=updateMask,
|
||||
body=body)
|
||||
if name_only:
|
||||
print(result['response']['name'])
|
||||
else:
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
'''gam info inboundssoprofile'''
|
||||
def info_profile(return_only=False, displayName=None, ci=None):
|
||||
if not ci:
|
||||
ci = build()
|
||||
if not displayName:
|
||||
displayName = sys.argv[3]
|
||||
name = profile_displayname_to_name(displayName, ci)
|
||||
result = gapi.call(ci.inboundSamlSsoProfiles(),
|
||||
'get',
|
||||
name=name)
|
||||
if return_only:
|
||||
return result
|
||||
display.print_json(result)
|
||||
|
||||
'''gam delete inboundssoprofile'''
|
||||
def delete_profile():
|
||||
ci = build()
|
||||
name = profile_displayname_to_name(sys.argv[3], ci)
|
||||
result = gapi.call(ci.inboundSamlSsoProfiles(),
|
||||
'delete',
|
||||
name=name)
|
||||
if result.get('done'):
|
||||
print(f'Deleted profile {name}.')
|
||||
else:
|
||||
controlflow.system_error_exit(3, 'Delete did not finish: {result}')
|
||||
|
||||
|
||||
'''gam create inboundssocredentials'''
|
||||
def create_credentials():
|
||||
allowed_sizes = [1024, 2048, 4096]
|
||||
ci = build()
|
||||
parent = None
|
||||
generate_key = False
|
||||
key_size = 2048
|
||||
pemData = None
|
||||
replace_oldest = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'profile':
|
||||
parent = sys.argv[i+1]
|
||||
parent = profile_displayname_to_name(parent, ci)
|
||||
i += 2
|
||||
elif myarg == 'pemfile':
|
||||
pemfile = sys.argv[i+1]
|
||||
pemData = fileutils.read_file(pemfile)
|
||||
i += 2
|
||||
elif myarg == 'generatekey':
|
||||
generate_key = True
|
||||
i += 1
|
||||
elif myarg == 'replaceoldest':
|
||||
replace_oldest = True
|
||||
i += 1
|
||||
elif myarg == 'keysize':
|
||||
key_size = int(sys.argv[i+1])
|
||||
if key_size not in allowed_sizes:
|
||||
controlflow.expected_argument_exit('key_size',
|
||||
allowed_sizes,
|
||||
key_size)
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam create inboundssocredential')
|
||||
if not parent:
|
||||
controlflow.missing_argument_exit('profile', 'gam create inboundssocredential')
|
||||
if replace_oldest:
|
||||
fields='nextPageToken,idpCredentials(name,updateTime)'
|
||||
current_creds = gapi.get_all_pages(
|
||||
ci.inboundSamlSsoProfiles().idpCredentials(),
|
||||
'list',
|
||||
'idpCredentials',
|
||||
parent=parent,
|
||||
fields=fields)
|
||||
if len(current_creds) == 2:
|
||||
oldest_key = min(current_creds,
|
||||
key=lambda x:x['updateTime'])
|
||||
print(' deleting older key...')
|
||||
delete_credentials(ci=ci,
|
||||
name=oldest_key['name'])
|
||||
else:
|
||||
print(' profile has {len(current_creds)} credentials. We only replace if there are 2.')
|
||||
if generate_key:
|
||||
privKey, pemData = gam._generatePrivateKeyAndPublicCert('GAM',
|
||||
key_size,
|
||||
b64enc_pub=False)
|
||||
timestamp = datetime.now().strftime('%Y%m%d-%I%M%S')
|
||||
priv_file = f'privatekey-{timestamp}.pem'
|
||||
pub_file = f'publiccert-{timestamp}.pem'
|
||||
fileutils.write_file(priv_file, privKey)
|
||||
print(f' Wrote private key data to {priv_file}')
|
||||
fileutils.write_file(pub_file, pemData)
|
||||
print(f' Wrote public certificate to {pub_file}')
|
||||
if not pemData:
|
||||
controlflow.system_error_exit(3, 'You must either specify "pemfile <filename>" or "generate_key"')
|
||||
body = {
|
||||
'pemData': pemData,
|
||||
}
|
||||
result = gapi.call(ci.inboundSamlSsoProfiles().idpCredentials(),
|
||||
'add',
|
||||
parent=parent,
|
||||
body=body)
|
||||
if result.get('done'):
|
||||
print(f'Created credential {result["response"]["name"]}')
|
||||
display.print_json(result['response'])
|
||||
else:
|
||||
controlflow.system_error_exit(3, 'Create did not finish {result}')
|
||||
|
||||
|
||||
'''gam delete inboundssocredential'''
|
||||
def delete_credentials(ci=None, name=None):
|
||||
if not ci:
|
||||
ci = build()
|
||||
if not name:
|
||||
name = sys.argv[3]
|
||||
result = gapi.call(ci.inboundSamlSsoProfiles().idpCredentials(),
|
||||
'delete',
|
||||
name=name)
|
||||
if result.get('done'):
|
||||
print(f'Deleted credential {name}')
|
||||
else:
|
||||
controlflow.system_error_exit(3, 'Delete did not finish {result}')
|
||||
|
||||
|
||||
'''gam print inboundssocredentials'''
|
||||
def print_show_credentials(action='print'):
|
||||
ci = build()
|
||||
todrive = False
|
||||
i = 3
|
||||
profiles = []
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['profile', 'profiles']:
|
||||
profiles = [profile_displayname_to_name(profile, ci)
|
||||
for profile in sys.argv[i+1].split(',')]
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, f'gam {action} inboundssocredentials')
|
||||
if not profiles:
|
||||
customer = get_sso_customer()
|
||||
_filter = f'customer=="{customer}"'
|
||||
profiles = gapi.get_all_pages(ci.inboundSamlSsoProfiles(),
|
||||
'list',
|
||||
'inboundSamlSsoProfiles',
|
||||
fields='inboundSamlSsoProfiles/name',
|
||||
filter=_filter)
|
||||
profiles = [p['name'] for p in profiles]
|
||||
if action == 'print':
|
||||
titles = []
|
||||
csv_rows = []
|
||||
credentials = []
|
||||
for profile in profiles:
|
||||
results = gapi.get_all_pages(ci.inboundSamlSsoProfiles().idpCredentials(),
|
||||
'list',
|
||||
'idpCredentials',
|
||||
parent=profile)
|
||||
credentials.extend(results)
|
||||
if action == 'show':
|
||||
for c in credentials:
|
||||
display.print_json(c)
|
||||
print()
|
||||
elif action == 'print':
|
||||
for c in credentials:
|
||||
csv_row = utils.flatten_json(c)
|
||||
for item in csv_row:
|
||||
if item not in titles:
|
||||
titles.append(item)
|
||||
csv_rows.append(csv_row)
|
||||
display.write_csv_file(csv_rows,
|
||||
titles,
|
||||
'Inbound SSO Credentials',
|
||||
todrive)
|
||||
|
||||
'''parse command for create/update inboundssoassignment'''
|
||||
def parse_assignment(body, i, ci):
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'rank':
|
||||
body['rank'] = int(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'mode':
|
||||
mode_choices = \
|
||||
gapi.get_enum_values_minus_unspecified(
|
||||
ci._rootDesc['schemas']['InboundSsoAssignment']['properties']['ssoMode']['enum'])
|
||||
body['ssoMode'] = sys.argv[i+1].upper()
|
||||
if body['ssoMode'] not in mode_choices:
|
||||
controlflow.expected_argument_exit('mode',
|
||||
', '.join(mode_choices),
|
||||
sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'profile':
|
||||
profile_name = profile_displayname_to_name(
|
||||
sys.argv[i+1],
|
||||
ci)
|
||||
body['samlSsoInfo'] = {
|
||||
'inboundSamlSsoProfile': profile_name
|
||||
}
|
||||
i += 2
|
||||
elif myarg == 'neverredirect':
|
||||
body['signInBehavior'] = {
|
||||
'redirectCondition': 'NEVER'
|
||||
}
|
||||
i += 1
|
||||
elif myarg == 'group':
|
||||
group = sys.argv[i+1]
|
||||
body['targetGroup'] = gapi_cloudidentity_groups.group_email_to_id(
|
||||
ci,
|
||||
group)
|
||||
i += 2
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
body['targetOrgUnit'] = get_orgunit_id(sys.argv[i+1])
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam create/update inboundssoassignment')
|
||||
return body
|
||||
|
||||
|
||||
def update_assignment_target_names(assignment, ci, cd):
|
||||
if 'targetGroup' in assignment:
|
||||
assignment['targetGroupEmail'] = \
|
||||
gapi_cloudidentity_groups.group_id_to_email(ci,
|
||||
assignment['targetGroup'])
|
||||
elif 'targetOrgUnit' in assignment:
|
||||
ou_id = assignment['targetOrgUnit'].split('/')[1]
|
||||
assignment['targetOrgUnitPath'] = \
|
||||
gapi_directory_orgunits.orgunit_from_orgunitid(f'id:{ou_id}', cd)
|
||||
|
||||
|
||||
'''gam create inboundssoassignment'''
|
||||
def create_assignment():
|
||||
ci = build()
|
||||
cd = gapi_directory.build()
|
||||
body = {
|
||||
'customer': get_sso_customer(),
|
||||
}
|
||||
body = parse_assignment(body, 3, ci)
|
||||
result = gapi.call(ci.inboundSsoAssignments(),
|
||||
'create',
|
||||
body=body)
|
||||
if result.get('done'):
|
||||
print(f'Created assignment {result["response"]["name"]}')
|
||||
update_assignment_target_names(result['response'], ci, cd)
|
||||
display.print_json(result['response'])
|
||||
else:
|
||||
controlflow.system_error_exit(3, 'Create did not finish {result}')
|
||||
|
||||
|
||||
def get_assignment_name(name):
|
||||
if name.startswith('id:') or name.startswith('uid:'):
|
||||
name = name.split(':', 1)[1]
|
||||
if not name.startswith('inboundSsoAssignments/'):
|
||||
name = f'inboundSsoAssignments/{name}'
|
||||
return name
|
||||
|
||||
|
||||
'''gam update inboundssoassignment'''
|
||||
def update_assignment():
|
||||
ci = build()
|
||||
cd = gapi_directory.build()
|
||||
name = get_assignment_name(sys.argv[3])
|
||||
body = parse_assignment({}, 4, ci)
|
||||
updateMask = ','.join(list(body.keys()))
|
||||
result = gapi.call(ci.inboundSsoAssignments(),
|
||||
'patch',
|
||||
name=name,
|
||||
updateMask=updateMask,
|
||||
body=body)
|
||||
if result.get('done'):
|
||||
print(f'Updated assignment {result["response"]["name"]}')
|
||||
update_assignment_target_names(result['response'], ci, cd)
|
||||
display.print_json(result['response'])
|
||||
else:
|
||||
controlflow.system_error_exit(3, 'Update did not finish {result}')
|
||||
|
||||
|
||||
'''gam info inboundssoassignment'''
|
||||
def info_assignment():
|
||||
ci = build()
|
||||
cd = gapi_directory.build()
|
||||
assignment = assignment_by_target(sys.argv[3], ci)
|
||||
update_assignment_target_names(assignment, ci, cd)
|
||||
profile = assignment.get('samlSsoInfo', {}).get('inboundSamlSsoProfile')
|
||||
if profile:
|
||||
assignment['samlSsoInfo']['inboundSamlSsoProfile'] = \
|
||||
info_profile(return_only=True, displayName=f'id:{profile}', ci=ci)
|
||||
display.print_json(assignment)
|
||||
|
||||
|
||||
'''gam print inboundssoassignments'''
|
||||
def print_show_assignments(action='print'):
|
||||
ci = build()
|
||||
cd = gapi_directory.build()
|
||||
customer = get_sso_customer()
|
||||
_filter = f'customer=="{customer}"'
|
||||
todrive = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg,
|
||||
f'gam {action} inboundssoassignments')
|
||||
assignments = gapi.get_all_pages(ci.inboundSsoAssignments(),
|
||||
'list',
|
||||
'inboundSsoAssignments',
|
||||
filter=_filter)
|
||||
if action == 'show':
|
||||
for assignment in assignments:
|
||||
update_assignment_target_names(assignment, ci, cd)
|
||||
display.print_json(assignment)
|
||||
print()
|
||||
elif action == 'print':
|
||||
titles = []
|
||||
csv_rows = []
|
||||
for assignment in assignments:
|
||||
update_assignment_target_names(assignment, ci, cd)
|
||||
csv_row = utils.flatten_json(assignment)
|
||||
for item in csv_row:
|
||||
if item not in titles:
|
||||
titles.append(item)
|
||||
csv_rows.append(csv_row)
|
||||
display.write_csv_file(csv_rows,
|
||||
titles,
|
||||
'Inbound SSO Assignments',
|
||||
todrive)
|
||||
@@ -1,72 +0,0 @@
|
||||
import sys
|
||||
|
||||
import googleapiclient
|
||||
|
||||
import gam
|
||||
from gam.var import * # pylint: disable=unused-wildcard-import
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi import cloudidentity as gapi_cloudidentity
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
|
||||
def _get_orgunit_customerid():
|
||||
customer = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer != MY_CUSTOMER and not customer.startswith('C'):
|
||||
customer = f'C{customer}'
|
||||
return f'customers/{customer}'
|
||||
|
||||
def move_shared_drive(driveId, orgUnit):
|
||||
_, orgUnitId = gapi_directory_orgunits.getOrgUnitId(orgUnit)
|
||||
orgUnitId = f'orgUnits/{orgUnitId[3:]}'
|
||||
name = f'orgUnits/-/memberships/shared_drive;{driveId}'
|
||||
ci = gapi_cloudidentity.build('cloudidentity_beta')
|
||||
body = {
|
||||
'customer': _get_orgunit_customerid(),
|
||||
'destinationOrgUnit': orgUnitId,
|
||||
}
|
||||
return gapi.call(ci.orgUnits().memberships(),
|
||||
'move',
|
||||
name=name,
|
||||
body=body)
|
||||
|
||||
def printshow_orgunit_shared_drives(csvFormat):
|
||||
orgunit = '/'
|
||||
if csvFormat:
|
||||
todrive = False
|
||||
csvRows = []
|
||||
titles = ['name']
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if csvFormat and myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['ou', 'org', 'orgunit']:
|
||||
orgunit = sys.argv[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
f"gam {['show', 'print'][csvFormat]} oushareddrives")
|
||||
ci = gapi_cloudidentity.build('cloudidentity_beta')
|
||||
_, orgUnitId = gapi_directory_orgunits.getOrgUnitId(orgunit)
|
||||
parent = f'orgUnits/{orgUnitId[3:]}'
|
||||
filter_ = "type == 'shared_drive'"
|
||||
sds = gapi.get_all_pages(ci.orgUnits().memberships(),
|
||||
'list',
|
||||
'orgMemberships',
|
||||
parent=parent,
|
||||
customer=_get_orgunit_customerid(),
|
||||
filter=filter_)
|
||||
if not csvFormat:
|
||||
for sd in sds:
|
||||
display.print_json(sd)
|
||||
print()
|
||||
else:
|
||||
for sd in sds:
|
||||
display.add_row_titles_to_csv_file(
|
||||
utils.flatten_json(sd),
|
||||
csvRows, titles)
|
||||
display.write_csv_file(csvRows, titles, f'OrgUnit {orgunit} Shared Drives', todrive)
|
||||
@@ -1,207 +0,0 @@
|
||||
"""Methods related to Cloud Identity User Invitation API"""
|
||||
import sys
|
||||
from urllib.parse import quote_plus
|
||||
|
||||
import googleapiclient
|
||||
|
||||
import gam
|
||||
from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER, SORTORDER_CHOICES_MAP
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi import cloudidentity as gapi_cloudidentity
|
||||
|
||||
def _get_customerid():
|
||||
''' returns customer in "customers/(C){customer_id}' format needed for this API'''
|
||||
customer = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer != MY_CUSTOMER and customer[0] != 'C':
|
||||
customer = 'C' + customer
|
||||
return f'customers/{customer}'
|
||||
|
||||
def _reduce_name(name):
|
||||
''' converts long name into email address'''
|
||||
return name.split('/')[-1]
|
||||
|
||||
def is_invitable_user(email):
|
||||
'''return email isInvitableUser'''
|
||||
svc = gapi_cloudidentity.build('cloudidentity')
|
||||
customer = _get_customerid()
|
||||
encoded_email = quote_plus(email)
|
||||
name = f'{customer}/userinvitations/{encoded_email}'
|
||||
return gapi.call(svc.customers().userinvitations(), 'isInvitableUser',
|
||||
name=name)['isInvitableUser']
|
||||
|
||||
|
||||
def _generic_action(action):
|
||||
'''generic function to call actionable APIs'''
|
||||
svc = gapi_cloudidentity.build('cloudidentity')
|
||||
customer = _get_customerid()
|
||||
email = sys.argv[3].lower()
|
||||
encoded_email = quote_plus(email)
|
||||
name = f'{customer}/userinvitations/{encoded_email}'
|
||||
action_map = {
|
||||
'cancel': 'Cancelling',
|
||||
'send': 'Sending'
|
||||
}
|
||||
print_action = action_map[action]
|
||||
print(f'{print_action} user invitation...')
|
||||
result = gapi.call(svc.customers().userinvitations(), action,
|
||||
name=name)
|
||||
name = result.get('response', {}).get('name')
|
||||
if name:
|
||||
result['response']['name'] = _reduce_name(name)
|
||||
display.print_json(result)
|
||||
|
||||
def _generic_get(get_type):
|
||||
'''generic function to call read data APIs'''
|
||||
svc = gapi_cloudidentity.build('cloudidentity')
|
||||
customer = _get_customerid()
|
||||
email = sys.argv[3].lower()
|
||||
encoded_email = quote_plus(email)
|
||||
name = f'{customer}/userinvitations/{encoded_email}'
|
||||
result = gapi.call(svc.customers().userinvitations(), get_type,
|
||||
name=name)
|
||||
if 'name' in result:
|
||||
result['name'] = _reduce_name(result['name'])
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
# /batch is broken for Cloud Identity. Once fixed move this to using batch.
|
||||
# Current serial implementation will be SLOW...
|
||||
def bulk_is_invitable(emails):
|
||||
'''gam <users> check isinvitable'''
|
||||
def _invitation_result(request_id, response, _):
|
||||
if response.get('isInvitableUser'):
|
||||
rows.append({'invitableUsers': request_id})
|
||||
|
||||
svc = gapi_cloudidentity.build('cloudidentity')
|
||||
customer = _get_customerid()
|
||||
todrive = False
|
||||
#batch_size = 1000
|
||||
#ebatch = svc.new_batch_http_request(callback=_invitation_result)
|
||||
rows = []
|
||||
throw_reasons = [gapi_errors.ErrorReason.FOUR_O_THREE]
|
||||
for email in emails:
|
||||
encoded_email = quote_plus(email)
|
||||
name = f'{customer}/userinvitations/{encoded_email}'
|
||||
endpoint = svc.customers().userinvitations()
|
||||
#if len(ebatch._order) == batch_size:
|
||||
# ebatch.execute()
|
||||
# ebatch = svc.new_batch_http_request(callback=_invitation_result)
|
||||
#req = endpoint.isInvitableUser(name=name)
|
||||
#ebatch.add(req, request_id=email)
|
||||
try:
|
||||
result = gapi.call(endpoint,
|
||||
'isInvitableUser',
|
||||
throw_reasons=throw_reasons,
|
||||
name=name)
|
||||
except googleapiclient.errors.HttpError:
|
||||
continue
|
||||
if result.get('isInvitableUser'):
|
||||
rows.append({'invitableUsers': email})
|
||||
#ebatch.execute()
|
||||
titles = ['invitableUsers']
|
||||
display.write_csv_file(rows, titles, 'Invitable Users', todrive)
|
||||
|
||||
|
||||
def cancel():
|
||||
'''gam cancel userinvitation <email>'''
|
||||
_generic_action('cancel')
|
||||
|
||||
|
||||
def get():
|
||||
'''gam info userinvitation <email>'''
|
||||
_generic_get('get')
|
||||
|
||||
|
||||
def check():
|
||||
'''gam check userinvitation <email>'''
|
||||
_generic_get('isInvitableUser')
|
||||
|
||||
|
||||
def send():
|
||||
'''gam send userinvitation <email>'''
|
||||
_generic_action('send')
|
||||
|
||||
|
||||
USERINVITATION_ORDERBY_CHOICES_MAP = {
|
||||
'email': 'email',
|
||||
'updatetime': 'update_time',
|
||||
}
|
||||
|
||||
USERINVITATION_STATE_CHOICES_MAP = {
|
||||
'accepted': 'ACCEPTED',
|
||||
'declined': 'DECLINED',
|
||||
'invited': 'INVITED',
|
||||
'notyetsent': 'NOT_YET_SENT',
|
||||
}
|
||||
|
||||
def print_():
|
||||
'''gam print userinvitations'''
|
||||
svc = gapi_cloudidentity.build('cloudidentity')
|
||||
customer = _get_customerid()
|
||||
todrive = False
|
||||
titles = ['name', 'state', 'updateTime']
|
||||
rows = []
|
||||
filter_ = None
|
||||
orderByList = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'state':
|
||||
state = sys.argv[i + 1].lower().replace('_', '')
|
||||
if state in USERINVITATION_STATE_CHOICES_MAP:
|
||||
filter_ = f"state=='{USERINVITATION_STATE_CHOICES_MAP[state]}'"
|
||||
else:
|
||||
controlflow.expected_argument_exit('state',
|
||||
', '.join(USERINVITATION_STATE_CHOICES_MAP),
|
||||
state)
|
||||
i += 2
|
||||
elif myarg == 'orderby':
|
||||
fieldName = sys.argv[i + 1].lower()
|
||||
i += 2
|
||||
if fieldName in USERINVITATION_ORDERBY_CHOICES_MAP:
|
||||
fieldName = USERINVITATION_ORDERBY_CHOICES_MAP[fieldName]
|
||||
orderBy = ''
|
||||
if i < len(sys.argv):
|
||||
orderBy = sys.argv[i].lower()
|
||||
if orderBy in SORTORDER_CHOICES_MAP:
|
||||
orderBy = SORTORDER_CHOICES_MAP[orderBy]
|
||||
i += 1
|
||||
if orderBy != 'DESCENDING':
|
||||
orderByList.append(fieldName)
|
||||
else:
|
||||
orderByList.append(f'{fieldName} desc')
|
||||
else:
|
||||
controlflow.expected_argument_exit(
|
||||
'orderby', ', '.join(sorted(USERINVITATION_ORDERBY_CHOICES_MAP)),
|
||||
fieldName)
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print userinvitations')
|
||||
if orderByList:
|
||||
orderBy = ' '.join(orderByList)
|
||||
else:
|
||||
orderBy = None
|
||||
gam.printGettingAllItems('User Invitations', filter_)
|
||||
page_message = gapi.got_total_items_msg('User Invitations', '...\n')
|
||||
invitations = gapi.get_all_pages(svc.customers().userinvitations(),
|
||||
'list',
|
||||
'userInvitations',
|
||||
page_message=page_message,
|
||||
parent=customer,
|
||||
filter=filter_,
|
||||
orderBy=orderBy)
|
||||
for invitation in invitations:
|
||||
invitation['name'] = _reduce_name(invitation['name'])
|
||||
row = {}
|
||||
for key, val in invitation.items():
|
||||
if key not in titles:
|
||||
titles.append(key)
|
||||
row[key] = val
|
||||
rows.append(row)
|
||||
display.write_csv_file(rows, titles, 'User Invitations', todrive)
|
||||
@@ -1,26 +0,0 @@
|
||||
import gam
|
||||
from gam.var import GC_Values, GC_CUSTOMER_ID
|
||||
from gam import controlflow
|
||||
from gam import gapi
|
||||
from gam.gapi.directory import customer as gapi_directory_customer
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIServiceObject('cloudresourcemanager',
|
||||
act_as=None)
|
||||
|
||||
|
||||
def get_org_id():
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
crm = build()
|
||||
query = f'directorycustomerid:{GC_Values[GC_CUSTOMER_ID]}'
|
||||
results = gapi.call(crm.organizations(),
|
||||
'search',
|
||||
pageSize=1,
|
||||
fields='organizations/name',
|
||||
query=query)
|
||||
orgs = results.get('organizations')
|
||||
if not orgs:
|
||||
# return nothing and let calling API deal with it
|
||||
# since caller knows what GCP role would serve best
|
||||
return
|
||||
return orgs[0].get('name')
|
||||
@@ -1,96 +0,0 @@
|
||||
"""Contact Delegation API calls"""
|
||||
|
||||
import sys
|
||||
|
||||
import gam
|
||||
from gam.gapi.directory import users as gapi_directory_users
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('contactdelegation')
|
||||
|
||||
|
||||
def create(users):
|
||||
condel = build()
|
||||
delegate = gam.normalizeEmailAddressOrUID(sys.argv[5])
|
||||
delegate = gapi_directory_users.get_primary(delegate)
|
||||
if not delegate:
|
||||
controlflow.system_error_exit(5,
|
||||
f'{sys.argv[5]} is not the primary address of a user.')
|
||||
body = {'email': delegate}
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
print(
|
||||
f'Granting {delegate} contact delegate access to {user}{gam.currentCount(i, count)}'
|
||||
)
|
||||
gapi.call(condel.delegates(),
|
||||
'create',
|
||||
soft_errors=True,
|
||||
user=user,
|
||||
body=body)
|
||||
|
||||
|
||||
def delete(users):
|
||||
condel = build()
|
||||
delegate = gam.normalizeEmailAddressOrUID(sys.argv[5])
|
||||
delegate = gapi_directory_users.get_primary(delegate)
|
||||
if not delegate:
|
||||
controlflow.system_error_exit(5,
|
||||
f'{sys.argv[5]} is not the primary address of a user.')
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
print(
|
||||
f'Deleting {delegate} contact delegate access to {user}{gam.currentCount(i, count)}'
|
||||
)
|
||||
gapi.call(condel.delegates(),
|
||||
'delete',
|
||||
soft_errors=True,
|
||||
user=user,
|
||||
delegate=delegate)
|
||||
|
||||
|
||||
def print_(users, csvFormat):
|
||||
condel = build()
|
||||
if csvFormat:
|
||||
todrive = False
|
||||
csv_rows = []
|
||||
titles = ['User', 'delegateAddress']
|
||||
else:
|
||||
csvStyle = False
|
||||
i = 5
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if not csvFormat and myarg == 'csv':
|
||||
csvStyle = True
|
||||
i += 1
|
||||
elif csvFormat and myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print contactdelegation')
|
||||
page_message = gapi.got_total_items_msg('Contact Delegates', '...\n')
|
||||
for user in users:
|
||||
delegates = gapi.get_all_pages(condel.delegates(), 'list',
|
||||
'delegates',
|
||||
page_message=page_message,
|
||||
user=user)
|
||||
for delegate in delegates:
|
||||
if csvFormat:
|
||||
csv_rows.append({'User': user, 'delegateAddress': delegate['email']})
|
||||
else:
|
||||
if csvStyle:
|
||||
print(f'{user},{delegate["email"]}')
|
||||
else:
|
||||
print(
|
||||
f'Delegator: {user}\n Delegate Email: {delegate["email"]}\n'
|
||||
)
|
||||
if csvFormat:
|
||||
display.write_csv_file(csv_rows, titles, 'Contact Delegates', todrive)
|
||||
@@ -1,8 +0,0 @@
|
||||
import gam
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('directory')
|
||||
|
||||
def build_beta():
|
||||
return gam.buildGAPIObject('directory_beta')
|
||||
@@ -1,57 +0,0 @@
|
||||
import sys
|
||||
|
||||
from gam.var import *
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam import utils
|
||||
|
||||
|
||||
def info(users):
|
||||
cd = gapi_directory.build()
|
||||
for user in users:
|
||||
asps = gapi.get_items(cd.asps(), 'list', 'items', userKey=user)
|
||||
if asps:
|
||||
print(f'Application-Specific Passwords for {user}')
|
||||
for asp in asps:
|
||||
if asp['creationTime'] == '0':
|
||||
created_date = 'Unknown'
|
||||
else:
|
||||
created_date = utils.formatTimestampYMDHMS(
|
||||
asp['creationTime'])
|
||||
if asp['lastTimeUsed'] == '0':
|
||||
used_date = 'Never'
|
||||
else:
|
||||
last_used = asp['lastTimeUsed']
|
||||
used_date = utils.formatTimestampYMDHMS(last_used)
|
||||
print(f' ID: {asp["codeId"]}\n' \
|
||||
f' Name: {asp["name"]}\n' \
|
||||
f' Created: {created_date}\n' \
|
||||
f' Last Used: {used_date}\n')
|
||||
else:
|
||||
print(f' no ASPs for {user}\n')
|
||||
|
||||
|
||||
def delete(users, cd=None, codeIdList=None):
|
||||
if not cd:
|
||||
cd = gapi_directory.build()
|
||||
if not codeIdList:
|
||||
codeIdList = sys.argv[5].lower()
|
||||
if codeIdList == 'all':
|
||||
allCodeIds = True
|
||||
else:
|
||||
allCodeIds = False
|
||||
codeIds = codeIdList.replace(',', ' ').split()
|
||||
for user in users:
|
||||
if allCodeIds:
|
||||
print(f'Getting Application Specific Passwords for {user}')
|
||||
asps = gapi.get_items(cd.asps(),
|
||||
'list',
|
||||
'items',
|
||||
userKey=user,
|
||||
fields='items/codeId')
|
||||
codeIds = [asp['codeId'] for asp in asps]
|
||||
if not codeIds:
|
||||
print('No ASPs')
|
||||
for codeId in codeIds:
|
||||
gapi.call(cd.asps(), 'delete', userKey=user, codeId=codeId)
|
||||
print(f'deleted ASP {codeId} for {user}')
|
||||
@@ -1,945 +0,0 @@
|
||||
import datetime
|
||||
import json
|
||||
import os
|
||||
import sys
|
||||
import time
|
||||
|
||||
import googleapiclient
|
||||
|
||||
from gam.var import *
|
||||
import gam
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import fileutils
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
from gam import utils
|
||||
|
||||
|
||||
def _display_cros_command_result(cd, device_id, command_id, times_to_check_status):
|
||||
print(f'deviceId: {device_id}, commandId: {command_id}')
|
||||
final_states = {'EXPIRED', 'CANCELLED', 'EXECUTED_BY_CLIENT'}
|
||||
for _ in range(0, times_to_check_status):
|
||||
time.sleep(2)
|
||||
result = gapi.call(cd.customer().devices().chromeos().commands(), 'get',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID], deviceId=device_id,
|
||||
commandId=command_id)
|
||||
display.print_json(result)
|
||||
if result.get('state') in final_states:
|
||||
return
|
||||
|
||||
def issue_command():
|
||||
cd = gapi_directory.build()
|
||||
i, devices = getCrOSDeviceEntity(3, cd)
|
||||
body = {}
|
||||
valid_commands = gapi.get_enum_values_minus_unspecified(
|
||||
cd._rootDesc['schemas']
|
||||
['DirectoryChromeosdevicesIssueCommandRequest']
|
||||
['properties']['commandType']['enum'])
|
||||
command_map = {}
|
||||
for valid_command in valid_commands:
|
||||
v = valid_command.lower().replace('_', '')
|
||||
command_map[v] = valid_command
|
||||
times_to_check_status = 1
|
||||
doit = False
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'command':
|
||||
command = sys.argv[i+1].lower().replace('_', '')
|
||||
if command not in command_map:
|
||||
controlflow.system_error_exit(2, f'expected command of ' \
|
||||
f'{", ".join(valid_commands)} got {command}')
|
||||
body['commandType'] = command_map[command]
|
||||
i += 2
|
||||
if command == 'setvolume':
|
||||
body['payload'] = json.dumps({'volume': sys.argv[i]})
|
||||
i += 1
|
||||
elif myarg == 'timestocheckstatus':
|
||||
times_to_check_status = int(sys.argv[i+1])
|
||||
i += 2
|
||||
elif myarg == 'doit':
|
||||
doit = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam issuecommand cros')
|
||||
if 'commandType' not in body:
|
||||
controlflow.missing_argument_exit('command <CrOSCommand>', 'gam issuecommand cros')
|
||||
if body['commandType'] == 'WIPE_USERS' and not doit:
|
||||
controlflow.system_error_exit(2, 'wipe_users command requires admin ' \
|
||||
'acknowledge user data will be destroyed with the ' \
|
||||
'doit argument')
|
||||
if body['commandType'] == 'REMOTE_POWERWASH' and not doit:
|
||||
controlflow.system_error_exit(2, 'remote_powerwash command requires ' \
|
||||
'admin acknowledge user data will be destroyed, device will need' \
|
||||
' to be reconnected to WiFi and re-enrolled with the doit argument')
|
||||
for device_id in devices:
|
||||
try:
|
||||
result = gapi.call(cd.customer().devices().chromeos(), 'issueCommand',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID], deviceId=device_id,
|
||||
throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O],
|
||||
body=body)
|
||||
except googleapiclient.errors.HttpError:
|
||||
controlflow.system_error_exit(4, '400 response from Google. This ' \
|
||||
'usually indicates the devices was not in a state where it will' \
|
||||
' accept the command. For example, reboot, set_volume and take_a_screenshot' \
|
||||
' require the device to be in auto-start kiosk app mode.')
