mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-04 21:01:36 +00:00
Compare commits
3 Commits
v7.00.26
...
20241024.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
04156061c4 | ||
|
|
36f96f75c7 | ||
|
|
197bcb3599 |
321
docs/Cloud-Identity-Policies.md
Normal file
321
docs/Cloud-Identity-Policies.md
Normal file
@@ -0,0 +1,321 @@
|
|||||||
|
# Cloud Identity Policies
|
||||||
|
- [API documentation](#api-documentation)
|
||||||
|
- [Notes](#notes)
|
||||||
|
- [Policies](#policies)
|
||||||
|
- [Display Cloud Identity Policies](#display-cloud-identity-policies)
|
||||||
|
|
||||||
|
## API documentation
|
||||||
|
* https://cloud.google.com/identity/docs/concepts/overview-policies
|
||||||
|
* https://cloud.google.com/identity/docs/reference/rest/v1beta1/policies
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
To use these commands you must update your client access authentication.
|
||||||
|
```
|
||||||
|
gam oauth create
|
||||||
|
...
|
||||||
|
[*] 19) Cloud Identity - Policy
|
||||||
|
```
|
||||||
|
|
||||||
|
## Policies
|
||||||
|
These are the supported policies GAM can show today.
|
||||||
|
```
|
||||||
|
user_takeout_status (is takeout enabled for service)
|
||||||
|
blogger
|
||||||
|
books
|
||||||
|
location_history
|
||||||
|
maps
|
||||||
|
pay
|
||||||
|
photos
|
||||||
|
play
|
||||||
|
play_console
|
||||||
|
youtube
|
||||||
|
service_status (is service enabled)
|
||||||
|
ad_manager
|
||||||
|
ads
|
||||||
|
adsense
|
||||||
|
alerts
|
||||||
|
analytics
|
||||||
|
applied_digital_skills
|
||||||
|
appsheet
|
||||||
|
arts_and_culture
|
||||||
|
beyondcorp_enterprise
|
||||||
|
blogger
|
||||||
|
bookmarks
|
||||||
|
books
|
||||||
|
calendar
|
||||||
|
campaign_manager
|
||||||
|
chat
|
||||||
|
chrome_canvas
|
||||||
|
chrome_remote_desktop
|
||||||
|
chrome_sync
|
||||||
|
chrome_web_store
|
||||||
|
classroom
|
||||||
|
cloud
|
||||||
|
cloud_search
|
||||||
|
colab
|
||||||
|
cs_first
|
||||||
|
data_studio
|
||||||
|
developers
|
||||||
|
domains
|
||||||
|
drive_and_docs
|
||||||
|
earth
|
||||||
|
enterprise_service_restrictions
|
||||||
|
experimental_apps
|
||||||
|
feedburner
|
||||||
|
fi
|
||||||
|
gmail
|
||||||
|
groups
|
||||||
|
groups_for_business
|
||||||
|
jamboard
|
||||||
|
keep
|
||||||
|
location_history
|
||||||
|
managed_play
|
||||||
|
maps
|
||||||
|
material_gallery
|
||||||
|
meet
|
||||||
|
merchant_center
|
||||||
|
messages
|
||||||
|
migrate
|
||||||
|
my_business
|
||||||
|
my_maps
|
||||||
|
news
|
||||||
|
partner_dash
|
||||||
|
pay
|
||||||
|
pay_for_business
|
||||||
|
photos
|
||||||
|
pinpoint
|
||||||
|
play
|
||||||
|
play_books_partner_center
|
||||||
|
play_console
|
||||||
|
public_data
|
||||||
|
question_hub
|
||||||
|
scholar_profiles
|
||||||
|
search_ads_360
|
||||||
|
search_and_assistant
|
||||||
|
search_console
|
||||||
|
sites
|
||||||
|
socratic
|
||||||
|
takeout
|
||||||
|
tasks
|
||||||
|
third_party_app_backups
|
||||||
|
translate
|
||||||
|
trips
|
||||||
|
vault
|
||||||
|
voice
|
||||||
|
work_insights
|
||||||
|
youtube
|
||||||
|
calendar.appointment_schedules
|
||||||
|
enablePayments
|
||||||
|
chat.chat_apps_access
|
||||||
|
enableApps
|
||||||
|
enableWebhooks
|
||||||
|
chat.chat_file_sharing
|
||||||
|
externalFileSharing
|
||||||
|
internalFileSharing
|
||||||
|
chat.chat_history
|
||||||
|
enableChatHistory
|
||||||
|
historyOnByDefault
|
||||||
|
allowUserModification
|
||||||
|
chat.external_chat_restriction
|
||||||
|
allowExternalChat
|
||||||
|
chat.space_history
|
||||||
|
historyState
|
||||||
|
classroom.api_data_access
|
||||||
|
enableApiAccess
|
||||||
|
classroom.class_membership
|
||||||
|
whoCanJoinClasses
|
||||||
|
whichClassesCanUsersJoin
|
||||||
|
classroom.guardian_access
|
||||||
|
allowAccess
|
||||||
|
whoCanManageGuardianAccess
|
||||||
|
classroom.originality_reports
