mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
Compare commits
40 Commits
v7.08.01
...
20250616.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
f1713ec685 | ||
|
|
74924c9c0e | ||
|
|
8d3b65f5f1 | ||
|
|
260f2d3f5c | ||
|
|
475275add7 | ||
|
|
d71832096a | ||
|
|
f12d3abfc1 | ||
|
|
474aa069b7 | ||
|
|
c49708cbae | ||
|
|
43ecba07bb | ||
|
|
51f8ebe8e2 | ||
|
|
28edce3aca | ||
|
|
fe1f0285f8 | ||
|
|
da83121d0d | ||
|
|
f58a69e374 | ||
|
|
2f40a164c5 | ||
|
|
58a3fa7313 | ||
|
|
39ce5b7349 | ||
|
|
860d44d819 | ||
|
|
5e90ff143e | ||
|
|
28e05bf09a | ||
|
|
0781e27993 | ||
|
|
a441dddc06 | ||
|
|
4a42581e00 | ||
|
|
de2bfb0d52 | ||
|
|
f418287e65 | ||
|
|
fccf6c1278 | ||
|
|
ee874858b4 | ||
|
|
dde1354bd0 | ||
|
|
c241c2744f | ||
|
|
5ee1fa1b61 | ||
|
|
f06944a1fa | ||
|
|
27d4c37be3 | ||
|
|
2f1a7eb347 | ||
|
|
a5818e144d | ||
|
|
4e6f1717fb | ||
|
|
9d347719c7 | ||
|
|
7235022a8e | ||
|
|
5db5dad576 | ||
|
|
72a6651a9f |
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
@@ -126,7 +126,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
cache.tar.xz
|
cache.tar.xz
|
||||||
key: gam-${{ matrix.jid }}-20250422
|
key: gam-${{ matrix.jid }}-20250611
|
||||||
|
|
||||||
- name: Untar Cache archive
|
- name: Untar Cache archive
|
||||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
|
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
|
||||||
|
|||||||
@@ -2725,6 +2725,7 @@ gam print chromschemas [todrive <ToDriveAttribute>*]
|
|||||||
<ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
|
<ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
|
||||||
[[formatjson [quotechar <Character>]]
|
[[formatjson [quotechar <Character>]]
|
||||||
|
|
||||||
|
gam info chromeschema std <SchemaName>
|
||||||
gam show chromeschemas std
|
gam show chromeschemas std
|
||||||
[filter <String>]
|
[filter <String>]
|
||||||
|
|
||||||
@@ -5030,18 +5031,18 @@ gam <UserTypeEntity> delete permissions <SharedDriveEntityAdmin> <DriveFilePermi
|
|||||||
|
|
||||||
In these commands, the Google administrator named in oauth2.txt is used.
|
In these commands, the Google administrator named in oauth2.txt is used.
|
||||||
|
|
||||||
gam copy teamdriveacls <SharedDriveEntity> to <SharedDriveEntity>
|
gam copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
|
||||||
[adminaccess|asadmin]
|
[adminaccess|asadmin]
|
||||||
[showpermissionsmessages [<Boolean>]]
|
[showpermissionsmessages [<Boolean>]]
|
||||||
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
||||||
(mappermissionsdomain <DomainName> <DomainName>)*
|
(mappermissionsdomain <DomainName> <DomainName>)*
|
||||||
gam sync teamdriveacls <SharedDriveEntity> with <SharedDriveEntity>
|
gam sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
|
||||||
[adminaccess|asadmin]
|
[adminaccess|asadmin]
|
||||||
[showpermissionsmessages [<Boolean>]]
|
[showpermissionsmessages [<Boolean>]]
|
||||||
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
||||||
(mappermissionsdomain <DomainName> <DomainName>)*
|
(mappermissionsdomain <DomainName> <DomainName>)*
|
||||||
|
|
||||||
gam print teamdriveacls [todrive <ToDriveAttribute>*]
|
gam print shareddriveacls [todrive <ToDriveAttribute>*]
|
||||||
[teamdriveadminquery|query <QueryTeamDrive>]
|
[teamdriveadminquery|query <QueryTeamDrive>]
|
||||||
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
|
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
|
||||||
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
|
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
|
||||||
@@ -5049,7 +5050,7 @@ gam print teamdriveacls [todrive <ToDriveAttribute>*]
|
|||||||
[oneitemperrow] [<DrivePermissionsFieldName>*|(fields <DrivePermissionsFieldNameList>)]
|
[oneitemperrow] [<DrivePermissionsFieldName>*|(fields <DrivePermissionsFieldNameList>)]
|
||||||
(addcsvdata <FieldName> <String>)*
|
(addcsvdata <FieldName> <String>)*
|
||||||
[formatjson [quotechar <Character>]]
|
[formatjson [quotechar <Character>]]
|
||||||
gam show teamdriveacls
|
gam show shareddriveacls
|
||||||
[teamdriveadminquery|query <QueryTeamDrive>]
|
[teamdriveadminquery|query <QueryTeamDrive>]
|
||||||
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
|
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
|
||||||
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
|
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
|
||||||
@@ -5059,18 +5060,18 @@ gam show teamdriveacls
|
|||||||
|
|
||||||
In these commands, you specify an administrator and then indicate that you want domain administrator access with the adminaccess option.
|
In these commands, you specify an administrator and then indicate that you want domain administrator access with the adminaccess option.