|
||||
command_id = result.get('commandId')
|
||||
_display_cros_command_result(cd, device_id, command_id, times_to_check_status)
|
||||
|
||||
def get_command():
|
||||
cd = gapi_directory.build()
|
||||
i, devices = getCrOSDeviceEntity(3, cd)
|
||||
command_id = None
|
||||
times_to_check_status = 1
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'commandid':
|
||||
command_id = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'timestocheckstatus':
|
||||
times_to_check_status = int(sys.argv[i+1])
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam getcommand cros')
|
||||
for device_id in devices:
|
||||
_display_cros_command_result(cd, device_id, command_id, times_to_check_status)
|
||||
|
||||
def doUpdateCros():
|
||||
cd = gapi_directory.build()
|
||||
i, devices = getCrOSDeviceEntity(3, cd)
|
||||
update_body = {}
|
||||
action_body = {}
|
||||
orgUnitPath = None
|
||||
ack_wipe = False
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'user':
|
||||
update_body['annotatedUser'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'location':
|
||||
update_body['annotatedLocation'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'notes':
|
||||
update_body['notes'] = sys.argv[i + 1].replace('\\n', '\n')
|
||||
i += 2
|
||||
elif myarg in ['tag', 'asset', 'assetid']:
|
||||
update_body['annotatedAssetId'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['ou', 'org']:
|
||||
orgUnitPath = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'action':
|
||||
action = sys.argv[i + 1].lower().replace('_', '').replace('-', '')
|
||||
deprovisionReason = None
|
||||
if action in [
|
||||
'deprovisionsamemodelreplace',
|
||||
'deprovisionsamemodelreplacement'
|
||||
]:
|
||||
action = 'deprovision'
|
||||
deprovisionReason = 'same_model_replacement'
|
||||
elif action in [
|
||||
'deprovisiondifferentmodelreplace',
|
||||
'deprovisiondifferentmodelreplacement'
|
||||
]:
|
||||
action = 'deprovision'
|
||||
deprovisionReason = 'different_model_replacement'
|
||||
elif action in ['deprovisionretiringdevice']:
|
||||
action = 'deprovision'
|
||||
deprovisionReason = 'retiring_device'
|
||||
elif action == 'deprovisionupgradetransfer':
|
||||
action = 'deprovision'
|
||||
deprovisionReason = 'upgrade_transfer'
|
||||
elif action in ['disable', 'reenable']:
|
||||
pass
|
||||
elif action == 'preprovisioneddisable':
|
||||
action = 'pre_provisioned_disable'
|
||||
elif action == 'preprovisionedreenable':
|
||||
action = 'pre_provisioned_reenable'
|
||||
else:
|
||||
controlflow.system_error_exit(2, f'expected action of ' \
|
||||
f'deprovision_same_model_replace, ' \
|
||||
f'deprovision_different_model_replace, ' \
|
||||
f'deprovision_retiring_device, ' \
|
||||
f'deprovision_upgrade_transfer, disable, reenable, '\
|
||||
f'pre_provisioned_disable, pre_provisioned_reenable'\
|
||||
f' got {action}')
|
||||
action_body = {'action': action}
|
||||
if deprovisionReason:
|
||||
action_body['deprovisionReason'] = deprovisionReason
|
||||
i += 2
|
||||
elif myarg == 'acknowledgedevicetouchrequirement':
|
||||
ack_wipe = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam update cros')
|
||||
i = 0
|
||||
count = len(devices)
|
||||
if action_body:
|
||||
if action_body['action'] == 'deprovision' and not ack_wipe:
|
||||
print(f'WARNING: Refusing to deprovision {count} devices because '
|
||||
'acknowledge_device_touch_requirement not specified. ' \
|
||||
'Deprovisioning a device means the device will have to ' \
|
||||
'be physically wiped and re-enrolled to be managed by ' \
|
||||
'your domain again. This requires physical access to ' \
|
||||
'the device and is very time consuming to perform for ' \
|
||||
'each device. Please add ' \
|
||||
'"acknowledge_device_touch_requirement" to the GAM ' \
|
||||
'command if you understand this and wish to proceed ' \
|
||||
'with the deprovision. Please also be aware that ' \
|
||||
'deprovisioning can have an effect on your device ' \
|
||||
'license count. See ' \
|
||||
'https://support.google.com/chrome/a/answer/3523633 '\
|
||||
'for full details.')
|
||||
sys.exit(3)
|
||||
for deviceId in devices:
|
||||
i += 1
|
||||
cur_count = gam.currentCount(i, count)
|
||||
print(f' performing action {action} for {deviceId}{cur_count}')
|
||||
gapi.call(cd.chromeosdevices(),
|
||||
function='action',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
resourceId=deviceId,
|
||||
body=action_body)
|
||||
else:
|
||||
if update_body:
|
||||
for deviceId in devices:
|
||||
i += 1
|
||||
current_count = gam.currentCount(i, count)
|
||||
print(f' updating {deviceId}{current_count}')
|
||||
gapi.call(cd.chromeosdevices(),
|
||||
'update',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
deviceId=deviceId,
|
||||
body=update_body)
|
||||
if orgUnitPath:
|
||||
# split moves into max 50 devices per batch
|
||||
for l in range(0, len(devices), 50):
|
||||
move_body = {'deviceIds': devices[l:l + 50]}
|
||||
print(f' moving {len(move_body["deviceIds"])} devices to ' \
|
||||
f'{orgUnitPath}')
|
||||
gapi.call(cd.chromeosdevices(),
|
||||
'moveDevicesToOu',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=orgUnitPath,
|
||||
body=move_body)
|
||||
|
||||
|
||||
def doGetCrosInfo():
|
||||
cd = gapi_directory.build()
|
||||
i, devices = getCrOSDeviceEntity(3, cd)
|
||||
downloadfile = None
|
||||
targetFolder = GC_Values[GC_DRIVE_DIR]
|
||||
projection = None
|
||||
fieldsList = []
|
||||
noLists = False
|
||||
startDate = endDate = None
|
||||
listLimit = 0
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'nolists':
|
||||
noLists = True
|
||||
i += 1
|
||||
elif myarg == 'listlimit':
|
||||
listLimit = gam.getInteger(sys.argv[i + 1], myarg, minVal=-1)
|
||||
i += 2
|
||||
elif myarg in CROS_START_ARGUMENTS:
|
||||
startDate = _getFilterDate(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg in CROS_END_ARGUMENTS:
|
||||
endDate = _getFilterDate(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'allfields':
|
||||
projection = 'FULL'
|
||||
fieldsList = []
|
||||
i += 1
|
||||
elif myarg in PROJECTION_CHOICES_MAP:
|
||||
projection = PROJECTION_CHOICES_MAP[myarg]
|
||||
if projection == 'FULL':
|
||||
fieldsList = []
|
||||
else:
|
||||
fieldsList = CROS_BASIC_FIELDS_LIST[:]
|
||||
i += 1
|
||||
elif myarg in CROS_ARGUMENT_TO_PROPERTY_MAP:
|
||||
fieldsList.extend(CROS_ARGUMENT_TO_PROPERTY_MAP[myarg])
|
||||
i += 1
|
||||
elif myarg == 'fields':
|
||||
fieldNameList = sys.argv[i + 1]
|
||||
for field in fieldNameList.lower().replace(',', ' ').split():
|
||||
if field in CROS_ARGUMENT_TO_PROPERTY_MAP:
|
||||
fieldsList.extend(CROS_ARGUMENT_TO_PROPERTY_MAP[field])
|
||||
if field in CROS_ACTIVE_TIME_RANGES_ARGUMENTS + \
|
||||
CROS_DEVICE_FILES_ARGUMENTS + \
|
||||
CROS_RECENT_USERS_ARGUMENTS:
|
||||
projection = 'FULL'
|
||||
noLists = False
|
||||
else:
|
||||
controlflow.invalid_argument_exit(field,
|
||||
'gam info cros fields')
|
||||
i += 2
|
||||
elif myarg == 'downloadfile':
|
||||
downloadfile = sys.argv[i + 1]
|
||||
if downloadfile.lower() == 'latest':
|
||||
downloadfile = downloadfile.lower()
|
||||
i += 2
|
||||
elif myarg == 'targetfolder':
|
||||
targetFolder = os.path.expanduser(sys.argv[i + 1])
|
||||
if not os.path.isdir(targetFolder):
|
||||
os.makedirs(targetFolder)
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam info cros')
|
||||
if fieldsList:
|
||||
fieldsList.append('deviceId')
|
||||
fields = ','.join(set(fieldsList)).replace('.', '/')
|
||||
else:
|
||||
fields = None
|
||||
i = 0
|
||||
device_count = len(devices)
|
||||
for deviceId in devices:
|
||||
i += 1
|
||||
cros = gapi.call(cd.chromeosdevices(),
|
||||
'get',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
deviceId=deviceId,
|
||||
projection=projection,
|
||||
fields=fields)
|
||||
print(f'CrOS Device: {deviceId} ({i} of {device_count})')
|
||||
if 'notes' in cros:
|
||||
cros['notes'] = cros['notes'].replace('\n', '\\n')
|
||||
if 'autoUpdateExpiration' in cros:
|
||||
cros['autoUpdateExpiration'] = utils.formatTimestampYMD(
|
||||
cros['autoUpdateExpiration'])
|
||||
if 'orgUnitId' in cros:
|
||||
cros['orgUnitId'] = f"id:{cros['orgUnitId']}"
|
||||
_checkTPMVulnerability(cros)
|
||||
for up in CROS_SCALAR_PROPERTY_PRINT_ORDER:
|
||||
if up in cros:
|
||||
if isinstance(cros[up], str):
|
||||
print(f' {up}: {cros[up]}')
|
||||
else:
|
||||
sys.stdout.write(f' {up}:')
|
||||
display.print_json(cros[up], ' ')
|
||||
if not noLists:
|
||||
activeTimeRanges = _filterTimeRanges(
|
||||
cros.get('activeTimeRanges', []), startDate, endDate)
|
||||
lenATR = len(activeTimeRanges)
|
||||
if lenATR:
|
||||
print(' activeTimeRanges')
|
||||
num_ranges = min(lenATR, listLimit or lenATR)
|
||||
for activeTimeRange in activeTimeRanges[:num_ranges]:
|
||||
active_date = activeTimeRange['date']
|
||||
active_time = activeTimeRange['activeTime']
|
||||
duration = utils.formatMilliSeconds(active_time)
|
||||
minutes = active_time // 60000
|
||||
print(f' date: {active_date}')
|
||||
print(f' activeTime: {active_time}')
|
||||
print(f' duration: {duration}')
|
||||
print(f' minutes: {minutes}')
|
||||
recentUsers = cros.get('recentUsers', [])
|
||||
lenRU = len(recentUsers)
|
||||
if lenRU:
|
||||
print(' recentUsers')
|
||||
num_ranges = min(lenRU, listLimit or lenRU)
|
||||
for recentUser in recentUsers[:num_ranges]:
|
||||
useremail = recentUser.get('email')
|
||||
if not useremail:
|
||||
if recentUser['type'] == 'USER_TYPE_UNMANAGED':
|
||||
useremail = 'UnmanagedUser'
|
||||
else:
|
||||
useremail = 'Unknown'
|
||||
print(f' type: {recentUser["type"]}')
|
||||
print(f' email: {useremail}')
|
||||
deviceFiles = _filterCreateReportTime(cros.get('deviceFiles',
|
||||
[]), 'createTime',
|
||||
startDate, endDate)
|
||||
lenDF = len(deviceFiles)
|
||||
if lenDF:
|
||||
num_ranges = min(lenDF, listLimit or lenDF)
|
||||
print(' deviceFiles')
|
||||
for deviceFile in deviceFiles[:num_ranges]:
|
||||
device_type = deviceFile['type']
|
||||
create_time = deviceFile['createTime']
|
||||
print(f' {device_type}: {create_time}')
|
||||
if downloadfile:
|
||||
deviceFiles = cros.get('deviceFiles', [])
|
||||
lenDF = len(deviceFiles)
|
||||
if lenDF:
|
||||
if downloadfile == 'latest':
|
||||
deviceFile = deviceFiles[-1]
|
||||
else:
|
||||
for deviceFile in deviceFiles:
|
||||
if deviceFile['createTime'] == downloadfile:
|
||||
break
|
||||
else:
|
||||
print(f'ERROR: file {downloadfile} not ' \
|
||||
f'available to download.')
|
||||
deviceFile = None
|
||||
if deviceFile:
|
||||
created = deviceFile['createTime']
|
||||
downloadfile = f'cros-logs-{deviceId}-{created}.zip'
|
||||
downloadfilename = os.path.join(targetFolder,
|
||||
downloadfile)
|
||||
dl_url = deviceFile['downloadUrl']
|
||||
_, content = cd._http.request(dl_url)
|
||||
fileutils.write_file(downloadfilename,
|
||||
content,
|
||||
mode='wb',
|
||||
continue_on_error=True)
|
||||
print(f'Downloaded: {downloadfilename}')
|
||||
elif downloadfile:
|
||||
print('ERROR: no files to download.')
|
||||
cpuStatusReports = _filterCreateReportTime(
|
||||
cros.get('cpuStatusReports', []), 'reportTime', startDate,
|
||||
endDate)
|
||||
lenCSR = len(cpuStatusReports)
|
||||
if lenCSR:
|
||||
print(' cpuStatusReports')
|
||||
num_ranges = min(lenCSR, listLimit or lenCSR)
|
||||
for cpuStatusReport in cpuStatusReports[:num_ranges]:
|
||||
print(f' reportTime: {cpuStatusReport["reportTime"]}')
|
||||
print(' cpuTemperatureInfo')
|
||||
tempInfos = cpuStatusReport.get('cpuTemperatureInfo', [])
|
||||
for tempInfo in tempInfos:
|
||||
temp_label = tempInfo['label'].strip()
|
||||
temperature = tempInfo['temperature']
|
||||
print(f' {temp_label}: {temperature}')
|
||||
if 'cpuUtilizationPercentageInfo' in cpuStatusReport:
|
||||
pct_info = cpuStatusReport['cpuUtilizationPercentageInfo']
|
||||
util = ','.join([str(x) for x in pct_info])
|
||||
print(f' cpuUtilizationPercentageInfo: {util}')
|
||||
diskVolumeReports = cros.get('diskVolumeReports', [])
|
||||
lenDVR = len(diskVolumeReports)
|
||||
if lenDVR:
|
||||
print(' diskVolumeReports')
|
||||
print(' volumeInfo')
|
||||
num_ranges = min(lenDVR, listLimit or lenDVR)
|
||||
for diskVolumeReport in diskVolumeReports[:num_ranges]:
|
||||
volumeInfo = diskVolumeReport['volumeInfo']
|
||||
for volume in volumeInfo:
|
||||
vid = volume['volumeId']
|
||||
vstorage_free = volume['storageFree']
|
||||
vstorage_total = volume['storageTotal']
|
||||
print(f' volumeId: {vid}')
|
||||
print(f' storageFree: {vstorage_free}')
|
||||
print(f' storageTotal: {vstorage_total}')
|
||||
systemRamFreeReports = _filterCreateReportTime(
|
||||
cros.get('systemRamFreeReports', []), 'reportTime', startDate,
|
||||
endDate)
|
||||
lenSRFR = len(systemRamFreeReports)
|
||||
if lenSRFR:
|
||||
print(' systemRamFreeReports')
|
||||
num_ranges = min(lenSRFR, listLimit or lenSRFR)
|
||||
for systemRamFreeReport in systemRamFreeReports[:num_ranges]:
|
||||
report_time = systemRamFreeReport['reportTime']
|
||||
free_info = systemRamFreeReport['systemRamFreeInfo']
|
||||
free_ram = ','.join(free_info)
|
||||
print(f' reportTime: {report_time}')
|
||||
print(f' systemRamFreeInfo: {free_ram}')
|
||||
|
||||
|
||||
def doPrintCrosActivity():
|
||||
cd = gapi_directory.build()
|
||||
todrive = False
|
||||
titles = [
|
||||
'deviceId', 'annotatedAssetId', 'annotatedLocation', 'serialNumber',
|
||||
'orgUnitPath'
|
||||
]
|
||||
csvRows = []
|
||||
fieldsList = [
|
||||
'deviceId', 'annotatedAssetId', 'annotatedLocation', 'serialNumber',
|
||||
'orgUnitPath'
|
||||
]
|
||||
startDate = endDate = None
|
||||
selectActiveTimeRanges = selectDeviceFiles = selectRecentUsers = False
|
||||
listLimit = 0
|
||||
delimiter = ','
|
||||
orgUnitPath = includeChildOrgunits = None
|
||||
queries = [None]
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['query', 'queries']:
|
||||
queries = gam.getQueries(myarg, sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg in {'limittoou', 'crosou', 'crosouandchildren'}:
|
||||
orgUnitPath = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
|
||||
includeChildOrgunits = myarg == 'crosouandchildren'
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in CROS_ACTIVE_TIME_RANGES_ARGUMENTS:
|
||||
selectActiveTimeRanges = True
|
||||
i += 1
|
||||
elif myarg in CROS_DEVICE_FILES_ARGUMENTS:
|
||||
selectDeviceFiles = True
|
||||
i += 1
|
||||
elif myarg in CROS_RECENT_USERS_ARGUMENTS:
|
||||
selectRecentUsers = True
|
||||
i += 1
|
||||
elif myarg == 'both':
|
||||
selectActiveTimeRanges = selectRecentUsers = True
|
||||
i += 1
|
||||
elif myarg == 'all':
|
||||
selectActiveTimeRanges = selectDeviceFiles = True
|
||||
selectRecentUsers = True
|
||||
i += 1
|
||||
elif myarg in CROS_START_ARGUMENTS:
|
||||
startDate = _getFilterDate(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg in CROS_END_ARGUMENTS:
|
||||
endDate = _getFilterDate(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'listlimit':
|
||||
listLimit = gam.getInteger(sys.argv[i + 1], myarg, minVal=0)
|
||||
i += 2
|
||||
elif myarg == 'delimiter':
|
||||
delimiter = sys.argv[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print crosactivity')
|
||||
if not selectActiveTimeRanges and \
|
||||
not selectDeviceFiles and \
|
||||
not selectRecentUsers:
|
||||
selectActiveTimeRanges = selectRecentUsers = True
|
||||
if selectRecentUsers:
|
||||
fieldsList.append('recentUsers')
|
||||
display.add_titles_to_csv_file([
|
||||
'recentUsers.email',
|
||||
], titles)
|
||||
if selectActiveTimeRanges:
|
||||
fieldsList.append('activeTimeRanges')
|
||||
titles_to_add = [
|
||||
'activeTimeRanges.date', 'activeTimeRanges.duration',
|
||||
'activeTimeRanges.minutes'
|
||||
]
|
||||
display.add_titles_to_csv_file(titles_to_add, titles)
|
||||
if selectDeviceFiles:
|
||||
fieldsList.append('deviceFiles')
|
||||
titles_to_add = ['deviceFiles.type', 'deviceFiles.createTime']
|
||||
display.add_titles_to_csv_file(titles_to_add, titles)
|
||||
fields = f'nextPageToken,chromeosdevices({",".join(fieldsList)})'
|
||||
for query in queries:
|
||||
gam.printGettingAllItems('CrOS Devices', query)
|
||||
page_message = gapi.got_total_items_msg('CrOS Devices', '...\n')
|
||||
all_cros = gapi.get_all_pages(cd.chromeosdevices(),
|
||||
'list',
|
||||
'chromeosdevices',
|
||||
page_message=page_message,
|
||||
query=query,
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
projection='FULL',
|
||||
orgUnitPath=orgUnitPath,
|
||||
includeChildOrgunits=includeChildOrgunits,
|
||||
fields=fields)
|
||||
for cros in all_cros:
|
||||
row = {}
|
||||
skip_attribs = ['recentUsers', 'activeTimeRanges', 'deviceFiles']
|
||||
for attrib in cros:
|
||||
if attrib not in skip_attribs:
|
||||
row[attrib] = cros[attrib]
|
||||
if selectActiveTimeRanges:
|
||||
activeTimeRanges = _filterTimeRanges(
|
||||
cros.get('activeTimeRanges', []), startDate, endDate)
|
||||
lenATR = len(activeTimeRanges)
|
||||
num_ranges = min(lenATR, listLimit or lenATR)
|
||||
for activeTimeRange in activeTimeRanges[:num_ranges]:
|
||||
newrow = row.copy()
|
||||
newrow['activeTimeRanges.date'] = activeTimeRange['date']
|
||||
active_time = activeTimeRange['activeTime']
|
||||
newrow['activeTimeRanges.duration'] = \
|
||||
utils.formatMilliSeconds(active_time)
|
||||
newrow['activeTimeRanges.minutes'] = \
|
||||
activeTimeRange['activeTime']//60000
|
||||
csvRows.append(newrow)
|
||||
if selectRecentUsers:
|
||||
recentUsers = cros.get('recentUsers', [])
|
||||
lenRU = len(recentUsers)
|
||||
num_ranges = min(lenRU, listLimit or lenRU)
|
||||
recent_users = []
|
||||
for recentUser in recentUsers[:num_ranges]:
|
||||
useremail = recentUser.get('email')
|
||||
if not useremail:
|
||||
if recentUser['type'] == 'USER_TYPE_UNMANAGED':
|
||||
useremail = 'UnmanagedUser'
|
||||
else:
|
||||
useremail = 'Unknown'
|
||||
recent_users.append(useremail)
|
||||
row['recentUsers.email'] = delimiter.join(recent_users)
|
||||
csvRows.append(row)
|
||||
if selectDeviceFiles:
|
||||
deviceFiles = _filterCreateReportTime(
|
||||
cros.get('deviceFiles', []), 'createTime', startDate,
|
||||
endDate)
|
||||
lenDF = len(deviceFiles)
|
||||
num_ranges = min(lenDF, listLimit or lenDF)
|
||||
for deviceFile in deviceFiles[:num_ranges]:
|
||||
newrow = row.copy()
|
||||
newrow['deviceFiles.type'] = deviceFile['type']
|
||||
create_time = deviceFile['createTime']
|
||||
newrow['deviceFiles.createTime'] = create_time
|
||||
csvRows.append(newrow)
|
||||
display.write_csv_file(csvRows, titles, 'CrOS Activity', todrive)
|
||||
|
||||
|
||||
def _checkTPMVulnerability(cros):
|
||||
if 'tpmVersionInfo' in cros and \
|
||||
'firmwareVersion' in cros['tpmVersionInfo']:
|
||||
firmware_version = cros['tpmVersionInfo']['firmwareVersion']
|
||||
if firmware_version in CROS_TPM_VULN_VERSIONS:
|
||||
cros['tpmVersionInfo']['tpmVulnerability'] = 'VULNERABLE'
|
||||
elif firmware_version in CROS_TPM_FIXED_VERSIONS:
|
||||
cros['tpmVersionInfo']['tpmVulnerability'] = 'UPDATED'
|
||||
else:
|
||||
cros['tpmVersionInfo']['tpmVulnerability'] = 'NOT IMPACTED'
|
||||
|
||||
|
||||
def doPrintCrosDevices():
|
||||
|
||||
def _getSelectedLists(myarg):
|
||||
if myarg in CROS_ACTIVE_TIME_RANGES_ARGUMENTS:
|
||||
selectedLists['activeTimeRanges'] = True
|
||||
elif myarg in CROS_RECENT_USERS_ARGUMENTS:
|
||||
selectedLists['recentUsers'] = True
|
||||
elif myarg in CROS_DEVICE_FILES_ARGUMENTS:
|
||||
selectedLists['deviceFiles'] = True
|
||||
elif myarg in CROS_CPU_STATUS_REPORTS_ARGUMENTS:
|
||||
selectedLists['cpuStatusReports'] = True
|
||||
elif myarg in CROS_DISK_VOLUME_REPORTS_ARGUMENTS:
|
||||
selectedLists['diskVolumeReports'] = True
|
||||
elif myarg in CROS_SYSTEM_RAM_FREE_REPORTS_ARGUMENTS:
|
||||
selectedLists['systemRamFreeReports'] = True
|
||||
|
||||
cd = gapi_directory.build()
|
||||
todrive = False
|
||||
fieldsList = []
|
||||
fieldsTitles = {}
|
||||
titles = []
|
||||
csvRows = []
|
||||
display.add_field_to_csv_file('deviceid', CROS_ARGUMENT_TO_PROPERTY_MAP,
|
||||
fieldsList, fieldsTitles, titles)
|
||||
projection = orderBy = sortOrder = orgUnitPath = includeChildOrgunits = None
|
||||
queries = [None]
|
||||
noLists = sortHeaders = False
|
||||
selectedLists = {}
|
||||
startDate = endDate = None
|
||||
listLimit = 0
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ['query', 'queries']:
|
||||
queries = gam.getQueries(myarg, sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg in {'limittoou', 'crosou', 'crosouandchildren'}:
|
||||
orgUnitPath = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
|
||||
includeChildOrgunits = myarg == 'crosouandchildren'
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg == 'nolists':
|
||||
noLists = True
|
||||
selectedLists = {}
|
||||
i += 1
|
||||
elif myarg == 'listlimit':
|
||||
listLimit = gam.getInteger(sys.argv[i + 1], myarg, minVal=0)
|
||||
i += 2
|
||||
elif myarg in CROS_START_ARGUMENTS:
|
||||
startDate = _getFilterDate(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg in CROS_END_ARGUMENTS:
|
||||
endDate = _getFilterDate(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'orderby':
|
||||
orderBy = sys.argv[i + 1].lower().replace('_', '')
|
||||
validOrderBy = [
|
||||
'location', 'user', 'lastsync', 'notes', 'serialnumber',
|
||||
'status', 'supportenddate'
|
||||
]
|
||||
if orderBy not in validOrderBy:
|
||||
controlflow.expected_argument_exit('orderby',
|
||||
', '.join(validOrderBy),
|
||||
orderBy)
|
||||
if orderBy == 'location':
|
||||
orderBy = 'annotatedLocation'
|
||||
elif orderBy == 'user':
|
||||
orderBy = 'annotatedUser'
|
||||
elif orderBy == 'lastsync':
|
||||
orderBy = 'lastSync'
|
||||
elif orderBy == 'serialnumber':
|
||||
orderBy = 'serialNumber'
|
||||
elif orderBy == 'supportenddate':
|
||||
orderBy = 'supportEndDate'
|
||||
i += 2
|
||||
elif myarg in SORTORDER_CHOICES_MAP:
|
||||
sortOrder = SORTORDER_CHOICES_MAP[myarg]
|
||||
i += 1
|
||||
elif myarg in PROJECTION_CHOICES_MAP:
|
||||
projection = PROJECTION_CHOICES_MAP[myarg]
|
||||
sortHeaders = True
|
||||
if projection == 'FULL':
|
||||
fieldsList = []
|
||||
else:
|
||||
fieldsList = CROS_BASIC_FIELDS_LIST[:]
|
||||
i += 1
|
||||
elif myarg == 'allfields':
|
||||
projection = 'FULL'
|
||||
sortHeaders = True
|
||||
fieldsList = []
|
||||
i += 1
|
||||
elif myarg == 'sortheaders':
|
||||
sortHeaders = True
|
||||
i += 1
|
||||
elif myarg in CROS_LISTS_ARGUMENTS:
|
||||
_getSelectedLists(myarg)
|
||||
i += 1
|
||||
elif myarg in CROS_ARGUMENT_TO_PROPERTY_MAP:
|
||||
display.add_field_to_fields_list(myarg,
|
||||
CROS_ARGUMENT_TO_PROPERTY_MAP,
|
||||
fieldsList)
|
||||
i += 1
|
||||
elif myarg == 'fields':
|
||||
fieldNameList = sys.argv[i + 1]
|
||||
for field in fieldNameList.lower().replace(',', ' ').split():
|
||||
if field in CROS_LISTS_ARGUMENTS:
|
||||
_getSelectedLists(field)
|
||||
elif field in CROS_ARGUMENT_TO_PROPERTY_MAP:
|
||||
display.add_field_to_fields_list(
|
||||
field, CROS_ARGUMENT_TO_PROPERTY_MAP, fieldsList)
|
||||
else:
|
||||
controlflow.invalid_argument_exit(field,
|
||||
'gam print cros fields')
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print cros')
|
||||
if selectedLists:
|
||||
noLists = False
|
||||
projection = 'FULL'
|
||||
for selectList in selectedLists:
|
||||
display.add_field_to_fields_list(selectList,
|
||||
CROS_ARGUMENT_TO_PROPERTY_MAP,
|
||||
fieldsList)
|
||||
if fieldsList:
|
||||
fieldsList.append('deviceId')
|
||||
fields = f'nextPageToken,chromeosdevices({",".join(set(fieldsList))})'.replace(
|
||||
'.', '/')
|
||||
else:
|
||||
fields = None
|
||||
for query in queries:
|
||||
gam.printGettingAllItems('CrOS Devices', query)
|
||||
page_message = gapi.got_total_items_msg('CrOS Devices', '...\n')
|
||||
all_cros = gapi.get_all_pages(cd.chromeosdevices(),
|
||||
'list',
|
||||
'chromeosdevices',
|
||||
page_message=page_message,
|
||||
query=query,
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
projection=projection,
|
||||
orgUnitPath=orgUnitPath,
|
||||
includeChildOrgunits=includeChildOrgunits,
|
||||
orderBy=orderBy,
|
||||
sortOrder=sortOrder,
|
||||
fields=fields)
|
||||
for cros in all_cros:
|
||||
_checkTPMVulnerability(cros)
|
||||
if not noLists and not selectedLists:
|
||||
for cros in all_cros:
|
||||
if 'notes' in cros:
|
||||
cros['notes'] = cros['notes'].replace('\n', '\\n')
|
||||
if 'autoUpdateExpiration' in cros:
|
||||
cros['autoUpdateExpiration'] = utils.formatTimestampYMD(
|
||||
cros['autoUpdateExpiration'])
|
||||
if 'orgUnitId' in cros:
|
||||
cros['orgUnitId'] = f"id:{cros['orgUnitId']}"
|
||||
for cpuStatusReport in cros.get('cpuStatusReports', []):
|
||||
tempInfos = cpuStatusReport.get('cpuTemperatureInfo', [])
|
||||
for tempInfo in tempInfos:
|
||||
tempInfo['label'] = tempInfo['label'].strip()
|
||||
display.add_row_titles_to_csv_file(
|
||||
utils.flatten_json(cros, listLimit=listLimit), csvRows,
|
||||
titles)
|
||||
continue
|
||||
for cros in all_cros:
|
||||
if 'notes' in cros:
|
||||
cros['notes'] = cros['notes'].replace('\n', '\\n')
|
||||
if 'autoUpdateExpiration' in cros:
|
||||
cros['autoUpdateExpiration'] = utils.formatTimestampYMD(
|
||||
cros['autoUpdateExpiration'])
|
||||
if 'orgUnitId' in cros:
|
||||
cros['orgUnitId'] = f"id:{cros['orgUnitId']}"
|
||||
row = {}
|
||||
for attrib in cros:
|
||||
if attrib not in {
|
||||
'kind', 'etag', 'tpmVersionInfo', 'recentUsers',
|
||||
'activeTimeRanges', 'deviceFiles', 'cpuStatusReports',
|
||||
'diskVolumeReports', 'systemRamFreeReports'
|
||||
}:
|
||||
row[attrib] = cros[attrib]
|
||||
if selectedLists.get('activeTimeRanges'):
|
||||
timergs = cros.get('activeTimeRanges', [])
|
||||
else:
|
||||
timergs = []
|
||||
activeTimeRanges = _filterTimeRanges(timergs, startDate, endDate)
|
||||
if selectedLists.get('recentUsers'):
|
||||
recentUsers = cros.get('recentUsers', [])
|
||||
else:
|
||||
recentUsers = []
|
||||
if selectedLists.get('deviceFiles'):
|
||||
device_files = cros.get('deviceFiles', [])
|
||||
else:
|
||||
device_files = []
|
||||
deviceFiles = _filterCreateReportTime(device_files, 'createTime',
|
||||
startDate, endDate)
|
||||
if selectedLists.get('cpuStatusReports'):
|
||||
cpu_reports = cros.get('cpuStatusReports', [])
|
||||
else:
|
||||
cpu_reports = []
|
||||
cpuStatusReports = _filterCreateReportTime(cpu_reports,
|
||||
'reportTime', startDate,
|
||||
endDate)
|
||||
if selectedLists.get('diskVolumeReports'):
|
||||
diskVolumeReports = cros.get('diskVolumeReports', [])
|
||||
else:
|
||||
diskVolumeReports = []
|
||||
if selectedLists.get('systemRamFreeReports'):
|
||||
ram_reports = cros.get('systemRamFreeReports', [])
|
||||
else:
|
||||
ram_reports = []
|
||||
systemRamFreeReports = _filterCreateReportTime(
|
||||
ram_reports, 'reportTime', startDate, endDate)
|
||||
if noLists or (not activeTimeRanges and \
|
||||
not recentUsers and \
|
||||
not deviceFiles and \
|
||||
not cpuStatusReports and \
|
||||
not diskVolumeReports and \
|
||||
not systemRamFreeReports):
|
||||
display.add_row_titles_to_csv_file(row, csvRows, titles)
|
||||
continue
|
||||
lenATR = len(activeTimeRanges)
|
||||
lenRU = len(recentUsers)
|
||||
lenDF = len(deviceFiles)
|
||||
lenCSR = len(cpuStatusReports)
|
||||
lenDVR = len(diskVolumeReports)
|
||||
lenSRFR = len(systemRamFreeReports)
|
||||
max_len = max(lenATR, lenRU, lenDF, lenCSR, lenDVR, lenSRFR)
|
||||
for i in range(min(max_len, listLimit or max_len)):
|
||||
nrow = row.copy()
|
||||
if i < lenATR:
|
||||
nrow['activeTimeRanges.date'] = \
|
||||
activeTimeRanges[i]['date']
|
||||
nrow['activeTimeRanges.activeTime'] = \
|
||||
str(activeTimeRanges[i]['activeTime'])
|
||||
active_time = activeTimeRanges[i]['activeTime']
|
||||
nrow['activeTimeRanges.duration'] = \
|
||||
utils.formatMilliSeconds(active_time)
|
||||
nrow['activeTimeRanges.minutes'] = active_time // 60000
|
||||
if i < lenRU:
|
||||
nrow['recentUsers.type'] = recentUsers[i]['type']
|
||||
nrow['recentUsers.email'] = recentUsers[i].get('email')
|
||||
if not nrow['recentUsers.email']:
|
||||
if nrow['recentUsers.type'] == 'USER_TYPE_UNMANAGED':
|
||||
nrow['recentUsers.email'] = 'UnmanagedUser'
|
||||
else:
|
||||
nrow['recentUsers.email'] = 'Unknown'
|
||||
if i < lenDF:
|
||||
nrow['deviceFiles.type'] = deviceFiles[i]['type']
|
||||
nrow['deviceFiles.createTime'] = \
|
||||
deviceFiles[i]['createTime']
|
||||
if i < lenCSR:
|
||||
nrow['cpuStatusReports.reportTime'] = \
|
||||
cpuStatusReports[i]['reportTime']
|
||||
tempInfos = cpuStatusReports[i].get('cpuTemperatureInfo', [])
|
||||
for tempInfo in tempInfos:
|
||||
label = tempInfo['label'].strip()
|
||||
base = 'cpuStatusReports.cpuTemperatureInfo.'
