mirror of
https://github.com/GAM-team/GAM.git
synced 2026-06-10 17:21:36 +00:00
Compare commits
95 Commits
v6.53
...
20230414.2
| Author | SHA1 | Date | |
|---|---|---|---|
|
f4735ebd80 | ||
|
|
43ae6a4a37 | ||
|
|
f362f58f95 | ||
|
|
6d211264fc | ||
|
|
3d919f5df6 | ||
|
|
f9d5f9852a | ||
|
|
0e79035765 | ||
|
|
d5cf38eaca | ||
|
|
1cfa14d8d2 | ||
|
|
bf5a50eb2a | ||
|
|
f296579aad | ||
|
|
16bb53d0e4 | ||
|
|
b6e2549436 | ||
|
|
0814173210 | ||
|
|
375ffada5c | ||
|
|
ae37de0dd2 | ||
|
|
ce4b4771db | ||
|
|
56c61ac723 | ||
|
|
9900dd64b8 | ||
|
|
53400b6322 | ||
|
|
47537ab30a | ||
|
|
6a3692d7f4 | ||
|
|
eef2b95948 | ||
|
|
7012bef28d | ||
|
|
b3b44d144e | ||
|
|
841eba79a3 | ||
|
|
77234f9e3d | ||
|
|
14478d7831 | ||
|
|
50aa7d937e | ||
|
|
2c7e01e003 | ||
|
|
a6ce5f04aa | ||
|
|
8bc6814b42 | ||
|
|
024177b0c7 | ||
|
|
b7faa0acae | ||
|
0dbdbc7a13 | ||
|
|
08271e60bf | ||
|
|
ec74698001 | ||
|
|
6cecacd334 | ||
|
|
c3d27900e1 | ||
|
|
f10df3607f | ||
|
|
416be24722 | ||
|
|
e53b4a2285 | ||
|
|
a88320b1b2 | ||
|
|
76f9a144ac | ||
|
|
a673772cc1 | ||
|
|
9e6d8195eb | ||
|
|
91d97c4a2c | ||
|
|
5e1df9263b | ||
|
|
e54921ad71 | ||
|
|
1b8d0877f3 | ||
|
|
a4e962560c | ||
|
|
be7d3ceb15 | ||
|
|
1e652d5725 | ||
|
|
1e7e5422be | ||
|
|
723e9e2bb1 | ||
|
|
1f572cc95b | ||
|
|
fb63eea4a0 | ||
|
|
7efb37010d | ||
|
|
6372af8d8a | ||
|
|
0b823ea43e | ||
|
|
cebb92199f | ||
|
|
6deabf8a66 | ||
|
|
5de74a51e0 | ||
|
|
85d6305874 | ||
|
|
30d685a6f7 | ||
|
|
fcc8a58839 | ||
|
|
5a608a9b62 | ||
|
|
eb9c127a10 | ||
|
|
ed55690ff3 | ||
|
|
502afa5213 | ||
|
|
24185d66ce | ||
|
|
181ba65c63 | ||
|
|
702f36a529 | ||
|
|
e2f73bf858 | ||
|
|
7265e8c6f4 | ||
|
|
b8b9808e94 | ||
|
|
7639773c40 | ||
|
|
6ab7370149 | ||
|
|
73994fe603 | ||
|
|
3fa646723d | ||
|
|
eb08b1fbdc | ||
|
|
93ac820005 | ||
|
|
c100e25ab9 | ||
|
|
716489ceed | ||
|
|
07d5f5e52c | ||
|
|
b889debd5e | ||
|
|
b273fe1f68 | ||
|
|
376cd6e83f | ||
|
|
e8cb1a7b9f | ||
|
|
9f0c5beae7 | ||
|
|
0ea2f16322 | ||
|
|
13ca2e8d93 | ||
|
|
3833256c8c | ||
|
|
30521612b2 | ||
|
|
d069cfc309 |
183
.github/workflows/build.yml
vendored
183
.github/workflows/build.yml
vendored
@@ -6,6 +6,10 @@ on:
|
||||
schedule:
|
||||
- cron: '37 22 * * *'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
@@ -62,11 +66,6 @@ jobs:
|
||||
goal: build
|
||||
arch: Win32
|
||||
openssl_archs: VC-WIN32
|
||||
- os: ubuntu-22.04
|
||||
goal: test
|
||||
python: "3.7"
|
||||
jid: 8
|
||||
arch: x86_64
|
||||
- os: ubuntu-22.04
|
||||
goal: test
|
||||
python: "3.8"
|
||||
@@ -95,6 +94,13 @@ jobs:
|
||||
persist-credentials: false
|
||||
fetch-depth: 0
|
||||
|
||||
- id: auth
|
||||
name: Authenticate to Google Cloud
|
||||
uses: google-github-actions/auth@v1
|
||||
with:
|
||||
workload_identity_provider: projects/297925809119/locations/global/workloadIdentityPools/gha-pool/providers/gha-provider
|
||||
service_account: github-actions-testing-for-gam@gam-project-wyo-lub-ivl.iam.gserviceaccount.com
|
||||
|
||||
- name: Cache multiple paths
|
||||
if: matrix.goal == 'build'
|
||||
uses: actions/cache@v3
|
||||
@@ -103,7 +109,7 @@ jobs:
|
||||
path: |
|
||||
bin.tar.xz
|
||||
src/cpython
|
||||
key: gam-${{ matrix.jid }}-20230326
|
||||
key: gam-${{ matrix.jid }}-20230405
|
||||
|
||||
- name: Untar Cache archive
|
||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
|
||||
@@ -117,6 +123,17 @@ jobs:
|
||||
with:
|
||||
python-version: ${{ matrix.python }}
|
||||
|
||||
- name: Set cURL retry flag
|
||||
run: |
|
||||
curl_version=$(curl --version | head -n 1 | awk '{ print $2 }')
|
||||
echo "cURL is ${curl_version}"
|
||||
if [ "$curl_version" == "7.68.0" ]; then
|
||||
export curl_retry="--retry 5 --retry-connrefused"
|
||||
else
|
||||
export curl_retry="--retry 5 --retry-all-errors"
|
||||
fi
|
||||
echo "curl_retry=${curl_retry}" >> $GITHUB_ENV
|
||||
|
||||
- name: Set env variables for test
|
||||
if: matrix.goal == 'test'
|
||||
env:
|
||||
@@ -148,7 +165,7 @@ jobs:
|
||||
if: runner.os == 'macOS'
|
||||
run: |
|
||||
# Install latest Rust
|
||||
curl --retry 5 --retry-connrefused -fsS -o rust.sh https://sh.rustup.rs
|
||||
curl $curl_retry -fsS -o rust.sh https://sh.rustup.rs
|
||||
bash ./rust.sh -y
|
||||
source $HOME/.cargo/env
|
||||
# needed for Rust to compile cryptography Python package for universal2
|
||||
@@ -191,7 +208,7 @@ jobs:
|
||||
PERL=perl
|
||||
echo "MACOSX_DEPLOYMENT_TARGET=10.15" >> $GITHUB_ENV
|
||||
echo "PYTHON=${PYTHON_INSTALL_PATH}/bin/python3" >> $GITHUB_ENV
|
||||
echo "PIP_ARGS=--no-binary=:all:" >> $GITHUB_ENV
|
||||
#echo "PIP_ARGS=--no-binary=:all:" >> $GITHUB_ENV
|
||||
elif [[ "${RUNNER_OS}" == "Linux" ]]; then
|
||||
MAKE=make
|
||||
MAKEOPT="-j$(nproc)"
|
||||
@@ -402,7 +419,7 @@ jobs:
|
||||
|
||||
- name: Upgrade pip, wheel, etc
|
||||
run: |
|
||||
curl --retry 5 --retry-connrefused -O https://bootstrap.pypa.io/get-pip.py
|
||||
curl $curl_retry -O https://bootstrap.pypa.io/get-pip.py
|
||||
"${PYTHON}" get-pip.py
|
||||
"${PYTHON}" -m pip install --upgrade pip
|
||||
"${PYTHON}" -m pip install --upgrade wheel
|
||||
@@ -410,9 +427,21 @@ jobs:
|
||||
|
||||
- name: Install pip requirements
|
||||
run: |
|
||||
"${PYTHON}" -m pip install --upgrade -r requirements.txt ${PIP_ARGS}
|
||||
echo "before anything..."