|
||||||
|
|
||||||
gam <UserTypeEntity> copy teamdriveacls <SharedDriveEntity> to <SharedDriveEntity>
|
gam <UserTypeEntity> copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
|
||||||
[adminaccess|asadmin]
|
[adminaccess|asadmin]
|
||||||
[showpermissionsmessages [<Boolean>]]
|
[showpermissionsmessages [<Boolean>]]
|
||||||
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
||||||
(mappermissionsdomain <DomainName> <DomainName>)*
|
(mappermissionsdomain <DomainName> <DomainName>)*
|
||||||
gam <UserTypeEntity> sync teamdriveacls <SharedDriveEntity> with <SharedDriveEntity>
|
gam <UserTypeEntity> sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
|
||||||
[adminaccess|asadmin]
|
[adminaccess|asadmin]
|
||||||
[showpermissionsmessages [<Boolean>]]
|
[showpermissionsmessages [<Boolean>]]
|
||||||
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
|
||||||
(mappermissionsdomain <DomainName> <DomainName>)*
|
(mappermissionsdomain <DomainName> <DomainName>)*
|
||||||
|
|
||||||
gam <UserTypeEntity> print teamdriveacls [todrive <ToDriveAttribute>*]
|
gam <UserTypeEntity> print shareddriveacls [todrive <ToDriveAttribute>*]
|
||||||
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
|
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
|
||||||
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
|
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
|
||||||
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
|
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
|
||||||
@@ -5079,7 +5080,7 @@ gam <UserTypeEntity> print teamdriveacls [todrive <ToDriveAttribute>*]
|
|||||||
[shownopermissionsdrives false|true|only]
|
[shownopermissionsdrives false|true|only]
|
||||||
(addcsvdata <FieldName> <String>)*
|
(addcsvdata <FieldName> <String>)*
|
||||||
[formatjson [quotechar <Character>]]
|
[formatjson [quotechar <Character>]]
|
||||||
gam <UserTypeEntity> show teamdriveacls
|
gam <UserTypeEntity> show shareddriveacls
|
||||||
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
|
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
|
||||||
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
|
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
|
||||||
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
|
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
|
||||||
|
|||||||
@@ -1,3 +1,92 @@
|
|||||||
|
7.09.06
|
||||||
|
|
||||||
|
Upddated `gam print|show shareddrives', `gam print|show shareddriveacls', `gam print shareddriveorganizers`
|
||||||
|
to display the Shared Drives in ascending name order; the API returns them in an unidentifiable order.
|
||||||
|
|
||||||
|
7.09.05
|
||||||
|
|
||||||
|
Improved output of `gam info|show chromeschemas [std]` to more accurately display the schemas.
|
||||||
|
|
||||||
|
Fixed bugs in `gam update chromepolicy` that caused invalid error messaages.
|
||||||
|
|
||||||
|
7.09.04
|
||||||
|
|
||||||
|
Fixed bug in `gam whatis <EmailItem>` where the check for an invitable user always failed.
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` where no organizers were displayed when `domain` in `gam.cfg` was blank.
|
||||||
|
|
||||||
|
Updated to Python 3.13.5
|
||||||
|
|
||||||
|
7.09.03
|
||||||
|
|
||||||
|
Updated `gam <UserTypeEntity> create focustime|outofoffice ... timerange <Time> <Time>` to check
|
||||||
|
that the first `<Time>` is less than the second `Time`; previously the event was not created.
|
||||||
|
|
||||||
|
For new installs the `enforce_expansive_access` Boolean variable in `gam.cfg` now defaults to True.
|
||||||
|
For existing installations, if `enforce_expansive_access` has not been added to `gam.cfg`,
|
||||||
|
a default value of True will be used.
|
||||||
|
|
||||||
|
7.09.02
|
||||||
|
|
||||||
|
Added command `gam info chromeschema std <SchemaName>` to display a Chrome policy schema in the same format as Legacy GAM.
|
||||||
|
|
||||||
|
Improved output of `gam show chromeschemas [std]` and `gam info chromeschema [std]` to more accurately display the schemas.
|
||||||
|
|
||||||
|
7.09.01
|
||||||
|
|
||||||
|
Fixed bug in `gam <UserTypeEntity> print diskusage` where the `ownedByMe` column was
|
||||||
|
blank for the top folder.
|
||||||
|
|
||||||
|
Fixed bug in `gam update chromepolicy` where the following error was generated
|
||||||
|
when updating policies with simple numerical values.
|
||||||
|
```
|
||||||
|
ERROR: Missing argument: Expected <value>"
|
||||||
|
```
|
||||||
|
|
||||||
|
7.09.00
|
||||||
|
|
||||||
|
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
|
||||||
|
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
|
||||||
|
is enabled prompting you to update your service account authorization so that the scope can be removed.
|
||||||
|
|
||||||
|
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
|
||||||
|
|
||||||
|
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
|
||||||
|
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
It's default value is False.
|
||||||
|
```
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
gam <UserTypeEntity> transfer drive
|
||||||
|
```
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
|
||||||
|
|
||||||
|
Updated to Python 3.13.4
|
||||||
|
|
||||||
|
7.08.02
|
||||||
|
|
||||||
|
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
|
||||||
|
|
||||||
|
* `domainlist` - The workspace primary domain
|
||||||
|
* `includetypes` - user
|
||||||
|
* `oneorganizer` - True
|
||||||
|
* `shownoorganizerdrives` - True
|
||||||
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
|
These commands produce the same result.