|
||||||
|
enableOriginalityReportsSchoolMatches
|
||||||
|
classroom.roster_import
|
||||||
|
rosterImportOption
|
||||||
|
classroom.student_unenrollment
|
||||||
|
whoCanUnenrollStudents
|
||||||
|
classroom.teacher_permissions
|
||||||
|
whoCanCreateClasses
|
||||||
|
cloud_sharing_options.cloud_data_sharing
|
||||||
|
sharingOptions
|
||||||
|
detector.regular_expression
|
||||||
|
displayName
|
||||||
|
regularExpression
|
||||||
|
createTime
|
||||||
|
updateTime
|
||||||
|
detector.word_list
|
||||||
|
displayName
|
||||||
|
wordList
|
||||||
|
createTime
|
||||||
|
updateTime
|
||||||
|
description
|
||||||
|
drive_and_docs.drive_for_desktop
|
||||||
|
allowDriveForDesktop
|
||||||
|
restrictToAuthorizedDevices
|
||||||
|
showDownloadLink
|
||||||
|
allowRealTimePresence
|
||||||
|
drive_and_docs.external_sharing
|
||||||
|
externalSharingMode
|
||||||
|
allowReceivingExternalFiles
|
||||||
|
warnForSharingOutsideAllowlistedDomains
|
||||||
|
allowReceivingFilesOutsideAllowlistedDomains
|
||||||
|
allowNonGoogleInvitesInAllowlistedDomains
|
||||||
|
warnForExternalSharing
|
||||||
|
allowNonGoogleInvites
|
||||||
|
allowPublishingFiles
|
||||||
|
accessCheckerSuggestions
|
||||||
|
allowedPartiesForDistributingContent
|
||||||
|
drive_and_docs.file_security_update
|
||||||
|
securityUpdate
|
||||||
|
allowUsersToManageUpdate
|
||||||
|
drive_and_docs.shared_drive_creation
|
||||||
|
allowSharedDriveCreation
|
||||||
|
orgUnitForNewSharedDrives
|
||||||
|
customOrgUnit
|
||||||
|
allowManagersToOverrideSettings
|
||||||
|
allowExternalUserAccess
|
||||||
|
allowNonMemberAccess
|
||||||
|
allowedPartiesForDownloadPrintCopy
|
||||||
|
allowContentManagersToShareFolders
|
||||||
|
gmail.auto_forwarding
|
||||||
|
enableAutoForwarding
|
||||||
|
gmail.confidential_mode
|
||||||
|
enableConfidentialMode
|
||||||
|
gmail.email_attachment_safety
|
||||||
|
enableEncryptedAttachmentProtection
|
||||||
|
encryptedAttachmentProtectionConsequence
|
||||||
|
enableAttachmentWithScriptsProtection
|
||||||
|
attachmentWithScriptsProtectionConsequence
|
||||||
|
enableAnomalousAttachmentProtection
|
||||||
|
anomalousAttachmentProtectionConsequence
|
||||||
|
allowedAnomalousAttachmentFiletypes
|
||||||
|
applyFutureRecommendedSettingsAutomatically
|
||||||
|
encryptedAttachmentProtectionQuarantineId
|
||||||
|
attachmentWithScriptsProtectionQuarantineId
|
||||||
|
anomalousAttachmentProtectionQuarantineId
|
||||||
|
gmail.email_image_proxy_bypass
|
||||||
|
imageProxyBypassPattern
|
||||||
|
enableImageProxy
|
||||||
|
gmail.enhanced_pre_delivery_message_scanning
|
||||||
|
enableImprovedSuspiciousContentDetection
|
||||||
|
gmail.enhanced_smime_encryption
|
||||||
|
enableSmimeEncryption
|
||||||
|
allowUserToUploadCertificates
|
||||||
|
gmail.gmail_name_format
|
||||||
|
allowCustomDisplayNames
|
||||||
|
defaultDisplayNameFormat
|
||||||
|
gmail.imap_access
|
||||||
|
enableImapAccess
|
||||||
|
gmail.links_and_external_images
|
||||||
|
enableShortenerScanning
|
||||||
|
enableExternalImageScanning
|
||||||
|
enableAggressiveWarningsOnUntrustedLinks
|
||||||
|
applyFutureSettingsAutomatically
|
||||||
|
gmail.per_user_outbound_gateway
|
||||||
|
allowUsersToUseExternalSmtpServers
|
||||||
|
gmail.pop_access
|
||||||
|
enablePopAccess
|
||||||
|
gmail.spoofing_and_authentication
|
||||||
|
detectDomainNameSpoofing
|
||||||
|
detectEmployeeNameSpoofing
|
||||||
|
detectDomainSpoofingFromUnauthenticatedSenders
|
||||||
|
detectUnauthenticatedEmails
|
||||||
|
domainNameSpoofingConsequence
|
||||||
|
employeeNameSpoofingConsequence
|
||||||
|
domainSpoofingConsequence
|
||||||
|
unauthenticatedEmailConsequence
|
||||||
|
detectGroupsSpoofing
|
||||||
|
groupsSpoofingVisibilityType
|
||||||
|
groupsSpoofingConsequence
|
||||||
|
applyFutureSettingsAutomatically
|
||||||
|
domainNameSpoofingQuarantineId