|
||||
"${PYTHON}" -m pip list
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
"${PYTHON}" -m pip install --upgrade cffi ${PIP_ARGS}
|
||||
# cffi is a dep of cryptography and doesn't ship
|
||||
# a universal2 wheel so we must build one ourself :-/
|
||||
export CFLAGS="-arch x86_64 -arch arm64"
|
||||
export ARCHFLAGS="-arch x86_64 -arch arm64"
|
||||
"${PYTHON}" -m pip install --upgrade --force-reinstall --no-binary :all: \
|
||||
--no-cache-dir --no-deps --use-pep517 \
|
||||
--use-feature=no-binary-enable-wheel-cache \
|
||||
cffi
|
||||
echo "before cryptography..."
|
||||
"${PYTHON}" -m pip list
|
||||
# cryptography has a universal2 wheel but getting it installed
|
||||
# on x86-64 MacOS is a royal pain in the keester.
|
||||
"${PYTHON}" -m pip download --only-binary :all: \
|
||||
--dest . \
|
||||
--no-cache \
|
||||
@@ -420,9 +449,16 @@ jobs:
|
||||
--platform macosx_10_15_universal2 \
|
||||
cryptography
|
||||
"${PYTHON}" -m pip install --force-reinstall --no-deps cryptography*.whl
|
||||
echo "after cryptography..."
|
||||
"${PYTHON}" -m pip list
|
||||
"${PYTHON}" -m pip install --upgrade --no-binary :all: -r requirements.txt
|
||||
else
|
||||
"${PYTHON}" -m pip install --upgrade -r requirements.txt
|
||||
echo "after requirements..."
|
||||
"${PYTHON}" -m pip list
|
||||
"${PYTHON}" -m pip install --force-reinstall --no-deps --upgrade cryptography
|
||||
fi
|
||||
echo "after everything..."
|
||||
"${PYTHON}" -m pip list
|
||||
|
||||
- name: Install PyInstaller
|
||||
@@ -431,6 +467,8 @@ jobs:
|
||||
git clone https://github.com/pyinstaller/pyinstaller.git
|
||||
cd pyinstaller
|
||||
export latest_release=$(git tag --list | grep -v dev | grep -v rc | sort -Vr | head -n1)
|
||||
# temp pin to 5.9
|
||||
export latest_release="v5.9.0"
|
||||
git checkout "${latest_release}"
|
||||
# remove pre-compiled bootloaders so we fail if bootloader compile fails
|
||||
rm -rvf PyInstaller/bootloader/*-*/*
|
||||
@@ -489,25 +527,6 @@ jobs:
|
||||
cp -v gam-setup.bat $gampath
|
||||
fi
|
||||
|
||||
- name: Basic Tests all jobs
|
||||
run: |
|
||||
$PYTHON -m unittest discover --start-directory ./ --pattern "*_test.py" --buffer
|
||||
$gam version extended
|
||||
export GAMVERSION=$($gam version simple)
|
||||
echo "GAM Version ${GAMVERSION}"
|
||||
echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV
|
||||
|
||||
- name: Linux/MacOS package
|
||||
if: runner.os != 'Windows' && matrix.goal == 'build' && matrix.staticx != 'yes'
|
||||
run: |
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
GAM_ARCHIVE="gam-${GAMVERSION}-macos-universal2.tar.xz"
|
||||
elif [[ "${RUNNER_OS}" == "Linux" ]]; then
|
||||
this_glibc_ver=$(ldd --version | awk '/ldd/{print $NF}')
|
||||
GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(arch)-glibc${this_glibc_ver}.tar.xz"
|
||||
fi
|
||||
tar -C dist/ --create --verbose --exclude-from "${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" --file $GAM_ARCHIVE --xz gam
|
||||
|
||||
- name: Install StaticX
|
||||
if: matrix.staticx == 'yes'
|
||||
run: |
|
||||
@@ -527,17 +546,31 @@ jobs:
|
||||
esac
|
||||
echo "ldlib=${ldlib}"
|
||||
$PYTHON -m staticx -l "${ldlib}" "${gam}" "${gam}-staticx"
|
||||
|
||||
- name: Run StaticX
|
||||
if: matrix.staticx == 'yes'
|
||||
run: |
|
||||
"${gam}-staticx" version extended
|
||||
rm -v "${gam}"
|
||||
mv -v "${gam}-staticx" "${gam}"
|
||||
|
||||
- name: Linux package staticx
|
||||
if: matrix.staticx == 'yes'
|
||||
- name: Basic Tests all jobs
|
||||
id: basictests
|
||||
run: |
|
||||
GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(uname -m)-legacy.tar.xz"
|
||||
$PYTHON -m unittest discover --start-directory ./ --pattern "*_test.py" --buffer
|
||||
$gam version extended
|
||||
export GAMVERSION=$($gam version simple)
|
||||
echo "GAM Version ${GAMVERSION}"
|
||||
echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV
|
||||
|
||||
- name: Linux/MacOS package
|
||||
if: runner.os != 'Windows' && matrix.goal == 'build'
|
||||
run: |
|
||||
if [[ "${RUNNER_OS}" == "macOS" ]]; then
|
||||
GAM_ARCHIVE="gam-${GAMVERSION}-macos-universal2.tar.xz"
|
||||
elif [[ "${RUNNER_OS}" == "Linux" ]]; then
|
||||
if [[ "${staticx}" == "yes" ]]; then
|
||||
libver="legacy"
|
||||
else
|
||||
libver="glibc-$(ldd --version | awk '/ldd/{print $NF}')"
|
||||
fi
|
||||
GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(arch)-$libver}.tar.xz"
|
||||
fi
|
||||
tar -C dist/ --create --verbose --exclude-from "${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" --file $GAM_ARCHIVE --xz gam
|
||||
|
||||
- name: Windows package
|
||||
@@ -580,14 +613,20 @@ jobs:
|
||||
brew install gnupg
|
||||
fi
|
||||
source ../.github/actions/decrypt.sh ../.github/actions/creds.tar.xz.gpg creds.tar.xz
|
||||
rm $gampath/oauth2service.json
|
||||
export OAUTHFILE="oauth2.txt-gam-gha-${JID}"
|
||||
echo "OAUTHFILE=${OAUTHFILE}" >> $GITHUB_ENV
|
||||
export gam_user="gam-gha-${JID}@pdl.jaylee.us"
|
||||
echo "gam_user=${gam_user}" >> $GITHUB_ENV
|
||||
$gam checkconn
|
||||
$gam oauth info
|
||||
$gam create signjwtserviceaccount
|
||||
export CUSTOMER_ID="C03uzfv2s"
|
||||
export GA_DOMAIN="pdl.jaylee.us"
|
||||
export GA_ADMIN_EMAIL="$gam_user"
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
#$gam oauth info
|
||||
$gam info domain
|
||||
$gam oauth refresh
|
||||
#$gam oauth refresh
|
||||
$gam info user
|
||||
export tstamp=$($PYTHON -c "import time; print(time.time_ns())")
|
||||
export newbase="gha_test_${JID}_${tstamp}"
|
||||
@@ -599,7 +638,9 @@ jobs:
|
||||
export newou="aaaGithub Actions/${newbase}"
|
||||
|
||||
# cleanup old runs
|
||||
rm "${gampath}/enabledasa.txt"
|
||||
GAM_CSV_ROW_FILTER="name:regex:gha_test_${JID}_" $gam print vaultholds | $gam csv - gam delete vaulthold "id:~~holdId~~" matter "id:~~matterId~~"
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
GAM_CSV_ROW_FILTER="name:regex:gha_test_${JID}_" $gam print features | $gam csv - gam delete feature ~name
|
||||
GAM_CSV_ROW_FILTER="name:regex:^gha_test_${JID}_" $gam user $gam_user print shareddrives asadmin | $gam csv - gam user $gam_user delete shareddrive ~id nukefromorbit
|
||||
$gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail
|
||||
@@ -619,20 +660,30 @@ jobs:
|
||||