|
||||||
|
```
|
||||||
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
||||||
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
|
```
|
||||||
|
|
||||||
7.08.01
|
7.08.01
|
||||||
|
|
||||||
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
|
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ if __name__ == '__main__':
|
|||||||
# One time initialization
|
# One time initialization
|
||||||
if platform.system() != 'Linux':
|
if platform.system() != 'Linux':
|
||||||
multiprocessing.freeze_support()
|
multiprocessing.freeze_support()
|
||||||
multiprocessing.set_start_method('spawn')
|
multiprocessing.set_start_method('spawn', force=True)
|
||||||
initializeLogging()
|
initializeLogging()
|
||||||
#
|
#
|
||||||
CallGAMCommand(['gam', 'version'])
|
CallGAMCommand(['gam', 'version'])
|
||||||
|
|||||||
@@ -11,5 +11,5 @@ from gam.__main__ import main
|
|||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
if platform.system() != 'Linux':
|
if platform.system() != 'Linux':
|
||||||
multiprocessing.freeze_support()
|
multiprocessing.freeze_support()
|
||||||
multiprocessing.set_start_method('spawn')
|
multiprocessing.set_start_method('spawn', force=True)
|
||||||
main()
|
main()
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.08.01'
|
__version__ = '7.09.06'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -4785,6 +4785,7 @@ def defaultSvcAcctScopes():
|
|||||||
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
|
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
|
||||||
saScopes = {}
|
saScopes = {}
|
||||||
for scope in scopesList:
|
for scope in scopesList:
|
||||||
|
if not scope.get('offByDefault'):
|
||||||
saScopes.setdefault(scope['api'], [])
|
saScopes.setdefault(scope['api'], [])
|
||||||
saScopes[scope['api']].append(scope['scope'])
|
saScopes[scope['api']].append(scope['scope'])
|
||||||
saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
|
saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
|
||||||
@@ -12232,7 +12233,7 @@ def checkServiceAccount(users):
|
|||||||
|
|
||||||
def authorizeScopes(message):
|
def authorizeScopes(message):
|
||||||
long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
|
long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
|
||||||
f'?clientScopeToAdd={",".join(checkScopes)}'
|
f'?clientScopeToAdd={",".join(sorted(checkScopes))}'
|
||||||
f'&clientIdToAdd={service_account}&overwriteClientId=true')
|
f'&clientIdToAdd={service_account}&overwriteClientId=true')
|
||||||
if GC.Values[GC.DOMAIN]:
|
if GC.Values[GC.DOMAIN]:
|
||||||
long_url += f'&dn={GC.Values[GC.DOMAIN]}'
|
long_url += f'&dn={GC.Values[GC.DOMAIN]}'
|
||||||
@@ -12244,10 +12245,12 @@ def checkServiceAccount(users):
|
|||||||
allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
|
allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
|
||||||
checkScopesSet = set()
|
checkScopesSet = set()
|
||||||
saScopes = {}
|
saScopes = {}
|
||||||
|
checkDeprecatedScopes = True
|
||||||
useColor = False
|
useColor = False
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
if myarg in {'scope', 'scopes'}:
|
if myarg in {'scope', 'scopes'}:
|
||||||
|
checkDeprecatedScopes = False
|
||||||
for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
|
for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
|
||||||
api = API.getSvcAcctScopeAPI(scope)
|
api = API.getSvcAcctScopeAPI(scope)
|
||||||
if api is not None:
|
if api is not None:
|
||||||
@@ -12264,10 +12267,12 @@ def checkServiceAccount(users):
|
|||||||
testPass = createGreenText('PASS')
|
testPass = createGreenText('PASS')
|
||||||
testFail = createRedText('FAIL')
|
testFail = createRedText('FAIL')
|
||||||
testWarn = createYellowText('WARN')
|
testWarn = createYellowText('WARN')
|
||||||
|
testDeprecated = createRedText('DEPRECATED')
|
||||||
else:
|
else:
|
||||||
testPass = 'PASS'
|
testPass = 'PASS'
|
||||||
testFail = 'FAIL'
|
testFail = 'FAIL'
|
||||||
testWarn = 'WARN'
|
testWarn = 'WARN'
|
||||||
|
testDeprecated = 'DEPRECATED'
|
||||||
if Act.Get() == Act.CHECK:
|
if Act.Get() == Act.CHECK:
|
||||||
if not checkScopesSet:
|
if not checkScopesSet:
|
||||||
for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
|
for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
|
||||||
@@ -12275,7 +12280,7 @@ def checkServiceAccount(users):
|
|||||||
else:
|
else:
|
||||||
if not checkScopesSet:
|
if not checkScopesSet:
|
||||||