|
||||
nrow[f'{base}{label}'] = tempInfo['temperature']
|
||||
cpu_field = 'cpuUtilizationPercentageInfo'
|
||||
if cpu_field in cpuStatusReports[i]:
|
||||
cpu_reports = cpuStatusReports[i][cpu_field]
|
||||
cpu_pcts = [str(x) for x in cpu_reports]
|
||||
nrow[f'cpuStatusReports.{cpu_field}'] = ','.join(cpu_pcts)
|
||||
if i < lenDVR:
|
||||
volumeInfo = diskVolumeReports[i]['volumeInfo']
|
||||
j = 0
|
||||
vfield = 'diskVolumeReports.volumeInfo.'
|
||||
for volume in volumeInfo:
|
||||
nrow[f'{vfield}{j}.volumeId'] = \
|
||||
volume['volumeId']
|
||||
nrow[f'{vfield}{j}.storageFree'] = \
|
||||
volume['storageFree']
|
||||
nrow[f'{vfield}{j}.storageTotal'] = \
|
||||
volume['storageTotal']
|
||||
j += 1
|
||||
if i < lenSRFR:
|
||||
nrow['systemRamFreeReports.reportTime'] = \
|
||||
systemRamFreeReports[i]['reportTime']
|
||||
ram_reports = systemRamFreeReports[i]['systemRamFreeInfo']
|
||||
ram_info = [str(x) for x in ram_reports]
|
||||
nrow['systenRamFreeReports.systemRamFreeInfo'] = \
|
||||
','.join(ram_info)
|
||||
display.add_row_titles_to_csv_file(nrow, csvRows, titles)
|
||||
if sortHeaders:
|
||||
display.sort_csv_titles([
|
||||
'deviceId',
|
||||
], titles)
|
||||
display.write_csv_file(csvRows, titles, 'CrOS', todrive)
|
||||
|
||||
|
||||
def getCrOSDeviceEntity(i, cd):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'cros_sn':
|
||||
return i + 2, gam.getUsersToModify('cros_sn', sys.argv[i + 1])
|
||||
if myarg == 'query':
|
||||
return i + 2, gam.getUsersToModify('crosquery', sys.argv[i + 1])
|
||||
if myarg[:6] == 'query:':
|
||||
query = sys.argv[i][6:]
|
||||
if query[:12].lower() == 'orgunitpath:':
|
||||
kwargs = {'orgUnitPath': query[12:]}
|
||||
else:
|
||||
kwargs = {'query': query}
|
||||
fields = 'nextPageToken,chromeosdevices(deviceId)'
|
||||
devices = gapi.get_all_pages(cd.chromeosdevices(),
|
||||
'list',
|
||||
'chromeosdevices',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
fields=fields,
|
||||
**kwargs)
|
||||
return i + 1, [device['deviceId'] for device in devices]
|
||||
return i + 1, sys.argv[i].replace(',', ' ').split()
|
||||
|
||||
|
||||
def _getFilterDate(dateStr):
|
||||
return datetime.datetime.strptime(dateStr, YYYYMMDD_FORMAT)
|
||||
|
||||
|
||||
def _filterTimeRanges(activeTimeRanges, startDate, endDate):
|
||||
if startDate is None and endDate is None:
|
||||
return activeTimeRanges
|
||||
filteredTimeRanges = []
|
||||
for timeRange in activeTimeRanges:
|
||||
activityDate = datetime.datetime.strptime(timeRange['date'],
|
||||
YYYYMMDD_FORMAT)
|
||||
if ((startDate is None) or \
|
||||
(activityDate >= startDate)) and \
|
||||
((endDate is None) or \
|
||||
(activityDate <= endDate)):
|
||||
filteredTimeRanges.append(timeRange)
|
||||
return filteredTimeRanges
|
||||
|
||||
|
||||
def _filterCreateReportTime(items, timeField, startTime, endTime):
|
||||
if startTime is None and endTime is None:
|
||||
return items
|
||||
filteredItems = []
|
||||
time_format = '%Y-%m-%dT%H:%M:%S.%fZ'
|
||||
for item in items:
|
||||
timeValue = datetime.datetime.strptime(item[timeField], time_format)
|
||||
if ((startTime is None) or \
|
||||
(timeValue >= startTime)) and \
|
||||
((endTime is None) or \
|
||||
(timeValue <= endTime)):
|
||||
filteredItems.append(item)
|
||||
return filteredItems
|
||||
@@ -1,160 +0,0 @@
|
||||
import datetime
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi import reports as gapi_reports
|
||||
|
||||
|
||||
def _get_customerid():
|
||||
customer = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer != MY_CUSTOMER and customer[0] != 'C':
|
||||
customer = 'C' + customer
|
||||
return customer
|
||||
|
||||
def doGetCustomerInfo():
|
||||
cd = gapi_directory.build()
|
||||
customer_id = _get_customerid()
|
||||
customer_info = gapi.call(cd.customers(),
|
||||
'get',
|
||||
customerKey=customer_id)
|
||||
print(f'Customer ID: {customer_info["id"]}')
|
||||
fields = 'domains(creationTime,domainName,isPrimary,verified)'
|
||||
try:
|
||||
domains = gapi.call(
|
||||
cd.domains(),
|
||||
'list',
|
||||
fields=fields,
|
||||
customer=customer_id,
|
||||
throw_reasons=[gapi.errors.ErrorReason.DOMAIN_NOT_FOUND]).get('domains', [])
|
||||
for domain in domains:
|
||||
if domain.get('isPrimary'):
|
||||
primary_domain = domain
|
||||
break
|
||||
else:
|
||||
primary_domain = {}
|
||||
except gapi.errors.GapiDomainNotFoundError:
|
||||
primary_domain = {}
|
||||
print(f'Primary Domain: {primary_domain.get("domainName", "Unknown")}')
|
||||
print(f'Primary Domain Verified: {primary_domain.get("verified", "Unknown")}')
|
||||
# we'll assume creation time is time of oldest domain customer has
|
||||
oldest = 'Unknown'
|
||||
for domain in domains:
|
||||
creation_timestamp = int(domain['creationTime']) / 1000
|
||||
domain_creation = datetime.datetime.fromtimestamp(creation_timestamp)
|
||||
if oldest == 'Unknown' or domain_creation < oldest:
|
||||
oldest = domain_creation
|
||||
if oldest != 'Unknown':
|
||||
date_format = '%Y-%m-%dT%H:%M:%S.%fZ'
|
||||
oldest = oldest.strftime(date_format)
|
||||
print(f'Customer Creation Time: {oldest}')
|
||||
customer_language = customer_info.get('language', 'Unset or Unknown (defaults to en)')
|
||||
print(f'Default Language: {customer_language}')
|
||||
if 'postalAddress' in customer_info:
|
||||
print('Address:')
|
||||
for field in ADDRESS_FIELDS_PRINT_ORDER:
|
||||
if field in customer_info['postalAddress']:
|
||||
print(f' {field}: {customer_info["postalAddress"][field]}')
|
||||
if 'phoneNumber' in customer_info:
|
||||
print(f'Phone: {customer_info["phoneNumber"]}')
|
||||
print(f'Admin Secondary Email: {customer_info.get("alternateEmail", "Unknown")}')
|
||||
user_counts_map = {
|
||||
'accounts:num_users': 'Total Users',
|
||||
'accounts:gsuite_basic_total_licenses': 'G Suite Basic Licenses',
|
||||
'accounts:gsuite_basic_used_licenses': 'G Suite Basic Users',
|
||||
'accounts:gsuite_enterprise_total_licenses': 'Workspace Enterprise Plus ' \
|
||||
'Licenses',
|
||||
'accounts:gsuite_enterprise_used_licenses': 'Workspace Enterprise Plus ' \
|
||||
'Users',
|
||||
'accounts:gsuite_unlimited_total_licenses': 'G Suite Business ' \
|
||||
'Licenses',
|
||||
'accounts:gsuite_unlimited_used_licenses': 'G Suite Business Users'
|
||||
}
|
||||
parameters = ','.join(list(user_counts_map))
|
||||
tryDate = datetime.date.today().strftime(YYYYMMDD_FORMAT)
|
||||
reports_customer_id = customer_id
|
||||
if reports_customer_id == MY_CUSTOMER:
|
||||
reports_customer_id = None
|
||||
rep = gapi_reports.build()
|
||||
usage = None
|
||||
throw_reasons = [
|
||||
gapi.errors.ErrorReason.INVALID, gapi.errors.ErrorReason.FORBIDDEN
|
||||
]
|
||||
while True:
|
||||
try:
|
||||
result = gapi.call(rep.customerUsageReports(),
|
||||
'get',
|
||||
throw_reasons=throw_reasons,
|
||||
customerId=reports_customer_id,
|
||||
date=tryDate,
|
||||
parameters=parameters)
|
||||
except gapi.errors.GapiInvalidError as e:
|
||||
tryDate = gapi_reports._adjust_date(str(e))
|
||||
continue
|
||||
except gapi.errors.GapiForbiddenError:
|
||||
return
|
||||
fullDataRequired = ['accounts']
|
||||
usage = result.get('usageReports')
|
||||
fullData, tryDate = gapi_reports._check_full_data_available(
|
||||
result, tryDate, fullDataRequired, False)
|
||||
if fullData < 0:
|
||||
print('No user report available.')
|
||||
sys.exit(1)
|
||||
if fullData == 0:
|
||||
continue
|
||||
break
|
||||
print(f'User counts as of {tryDate}:')
|
||||
for item in usage[0]['parameters']:
|
||||
api_name = user_counts_map.get(item['name'])
|
||||
api_value = int(item.get('intValue', 0))
|
||||
if api_name and api_value:
|
||||
print(f' {api_name}: {api_value:,}')
|
||||
|
||||
|
||||
def doUpdateCustomer():
|
||||
cd = gapi_directory.build()
|
||||
body = {}
|
||||
customer_id = _get_customerid()
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg in ADDRESS_FIELDS_ARGUMENT_MAP:
|
||||
body.setdefault('postalAddress', {})
|
||||
arg = ADDRESS_FIELDS_ARGUMENT_MAP[myarg]
|
||||
body['postalAddress'][arg] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['adminsecondaryemail', 'alternateemail']:
|
||||
body['alternateEmail'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['phone', 'phonenumber']:
|
||||
body['phoneNumber'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'language':
|
||||
body['language'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg, 'gam update customer')
|
||||
if not body:
|
||||
controlflow.system_error_exit(
|
||||
2, 'no arguments specified for "gam '
|
||||
'update customer"')
|
||||
gapi.call(cd.customers(),
|
||||
'patch',
|
||||
customerKey=customer_id,
|
||||
body=body)
|
||||
print('Updated customer')
|
||||
|
||||
|
||||
def setTrueCustomerId(cd=None):
|
||||
customer_id = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer_id == MY_CUSTOMER:
|
||||
if not cd:
|
||||
cd = gapi_directory.build()
|
||||
result = gapi.call(cd.customers(),
|
||||
'get',
|
||||
customerKey=customer_id,
|
||||
fields='id')
|
||||
GC_Values[GC_CUSTOMER_ID] = result.get('id',
|
||||
customer_id)
|
||||
@@ -1,76 +0,0 @@
|
||||
import sys
|
||||
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam import utils
|
||||
|
||||
|
||||
def create():
|
||||
cd = gapi_directory.build()
|
||||
body = {'domainAliasName': sys.argv[3], 'parentDomainName': sys.argv[4]}
|
||||
print(f'Adding {body["domainAliasName"]} alias for ' \
|
||||
f'{body["parentDomainName"]}')
|
||||
gapi.call(cd.domainAliases(),
|
||||
'insert',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body)
|
||||
|
||||
|
||||
def delete():
|
||||
cd = gapi_directory.build()
|
||||
domainAliasName = sys.argv[3]
|
||||
print(f'Deleting domain alias {domainAliasName}')
|
||||
gapi.call(cd.domainAliases(),
|
||||
'delete',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
domainAliasName=domainAliasName)
|
||||
|
||||
|
||||
def info():
|
||||
cd = gapi_directory.build()
|
||||
alias = sys.argv[3]
|
||||
result = gapi.call(cd.domainAliases(),
|
||||
'get',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
domainAliasName=alias)
|
||||
if 'creationTime' in result:
|
||||
result['creationTime'] = utils.formatTimestampYMDHMSF(
|
||||
result['creationTime'])
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
def print_():
|
||||
cd = gapi_directory.build()
|
||||
todrive = False
|
||||
titles = [
|
||||
'domainAliasName',
|
||||
]
|
||||
csvRows = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print domainaliases')
|
||||
results = gapi.call(cd.domainAliases(),
|
||||
'list',
|
||||
customer=GC_Values[GC_CUSTOMER_ID])
|
||||
for domainAlias in results['domainAliases']:
|
||||
domainAlias_attributes = {}
|
||||
for attr in domainAlias:
|
||||
if attr in ['kind', 'etag']:
|
||||
continue
|
||||
if attr == 'creationTime':
|
||||
domainAlias[attr] = utils.formatTimestampYMDHMSF(
|
||||
domainAlias[attr])
|
||||
if attr not in titles:
|
||||
titles.append(attr)
|
||||
domainAlias_attributes[attr] = domainAlias[attr]
|
||||
csvRows.append(domainAlias_attributes)
|
||||
display.write_csv_file(csvRows, titles, 'Domains', todrive)
|
||||
@@ -1,124 +0,0 @@
|
||||
import sys
|
||||
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi.directory import customer as gapi_directory_customer
|
||||
from gam import utils
|
||||
|
||||
|
||||
def create():
|
||||
cd = gapi_directory.build()
|
||||
domain_name = sys.argv[3]
|
||||
body = {'domainName': domain_name}
|
||||
gapi.call(cd.domains(),
|
||||
'insert',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body)
|
||||
print(f'Added domain {domain_name}')
|
||||
|
||||
|
||||
def info():
|
||||
if (len(sys.argv) < 4) or (sys.argv[3] == 'logo'):
|
||||
gapi_directory_customer.doGetCustomerInfo()
|
||||
return
|
||||
cd = gapi_directory.build()
|
||||
domainName = sys.argv[3]
|
||||
result = gapi.call(cd.domains(),
|
||||
'get',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
domainName=domainName)
|
||||
if 'creationTime' in result:
|
||||
result['creationTime'] = utils.formatTimestampYMDHMSF(
|
||||
result['creationTime'])
|
||||
if 'domainAliases' in result:
|
||||
for i in range(0, len(result['domainAliases'])):
|
||||
if 'creationTime' in result['domainAliases'][i]:
|
||||
result['domainAliases'][i][
|
||||
'creationTime'] = utils.formatTimestampYMDHMSF(
|
||||
result['domainAliases'][i]['creationTime'])
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
def update():
|
||||
cd = gapi_directory.build()
|
||||
domain_name = sys.argv[3]
|
||||
i = 4
|
||||
body = {}
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'primary':
|
||||
body['customerDomain'] = domain_name
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam update domain')
|
||||
gapi.call(cd.customers(),
|
||||
'update',
|
||||
customerKey=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body)
|
||||
print(f'{domain_name} is now the primary domain.')
|
||||
|
||||
|
||||
def delete():
|
||||
cd = gapi_directory.build()
|
||||
domainName = sys.argv[3]
|
||||
print(f'Deleting domain {domainName}')
|
||||
gapi.call(cd.domains(),
|
||||
'delete',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
domainName=domainName)
|
||||
|
||||
|
||||
def print_():
|
||||
cd = gapi_directory.build()
|
||||
todrive = False
|
||||
titles = [
|
||||
'domainName',
|
||||
]
|
||||
csvRows = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print domains')
|
||||
results = gapi.call(cd.domains(),
|
||||
'list',
|
||||
customer=GC_Values[GC_CUSTOMER_ID])
|
||||
for domain in results.get('domains', []):
|
||||
domain_attributes = {}
|
||||
domain['type'] = ['secondary', 'primary'][domain['isPrimary']]
|
||||
for attr in domain:
|
||||
if attr in ['kind', 'etag', 'domainAliases', 'isPrimary']:
|
||||
continue
|
||||
if attr in [
|
||||
'creationTime',
|
||||
]:
|
||||
domain[attr] = utils.formatTimestampYMDHMSF(domain[attr])
|
||||
if attr not in titles:
|
||||
titles.append(attr)
|
||||
domain_attributes[attr] = domain[attr]
|
||||
csvRows.append(domain_attributes)
|
||||
if 'domainAliases' in domain:
|
||||
for aliasdomain in domain['domainAliases']:
|
||||
aliasdomain['domainName'] = aliasdomain['domainAliasName']
|
||||
del aliasdomain['domainAliasName']
|
||||
aliasdomain['type'] = 'alias'
|
||||
aliasdomain_attributes = {}
|
||||
for attr in aliasdomain:
|
||||
if attr in ['kind', 'etag']:
|
||||
continue
|
||||
if attr in [
|
||||
'creationTime',
|
||||
]:
|
||||
aliasdomain[attr] = utils.formatTimestampYMDHMSF(
|
||||
aliasdomain[attr])
|
||||
if attr not in titles:
|
||||
titles.append(attr)
|
||||
aliasdomain_attributes[attr] = aliasdomain[attr]
|
||||
csvRows.append(aliasdomain_attributes)
|
||||
display.write_csv_file(csvRows, titles, 'Domains', todrive)
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,237 +0,0 @@
|
||||
import sys
|
||||
import uuid
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam import utils
|
||||
|
||||
|
||||
def delete():
|
||||
cd = gapi_directory.build()
|
||||
resourceId = sys.argv[3]
|
||||
gapi.call(cd.mobiledevices(),
|
||||
'delete',
|
||||
resourceId=resourceId,
|
||||
customerId=GC_Values[GC_CUSTOMER_ID])
|
||||
|
||||
|
||||
|
||||
def info():
|
||||
cd = gapi_directory.build()
|
||||
resourceId = sys.argv[3]
|
||||
device_info = gapi.call(cd.mobiledevices(),
|
||||
'get',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
resourceId=resourceId)
|
||||
if 'deviceId' in device_info:
|
||||
device_info['deviceId'] = device_info['deviceId'].encode('unicode-escape').decode(
|
||||
UTF8)
|
||||
attrib = 'securityPatchLevel'
|
||||
if attrib in device_info and int(device_info[attrib]):
|
||||
device_info[attrib] = utils.formatTimestampYMDHMS(device_info[attrib])
|
||||
display.print_json(device_info)
|
||||
|
||||
|
||||
|
||||
def print_():
|
||||
cd = gapi_directory.build()
|
||||
todrive = False
|
||||
titles = []
|
||||
csvRows = []
|
||||
fields = None
|
||||
projection = orderBy = sortOrder = None
|
||||
queries = [None]
|
||||
delimiter = ' '
|
||||
listLimit = 1
|
||||
appsLimit = -1
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['query', 'queries']:
|
||||
queries = gam.getQueries(myarg, sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'delimiter':
|
||||
delimiter = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'listlimit':
|
||||
listLimit = gam.getInteger(sys.argv[i + 1], myarg, minVal=-1)
|
||||
i += 2
|
||||
elif myarg == 'appslimit':
|
||||
appsLimit = gam.getInteger(sys.argv[i + 1], myarg, minVal=-1)
|
||||
i += 2
|
||||
elif myarg == 'fields':
|
||||
fields = f'nextPageToken,mobiledevices({sys.argv[i+1]})'
|
||||
i += 2
|
||||
elif myarg == 'orderby':
|
||||
orderBy = sys.argv[i + 1].lower()
|
||||
validOrderBy = [
|
||||
'deviceid', 'email', 'lastsync', 'model', 'name', 'os',
|
||||
'status', 'type'
|
||||
]
|
||||
if orderBy not in validOrderBy:
|
||||
controlflow.expected_argument_exit('orderby',
|
||||
', '.join(validOrderBy),
|
||||
orderBy)
|
||||
if orderBy == 'lastsync':
|
||||
orderBy = 'lastSync'
|
||||
elif orderBy == 'deviceid':
|
||||
orderBy = 'deviceId'
|
||||
i += 2
|
||||
elif myarg in SORTORDER_CHOICES_MAP:
|
||||
sortOrder = SORTORDER_CHOICES_MAP[myarg]
|
||||
i += 1
|
||||
elif myarg in PROJECTION_CHOICES_MAP:
|
||||
projection = PROJECTION_CHOICES_MAP[myarg]
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print mobile')
|
||||
for query in queries:
|
||||
gam.printGettingAllItems('Mobile Devices', query)
|
||||
page_message = gapi.got_total_items_msg('Mobile Devices', '...\n')
|
||||
all_mobile = gapi.get_all_pages(cd.mobiledevices(),
|
||||
'list',
|
||||
'mobiledevices',
|
||||
page_message=page_message,
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
query=query,
|
||||
projection=projection,
|
||||
fields=fields,
|
||||
orderBy=orderBy,
|
||||
sortOrder=sortOrder)
|
||||
for mobile in all_mobile:
|
||||
row = {}
|
||||
for attrib in mobile:
|
||||
if attrib in ['kind', 'etag']:
|
||||
continue
|
||||
if attrib in ['name', 'email', 'otherAccountsInfo']:
|
||||
if attrib not in titles:
|
||||
titles.append(attrib)
|
||||
if listLimit > 0:
|
||||
row[attrib] = delimiter.join(
|
||||
mobile[attrib][0:listLimit])
|
||||
elif listLimit == 0:
|
||||
row[attrib] = delimiter.join(mobile[attrib])
|
||||
elif attrib == 'applications':
|
||||
if appsLimit >= 0:
|
||||
if attrib not in titles:
|
||||
titles.append(attrib)
|
||||
applications = []
|
||||
j = 0
|
||||
for app in mobile[attrib]:
|
||||
j += 1
|
||||
if appsLimit and (j > appsLimit):
|
||||
break
|
||||
appDetails = []
|
||||
for field in [
|
||||
'displayName', 'packageName', 'versionName'
|
||||
]:
|
||||
appDetails.append(app.get(field, '<None>'))
|
||||
appDetails.append(
|
||||
str(app.get('versionCode', '<None>')))
|
||||
permissions = app.get('permission', [])
|
||||
if permissions:
|
||||
appDetails.append('/'.join(permissions))
|
||||
else:
|
||||
appDetails.append('<None>')
|
||||
applications.append('-'.join(appDetails))
|
||||
row[attrib] = delimiter.join(applications)
|
||||
else:
|
||||
if attrib not in titles:
|
||||
titles.append(attrib)
|
||||
if attrib == 'deviceId':
|
||||
row[attrib] = mobile[attrib].encode(
|
||||
'unicode-escape').decode(UTF8)
|
||||
elif attrib == 'securityPatchLevel' and int(mobile[attrib]):
|
||||
row[attrib] = utils.formatTimestampYMDHMS(
|
||||
mobile[attrib])
|
||||
else:
|
||||
row[attrib] = mobile[attrib]
|
||||
csvRows.append(row)
|
||||
display.sort_csv_titles(
|
||||
['resourceId', 'deviceId', 'serialNumber', 'name', 'email', 'status'],
|
||||
titles)
|
||||
display.write_csv_file(csvRows, titles, 'Mobile', todrive)
|
||||
|
||||
|
||||
def update():
|
||||
cd = gapi_directory.build()
|
||||
resourceIds = sys.argv[3]
|
||||
match_users = None
|
||||
doit = False
|
||||
if resourceIds[:6] == 'query:':
|
||||
query = resourceIds[6:]
|
||||
fields = 'nextPageToken,mobiledevices(resourceId,email)'
|
||||
page_message = gapi.got_total_items_msg('Mobile Devices', '...\n')
|
||||
devices = gapi.get_all_pages(cd.mobiledevices(),
|
||||
'list',
|
||||
page_message=page_message,
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
items='mobiledevices',
|
||||
query=query,
|
||||
fields=fields)
|
||||
else:
|
||||
devices = [{'resourceId': resourceIds, 'email': ['not set']}]
|
||||
doit = True
|
||||
i = 4
|
||||
body = {}
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'action':
|
||||
body['action'] = sys.argv[i + 1].lower()
|
||||
validActions = [
|
||||
'wipe', 'wipeaccount', 'accountwipe', 'wipe_account',
|
||||
'account_wipe', 'approve', 'block',
|
||||
'cancel_remote_wipe_then_activate',
|
||||
'cancel_remote_wipe_then_block'
|
||||
]
|
||||
if body['action'] not in validActions:
|
||||
controlflow.expected_argument_exit('action',
|
||||
', '.join(validActions),
|
||||
body['action'])
|
||||
if body['action'] == 'wipe':
|
||||
body['action'] = 'admin_remote_wipe'
|
||||
elif body['action'].replace('_',
|
||||
'') in ['accountwipe', 'wipeaccount']:
|
||||
body['action'] = 'admin_account_wipe'
|
||||
i += 2
|
||||
elif myarg in ['ifusers', 'matchusers']:
|
||||
match_users = gam.getUsersToModify(entity_type=sys.argv[i + 1].lower(),
|
||||
entity=sys.argv[i + 2])
|
||||
i += 3
|
||||
elif myarg == 'doit':
|
||||
doit = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam update mobile')
|
||||
if body:
|
||||
if doit:
|
||||
print(f'Updating {len(devices)} devices')
|
||||
describe_as = 'Performing'
|
||||
else:
|
||||
print(
|
||||
f'Showing {len(devices)} changes that would be made, not actually making changes because doit argument not specified'
|
||||
)
|
||||
describe_as = 'Would perform'
|
||||
for device in devices:
|
||||
device_user = device.get('email', [''])[0]
|
||||
if match_users and device_user not in match_users:
|
||||
print(
|
||||
f'Skipping device for user {device_user} that did not match match_users argument'
|
||||
)
|
||||
else:
|
||||
print(
|
||||
f'{describe_as} {body["action"]} on user {device_user} device {device["resourceId"]}'
|
||||
)
|
||||
if doit:
|
||||
gapi.call(cd.mobiledevices(),
|
||||
'action',
|
||||
resourceId=device['resourceId'],
|
||||
body=body,
|
||||
customerId=GC_Values[GC_CUSTOMER_ID])
|
||||
@@ -1,464 +0,0 @@
|
||||
import sys
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi import errors as gapi_errors
|
||||
|
||||
|
||||
def _getAllParentOrgUnitsForUser(user, cd=None):
|
||||
if not cd:
|
||||
cd = gapi_directory.build()
|
||||
parent_path = gapi.call(cd.users(),
|
||||
'get',
|
||||
userKey=user,
|
||||
fields='orgUnitPath',
|
||||
projection='basic')['orgUnitPath']
|
||||
if parent_path == '/':
|
||||
orgUnitPath, orgUnitId = getOrgUnitId('/', cd)
|
||||
return {orgUnitId: orgUnitPath}
|
||||
parent_path = encodeOrgUnitPath(makeOrgUnitPathRelative(parent_path))
|
||||
orgUnits = {}
|
||||
while True:
|
||||
result = gapi.call(cd.orgunits(),
|
||||
'get',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=parent_path,
|
||||
fields='orgUnitId,orgUnitPath,parentOrgUnitId')
|
||||
orgUnits[result['orgUnitId']] = result['orgUnitPath']
|
||||
if 'parentOrgUnitId' not in result:
|
||||
break
|
||||
parent_path = result['parentOrgUnitId']
|
||||
return orgUnits
|
||||
|
||||
|
||||
def create():
|
||||
cd = gapi_directory.build()
|
||||
name = getOrgUnitItem(sys.argv[3], pathOnly=True, absolutePath=False)
|
||||
parent = ''
|
||||
body = {}
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'description':
|
||||
body['description'] = sys.argv[i + 1].replace('\\n', '\n')
|
||||
i += 2
|
||||
elif myarg == 'parent':
|
||||
parent = getOrgUnitItem(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'noinherit':
|
||||
body['blockInheritance'] = True
|
||||
i += 1
|
||||
elif myarg == 'inherit':
|
||||
body['blockInheritance'] = False
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam create org')
|
||||
if parent.startswith('id:'):
|
||||
parent = gapi.call(cd.orgunits(),
|
||||
'get',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=parent,
|
||||
fields='orgUnitPath')['orgUnitPath']
|
||||
if parent == '/':
|
||||
orgUnitPath = parent + name
|
||||
else:
|
||||
orgUnitPath = parent + '/' + name
|
||||
if orgUnitPath.count('/') > 1:
|
||||
body['parentOrgUnitPath'], body['name'] = orgUnitPath.rsplit('/', 1)
|
||||
else:
|
||||
body['parentOrgUnitPath'] = '/'
|
||||
body['name'] = orgUnitPath[1:]
|
||||
parent = body['parentOrgUnitPath']
|
||||
gapi.call(cd.orgunits(),
|
||||
'insert',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body,
|
||||
retry_reasons=[gapi_errors.ErrorReason.DAILY_LIMIT_EXCEEDED])
|
||||
print(f'Created OrgUnit {body["name"]}')
|
||||
|
||||
|
||||
def delete():
|
||||
cd = gapi_directory.build()
|
||||
name = getOrgUnitItem(sys.argv[3])
|
||||
print(f'Deleting organization {name}')
|
||||
gapi.call(cd.orgunits(),
|
||||
'delete',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=encodeOrgUnitPath(makeOrgUnitPathRelative(name)))
|
||||
|
||||
|
||||
def info(name=None, return_attrib=None):
|
||||
cd = gapi_directory.build()
|
||||
checkSuspended = None
|
||||
if not name:
|
||||
name = getOrgUnitItem(sys.argv[3])
|
||||
get_users = True
|
||||
show_children = False
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'nousers':
|
||||
get_users = False
|
||||
i += 1
|
||||
elif myarg in ['children', 'child']:
|
||||
show_children = True
|
||||
i += 1
|
||||
elif myarg in ['suspended', 'notsuspended']:
|
||||
checkSuspended = myarg == 'suspended'
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam info org')
|
||||
if name == '/':
|
||||
orgs = gapi.call(cd.orgunits(),
|
||||
'list',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
type='children',
|
||||
fields='organizationUnits/parentOrgUnitId')
|
||||
if 'organizationUnits' in orgs and orgs['organizationUnits']:
|
||||
name = orgs['organizationUnits'][0]['parentOrgUnitId']
|
||||
else:
|
||||
topLevelOrgId = getTopLevelOrgId(cd, '/')
|
||||
if topLevelOrgId:
|
||||
name = topLevelOrgId
|
||||
else:
|
||||
name = makeOrgUnitPathRelative(name)
|
||||
result = gapi.call(cd.orgunits(),
|
||||
'get',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=encodeOrgUnitPath(name))
|
||||
if return_attrib:
|
||||
return result[return_attrib]
|
||||
display.print_json(result)
|
||||
if get_users:
|
||||
name = result['orgUnitPath']
|
||||
page_message = gapi.got_total_items_first_last_msg('Users')
|
||||
users = gapi.get_all_pages(
|
||||
cd.users(),
|
||||
'list',
|
||||
'users',
|
||||
page_message=page_message,
|
||||
message_attribute='primaryEmail',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
query=orgUnitPathQuery(name, checkSuspended),
|
||||
fields='users(primaryEmail,orgUnitPath),nextPageToken')
|
||||
if checkSuspended is None:
|
||||
print('Users:')
|
||||
elif not checkSuspended:
|
||||
print('Users (Not suspended):')
|
||||
else:
|
||||
print('Users (Suspended):')
|
||||
for user in users:
|
||||
if show_children or (name.lower() == user['orgUnitPath'].lower()):
|
||||
sys.stdout.write(f' {user["primaryEmail"]}')
|
||||
if name.lower() != user['orgUnitPath'].lower():
|
||||
print(' (child)')
|
||||
else:
|
||||
print('')
|
||||
|
||||
|
||||
def list_orgunits(listType='all', orgUnitPath=None, fields=None):
|
||||
retrievedOrgIds = []
|
||||
parentOrgIds = []
|
||||
cd = gapi_directory.build()
|
||||
if fields:
|
||||
# Always get parentOrgUnitId so we can
|
||||
# find missing parents
|
||||
if 'parentOrgUnitId' not in fields:
|
||||
fields.append('parentOrgUnitId')
|
||||
get_fields = ','.join(fields)
|
||||
list_fields = f'organizationUnits({get_fields})'
|
||||
else:
|
||||
list_fields = None
|
||||
get_fields = None
|
||||
orgs = gapi.call(cd.orgunits(),
|
||||
'list',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
type=listType,
|
||||
orgUnitPath=orgUnitPath,
|
||||
fields=list_fields)
|
||||
if not 'organizationUnits' in orgs:
|
||||
topLevelOrgId = getTopLevelOrgId(cd, orgUnitPath)
|
||||
if topLevelOrgId:
|
||||
parentOrgIds.append(topLevelOrgId)
|
||||
orgunits = []
|
||||
else:
|
||||
orgunits = orgs['organizationUnits']
|
||||
for row in orgunits:
|
||||
retrievedOrgIds.append(row['orgUnitId'])
|
||||
if row['parentOrgUnitId'] not in parentOrgIds:
|
||||
parentOrgIds.append(row['parentOrgUnitId'])
|
||||
missing_parents = set(parentOrgIds) - set(retrievedOrgIds)
|
||||
for missing_parent in missing_parents:
|
||||
try:
|
||||
result = gapi.call(cd.orgunits(),
|
||||
'get',
|
||||
throw_reasons=['required'],
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=missing_parent,
|
||||
fields=get_fields)
|
||||
orgunits.append(result)
|
||||
except:
|
||||
pass
|
||||
return orgunits
|
||||
|
||||
|
||||
def print_():
|
||||
print_order = [
|
||||
'orgUnitPath', 'orgUnitId', 'name', 'description', 'parentOrgUnitPath',
|
||||
'parentOrgUnitId', 'blockInheritance'
|
||||
]
|
||||
listType = 'all'
|
||||
orgUnitPath = '/'
|
||||
todrive = False
|
||||
fields = ['orgUnitPath', 'name', 'orgUnitId', 'parentOrgUnitId']
|
||||
titles = []
|
||||
csvRows = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg == 'toplevelonly':
|
||||
listType = 'children'
|
||||
i += 1
|
||||
elif myarg == 'fromparent':
|
||||
orgUnitPath = getOrgUnitItem(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'allfields':
|
||||
fields = None
|
||||
i += 1
|
||||
elif myarg == 'fields':
|
||||
fields += sys.argv[i + 1].split(',')
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print orgs')
|
||||
gam.printGettingAllItems('Organizational Units', None)
|
||||
orgunits = list_orgunits(listType=listType,
|
||||
orgUnitPath=orgUnitPath,
|
||||
fields=fields)
|
||||
for row in orgunits:
|
||||
orgEntity = {}
|
||||
for key, value in list(row.items()):
|
||||
if key in ['kind', 'etag', 'etags']:
|
||||
continue
|
||||
if key not in titles:
|
||||
titles.append(key)
|
||||
orgEntity[key] = value
|
||||
csvRows.append(orgEntity)
|
||||
for title in titles:
|
||||
if title not in print_order:
|
||||
print_order.append(title)
|
||||
titles = sorted(titles, key=print_order.index)
|
||||
# sort results similar to how they list in admin console
|
||||
csvRows.sort(key=lambda x: x['orgUnitPath'].lower(), reverse=False)
|
||||
display.write_csv_file(csvRows, titles, 'Orgs', todrive)
|
||||
|
||||
|
||||
def orgid_to_org_map():
|
||||
orgunits = list_orgunits(fields=['orgUnitPath', 'orgUnitId'])
|
||||
result = {ou['orgUnitId']:ou['orgUnitPath'] for ou in orgunits}
|
||||
return result
|
||||
|
||||
def update():
|
||||
cd = gapi_directory.build()
|
||||
orgUnitPath = getOrgUnitItem(sys.argv[3])
|
||||
if sys.argv[4].lower() in ['move', 'add']:
|
||||
entity_type = sys.argv[5].lower()
|
||||
if entity_type in usergroup_types:
|
||||
users = gam.getUsersToModify(entity_type=entity_type,
|
||||
entity=sys.argv[6])
|
||||
else:
|
||||
entity_type = 'users'
|
||||
users = gam.getUsersToModify(entity_type=entity_type,
|
||||
entity=sys.argv[5])
|
||||
if (entity_type.startswith('cros')) or (
|
||||
(entity_type == 'all') and (sys.argv[6].lower() == 'cros')):
|
||||
for l in range(0, len(users), 50):
|
||||
move_body = {'deviceIds': users[l:l + 50]}
|
||||
print(
|
||||
f' moving {len(move_body["deviceIds"])} devices to {orgUnitPath}'
|
||||
)
|
||||
gapi.call(cd.chromeosdevices(),
|
||||
'moveDevicesToOu',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=orgUnitPath,
|
||||
body=move_body)
|
||||
else:
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
sys.stderr.write(
|
||||
f' moving {user} to {orgUnitPath}{gam.currentCountNL(i, count)}'
|
||||
)
|
||||
try:
|
||||
gapi.call(cd.users(),
|
||||
'update',
|
||||
throw_reasons=[
|
||||
gapi_errors.ErrorReason.CONDITION_NOT_MET
|
||||
],
|
||||
userKey=user,
|
||||
body={'orgUnitPath': orgUnitPath})
|
||||
except gapi_errors.GapiConditionNotMetError:
|
||||
pass
|
||||
else:
|
||||
body = {}
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'name':
|
||||
body['name'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'description':
|
||||
body['description'] = sys.argv[i + 1].replace('\\n', '\n')
|
||||
i += 2
|
||||
elif myarg == 'parent':
|
||||
parent = getOrgUnitItem(sys.argv[i + 1])
|
||||
if parent.startswith('id:'):
|
||||
body['parentOrgUnitId'] = parent
|
||||
else:
|
||||
body['parentOrgUnitPath'] = parent
|
||||
i += 2
|
||||
elif myarg == 'noinherit':
|
||||
body['blockInheritance'] = True
|
||||
i += 1
|
||||
elif myarg == 'inherit':
|
||||
body['blockInheritance'] = False
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam update org')
|
||||
gapi.call(cd.orgunits(),
|
||||
'update',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=encodeOrgUnitPath(
|
||||
makeOrgUnitPathRelative(orgUnitPath)),
|
||||
body=body)
|
||||
|
||||
|
||||
def orgUnitPathQuery(path, checkSuspended):
|
||||
query = "orgUnitPath='{}'".format(path.replace(
|
||||
"'", "\\'")) if path != '/' else ''
|
||||
if checkSuspended is not None:
|
||||
query += f' isSuspended={checkSuspended}'
|
||||
return query
|
||||
|
||||
|
||||
def makeOrgUnitPathAbsolute(path):
|
||||
if path == '/':
|
||||
return path
|
||||
if path.startswith('/'):
|
||||
return path.rstrip('/')
|
||||
if path.startswith('id:'):
|
||||
return path
|
||||
if path.startswith('uid:'):
|
||||
return path[1:]
|
||||
return '/' + path.rstrip('/')
|
||||
|
||||
|
||||
def makeOrgUnitPathRelative(path):
|
||||
if path == '/':
|
||||
return path
|
||||
if path.startswith('/'):
|
||||
return path[1:].rstrip('/')
|
||||
if path.startswith('id:'):
|
||||
return path
|
||||
if path.startswith('uid:'):
|
||||
return path[1:]
|
||||
return path.rstrip('/')
|
||||
|
||||
|
||||
def encodeOrgUnitPath(path):