$gam user $newuser update photo https://dummyimage.com/400x600/000/fff
|
||||
$gam user $newuser get photo
|
||||
$gam user $newuser delete photo
|
||||
$gam create alias $newalias user $newuser
|
||||
$gam create group $newgroup name "GHA $JID group" description "This is a description" isarchived true
|
||||
$gam user $gam_user sendemail recipient $newuser subject "test message $newbase" message "GHA test message"
|
||||
$gam user $gam_user sendemail recipient exchange@pdl.jaylee.us subject "test ${tstamp}" message "test message"
|
||||
rm "${gampath}/enabledasa.txt"
|
||||
$gam user $newuser add license workspaceenterpriseplus
|
||||
$gam print privileges
|
||||
$gam update cigroup $newgroup memberrestriction 'member.type == 1 || member.customer_id == groupCustomerId()'
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
$gam update cigroup $newgroup security memberrestriction 'member.type == 1 || member.customer_id == groupCustomerId()'
|
||||
$gam info cigroup $newgroup
|
||||
$gam update group $newgroup add owner $gam_user
|
||||
$gam update group $newgroup add member $newuser
|
||||
rm "${gampath}/enabledasa.txt"
|
||||
$gam create admin $newuser _GROUPS_EDITOR_ROLE CUSTOMER # condition nonsecuritygroup
|
||||
$gam create admin $newgroup _HELP_DESK_ADMIN_ROLE org_unit "${newou}"
|
||||
GAM_CSV_ROW_FILTER="assignedToUser:regex:${newuser}" $gam print admins | $gam csv - gam delete admin "~roleAssignmentId"
|
||||
GAM_CSV_ROW_FILTER="assignedToGroup:regex:${newgroup}" $gam print admins | $gam csv - gam delete admin "~roleAssignmentId"
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
$gam csv sample.csv gam create user ~~email~~ firstname "GHA Bulk" lastname ~~email~~ gha.jid $JID ou "${newou}"
|
||||
$gam csv sample.csv gam update user ~~email~~ recoveryphone 12125121110 recoveryemail jay0lee@gmail.com password random displayname "GitHub Actions Bulk ${JID}"
|
||||
$gam csv sample.csv gam update user ~~email~~ recoveryphone "" recoveryemail ""
|
||||
rm "${gampath}/enabledasa.txt"
|
||||
$gam csv sample.csv gam user ~email add license workspaceenterpriseplus
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
$gam csv sample.csv gam user $gam_user sendemail recipient ~~email~~@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
|
||||
$gam csv sample.csv gam update group $newgroup add member ~email
|
||||
$gam info group $newgroup
|
||||
@@ -676,23 +727,29 @@ jobs:
|
||||
endtime=$($PYTHON -c "import datetime; print((datetime.datetime.now() + datetime.timedelta(hours=2)).strftime('%Y-%m-%dT%H:%M:%S.%f+00:00'))")
|
||||
$gam calendar $gam_user addevent summary "GHA test event" start "${starttime}" end "${endtime}" attendee $newgroup hangoutsmeet guestscanmodify true sendupdates all
|
||||
$gam calendar $gam_user printevents after -0d
|
||||
rm "${gampath}/enabledasa.txt"
|
||||
matterid=uid:$($gam create vaultmatter name "GHA matter $newbase" description "test matter" collaborators $newuser | head -1 | cut -d ' ' -f 3)
|
||||
$gam create vaulthold matter $matterid name "GHA hold $newbase" corpus mail accounts $newuser
|
||||
$gam print vaultmatters matterstate open
|
||||
$gam print vaultholds matter $matterid
|
||||
$gam print vaultcount matter $matterid corpus mail everyone todrive
|
||||
$gam create vaultexport matter $matterid name "GHA export $newbase" corpus mail accounts $newuser use_new_export false
|
||||
$gam create vaultexport matter $matterid name "GHA export $newbase" corpus mail accounts $newuser
|
||||
$gam print exports matter $matterid | $gam csv - gam info export $matterid id:~~id~~
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
$gam csv sample.csv gam user ~email add calendar id:$newresource
|
||||
$gam delete resource $newresource
|
||||
$gam delete feature Whiteboard-$newbase
|
||||
$gam delete feature VC-$newbase
|
||||
$gam delete building $newbuilding
|
||||
$gam delete group $newgroup
|
||||
$gam create alias $newalias user $newuser
|
||||
rm "${gampath}/enabledasa.txt"
|
||||
echo start
|
||||
$gam user $newuser delete license workspaceenterpriseplus
|
||||
echo finish
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
$gam whatis $newuser
|
||||
$gam user $gam_user show tokens
|
||||
rm "${gampath}/enabledasa.txt"
|
||||
$gam print exports matter $matterid | $gam csv - gam download export $matterid id:~~id~~
|
||||
$gam delete hold "GHA hold $newbase" matter $matterid
|
||||
$gam update matter $matterid action close
|
||||
@@ -700,13 +757,14 @@ jobs:
|
||||
# shakes off vault hold on user so we can delete
|
||||
$gam print users query "email:${newuser}" orgunitpath | $gam csv - gam update user ~primaryEmail ou ~orgUnitPath
|
||||
$gam user $newuser show holds
|
||||
export sn="$JID$JID$JID$JID-$(openssl rand -base64 32 | sed 's/[^a-zA-Z0-9]//g')"
|
||||
$gam create device serialnumber $sn devicetype android
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
$gam delete user $newuser
|
||||
$gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail
|
||||
$gam print mobile
|
||||
$gam print devices
|
||||
$gam print browsers
|
||||
export sn="$JID$JID$JID$JID-$(openssl rand -base64 32 | sed 's/[^a-zA-Z0-9]//g')"
|
||||
$gam create device serialnumber $sn devicetype android
|
||||
$gam print cros allfields orderby serialnumber
|
||||
$gam show crostelemetry storagepercentonly
|
||||
$gam report usageparameters customer
|
||||
@@ -715,8 +773,10 @@ jobs:
|
||||
$gam report users fields accounts:is_less_secure_apps_access_allowed,gmail:last_imap_time,gmail:last_pop_time filters "accounts:last_login_time>2019-01-01T00:00:00.000Z" todrive
|
||||
$gam report admin start -3d todrive
|
||||
$gam print devices nopersonaldevices nodeviceusers filter "serial:$JID$JID$JID$JID-" | $gam csv - gam delete device id ~name
|
||||
rm "${gampath}/enabledasa.txt"
|
||||
$gam print userinvitations
|
||||
$gam print userinvitations | $gam csv - gam send userinvitation ~name
|
||||
touch "${gampath}/enabledasa.txt"
|
||||
$gam create caalevel "zzz_${newbase}" basic condition ipsubnetworks 1.1.1.1/32,2.2.2.2/32 endcondition
|
||||
$gam print caalevels
|
||||
$gam delete caalevel "zzz_${newbase}"
|
||||
@@ -728,19 +788,17 @@ jobs:
|
||||
$gam user $gam_user update shareddrive "${driveid}" ou "aaaGithub Actions" # so we can delete our OU...