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
|
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
|
||||||
selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES])
|
selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES] if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] else None)
|
||||||
if selectedScopes is None:
|
if selectedScopes is None:
|
||||||
return False
|
return False
|
||||||
i = 0
|
i = 0
|
||||||
@@ -12337,8 +12342,8 @@ def checkServiceAccount(users):
|
|||||||
if saTokenStatus == testFail:
|
if saTokenStatus == testFail:
|
||||||
invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
|
invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
|
||||||
_getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
|
_getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
|
||||||
if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] and API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
|
if API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
|
||||||
GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.CLOUD_PLATFORM_SCOPE]
|
GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.IAM_SCOPE]
|
||||||
key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
|
key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
|
||||||
if key_type == 'default':
|
if key_type == 'default':
|
||||||
printMessage(Msg.SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE)
|
printMessage(Msg.SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE)
|
||||||
@@ -12348,7 +12353,8 @@ def checkServiceAccount(users):
|
|||||||
Ind.Increment()
|
Ind.Increment()
|
||||||
try:
|
try:
|
||||||
key = callGAPI(iam.projects().serviceAccounts().keys(), 'get',
|
key = callGAPI(iam.projects().serviceAccounts().keys(), 'get',
|
||||||
throwReasons=[GAPI.BAD_REQUEST, GAPI.INVALID, GAPI.NOT_FOUND, GAPI.PERMISSION_DENIED],
|
throwReasons=[GAPI.BAD_REQUEST, GAPI.INVALID, GAPI.NOT_FOUND,
|
||||||
|
GAPI.PERMISSION_DENIED, GAPI.SERVICE_NOT_AVAILABLE],
|
||||||
name=name, fields='validAfterTime')
|
name=name, fields='validAfterTime')
|
||||||
key_created, _ = iso8601.parse_date(key['validAfterTime'])
|
key_created, _ = iso8601.parse_date(key['validAfterTime'])
|
||||||
key_age = todaysTime()-key_created
|
key_age = todaysTime()-key_created
|
||||||
@@ -12361,6 +12367,10 @@ def checkServiceAccount(users):
|
|||||||
Ent.SVCACCT, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email']],
|
Ent.SVCACCT, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email']],
|
||||||
str(e))
|
str(e))
|
||||||
printPassFail(Msg.SERVICE_ACCOUNT_PRIVATE_KEY_AGE.format('UNKNOWN'), testWarn)
|
printPassFail(Msg.SERVICE_ACCOUNT_PRIVATE_KEY_AGE.format('UNKNOWN'), testWarn)
|
||||||
|
except GAPI.serviceNotAvailable as e:
|
||||||
|
entityActionFailedExit([Ent.PROJECT, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['project_id'],
|
||||||
|
Ent.SVCACCT, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email']],
|
||||||
|
str(e))
|
||||||
else:
|
else:
|
||||||
printPassFail(Msg.SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK.format(key_type), testPass)
|
printPassFail(Msg.SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK.format(key_type), testPass)
|
||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
@@ -12399,6 +12409,38 @@ def checkServiceAccount(users):
|
|||||||
allScopesPass = False
|
allScopesPass = False
|
||||||
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
|
if checkDeprecatedScopes:
|
||||||
|
deprecatedScopes = sorted(API.DEPRECATED_SCOPES)
|
||||||
|
jcount = len(deprecatedScopes)
|
||||||
|
printKeyValueListWithCount([Msg.DEPRECATED_SCOPES, '',
|
||||||
|
Ent.Singular(Ent.USER), user,
|
||||||
|
Ent.Choose(Ent.SCOPE, jcount), jcount],
|
||||||
|
i, count)
|
||||||
|
Ind.Increment()
|
||||||
|
j = 0
|
||||||
|
for scope in deprecatedScopes:
|
||||||
|
j += 1
|
||||||
|
# try with and without email scope
|
||||||
|
for scopes in [[scope, API.USERINFO_EMAIL_SCOPE], [scope]]:
|
||||||
|
try:
|
||||||
|
credentials = getSvcAcctCredentials(scopes, user)
|
||||||
|
credentials.refresh(request)
|
||||||
|
break
|
||||||
|
except (httplib2.HttpLib2Error, google.auth.exceptions.TransportError, RuntimeError) as e:
|
||||||
|
handleServerError(e)
|
||||||
|
except google.auth.exceptions.RefreshError:
|
||||||
|
continue
|
||||||
|
if credentials.token:
|
||||||
|
token_info = callGAPI(oa2, 'tokeninfo', access_token=credentials.token)