|
||||||
|
employeeNameSpoofingQuarantineId
|
||||||
|
domainSpoofingQuarantineId
|
||||||
|
unauthenticatedEmailQuarantineId
|
||||||
|
groupsSpoofingQuarantineId
|
||||||
|
gmail.user_email_uploads
|
||||||
|
enableMailAndContactsImport
|
||||||
|
gmail.workspace_sync_for_outlook
|
||||||
|
enableGoogleWorkspaceSyncForMicrosoftOutlook
|
||||||
|
groups_for_business.groups_sharing
|
||||||
|
ownersCanAllowIncomingMailFromPublic
|
||||||
|
collaborationCapability
|
||||||
|
createGroupsAccessLevel
|
||||||
|
ownersCanAllowExternalMembers
|
||||||
|
ownersCanHideGroups
|
||||||
|
newGroupsAreHidden
|
||||||
|
viewTopicsDefaultAccessLevel
|
||||||
|
meet.safety_access
|
||||||
|
meetingsAllowedToJoin
|
||||||
|
meet.safety_domain
|
||||||
|
usersAllowedToJoin
|
||||||
|
meet.safety_external_participants
|
||||||
|
enableExternalLabel
|
||||||
|
meet.safety_host_management
|
||||||
|
enableHostManagement
|
||||||
|
meet.video_recording
|
||||||
|
enableRecording
|
||||||
|
rule.dlp
|
||||||
|
displayName
|
||||||
|
description
|
||||||
|
triggers
|
||||||
|
condition
|
||||||
|
action
|
||||||
|
state
|
||||||
|
createTime
|
||||||
|
updateTime
|
||||||
|
ruleTypeMetadata
|
||||||
|
rule.system_defined_alerts
|
||||||
|
displayName
|
||||||
|
description
|
||||||
|
action
|
||||||
|
state
|
||||||
|
createTime
|
||||||
|
updateTime
|
||||||
|
security.advanced_protection_program
|
||||||
|
enableAdvancedProtectionSelfEnrollment
|
||||||
|
securityCodeOption
|
||||||
|
security.less_secure_apps
|
||||||
|
allowLessSecureApps
|
||||||
|
security.login_challenges
|
||||||
|
enableEmployeeIdChallenge
|
||||||
|
security.password
|
||||||
|
allowedStrength
|
||||||
|
minimumLength
|
||||||
|
maximumLength
|
||||||
|
enforceRequirementsAtLogin
|
||||||
|
allowReuse
|
||||||
|
expirationDuration
|
||||||
|
security.session_controls
|
||||||
|
webSessionDuration
|
||||||
|
security.super_admin_account_recovery
|
||||||
|
enableAccountRecovery
|
||||||
|
security.user_account_recovery
|
||||||
|
enableAccountRecovery
|
||||||
|
sites.sites_creation_and_modification
|
||||||
|
allowSitesCreation
|
||||||
|
allowSitesModification
|
||||||
|
workspace_marketplace.apps_allowlist
|
||||||
|
apps
|
||||||
|
```
|
||||||
|
## Display Cloud Identity Policies
|
||||||
|
```
|
||||||
|
gam show policies (query <String>) [nowarnings]
|
||||||
|
[formatjson]
|
||||||
|
```
|
||||||
|
By default, Gam displays the information as an indented list of keys and values.
|
||||||
|
* `formatjson` - Display the fields in JSON format.
|
||||||
|
|
||||||
|
```
|
||||||
|
gam print policies [todrive <ToDriveAttribute>*]
|
||||||
|
(query <String>) [nowarnings]
|
||||||
|
[formatjson [quotechar <Character>]]
|
||||||
|
```
|
||||||
|
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
|
||||||
|
* `formatjson` - Display the fields in JSON format.
|
||||||
|
|
||||||
|
By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
|
||||||
|
the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
|
||||||
|
When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
|
||||||
|
The `quotechar <Character>` option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
|
||||||
|
`quotechar` defaults to `gam.cfg/csv_output_quote_char`. When uploading CSV files to Google, double quote `"` should be used.
|
||||||
@@ -10,12 +10,32 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
|
|||||||
|
|
||||||
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
||||||
|
|
||||||
|
7.00.28
|
||||||
|
|
||||||
|
Fixed issue that caused `gam print/show policies` to fail on some group policies.
|
||||||
|
|
||||||
|
7.00.27
|
||||||
|
|
||||||
|
Updated `gam <UserTypeEntity> collect orphans` and all commands that print file paths to recognize
|
||||||
|
that a file owned by a user that has no parents is not an orphan if `sharedWithMeTime` is set.