|
||||
$gam user $gam_user delete shareddrive "${driveid}" nukefromorbit
|
||||
echo "printer model count:"
|
||||
ssoprofile=$($gam create inboundssoprofile name "El Goog ${newbase}" loginurl https://www.google.com logouturl https://www.google.com changepasswordurl https://www.google.com entityid ElGoog return_name_only)
|
||||
$gam create inboundssocredential profile "id:${ssoprofile}" generate_key
|
||||
$gam create inboundssoassignment profile "id:${ssoprofile}" orgunit "${newou}" mode SAML_SSO
|
||||
$gam delete inboundssoassignment "orgunit:${newou}"
|
||||
$gam delete inboundssoprofile "id:${ssoprofile}"
|
||||
$gam print printermodels | wc -l
|
||||
#ssoprofile=$($gam create inboundssoprofile name "El Goog ${newbase}" loginurl https://www.google.com logouturl https://www.google.com changepasswordurl https://www.google.com entityid ElGoog return_name_only)
|
||||
#$gam create inboundssocredential profile "id:${ssoprofile}" generate_key
|
||||
#$gam create inboundssoassignment profile "id:${ssoprofile}" orgunit "${newou}" mode SAML_SSO
|
||||
$gam print printers
|
||||
printerid=$($gam create printer displayname "${newbase}" uri ipp://localhost:631 driverless description "made by $(gam_user)" ou "${newou}" | grep 'id: [a-z,0-9]*$' | cut -d' ' -f3)
|
||||
$gam info printer "$printerid"
|
||||
$gam delete printer "$printerid"
|
||||
$gam delete ou "${newou}"
|
||||
#$gam delete inboundssoprofile "id:${ssoprofile}"
|
||||
#$gam print printers
|
||||
#$gam create printer displayname "${newbase}" uri ipp://localhost:631 driverless description "made by $(gam_user)" ou /
|
||||
export CUSTOMER_ID="C01wfv983"
|
||||
export GA_DOMAIN="pdl.jaylee.us"
|
||||
touch $gampath/enabledasa.txt
|
||||
echo "using delegated admin service account"
|
||||
$gam print users
|
||||
|
||||
- name: Archive production artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
@@ -762,6 +820,10 @@ jobs:
|
||||
if: github.event_name == 'push'
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
permissions:
|
||||
contents: write
|
||||
packages: write
|
||||
pull-requests: read
|
||||
steps:
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
@@ -779,11 +841,18 @@ jobs:
|
||||
files: |
|
||||
gam-binaries/*
|
||||
|
||||
- name: Set datetime version string
|
||||
id: dateversion
|
||||
run: |
|
||||
export dateversion="$(date +'%Y%m%d.%H%M%S')"
|
||||
echo "Date version: ${dateversion}"
|
||||
echo "dateversion=${dateversion}" >> $GITHUB_OUTPUT
|
||||
|
||||
- uses: "marvinpinto/action-automatic-releases@latest"
|
||||
name: Publish draft release
|
||||
with:
|
||||
repo_token: "${{ secrets.GITHUB_TOKEN }}"
|
||||
automatic_release_tag: latest
|
||||
automatic_release_tag: "${{ steps.dateversion.outputs.dateversion }}"
|
||||
prerelease: false
|
||||
draft: true
|
||||
files: |
|
||||
|
||||
@@ -1595,6 +1595,7 @@ gam create inboundssoassignment (group <GroupItem> rank <Number>)|(ou|org|orguni
|
||||
(mode sso_off)|(mode saml_sso profile <SSOProfileItem>)(mode domain_wide_saml_if_enabled) [neverredirect]
|
||||
gam update inboundssoassignment [(group <GroupItem> rank <Number>)|(ou|org|orgunit <OrgUnitItem>)]
|
||||
[(mode sso_off)|(mode saml_sso profile <SSOProfileItem>)(mode domain_wide_saml_if_enabled)] [neverredirect]
|
||||
gam delete inboundssoassignment <SSOAssignmentSelector>
|
||||
gam info inboundssoassignment <SSOAssignmentSelector>
|
||||
gam show inboundssoassignments
|
||||
gam print inboundssoassignments [todrive]
|
||||
|
||||
@@ -412,7 +412,7 @@
|
||||
}
|
||||
},
|
||||
"revision": "20201203",
|
||||
"rootUrl": "https://www.googleapis.com/admin/directory/v1.1beta1/customer/",
|
||||
"rootUrl": "https://admin.googleapis.com/admin/directory/v1.1beta1/customer/",
|
||||
"schemas": {
|
||||
"ChromeBrowser": {
|
||||
"id": "ChromeBrowser",
|
||||
|
||||
@@ -1,12 +1,15 @@
|
||||
# -*- mode: python ; coding: utf-8 -*-
|
||||
from os import getenv
|
||||
from re import search
|
||||
from sys import platform
|
||||
|
||||
from PyInstaller.utils.hooks import copy_metadata
|
||||
|
||||
from gam.var import GAM_VER_LIBS
|
||||
|
||||
extra_files = []
|
||||
extra_files += copy_metadata('google-api-python-client')
|
||||
for pkg in GAM_VER_LIBS:
|
||||
extra_files += copy_metadata(pkg, recursive=True)
|
||||
extra_files += [('cbcm-v1.1beta1.json', '.')]
|
||||
extra_files += [('contactdelegation-v1.json', '.')]
|
||||
extra_files += [('admin-directory_v1.1beta1.json', '.')]