|
||||
# 6.22 - This method no longer works.
|
||||
# % no longer needs encoding and + is handled incorrectly in API with or without encoding
|
||||
return path
|
||||
# if path.find('+') == -1 and path.find('%') == -1:
|
||||
# return path
|
||||
# encpath = ''
|
||||
# for c in path:
|
||||
# if c == '+':
|
||||
# encpath += '%2B'
|
||||
# elif c == '%':
|
||||
# encpath += '%25'
|
||||
# else:
|
||||
# encpath += c
|
||||
# return encpath
|
||||
|
||||
|
||||
def getOrgUnitItem(orgUnit, pathOnly=False, absolutePath=True):
|
||||
if pathOnly and (orgUnit.startswith('id:') or orgUnit.startswith('uid:')):
|
||||
controlflow.system_error_exit(
|
||||
2, f'{orgUnit} is not valid in this context')
|
||||
if absolutePath:
|
||||
return makeOrgUnitPathAbsolute(orgUnit)
|
||||
return makeOrgUnitPathRelative(orgUnit)
|
||||
|
||||
|
||||
def getTopLevelOrgId(cd, orgUnitPath):
|
||||
try:
|
||||
# create a temp org so we can learn what the top level org ID is (sigh)
|
||||
temp_org = gapi.call(cd.orgunits(),
|
||||
'insert',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
body={
|
||||
'name': 'temp-delete-me',
|
||||
'parentOrgUnitPath': orgUnitPath
|
||||
},
|
||||
fields='parentOrgUnitId,orgUnitId')
|
||||
gapi.call(cd.orgunits(),
|
||||
'delete',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=temp_org['orgUnitId'])
|
||||
return temp_org['parentOrgUnitId']
|
||||
except:
|
||||
pass
|
||||
return None
|
||||
|
||||
|
||||
def getOrgUnitId(orgUnit, cd=None):
|
||||
if cd is None:
|
||||
cd = gapi_directory.build()
|
||||
orgUnit = getOrgUnitItem(orgUnit)
|
||||
if orgUnit[:3] == 'id:':
|
||||
return (orgUnit, orgUnit)
|
||||
if orgUnit == '/':
|
||||
result = gapi.call(cd.orgunits(),
|
||||
'list',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath='/',
|
||||
type='children',
|
||||
fields='organizationUnits(parentOrgUnitId)')
|
||||
if result.get('organizationUnits', []):
|
||||
return (orgUnit, result['organizationUnits'][0]['parentOrgUnitId'])
|
||||
topLevelOrgId = getTopLevelOrgId(cd, '/')
|
||||
if topLevelOrgId:
|
||||
return (orgUnit, topLevelOrgId)
|
||||
return (orgUnit, '/') #Bogus but should never happen
|
||||
result = gapi.call(cd.orgunits(),
|
||||
'get',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=encodeOrgUnitPath(
|
||||
makeOrgUnitPathRelative(orgUnit)),
|
||||
fields='orgUnitId')
|
||||
return (orgUnit, result['orgUnitId'])
|
||||
|
||||
|
||||
def orgunit_from_orgunitid(orgunitid, cd=None):
|
||||
if cd is None:
|
||||
cd = gapi_directory.build()
|
||||
orgunitpath = GM_Globals[GM_MAP_ORGUNIT_ID_TO_NAME].get(orgunitid)
|
||||
if not orgunitpath:
|
||||
try:
|
||||
orgunitpath = gapi.call(cd.orgunits(),
|
||||
'get',
|
||||
customerId=GC_Values[GC_CUSTOMER_ID],
|
||||
orgUnitPath=f'id:{orgunitid}' if not orgunitid.startswith('id:') else orgunitid,
|
||||
fields='orgUnitPath')['orgUnitPath']
|
||||
except:
|
||||
orgunitpath = orgunitid
|
||||
GM_Globals[GM_MAP_ORGUNIT_ID_TO_NAME][orgunitid] = orgunitpath
|
||||
return orgunitpath
|
||||
@@ -1,187 +0,0 @@
|
||||
'''Commands to manage directory printers.'''
|
||||
# pylint: disable=unused-wildcard-import wildcard-import
|
||||
|
||||
import sys
|
||||
|
||||
import gam
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.var import *
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
|
||||
|
||||
def _get_customerid():
|
||||
''' returns customer in "customers/C{customer}" format needed for this API'''
|
||||
customer = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer != MY_CUSTOMER and customer[0] != 'C':
|
||||
customer = 'C' + customer
|
||||
return f'customers/{customer}'
|
||||
|
||||
def _get_printer_attributes(i, cdapi=None):
|
||||
'''get printer attributes for create/update commands'''
|
||||
body = {}
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'description':
|
||||
body['description'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'displayname':
|
||||
body['displayName'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'makeandmodel':
|
||||
body['makeAndModel'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg in ['ou', 'org', 'orgunit', 'orgunitid']:
|
||||
_, body['orgUnitId'] = gapi_directory_orgunits.getOrgUnitId(sys.argv[i+1], cdapi)
|
||||
body['orgUnitId'] = body['orgUnitId'][3:]
|
||||
i += 2
|
||||
elif myarg == 'uri':
|
||||
body['uri'] = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg in {'driverless', 'usedriverlessconfig'}:
|
||||
body['useDriverlessConfig'] = True
|
||||
i += 1
|
||||
return body
|
||||
|
||||
|
||||
def create():
|
||||
'''gam create printer'''
|
||||
cdapi = gapi_directory.build()
|
||||
parent = _get_customerid()
|
||||
body = _get_printer_attributes(3, cdapi)
|
||||
result = gapi.call(cdapi.customers().chrome().printers(),
|
||||
'create',
|
||||
parent=parent,
|
||||
body=body)
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
def delete():
|
||||
'''gam delete printer <PrinterIDList>|(file <FileName>)|(csvfile <FileName>:<FieldName>)'''
|
||||
cdapi = gapi_directory.build()
|
||||
customer_id = _get_customerid()
|
||||
printer_id = sys.argv[3]
|
||||
if printer_id.lower() not in {'file', 'csvfile'}:
|
||||
printer_ids = printer_id.replace(',', ' ').split()
|
||||
else:
|
||||
printer_ids = gam.getUsersToModify(f'cros{printer_id.lower()}', sys.argv[4])
|
||||
# max 50 per API call
|
||||
batch_size = 50
|
||||
for chunk in range(0, len(printer_ids), batch_size):
|
||||
body = {
|
||||
'printerIds': printer_ids[chunk:chunk + batch_size]
|
||||
}
|
||||
result = gapi.call(cdapi.customers().chrome().printers(),
|
||||
'batchDeletePrinters',
|
||||
parent=customer_id,
|
||||
body=body)
|
||||
for printer_id in result.get('printerIds', []):
|
||||
print(f'Deleted printer {printer_id}')
|
||||
for printer_id in result.get('failedPrinters', []):
|
||||
print(f'ERROR: failed to delete {printer_id.get("printerIds")}')
|
||||
|
||||
|
||||
def info():
|
||||
'''gam info printer'''
|
||||
cdapi = gapi_directory.build()
|
||||
customer = _get_customerid()
|
||||
printer_id = sys.argv[3]
|
||||
name = f'{customer}/chrome/printers/{printer_id}'
|
||||
printer = gapi.call(cdapi.customers().chrome().printers(),
|
||||
'get',
|
||||
name=name)
|
||||
if 'orgUnitId' in printer:
|
||||
printer['orgUnitPath'] = gapi_directory_orgunits.orgunit_from_orgunitid(
|
||||
printer['orgUnitId'], cdapi)
|
||||
display.print_json(printer)
|
||||
|
||||
|
||||
def print_():
|
||||
'''gam print printers'''
|
||||
cdapi = gapi_directory.build()
|
||||
parent = _get_customerid()
|
||||
filter_ = None
|
||||
todrive = False
|
||||
titles = []
|
||||
rows = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'filter':
|
||||
filter_ = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print printermodels')
|
||||
printers = gapi.get_all_pages(cdapi.customers().chrome().printers(),
|
||||
'list',
|
||||
items='printers',
|
||||
parent=parent,
|
||||
filter=filter_)
|
||||
for printer in printers:
|
||||
if 'orgUnitId' in printer:
|
||||
printer['orgUnitPath'] = gapi_directory_orgunits.orgunit_from_orgunitid(
|
||||
printer['orgUnitId'], cdapi)
|
||||
row = {}
|
||||
for key, val in printer.items():
|
||||
if key not in titles:
|
||||
titles.append(key)
|
||||
row[key] = val
|
||||
rows.append(row)
|
||||
display.write_csv_file(rows, titles, 'Printers', todrive)
|
||||
|
||||
|
||||
def print_models():
|
||||
'''gam print printermodels'''
|
||||
cdapi = gapi_directory.build()
|
||||
parent = _get_customerid()
|
||||
filter_ = None
|
||||
todrive = False
|
||||
titles = []
|
||||
rows = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'filter':
|
||||
filter_ = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print printermodels')
|
||||
models = gapi.get_all_pages(cdapi.customers().chrome().printers(),
|
||||
'listPrinterModels',
|
||||
items='printerModels',
|
||||
parent=parent,
|
||||
pageSize=10000,
|
||||
filter=filter_)
|
||||
for model in models:
|
||||
row = {}
|
||||
for key, val in model.items():
|
||||
if key not in titles:
|
||||
titles.append(key)
|
||||
row[key] = val
|
||||
rows.append(row)
|
||||
display.write_csv_file(rows, titles, 'Printer Models', todrive)
|
||||
|
||||
|
||||
def update():
|
||||
'''gam update printer'''
|
||||
cdapi = gapi_directory.build()
|
||||
customer = _get_customerid()
|
||||
printer_id = sys.argv[3]
|
||||
name = f'{customer}/chrome/printers/{printer_id}'
|
||||
body = _get_printer_attributes(4, cdapi)
|
||||
update_mask = ','.join(body)
|
||||
# note clearMask seems unnecessary. Updating field to '' clears it.
|
||||
result = gapi.call(cdapi.customers().chrome().printers(),
|
||||
'patch',
|
||||
name=name,
|
||||
updateMask=update_mask,
|
||||
body=body)
|
||||
display.print_json(result)
|
||||
@@ -1,32 +0,0 @@
|
||||
from gam.var import GC_Values, GC_CUSTOMER_ID
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
|
||||
|
||||
def flatten_privilege_list(privs, parent=None):
|
||||
flat_privs = []
|
||||
for priv in privs:
|
||||
children = []
|
||||
if parent:
|
||||
priv['parent'] = parent
|
||||
if priv.get('childPrivileges'):
|
||||
children = flatten_privilege_list(priv['childPrivileges'],
|
||||
parent=priv['privilegeName'])
|
||||
priv['children'] = ' '.join(
|
||||
[child['privilegeName'] for child in children])
|
||||
del priv['childPrivileges']
|
||||
flat_privs = flat_privs + children
|
||||
flat_privs.append(priv)
|
||||
return flat_privs
|
||||
|
||||
|
||||
def print_(return_only=False):
|
||||
cd = gapi_directory.build()
|
||||
privs = gapi.call(cd.privileges(),
|
||||
'list',
|
||||
customer=GC_Values[GC_CUSTOMER_ID])
|
||||
privs = flatten_privilege_list(privs.get('items', []))
|
||||
if return_only:
|
||||
return privs
|
||||
display.print_json(privs)
|
||||
@@ -1,560 +0,0 @@
|
||||
import sys
|
||||
import uuid
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam import utils
|
||||
|
||||
|
||||
def printBuildings():
|
||||
to_drive = False
|
||||
cd = gapi_directory.build()
|
||||
titles = []
|
||||
csvRows = []
|
||||
fieldsList = ['buildingId']
|
||||
# buildings.list() currently doesn't support paging
|
||||
# but should soon, attempt to use it now so we
|
||||
# won't break when it's turned on.
|
||||
fields = 'nextPageToken,buildings(%s)'
|
||||
possible_fields = {}
|
||||
for pfield in cd._rootDesc['schemas']['Building']['properties']:
|
||||
possible_fields[pfield.lower()] = pfield
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'todrive':
|
||||
to_drive = True
|
||||
i += 1
|
||||
elif myarg == 'allfields':
|
||||
fields = None
|
||||
i += 1
|
||||
elif myarg in possible_fields:
|
||||
fieldsList.append(possible_fields[myarg])
|
||||
i += 1
|
||||
# Allows shorter arguments like "name" instead of "buildingname"
|
||||
elif 'building' + myarg in possible_fields:
|
||||
fieldsList.append(possible_fields['building' + myarg])
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print buildings')
|
||||
if fields:
|
||||
fields = fields % ','.join(fieldsList)
|
||||
buildings = gapi.get_all_pages(cd.resources().buildings(),
|
||||
'list',
|
||||
'buildings',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
fields=fields)
|
||||
for building in buildings:
|
||||
building.pop('etags', None)
|
||||
building.pop('etag', None)
|
||||
building.pop('kind', None)
|
||||
if 'buildingId' in building:
|
||||
building['buildingId'] = f'id:{building["buildingId"]}'
|
||||
if 'floorNames' in building:
|
||||
building['floorNames'] = ','.join(building['floorNames'])
|
||||
building = utils.flatten_json(building)
|
||||
for item in building:
|
||||
if item not in titles:
|
||||
titles.append(item)
|
||||
csvRows.append(building)
|
||||
display.sort_csv_titles('buildingId', titles)
|
||||
display.write_csv_file(csvRows, titles, 'Buildings', to_drive)
|
||||
|
||||
|
||||
def printResourceCalendars():
|
||||
cd = gapi_directory.build()
|
||||
todrive = False
|
||||
fieldsList = []
|
||||
fieldsTitles = {}
|
||||
titles = []
|
||||
csvRows = []
|
||||
query = None
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg == 'query':
|
||||
query = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'allfields':
|
||||
fieldsList = []
|
||||
fieldsTitles = {}
|
||||
titles = []
|
||||
for field in RESCAL_ALLFIELDS:
|
||||
display.add_field_to_csv_file(field,
|
||||
RESCAL_ARGUMENT_TO_PROPERTY_MAP,
|
||||
fieldsList, fieldsTitles, titles)
|
||||
i += 1
|
||||
elif myarg in RESCAL_ARGUMENT_TO_PROPERTY_MAP:
|
||||
display.add_field_to_csv_file(myarg,
|
||||
RESCAL_ARGUMENT_TO_PROPERTY_MAP,
|
||||
fieldsList, fieldsTitles, titles)
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print resources')
|
||||
if not fieldsList:
|
||||
for field in RESCAL_DFLTFIELDS:
|
||||
display.add_field_to_csv_file(field,
|
||||
RESCAL_ARGUMENT_TO_PROPERTY_MAP,
|
||||
fieldsList, fieldsTitles, titles)
|
||||
fields = f'nextPageToken,items({",".join(set(fieldsList))})'
|
||||
if 'buildingId' in fieldsList:
|
||||
display.add_field_to_csv_file('buildingName',
|
||||
{'buildingName': ['buildingName',]},
|
||||
fieldsList, fieldsTitles, titles)
|
||||
gam.printGettingAllItems('Resource Calendars', None)
|
||||
page_message = gapi.got_total_items_first_last_msg('Resource Calendars')
|
||||
resources = gapi.get_all_pages(cd.resources().calendars(),
|
||||
'list',
|
||||
'items',
|
||||
page_message=page_message,
|
||||
message_attribute='resourceId',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
query=query,
|
||||
fields=fields)
|
||||
for resource in resources:
|
||||
if 'featureInstances' in resource:
|
||||
features = [a_feature['feature']['name'] for \
|
||||
a_feature in resource['featureInstances']]
|
||||
resource['featureInstances'] = ','.join(features)
|
||||
if 'buildingId' in resource:
|
||||
resource['buildingName'] = getBuildingNameById(
|
||||
cd, resource['buildingId'])
|
||||
resource['buildingId'] = f'id:{resource["buildingId"]}'
|
||||
resUnit = {}
|
||||
for field in fieldsList:
|
||||
resUnit[fieldsTitles[field]] = resource.get(field, '')
|
||||
csvRows.append(resUnit)
|
||||
display.sort_csv_titles(['resourceId', 'resourceName', 'resourceEmail'],
|
||||
titles)
|
||||
display.write_csv_file(csvRows, titles, 'Resources', todrive)
|
||||
|
||||
|
||||
RESCAL_DFLTFIELDS = [
|
||||
'id',
|
||||
'name',
|
||||
'email',
|
||||
]
|
||||
RESCAL_ALLFIELDS = [
|
||||
'id',
|
||||
'name',
|
||||
'email',
|
||||
'description',
|
||||
'type',
|
||||
'buildingid',
|
||||
'category',
|
||||
'capacity',
|
||||
'features',
|
||||
'floor',
|
||||
'floorsection',
|
||||
'generatedresourcename',
|
||||
'uservisibledescription',
|
||||
]
|
||||
|
||||
RESCAL_ARGUMENT_TO_PROPERTY_MAP = {
|
||||
'description': ['resourceDescription'],
|
||||
'building': ['buildingId',],
|
||||
'buildingid': ['buildingId',],
|
||||
'capacity': ['capacity',],
|
||||
'category': ['resourceCategory',],
|
||||
'email': ['resourceEmail'],
|
||||
'feature': ['featureInstances',],
|
||||
'features': ['featureInstances',],
|
||||
'floor': ['floorName',],
|
||||
'floorname': ['floorName',],
|
||||
'floorsection': ['floorSection',],
|
||||
'generatedresourcename': ['generatedResourceName',],
|
||||
'id': ['resourceId'],
|
||||
'name': ['resourceName'],
|
||||
'type': ['resourceType'],
|
||||
'userdescription': ['userVisibleDescription',],
|
||||
'uservisibledescription': ['userVisibleDescription',],
|
||||
}
|
||||
|
||||
|
||||
def printFeatures():
|
||||
to_drive = False
|
||||
cd = gapi_directory.build()
|
||||
titles = ['name']
|
||||
csvRows = []
|
||||
fieldsList = ['name']
|
||||
fields = 'nextPageToken,features(%s)'
|
||||
possible_fields = {}
|
||||
for pfield in cd._rootDesc['schemas']['Feature']['properties']:
|
||||
possible_fields[pfield.lower()] = pfield
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'todrive':
|
||||
to_drive = True
|
||||
i += 1
|
||||
elif myarg == 'allfields':
|
||||
fields = None
|
||||
i += 1
|
||||
elif myarg in possible_fields:
|
||||
fieldsList.append(possible_fields[myarg])
|
||||
i += 1
|
||||
elif 'feature' + myarg in possible_fields:
|
||||
fieldsList.append(possible_fields['feature' + myarg])
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print features')
|
||||
if fields:
|
||||
fields = fields % ','.join(fieldsList)
|
||||
features = gapi.get_all_pages(cd.resources().features(),
|
||||
'list',
|
||||
'features',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
fields=fields)
|
||||
for feature in features:
|
||||
feature.pop('etags', None)
|
||||
feature.pop('etag', None)
|
||||
feature.pop('kind', None)
|
||||
feature = utils.flatten_json(feature)
|
||||
for item in feature:
|
||||
if item not in titles:
|
||||
titles.append(item)
|
||||
csvRows.append(feature)
|
||||
display.sort_csv_titles('name', titles)
|
||||
display.write_csv_file(csvRows, titles, 'Features', to_drive)
|
||||
|
||||
|
||||
BUILDING_ADDRESS_FIELD_MAP = {
|
||||
'address': 'addressLines',
|
||||
'addresslines': 'addressLines',
|
||||
'administrativearea': 'administrativeArea',
|
||||
'city': 'locality',
|
||||
'country': 'regionCode',
|
||||
'language': 'languageCode',
|
||||
'languagecode': 'languageCode',
|
||||
'locality': 'locality',
|
||||
'postalcode': 'postalCode',
|
||||
'regioncode': 'regionCode',
|
||||
'state': 'administrativeArea',
|
||||
'sublocality': 'sublocality',
|
||||
'zipcode': 'postalCode',
|
||||
}
|
||||
|
||||
def _getBuildingAttributes(args, body={}):
|
||||
i = 0
|
||||
while i < len(args):
|
||||
myarg = args[i].lower().replace('_', '')
|
||||
if myarg == 'id':
|
||||
body['buildingId'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'name':
|
||||
body['buildingName'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['lat', 'latitude']:
|
||||
if 'coordinates' not in body:
|
||||
body['coordinates'] = {}
|
||||
body['coordinates']['latitude'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['long', 'lng', 'longitude']:
|
||||
if 'coordinates' not in body:
|
||||
body['coordinates'] = {}
|
||||
body['coordinates']['longitude'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'description':
|
||||
body['description'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'floors':
|
||||
body['floorNames'] = args[i + 1].split(',')
|
||||
i += 2
|
||||
elif myarg in BUILDING_ADDRESS_FIELD_MAP:
|
||||
myarg = BUILDING_ADDRESS_FIELD_MAP[myarg]
|
||||
body.setdefault('address', {})
|
||||
if myarg == 'addressLines':
|
||||
body['address'][myarg] = args[i + 1].split('\n')
|
||||
elif myarg == 'languageCode':
|
||||
body['address'][myarg] = LANGUAGE_CODES_MAP.get(args[i + 1].lower(), args[i + 1])
|
||||
else:
|
||||
body['address'][myarg] = args[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg,
|
||||
'gam create|update building')
|
||||
return body
|
||||
|
||||
|
||||
def createBuilding():
|
||||
cd = gapi_directory.build()
|
||||
body = {
|
||||
'floorNames': ['1'],
|
||||
'buildingId': str(uuid.uuid4()),
|
||||
'buildingName': sys.argv[3]
|
||||
}
|
||||
body = _getBuildingAttributes(sys.argv[4:], body)
|
||||
print(f'Creating building {body["buildingId"]}...')
|
||||
gapi.call(cd.resources().buildings(),
|
||||
'insert',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body)
|
||||
|
||||
|
||||
def _makeBuildingIdNameMap(cd):
|
||||
fields = 'nextPageToken,buildings(buildingId,buildingName)'
|
||||
buildings = gapi.get_all_pages(cd.resources().buildings(),
|
||||
'list',
|
||||
'buildings',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
fields=fields)
|
||||
GM_Globals[GM_MAP_BUILDING_ID_TO_NAME] = {}
|
||||
GM_Globals[GM_MAP_BUILDING_NAME_TO_ID] = {}
|
||||
for building in buildings:
|
||||
GM_Globals[GM_MAP_BUILDING_ID_TO_NAME][
|
||||
building['buildingId']] = building['buildingName']
|
||||
GM_Globals[GM_MAP_BUILDING_NAME_TO_ID][
|
||||
building['buildingName']] = building['buildingId']
|
||||
|
||||
|
||||
def getBuildingByNameOrId(cd, which_building, minLen=1):
|
||||
if not which_building or \
|
||||
(minLen == 0 and which_building in ['id:', 'uid:']):
|
||||
if minLen == 0:
|
||||
return ''
|
||||
controlflow.system_error_exit(3, 'Building id/name is empty')
|
||||
cg = UID_PATTERN.match(which_building)
|
||||
if cg:
|
||||
return cg.group(1)
|
||||
if GM_Globals[GM_MAP_BUILDING_NAME_TO_ID] is None:
|
||||
_makeBuildingIdNameMap(cd)
|
||||
# Exact name match, return ID
|
||||
if which_building in GM_Globals[GM_MAP_BUILDING_NAME_TO_ID]:
|
||||
return GM_Globals[GM_MAP_BUILDING_NAME_TO_ID][which_building]
|
||||
# No exact name match, check for case insensitive name matches
|
||||
which_building_lower = which_building.lower()
|
||||
ci_matches = []
|
||||
for buildingName, buildingId in GM_Globals[
|
||||
GM_MAP_BUILDING_NAME_TO_ID].items():
|
||||
if buildingName.lower() == which_building_lower:
|
||||
ci_matches.append({
|
||||
'buildingName': buildingName,
|
||||
'buildingId': buildingId
|
||||
})
|
||||
# One match, return ID
|
||||
if len(ci_matches) == 1:
|
||||
return ci_matches[0]['buildingId']
|
||||
# No or multiple name matches, try ID
|
||||
# Exact ID match, return ID
|
||||
if which_building in GM_Globals[GM_MAP_BUILDING_ID_TO_NAME]:
|
||||
return which_building
|
||||
# No exact ID match, check for case insensitive id match
|
||||
for buildingId in GM_Globals[GM_MAP_BUILDING_ID_TO_NAME]:
|
||||
# Match, return ID
|
||||
if buildingId.lower() == which_building_lower:
|
||||
return buildingId
|
||||
# Multiple name matches
|
||||
if len(ci_matches) > 1:
|
||||
message = 'Multiple buildings with same name:\n'
|
||||
for building in ci_matches:
|
||||
message += f' Name:{building["buildingName"]} ' \
|
||||
f'id:{building["buildingId"]}\n'
|
||||
message += '\nPlease specify building name by exact case or by id.'
|
||||
controlflow.system_error_exit(3, message)
|
||||
# No matches
|
||||
else:
|
||||
controlflow.system_error_exit(3, f'No such building {which_building}')
|
||||
|
||||
|
||||
def getBuildingNameById(cd, buildingId):
|
||||
if GM_Globals[GM_MAP_BUILDING_ID_TO_NAME] is None:
|
||||
_makeBuildingIdNameMap(cd)
|
||||
return GM_Globals[GM_MAP_BUILDING_ID_TO_NAME].get(buildingId, 'UNKNOWN')
|
||||
|
||||
|
||||
def updateBuilding():
|
||||
cd = gapi_directory.build()
|
||||
buildingId = getBuildingByNameOrId(cd, sys.argv[3])
|
||||
body = _getBuildingAttributes(sys.argv[4:])
|
||||
print(f'Updating building {buildingId}...')
|
||||
gapi.call(cd.resources().buildings(),
|
||||
'patch',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
buildingId=buildingId,
|
||||
body=body)
|
||||
|
||||
|
||||
def getBuildingInfo():
|
||||
cd = gapi_directory.build()
|
||||
buildingId = getBuildingByNameOrId(cd, sys.argv[3])
|
||||
building = gapi.call(cd.resources().buildings(),
|
||||
'get',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
buildingId=buildingId)
|
||||
if 'buildingId' in building:
|
||||
building['buildingId'] = f'id:{building["buildingId"]}'
|
||||
if 'floorNames' in building:
|
||||
building['floorNames'] = ','.join(building['floorNames'])
|
||||
if 'buildingName' in building:
|
||||
sys.stdout.write(building.pop('buildingName'))
|
||||
display.print_json(building)
|
||||
|
||||
|
||||
def deleteBuilding():
|
||||
cd = gapi_directory.build()
|
||||
buildingId = getBuildingByNameOrId(cd, sys.argv[3])
|
||||
print(f'Deleting building {buildingId}...')