|
||||||
|
This occurs when user A creates a file in a shared folder owned by user B and user B then removes
|
||||||
|
user A's access to the folder.
|
||||||
|
|
||||||
|
Added commands to display Cloud Identity policies.
|
||||||
|
```
|
||||||
|
gam print policies [todrive <ToDriveAttribute>*]
|
||||||
|
(query <String>) [nowarnings]
|
||||||
|
[formatjson [quotechar <Character>]]
|
||||||
|
gam show policies (query <String>) [nowarnings]
|
||||||
|
[formatjson]
|
||||||
|
```
|
||||||
|
|
||||||
### 7.00.26
|
### 7.00.26
|
||||||
|
|
||||||
Updated `drive_dir` in `gam.cfg` to allow the value `.` that causes `redirect csv|stdout|stderr <FileName>`
|
Updated `drive_dir` in `gam.cfg` to allow the value `.` that causes `redirect csv|stdout|stderr <FileName>`
|
||||||
to write `<FileName>` in the current directory without having to prefix `<FileName>` with `./`.
|
to write `<FileName>` in the current directory without having to prefix `<FileName>` with `./`.
|
||||||
|
|
||||||
Upgraded to OpenSSL 3.4.0 where possible.
|
Upgraded to OpenSSL 3.4.0.
|
||||||
|
|
||||||
### 7.00.25
|
### 7.00.25
|
||||||
|
|
||||||
|
|||||||
@@ -82,6 +82,7 @@ Client Access
|
|||||||
* [Cloud Identity Devices](Cloud-Identity-Devices)
|
* [Cloud Identity Devices](Cloud-Identity-Devices)
|
||||||
* [Cloud Identity Groups](Cloud-Identity-Groups)
|
* [Cloud Identity Groups](Cloud-Identity-Groups)
|
||||||
* [Cloud Identity Groups - Membership](Cloud-Identity-Groups-Membership)
|
* [Cloud Identity Groups - Membership](Cloud-Identity-Groups-Membership)
|
||||||
|
* [Cloud Identity Policies](Cloud-Identity-Policies)
|
||||||
* [Cloud Storage](Cloud-Storage)
|
* [Cloud Storage](Cloud-Storage)
|
||||||
* [Context Aware Access Levels](Context-Aware-Access-Levels)
|
* [Context Aware Access Levels](Context-Aware-Access-Levels)
|
||||||
* [Customer](Customer)
|
* [Customer](Customer)
|
||||||
|
|||||||
@@ -4067,6 +4067,14 @@ gam update deviceuserstate <DeviceUserEntity> [clientid <String>]
|
|||||||
[healthscore very_poor|poor|neutral|good|very_good] [scorereason clear|<String>]
|
[healthscore very_poor|poor|neutral|good|very_good] [scorereason clear|<String>]
|
||||||
(customvalue (bool|boolean <Boolean>)|(number <Integer>)|(string <String>))*
|
(customvalue (bool|boolean <Boolean>)|(number <Integer>)|(string <String>))*
|
||||||
|
|
||||||
|
# Cloud Identity Policies
|
||||||
|
|
||||||
|
gam print policies [todrive <ToDriveAttribute>*]
|
||||||
|
(query <String>) [nowarnings]
|
||||||
|
[formatjson [quotechar <Character>]]
|
||||||
|
gam show policies (query <String>) [nowarnings]
|
||||||
|
[formatjson]
|
||||||
|
|
||||||
# Inbound SSO
|
# Inbound SSO
|
||||||
|
|
||||||
<SSOProfileDisplayName> ::= <String>
|
<SSOProfileDisplayName> ::= <String>
|
||||||
|
|||||||
@@ -1,8 +1,30 @@
|
|||||||
|
7.00.28
|
||||||
|
|
||||||
|
Fixed issue that caused `gam print/show policies` to fail on some group policies.
|
||||||
|
|
||||||
|
7.00.27
|
||||||
|
|
||||||
|
Updated `gam <UserTypeEntity> collect orphans` and all commands that print file paths to recognize
|
||||||
|
that a file owned by a user that has no parents is not an orphan if `sharedWithMeTime` is set.
|
||||||
|
This occurs when user A creates a file in a shared folder owned by user B and user B then removes
|
||||||
|
user A's access to the folder.
|
||||||
|
|
||||||
|
Added commands to display Cloud Identity policies.
|
||||||
|
```
|
||||||
|
gam print policies [todrive <ToDriveAttribute>*]
|
||||||
|
(query <String>) [nowarnings]
|
||||||
|
[formatjson [quotechar <Character>]]
|
||||||
|
gam show policies (query <String>) [nowarnings]
|
||||||
|
[formatjson]
|
||||||
|
```
|
||||||
|
|
||||||
7.00.26
|
7.00.26
|
||||||
|
|
||||||
Updated `drive_dir` in `gam.cfg` to allow the value `.` that causes `redirect csv|stdout|stderr <FileName>`
|
Updated `drive_dir` in `gam.cfg` to allow the value `.` that causes `redirect csv|stdout|stderr <FileName>`
|
||||||
to write `<FileName>` in the current directory without having to prefix `<FileName>` with `./`.
|
to write `<FileName>` in the current directory without having to prefix `<FileName>` with `./`.
|
||||||
|
|
||||||
|
Upgraded to OpenSSL 3.4.0 where possible.
|
||||||
|
|
||||||
7.00.25
|
7.00.25
|
||||||
|
|
||||||
Updated authentication process for `gam print|show projects`.
|
Updated authentication process for `gam print|show projects`.