|
||||
|
||||
@@ -6,10 +6,7 @@ import configparser
|
||||
import csv
|
||||
import datetime
|
||||
from email import message_from_string
|
||||
try:
|
||||
from importlib.metadata import version as lib_version
|
||||
except ImportError:
|
||||
from importlib_metadata import version as lib_version
|
||||
from importlib.metadata import version as lib_version
|
||||
import io
|
||||
import json
|
||||
import mimetypes
|
||||
@@ -887,17 +884,7 @@ def doGAMVersion(checkForArgs=True):
|
||||
doGAMCheckForUpdates(forceCheck)
|
||||
if extended:
|
||||
print(ssl.OPENSSL_VERSION)
|
||||
libs = ['cryptography',
|
||||
'filelock',
|
||||
'google-auth-httplib2',
|
||||
'google-auth-oauthlib',
|
||||
'google-auth',
|
||||
'httplib2',
|
||||
'passlib',
|
||||
'python-dateutil',
|
||||
'yubikey-manager',
|
||||
]
|
||||
for lib in libs:
|
||||
for lib in GAM_VER_LIBS:
|
||||
try:
|
||||
print(f'{lib} {lib_version(lib)}')
|
||||
except:
|
||||
@@ -1145,39 +1132,66 @@ def buildGAPIObjectNoAuthentication(api):
|
||||
service = getService(api, httpObj)
|
||||
return service
|
||||
|
||||
# Convert UID to email address
|
||||
def get_user_email_from_id(uid, cd):
|
||||
try:
|
||||
result = gapi.call(
|
||||
cd.users(),
|
||||
'get',
|
||||
throw_reasons=[gapi_errors.ErrorReason.USER_NOT_FOUND],
|
||||
userKey=uid,
|
||||
fields='primaryEmail')
|
||||
return result.get('primaryEmail')
|
||||
except gapi_errors.GapiUserNotFoundError:
|
||||
return
|
||||
|
||||
def get_group_email_from_id(uid, cd):
|
||||
try:
|
||||
result = gapi.call(
|
||||
cd.groups(),
|
||||
'get',
|
||||
throw_reasons=[gapi_errors.ErrorReason.GROUP_NOT_FOUND],
|
||||
groupKey=uid,
|
||||
fields='email')
|
||||
return result.get('email')
|
||||
except gapi_errors.GapiGroupNotFoundError:
|
||||
return
|
||||
|
||||
def convertUIDtoEmailAddress(emailAddressOrUID, cd=None, email_types=['user']):
|
||||
'''convert UID to email address
|
||||
returns email address and object type'''
|
||||
if isinstance(email_types, str):
|
||||
email_types = email_types.split(',')
|
||||
normalizedEmailAddressOrUID = normalizeEmailAddressOrUID(emailAddressOrUID)
|
||||
if normalizedEmailAddressOrUID.find('@') > 0:
|
||||
return normalizedEmailAddressOrUID
|
||||
return normalizedEmailAddressOrUID, 'email'
|
||||
if not cd:
|
||||
cd = buildGAPIObject('directory')
|
||||
if 'user' in email_types:
|
||||
try:
|
||||
result = gapi.call(
|
||||
cd.users(),
|
||||
'get',
|
||||
throw_reasons=[gapi_errors.ErrorReason.USER_NOT_FOUND],
|
||||
userKey=normalizedEmailAddressOrUID,
|
||||
fields='primaryEmail')
|
||||
if 'primaryEmail' in result:
|
||||
return result['primaryEmail'].lower()
|
||||
except gapi_errors.GapiUserNotFoundError:
|
||||
pass
|
||||
if 'group' in email_types:
|
||||
try:
|
||||
result = gapi.call(
|
||||
cd.groups(),
|
||||
'get',
|
||||
throw_reasons=[gapi_errors.ErrorReason.GROUP_NOT_FOUND],
|
||||
groupKey=normalizedEmailAddressOrUID,
|
||||
fields='email')
|
||||
if 'email' in result:
|
||||
return result['email'].lower()
|
||||
except gapi_errors.GapiGroupNotFoundError:
|
||||
pass
|
||||
if 'user' in email_types and 'group' in email_types:
|
||||
# Google User IDs *TEND* to be integers while groups tend to have letters
|
||||
# thus we can optimize which check we try first. We'll still check
|
||||
# both since there is no guarantee this will always be true.
|
||||
if normalizedEmailAddressOrUID.isdigit():
|
||||
uid = get_user_email_from_id(normalizedEmailAddressOrUID, cd)
|
||||
if uid:
|
||||
return uid, 'user'
|
||||
uid = get_group_email_from_id(normalizedEmailAddressOrUID, cd)
|
||||
if uid:
|
||||
return uid, 'group'
|
||||
else:
|
||||
uid = get_group_email_from_id(normalizedEmailAddressOrUID, cd)
|
||||
if uid:
|
||||
return uid, 'group'
|
||||
uid = get_user_email_from_id(normalizedEmailAddressOrUID, cd)
|
||||
if uid:
|
||||
return uid, 'user'
|
||||
elif 'user' in email_types:
|
||||
uid = get_user_email_from_id(normalizedEmailAddressOrUID, cd)
|
||||
if uid:
|
||||
return uid, 'user'
|
||||
elif 'group' in email_types:
|
||||
uid = get_group_email_from_id(normalizedEmailAddressOrUID, cd)
|
||||
if uid:
|
||||
return uid, 'group'
|
||||
if 'resource' in email_types:
|
||||
try:
|
||||
result = gapi.call(
|
||||
@@ -1188,10 +1202,10 @@ def convertUIDtoEmailAddress(emailAddressOrUID, cd=None, email_types=['user']):
|
||||
customer=GC_Values[GC_CUSTOMER_ID],
|
||||
fields='resourceEmail')
|
||||
if 'resourceEmail' in result:
|
||||
return result['resourceEmail'].lower()
|
||||
return result['resourceEmail'].lower(), 'resource'
|
||||
except gapi_errors.GapiResourceNotFoundError:
|
||||
pass
|
||||
return normalizedEmailAddressOrUID
|
||||
return normalizedEmailAddressOrUID, 'unknown'
|
||||
|
||||
|
||||
# Convert email address to UID
|
||||
@@ -1205,12 +1219,13 @@ def convertEmailAddressToUID(emailAddressOrUID, cd=None, email_type='user'):
|
||||
result = gapi.call(
|
||||
cd.users(),
|
||||
'get',
|
||||
throw_reasons=[gapi_errors.ErrorReason.USER_NOT_FOUND],
|
||||
throw_reasons=[gapi_errors.ErrorReason.USER_NOT_FOUND,
|
||||
gapi_errors.ErrorReason.BAD_REQUEST],
|
||||
userKey=normalizedEmailAddressOrUID,
|
||||
fields='id')
|
||||
if 'id' in result:
|
||||
return result['id']
|
||||
except gapi_errors.GapiUserNotFoundError:
|
||||
except (gapi_errors.GapiUserNotFoundError, gam.gapi.errors.GapiBadRequestError):
|
||||
pass
|
||||
try:
|
||||
result = gapi.call(
|
||||
@@ -1262,27 +1277,27 @@ def buildGAPIServiceObject(api, act_as, showAuthError=True, scopes=None):
|
||||
|
||||
|
||||
def buildAlertCenterGAPIObject(user):
|
||||
userEmail = convertUIDtoEmailAddress(user)
|
||||
userEmail, _ = convertUIDtoEmailAddress(user)
|
||||
return (userEmail, buildGAPIServiceObject('alertcenter', userEmail))
|
||||
|
||||
|
||||
def buildActivityGAPIObject(user):
|
||||
userEmail = convertUIDtoEmailAddress(user)
|
||||
userEmail, _ = convertUIDtoEmailAddress(user)
|
||||
return (userEmail, buildGAPIServiceObject('driveactivity', userEmail))
|
||||
|
||||
|
||||
def buildDriveGAPIObject(user):
|
||||
userEmail = convertUIDtoEmailAddress(user)
|
||||
userEmail, _ = convertUIDtoEmailAddress(user)
|
||||
return (userEmail, buildGAPIServiceObject('drive', userEmail))