|
||||
gapi.call(cd.resources().buildings(),
|
||||
'delete',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
buildingId=buildingId)
|
||||
|
||||
|
||||
def _getFeatureAttributes(args, body={}):
|
||||
i = 0
|
||||
while i < len(args):
|
||||
myarg = args[i].lower().replace('_', '')
|
||||
if myarg == 'name':
|
||||
body['name'] = args[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(myarg,
|
||||
'gam create|update feature')
|
||||
return body
|
||||
|
||||
|
||||
def createFeature():
|
||||
cd = gapi_directory.build()
|
||||
body = _getFeatureAttributes(sys.argv[3:])
|
||||
print(f'Creating feature {body["name"]}...')
|
||||
gapi.call(cd.resources().features(),
|
||||
'insert',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body)
|
||||
|
||||
|
||||
def updateFeature():
|
||||
# update does not work for name and name is only field to be updated
|
||||
# if additional writable fields are added to feature in the future
|
||||
# we'll add support for update as well as rename
|
||||
cd = gapi_directory.build()
|
||||
oldName = sys.argv[3]
|
||||
body = {'newName': sys.argv[5:]}
|
||||
print(f'Updating feature {oldName}...')
|
||||
gapi.call(cd.resources().features(),
|
||||
'rename',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
oldName=oldName,
|
||||
body=body)
|
||||
|
||||
|
||||
def deleteFeature():
|
||||
cd = gapi_directory.build()
|
||||
featureKey = sys.argv[3]
|
||||
print(f'Deleting feature {featureKey}...')
|
||||
gapi.call(cd.resources().features(),
|
||||
'delete',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
featureKey=featureKey)
|
||||
|
||||
|
||||
def _getResourceCalendarAttributes(cd, args, body={}):
|
||||
i = 0
|
||||
while i < len(args):
|
||||
myarg = args[i].lower().replace('_', '')
|
||||
if myarg == 'name':
|
||||
body['resourceName'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'description':
|
||||
body['resourceDescription'] = args[i + 1].replace('\\n', '\n')
|
||||
i += 2
|
||||
elif myarg == 'type':
|
||||
body['resourceType'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['building', 'buildingid']:
|
||||
body['buildingId'] = getBuildingByNameOrId(cd,
|
||||
args[i + 1],
|
||||
minLen=0)
|
||||
i += 2
|
||||
elif myarg in ['capacity']:
|
||||
body['capacity'] = gam.getInteger(args[i + 1], myarg, minVal=0)
|
||||
i += 2
|
||||
elif myarg in ['feature', 'features']:
|
||||
features = args[i + 1].split(',')
|
||||
body['featureInstances'] = []
|
||||
for feature in features:
|
||||
instance = {'feature': {'name': feature}}
|
||||
body['featureInstances'].append(instance)
|
||||
i += 2
|
||||
elif myarg in ['floor', 'floorname']:
|
||||
body['floorName'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['floorsection']:
|
||||
body['floorSection'] = args[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['category']:
|
||||
body['resourceCategory'] = args[i + 1].upper()
|
||||
if body['resourceCategory'] == 'ROOM':
|
||||
body['resourceCategory'] = 'CONFERENCE_ROOM'
|
||||
i += 2
|
||||
elif myarg in ['uservisibledescription', 'userdescription']:
|
||||
body['userVisibleDescription'] = args[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(args[i],
|
||||
'gam create|update resource')
|
||||
return body
|
||||
|
||||
|
||||
def createResourceCalendar():
|
||||
cd = gapi_directory.build()
|
||||
body = {'resourceId': sys.argv[3], 'resourceName': sys.argv[4]}
|
||||
body = _getResourceCalendarAttributes(cd, sys.argv[5:], body)
|
||||
print(f'Creating resource {body["resourceId"]}...')
|
||||
gapi.call(cd.resources().calendars(),
|
||||
'insert',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body)
|
||||
|
||||
|
||||
def updateResourceCalendar():
|
||||
cd = gapi_directory.build()
|
||||
resId = sys.argv[3]
|
||||
body = _getResourceCalendarAttributes(cd, sys.argv[4:])
|
||||
# Use patch since it seems to work better.
|
||||
# update requires name to be set.
|
||||
gapi.call(cd.resources().calendars(),
|
||||
'patch',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
calendarResourceId=resId,
|
||||
body=body,
|
||||
fields='')
|
||||
print(f'updated resource {resId}')
|
||||
|
||||
|
||||
def getResourceCalendarInfo():
|
||||
cd = gapi_directory.build()
|
||||
resId = sys.argv[3]
|
||||
resource = gapi.call(cd.resources().calendars(),
|
||||
'get',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
calendarResourceId=resId)
|
||||
if 'featureInstances' in resource:
|
||||
features = []
|
||||
for a_feature in resource.pop('featureInstances'):
|
||||
features.append(a_feature['feature']['name'])
|
||||
resource['features'] = ', '.join(features)
|
||||
if 'buildingId' in resource:
|
||||
resource['buildingName'] = getBuildingNameById(cd,
|
||||
resource['buildingId'])
|
||||
resource['buildingId'] = f'id:{resource["buildingId"]}'
|
||||
display.print_json(resource)
|
||||
|
||||
|
||||
def deleteResourceCalendar():
|
||||
resId = sys.argv[3]
|
||||
cd = gapi_directory.build()
|
||||
print(f'Deleting resource calendar {resId}')
|
||||
gapi.call(cd.resources().calendars(),
|
||||
'delete',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
calendarResourceId=resId)
|
||||
@@ -1,127 +0,0 @@
|
||||
import sys
|
||||
|
||||
from gam.var import GC_Values, GC_CUSTOMER_ID
|
||||
import gam
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
from gam.gapi.directory import roles as gapi_directory_roles
|
||||
|
||||
|
||||
SECURITY_GROUP_CONDITION = "api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'"
|
||||
NONSECURITY_GROUP_CONDITION = f'!{SECURITY_GROUP_CONDITION}'
|
||||
|
||||
def create():
|
||||
cd = gapi_directory.build()
|
||||
user = gam.normalizeEmailAddressOrUID(sys.argv[3])
|
||||
body = {'assignedTo': gam.convertEmailAddressToUID(user, cd)}
|
||||
role = sys.argv[4]
|
||||
body['roleId'] = gapi_directory_roles.getRoleId(role)
|
||||
body['scopeType'] = sys.argv[5].upper()
|
||||
i = 6
|
||||
if body['scopeType'] not in ['CUSTOMER', 'ORG_UNIT']:
|
||||
controlflow.expected_argument_exit('scope type',
|
||||
', '.join(['customer', 'org_unit']),
|
||||
body['scopeType'])
|
||||
if body['scopeType'] == 'ORG_UNIT':
|
||||
orgUnit, orgUnitId = gapi_directory_orgunits.getOrgUnitId(
|
||||
sys.argv[i], cd)
|
||||
body['orgUnitId'] = orgUnitId[3:]
|
||||
scope = f'ORG_UNIT {orgUnit}'
|
||||
i = 7
|
||||
else:
|
||||
scope = 'CUSTOMER'
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'condition':
|
||||
cd = gapi_directory.build_beta()
|
||||
body['condition'] = sys.argv[i+1]
|
||||
if body['condition'] == 'securitygroup':
|
||||
body['condition'] = SECURITY_GROUP_CONDITION
|
||||
elif body['condition'] == 'nonsecuritygroup':
|
||||
body['condition'] = NONSECURITY_GROUP_CONDITION
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam create admin')
|
||||
print(f'Giving {user} admin role {role} for {scope}')
|
||||
gapi.call(cd.roleAssignments(),
|
||||
'insert',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body)
|
||||
|
||||
|
||||
def delete():
|
||||
cd = gapi_directory.build()
|
||||
roleAssignmentId = sys.argv[3]
|
||||
print(f'Deleting Admin Role Assignment {roleAssignmentId}')
|
||||
gapi.call(cd.roleAssignments(),
|
||||
'delete',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
roleAssignmentId=roleAssignmentId)
|
||||
|
||||
|
||||
def print_():
|
||||
cd = gapi_directory.build()
|
||||
roleId = None
|
||||
todrive = False
|
||||
kwargs = {}
|
||||
item_fields = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId']
|
||||
titles = [
|
||||
'roleAssignmentId', 'roleId', 'role', 'assignedTo', 'assignedToUser',
|
||||
'scopeType', 'orgUnitId', 'orgUnit'
|
||||
]
|
||||
csvRows = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'user':
|
||||
kwargs['userKey'] = gam.normalizeEmailAddressOrUID(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'role':
|
||||
roleId = gapi_directory_roles.getRoleId(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'condition':
|
||||
cd = gapi_directory.build_beta()
|
||||
item_fields.append('condition')
|
||||
i += 1
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam print admins')
|
||||
fields = f'nextPageToken,items({",".join(item_fields)})'
|
||||
if roleId and not kwargs:
|
||||
kwargs['roleId'] = roleId
|
||||
roleId = None
|
||||
admins = gapi.get_all_pages(cd.roleAssignments(),
|
||||
'list',
|
||||
'items',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
fields=fields,
|
||||
**kwargs)
|
||||
for admin in admins:
|
||||
if roleId and roleId != admin['roleId']:
|
||||
continue
|
||||
admin_attrib = {}
|
||||
for key, value in list(admin.items()):
|
||||
if key == 'assignedTo':
|
||||
admin_attrib['assignedToUser'] = gam.user_from_userid(value)
|
||||
elif key == 'roleId':
|
||||
admin_attrib['role'] = gapi_directory_roles.role_from_roleid(value)
|
||||
elif key == 'orgUnitId':
|
||||
value = f'id:{value}'
|
||||
admin_attrib[
|
||||
'orgUnit'] = gapi_directory_orgunits.orgunit_from_orgunitid(
|
||||
value, cd)
|
||||
elif key == 'condition':
|
||||
if value == SECURITY_GROUP_CONDITION:
|
||||
value = 'securitygroup'
|
||||
elif value == NONSECURITY_GROUP_CONDITION:
|
||||
value = 'nonsecuritygroup'
|
||||
if key not in titles:
|
||||
titles.append(key)
|
||||
admin_attrib[key] = value
|
||||
csvRows.append(admin_attrib)
|
||||
display.write_csv_file(csvRows, titles, 'Admins', todrive)
|
||||
@@ -1,185 +0,0 @@
|
||||
import sys
|
||||
|
||||
from gam.var import (
|
||||
GC_Values,
|
||||
GC_CUSTOMER_ID,
|
||||
GM_Globals,
|
||||
GM_MAP_ROLE_ID_TO_NAME,
|
||||
GM_MAP_ROLE_NAME_TO_ID,
|
||||
UID_PATTERN
|
||||
)
|
||||
import gam
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi.directory import privileges as gapi_directory_privileges
|
||||
|
||||
|
||||
def buildRoleIdToNameToIdMap(cd=None):
|
||||
if not cd:
|
||||
cd = gapi_directory.build()
|
||||
result = gapi.get_all_pages(cd.roles(),
|
||||
'list',
|
||||
'items',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
fields='nextPageToken,items(roleId,roleName)')
|
||||
GM_Globals[GM_MAP_ROLE_ID_TO_NAME] = {}
|
||||
GM_Globals[GM_MAP_ROLE_NAME_TO_ID] = {}
|
||||
for role in result:
|
||||
GM_Globals[GM_MAP_ROLE_ID_TO_NAME][role['roleId']] = role['roleName']
|
||||
GM_Globals[GM_MAP_ROLE_NAME_TO_ID][role['roleName']] = role['roleId']
|
||||
|
||||
|
||||
def role_from_roleid(roleid):
|
||||
if not GM_Globals[GM_MAP_ROLE_ID_TO_NAME]:
|
||||
buildRoleIdToNameToIdMap()
|
||||
return GM_Globals[GM_MAP_ROLE_ID_TO_NAME].get(roleid, roleid)
|
||||
|
||||
|
||||
def roleid_from_role(role):
|
||||
if not GM_Globals[GM_MAP_ROLE_NAME_TO_ID]:
|
||||
buildRoleIdToNameToIdMap()
|
||||
return GM_Globals[GM_MAP_ROLE_NAME_TO_ID].get(role, None)
|
||||
|
||||
|
||||
def getRoleId(role):
|
||||
cg = UID_PATTERN.match(role)
|
||||
if cg:
|
||||
roleId = cg.group(1)
|
||||
else:
|
||||
roleId = roleid_from_role(role)
|
||||
if not roleId:
|
||||
controlflow.system_error_exit(
|
||||
4,
|
||||
f'{role} is not a valid role. Please ensure role name is exactly as shown in admin console.'
|
||||
)
|
||||
return roleId
|
||||
|
||||
|
||||
def getPrivileges(body, privs, action):
|
||||
def expandChildPrivileges(privilege):
|
||||
for childPrivilege in privilege.get('childPrivileges', []):
|
||||
childPrivileges[childPrivilege['privilegeName']] = childPrivilege['serviceId']
|
||||
expandChildPrivileges(childPrivilege)
|
||||
|
||||
allPrivileges = {}
|
||||
ouPrivileges = {}
|
||||
childPrivileges = {}
|
||||
for privilege in gapi_directory_privileges.print_(return_only=True):
|
||||
allPrivileges[privilege['privilegeName']] = privilege['serviceId']
|
||||
if privilege['isOuScopable']:
|
||||
ouPrivileges[privilege['privilegeName']] = privilege['serviceId']
|
||||
expandChildPrivileges(privilege)
|
||||
if privs == 'ALL':
|
||||
body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in allPrivileges.items()]
|
||||
elif privs == 'ALL_OU':
|
||||
body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in ouPrivileges.items()]
|
||||
else:
|
||||
body.setdefault('rolePrivileges', [])
|
||||
for priv in privs.split(','):
|
||||
if priv in allPrivileges:
|
||||
body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': allPrivileges[priv]})
|
||||
elif priv in ouPrivileges:
|
||||
body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': ouPrivileges[priv]})
|
||||
elif priv in childPrivileges:
|
||||
body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': childPrivileges[priv]})
|
||||
else:
|
||||
controlflow.invalid_argument_exit(priv,
|
||||
f'gam {action} adminrole privileges')
|
||||
|
||||
|
||||
def create():
|
||||
cd = gapi_directory.build()
|
||||
body = {'roleName': sys.argv[3]}
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'privileges':
|
||||
getPrivileges(body, sys.argv[i + 1].upper(), 'create')
|
||||
i += 2
|
||||
elif myarg == 'description':
|
||||
body['roleDescription'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam create adminrole')
|
||||
|
||||
if not body.get('rolePrivileges'):
|
||||
controlflow.missing_argument_exit('privileges',
|
||||
'gam create adminrole')
|
||||
print(f'Creating role {body["roleName"]}')
|
||||
gapi.call(cd.roles(),
|
||||
'insert',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
body=body)
|
||||
|
||||
|
||||
def update():
|
||||
cd = gapi_directory.build()
|
||||
body = {}
|
||||
roleId = gam.getRoleId(sys.argv[3])
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'privileges':
|
||||
getPrivileges(body, sys.argv[i + 1].upper(), 'update')
|
||||
i += 2
|
||||
elif myarg == 'description':
|
||||
body['roleDescription'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'name':
|
||||
body['roleName'] = sys.argv[i + 1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam update adminrole')
|
||||
|
||||
print(f'Updating role {roleId}')
|
||||
gapi.call(cd.roles(),
|
||||
'patch',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
roleId=roleId,
|
||||
body=body)
|
||||
|
||||
|
||||
def delete():
|
||||
cd = gapi_directory.build()
|
||||
roleId = gam.getRoleId(sys.argv[3])
|
||||
print(f'Deleting role {roleId}')
|
||||
gapi.call(cd.roles(),
|
||||
'delete',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
roleId=roleId)
|
||||
|
||||
|
||||
def print_():
|
||||
cd = gapi_directory.build()
|
||||
todrive = False
|
||||
titles = [
|
||||
'roleId', 'roleName', 'roleDescription', 'isSuperAdminRole',
|
||||
'isSystemRole'
|
||||
]
|
||||
fields = f'nextPageToken,items({",".join(titles)})'
|
||||
csvRows = []
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print adminroles')
|
||||
roles = gapi.get_all_pages(cd.roles(),
|
||||
'list',
|
||||
'items',
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
fields=fields)
|
||||
for role in roles:
|
||||
role_attrib = {}
|
||||
for key, value in list(role.items()):
|
||||
role_attrib[key] = value
|
||||
csvRows.append(role_attrib)
|
||||
display.write_csv_file(csvRows, titles, 'Admin Roles', todrive)
|
||||
|
||||
@@ -1,89 +0,0 @@
|
||||
import sys
|
||||
from time import sleep
|
||||
|
||||
import gam
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi import errors as gapi_errors
|
||||
|
||||
|
||||
def delete():
|
||||
cd = gapi_directory.build()
|
||||
user_email = gam.normalizeEmailAddressOrUID(sys.argv[3])
|
||||
print(f'Deleting account for {user_email}')
|
||||
try:
|
||||
gapi.call(cd.users(),
|
||||
'delete',
|
||||
userKey=user_email,
|
||||
throw_reasons=[gapi_errors.ErrorReason.CONDITION_NOT_MET])
|
||||
except gam.gapi.errors.GapiConditionNotMetError as err:
|
||||
controlflow.system_error_exit(3,
|
||||
f'{err} The user {user_email} may be (or have recently been) on Google Vault Hold and thus not eligible for deletion. You can check holds with "gam user <email> show vaultholds".'
|
||||
)
|
||||
|
||||
|
||||
def get_primary(email):
|
||||
'''returns primary email of user or empty if email is not a user primary or
|
||||
alias address.'''
|
||||
cd = gapi_directory.build()
|
||||
result = gapi.call(cd.users(), 'get', userKey=email,
|
||||
projection='basic', fields='primaryEmail',
|
||||
soft_errors=True)
|
||||
if not result:
|
||||
return ''
|
||||
return result.get('primaryEmail', '').lower()
|
||||
|
||||
|
||||
def signout(users):
|
||||
cd = gapi_directory.build()
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
user = gam.normalizeEmailAddressOrUID(user)
|
||||
print(f'Signing Out {user}{gam.currentCount(i, count)}')
|
||||
gapi.call(cd.users(),
|
||||
'signOut',
|
||||
soft_errors=True,
|
||||
userKey=user)
|
||||
|
||||
|
||||
def turn_off_2sv(users):
|
||||
cd = gapi_directory.build()
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
user = gam.normalizeEmailAddressOrUID(user)
|
||||
print(f'Turning Off 2-Step Verification for {user}{gam.currentCount(i, count)}')
|
||||
gapi.call(cd.twoStepVerification(),
|
||||
'turnOff',
|
||||
soft_errors=True,
|
||||
userKey=user)
|
||||
|
||||
def wait_for_mailbox(users):
|
||||
'''Wait until users mailbox is provisioned.'''
|
||||
cd = gapi_directory.build()
|
||||
i = 0
|
||||
count = len(users)
|
||||
for user in users:
|
||||
i += 1
|
||||
user = gam.normalizeEmailAddressOrUID(user)
|
||||
while True:
|
||||
try:
|
||||
result = gapi.call(cd.users(),
|
||||
'get',
|
||||
'fields=isMailboxSetup',
|
||||
userKey=user,
|
||||
throw_reasons=[gapi_errors.ErrorReason.USER_NOT_FOUND])
|
||||
except gapi_errors.GapiUserNotFoundError:
|
||||
print(f'{user} mailboxIsSetup: False (user does not exist yet)')
|
||||
sleep(3)
|
||||
continue
|
||||
mailbox_is_setup = result.get('isMailboxSetup')
|
||||
print(f'{user} mailboxIsSetup: {mailbox_is_setup}')
|
||||
if mailbox_is_setup:
|
||||
break
|
||||
sleep(3)
|
||||
@@ -1,8 +0,0 @@
|
||||
import gam
|
||||
|
||||
|
||||
def build(user=None):
|
||||
if not user:
|
||||
user = gam._get_admin_email()
|
||||
userEmail = gam.convertUIDtoEmailAddress(user)
|
||||
return (userEmail, gam.buildGAPIServiceObject('drive3', userEmail))
|
||||
@@ -1,26 +0,0 @@
|
||||
"""Methods related to Drive API Shared Drives"""
|
||||
import sys
|
||||
|
||||
|
||||
import gam
|
||||
from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER, SORTORDER_CHOICES_MAP
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi import drive as gapi_drive
|
||||
|
||||
def drive_name_to_id(name, drive=None):
|
||||
if not drive:
|
||||
_, drive = gapi_drive.build()
|
||||
q = f"name = '{name}'"
|
||||
sds = gapi.get_all_pages(drive.drives(),
|
||||
'list',
|
||||
'drives',
|
||||
q=q,
|
||||
useDomainAdminAccess=True)
|
||||
if len(sds) == 0:
|
||||
controlflow.system_error_exit(3, f'Could not find shared drive named "{name}"')
|
||||
elif len(sds) > 1:
|
||||
controlflow.system_error_exit(3, f'Got more than one shared drive named "{name}"')
|
||||
return sds[0]['id']
|
||||
@@ -1,396 +0,0 @@
|
||||
"""GAPI and OAuth Token related errors methods."""
|
||||
|
||||
import json
|
||||
from enum import Enum
|
||||
|
||||
from gam import controlflow, display
|
||||
from gam.var import UTF8
|
||||
|
||||
|
||||
class GapiAbortedError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiAuthErrorError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiBadGatewayError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiBadRequestError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiConditionNotMetError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiCyclicMembershipsNotAllowedError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiDomainCannotUseApisError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiDomainNotFoundError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiDuplicateError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiFailedPreconditionError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiForbiddenError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiGatewayTimeoutError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiGroupNotFoundError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiInternalServerError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiInvalidError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiInvalidArgumentError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiInvalidMemberError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiMemberNotFoundError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiNotFoundError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiNotImplementedError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiPermissionDeniedError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiResourceNotFoundError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiServiceNotAvailableError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class GapiUserNotFoundError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
# GAPI Error Reasons
|
||||
class ErrorReason(Enum):
|
||||
"""The reason why a non-200 HTTP response was returned from a GAPI."""
|
||||
ABORTED = 'aborted'
|
||||
AUTH_ERROR = 'authError'
|
||||
BACKEND_ERROR = 'backendError'
|
||||
BAD_GATEWAY = 'badGateway'
|
||||
BAD_REQUEST = 'badRequest'
|
||||
CONDITION_NOT_MET = 'conditionNotMet'
|
||||
CYCLIC_MEMBERSHIPS_NOT_ALLOWED = 'cyclicMembershipsNotAllowed'
|
||||
DAILY_LIMIT_EXCEEDED = 'dailyLimitExceeded'
|
||||
DOMAIN_CANNOT_USE_APIS = 'domainCannotUseApis'
|
||||
DOMAIN_NOT_FOUND = 'domainNotFound'
|
||||
DUPLICATE = 'duplicate'
|
||||
FAILED_PRECONDITION = 'failedPrecondition'
|
||||
FORBIDDEN = 'forbidden'
|
||||
FIVE_O_THREE = '503'
|
||||
FIVE_O_O = '500'
|
||||
FOUR_O_NINE = '409'
|
||||
FOUR_O_O = '400'
|
||||
FOUR_O_FOUR = '404'
|
||||
FOUR_O_THREE = '403'
|
||||
FOUR_TWO_NINE = '429'
|
||||
GATEWAY_TIMEOUT = 'gatewayTimeout'
|
||||
GROUP_NOT_FOUND = 'groupNotFound'
|
||||
INTERNAL_ERROR = 'internalError'
|
||||
INTERNAL_SERVER_ERROR = 'internalServerError'
|
||||
INVALID = 'invalid'
|
||||
INVALID_ARGUMENT = 'invalidArgument'
|
||||
INVALID_MEMBER = 'invalidMember'
|
||||
MEMBER_NOT_FOUND = 'memberNotFound'
|
||||
NOT_FOUND = 'notFound'
|
||||
NOT_IMPLEMENTED = 'notImplemented'
|
||||
PERMISSION_DENIED = 'permissionDenied'
|
||||
QUOTA_EXCEEDED = 'quotaExceeded'
|
||||
RATE_LIMIT_EXCEEDED = 'rateLimitExceeded'
|
||||
RESOURCE_NOT_FOUND = 'resourceNotFound'
|
||||
SERVICE_NOT_AVAILABLE = 'serviceNotAvailable'
|
||||
SERVICE_LIMIT = 'serviceLimit'
|
||||
SYSTEM_ERROR = 'systemError'
|
||||
USER_NOT_FOUND = 'userNotFound'
|
||||
USER_RATE_LIMIT_EXCEEDED = 'userRateLimitExceeded'
|
||||
|
||||
def __str__(self):
|
||||
return str(self.value)
|
||||
|
||||
|
||||
# Common sets of GAPI error reasons
|
||||
DEFAULT_RETRY_REASONS = [
|
||||
ErrorReason.QUOTA_EXCEEDED,
|
||||
ErrorReason.RATE_LIMIT_EXCEEDED,
|
||||
ErrorReason.USER_RATE_LIMIT_EXCEEDED,
|
||||
ErrorReason.BACKEND_ERROR,
|
||||
ErrorReason.BAD_GATEWAY,
|
||||
ErrorReason.GATEWAY_TIMEOUT,
|
||||
ErrorReason.INTERNAL_ERROR,
|
||||
ErrorReason.FOUR_TWO_NINE,
|
||||
ErrorReason.FIVE_O_O,
|
||||
ErrorReason.FIVE_O_THREE,
|
||||
]
|
||||
GMAIL_THROW_REASONS = [ErrorReason.SERVICE_NOT_AVAILABLE]
|
||||
GROUP_GET_THROW_REASONS = [
|
||||
ErrorReason.GROUP_NOT_FOUND, ErrorReason.DOMAIN_NOT_FOUND,
|
||||
ErrorReason.DOMAIN_CANNOT_USE_APIS, ErrorReason.FORBIDDEN,
|
||||
ErrorReason.BAD_REQUEST
|
||||
]
|
||||
GROUP_GET_RETRY_REASONS = [ErrorReason.INVALID, ErrorReason.SYSTEM_ERROR]
|
||||
MEMBERS_THROW_REASONS = [
|
||||
ErrorReason.GROUP_NOT_FOUND, ErrorReason.DOMAIN_NOT_FOUND,
|
||||
ErrorReason.DOMAIN_CANNOT_USE_APIS, ErrorReason.INVALID,
|
||||
ErrorReason.FORBIDDEN
|
||||
]
|
||||
MEMBERS_RETRY_REASONS = [ErrorReason.SYSTEM_ERROR]
|
||||
|
||||
# A map of GAPI error reasons to the corresponding GAM Python Exception
|
||||
ERROR_REASON_TO_EXCEPTION = {
|
||||
ErrorReason.ABORTED:
|
||||
GapiAbortedError,
|
||||
ErrorReason.AUTH_ERROR:
|
||||
GapiAuthErrorError,
|
||||
ErrorReason.BAD_GATEWAY:
|
||||
GapiBadGatewayError,
|
||||
ErrorReason.BAD_REQUEST:
|
||||
GapiBadRequestError,
|
||||
ErrorReason.CONDITION_NOT_MET:
|
||||
GapiConditionNotMetError,
|
||||
ErrorReason.CYCLIC_MEMBERSHIPS_NOT_ALLOWED:
|
||||
GapiCyclicMembershipsNotAllowedError,
|
||||
ErrorReason.DOMAIN_CANNOT_USE_APIS:
|
||||
GapiDomainCannotUseApisError,
|
||||
ErrorReason.DOMAIN_NOT_FOUND:
|
||||
GapiDomainNotFoundError,
|
||||
ErrorReason.DUPLICATE:
|
||||
GapiDuplicateError,
|
||||
ErrorReason.FAILED_PRECONDITION:
|
||||
GapiFailedPreconditionError,
|
||||
ErrorReason.FORBIDDEN:
|
||||
GapiForbiddenError,
|
||||
ErrorReason.GATEWAY_TIMEOUT:
|
||||
GapiGatewayTimeoutError,
|
||||
ErrorReason.GROUP_NOT_FOUND:
|
||||
GapiGroupNotFoundError,
|
||||
ErrorReason.INTERNAL_SERVER_ERROR:
|
||||
GapiInternalServerError,
|
||||
ErrorReason.INVALID:
|
||||
GapiInvalidError,
|
||||
ErrorReason.INVALID_ARGUMENT:
|
||||
GapiInvalidArgumentError,
|
||||
ErrorReason.INVALID_MEMBER:
|
||||
GapiInvalidMemberError,
|
||||
ErrorReason.MEMBER_NOT_FOUND:
|
||||
GapiMemberNotFoundError,
|
||||
ErrorReason.NOT_FOUND:
|
||||
GapiNotFoundError,
|
||||
ErrorReason.NOT_IMPLEMENTED:
|
||||
GapiNotImplementedError,
|
||||
ErrorReason.PERMISSION_DENIED:
|
||||
GapiPermissionDeniedError,
|
||||
ErrorReason.RESOURCE_NOT_FOUND:
|
||||
GapiResourceNotFoundError,
|
||||
ErrorReason.SERVICE_NOT_AVAILABLE:
|
||||
GapiServiceNotAvailableError,
|
||||
ErrorReason.USER_NOT_FOUND:
|
||||
GapiUserNotFoundError,
|
||||
}
|
||||
|
||||
# OAuth Token Errors
|
||||
OAUTH2_TOKEN_ERRORS = [
|
||||
'access_denied',
|
||||
'access_denied: Requested client not authorized',
|
||||
'access_denied: Account restricted',
|
||||
'internal_failure: Backend Error',
|
||||
'internal_failure: None',
|
||||
'invalid_grant',
|
||||
'invalid_grant: Bad Request',
|
||||
'invalid_grant: Invalid email or User ID',
|
||||
'invalid_grant: Not a valid email',
|
||||
'invalid_grant: Invalid JWT: No valid verifier found for issuer',
|
||||
'invalid_grant: The account has been deleted',
|
||||
'invalid_grant: reauth related error (invalid_rapt)',
|
||||
'invalid_request: Invalid impersonation prn email address',
|
||||
'invalid_request: Invalid impersonation "sub" field',
|
||||
'unauthorized_client: Client is unauthorized to retrieve access tokens '
|
||||
'using this method',
|
||||
'unauthorized_client: Client is unauthorized to retrieve access tokens '
|
||||
'using this method, or client not authorized for any of the scopes '
|
||||
'requested',
|
||||
'unauthorized_client: Unauthorized client or scope in request',
|
||||
]
|
||||
|
||||
|
||||
def _create_http_error_dict(status_code, reason, message):
|
||||
"""Creates a basic error dict similar to most Google API Errors.
|
||||
|
||||
Args:
|
||||
status_code: Int, the error's HTTP response status code.
|
||||
reason: String, a camelCase reason for the HttpError being given.
|
||||
message: String, a general error message describing the error that occurred.
|
||||
|
||||
Returns:
|
||||
dict
|
||||
"""
|
||||
return {
|
||||
'error': {
|
||||
'code': status_code,
|
||||
'errors': [{
|
||||
'reason': str(reason),
|
||||
'message': message,
|
||||
}]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
def get_gapi_error_detail(e,
|
||||
soft_errors=False,
|
||||
silent_errors=False,
|
||||
retry_on_http_error=False):
|
||||
"""Extracts error detail from a non-200 GAPI Response.
|
||||
|
||||
Args:
|
||||
e: googleapiclient.HttpError, The HTTP Error received.
|
||||
soft_errors: Boolean, If true, causes error messages to be suppressed,
|
||||
rather than sending them to stderr.
|
||||
silent_errors: Boolean, If true, suppresses and ignores any errors from
|
||||
being displayed
|
||||
retry_on_http_error: Boolean, If true, will return -1 as the HTTP Response
|
||||
code, indicating that the request can be retried. TODO: Remove this param,
|
||||
as it seems to be outside the scope of this method.
|
||||
|
||||
Returns:
|
||||
A tuple containing the HTTP Response code, GAPI error reason, and error
|
||||
message.