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.00.26'
|
__version__ = '7.00.28'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -35082,31 +35082,35 @@ def updateFieldsForCIGroupMatchPatterns(matchPatterns, fieldsList, csvPF=None):
|
|||||||
else:
|
else:
|
||||||
fieldsList.append(field)
|
fieldsList.append(field)
|
||||||
|
|
||||||
# gam show policies (query <String>) [nowarnings]
|
CIPOLICY_TIME_OBJECTS = {'createTime', 'updateTime'}
|
||||||
|
|
||||||
# gam print policies [todrive <ToDriveAttribute>*]
|
# gam print policies [todrive <ToDriveAttribute>*]
|
||||||
# (query <String>) [nowarnings]
|
# (query <String>) [nowarnings]
|
||||||
def doPrintCIPolicy():
|
# [formatjson [quotechar <Character>]]
|
||||||
|
# gam show policies (query <String>) [nowarnings]
|
||||||
|
# [formatjson]
|
||||||
|
def doPrintCIPolicies():
|
||||||
|
|
||||||
def _showPolicy(policy, FJQC, i=0, count=0):
|
def _showPolicy(policy, FJQC, i=0, count=0):
|
||||||
if FJQC is not None and FJQC.formatJSON:
|
if FJQC is not None and FJQC.formatJSON:
|
||||||
printLine(json.dumps(policy,
|
printLine(json.dumps(cleanJSON(policy, timeObjects=CIPOLICY_TIME_OBJECTS),
|
||||||
ensure_ascii=False,
|
ensure_ascii=False,
|
||||||
sort_keys=True))
|
sort_keys=True))
|
||||||
return
|
return
|
||||||
printEntity([Ent.POLICY, policy['name']], i, count)
|
printEntity([Ent.POLICY, policy['name']], i, count)
|
||||||
Ind.Increment()
|
Ind.Increment()
|
||||||
policy.pop('name')
|
policy.pop('name')
|
||||||
showJSON(None, policy)
|
showJSON(None, policy, timeObjects=CIPOLICY_TIME_OBJECTS)
|
||||||
printBlankLine()
|
printBlankLine()
|
||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
|
|
||||||
def _printPolicy(policy):
|
def _printPolicy(policy):
|
||||||
row = flattenJSON(policy)
|
row = flattenJSON(policy, timeObjects=CIPOLICY_TIME_OBJECTS)
|
||||||
if not FJQC.formatJSON:
|
if not FJQC.formatJSON:
|
||||||
csvPF.WriteRowTitles(row)
|
csvPF.WriteRowTitles(row)
|
||||||
elif csvPF.CheckRowTitles(row):
|
elif csvPF.CheckRowTitles(row):
|
||||||
csvPF.WriteRowNoFilter({'name': policy['name'],
|
csvPF.WriteRowNoFilter({'name': policy['name'],
|
||||||
'JSON': json.dumps(cleanJSON(policy),
|
'JSON': json.dumps(cleanJSON(policy, timeObjects=CIPOLICY_TIME_OBJECTS),
|
||||||
ensure_ascii=False,
|
ensure_ascii=False,
|
||||||
sort_keys=True)})
|
sort_keys=True)})
|
||||||
|
|
||||||
@@ -35134,7 +35138,7 @@ def doPrintCIPolicy():
|
|||||||
elif myarg == 'nowarnings':
|
elif myarg == 'nowarnings':
|
||||||
add_warnings = False
|
add_warnings = False
|
||||||
else:
|
else:
|
||||||
unknownArgumentExit()
|
FJQC.GetFormatJSONQuoteChar(myarg, True)
|
||||||
printGettingAllAccountEntities(Ent.POLICY, ifilter)
|
printGettingAllAccountEntities(Ent.POLICY, ifilter)
|
||||||
pageMessage = getPageMessage()
|
pageMessage = getPageMessage()
|
||||||
throwReasons = [GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED]
|
throwReasons = [GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED]
|
||||||
@@ -35162,7 +35166,7 @@ def doPrintCIPolicy():
|
|||||||
if groupId := policy['policyQuery'].get('group'):
|
if groupId := policy['policyQuery'].get('group'):
|
||||||
_, _, policy['policyQuery']['groupEmail'] = convertGroupCloudIDToEmail(groups_ci, groupId)
|
_, _, policy['policyQuery']['groupEmail'] = convertGroupCloudIDToEmail(groups_ci, groupId)
|
||||||
# all groups are in the root OU so the orgUnit attribute is useless
|
# all groups are in the root OU so the orgUnit attribute is useless
|
||||||
policy['policyQuery'].pop('orgUnit')
|
policy['policyQuery'].pop('orgUnit', None)
|
||||||
elif orgId := policy['policyQuery'].get('orgUnit'):
|