|
||||
|
||||
|
||||
def buildDrive3GAPIObject(user):
|
||||
userEmail = convertUIDtoEmailAddress(user)
|
||||
userEmail, _ = convertUIDtoEmailAddress(user)
|
||||
return (userEmail, buildGAPIServiceObject('drive3', userEmail))
|
||||
|
||||
|
||||
def buildGmailGAPIObject(user):
|
||||
userEmail = convertUIDtoEmailAddress(user)
|
||||
userEmail, _ = convertUIDtoEmailAddress(user)
|
||||
return (userEmail, buildGAPIServiceObject('gmail', userEmail))
|
||||
|
||||
|
||||
@@ -2306,7 +2321,7 @@ def doGetCourseInfo():
|
||||
croom = buildGAPIObject('classroom')
|
||||
courseId = addCourseIdScope(sys.argv[3])
|
||||
info = gapi.call(croom.courses(), 'get', id=courseId)
|
||||
info['ownerEmail'] = convertUIDtoEmailAddress(f'uid:{info["ownerId"]}')
|
||||
info['ownerEmail'], _ = convertUIDtoEmailAddress(f'uid:{info["ownerId"]}')
|
||||
display.print_json(info)
|
||||
teachers = gapi.get_all_pages(croom.courses().teachers(),
|
||||
'list',
|
||||
@@ -2491,7 +2506,7 @@ def doPrintCourses():
|
||||
if ownerEmails is not None:
|
||||
ownerId = course['ownerId']
|
||||
if ownerId not in ownerEmails:
|
||||
ownerEmails[ownerId] = convertUIDtoEmailAddress(f'uid:{ownerId}',
|
||||
ownerEmails[ownerId], _ = convertUIDtoEmailAddress(f'uid:{ownerId}',
|
||||
cd=cd)
|
||||
course['ownerEmail'] = ownerEmails[ownerId]
|
||||
for field in skipFieldsList:
|
||||
@@ -7195,9 +7210,12 @@ def enable_apis():
|
||||
controlflow.invalid_argument_exit(sys.argv[i],
|
||||
'gam enable apis')
|
||||
GAMProjectAPIs = getGAMProjectFile('project-apis.txt').splitlines()
|
||||
request = signjwt.get_request()
|
||||
try:
|
||||
_, projectId = google.auth.default()
|
||||
except google.auth.exceptions.DefaultCredentialsError as e:
|
||||
_, projectId = google.auth.default(scopes=signjwt._IAM_SCOPES,
|
||||
request=request)
|
||||
except (google.auth.exceptions.DefaultCredentialsError,
|
||||
google.auth.exceptions.RefreshError) as e:
|
||||
projectId = input('Please enter your project ID: ')
|
||||
while a_or_m not in ['a', 'm']:
|
||||
a_or_m = input('Do you want to enable projects [a]utomatically or [m]anually? (a/m): ').strip().lower()
|
||||
@@ -7962,11 +7980,13 @@ def create_signjwt_serviceaccount():
|
||||
'key_type': 'signjwt',
|
||||
'token_uri': 'https://oauth2.googleapis.com/token'
|
||||
}
|
||||
request = signjwt.get_request()
|
||||
try:
|
||||
creds, sa_info['project_id'] = google.auth.default()
|
||||
except google.auth.exceptions.DefaultCredentialsError as e:
|
||||
creds, sa_info['project_id'] = google.auth.default(scopes=signjwt._IAM_SCOPES,
|
||||
request=request)
|
||||
except (google.auth.exceptions.DefaultCredentialsError,
|
||||
google.auth.exceptions.RefreshError) as e:
|
||||
controlflow.system_error_exit(2, e)
|
||||
request = transport.create_request()
|
||||
creds.refresh(request)
|
||||
sa_info['client_email'] = creds.service_account_email
|
||||
oa2 = buildGAPIObjectNoAuthentication('oauth2')
|
||||
@@ -7976,8 +7996,7 @@ def create_signjwt_serviceaccount():
|
||||
fileutils.write_file(GC_Values[GC_OAUTH2SERVICE_JSON],
|
||||
sa_output,
|
||||
continue_on_error=False)
|
||||
|
||||
|
||||
|
||||
def doCreateOrRotateServiceAccountKeys(iam=None,
|
||||
project_id=None,
|
||||
client_email=None,
|
||||
@@ -11873,6 +11892,8 @@ def ProcessGAMCommand(args):
|
||||
gapi_cloudidentity_inboundsso.delete_profile()
|
||||
elif argument in ['inboundssocredential', 'inboundssocredentials']:
|
||||
gapi_cloudidentity_inboundsso.delete_credentials()
|
||||
elif argument in ['inboundssoassignment', 'inboundssoassignments']:
|
||||
gapi_cloudidentity_inboundsso.delete_assignment()
|
||||
elif argument == 'resource':
|
||||
gapi_directory_resource.deleteResourceCalendar()
|
||||
elif argument == 'mobile':
|
||||
|
||||
@@ -22,25 +22,33 @@ For more information, see https://jaylee.us/gam
|
||||
"""
|
||||
|
||||
import sys
|
||||
from multiprocessing import freeze_support
|
||||
from multiprocessing import set_start_method
|
||||
|
||||
from gam import controlflow
|
||||
import gam
|
||||
|
||||
|
||||
# Note that this file (and only this file) should remain compatible
|
||||
# with older Python versions so we can return a meaningful error
|
||||
# instead of a syntax error.
|
||||
def main():
|
||||
required_ver = (3, 8, 0)
|
||||
if sys.version_info[:3] < required_ver:
|
||||
err_result = ('ERROR: GAM requires Python %s.%s.%s or newer. You are '
|
||||
'running %s.%s.%s. Please upgrade your Python version '
|
||||
'or use one of the binary GAM downloads.\n' %
|
||||
(required_ver[0],
|
||||
required_ver[1],
|
||||
required_ver[2],
|
||||
sys.version_info[0],
|
||||
sys.version_info[1],
|
||||
sys.version_info[2]))
|
||||
sys.stderr.write(err_result)
|
||||
sys.exit(5)
|
||||
from multiprocessing import freeze_support
|
||||
freeze_support()
|
||||
if sys.platform == 'darwin':
|
||||
# https://bugs.python.org/issue33725 in Python 3.8.0 seems
|
||||
# to break parallel operations with errors about extra -b
|
||||
# command line arguments
|
||||
from multiprocessing import set_start_method
|
||||
set_start_method('fork')
|
||||
if sys.version_info[0] < 3 or sys.version_info[1] < 7:
|
||||
controlflow.system_error_exit(
|
||||
5,
|
||||
f'GAM requires Python 3.7 or newer. You are running %s.%s.%s. Please upgrade your Python version or use one of the binary GAM downloads.'
|
||||
% sys.version_info[:3])
|
||||
import gam
|
||||
sys.exit(gam.ProcessGAMCommand(sys.argv))
|
||||
|
||||
|
||||
|
||||
@@ -5,6 +5,7 @@ import os
|
||||
|
||||
from google.auth.jwt import Credentials as JWTCredentials
|
||||
|
||||
import gam
|
||||
from gam import utils
|
||||
|
||||
from gam.auth import oauth
|
||||
@@ -30,6 +31,9 @@ def get_admin_credentials_filename():
|
||||
return GC_Values[GC_OAUTH2SERVICE_JSON] if GC_Values[GC_OAUTH2SERVICE_JSON] else _FN_OAUTH2SERVICE_JSON
|
||||
return GC_Values[GC_OAUTH2_TXT] if GC_Values[GC_OAUTH2_TXT] else _FN_OAUTH2_TXT
|
||||
|
||||
APIS_NEEDING_ACCESS_TOKEN = {
|
||||
'cbcm': ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
|
||||
}
|
||||
|
||||
def get_admin_credentials(api=None):
|
||||
"""Gets oauth.Credentials that are authenticated as the domain's admin user."""