|
||||
"""
|
||||
try:
|
||||
error = json.loads(e.content.decode(UTF8))
|
||||
except ValueError:
|
||||
error_content = e.content.decode(UTF8) if isinstance(
|
||||
e.content, bytes) else e.content
|
||||
if (e.resp['status'] == '503') and (
|
||||
error_content == 'Quota exceeded for the current request'):
|
||||
return (e.resp['status'], ErrorReason.QUOTA_EXCEEDED.value,
|
||||
error_content)
|
||||
if (e.resp['status'] == '403') and (error_content.startswith(
|
||||
'Request rate higher than configured')):
|
||||
return (e.resp['status'], ErrorReason.QUOTA_EXCEEDED.value,
|
||||
error_content)
|
||||
if (e.resp['status'] == '502') and ('Bad Gateway' in error_content):
|
||||
return (e.resp['status'], ErrorReason.BAD_GATEWAY.value,
|
||||
error_content)
|
||||
if (e.resp['status'] == '504') and ('Gateway Timeout' in error_content):
|
||||
return (e.resp['status'], ErrorReason.GATEWAY_TIMEOUT.value,
|
||||
error_content)
|
||||
if (e.resp['status'] == '403') and ('Invalid domain.' in error_content):
|
||||
error = _create_http_error_dict(403, ErrorReason.NOT_FOUND.value,
|
||||
'Domain not found')
|
||||
elif (e.resp['status'] == '400') and (
|
||||
'InvalidSsoSigningKey' in error_content):
|
||||
error = _create_http_error_dict(400, ErrorReason.INVALID.value,
|
||||
'InvalidSsoSigningKey')
|
||||
elif (e.resp['status'] == '400') and ('UnknownError' in error_content):
|
||||
error = _create_http_error_dict(400, ErrorReason.INVALID.value,
|
||||
'UnknownError')
|
||||
elif retry_on_http_error:
|
||||
return (-1, None, None)
|
||||
elif soft_errors:
|
||||
if not silent_errors:
|
||||
display.print_error(error_content)
|
||||
return (0, None, None)
|
||||
else:
|
||||
controlflow.system_error_exit(5, error_content)
|
||||
# END: ValueError catch
|
||||
|
||||
if 'error' in error:
|
||||
http_status = error['error']['code']
|
||||
try:
|
||||
message = error['error']['errors'][0]['message']
|
||||
except KeyError:
|
||||
message = error['error']['message']
|
||||
if http_status == 404:
|
||||
if 'Requested entity was not found' in message or 'does not exist' in message:
|
||||
error = _create_http_error_dict(404, ErrorReason.NOT_FOUND.value,
|
||||
message)
|
||||
elif http_status == 500:
|
||||
if 'Failed to convert server response to JSON' in message:
|
||||
error = _create_http_error_dict(500, ErrorReason.INTERNAL_SERVER_ERROR.value,
|
||||
message)
|
||||
else:
|
||||
if 'error_description' in error:
|
||||
if error['error_description'] == 'Invalid Value':
|
||||
message = error['error_description']
|
||||
http_status = 400
|
||||
error = _create_http_error_dict(400, ErrorReason.INVALID.value,
|
||||
message)
|
||||
else:
|
||||
controlflow.system_error_exit(4, str(error))
|
||||
else:
|
||||
controlflow.system_error_exit(4, str(error))
|
||||
|
||||
# Extract the error reason
|
||||
try:
|
||||
reason = error['error']['errors'][0]['reason']
|
||||
if reason == 'notFound':
|
||||
if 'userKey' in message:
|
||||
reason = ErrorReason.USER_NOT_FOUND.value
|
||||
elif 'groupKey' in message:
|
||||
reason = ErrorReason.GROUP_NOT_FOUND.value
|
||||
elif 'memberKey' in message:
|
||||
reason = ErrorReason.MEMBER_NOT_FOUND.value
|
||||
elif 'Domain not found' in message:
|
||||
reason = ErrorReason.DOMAIN_NOT_FOUND.value
|
||||
elif 'Resource Not Found' in message:
|
||||
reason = ErrorReason.RESOURCE_NOT_FOUND.value
|
||||
elif reason == 'invalid':
|
||||
if 'userId' in message:
|
||||
reason = ErrorReason.USER_NOT_FOUND.value
|
||||
elif 'memberKey' in message:
|
||||
reason = ErrorReason.INVALID_MEMBER.value
|
||||
elif reason == 'failedPrecondition':
|
||||
if 'Bad Request' in message:
|
||||
reason = ErrorReason.BAD_REQUEST.value
|
||||
elif 'Mail service not enabled' in message:
|
||||
reason = ErrorReason.SERVICE_NOT_AVAILABLE.value
|
||||
elif reason == 'required':
|
||||
if 'memberKey' in message:
|
||||
reason = ErrorReason.MEMBER_NOT_FOUND.value
|
||||
elif reason == 'conditionNotMet':
|
||||
if 'Cyclic memberships not allowed' in message:
|
||||
reason = ErrorReason.CYCLIC_MEMBERSHIPS_NOT_ALLOWED.value
|
||||
except KeyError:
|
||||
reason = f'{http_status}'
|
||||
return (http_status, reason, message)
|
||||
@@ -1,212 +0,0 @@
|
||||
"""Python unit tests for gapi.errors"""
|
||||
|
||||
import json
|
||||
|
||||
import unittest
|
||||
from unittest.mock import patch
|
||||
|
||||
import googleapiclient.errors
|
||||
from gam.gapi import errors
|
||||
import httplib2
|
||||
|
||||
|
||||
def create_simple_http_error(status, reason, message):
|
||||
content = errors._create_http_error_dict(status, reason, message)
|
||||
return create_http_error(status, content)
|
||||
|
||||
|
||||
def create_http_error(status, content):
|
||||
response = httplib2.Response({
|
||||
'status': status,
|
||||
'content-type': 'application/json',
|
||||
})
|
||||
content_as_bytes = json.dumps(content).encode('UTF-8')
|
||||
return googleapiclient.errors.HttpError(response, content_as_bytes)
|
||||
|
||||
|
||||
class ErrorsTest(unittest.TestCase):
|
||||
|
||||
def test_get_gapi_error_detail_quota_exceeded(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_detail_invalid_domain(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_detail_invalid_signing_key(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_detail_unknown_error(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_retry_http_error(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_prints_soft_errors(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_exits_on_unrecoverable_errors(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_quota_exceeded_for_current_request(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_quota_exceeded_high_request_rate(self):
|
||||
# TODO: Add test logic once the opening ValueError exception case has a
|
||||
# repro case (i.e. an Exception type/format that will cause it to raise).
|
||||
pass
|
||||
|
||||
def test_get_gapi_error_extracts_user_not_found(self):
|
||||
err = create_simple_http_error(404, 'notFound',
|
||||
'Resource Not Found: userKey.')
|
||||
print(err)
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 404)
|
||||
self.assertEqual(reason, errors.ErrorReason.USER_NOT_FOUND.value)
|
||||
self.assertEqual(message, 'Resource Not Found: userKey.')
|
||||
|
||||
def test_get_gapi_error_extracts_group_not_found(self):
|
||||
err = create_simple_http_error(404, 'notFound',
|
||||
'Resource Not Found: groupKey.')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 404)
|
||||
self.assertEqual(reason, errors.ErrorReason.GROUP_NOT_FOUND.value)
|
||||
self.assertEqual(message, 'Resource Not Found: groupKey.')
|
||||
|
||||
def test_get_gapi_error_extracts_member_not_found(self):
|
||||
err = create_simple_http_error(404, 'notFound',
|
||||
'Resource Not Found: memberKey.')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 404)
|
||||
self.assertEqual(reason, errors.ErrorReason.MEMBER_NOT_FOUND.value)
|
||||
self.assertEqual(message, 'Resource Not Found: memberKey.')
|
||||
|
||||
def test_get_gapi_error_extracts_domain_not_found(self):
|
||||
err = create_simple_http_error(404, 'notFound', 'Domain not found.')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 404)
|
||||
self.assertEqual(reason, errors.ErrorReason.DOMAIN_NOT_FOUND.value)
|
||||
self.assertEqual(message, 'Domain not found.')
|
||||
|
||||
def test_get_gapi_error_extracts_generic_resource_not_found(self):
|
||||
err = create_simple_http_error(404, 'notFound',
|
||||
'Resource Not Found: unknownResource.')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 404)
|
||||
self.assertEqual(reason, errors.ErrorReason.RESOURCE_NOT_FOUND.value)
|
||||
self.assertEqual(message, 'Resource Not Found: unknownResource.')
|
||||
|
||||
def test_get_gapi_error_extracts_invalid_userid(self):
|
||||
err = create_simple_http_error(400, 'invalid', 'Invalid Input: userId')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 400)
|
||||
self.assertEqual(reason, errors.ErrorReason.USER_NOT_FOUND.value)
|
||||
self.assertEqual(message, 'Invalid Input: userId')
|
||||
|
||||
def test_get_gapi_error_extracts_invalid_member(self):
|
||||
err = create_simple_http_error(400, 'invalid',
|
||||
'Invalid Input: memberKey')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 400)
|
||||
self.assertEqual(reason, errors.ErrorReason.INVALID_MEMBER.value)
|
||||
self.assertEqual(message, 'Invalid Input: memberKey')
|
||||
|
||||
def test_get_gapi_error_extracts_bad_request(self):
|
||||
err = create_simple_http_error(400, 'failedPrecondition', 'Bad Request')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 400)
|
||||
self.assertEqual(reason, errors.ErrorReason.BAD_REQUEST.value)
|
||||
self.assertEqual(message, 'Bad Request')
|
||||
|
||||
def test_get_gapi_error_extracts_service_not_available(self):
|
||||
err = create_simple_http_error(400, 'failedPrecondition',
|
||||
'Mail service not enabled')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 400)
|
||||
self.assertEqual(reason, errors.ErrorReason.SERVICE_NOT_AVAILABLE.value)
|
||||
self.assertEqual(message, 'Mail service not enabled')
|
||||
|
||||
def test_get_gapi_error_extracts_required_member_not_found(self):
|
||||
err = create_simple_http_error(400, 'required',
|
||||
'Missing required field: memberKey')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 400)
|
||||
self.assertEqual(reason, errors.ErrorReason.MEMBER_NOT_FOUND.value)
|
||||
self.assertEqual(message, 'Missing required field: memberKey')
|
||||
|
||||
def test_get_gapi_error_extracts_cyclic_memberships_error(self):
|
||||
err = create_simple_http_error(400, 'conditionNotMet',
|
||||
'Cyclic memberships not allowed')
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, 400)
|
||||
self.assertEqual(
|
||||
reason, errors.ErrorReason.CYCLIC_MEMBERSHIPS_NOT_ALLOWED.value)
|
||||
self.assertEqual(message, 'Cyclic memberships not allowed')
|
||||
|
||||
def test_get_gapi_error_extracts_single_error_with_message(self):
|
||||
status_code = 999
|
||||
response = httplib2.Response({'status': status_code})
|
||||
# This error does not have an "errors" key describing each error.
|
||||
content = {'error': {'code': status_code, 'message': 'unknown error'}}
|
||||
content_as_bytes = json.dumps(content).encode('UTF-8')
|
||||
err = googleapiclient.errors.HttpError(response, content_as_bytes)
|
||||
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, status_code)
|
||||
self.assertEqual(reason, str(status_code))
|
||||
self.assertEqual(message, content['error']['message'])
|
||||
|
||||
def test_get_gapi_error_exits_code_4_on_malformed_error_with_unknown_description(
|
||||
self):
|
||||
status_code = 999
|
||||
response = httplib2.Response({'status': status_code})
|
||||
# This error only has an error_description_field and an unknown description.
|
||||
content = {'error_description': 'something errored'}
|
||||
content_as_bytes = json.dumps(content).encode('UTF-8')
|
||||
err = googleapiclient.errors.HttpError(response, content_as_bytes)
|
||||
|
||||
with self.assertRaises(SystemExit) as context:
|
||||
errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(4, context.exception.code)
|
||||
|
||||
def test_get_gapi_error_exits_on_invalid_error_description(self):
|
||||
status_code = 400
|
||||
response = httplib2.Response({'status': status_code})
|
||||
content = {'error_description': 'Invalid Value'}
|
||||
content_as_bytes = json.dumps(content).encode('UTF-8')
|
||||
err = googleapiclient.errors.HttpError(response, content_as_bytes)
|
||||
|
||||
http_status, reason, message = errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(http_status, status_code)
|
||||
self.assertEqual(reason, errors.ErrorReason.INVALID.value)
|
||||
self.assertEqual(message, 'Invalid Value')
|
||||
|
||||
def test_get_gapi_error_exits_code_4_on_unexpected_error_contents(self):
|
||||
status_code = 900
|
||||
response = httplib2.Response({'status': status_code})
|
||||
content = {'notErrorContentThatIsExpected': 'foo'}
|
||||
content_as_bytes = json.dumps(content).encode('UTF-8')
|
||||
err = googleapiclient.errors.HttpError(response, content_as_bytes)
|
||||
|
||||
with self.assertRaises(SystemExit) as context:
|
||||
errors.get_gapi_error_detail(err)
|
||||
self.assertEqual(4, context.exception.code)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
@@ -1,309 +0,0 @@
|
||||
import re
|
||||
import sys
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi.directory import customer as gapi_directory_customer
|
||||
|
||||
|
||||
def _get_customerid():
|
||||
''' returns customerId with format C{customer_id}'''
|
||||
gapi_directory_customer.setTrueCustomerId()
|
||||
customer_id = GC_Values[GC_CUSTOMER_ID]
|
||||
if customer_id[0] != 'C':
|
||||
customer_id = 'C' + customer_id
|
||||
return customer_id
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('licensing')
|
||||
|
||||
|
||||
def getProductAndSKU(sku):
|
||||
l_sku = sku.lower().replace('-', '').replace(' ', '')
|
||||
for a_sku, sku_values in list(SKUS.items()):
|
||||
if l_sku == a_sku.lower().replace(
|
||||
'-',
|
||||
'') or l_sku in sku_values['aliases'] or l_sku == sku_values[
|
||||
'displayName'].lower().replace(' ', ''):
|
||||
return (sku_values['product'], a_sku)
|
||||
try:
|
||||
product = re.search('^([A-Z,a-z]*-[A-Z,a-z]*)', sku).group(1)
|
||||
except AttributeError:
|
||||
product = sku
|
||||
return (product, sku)
|
||||
|
||||
|
||||
def user_lic_result(request_id, response, exception):
|
||||
if exception:
|
||||
http_status, reason, message = gapi_errors.get_gapi_error_detail(
|
||||
exception,
|
||||
soft_errors=True)
|
||||
print(f'ERROR: {request_id}: {http_status} - {reason} {message}')
|
||||
|
||||
|
||||
def create(users, sku=None):
|
||||
lic = build()
|
||||
if not sku:
|
||||
sku = sys.argv[5]
|
||||
productId, skuId = getProductAndSKU(sku)
|
||||
sku_name = _formatSKUIdDisplayName(skuId)
|
||||
i = 6
|
||||
if len(sys.argv) > 6 and sys.argv[i].lower() in ['product', 'productid']:
|
||||
productId = sys.argv[i+1]
|
||||
i += 2
|
||||
for user in users:
|
||||
print(f'Adding license {sku_name} to {user}')
|
||||
gapi.call(lic.licenseAssignments(),
|
||||
'insert',
|
||||
soft_errors=True,
|
||||
productId=productId,
|
||||
skuId=skuId,
|
||||
body={'userId': user})
|
||||
|
||||
|
||||
def delete(users, sku=None):
|
||||
lic = build()
|
||||
if not sku:
|
||||
sku = sys.argv[5]
|
||||
productId, skuId = getProductAndSKU(sku)
|
||||
sku_name = _formatSKUIdDisplayName(skuId)
|
||||
i = 6
|
||||
if len(sys.argv) > 6 and sys.argv[i].lower() in ['product', 'productid']:
|
||||
productId = sys.argv[i+1]
|
||||
i += 2
|
||||
for user in users:
|
||||
print(f'Removing license {sku_name} from user {user}')
|
||||
gapi.call(lic.licenseAssignments(),
|
||||
'delete',
|
||||
soft_errors=True,
|
||||
productId=productId,
|
||||
skuId=skuId,
|
||||
userId=user)
|
||||
|
||||
|
||||
def sync(users):
|
||||
sku = sys.argv[5]
|
||||
current_licenses = gam.getUsersToModify(entity_type='license',
|
||||
entity=sku)
|
||||
users_to_license = [user for user in users if user not in current_licenses]
|
||||
users_to_unlicense = [user for user in current_licenses if user not in users]
|
||||
print(f'Need to remove license from {len(users_to_unlicense)} and add to ' \
|
||||
f'{len(users_to_license)} users...')
|
||||
# do the remove first to free up seats
|
||||
delete(users_to_unlicense, sku)
|
||||
create(users_to_license, sku)
|
||||
|
||||
|
||||
def update(users, sku=None, old_sku=None):
|
||||
lic = build()
|
||||
if not sku:
|
||||
sku = sys.argv[5]
|
||||
productId, skuId = getProductAndSKU(sku)
|
||||
sku_name = _formatSKUIdDisplayName(skuId)
|
||||
i = 6
|
||||
if len(sys.argv) > 6 and sys.argv[i].lower() in ['product', 'productid']:
|
||||
productId = sys.argv[i+1]
|
||||
i += 2
|
||||
if not old_sku:
|
||||
try:
|
||||
old_sku = sys.argv[i]
|
||||
if old_sku.lower() == 'from':
|
||||
old_sku = sys.argv[i + 1]
|
||||
except KeyError:
|
||||
controlflow.system_error_exit(
|
||||
2,
|
||||
'You need to specify the user\'s old SKU as the last argument'
|
||||
)
|
||||
_, old_sku = getProductAndSKU(old_sku)
|
||||
old_sku_name = _formatSKUIdDisplayName(old_sku)
|
||||
for user in users:
|
||||
print(f'Changing user {user} from license {old_sku_name} to {sku_name}')
|
||||
gapi.call(lic.licenseAssignments(),
|
||||
'patch',
|
||||
soft_errors=True,
|
||||
productId=productId,
|
||||
skuId=old_sku,
|
||||
userId=user,
|
||||
body={'skuId': skuId})
|
||||
|
||||
|
||||
def print_(returnFields=None,
|
||||
skus=None,
|
||||
countsOnly=False,
|
||||
returnCounts=False):
|
||||
lic = build()
|
||||
customer_id = _get_customerid()
|
||||
products = []
|
||||
licenses = []
|
||||
licenseCounts = []
|
||||
if not returnFields:
|
||||
csvRows = []
|
||||
todrive = False
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if not returnCounts and myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['products', 'product']:
|
||||
products = sys.argv[i + 1].split(',')
|
||||
i += 2
|
||||
elif myarg in ['sku', 'skus']:
|
||||
skus = sys.argv[i + 1].split(',')
|
||||
i += 2
|
||||
elif myarg == 'allskus':
|
||||
skus = sorted(SKUS)
|
||||
products = []
|
||||
i += 1
|
||||
elif myarg == 'gsuite':
|
||||
skus = [
|
||||
skuId for skuId in SKUS
|
||||
if SKUS[skuId]['product'] in ['Google-Apps', '101031']
|
||||
]
|
||||
products = []
|
||||
i += 1
|
||||
elif myarg == 'countsonly':
|
||||
countsOnly = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam print licenses')
|
||||
if not countsOnly:
|
||||
fields = 'nextPageToken,items(productId,skuId,userId)'
|
||||
titles = ['userId', 'productId', 'skuId']
|
||||
else:
|
||||
fields = 'nextPageToken,items(userId)'
|
||||
if not returnCounts:
|
||||
if skus:
|
||||
titles = ['productId', 'skuId', 'licenses']
|
||||
else:
|
||||
titles = ['productId', 'licenses']
|
||||
else:
|
||||
fields = f'nextPageToken,items({returnFields})'
|
||||
if skus:
|
||||
for sku in skus:
|
||||
if not products:
|
||||
product, sku = getProductAndSKU(sku)
|
||||
else:
|
||||
product = products[0]
|
||||
page_message = gapi.got_total_items_msg(
|
||||
f'Licenses for {SKUS.get(sku, {"displayName": sku})["displayName"]}',
|
||||
'...\n')
|
||||
try:
|
||||
licenses += gapi.get_all_pages(
|
||||
lic.licenseAssignments(),
|
||||
'listForProductAndSku',
|
||||
'items',
|
||||
throw_reasons=[
|
||||
gapi_errors.ErrorReason.INVALID,
|
||||
gapi_errors.ErrorReason.FORBIDDEN
|
||||
],
|
||||
page_message=page_message,
|
||||
customerId=customer_id,
|
||||
productId=product,
|
||||
skuId=sku,
|
||||
fields=fields)
|
||||
if countsOnly:
|
||||
licenseCounts.append([
|
||||
'Product', product, 'SKU', sku, 'Licenses',
|
||||
len(licenses)
|
||||
])
|
||||
licenses = []
|
||||
except (gapi_errors.GapiInvalidError,
|
||||
gapi_errors.GapiForbiddenError):
|
||||
pass
|
||||
else:
|
||||
if not products:
|
||||
products = sorted(PRODUCTID_NAME_MAPPINGS)
|
||||
for productId in products:
|
||||
page_message = gapi.got_total_items_msg(
|
||||
f'Licenses for {PRODUCTID_NAME_MAPPINGS.get(productId, productId)}',
|
||||
'...\n')
|
||||
try:
|
||||
licenses += gapi.get_all_pages(
|
||||
lic.licenseAssignments(),
|
||||
'listForProduct',
|
||||
'items',
|
||||
throw_reasons=[
|
||||
gapi_errors.ErrorReason.INVALID,
|
||||
gapi_errors.ErrorReason.FORBIDDEN
|
||||
],
|
||||
page_message=page_message,
|
||||
customerId=customer_id,
|
||||
productId=productId,
|
||||
fields=fields)
|
||||
if countsOnly:
|
||||
licenseCounts.append(
|
||||
['Product', productId, 'Licenses',
|
||||
len(licenses)])
|
||||
licenses = []
|
||||
except (gapi_errors.GapiInvalidError,
|
||||
gapi_errors.GapiForbiddenError):
|
||||
pass
|
||||
if countsOnly:
|
||||
if returnCounts:
|
||||
return licenseCounts
|
||||
if skus:
|
||||
for u_license in licenseCounts:
|
||||
csvRows.append({
|
||||
'productId': u_license[1],
|
||||
'skuId': u_license[3],
|
||||
'licenses': u_license[5]
|
||||
})
|
||||
else:
|
||||
for u_license in licenseCounts:
|
||||
csvRows.append({
|
||||
'productId': u_license[1],
|
||||
'licenses': u_license[3]
|
||||
})
|
||||
display.write_csv_file(csvRows, titles, 'Licenses', todrive)
|
||||
return
|
||||
if returnFields:
|
||||
if returnFields == 'userId':
|
||||
userIds = []
|
||||
for u_license in licenses:
|
||||
userId = u_license.get('userId', '').lower()
|
||||
if userId:
|
||||
userIds.append(userId)
|
||||
return userIds
|
||||
userSkuIds = {}
|
||||
for u_license in licenses:
|
||||
userId = u_license.get('userId', '').lower()
|
||||
skuId = u_license.get('skuId')
|
||||
if userId and skuId:
|
||||
userSkuIds.setdefault(userId, [])
|
||||
userSkuIds[userId].append(skuId)
|
||||
return userSkuIds
|
||||
for u_license in licenses:
|
||||
userId = u_license.get('userId', '').lower()
|
||||
skuId = u_license.get('skuId', '')
|
||||
csvRows.append({
|
||||
'userId': userId,
|
||||
'productId': u_license.get('productId', ''),
|
||||
'skuId': _skuIdToDisplayName(skuId)
|
||||
})
|
||||
display.write_csv_file(csvRows, titles, 'Licenses', todrive)
|
||||
|
||||
|
||||
def show():
|
||||
licenseCounts = print_(countsOnly=True, returnCounts=True)
|
||||
for u_license in licenseCounts:
|
||||
line = ''
|
||||
for i in range(0, len(u_license), 2):
|
||||
line += f'{u_license[i]}: {u_license[i+1]}, '
|
||||
print(line[:-2])
|
||||
|
||||
|
||||
def _skuIdToDisplayName(skuId):
|
||||
return SKUS[skuId]['displayName'] if skuId in SKUS else skuId
|
||||
|
||||
|
||||
def _formatSKUIdDisplayName(skuId):
|
||||
skuIdDisplay = _skuIdToDisplayName(skuId)
|
||||
if skuId == skuIdDisplay:
|
||||
return skuId
|
||||
return f'{skuId} ({skuIdDisplay})'
|
||||
@@ -1,589 +0,0 @@
|
||||
import calendar
|
||||
import datetime
|
||||
import re
|
||||
import sys
|
||||
|
||||
from dateutil.relativedelta import relativedelta
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
from gam.gapi.directory import orgunits as gapi_directory_orgunits
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('reports')
|
||||
|
||||
|
||||
REPORT_CHOICE_MAP = {
|
||||
'access': 'access_transparency',
|
||||
'accesstransparency': 'access_transparency',
|
||||
'calendars': 'calendar',
|
||||
'customers': 'customer',
|
||||
'doc': 'drive',
|
||||
'docs': 'drive',
|
||||
'domain': 'customer',
|
||||
'enterprisegroups': 'groups_enterprise',
|
||||
'google+': 'gplus',
|
||||
'group': 'groups',
|
||||
'groupsenterprise': 'groups_enterprise',
|
||||
'hangoutsmeet': 'meet',
|
||||
'logins': 'login',
|
||||
'oauthtoken': 'token',
|
||||
'tokens': 'token',
|
||||
'usage': 'usage',
|
||||
'usageparameters': 'usageparameters',
|
||||
'users': 'user',
|
||||
'useraccounts': 'user_accounts',
|
||||
}
|
||||
|
||||
|
||||
def showUsageParameters():
|
||||
rep = build()
|
||||
throw_reasons = [
|
||||
gapi.errors.ErrorReason.INVALID, gapi.errors.ErrorReason.BAD_REQUEST
|
||||
]
|
||||
todrive = False
|
||||
if len(sys.argv) == 3:
|
||||
controlflow.missing_argument_exit('user or customer',
|
||||
'report usageparameters')
|
||||
report = sys.argv[3].lower()
|
||||
titles = ['parameter']
|
||||
if report == 'customer':
|
||||
endpoint = rep.customerUsageReports()
|
||||
kwargs = {}
|
||||
elif report == 'user':
|
||||
endpoint = rep.userUsageReport()
|
||||
kwargs = {'userKey': gam._get_admin_email()}
|
||||
else:
|
||||
controlflow.expected_argument_exit('usageparameters',
|
||||
['user', 'customer'], report)
|
||||
customerId = GC_Values[GC_CUSTOMER_ID]
|
||||
if customerId == MY_CUSTOMER:
|
||||
customerId = None
|
||||
tryDate = datetime.date.today().strftime(YYYYMMDD_FORMAT)
|
||||
all_parameters = set()
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam report usageparameters')
|
||||
fullDataRequired = ['all']
|
||||
while True:
|
||||
try:
|
||||
result = gapi.call(endpoint,
|
||||
'get',
|
||||
throw_reasons=throw_reasons,
|
||||
date=tryDate,
|
||||
customerId=customerId,
|
||||
fields='warnings,usageReports(parameters(name))',
|
||||
**kwargs)
|
||||
usage = result.get('usageReports')
|
||||
fullData, tryDate = _check_full_data_available(
|
||||
result, tryDate, fullDataRequired, False)
|
||||
if fullData < 0:
|
||||
print('No usage parameters available.')
|
||||
sys.exit(1)
|
||||
if usage:
|
||||
for parameter in usage[0]['parameters']:
|
||||
name = parameter.get('name')
|
||||
if name:
|
||||
all_parameters.add(name)
|
||||
if fullData == 1:
|
||||
break
|
||||
except gapi.errors.GapiInvalidError as e:
|
||||
tryDate = _adjust_date(str(e))
|
||||
csvRows = []
|
||||
for parameter in sorted(all_parameters):
|
||||
csvRows.append({'parameter': parameter})
|
||||
display.write_csv_file(csvRows, titles,
|
||||
f'{report.capitalize()} Report Usage Parameters',
|
||||
todrive)
|
||||
|
||||
|
||||
REPORTS_PARAMETERS_SIMPLE_TYPES = [
|
||||
'intValue', 'boolValue', 'datetimeValue', 'stringValue'
|
||||
]
|
||||
|
||||
|
||||
def showUsage():
|
||||
rep = build()
|
||||
throw_reasons = [
|
||||
gapi.errors.ErrorReason.INVALID, gapi.errors.ErrorReason.BAD_REQUEST
|
||||
]
|
||||
todrive = False
|
||||
if len(sys.argv) == 3:
|
||||
controlflow.missing_argument_exit('user or customer', 'report usage')
|
||||
report = sys.argv[3].lower()
|
||||
titles = ['date']
|
||||
if report == 'customer':
|
||||
endpoint = rep.customerUsageReports()
|
||||
kwargs = [{}]
|
||||
elif report == 'user':
|
||||
endpoint = rep.userUsageReport()
|
||||
kwargs = [{'userKey': 'all'}]
|
||||
titles.append('user')
|
||||
else:
|
||||
controlflow.expected_argument_exit('usage', ['user', 'customer'],
|
||||
report)
|
||||
customerId = GC_Values[GC_CUSTOMER_ID]
|
||||
if customerId == MY_CUSTOMER:
|
||||
customerId = None
|
||||
parameters = []
|
||||
start_date = end_date = orgUnitId = None
|
||||
skip_day_numbers = []
|
||||
skip_dates = set()
|
||||
one_day = datetime.timedelta(days=1)
|
||||
i = 4
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'startdate':
|
||||
start_date = utils.get_yyyymmdd(sys.argv[i + 1],
|
||||
returnDateTime=True)
|
||||
i += 2
|
||||
elif myarg == 'enddate':
|
||||
end_date = utils.get_yyyymmdd(sys.argv[i + 1], returnDateTime=True)
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg in ['fields', 'parameters']:
|
||||
parameters = sys.argv[i + 1].split(',')
|
||||
i += 2
|
||||
elif myarg == 'skipdates':
|
||||
for skip in sys.argv[i + 1].split(','):
|
||||
if skip.find(':') == -1:
|
||||
skip_dates.add(utils.get_yyyymmdd(skip,
|
||||
returnDateTime=True))
|
||||
else:
|
||||
skip_start, skip_end = skip.split(':', 1)
|
||||
skip_start = utils.get_yyyymmdd(skip_start,
|
||||
returnDateTime=True)
|
||||
skip_end = utils.get_yyyymmdd(skip_end, returnDateTime=True)
|
||||
while skip_start <= skip_end:
|
||||
skip_dates.add(skip_start)
|
||||
skip_start += one_day
|
||||
i += 2
|
||||
elif myarg == 'skipdaysofweek':
|
||||
skipdaynames = sys.argv[i + 1].split(',')
|
||||
dow = [d.lower() for d in calendar.day_abbr]
|
||||
skip_day_numbers = [dow.index(d) for d in skipdaynames if d in dow]
|
||||
i += 2
|
||||
elif report == 'user' and myarg in ['orgunit', 'org', 'ou']:
|
||||
_, orgUnitId = gapi_directory_orgunits.getOrgUnitId(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif report == 'user' and myarg in usergroup_types:
|
||||
users = gam.getUsersToModify(myarg, sys.argv[i + 1])
|
||||
kwargs = [{'userKey': user} for user in users]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
f'gam report usage {report}')
|
||||
if parameters:
|
||||
titles.extend(parameters)
|
||||
parameters = ','.join(parameters)
|
||||
else:
|
||||
parameters = None
|
||||
if not end_date:
|
||||
end_date = datetime.datetime.now()
|
||||
if not start_date:
|
||||
start_date = end_date + relativedelta(months=-1)
|
||||
if orgUnitId:
|
||||
for kw in kwargs:
|
||||
kw['orgUnitID'] = orgUnitId
|
||||
usage_on_date = start_date
|
||||
start_date = usage_on_date.strftime(YYYYMMDD_FORMAT)
|
||||
usage_end_date = end_date
|
||||
end_date = end_date.strftime(YYYYMMDD_FORMAT)
|
||||
start_use_date = end_use_date = None
|
||||
csvRows = []
|
||||
while usage_on_date <= usage_end_date:
|
||||
if usage_on_date.weekday() in skip_day_numbers or \
|
||||
usage_on_date in skip_dates:
|
||||
usage_on_date += one_day
|
||||
continue
|
||||
use_date = usage_on_date.strftime(YYYYMMDD_FORMAT)
|
||||
usage_on_date += one_day
|
||||
try:
|
||||
for kwarg in kwargs:
|
||||
try:
|
||||
usage = gapi.get_all_pages(endpoint,
|
||||
'get',
|
||||
'usageReports',
|
||||
throw_reasons=throw_reasons,
|
||||
customerId=customerId,
|
||||
date=use_date,
|
||||
parameters=parameters,
|
||||
**kwarg)
|
||||
except gapi.errors.GapiBadRequestError:
|
||||
continue
|
||||
for entity in usage:
|
||||
row = {'date': use_date}
|
||||
if 'userEmail' in entity['entity']:
|
||||
row['user'] = entity['entity']['userEmail']
|
||||
for item in entity.get('parameters', []):
|
||||
if 'name' not in item:
|
||||
continue
|
||||
name = item['name']
|
||||
if name == 'cros:device_version_distribution':
|
||||
for cros_ver in item['msgValue']:
|
||||
v = cros_ver['version_number']
|
||||
column_name = f'cros:num_devices_chrome_{v}'
|
||||
if column_name not in titles:
|
||||
titles.append(column_name)
|
||||
row[column_name] = cros_ver['num_devices']
|
||||
else:
|
||||
if not name in titles:
|
||||
titles.append(name)
|
||||
for ptype in REPORTS_PARAMETERS_SIMPLE_TYPES:
|
||||
if ptype in item:
|
||||
row[name] = item[ptype]
|
||||
break
|
||||
else:
|
||||
row[name] = ''
|
||||
if not start_use_date:
|
||||
start_use_date = use_date
|
||||
end_use_date = use_date
|
||||
csvRows.append(row)
|
||||
except gapi.errors.GapiInvalidError as e:
|
||||
display.print_warning(str(e))
|
||||
break
|
||||
if start_use_date:
|
||||
report_name = f'{report.capitalize()} Usage Report - {start_use_date}:{end_use_date}'
|
||||
else:
|
||||
report_name = f'{report.capitalize()} Usage Report - {start_date}:{end_date} - No Data'
|
||||
display.write_csv_file(csvRows, titles, report_name, todrive)
|
||||
|
||||
|
||||
def showReport():
|
||||
rep = build()
|
||||
throw_reasons = [gapi.errors.ErrorReason.INVALID]
|
||||
report = sys.argv[2].lower()
|
||||
report = REPORT_CHOICE_MAP.get(report.replace('_', ''), report)
|
||||
if report == 'usage':
|
||||
showUsage()
|
||||
return
|
||||
if report == 'usageparameters':
|
||||
showUsageParameters()
|
||||
return
|
||||
valid_apps = gapi.get_enum_values_minus_unspecified(
|
||||
rep._rootDesc['resources']['activities']['methods']['list']
|
||||
['parameters']['applicationName']['enum']) + ['customer', 'user']
|
||||
if report not in valid_apps:
|
||||
controlflow.expected_argument_exit('report',
|
||||
', '.join(sorted(valid_apps)),
|
||||
report)
|
||||
customerId = GC_Values[GC_CUSTOMER_ID]
|
||||
if customerId == MY_CUSTOMER:
|
||||
customerId = None
|
||||
filters = parameters = actorIpAddress = groupIdFilter = startTime = endTime = eventName = orgUnitId = None
|
||||
tryDate = datetime.date.today().strftime(YYYYMMDD_FORMAT)
|
||||
to_drive = False
|
||||
userKey = 'all'
|
||||
fullDataRequired = None
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower()
|
||||
if myarg == 'date':
|
||||
tryDate = utils.get_yyyymmdd(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg in ['orgunit', 'org', 'ou']:
|
||||
_, orgUnitId = gapi_directory_orgunits.getOrgUnitId(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'fulldatarequired':
|
||||
fullDataRequired = []
|
||||
fdr = sys.argv[i + 1].lower()
|
||||
if fdr and fdr == 'all':
|
||||
fullDataRequired = 'all'
|
||||
else:
|
||||
fullDataRequired = fdr.replace(',', ' ').split()
|
||||
i += 2
|
||||
elif myarg == 'start':
|
||||
startTime = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'end':
|
||||
endTime = utils.get_time_or_delta_from_now(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg == 'event':
|
||||
eventName = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'user':
|
||||
userKey = sys.argv[i + 1].lower()
|
||||
if userKey != 'all':
|
||||
userKey = gam.normalizeEmailAddressOrUID(sys.argv[i + 1])
|
||||
i += 2
|
||||
elif myarg in ['filter', 'filters']:
|
||||
filters = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg in ['fields', 'parameters']:
|
||||
parameters = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'ip':
|
||||
actorIpAddress = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'groupidfilter':
|
||||
groupIdFilter = sys.argv[i + 1]
|
||||
i += 2
|
||||
elif myarg == 'todrive':
|
||||
to_drive = True
|
||||
i += 1
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i], 'gam report')
|
||||
if report == 'user':
|
||||
while True:
|
||||
try:
|
||||
one_page = gapi.call(rep.userUsageReport(),
|
||||
'get',
|
||||
throw_reasons=throw_reasons,
|
||||
date=tryDate,
|
||||
userKey=userKey,
|
||||
customerId=customerId,
|
||||
orgUnitID=orgUnitId,
|
||||
fields='warnings,usageReports',
|
||||
maxResults=1)
|
||||
fullData, tryDate = _check_full_data_available(
|
||||
one_page, tryDate, fullDataRequired, True)
|
||||
if fullData < 0:
|
||||
print('No user report available.')