elif orgId := policy['policyQuery'].get('orgUnit'):
|
||||||
policy['policyQuery']['orgUnitPath'] = convertOrgUnitIDtoPath(cd, orgId)
|
policy['policyQuery']['orgUnitPath'] = convertOrgUnitIDtoPath(cd, orgId)
|
||||||
if not csvPF:
|
if not csvPF:
|
||||||
@@ -54602,7 +54606,7 @@ def extendFileTree(fileTree, feed, DLP, stripCRsFromName):
|
|||||||
if f_file['mimeType'] == MIMETYPE_GA_FOLDER and f_file['name'] == MY_DRIVE:
|
if f_file['mimeType'] == MIMETYPE_GA_FOLDER and f_file['name'] == MY_DRIVE:
|
||||||
f_file['parents'] = []
|
f_file['parents'] = []
|
||||||
else:
|
else:
|
||||||
f_file['parents'] = [ORPHANS] if f_file.get('ownedByMe', False) else [SHARED_WITHME]
|
f_file['parents'] = [ORPHANS] if f_file.get('ownedByMe', False) and 'sharedWithMeTime' not in f_file else [SHARED_WITHME]
|
||||||
else:
|
else:
|
||||||
f_file['parents'] = [SHARED_DRIVES] if 'sharedWithMeTime' not in f_file else [SHARED_WITHME]
|
f_file['parents'] = [SHARED_DRIVES] if 'sharedWithMeTime' not in f_file else [SHARED_WITHME]
|
||||||
if fileId not in fileTree:
|
if fileId not in fileTree:
|
||||||
@@ -54622,11 +54626,11 @@ def extendFileTreeParents(drive, fileTree, fields):
|
|||||||
fileId=fileId, fields=fields, supportsAllDrives=True)
|
fileId=fileId, fields=fields, supportsAllDrives=True)
|
||||||
if not result.get('parents', []):
|
if not result.get('parents', []):
|
||||||
if not result.get('driveId'):
|
if not result.get('driveId'):
|
||||||
result['parents'] = [ORPHANS] if result.get('ownedByMe', False) else [SHARED_WITHME]
|
result['parents'] = [ORPHANS] if result.get('ownedByMe', False) and 'sharedWithMeTime' not in result else [SHARED_WITHME]
|
||||||
else:
|
else:
|
||||||
if result['name'] == TEAM_DRIVE:
|
if result['name'] == TEAM_DRIVE:
|
||||||
result['name'] = _getSharedDriveNameFromId(drive, result['driveId'])
|
result['name'] = _getSharedDriveNameFromId(drive, result['driveId'])
|
||||||
result['parents'] = [SHARED_DRIVES] if 'sharedWithMeTime' not in f_file else [SHARED_WITHME]
|
result['parents'] = [SHARED_DRIVES] if 'sharedWithMeTime' not in result else [SHARED_WITHME]
|
||||||
fileTree[fileId]['info'] = result
|
fileTree[fileId]['info'] = result
|
||||||
fileTree[fileId]['info']['noDisplay'] = True
|
fileTree[fileId]['info']['noDisplay'] = True
|
||||||
for parentId in result['parents']:
|
for parentId in result['parents']:
|
||||||
@@ -60821,7 +60825,8 @@ def collectOrphans(users):
|
|||||||
pageMessage=getPageMessageForWhom(),
|
pageMessage=getPageMessageForWhom(),
|
||||||
throwReasons=GAPI.DRIVE_USER_THROW_REASONS,
|
throwReasons=GAPI.DRIVE_USER_THROW_REASONS,
|
||||||
retryReasons=[GAPI.UNKNOWN_ERROR],
|
retryReasons=[GAPI.UNKNOWN_ERROR],
|
||||||
q=query, orderBy=OBY.orderBy, fields='nextPageToken,files(id,name,parents,mimeType,capabilities(canMoveItemWithinDrive))',
|
q=query, orderBy=OBY.orderBy,
|
||||||
|
fields='nextPageToken,files(id,name,parents,mimeType,sharedWithMeTime,capabilities(canMoveItemWithinDrive))',
|
||||||
pageSize=GC.Values[GC.DRIVE_MAX_RESULTS])
|
pageSize=GC.Values[GC.DRIVE_MAX_RESULTS])
|
||||||
if targetUserFolderPattern:
|
if targetUserFolderPattern:
|
||||||
trgtUserFolderName = _substituteForUser(targetUserFolderPattern, user, userName)
|
trgtUserFolderName = _substituteForUser(targetUserFolderPattern, user, userName)
|
||||||
@@ -60833,7 +60838,7 @@ def collectOrphans(users):
|
|||||||
continue
|
continue
|
||||||
orphanDriveFiles = []
|
orphanDriveFiles = []
|
||||||
for fileEntry in feed:
|
for fileEntry in feed:
|
||||||
if not fileEntry.get('parents'):
|
if not fileEntry.get('parents') and 'sharedWithMeTime' not in fileEntry:
|
||||||
orphanDriveFiles.append(fileEntry)
|