|
||||
@@ -39,7 +43,12 @@ def get_admin_credentials(api=None):
|
||||
with open(credential_file) as f:
|
||||
creds_data = json.load(f)
|
||||
# Validate that enable DASA matches content of authorization file
|
||||
if GC_Values[GC_ENABLE_DASA] and 'key_type' in creds_data:
|
||||
if GC_Values[GC_ENABLE_DASA] and creds_data.get('type') == 'service_account':
|
||||
if api in APIS_NEEDING_ACCESS_TOKEN:
|
||||
return gam.getSvcAcctCredentials(scopes=APIS_NEEDING_ACCESS_TOKEN[api],
|
||||
act_as=None,
|
||||
api=None,
|
||||
force_oauth=True)
|
||||
audience = f'https://{api}.googleapis.com/'
|
||||
key_type = creds_data.get('key_type', 'default')
|
||||
if key_type == 'default':
|
||||
|
||||
@@ -14,6 +14,13 @@ from gam.var import GM_Globals, GM_CACHE_DIR
|
||||
|
||||
_DEFAULT_TOKEN_LIFETIME_SECS = 3600 # 1 hour in seconds
|
||||
_GOOGLE_OAUTH2_TOKEN_ENDPOINT = "https://oauth2.googleapis.com/token"
|
||||
_IAM_SCOPES = ['https://www.googleapis.com/auth/iam']
|
||||
|
||||
# Some Workforce Identity Federation endpoints such as GitHub Actions
|
||||
# only allow TLS 1.2 as of April 2023.
|
||||
def get_request():
|
||||
httpc = transport.create_http(override_min_tls='TLSv1_2')
|
||||
return transport.create_request(httpc)
|
||||
|
||||
|
||||
class JWTCredentials(google.auth.jwt.Credentials):
|
||||
@@ -73,9 +80,12 @@ class SignJwt(google.auth.crypt.Signer):
|
||||
|
||||
def sign(self, message):
|
||||
''' Call IAM Credentials SignJWT API to get our signed JWT '''
|
||||
request = get_request()
|
||||
try:
|
||||
credentials, _ = google.auth.default()
|
||||
except google.auth.exceptions.DefaultCredentialsError as e:
|
||||
credentials, _ = google.auth.default(scopes=_IAM_SCOPES,
|
||||
request=request)
|
||||
except (google.auth.exceptions.DefaultCredentialsError,
|
||||
google.auth.exceptions.RefreshError) as e:
|
||||
controlflow.system_error_exit(2, e)
|
||||
httpObj = transport.AuthorizedHttp(
|
||||
credentials,
|
||||
|
||||
@@ -18,9 +18,9 @@ def normalizeCalendarId(calname, checkPrimary=False):
|
||||
return calname
|
||||
if not GC_Values[GC_DOMAIN]:
|
||||
GC_Values[GC_DOMAIN] = gam._getValueFromOAuth('hd')
|
||||
return gam.convertUIDtoEmailAddress(calname,
|
||||
email, _ = gam.convertUIDtoEmailAddress(calname,
|
||||
email_types=['user', 'resource'])
|
||||
|
||||
return email
|
||||
|
||||
def buildCalendarGAPIObject(calname):
|
||||
calendarId = normalizeCalendarId(calname)
|
||||
|
||||
@@ -230,7 +230,7 @@ def print_():
|
||||
todrive = True
|
||||
i += 1
|
||||
elif myarg == 'enterprisemember':
|
||||
member = gam.convertUIDtoEmailAddress(sys.argv[i + 1], email_types=['user', 'group'])
|
||||
member, _ = gam.convertUIDtoEmailAddress(sys.argv[i + 1], email_types=['user', 'group'])
|
||||
usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
|
||||
i += 2
|
||||
elif myarg == 'delimiter':
|
||||
@@ -501,7 +501,7 @@ def print_members():
|
||||
)
|
||||
i += 2
|
||||
elif myarg == 'enterprisemember':
|
||||
member = gam.convertUIDtoEmailAddress(sys.argv[i + 1], email_types=['user', 'group'])
|
||||
member, _ = gam.convertUIDtoEmailAddress(sys.argv[i + 1], email_types=['user', 'group'])
|
||||
usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
|
||||
i += 2
|
||||
elif myarg in ['cigroup', 'cigroups']:
|
||||
@@ -876,6 +876,13 @@ def update():
|
||||
'cloudidentity.googleapis.com/groups.discussion_forum': ''
|
||||
}
|
||||
i += 1
|
||||
elif myarg == 'locked':
|
||||
body['labels'] = {
|
||||
'cloudidentity.googleapis.com/groups.locked': '',
|
||||
'cloudidentity.googleapis.com/groups.security': '',
|
||||
'cloudidentity.googleapis.com/groups.discussion_forum': ''
|
||||
}
|
||||
i += 1
|
||||
elif myarg == 'dynamicsecurity':
|
||||
body['labels'] = {
|
||||
'cloudidentity.googleapis.com/groups.dynamic': '',
|
||||
|
||||
@@ -35,7 +35,7 @@ def get_orgunit_id(orgunit):
|
||||
|
||||
'''build Cloud Identity API'''
|
||||
def build():
|
||||
return gapi_cloudidentity.build('cloudidentity_beta')
|
||||
return gapi_cloudidentity.build('cloudidentity')
|
||||
|
||||
|
||||
'''parse cmd for profile create/update'''
|
||||
@@ -484,6 +484,16 @@ def update_assignment():
|
||||
controlflow.system_error_exit(3, 'Update did not finish {result}')
|
||||
|
||||
|
||||
'''gam delete inboundssoassignment'''
|
||||
def delete_assignment():
|
||||
ci = build()
|
||||
assignment = assignment_by_target(sys.argv[3], ci).get('name')
|
||||
print(f'Deleting Inbound SSO Assignmnet {assignment}...')