|
||||
sys.exit(1)
|
||||
if fullData == 0:
|
||||
continue
|
||||
page_message = gapi.got_total_items_msg('Users', '...\n')
|
||||
usage = gapi.get_all_pages(rep.userUsageReport(),
|
||||
'get',
|
||||
'usageReports',
|
||||
page_message=page_message,
|
||||
throw_reasons=throw_reasons,
|
||||
date=tryDate,
|
||||
userKey=userKey,
|
||||
customerId=customerId,
|
||||
orgUnitID=orgUnitId,
|
||||
filters=filters,
|
||||
parameters=parameters)
|
||||
break
|
||||
except gapi.errors.GapiInvalidError as e:
|
||||
tryDate = _adjust_date(str(e))
|
||||
if not usage:
|
||||
print('No user report available.')
|
||||
sys.exit(1)
|
||||
titles = ['email', 'date']
|
||||
csvRows = []
|
||||
for user_report in usage:
|
||||
if 'entity' not in user_report:
|
||||
continue
|
||||
row = {'email': user_report['entity'].get('userEmail', 'Unknown'), 'date': tryDate}
|
||||
for item in user_report.get('parameters', []):
|
||||
if 'name' not in item:
|
||||
continue
|
||||
name = item['name']
|
||||
if not name in titles:
|
||||
titles.append(name)
|
||||
for ptype in REPORTS_PARAMETERS_SIMPLE_TYPES:
|
||||
if ptype in item:
|
||||
row[name] = item[ptype]
|
||||
break
|
||||
else:
|
||||
row[name] = ''
|
||||
csvRows.append(row)
|
||||
display.write_csv_file(csvRows, titles, f'User Reports - {tryDate}',
|
||||
to_drive)
|
||||
elif report == 'customer':
|
||||
while True:
|
||||
try:
|
||||
first_page = gapi.call(rep.customerUsageReports(),
|
||||
'get',
|
||||
throw_reasons=throw_reasons,
|
||||
customerId=customerId,
|
||||
date=tryDate,
|
||||
fields='warnings,usageReports')
|
||||
fullData, tryDate = _check_full_data_available(
|
||||
first_page, tryDate, fullDataRequired, False)
|
||||
if fullData < 0:
|
||||
print('No customer report available.')
|
||||
sys.exit(1)
|
||||
if fullData == 0:
|
||||
continue
|
||||
usage = gapi.get_all_pages(rep.customerUsageReports(),
|
||||
'get',
|
||||
'usageReports',
|
||||
throw_reasons=throw_reasons,
|
||||
customerId=customerId,
|
||||
date=tryDate,
|
||||
parameters=parameters)
|
||||
break
|
||||
except gapi.errors.GapiInvalidError as e:
|
||||
tryDate = _adjust_date(str(e))
|
||||
if not usage:
|
||||
print('No customer report available.')
|
||||
sys.exit(1)
|
||||
titles = ['name', 'value', 'client_id']
|
||||
csvRows = []
|
||||
auth_apps = list()
|
||||
usage = list(usage)
|
||||
for item in usage[0]['parameters']:
|
||||
if 'name' not in item:
|
||||
continue
|
||||
name = item['name']
|
||||
if 'intValue' in item:
|
||||
value = item['intValue']
|
||||
elif 'msgValue' in item:
|
||||
if name == 'accounts:authorized_apps':
|
||||
for subitem in item['msgValue']:
|
||||
app = {}
|
||||
for an_item in subitem:
|
||||
if an_item == 'client_name':
|
||||
app['name'] = 'App: ' + \
|
||||
subitem[an_item].replace('\n', '\\n')
|
||||
elif an_item == 'num_users':
|
||||
app['value'] = f'{subitem[an_item]} users'
|
||||
elif an_item == 'client_id':
|
||||
app['client_id'] = subitem[an_item]
|
||||
auth_apps.append(app)
|
||||
continue
|
||||
values = []
|
||||
for subitem in item['msgValue']:
|
||||
if 'count' in subitem:
|
||||
mycount = myvalue = None
|
||||
for key, value in list(subitem.items()):
|
||||
if key == 'count':
|
||||
mycount = value
|
||||
else:
|
||||
myvalue = value
|
||||
if mycount and myvalue:
|
||||
values.append(f'{myvalue}:{mycount}')
|
||||
value = ' '.join(values)
|
||||
elif 'version_number' in subitem \
|
||||
and 'num_devices' in subitem:
|
||||
values.append(f'{subitem["version_number"]}:'
|
||||
f'{subitem["num_devices"]}')
|
||||
else:
|
||||
continue
|
||||
value = ' '.join(sorted(values, reverse=True))
|
||||
csvRows.append({'name': name, 'value': value})
|
||||
for app in auth_apps: # put apps at bottom
|
||||
csvRows.append(app)
|
||||
display.write_csv_file(csvRows,
|
||||
titles,
|
||||
f'Customer Report - {tryDate}',
|
||||
todrive=to_drive)
|
||||
else:
|
||||
page_message = gapi.got_total_items_msg('Activities', '...\n')
|
||||
activities = gapi.get_all_pages(rep.activities(),
|
||||
'list',
|
||||
'items',
|
||||
page_message=page_message,
|
||||
applicationName=report,
|
||||
userKey=userKey,
|
||||
customerId=customerId,
|
||||
actorIpAddress=actorIpAddress,
|
||||
startTime=startTime,
|
||||
endTime=endTime,
|
||||
eventName=eventName,
|
||||
filters=filters,
|
||||
orgUnitID=orgUnitId,
|
||||
groupIdFilter=groupIdFilter)
|
||||
if activities:
|
||||
titles = ['name']
|
||||
csvRows = []
|
||||
for activity in activities:
|
||||
events = activity['events']
|
||||
del activity['events']
|
||||
activity_row = utils.flatten_json(activity)
|
||||
purge_parameters = True
|
||||
for event in events:
|
||||
for item in event.get('parameters', []):
|
||||
if set(item) == {'value', 'name'}:
|
||||
event[item['name']] = item['value']
|
||||
elif set(item) == {'intValue', 'name'}:
|
||||
if item['name'] in ['start_time', 'end_time']:
|
||||
val = item.get('intValue')
|
||||
if val is not None:
|
||||
val = int(val)
|
||||
if val >= 62135683200:
|
||||
event[item['name']] = \
|
||||
datetime.datetime.fromtimestamp(
|
||||
val-62135683200).isoformat()
|
||||
else:
|
||||
event[item['name']] = item['intValue']
|
||||
elif set(item) == {'boolValue', 'name'}:
|
||||
event[item['name']] = item['boolValue']
|
||||
elif set(item) == {'multiValue', 'name'}:
|
||||
event[item['name']] = ' '.join(item['multiValue'])
|
||||
elif item['name'] == 'scope_data':
|
||||
parts = {}
|
||||
for message in item['multiMessageValue']:
|
||||
for mess in message['parameter']:
|
||||
value = mess.get(
|
||||
'value',
|
||||
' '.join(mess.get('multiValue', [])))
|
||||
parts[mess['name']] = parts.get(
|
||||
mess['name'], []) + [value]
|
||||
for part, v in parts.items():
|
||||
if part == 'scope_name':
|
||||
part = 'scope'
|
||||
event[part] = ' '.join(v)
|
||||
else:
|
||||
purge_parameters = False
|
||||
if purge_parameters:
|
||||
event.pop('parameters', None)
|
||||
row = utils.flatten_json(event)
|
||||
row.update(activity_row)
|
||||
for item in row:
|
||||
if item not in titles:
|
||||
titles.append(item)
|
||||
csvRows.append(row)
|
||||
display.sort_csv_titles([
|
||||
'name',
|
||||
], titles)
|
||||
display.write_csv_file(csvRows, titles,
|
||||
f'{report.capitalize()} Activity Report',
|
||||
to_drive)
|
||||
|
||||
|
||||
def _adjust_date(errMsg):
|
||||
match_date = re.match(
|
||||
'Data for dates later than (.*) is not yet '
|
||||
'available. Please check back later', errMsg)
|
||||
if not match_date:
|
||||
match_date = re.match('Start date can not be later than (.*)', errMsg)
|
||||
if not match_date:
|
||||
controlflow.system_error_exit(4, errMsg)
|
||||
return str(match_date.group(1))
|
||||
|
||||
|
||||
def _check_full_data_available(result, tryDate, fullDataRequired,
|
||||
checkUserEmail):
|
||||
one_day = datetime.timedelta(days=1)
|
||||
tryDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)
|
||||
# move to day before if we don't have at least one usageReport
|
||||
usage = result.get('usageReports')
|
||||
if not usage:
|
||||
tryDateTime -= one_day
|
||||
return (0, tryDateTime.strftime(YYYYMMDD_FORMAT))
|
||||
for warning in result.get('warnings', []):
|
||||
if warning['code'] == 'PARTIAL_DATA_AVAILABLE':
|
||||
for app in warning['data']:
|
||||
if app['key'] == 'application' and \
|
||||
app['value'] != 'docs' and \
|
||||
fullDataRequired is not None and \
|
||||
(fullDataRequired == 'all' or app['value'] in fullDataRequired):
|
||||
tryDateTime -= one_day
|
||||
return (0, tryDateTime.strftime(YYYYMMDD_FORMAT))
|
||||
elif warning['code'] == 'DATA_NOT_AVAILABLE':
|
||||
for app in warning['data']:
|
||||
if app['key'] == 'application' and \
|
||||
app['value'] != 'docs' and \
|
||||
(not fullDataRequired or app['value'] in fullDataRequired):
|
||||
return (-1, tryDate)
|
||||
if checkUserEmail:
|
||||
if 'entity' not in usage[0] or 'userEmail' not in usage[0]['entity']:
|
||||
tryDateTime -= one_day
|
||||
return (0, tryDateTime.strftime(YYYYMMDD_FORMAT))
|
||||
return (1, tryDate)
|
||||
@@ -1,188 +0,0 @@
|
||||
import json
|
||||
import sys
|
||||
from urllib.parse import urlencode
|
||||
|
||||
import gam
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import display
|
||||
from gam import fileutils
|
||||
from gam import gapi
|
||||
from gam.gapi import directory as gapi_directory
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.gapi.directory import customer as gapi_directory_customer
|
||||
from gam import transport
|
||||
from gam import utils
|
||||
|
||||
import gam
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('siteVerification')
|
||||
|
||||
|
||||
def create():
|
||||
verif = build()
|
||||
a_domain = sys.argv[3]
|
||||
txt_record = gapi.call(verif.webResource(),
|
||||
'getToken',
|
||||
body={
|
||||
'site': {
|
||||
'type': 'INET_DOMAIN',
|
||||
'identifier': a_domain
|
||||
},
|
||||
'verificationMethod': 'DNS_TXT'
|
||||
})
|
||||
print(f'TXT Record Name: {a_domain}')
|
||||
print(f'TXT Record Value: {txt_record["token"]}')
|
||||
print()
|
||||
cname_record = gapi.call(verif.webResource(),
|
||||
'getToken',
|
||||
body={
|
||||
'site': {
|
||||
'type': 'INET_DOMAIN',
|
||||
'identifier': a_domain
|
||||
},
|
||||
'verificationMethod': 'DNS_CNAME'
|
||||
})
|
||||
cname_token = cname_record['token']
|
||||
cname_list = cname_token.split(' ')
|
||||
cname_subdomain = cname_list[0]
|
||||
cname_value = cname_list[1]
|
||||
print(f'CNAME Record Name: {cname_subdomain}.{a_domain}')
|
||||
print(f'CNAME Record Value: {cname_value}')
|
||||
print('')
|
||||
webserver_file_record = gapi.call(
|
||||
verif.webResource(),
|
||||
'getToken',
|
||||
body={
|
||||
'site': {
|
||||
'type': 'SITE',
|
||||
'identifier': f'http://{a_domain}/'
|
||||
},
|
||||
'verificationMethod': 'FILE'
|
||||
})
|
||||
webserver_file_token = webserver_file_record['token']
|
||||
print(f'Saving web server verification file to: {webserver_file_token}')
|
||||
fileutils.write_file(webserver_file_token,
|
||||
f'google-site-verification: {webserver_file_token}',
|
||||
continue_on_error=True)
|
||||
print(f'Verification File URL: http://{a_domain}/{webserver_file_token}')
|
||||
print()
|
||||
webserver_meta_record = gapi.call(
|
||||
verif.webResource(),
|
||||
'getToken',
|
||||
body={
|
||||
'site': {
|
||||
'type': 'SITE',
|
||||
'identifier': f'http://{a_domain}/'
|
||||
},
|
||||
'verificationMethod': 'META'
|
||||
})
|
||||
print(f'Meta URL: http://{a_domain}/')
|
||||
print(f'Meta HTML Header Data: {webserver_meta_record["token"]}')
|
||||
print()
|
||||
|
||||
|
||||
def info():
|
||||
verif = build()
|
||||
sites = gapi.get_items(verif.webResource(), 'list', 'items')
|
||||
if sites:
|
||||
for site in sites:
|
||||
print(f'Site: {site["site"]["identifier"]}')
|
||||
print(f'Type: {site["site"]["type"]}')
|
||||
print('Owners:')
|
||||
for owner in site['owners']:
|
||||
print(f' {owner}')
|
||||
print()
|
||||
else:
|
||||
print('No Sites Verified.')
|
||||
|
||||
|
||||
def update():
|
||||
verif = build()
|
||||
a_domain = sys.argv[3]
|
||||
verificationMethod = sys.argv[4].upper()
|
||||
if verificationMethod == 'CNAME':
|
||||
verificationMethod = 'DNS_CNAME'
|
||||
elif verificationMethod in ['TXT', 'TEXT']:
|
||||
verificationMethod = 'DNS_TXT'
|
||||
if verificationMethod in ['DNS_TXT', 'DNS_CNAME']:
|
||||
verify_type = 'INET_DOMAIN'
|
||||
identifier = a_domain
|
||||
else:
|
||||
verify_type = 'SITE'
|
||||
identifier = f'http://{a_domain}/'
|
||||
body = {
|
||||
'site': {
|
||||
'type': verify_type,
|
||||
'identifier': identifier
|
||||
},
|
||||
'verificationMethod': verificationMethod
|
||||
}
|
||||
try:
|
||||
verify_result = gapi.call(
|
||||
verif.webResource(),
|
||||
'insert',
|
||||
throw_reasons=[gapi_errors.ErrorReason.BAD_REQUEST],
|
||||
verificationMethod=verificationMethod,
|
||||
body=body)
|
||||
except gapi_errors.GapiBadRequestError as e:
|
||||
print(f'ERROR: {str(e)}')
|
||||
verify_data = gapi.call(verif.webResource(), 'getToken', body=body)
|
||||
print(f'Method: {verify_data["method"]}')
|
||||
print(f'Expected Token: {verify_data["token"]}')
|
||||
if verify_data['method'] in ['DNS_CNAME', 'DNS_TXT']:
|
||||
simplehttp = transport.create_http()
|
||||
base_url = 'https://dns.google/resolve?'
|
||||
query_params = {}
|
||||
if verify_data['method'] == 'DNS_CNAME':
|
||||
cname_token = verify_data['token']
|
||||
cname_list = cname_token.split(' ')
|
||||
cname_subdomain = cname_list[0]
|
||||
query_params['name'] = f'{cname_subdomain}.{a_domain}'
|
||||
query_params['type'] = 'cname'
|
||||
else:
|
||||
query_params['name'] = a_domain
|
||||
query_params['type'] = 'txt'
|
||||
full_url = base_url + urlencode(query_params)
|
||||
(_, c) = simplehttp.request(full_url, 'GET')
|
||||
result = json.loads(c)
|
||||
status = result['Status']
|
||||
if status == 0 and 'Answer' in result:
|
||||
answers = result['Answer']
|
||||
if verify_data['method'] == 'DNS_CNAME':
|
||||
answer = answers[0]['data']
|
||||
else:
|
||||
answer = 'no matching record found'
|
||||
for possible_answer in answers:
|
||||
possible_answer['data'] = possible_answer['data'].strip(
|
||||
'"')
|
||||
if possible_answer['data'].startswith(
|
||||
'google-site-verification'):
|
||||
answer = possible_answer['data']
|
||||
break
|
||||
print(
|
||||
f'Unrelated TXT record: {possible_answer["data"]}')
|
||||
print(f'Found DNS Record: {answer}')
|
||||
elif status == 0:
|
||||
controlflow.system_error_exit(1, 'DNS record not found')
|
||||
else:
|
||||
controlflow.system_error_exit(
|
||||
status,
|
||||
DNS_ERROR_CODES_MAP.get(status, f'Unknown error {status}'))
|
||||
return
|
||||
print('SUCCESS!')
|
||||
print(f'Verified: {verify_result["site"]["identifier"]}')
|
||||
print(f'ID: {verify_result["id"]}')
|
||||
print(f'Type: {verify_result["site"]["type"]}')
|
||||
print('All Owners:')
|
||||
try:
|
||||
for owner in verify_result['owners']:
|
||||
print(f' {owner}')
|
||||
except KeyError:
|
||||
pass
|
||||
print()
|
||||
print(
|
||||
f'You can now add {a_domain} or it\'s subdomains as secondary or domain aliases of the {GC_Values[GC_DOMAIN]} Google Workspace Account.'
|
||||
)
|
||||
@@ -1,212 +0,0 @@
|
||||
import base64
|
||||
import os
|
||||
import re
|
||||
import sys
|
||||
import time
|
||||
|
||||
import googleapiclient
|
||||
from pathvalidate import sanitize_filepath
|
||||
|
||||
import gam
|
||||
from gam.gapi import errors as gapi_errors
|
||||
from gam.var import *
|
||||
from gam import controlflow
|
||||
from gam import fileutils
|
||||
from gam import gapi
|
||||
from gam import utils
|
||||
|
||||
|
||||
def build():
|
||||
return gam.buildGAPIObject('storage')
|
||||
|
||||
|
||||
def copy_bucket():
|
||||
s = build()
|
||||
source_bucket = None
|
||||
target_bucket = None
|
||||
prefix = None
|
||||
target_prefix = ''
|
||||
i = 3
|
||||
while i < len(sys.argv):
|
||||
myarg = sys.argv[i].lower().replace('_', '')
|
||||
if myarg == 'sourcebucket':
|
||||
source_bucket = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'targetbucket':
|
||||
target_bucket = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'sourceprefix':
|
||||
prefix = sys.argv[i+1]
|
||||
i += 2
|
||||
elif myarg == 'targetprefix':
|
||||
target_prefix = sys.argv[i+1]
|
||||
i += 2
|
||||
else:
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam copy storagebucket')
|
||||
if not target_bucket:
|
||||
controlflow.missing_argument_exit('target_bucket', 'gam copy storagebucket')
|
||||
if not source_bucket:
|
||||
controlflow.missing_argument_exit('source_bucket', 'gam copy storagebucket')
|
||||
page_message = gapi.got_total_items_msg('Storage Objects', '...\n')
|
||||
objects = gapi.get_all_pages(s.objects(),
|
||||
'list',
|
||||
items='items',
|
||||
page_message=page_message,
|
||||
prefix=prefix,
|
||||
bucket=source_bucket,
|
||||
fields='items(name,bucket,md5Hash),nextPageToken')
|
||||
copy_objects(objects,
|
||||
target_bucket,
|
||||
target_prefix)
|
||||
|
||||
|
||||
def copy_objects(objects,
|
||||
target_bucket,
|
||||
target_prefix):
|
||||
"""Copies objects to target_bucket.
|
||||
|
||||
Args:
|
||||
objects: list of object dicts
|
||||
[
|
||||
{
|
||||
bucket: source bucket,
|
||||
name: source object name,
|
||||
(optional) md5Hash: source file hash value
|
||||
},
|
||||
...
|
||||
]
|
||||
target_bucket: target bucket id
|
||||
target_prefix: prefix name to prepend to target object
|
||||
|
||||
"""
|
||||
|
||||
def process_rewrite(request_id, response, exception):
|
||||
file_ptr = int(request_id)
|
||||
if exception:
|
||||
# Poor man's backoff/retry
|
||||
if exception.status_code == 429 or exception.status_code > 499:
|
||||
print(f'Temporary error {exception.status_code}. Sleeping 10 seconds...')
|
||||
time.sleep(10)
|
||||
next_batch.add(s.objects().rewrite(**files_to_copy[file_ptr]['method']),
|
||||
request_id=request_id)
|
||||
return
|
||||
else:
|
||||
raise exception
|
||||
file_count = file_ptr + 1
|
||||
source_displayname = files_to_copy[file_ptr]['source_displayname']
|
||||
target_displayname = files_to_copy[file_ptr]['target_displayname']
|
||||
if response.get('done'):
|
||||
source_md5 = files_to_copy[file_ptr]['md5Hash']
|
||||
target_md5 = response['resource']['md5Hash']
|
||||
if source_md5 != target_md5:
|
||||
controlflow.system_error_exit(99, f'Target file {target_displayname} checksum {target_md5} does not match source {source_md5}. This should not happen')
|
||||
else:
|
||||
print(f'[ {file_count} / {total_files} ] 100% VERIFIED - finished copying:\n source: {source_displayname}\n dest: {target_displayname}')
|
||||
else:
|
||||
total_bytes = float(response.get('objectSize'))
|
||||
done_bytes = float(response.get('totalBytesRewritten'))
|
||||
pct = (done_bytes / total_bytes) * 100
|
||||
print(f'[ {file_count} / {total_files} ] {pct:.2f}%\n source: {source_displayname}\n dest:{target_displayname}')
|
||||
files_to_copy[file_ptr]['method']['rewriteToken'] = response.get('rewriteToken')
|
||||
next_batch.add(s.objects().rewrite(**files_to_copy[file_ptr]['method']),
|
||||
request_id=request_id)
|
||||
|
||||
s = build()
|
||||
sbatch = s.new_batch_http_request(callback=process_rewrite)
|
||||
files_to_copy = []
|
||||
for object_ in objects:
|
||||
files_to_copy.append(
|
||||
{
|
||||
'md5Hash': object_['md5Hash'],
|
||||
'source_displayname': f'{object_["bucket"]}:{object_["name"]}',
|
||||
'target_displayname': f'{target_bucket}:{target_prefix}{object_["name"]}',
|
||||
'method': {
|
||||
'destinationBucket': target_bucket,
|
||||
'destinationObject': f'{target_prefix}{object_["name"]}',
|
||||
'sourceBucket': object_['bucket'],
|
||||
'sourceObject': object_['name'],
|
||||
# 'maxBytesRewrittenPerCall': 1048576, # uncomment to easily test multiple rewrite API calls per object
|
||||
},
|
||||
})
|
||||
i = 0
|
||||
total_files = len(files_to_copy)
|
||||
for file in files_to_copy:
|
||||
while len(sbatch._order) == 100:
|
||||
next_batch = s.new_batch_http_request(callback=process_rewrite)
|
||||
sbatch.execute()
|
||||
sbatch = next_batch
|
||||
sbatch.add(s.objects().rewrite(**file['method']),
|
||||
request_id=str(i))
|
||||
i += 1
|
||||
while len(sbatch._order) > 0:
|
||||
next_batch = s.new_batch_http_request(callback=process_rewrite)
|
||||
sbatch.execute()
|
||||
sbatch = next_batch
|
||||
print('All done!')
|
||||
|
||||
|
||||
def get_cloud_storage_object(s,
|
||||
bucket,
|
||||
object_,
|
||||
local_file=None,
|
||||
expectedMd5=None):
|
||||
if not local_file:
|
||||
local_file = object_
|
||||
local_file = sanitize_filepath(local_file, platform='auto')
|
||||
if os.path.exists(local_file):
|
||||
sys.stdout.write(f'File {local_file} already exists.')
|
||||
sys.stdout.flush()
|
||||
if expectedMd5:
|
||||
sys.stdout.write(f' verifying {expectedMd5} hash...')
|
||||
sys.stdout.flush()
|
||||
if utils.md5_matches_file(local_file, expectedMd5, False):
|
||||
print('VERIFIED')
|
||||
return
|
||||
print('not verified. Downloading again and over-writing...')
|
||||
else:
|
||||
return # nothing to verify, just assume we're good.
|
||||
print(f'Saving to {local_file}')
|
||||
request = s.objects().get_media(bucket=bucket, object=object_)
|
||||
file_path = os.path.dirname(local_file)
|
||||
if not os.path.exists(file_path):
|
||||
os.makedirs(file_path)
|
||||
f = fileutils.open_file(local_file, 'wb')
|
||||
downloader = googleapiclient.http.MediaIoBaseDownload(f, request)
|
||||
done = False
|
||||
while not done:
|
||||
status, done = downloader.next_chunk()
|
||||
sys.stdout.write(f' Downloaded: {status.progress():>7.2%}\r')
|
||||
sys.stdout.flush()
|
||||
sys.stdout.write('\n Download complete. Flushing to disk...\n')
|
||||
fileutils.close_file(f, True)
|
||||
if expectedMd5:
|
||||
f = fileutils.open_file(local_file, 'rb')
|
||||
sys.stdout.write(f' Verifying file hash is {expectedMd5}...')
|
||||
sys.stdout.flush()
|
||||
utils.md5_matches_file(local_file, expectedMd5, True)
|
||||
print('VERIFIED')
|
||||
fileutils.close_file(f)
|
||||
|
||||
|
||||
def download_bucket():
|
||||
bucket = sys.argv[3]
|
||||
s = build()
|
||||
page_message = gapi.got_total_items_msg('Files', '...')
|
||||
fields = 'nextPageToken,items(name,id,md5Hash)'
|
||||
objects = gapi.get_all_pages(s.objects(),
|
||||
'list',
|
||||
'items',
|
||||
page_message=page_message,
|
||||
bucket=bucket,
|
||||
projection='noAcl',
|
||||
fields=fields)
|
||||
i = 1
|
||||
for object_ in objects:
|
||||
print(f'{i}/{len(objects)}')
|
||||
expectedMd5 = base64.b64decode(object_['md5Hash']).hex()
|
||||
get_cloud_storage_object(s,
|
||||
bucket,
|
||||
object_['name'],
|
||||
expectedMd5=expectedMd5)
|
||||
i += 1
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,102 +0,0 @@
|
||||
"""Methods related to network transport."""
|
||||
|
||||
import google_auth_httplib2
|
||||
import httplib2
|
||||
|
||||
from gam.var import GAM_INFO
|
||||
from gam.var import GC_CA_FILE
|
||||
from gam.var import GC_TLS_MAX_VERSION
|
||||
from gam.var import GC_TLS_MIN_VERSION
|
||||
from gam.var import GC_Values
|
||||
|
||||
|
||||
def create_http(cache=None,
|
||||
timeout=None,
|
||||
override_min_tls=None,
|
||||
override_max_tls=None):
|
||||
"""Creates a uniform HTTP transport object.
|
||||
|
||||
Args:
|
||||
cache: The HTTP cache to use.
|
||||
timeout: The cache timeout, in seconds.
|
||||
override_min_tls: The minimum TLS version to require. If not provided, the
|
||||
default is used.
|
||||
override_max_tls: The maximum TLS version to require. If not provided, the
|
||||
default is used.
|
||||
|
||||
Returns:
|
||||
httplib2.Http with the specified options.
|
||||
"""
|
||||
tls_minimum_version = override_min_tls if override_min_tls else GC_Values.get(
|
||||
GC_TLS_MIN_VERSION)
|
||||
tls_maximum_version = override_max_tls if override_max_tls else GC_Values.get(
|
||||
GC_TLS_MAX_VERSION)
|
||||
httpObj = httplib2.Http(ca_certs=GC_Values.get(GC_CA_FILE),
|
||||
tls_maximum_version=tls_maximum_version,
|
||||
tls_minimum_version=tls_minimum_version,
|
||||
cache=cache,
|
||||
timeout=timeout)
|
||||
httpObj.redirect_codes = set(httpObj.redirect_codes) - {308}
|
||||
return httpObj
|
||||
|
||||
|
||||
def create_request(httpObj=None):
|
||||
"""Creates a uniform Request object with a default http, if not provided.
|
||||
|
||||
Args:
|
||||
httpObj: Optional httplib2.Http compatible object to be used with the request.
|
||||
If not provided, a default HTTP will be used.
|
||||
|
||||
Returns:
|
||||
Request: A google_auth_httplib2.Request compatible Request.
|
||||
"""
|
||||
if not httpObj:
|
||||
httpObj = create_http()
|
||||
return Request(httpObj)
|
||||
|
||||
|
||||
GAM_USER_AGENT = GAM_INFO
|
||||
|
||||
|
||||
def _force_user_agent(user_agent):
|
||||
"""Creates a decorator which can force a user agent in HTTP headers."""
|
||||
|
||||
def decorator(request_method):
|
||||
"""Wraps a request method to insert a user-agent in HTTP headers."""
|
||||
|
||||
def wrapped_request_method(*args, **kwargs):
|
||||
"""Modifies HTTP headers to include a specified user-agent."""
|
||||
if kwargs.get('headers') is not None:
|
||||
if kwargs['headers'].get('user-agent'):
|
||||
if user_agent not in kwargs['headers']['user-agent']:
|
||||
# Save the existing user-agent header and tack on our own.
|
||||
kwargs['headers']['user-agent'] = (
|
||||
f'{user_agent} '
|
||||
f'{kwargs["headers"]["user-agent"]}')
|
||||
else:
|
||||
kwargs['headers']['user-agent'] = user_agent
|
||||
else:
|
||||
kwargs['headers'] = {'user-agent': user_agent}
|
||||
return request_method(*args, **kwargs)
|
||||
|
||||
return wrapped_request_method
|
||||
|
||||
return decorator
|
||||
|
||||
|
||||
class Request(google_auth_httplib2.Request):
|
||||
"""A Request which forces a user agent."""
|
||||
|
||||
@_force_user_agent(GAM_USER_AGENT)
|
||||
def __call__(self, *args, **kwargs):
|
||||
"""Inserts the GAM user-agent header in requests."""
|
||||
return super().__call__(*args, **kwargs)
|
||||
|
||||
|
||||
class AuthorizedHttp(google_auth_httplib2.AuthorizedHttp):
|
||||
"""An AuthorizedHttp which forces a user agent during requests."""
|
||||
|
||||
@_force_user_agent(GAM_USER_AGENT)
|
||||
def request(self, *args, **kwargs):
|
||||
"""Inserts the GAM user-agent header in requests."""