orphanDriveFiles.append(fileEntry)
|
||||||
jcount = len(orphanDriveFiles)
|
jcount = len(orphanDriveFiles)
|
||||||
entityPerformActionNumItemsModifier([Ent.USER, user], jcount, Ent.DRIVE_ORPHAN_FILE_OR_FOLDER,
|
entityPerformActionNumItemsModifier([Ent.USER, user], jcount, Ent.DRIVE_ORPHAN_FILE_OR_FOLDER,
|
||||||
@@ -75189,7 +75194,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
|
|||||||
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
||||||
Cmd.ARG_CIGROUP: doPrintCIGroups,
|
Cmd.ARG_CIGROUP: doPrintCIGroups,
|
||||||
Cmd.ARG_CIGROUPMEMBERS: doPrintCIGroupMembers,
|
Cmd.ARG_CIGROUPMEMBERS: doPrintCIGroupMembers,
|
||||||
Cmd.ARG_CIPOLICY: doPrintCIPolicy,
|
Cmd.ARG_CIPOLICIES: doPrintCIPolicies,
|
||||||
Cmd.ARG_CLASSROOMINVITATION: doPrintShowClassroomInvitations,
|
Cmd.ARG_CLASSROOMINVITATION: doPrintShowClassroomInvitations,
|
||||||
Cmd.ARG_CONTACT: doPrintShowDomainContacts,
|
Cmd.ARG_CONTACT: doPrintShowDomainContacts,
|
||||||
Cmd.ARG_COURSE: doPrintCourses,
|
Cmd.ARG_COURSE: doPrintCourses,
|
||||||
@@ -75229,7 +75234,6 @@ MAIN_COMMANDS_WITH_OBJECTS = {
|
|||||||
Cmd.ARG_OWNERSHIP: doPrintShowOwnership,
|
Cmd.ARG_OWNERSHIP: doPrintShowOwnership,
|
||||||
Cmd.ARG_PEOPLECONTACT: doPrintShowDomainPeopleContacts,
|
Cmd.ARG_PEOPLECONTACT: doPrintShowDomainPeopleContacts,
|
||||||
Cmd.ARG_PEOPLEPROFILE: doPrintShowDomainPeopleProfiles,
|
Cmd.ARG_PEOPLEPROFILE: doPrintShowDomainPeopleProfiles,
|
||||||
Cmd.ARG_CIPOLICY: doPrintCIPolicy,
|
|
||||||
Cmd.ARG_PRINTER: doPrintShowPrinters,
|
Cmd.ARG_PRINTER: doPrintShowPrinters,
|
||||||
Cmd.ARG_PRINTERMODEL: doPrintShowPrinterModels,
|
Cmd.ARG_PRINTERMODEL: doPrintShowPrinterModels,
|
||||||
Cmd.ARG_PRIVILEGES: doPrintShowPrivileges,
|
Cmd.ARG_PRIVILEGES: doPrintShowPrivileges,
|
||||||
@@ -75319,7 +75323,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
|
|||||||
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas,
|
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas,
|
||||||
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
||||||
Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers,
|
Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers,
|
||||||
Cmd.ARG_CIPOLICY: doPrintCIPolicy,
|
Cmd.ARG_CIPOLICIES: doPrintCIPolicies,
|
||||||
Cmd.ARG_CLASSROOMINVITATION: doPrintShowClassroomInvitations,
|
Cmd.ARG_CLASSROOMINVITATION: doPrintShowClassroomInvitations,
|
||||||
Cmd.ARG_CONTACT: doPrintShowDomainContacts,
|
Cmd.ARG_CONTACT: doPrintShowDomainContacts,
|
||||||
Cmd.ARG_CROSTELEMETRY: doInfoPrintShowCrOSTelemetry,
|
Cmd.ARG_CROSTELEMETRY: doInfoPrintShowCrOSTelemetry,
|
||||||
|
|||||||
@@ -45,8 +45,8 @@ CLOUDCHANNEL = 'cloudchannel'
|
|||||||
CLOUDIDENTITY_DEVICES = 'cloudidentitydevices'
|
CLOUDIDENTITY_DEVICES = 'cloudidentitydevices'
|
||||||
CLOUDIDENTITY_GROUPS = 'cloudidentitygroups'
|
CLOUDIDENTITY_GROUPS = 'cloudidentitygroups'
|
||||||
CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso'
|
CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso'
|
||||||
CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
|
|
||||||
CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits'
|
CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits'
|
||||||
|
CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
|
||||||
CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta'
|
CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta'
|
||||||
CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations'
|
CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations'
|
||||||
CLOUDRESOURCEMANAGER = 'cloudresourcemanager'
|
CLOUDRESOURCEMANAGER = 'cloudresourcemanager'
|
||||||
@@ -225,9 +225,9 @@ _INFO = {
|