|
||||||
|
if scope in token_info.get('scope', '').split(' ') and user == token_info.get('email', user).lower():
|
||||||
|
scopeStatus = testDeprecated
|
||||||
|
allScopesPass = False
|
||||||
|
else:
|
||||||
|
scopeStatus = testPass
|
||||||
|
else:
|
||||||
|
scopeStatus = testPass
|
||||||
|
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
||||||
|
Ind.Decrement()
|
||||||
service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
|
service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
|
||||||
if allScopesPass:
|
if allScopesPass:
|
||||||
if Act.Get() == Act.CHECK:
|
if Act.Get() == Act.CHECK:
|
||||||
@@ -13101,7 +13143,7 @@ def doWhatIs():
|
|||||||
entityUnknownWarning(Ent.EMAIL, email)
|
entityUnknownWarning(Ent.EMAIL, email)
|
||||||
setSysExitRC(ENTITY_IS_UKNOWN_RC)
|
setSysExitRC(ENTITY_IS_UKNOWN_RC)
|
||||||
return
|
return
|
||||||
if not invitableCheck or not getSvcAcctCredentials(API.CLOUDIDENTITY_USERINVITATIONS, _getAdminEmail(), softErrors=True):
|
if not invitableCheck:
|
||||||
isInvitableUser = False
|
isInvitableUser = False
|
||||||
else:
|
else:
|
||||||
isInvitableUser, ci = _getIsInvitableUser(None, email)
|
isInvitableUser, ci = _getIsInvitableUser(None, email)
|
||||||
@@ -25910,7 +25952,7 @@ def exitIfChatNotConfigured(chat, kvList, errMsg, i, count):
|
|||||||
if (('No bot associated with this project.' in errMsg) or
|
if (('No bot associated with this project.' in errMsg) or
|
||||||
('Invalid project number.' in errMsg) or
|
('Invalid project number.' in errMsg) or
|
||||||
('Google Chat app not found.' in errMsg)):
|
('Google Chat app not found.' in errMsg)):
|
||||||
systemErrorExit(API_ACCESS_DENIED_RC, Msg.TO_SET_UP_GOOGLE_CHAT.format(setupChatURL(chat)))
|
systemErrorExit(API_ACCESS_DENIED_RC, Msg.TO_SET_UP_GOOGLE_CHAT.format(setupChatURL(chat), GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['project_id']))
|
||||||
entityActionFailedWarning(kvList, errMsg, i, count)
|
entityActionFailedWarning(kvList, errMsg, i, count)
|
||||||
|
|
||||||
def _getChatAdminAccess(adminAPI, userAPI):
|
def _getChatAdminAccess(adminAPI, userAPI):
|
||||||
@@ -28074,21 +28116,21 @@ def commonprefix(m):
|
|||||||
return s1[:i]
|
return s1[:i]
|
||||||
return s1
|
return s1
|
||||||
|
|
||||||
def simplifyChromeSchema(schema):
|
SCHEMA_TYPE_MESSAGE_MAP = {
|
||||||
schema_name = schema['name'].split('/')[-1]
|
'NullableDuration': {'type': 'TYPE_INT64', 'namedType': 'duration'},
|
||||||
schema_dict = {'name': schema_name,
|
'NullableLong': {'type': 'TYPE_INT64', 'namedType': 'value'},
|
||||||
'description': schema.get('policyDescription', ''),
|
'SystemTimezone': {'type': 'TYPE_STRING', 'namedType': 'value'}
|
||||||
'settings': {}
|
|
||||||
}
|
}
|
||||||
fieldDescriptions = schema['fieldDescriptions']
|
|
||||||
|
def simplifyChromeSchemaUpdate(schema):
|
||||||
|
schema_name = schema['name'].split('/')[-1]
|
||||||
|
schema_dict = {'name': schema_name, 'settings': {}}
|
||||||
for mtype in schema['definition']['messageType']:
|
for mtype in schema['definition']['messageType']:
|
||||||
|
if mtype['name'] in SCHEMA_TYPE_MESSAGE_MAP:
|
||||||
|
continue
|
||||||
for setting in mtype['field']:
|
for setting in mtype['field']:
|
||||||
setting_name = setting['name']
|
setting_name = setting['name']
|
||||||
setting_dict = {'name': setting_name,
|
setting_dict = {'name': setting_name, 'type': setting['type'], 'namedType': ''}
|
||||||
'constraints': None,
|
|
||||||
'descriptions': [],
|
|
||||||
'type': setting['type'],
|
|
||||||
}
|
|
||||||
if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED':
|
if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED':
|
||||||
setting_dict['type'] = 'TYPE_LIST'
|
setting_dict['type'] = 'TYPE_LIST'
|
||||||
if setting_dict['type'] == 'TYPE_ENUM':
|
if setting_dict['type'] == 'TYPE_ENUM':
|
||||||
@@ -28099,27 +28141,83 @@ def simplifyChromeSchema(schema):
|
|||||||
setting_dict['enum_prefix'] = commonprefix(setting_dict['enums'])
|
setting_dict['enum_prefix'] = commonprefix(setting_dict['enums'])
|
||||||
prefix_len = len(setting_dict['enum_prefix'])
|
prefix_len = len(setting_dict['enum_prefix'])
|
||||||
setting_dict['enums'] = [enum[prefix_len:] for enum in setting_dict['enums'] if not enum.endswith('UNSPECIFIED')]
|
setting_dict['enums'] = [enum[prefix_len:] for enum in setting_dict['enums'] if not enum.endswith('UNSPECIFIED')]