|
||||
gapi.call(ci.inboundSsoAssignments(),
|
||||
'delete',
|
||||
name=assignment)
|
||||
|
||||
|
||||
'''gam info inboundssoassignment'''
|
||||
def info_assignment():
|
||||
ci = build()
|
||||
|
||||
@@ -16,7 +16,9 @@ NONSECURITY_GROUP_CONDITION = f'!{SECURITY_GROUP_CONDITION}'
|
||||
def create():
|
||||
cd = gapi_directory.build()
|
||||
user = gam.normalizeEmailAddressOrUID(sys.argv[3])
|
||||
body = {'assignedTo': gam.convertEmailAddressToUID(user, cd)}
|
||||
body = {'assignedTo': gam.convertEmailAddressToUID(sys.argv[3],
|
||||
cd=cd,
|
||||
email_type='any')}
|
||||
role = sys.argv[4]
|
||||
body['roleId'] = gapi_directory_roles.getRoleId(role)
|
||||
body['scopeType'] = sys.argv[5].upper()
|
||||
@@ -70,7 +72,7 @@ def print_():
|
||||
item_fields = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId']
|
||||
titles = [
|
||||
'roleAssignmentId', 'roleId', 'role', 'assignedTo', 'assignedToUser',
|
||||
'scopeType', 'orgUnitId', 'orgUnit'
|
||||
'assignedToGroup', 'scopeType', 'orgUnitId', 'orgUnit'
|
||||
]
|
||||
csvRows = []
|
||||
i = 3
|
||||
@@ -107,7 +109,21 @@ def print_():
|
||||
admin_attrib = {}
|
||||
for key, value in list(admin.items()):
|
||||
if key == 'assignedTo':
|
||||
admin_attrib['assignedToUser'] = gam.user_from_userid(value)
|
||||
email_types = admin_attrib.get('assigneeType')
|
||||
if email_types == 'user':
|
||||
email_field = 'assignedToUser'
|
||||
elif email_types == 'group':
|
||||
email_field = 'assignedToGroup'
|
||||
else:
|
||||
email_field = None
|
||||
assignment_email, assignment_type = gam.convertUIDtoEmailAddress(f'uid:{value}', cd, email_types=['user', 'group'])
|
||||
if not email_field and assignment_type in ['user', 'group']:
|
||||
if assignment_type == 'user':
|
||||
email_field = 'assignedToUser'
|
||||
else:
|
||||
email_field = 'assignedToGroup'
|
||||
if email_field:
|
||||
admin_attrib[email_field] = assignment_email
|
||||
elif key == 'roleId':
|
||||
admin_attrib['role'] = gapi_directory_roles.role_from_roleid(value)
|
||||
elif key == 'orgUnitId':
|
||||
|
||||
@@ -4,5 +4,5 @@ import gam
|
||||
def build(user=None):
|
||||
if not user:
|
||||
user = gam._get_admin_email()
|
||||
userEmail = gam.convertUIDtoEmailAddress(user)
|
||||
userEmail, _ = gam.convertUIDtoEmailAddress(user)
|
||||
return (userEmail, gam.buildGAPIServiceObject('drive3', userEmail))
|
||||
|
||||
@@ -511,7 +511,7 @@ def getHoldInfo():
|
||||
account_type = 'group' if results['corpus'] == 'GROUPS' else 'user'
|
||||
for i in range(0, len(results['accounts'])):
|
||||
uid = f'uid:{results["accounts"][i]["accountId"]}'
|
||||
acct_email = gam.convertUIDtoEmailAddress(uid, cd, [account_type])
|
||||
acct_email, _ = gam.convertUIDtoEmailAddress(uid, cd, [account_type])
|
||||
results['accounts'][i]['email'] = acct_email
|
||||
if 'orgUnit' in results:
|
||||
results['orgUnit']['orgUnitPath'] = gapi_directory_orgunits.info(
|
||||
@@ -792,7 +792,7 @@ def getMatterInfo():
|
||||
cd = gam.buildGAPIObject('directory')
|
||||
for i in range(0, len(result['matterPermissions'])):
|
||||
uid = f'uid:{result["matterPermissions"][i]["accountId"]}'
|
||||
user_email = gam.convertUIDtoEmailAddress(uid, cd)
|
||||
user_email, _ = gam.convertUIDtoEmailAddress(uid, cd)
|
||||
result['matterPermissions'][i]['email'] = user_email
|
||||
display.print_json(result)
|
||||
|
||||
|
||||
@@ -9,6 +9,8 @@ from gam.var import GC_TLS_MAX_VERSION
|
||||
from gam.var import GC_TLS_MIN_VERSION
|
||||
from gam.var import GC_Values
|
||||
|
||||
# Bump default retries
|
||||
httplib2.RETRIES = 5
|
||||
|
||||
def create_http(cache=None,
|
||||
timeout=None,
|
||||
|
||||
@@ -8,7 +8,7 @@ import platform
|
||||
import re
|
||||
|
||||
GAM_AUTHOR = 'Jay Lee <jay0lee@gmail.com>'
|
||||
GAM_VERSION = '6.53'
|
||||
GAM_VERSION = '6.56'
|
||||
GAM_LICENSE = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||
|
||||
GAM_URL = 'https://jaylee.us/gam'
|
||||
@@ -17,6 +17,18 @@ GAM_INFO = (
|
||||
f'Python {platform.python_version()} {sys.version_info.releaselevel} / '
|
||||
f'{platform.platform()} {platform.machine()}')
|
||||
|
||||
# Packages we want version info available
|
||||
# for "gam version extended"
|
||||
GAM_VER_LIBS = ['cryptography',
|
||||
'filelock',
|
||||
'google-auth-httplib2',
|
||||
'google-auth-oauthlib',
|
||||
'google-auth',
|
||||
'httplib2',
|
||||
'passlib',
|
||||
'python-dateutil',
|
||||
'yubikey-manager',
|
||||
]
|
||||
GAM_RELEASES = 'https://github.com/GAM-team/GAM/releases'
|
||||
GAM_WIKI = 'https://github.com/GAM-team/GAM/wiki'
|
||||
GAM_ALL_RELEASES = 'https://api.github.com/repos/GAM-team/GAM/releases'
|
||||
@@ -657,7 +669,7 @@ GOOGLEDOC_VALID_EXTENSIONS_MAP = {
|
||||
'.docx', '.html', '.odt', '.pdf', '.rtf', '.txt', '.zip'
|
||||
],
|
||||
MIMETYPE_GA_PRESENTATION: ['.pdf', '.pptx', '.odp', '.txt'],
|
||||
MIMETYPE_GA_SPREADSHEET: ['.csv', '.ods', '.pdf', '.xlsx', '.zip'],
|
||||
MIMETYPE_GA_SPREADSHEET: ['.csv', '.ods', '.pdf', '.tsv', '.xlsx', '.zip'],
|
||||
}
|
||||
|
||||
MACOS_CODENAMES = {
|
||||
@@ -1347,7 +1359,7 @@ GC_TLS_MAX_VERSION = 'tls_max_ver'
|
||||
# Path to certificate authority file for validating TLS hosts
|
||||
GC_CA_FILE = 'ca_file'
|
||||
|
||||
TLS_MIN = 'TLSv1_3' if hasattr(ssl.SSLContext(), 'minimum_version') else None
|
||||
TLS_MIN = 'TLSv1_3'
|
||||
GC_Defaults = {
|
||||
GC_ADMIN_EMAIL: '',
|
||||
GC_AUTO_BATCH_MIN: 0,
|
||||
|
||||
@@ -6,7 +6,6 @@ google-auth-httplib2
|
||||
google-auth-oauthlib>=0.4.1
|
||||
google-auth>=2.3.2
|
||||
httplib2>=0.17.0
|
||||
importlib.metadata; python_version < '3.8'
|
||||
passlib>=1.7.2
|
||||
pathvalidate
|
||||
python-dateutil
|
||||
|
||||
@@ -13,15 +13,15 @@ keywords = google, oauth2, gsuite, google-apps, google-admin-sdk, google-drive,
|
||||
classifiers =
|
||||
Programming Language :: Python :: 3
|
||||
Programming Language :: Python :: 3 :: Only
|
||||
Programming Language :: Python :: 3.7
|
||||
Programming Language :: Python :: 3.8
|
||||
Programming Language :: Python :: 3.9
|
||||
Programming Language :: Python :: 3.10
|
||||
Programming Language :: Python :: 3.11
|
||||
License :: OSI Approved :: Apache License
|
||||
|
||||
[options]
|
||||
packages = find:
|
||||
python_requires = >= 3.7
|
||||
python_requires = >= 3.8
|
||||
install_requires =
|
||||
cryptography
|
||||
distro; sys_platform == 'linux'
|
||||
@@ -31,11 +31,10 @@ install_requires =
|
||||
google-auth-oauthlib >= 0.4.6
|
||||
google-auth >= 2.3.3
|
||||
httplib2 >= 0.20.2
|
||||
importlib.metadata; python_version < '3.8'
|
||||
passlib >= 1.7.4
|
||||
python-dateutil
|
||||
yubikey-manager >= 4.0.0
|
||||
pathvalidate
|
||||
python-dateutil
|
||||
yubikey-manager >= 5.0
|
||||
|
||||
[options.package_data]
|
||||
* = *.pem
|
||||
|
||||
Reference in New Issue
Block a user