|
||||
return super().request(*args, **kwargs)
|
||||
@@ -1,185 +0,0 @@
|
||||
"""Tests for transport."""
|
||||
|
||||
import unittest
|
||||
from unittest.mock import MagicMock
|
||||
from unittest.mock import patch
|
||||
|
||||
from gam import SetGlobalVariables
|
||||
import google_auth_httplib2
|
||||
import httplib2
|
||||
|
||||
from gam import transport
|
||||
|
||||
|
||||
class CreateHttpTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
SetGlobalVariables()
|
||||
super().setUp()
|
||||
|
||||
def test_create_http_sets_default_values_on_http(self):
|
||||
http = transport.create_http()
|
||||
self.assertIsNone(http.cache)
|
||||
self.assertIsNone(http.timeout)
|
||||
self.assertEqual(http.tls_minimum_version,
|
||||
transport.GC_Values[transport.GC_TLS_MIN_VERSION])
|
||||
self.assertEqual(http.tls_maximum_version,
|
||||
transport.GC_Values[transport.GC_TLS_MAX_VERSION])
|
||||
self.assertEqual(http.ca_certs,
|
||||
transport.GC_Values[transport.GC_CA_FILE])
|
||||
|
||||
def test_create_http_sets_tls_min_version(self):
|
||||
http = transport.create_http(override_min_tls='TLSv1_1')
|
||||
self.assertEqual(http.tls_minimum_version, 'TLSv1_1')
|
||||
|
||||
def test_create_http_sets_tls_max_version(self):
|
||||
http = transport.create_http(override_max_tls='TLSv1_3')
|
||||
self.assertEqual(http.tls_maximum_version, 'TLSv1_3')
|
||||
|
||||
def test_create_http_sets_cache(self):
|
||||
fake_cache = {}
|
||||
http = transport.create_http(cache=fake_cache)
|
||||
self.assertEqual(http.cache, fake_cache)
|
||||
|
||||
def test_create_http_sets_cache_timeout(self):
|
||||
http = transport.create_http(timeout=1234)
|
||||
self.assertEqual(http.timeout, 1234)
|
||||
|
||||
|
||||
class TransportTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.mock_http = MagicMock(spec=httplib2.Http)
|
||||
self.mock_response = MagicMock(spec=httplib2.Response)
|
||||
self.mock_content = MagicMock()
|
||||
self.mock_http.request.return_value = (self.mock_response,
|
||||
self.mock_content)
|
||||
self.mock_credentials = MagicMock()
|
||||
self.test_uri = 'http://example.com'
|
||||
super().setUp()
|
||||
|
||||
@patch.object(transport, 'create_http')
|
||||
def test_create_request_uses_default_http(self, mock_create_http):
|
||||
request = transport.create_request()
|
||||
self.assertEqual(request.http, mock_create_http.return_value)
|
||||
|
||||
def test_create_request_uses_provided_http(self):
|
||||
request = transport.create_request(httpObj=self.mock_http)
|
||||
self.assertEqual(request.http, self.mock_http)
|
||||
|
||||
def test_create_request_returns_request_with_forced_user_agent(self):
|
||||
request = transport.create_request()
|
||||
self.assertIsInstance(request, transport.Request)
|
||||
|
||||
def test_request_is_google_auth_httplib2_compatible(self):
|
||||
request = transport.create_request()
|
||||
self.assertIsInstance(request, google_auth_httplib2.Request)
|
||||
|
||||
def test_request_call_returns_response_content(self):
|
||||
request = transport.Request(self.mock_http)
|
||||
response = request(self.test_uri)
|
||||
self.assertEqual(self.mock_response.status, response.status)
|
||||
self.assertEqual(self.mock_content, response.data)
|
||||
|
||||
def test_request_call_forces_user_agent_no_provided_headers(self):
|
||||
request = transport.Request(self.mock_http)
|
||||
|
||||
request(self.test_uri)
|
||||
headers = self.mock_http.request.call_args[1]['headers']
|
||||
self.assertIn('user-agent', headers)
|
||||
self.assertIn(transport.GAM_USER_AGENT, headers['user-agent'])
|
||||
|
||||
def test_request_call_forces_user_agent_no_agent_in_headers(self):
|
||||
request = transport.Request(self.mock_http)
|
||||
fake_request_headers = {
|
||||
'some-header-thats-not-a-user-agent': 'someData'
|
||||
}
|
||||
|
||||
request(self.test_uri, headers=fake_request_headers)
|
||||
final_headers = self.mock_http.request.call_args[1]['headers']
|
||||
self.assertIn('user-agent', final_headers)
|
||||
self.assertIn(transport.GAM_USER_AGENT, final_headers['user-agent'])
|
||||
self.assertIn('some-header-thats-not-a-user-agent', final_headers)
|
||||
self.assertEqual('someData',
|
||||
final_headers['some-header-thats-not-a-user-agent'])
|
||||
|
||||
def test_request_call_forces_user_agent_with_another_agent_in_headers(self):
|
||||
request = transport.Request(self.mock_http)
|
||||
headers_with_user_agent = {'user-agent': 'existing-user-agent'}
|
||||
|
||||
request(self.test_uri, headers=headers_with_user_agent)
|
||||
final_headers = self.mock_http.request.call_args[1]['headers']
|
||||
self.assertIn('user-agent', final_headers)
|
||||
self.assertIn('existing-user-agent', final_headers['user-agent'])
|
||||
self.assertIn(transport.GAM_USER_AGENT, final_headers['user-agent'])
|
||||
|
||||
def test_request_call_same_user_agent_already_in_headers(self):
|
||||
request = transport.Request(self.mock_http)
|
||||
same_user_agent_header = {'user-agent': transport.GAM_USER_AGENT}
|
||||
|
||||
request(self.test_uri, headers=same_user_agent_header)
|
||||
final_headers = self.mock_http.request.call_args[1]['headers']
|
||||
self.assertIn('user-agent', final_headers)
|
||||
self.assertIn(transport.GAM_USER_AGENT, final_headers['user-agent'])
|
||||
# Make sure the header wasn't duplicated
|
||||
self.assertEqual(len(transport.GAM_USER_AGENT),
|
||||
len(final_headers['user-agent']))
|
||||
|
||||
def test_authorizedhttp_is_google_auth_httplib2_compatible(self):
|
||||
http = transport.AuthorizedHttp(self.mock_credentials)
|
||||
self.assertIsInstance(http, google_auth_httplib2.AuthorizedHttp)
|
||||
|
||||
def test_authorizedhttp_request_returns_response_content(self):
|
||||
http = transport.AuthorizedHttp(self.mock_credentials,
|
||||
http=self.mock_http)
|
||||
response, content = http.request(self.test_uri)
|
||||
self.assertEqual(self.mock_response, response)
|
||||
self.assertEqual(self.mock_content, content)
|
||||
|
||||
def test_authorizedhttp_request_forces_user_agent_no_provided_headers(self):
|
||||
authorized_http = transport.AuthorizedHttp(self.mock_credentials,
|
||||
http=self.mock_http)
|
||||
authorized_http.request(self.test_uri)
|
||||
headers = self.mock_http.request.call_args[1]['headers']
|
||||
self.assertIn('user-agent', headers)
|
||||
self.assertIn(transport.GAM_USER_AGENT, headers['user-agent'])
|
||||
|
||||
def test_authorizedhttp_request_forces_user_agent_no_agent_in_headers(self):
|
||||
authorized_http = transport.AuthorizedHttp(self.mock_credentials,
|
||||
http=self.mock_http)
|
||||
fake_request_headers = {
|
||||
'some-header-thats-not-a-user-agent': 'someData'
|
||||
}
|
||||
|
||||
authorized_http.request(self.test_uri, headers=fake_request_headers)
|
||||
final_headers = self.mock_http.request.call_args[1]['headers']
|
||||
self.assertIn('user-agent', final_headers)
|
||||
self.assertIn(transport.GAM_USER_AGENT, final_headers['user-agent'])
|
||||
self.assertIn('some-header-thats-not-a-user-agent', final_headers)
|
||||
self.assertEqual('someData',
|
||||
final_headers['some-header-thats-not-a-user-agent'])
|
||||
|
||||
def test_authorizedhttp_request_forces_user_agent_with_another_agent_in_headers(
|
||||
self):
|
||||
authorized_http = transport.AuthorizedHttp(self.mock_credentials,
|
||||
http=self.mock_http)
|
||||
headers_with_user_agent = {'user-agent': 'existing-user-agent'}
|
||||
|
||||
authorized_http.request(self.test_uri, headers=headers_with_user_agent)
|
||||
final_headers = self.mock_http.request.call_args[1]['headers']
|
||||
self.assertIn('user-agent', final_headers)
|
||||
self.assertIn('existing-user-agent', final_headers['user-agent'])
|
||||
self.assertIn(transport.GAM_USER_AGENT, final_headers['user-agent'])
|
||||
|
||||
def test_authorizedhttp_request_same_user_agent_already_in_headers(self):
|
||||
authorized_http = transport.AuthorizedHttp(self.mock_credentials,
|
||||
http=self.mock_http)
|
||||
same_user_agent_header = {'user-agent': transport.GAM_USER_AGENT}
|
||||
|
||||
authorized_http.request(self.test_uri, headers=same_user_agent_header)
|
||||
final_headers = self.mock_http.request.call_args[1]['headers']
|
||||
self.assertIn('user-agent', final_headers)
|
||||
self.assertIn(transport.GAM_USER_AGENT, final_headers['user-agent'])
|
||||
# Make sure the header wasn't duplicated
|
||||
self.assertEqual(len(transport.GAM_USER_AGENT),
|
||||
len(final_headers['user-agent']))
|
||||
408
src/gam/utils.py
408
src/gam/utils.py
@@ -1,408 +0,0 @@
|
||||
import datetime
|
||||
import re
|
||||
import sys
|
||||
import time
|
||||
from hashlib import md5
|
||||
from html.entities import name2codepoint
|
||||
from html.parser import HTMLParser
|
||||
import importlib
|
||||
import json
|
||||
import dateutil.parser
|
||||
import types
|
||||
|
||||
from gam import controlflow
|
||||
from gam import fileutils
|
||||
from gam import transport
|
||||
from gam.var import *
|
||||
|
||||
|
||||
class LazyLoader(types.ModuleType):
|
||||
"""Lazily import a module, mainly to avoid pulling in large dependencies.
|
||||
|
||||
`contrib`, and `ffmpeg` are examples of modules that are large and not always
|
||||
needed, and this allows them to only be loaded when they are used.
|
||||
"""
|
||||
|
||||
# The lint error here is incorrect.
|
||||
def __init__(self, local_name, parent_module_globals, name): # pylint: disable=super-on-old-class
|
||||
self._local_name = local_name
|
||||
self._parent_module_globals = parent_module_globals
|
||||
|
||||
super().__init__(name)
|
||||
|
||||
def _load(self):
|
||||
# Import the target module and insert it into the parent's namespace
|
||||
module = importlib.import_module(self.__name__)
|
||||
self._parent_module_globals[self._local_name] = module
|
||||
|
||||
# Update this object's dict so that if someone keeps a reference to the
|
||||
# LazyLoader, lookups are efficient (__getattr__ is only called on lookups
|
||||
# that fail).
|
||||
self.__dict__.update(module.__dict__)
|
||||
|
||||
return module
|
||||
|
||||
def __getattr__(self, item):
|
||||
module = self._load()
|
||||
return getattr(module, item)
|
||||
|
||||
def __dir__(self):
|
||||
module = self._load()
|
||||
return dir(module)
|
||||
|
||||
|
||||
class _DeHTMLParser(HTMLParser):
|
||||
|
||||
def __init__(self):
|
||||
HTMLParser.__init__(self)
|
||||
self.__text = []
|
||||
|
||||
def handle_data(self, data):
|
||||
self.__text.append(data)
|
||||
|
||||
def handle_charref(self, name):
|
||||
self.__text.append(
|
||||
chr(int(name[1:], 16)) if name.startswith('x') else chr(int(name)))
|
||||
|
||||
def handle_entityref(self, name):
|
||||
cp = name2codepoint.get(name)
|
||||
if cp:
|
||||
self.__text.append(chr(cp))
|
||||
else:
|
||||
self.__text.append('&' + name)
|
||||
|
||||
def handle_starttag(self, tag, attrs):
|
||||
if tag == 'p':
|
||||
self.__text.append('\n\n')
|
||||
elif tag == 'br':
|
||||
self.__text.append('\n')
|
||||
elif tag == 'a':
|
||||
for attr in attrs:
|
||||
if attr[0] == 'href':
|
||||
self.__text.append(f'({attr[1]}) ')
|
||||
break
|
||||
elif tag == 'div':
|
||||
if not attrs:
|
||||
self.__text.append('\n')
|
||||
elif tag in {'http:', 'https'}:
|
||||
self.__text.append(f' ({tag}//{attrs[0][0]}) ')
|
||||
|
||||
def handle_startendtag(self, tag, attrs):
|
||||
if tag == 'br':
|
||||
self.__text.append('\n\n')
|
||||
|
||||
def text(self):
|
||||
return re.sub(r'\n{2}\n+', '\n\n',
|
||||
re.sub(r'\n +', '\n', ''.join(self.__text))).strip()
|
||||
|
||||
|
||||
def commonprefix(m, checkEnum=False):
|
||||
'''Given a list of strings m, return string which is prefix common to all'''
|
||||
s1 = min(m)
|
||||
if checkEnum:
|
||||
loc = s1.find('ENUM_')
|
||||
if loc > 0:
|
||||
return s1[:loc+5]
|
||||
s2 = max(m)
|
||||
for i, c in enumerate(s1):
|
||||
if c != s2[i]:
|
||||
return s1[:i]
|
||||
return s1
|
||||
|
||||
|
||||
def dehtml(text):
|
||||
try:
|
||||
parser = _DeHTMLParser()
|
||||
parser.feed(str(text))
|
||||
parser.close()
|
||||
return parser.text()
|
||||
except:
|
||||
from traceback import print_exc
|
||||
print_exc(file=sys.stderr)
|
||||
return text
|
||||
|
||||
|
||||
def indentMultiLineText(message, n=0):
|
||||
return message.replace('\n', f"\n{' ' * n}").rstrip()
|
||||
|
||||
|
||||
def flatten_json(structure, key='', path='', flattened=None, listLimit=None):
|
||||
if flattened is None:
|
||||
flattened = {}
|
||||
if not isinstance(structure, (dict, list)):
|
||||
flattened[((path + '.') if path else '') + key] = structure
|
||||
elif isinstance(structure, list):
|
||||
for i, item in enumerate(structure):
|
||||
if listLimit and (i >= listLimit):
|
||||
break
|
||||
flatten_json(item,
|
||||
f'{i}',
|
||||
'.'.join([item for item in [path, key] if item]),
|
||||
flattened=flattened,
|
||||
listLimit=listLimit)
|
||||
else:
|
||||
for new_key, value in list(structure.items()):
|
||||
if new_key in ['kind', 'etag', '@type']:
|
||||
continue
|
||||
if value == NEVER_TIME:
|
||||
value = 'Never'
|
||||
flatten_json(value,
|
||||
new_key,
|
||||
'.'.join([item for item in [path, key] if item]),
|
||||
flattened=flattened,
|
||||
listLimit=listLimit)
|
||||
return flattened
|
||||
|
||||
|
||||
def formatTimestampYMD(timestamp):
|
||||
return datetime.datetime.fromtimestamp(int(timestamp) /
|
||||
1000).strftime('%Y-%m-%d')
|
||||
|
||||
|
||||
def formatTimestampYMDHMS(timestamp):
|
||||
return datetime.datetime.fromtimestamp(int(timestamp) /
|
||||
1000).strftime('%Y-%m-%d %H:%M:%S')
|
||||
|
||||
|
||||
def formatTimestampYMDHMSF(timestamp):
|
||||
return str(datetime.datetime.fromtimestamp(int(timestamp) / 1000))
|
||||
|
||||
|
||||
def formatFileSize(fileSize):
|
||||
if fileSize == 0:
|
||||
return '0kb'
|
||||
if fileSize < ONE_KILO_BYTES:
|
||||
return '1kb'
|
||||
if fileSize < ONE_MEGA_BYTES:
|
||||
return f'{fileSize // ONE_KILO_BYTES}kb'
|
||||
if fileSize < ONE_GIGA_BYTES:
|
||||
return f'{fileSize // ONE_MEGA_BYTES}mb'
|
||||
return f'{fileSize // ONE_GIGA_BYTES}gb'
|
||||
|
||||
|
||||
def formatMilliSeconds(millis):
|
||||
seconds, millis = divmod(millis, 1000)
|
||||
minutes, seconds = divmod(seconds, 60)
|
||||
hours, minutes = divmod(minutes, 60)
|
||||
return f'{hours:02d}:{minutes:02d}:{seconds:02d}'
|
||||
|
||||
|
||||
def integerLimits(minVal, maxVal, item='integer'):
|
||||
if (minVal is not None) and (maxVal is not None):
|
||||
return f'{item} {minVal}<=x<={maxVal}'
|
||||
if minVal is not None:
|
||||
return f'{item} x>={minVal}'
|
||||
if maxVal is not None:
|
||||
return f'{item} x<={maxVal}'
|
||||
return f'{item} x'
|
||||
|
||||
|
||||
def get_string(i, item, optional=False, minLen=1, maxLen=None):
|
||||
if i < len(sys.argv):
|
||||
argstr = sys.argv[i]
|
||||
if argstr:
|
||||
if (len(argstr) >= minLen) and ((maxLen is None) or
|
||||
(len(argstr) <= maxLen)):
|
||||
return argstr
|
||||
controlflow.system_error_exit(
|
||||
2,
|
||||
f'expected <{integerLimits(minLen, maxLen, "string length")} for {item}>'
|
||||
)
|
||||
if optional or (minLen == 0):
|
||||
return ''
|
||||
controlflow.system_error_exit(2, f'expected a Non-empty <{item}>')
|
||||
elif optional:
|
||||
return ''
|
||||
controlflow.system_error_exit(2, f'expected a <{item}>')
|
||||
|
||||
|
||||
def get_delta(argstr, pattern):
|
||||
tg = pattern.match(argstr.lower())
|
||||
if tg is None:
|
||||
return None
|
||||
sign = tg.group(1)
|
||||
delta = int(tg.group(2))
|
||||
unit = tg.group(3)
|
||||
if unit == 'y':
|
||||
deltaTime = datetime.timedelta(days=delta * 365)
|
||||
elif unit == 'w':
|
||||
deltaTime = datetime.timedelta(weeks=delta)
|
||||
elif unit == 'd':
|
||||
deltaTime = datetime.timedelta(days=delta)
|
||||
elif unit == 'h':
|
||||
deltaTime = datetime.timedelta(hours=delta)
|
||||
elif unit == 'm':
|
||||
deltaTime = datetime.timedelta(minutes=delta)
|
||||
if sign == '-':
|
||||
return -deltaTime
|
||||
return deltaTime
|
||||
|
||||
|
||||
def get_delta_date(argstr):
|
||||
deltaDate = get_delta(argstr, DELTA_DATE_PATTERN)
|
||||
if deltaDate is None:
|
||||
controlflow.system_error_exit(
|
||||
2, f'expected a <{DELTA_DATE_FORMAT_REQUIRED}>; got {argstr}')
|
||||
return deltaDate
|
||||
|
||||
|
||||
def get_delta_time(argstr):
|
||||
deltaTime = get_delta(argstr, DELTA_TIME_PATTERN)
|
||||
if deltaTime is None:
|
||||
controlflow.system_error_exit(
|
||||
2, f'expected a <{DELTA_TIME_FORMAT_REQUIRED}>; got {argstr}')
|
||||
return deltaTime
|
||||
|
||||
|
||||
def get_hhmm(argstr):
|
||||
argstr = argstr.strip()
|
||||
if argstr:
|
||||
try:
|
||||
dateTime = datetime.datetime.strptime(argstr, HHMM_FORMAT)
|
||||
return argstr
|
||||
except ValueError:
|
||||
controlflow.system_error_exit(
|
||||
2, f'expected a <{HHMM_FORMAT_REQUIRED}>; got {argstr}')
|
||||
controlflow.system_error_exit(2, f'expected a <{HHMM_FORMAT_REQUIRED}>')
|
||||
|
||||
|
||||
def get_yyyymmdd(argstr, minLen=1, returnTimeStamp=False, returnDateTime=False):
|
||||
argstr = argstr.strip()
|
||||
if argstr:
|
||||
if argstr[0] in ['+', '-']:
|
||||
today = datetime.date.today()
|
||||
argstr = (datetime.datetime(today.year, today.month, today.day) +
|
||||
get_delta_date(argstr)).strftime(YYYYMMDD_FORMAT)
|
||||
try:
|
||||
dateTime = datetime.datetime.strptime(argstr, YYYYMMDD_FORMAT)
|
||||
if returnTimeStamp:
|
||||
return time.mktime(dateTime.timetuple()) * 1000
|
||||
if returnDateTime:
|
||||
return dateTime
|
||||
return argstr
|
||||
except ValueError:
|
||||
controlflow.system_error_exit(
|
||||
2, f'expected a <{YYYYMMDD_FORMAT_REQUIRED}>; got {argstr}')
|
||||
elif minLen == 0:
|
||||
return ''
|
||||
controlflow.system_error_exit(2, f'expected a <{YYYYMMDD_FORMAT_REQUIRED}>')
|
||||
|
||||
|
||||
def get_time_or_delta_from_now(time_string):
|
||||
"""Get an ISO 8601 time or a positive/negative delta applied to now.
|
||||
Args:
|
||||
time_string (string): The time or delta (e.g. '2017-09-01T12:34:56Z' or '-4h') or never
|
||||
Returns:
|
||||
string: iso8601 formatted datetime in UTC.
|
||||
"""
|
||||
time_string = time_string.strip().upper()
|
||||
if time_string:
|
||||
if time_string == 'NEVER':
|
||||
return NEVER_TIME
|
||||
if time_string[0] not in ['+', '-']:
|
||||
return time_string
|
||||
return (datetime.datetime.utcnow() +
|
||||
get_delta_time(time_string)).isoformat() + 'Z'
|
||||
controlflow.system_error_exit(
|
||||
2, f'expected a <{YYYYMMDDTHHMMSS_FORMAT_REQUIRED}>')
|
||||
|
||||
|
||||
def get_row_filter_date_or_delta_from_now(date_string):
|
||||
"""Get an ISO 8601 date or a positive/negative delta applied to now.
|
||||
Args:
|
||||
date_string (string): The time or delta (e.g. '2017-09-01' or '-4y')
|
||||
Returns:
|
||||
string: iso8601 formatted datetime in UTC.
|
||||
"""
|
||||
date_string = date_string.strip().upper()
|
||||
if date_string:
|
||||
if date_string[0] in ['+', '-']:
|
||||
deltaDate = get_delta(date_string, DELTA_DATE_PATTERN)
|
||||
if deltaDate is None:
|
||||
return (False, DELTA_DATE_FORMAT_REQUIRED)
|
||||
today = datetime.date.today()
|
||||
return (True,
|
||||
(datetime.datetime(today.year, today.month, today.day) +
|
||||
deltaDate).isoformat() + 'Z')
|
||||
try:
|
||||
deltaDate = dateutil.parser.parse(date_string, ignoretz=True)
|
||||
return (True,
|
||||
datetime.datetime(deltaDate.year, deltaDate.month,
|
||||
deltaDate.day).isoformat() + 'Z')
|
||||
except ValueError:
|
||||
pass
|
||||
return (False, YYYYMMDD_FORMAT_REQUIRED)
|
||||
|
||||
|
||||
def get_row_filter_time_or_delta_from_now(time_string):
|
||||
"""Get an ISO 8601 time or a positive/negative delta applied to now.
|
||||
Args:
|
||||
time_string (string): The time or delta (e.g. '2017-09-01T12:34:56Z' or '-4h')
|
||||
Returns:
|
||||
string: iso8601 formatted datetime in UTC.
|
||||
Exits:
|
||||
2: Not a valid delta.
|
||||
"""
|
||||
time_string = time_string.strip().upper()
|
||||
if time_string:
|
||||
if time_string[0] in ['+', '-']:
|
||||
deltaTime = get_delta(time_string, DELTA_TIME_PATTERN)
|
||||
if deltaTime is None:
|
||||
return (False, DELTA_TIME_FORMAT_REQUIRED)
|
||||
return (True,
|
||||
(datetime.datetime.utcnow() + deltaTime).isoformat() + 'Z')
|
||||
try:
|
||||
deltaTime = dateutil.parser.parse(time_string, ignoretz=True)
|
||||
return (True, deltaTime.isoformat() + 'Z')
|
||||
except ValueError:
|
||||
pass
|
||||
return (False, YYYYMMDDTHHMMSS_FORMAT_REQUIRED)
|
||||
|
||||
|
||||
def get_date_zero_time_or_full_time(time_string):
|
||||
time_string = time_string.strip()
|
||||
if time_string:
|
||||
if YYYYMMDD_PATTERN.match(time_string):
|
||||
return get_yyyymmdd(time_string) + 'T00:00:00.000Z'
|
||||
return get_time_or_delta_from_now(time_string)
|
||||
controlflow.system_error_exit(
|
||||
2, f'expected a <{YYYYMMDDTHHMMSS_FORMAT_REQUIRED}>')
|
||||
|
||||
|
||||
def md5_matches_file(local_file, expected_md5, exitOnError):
|
||||
f = fileutils.open_file(local_file, 'rb')
|
||||
hash_md5 = md5()
|
||||
for chunk in iter(lambda: f.read(4096), b''):
|
||||
hash_md5.update(chunk)
|
||||
actual_hash = hash_md5.hexdigest()
|
||||
if exitOnError and actual_hash != expected_md5:
|
||||
controlflow.system_error_exit(
|
||||
6, f'actual hash was {actual_hash}. Exiting on corrupt file.')
|
||||
return actual_hash == expected_md5
|
||||
|
||||
|
||||
URL_SHORTENER_ENDPOINT = 'https://gam-shortn.appspot.com/create'
|
||||
|
||||
|
||||
def shorten_url(long_url, httpc=None):
|
||||
if GC_Defaults[GC_NO_SHORT_URLS]:
|
||||
return long_url
|
||||
if not httpc:
|
||||
httpc = transport.create_http(timeout=10)
|
||||
headers = {'Content-Type': 'application/json', 'User-Agent': GAM_INFO}
|
||||
try:
|
||||
payload = json.dumps({'long_url': long_url})
|
||||
resp, content = httpc.request(URL_SHORTENER_ENDPOINT,
|
||||
'POST',
|
||||
payload,
|
||||
headers=headers)
|
||||
except:
|
||||
return long_url
|
||||
if resp.status != 200:
|
||||
return long_url
|
||||
try:
|
||||
if isinstance(content, bytes):
|
||||
content = content.decode()
|
||||
return json.loads(content).get('short_url', long_url)
|
||||
except:
|
||||
return long_url
|
||||
2006
src/gam/var.py
2006
src/gam/var.py
File diff suppressed because it is too large
Load Diff
BIN
src/license.rtf
BIN
src/license.rtf
Binary file not shown.
@@ -1,23 +0,0 @@
|
||||
accesscontextmanager.googleapis.com
|
||||
admin.googleapis.com
|
||||
alertcenter.googleapis.com
|
||||
calendar-json.googleapis.com
|
||||
chat.googleapis.com
|
||||
chromemanagement.googleapis.com
|
||||
chromepolicy.googleapis.com
|
||||
classroom.googleapis.com
|
||||
cloudidentity.googleapis.com
|
||||
cloudresourcemanager.googleapis.com
|
||||
contacts.googleapis.com
|
||||
drive.googleapis.com
|
||||
driveactivity.googleapis.com
|
||||
iap.googleapis.com
|
||||
gmail.googleapis.com
|
||||
groupssettings.googleapis.com
|
||||
iam.googleapis.com
|
||||
licensing.googleapis.com
|
||||
reseller.googleapis.com
|
||||
sheets.googleapis.com
|
||||
siteverification.googleapis.com
|
||||
storage-api.googleapis.com
|
||||
vault.googleapis.com
|
||||
@@ -1,7 +0,0 @@
|
||||
# This file contains all requirements needed for GAM development work
|
||||
|
||||
# Include all build requirements
|
||||
-r requirements.txt
|
||||
|
||||
# Dev-specific requirements
|
||||
pre-commit
|
||||
@@ -1,13 +0,0 @@
|
||||
cryptography
|
||||
distro; sys_platform == 'linux'
|
||||
filelock
|
||||
google-api-python-client>=2.1
|
||||
google-auth-httplib2
|
||||
google-auth-oauthlib>=0.4.1
|
||||
google-auth>=2.3.2
|
||||
httplib2>=0.17.0
|
||||
importlib.metadata; python_version < '3.8'
|
||||
passlib>=1.7.2
|
||||
pathvalidate
|
||||
python-dateutil
|
||||
yubikey-manager>=5.0
|
||||
1130
src/roots.pem
1130
src/roots.pem
File diff suppressed because it is too large
Load Diff
@@ -1,52 +0,0 @@
|
||||
[metadata]
|
||||
name = GAM for Google Workspace
|
||||
version = attr: gam.var.GAM_VERSION
|
||||
description = Command line management for Google Workspaces
|
||||
long_description = file: readme.md
|
||||
long_description_content_type = text/markdown
|
||||
url = https://github.com/GAM-team/GAM
|
||||
author = Jay Lee
|
||||
author_email = jay0lee@gmail.com
|
||||
license = Apache
|
||||
license_files = LICENSE
|
||||
keywords = google, oauth2, gsuite, google-apps, google-admin-sdk, google-drive, google-cloud, google-calendar, gam, google-api, oauth2-client, google-workspace
|
||||
classifiers =
|
||||
Programming Language :: Python :: 3
|
||||
Programming Language :: Python :: 3 :: Only
|
||||
Programming Language :: Python :: 3.7
|
||||
Programming Language :: Python :: 3.8
|
||||
Programming Language :: Python :: 3.9
|
||||
Programming Language :: Python :: 3.10
|
||||
License :: OSI Approved :: Apache License
|
||||
|
||||
[options]
|
||||
packages = find:
|
||||
python_requires = >= 3.7
|
||||
install_requires =
|
||||
cryptography
|
||||
distro; sys_platform == 'linux'
|
||||
filelock
|
||||
google-api-python-client >= 2.36
|
||||
google-auth-httplib2
|
||||
google-auth-oauthlib >= 0.4.6
|
||||
google-auth >= 2.3.3
|
||||
httplib2 >= 0.20.2
|
||||
importlib.metadata; python_version < '3.8'
|
||||
passlib >= 1.7.4
|
||||
python-dateutil
|
||||
yubikey-manager >= 4.0.0
|
||||
pathvalidate
|
||||
|
||||
[options.package_data]
|
||||
* = *.pem
|
||||
|
||||
# used during pip install .[test]
|
||||
[options.extras_require]
|
||||
test = pre-commit
|
||||
|
||||
[options.entry_points]
|
||||
console_scripts =
|
||||
gam = gam.__main__:main
|
||||
|
||||
[bdist_wheel]
|
||||
universal = True
|
||||
@@ -1,3 +0,0 @@
|
||||
from setuptools import setup
|
||||
|
||||
setup()
|
||||
@@ -1,13 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
from packaging import version
|
||||
import sys
|
||||
|
||||
a = sys.argv[1]
|
||||
b = sys.argv[2]
|
||||
result = version.parse(a) >= version.parse(b)
|
||||
if result:
|
||||
print(f'OK: {a} is equal or newer than {b}')
|
||||
else:
|
||||
print(f'ERROR: {a} is older than {b}')
|
||||
sys.exit(not result)
|
||||
@@ -1,30 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemDefinitionGroup>
|
||||
<ClCompile>
|
||||
<AdditionalIncludeDirectories>$(opensslIncludeDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalLibraryDirectories>$(opensslOutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
|
||||
<AdditionalDependencies>ws2_32.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<PropertyGroup>
|
||||
<_DLLSuffix>-3</_DLLSuffix>
|
||||
<_DLLSuffix Condition="$(Platform) == 'ARM'">$(_DLLSuffix)-arm</_DLLSuffix>
|
||||
<_DLLSuffix Condition="$(Platform) == 'ARM64'">$(_DLLSuffix)-arm64</_DLLSuffix>
|
||||
<_DLLSuffix Condition="$(Platform) == 'x64'">$(_DLLSuffix)-x64</_DLLSuffix>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<_SSLDLL Include="$(opensslOutDir)\libcrypto$(_DLLSuffix).dll" />
|
||||
<_SSLDLL Include="$(opensslOutDir)\libcrypto$(_DLLSuffix).pdb" />
|
||||
<_SSLDLL Include="$(opensslOutDir)\libssl$(_DLLSuffix).dll" />
|
||||
<_SSLDLL Include="$(opensslOutDir)\libssl$(_DLLSuffix).pdb" />
|
||||
</ItemGroup>
|
||||
<Target Name="_CopySSLDLL" Inputs="@(_SSLDLL)" Outputs="@(_SSLDLL->'$(OutDir)%(Filename)%(Extension)')" AfterTargets="Build">
|
||||
<Copy SourceFiles="@(_SSLDLL)" DestinationFolder="$(OutDir)" />
|
||||
</Target>
|
||||
<Target Name="_CleanSSLDLL" BeforeTargets="Clean">
|
||||
<Delete Files="@(_SSLDLL->'$(OutDir)%(Filename)%(Extension)')" TreatErrorsAsWarnings="true" />
|
||||
</Target>
|
||||
</Project>
|
||||
Reference in New Issue
Block a user