|
||||||
setting_dict['descriptions'] = ['']*len(setting_dict['enums'])
|
|
||||||
for i, an in enumerate(setting_dict['enums']):
|
|
||||||
for fdesc in fieldDescriptions:
|
|
||||||
if fdesc.get('field') == setting_name:
|
|
||||||
for d in fdesc.get('knownValueDescriptions', []):
|
|
||||||
if d['value'][prefix_len:] == an:
|
|
||||||
setting_dict['descriptions'][i] = d.get('description', '')
|
|
||||||
break
|
|
||||||
break
|
|
||||||
break
|
|
||||||
elif setting_dict['type'] == 'TYPE_MESSAGE':
|
elif setting_dict['type'] == 'TYPE_MESSAGE':
|
||||||
|
type_name = setting['typeName']
|
||||||
|
if type_name not in SCHEMA_TYPE_MESSAGE_MAP:
|
||||||
|
continue
|
||||||
|
setting_dict['type'] = SCHEMA_TYPE_MESSAGE_MAP[type_name]['type']
|
||||||
|
setting_dict['namedType'] = SCHEMA_TYPE_MESSAGE_MAP[type_name]['namedType']
|
||||||
|
schema_dict['settings'][setting_name.lower()] = setting_dict
|
||||||
|
return(schema_name, schema_dict)
|
||||||
|
|
||||||
|
def simplifyChromeSchemaDisplay(schema):
|
||||||
|
schema_name = schema['name'].split('/')[-1]
|
||||||
|
schema_dict = {'name': schema_name, 'description': schema.get('policyDescription', '')}
|
||||||
|
fieldDescriptions = schema['fieldDescriptions']
|
||||||
|
enumDict = {}
|
||||||
|
for enumType in schema['definition'].get('enumType', []):
|
||||||
|
enumEntry = {}
|
||||||
|
enumEntry['enums'] = [enum['name'] for enum in enumType['value']]
|
||||||
|
enumEntry['enum_prefix'] = commonprefix(enumEntry['enums'])
|
||||||
|
enumEntry['enum_prefix_len'] = prefix_len = len(enumEntry['enum_prefix'])
|
||||||
|
enumEntry['enums'] = [enum[prefix_len:] for enum in enumEntry['enums'] if not enum.endswith('UNSPECIFIED')]
|
||||||
|
enumDict[enumType['name']] = enumEntry.copy()
|
||||||
|
mesgDict = {}
|
||||||
|
mesgPops = set()
|
||||||
|
for mesgType in schema['definition']['messageType']:
|
||||||
|
mtypeEntry = {'field': {}, 'subfield': False}
|
||||||
|
for mfield in mesgType['field']:
|
||||||
|
mfield.pop('number')
|
||||||
|
mtypeEntry['field'][mfield.pop('name')] = mfield
|
||||||
|
mesgDict[mesgType['name']] = mtypeEntry.copy()
|
||||||
|
for _, mtypeEntry in mesgDict.items():
|
||||||
|
for mfieldName, mfield in mtypeEntry['field'].items():
|
||||||
|
mfield['descriptions'] = []
|
||||||
|
if mfield['type'] == 'TYPE_STRING' and mfield.get('label') == 'LABEL_REPEATED':
|
||||||
|
mfield['type'] = 'TYPE_LIST'
|
||||||
|
if mfield['type'] == 'TYPE_ENUM':
|
||||||
|
mfield['subtype'] = enumDict[mfield['typeName']]
|
||||||
|
for an_enum in schema['definition']['enumType']:
|
||||||
|
if an_enum['name'] == mfield['typeName']:
|
||||||
|
mfield['descriptions'] = ['']*len(mfield['subtype']['enums'])
|
||||||
|
for i, an in enumerate(mfield['subtype']['enums']):
|
||||||
|
for fdesc in fieldDescriptions:
|
||||||
|
if fdesc.get('field') == mfieldName:
|
||||||
|
for d in fdesc.get('knownValueDescriptions', []):
|
||||||
|
if d['value'][mfield['subtype']['enum_prefix_len']:] == an:
|
||||||
|
mfield['descriptions'][i] = d.get('description', '')
|
||||||
|
break
|
||||||
|
break
|
||||||
|
break
|
||||||
|
elif mfield['type'] == 'TYPE_MESSAGE':
|
||||||
|
subfield = mfield['typeName']
|
||||||
|
if subfield not in SCHEMA_TYPE_MESSAGE_MAP:
|
||||||
|
mesgDict[subfield]['subfield'] = True
|
||||||
|
mfield['subtype'] = mesgDict[subfield]
|
||||||
|
else:
|
||||||
|
mfield['type'] = SCHEMA_TYPE_MESSAGE_MAP[subfield]['type']
|
||||||
|
mesgPops.add(subfield)
|
||||||
continue
|
continue
|
||||||
else:
|
else:
|
||||||
setting_dict['enums'] = None
|
for fdesc in fieldDescriptions:
|
||||||
for fdesc in schema['fieldDescriptions']:
|
if fdesc['field'] == mfieldName:
|
||||||
if fdesc['field'] == setting_name:
|
|
||||||
if 'knownValueDescriptions' in fdesc:
|
if 'knownValueDescriptions' in fdesc:
|
||||||
setting_dict['descriptions'] = fdesc['knownValueDescriptions']
|
if isinstance(fdesc['knownValueDescriptions'], list):
|
||||||
|
for kvd in fdesc['knownValueDescriptions']:
|
||||||
|
if isinstance(kvd, dict):
|
||||||
|
if 'description' in kvd:
|
||||||
|
mfield['descriptions'].append(f"{kvd['value']}: {kvd['description']}")
|
||||||
|
else:
|
||||||
|
mfield['descriptions'].append(f"{kvd['value']}")
|
||||||
|
else:
|
||||||
|
mfield['descriptions'].extend(kvd)
|
||||||
|
else:
|
||||||
|
mfield['descriptions'].append(kvd)
|
||||||
elif 'description' in fdesc:
|
elif 'description' in fdesc:
|
||||||
setting_dict['descriptions'] = [fdesc['description']]
|
mfield['descriptions'].append(fdesc['description'])
|
||||||
schema_dict['settings'][setting_name.lower()] = setting_dict
|
for pfield in mesgPops:
|
||||||
|
mesgDict.pop(pfield)
|
||||||
|
schema_dict['settings'] = mesgDict
|
||||||
return(schema_name, schema_dict)
|
return(schema_name, schema_dict)
|
||||||
|
|
||||||
def _getPolicyOrgUnitTarget(cd, cp, myarg, groupEmail):
|
def _getPolicyOrgUnitTarget(cd, cp, myarg, groupEmail):
|
||||||
@@ -28215,14 +28313,11 @@ def doDeleteChromePolicy():
|
|||||||
entityActionFailedWarning(kvList, str(e))
|
entityActionFailedWarning(kvList, str(e))
|
||||||
|
|
||||||
CHROME_SCHEMA_SPECIAL_CASES = {
|
CHROME_SCHEMA_SPECIAL_CASES = {
|
||||||
|
# duration
|
||||||
'chrome.users.AutoUpdateCheckPeriodNewV2':
|
'chrome.users.AutoUpdateCheckPeriodNewV2':
|
||||||
{'autoupdatecheckperiodminutesnew':
|
{'autoupdatecheckperiodminutesnew':
|
||||||
{'casedField': 'autoUpdateCheckPeriodMinutesNew',
|
{'casedField': 'autoUpdateCheckPeriodMinutesNew',
|
||||||
'type': 'duration', 'minVal': 1, 'maxVal': 720}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 720}},
|
||||||
'chrome.users.Avatar':
|
|
||||||
{'useravatarimage':
|
|
||||||
{'casedField': 'userAvatarImage',
|
|
||||||
'type': 'downloadUri'}},
|
|
||||||
'chrome.users.BrowserSwitcherDelayDurationV2':
|
'chrome.users.BrowserSwitcherDelayDurationV2':
|
||||||
{'browserswitcherdelayduration':
|
{'browserswitcherdelayduration':
|
||||||
{'casedField': 'browserSwitcherDelayDuration',
|
{'casedField': 'browserSwitcherDelayDuration',
|
||||||
@@ -28264,10 +28359,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
{'maxinvalidationfetchdelay':
|
{'maxinvalidationfetchdelay':
|
||||||
{'casedField': 'maxInvalidationFetchDelay',
|
{'casedField': 'maxInvalidationFetchDelay',
|
||||||
'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}},
|
||||||
'chrome.users.PrintingMaxSheetsAllowed':
|
|
||||||
{'printingmaxsheetsallowednullable':
|
|
||||||
{'casedField': 'printingMaxSheetsAllowedNullable',
|
|
||||||
'type': 'value', 'minVal': 1, 'maxVal': None}},
|
|
||||||
'chrome.users.PrintJobHistoryExpirationPeriodNewV2':
|
'chrome.users.PrintJobHistoryExpirationPeriodNewV2':
|
||||||
{'printjobhistoryexpirationperioddaysnew':
|
{'printjobhistoryexpirationperioddaysnew':
|
||||||
{'casedField': 'printJobHistoryExpirationPeriodDaysNew',
|
{'casedField': 'printJobHistoryExpirationPeriodDaysNew',
|
||||||
@@ -28275,7 +28366,16 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
'chrome.users.RelaunchNotificationWithDurationV2':
|
'chrome.users.RelaunchNotificationWithDurationV2':
|
||||||
{'relaunchnotificationperiodduration':
|
{'relaunchnotificationperiodduration':
|
||||||
{'casedField': 'relaunchNotificationPeriodDuration',
|
{'casedField': 'relaunchNotificationPeriodDuration',
|
||||||
'type': 'duration', 'minVal': -1, 'maxVal': None}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 168},
|
||||||
|
'relaunchinitialquietperiodduration':
|
||||||
|
{'casedField': 'relaunchInitialQuietPeriodDuration',
|
||||||
|
'type': 'duration', 'minVal': 0, 'maxVal': None},
|
||||||
|
'relaunchwindowstarttime':
|
||||||
|
{'casedField': 'relaunchWindowStartTime',
|
||||||
|
'type': 'timeOfDay'},
|
||||||
|
'relaunchwindowdurationmin':
|
||||||
|
{'casedField': 'relaunchWindowDurationMin',
|
||||||
|
'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
|
||||||
'chrome.users.SecurityTokenSessionSettingsV2':
|
'chrome.users.SecurityTokenSessionSettingsV2':
|
||||||
{'securitytokensessionnotificationseconds':
|
{'securitytokensessionnotificationseconds':
|
||||||
{'casedField': 'securityTokenSessionNotificationSeconds',
|
{'casedField': 'securityTokenSessionNotificationSeconds',
|
||||||
@@ -28291,10 +28391,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
'updatessuppressedstarttime':
|
'updatessuppressedstarttime':
|
||||||
{'casedField': 'updatesSuppressedStartTime',
|
{'casedField': 'updatesSuppressedStartTime',
|
||||||
'type': 'timeOfDay'}},
|
'type': 'timeOfDay'}},
|
||||||
'chrome.users.Wallpaper':
|
|
||||||
{'wallpaperimage':
|
|
||||||
{'casedField': 'wallpaperImage',
|
|
||||||
'type': 'downloadUri'}},
|
|
||||||
'chrome.devices.EnableReportUploadFrequencyV2':
|
'chrome.devices.EnableReportUploadFrequencyV2':
|
||||||
{'reportdeviceuploadfrequency':
|
{'reportdeviceuploadfrequency':