|||||||
CLOUDIDENTITY_DEVICES: {'name': 'Cloud Identity Devices API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
CLOUDIDENTITY_DEVICES: {'name': 'Cloud Identity Devices API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
||||||
CLOUDIDENTITY_GROUPS: {'name': 'Cloud Identity Groups API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
CLOUDIDENTITY_GROUPS: {'name': 'Cloud Identity Groups API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
||||||
CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity Inbound SSO API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity Inbound SSO API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
||||||
CLOUDIDENTITY_POLICY: {'name': 'Cloud Identity Policy API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
|
||||||
CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
||||||
CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
||||||
|
CLOUDIDENTITY_POLICY: {'name': 'Cloud Identity Policy API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
||||||
CLOUDIDENTITY_USERINVITATIONS: {'name': 'Cloud Identity User Invitations API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
CLOUDIDENTITY_USERINVITATIONS: {'name': 'Cloud Identity User Invitations API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
|
||||||
CLOUDRESOURCEMANAGER: {'name': 'Cloud Resource Manager API v3', 'version': 'v3', 'v2discovery': True},
|
CLOUDRESOURCEMANAGER: {'name': 'Cloud Resource Manager API v3', 'version': 'v3', 'v2discovery': True},
|
||||||
CONTACTS: {'name': 'Contacts API', 'version': 'v3', 'v2discovery': False},
|
CONTACTS: {'name': 'Contacts API', 'version': 'v3', 'v2discovery': False},
|
||||||
@@ -362,15 +362,15 @@ _CLIENT_SCOPES = [
|
|||||||
'api': CLOUDIDENTITY_INBOUND_SSO,
|
'api': CLOUDIDENTITY_INBOUND_SSO,
|
||||||
'subscopes': READONLY,
|
'subscopes': READONLY,
|
||||||
'scope': 'https://www.googleapis.com/auth/cloud-identity.inboundsso'},
|
'scope': 'https://www.googleapis.com/auth/cloud-identity.inboundsso'},
|
||||||
|
{'name': 'Cloud Identity OrgUnits API',
|
||||||
|
'api': CLOUDIDENTITY_ORGUNITS_BETA,
|
||||||
|
'subscopes': READONLY,
|
||||||
|
'scope': 'https://www.googleapis.com/auth/cloud-identity.orgunits'},
|
||||||
{'name': 'Cloud Identity - Policy',
|
{'name': 'Cloud Identity - Policy',
|
||||||
'api': CLOUDIDENTITY_POLICY,
|
'api': CLOUDIDENTITY_POLICY,
|
||||||
'subscopes': [],
|
'subscopes': [],
|
||||||
'scope': 'https://www.googleapis.com/auth/cloud-identity.policies.readonly'
|
'scope': 'https://www.googleapis.com/auth/cloud-identity.policies.readonly'
|
||||||
},
|
},
|
||||||
{'name': 'Cloud Identity OrgUnits API',
|
|
||||||
'api': CLOUDIDENTITY_ORGUNITS_BETA,
|
|
||||||
'subscopes': READONLY,
|
|
||||||
'scope': 'https://www.googleapis.com/auth/cloud-identity.orgunits'},
|
|
||||||
{'name': 'Cloud Identity User Invitations API',
|
{'name': 'Cloud Identity User Invitations API',
|
||||||
'api': CLOUDIDENTITY_USERINVITATIONS,
|
'api': CLOUDIDENTITY_USERINVITATIONS,
|
||||||
'subscopes': READONLY,
|
'subscopes': READONLY,
|
||||||
|
|||||||
@@ -493,7 +493,7 @@ class GamCLArgs():
|
|||||||
ARG_CIGROUPSMEMBERS = 'cigroupsmembers'
|
ARG_CIGROUPSMEMBERS = 'cigroupsmembers'
|
||||||
ARG_CIMEMBER = 'cimember'
|
ARG_CIMEMBER = 'cimember'
|
||||||
ARG_CIMEMBERS = 'cimembers'
|
ARG_CIMEMBERS = 'cimembers'
|
||||||
ARG_CIPOLICY = 'policies'
|
ARG_CIPOLICIES = 'policies'
|
||||||
ARG_CLASS = 'class'
|
ARG_CLASS = 'class'
|
||||||
ARG_CLASSES = 'classes'
|
ARG_CLASSES = 'classes'
|
||||||
ARG_CLASSPARTICIPANTS = 'classparticipants'
|
ARG_CLASSPARTICIPANTS = 'classparticipants'
|
||||||
|
|||||||
Reference in New Issue
Block a user