|
||||||
{'casedField': 'reportDeviceUploadFrequency',
|
{'casedField': 'reportDeviceUploadFrequency',
|
||||||
@@ -28303,10 +28399,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
{'uptimelimitduration':
|
{'uptimelimitduration':
|
||||||
{'casedField': 'uptimeLimitDuration',
|
{'casedField': 'uptimeLimitDuration',
|
||||||
'type': 'duration', 'minVal': 1, 'maxVal': 365}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 365}},
|
||||||
'chrome.devices.SignInWallpaperImage':
|
|
||||||
{'devicewallpaperimage':
|
|
||||||
{'casedField': 'deviceWallpaperImage',
|
|
||||||
'type': 'downloadUri'}},
|
|
||||||
'chrome.devices.kiosk.AcPowerSettingsV2':
|
'chrome.devices.kiosk.AcPowerSettingsV2':
|
||||||
{'acidletimeout':
|
{'acidletimeout':
|
||||||
{'casedField': 'acIdleTimeout',
|
{'casedField': 'acIdleTimeout',
|
||||||
@@ -28333,10 +28425,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
'batteryscreenofftimeout':
|
'batteryscreenofftimeout':
|
||||||
{'casedField': 'batteryScreenOffTimeout',
|
{'casedField': 'batteryScreenOffTimeout',
|
||||||
'type': 'duration', 'minVal': 0, 'maxVal': 35000}},
|
'type': 'duration', 'minVal': 0, 'maxVal': 35000}},
|
||||||
'chrome.devices.managedguest.Avatar':
|
|
||||||
{'useravatarimage':
|
|
||||||
{'casedField': 'userAvatarImage',
|
|
||||||
'type': 'downloadUri'}},
|
|
||||||
'chrome.devices.managedguest.BrowsingDataLifetimeV2':
|
'chrome.devices.managedguest.BrowsingDataLifetimeV2':
|
||||||
{'browsinghistoryttl':
|
{'browsinghistoryttl':
|
||||||
{'casedField': 'browsingHistoryTtl',
|
{'casedField': 'browsingHistoryTtl',
|
||||||
@@ -28378,6 +28466,56 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
{'sessiondurationlimit':
|
{'sessiondurationlimit':
|
||||||
{'casedField': 'sessionDurationLimit',
|
{'casedField': 'sessionDurationLimit',
|
||||||
'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
|
||||||
|
# value
|
||||||
|
'chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays':
|
||||||
|
{'gaialockscreenofflinesignintimelimitdays':
|
||||||
|
{'casedField': 'gaiaLockScreenOfflineSigninTimeLimitDays',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 365}},
|
||||||
|
'chrome.users.GaiaOfflineSigninTimeLimitDays':
|
||||||
|
{'gaiaofflinesignintimelimitdays':
|
||||||
|
{'casedField': 'gaiaOfflineSigninTimeLimitDays',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 365}},
|
||||||
|
'chrome.users.PrintingMaxSheetsAllowed':
|
||||||
|
{'printingmaxsheetsallowednullable':
|
||||||
|
{'casedField': 'printingMaxSheetsAllowedNullable',
|
||||||
|
'type': 'value', 'minVal': 1, 'maxVal': None}},
|
||||||
|
'chrome.users.RemoteAccessHostClipboardSizeBytes':
|
||||||
|
{'remoteaccesshostclipboardsizebytes':
|
||||||
|
{'casedField': 'remoteAccessHostClipboardSizeBytes',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
|
||||||
|
'chrome.users.SamlLockScreenOfflineSigninTimeLimitDays':
|
||||||
|
{'samllockscreenofflinesignintimelimitdays':
|
||||||
|
{'casedField': 'samlLockScreenOfflineSigninTimeLimitDays',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 365}},
|
||||||
|
'chrome.devices.ExtensionCacheSize':
|
||||||
|
{'extensioncachesize':
|
||||||
|
{'casedField': 'extensionCacheSize',
|
||||||
|
'type': 'value', 'minVal': 1048576, 'maxVal': None, 'default': 268435456}},
|
||||||
|
'chrome.devices.managedguest.PrintingMaxSheetsAllowed':
|
||||||
|
{'printingmaxsheetsallowednullable':
|
||||||
|
{'casedField': 'printingMaxSheetsAllowedNullable',
|
||||||
|
'type': 'value', 'minVal': 1, 'maxVal': None}},
|
||||||
|
'chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes':
|
||||||
|
{'remoteaccesshostclipboardsizebytes':
|
||||||
|
{'casedField': 'remoteAccessHostClipboardSizeBytes',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
|
||||||
|
# downloadUri
|
||||||
|
'chrome.users.Avatar':
|
||||||
|
{'useravatarimage':
|
||||||
|
{'casedField': 'userAvatarImage',
|
||||||
|
'type': 'downloadUri'}},
|
||||||
|
'chrome.users.Wallpaper':
|
||||||
|
{'wallpaperimage':
|
||||||
|
{'casedField': 'wallpaperImage',
|
||||||
|
'type': 'downloadUri'}},
|
||||||
|
'chrome.devices.SignInWallpaperImage':
|
||||||
|
{'devicewallpaperimage':
|
||||||
|
{'casedField': 'deviceWallpaperImage',
|
||||||
|
'type': 'downloadUri'}},
|
||||||
|
'chrome.devices.managedguest.Avatar':
|
||||||
|
{'useravatarimage':
|
||||||
|
{'casedField': 'userAvatarImage',
|
||||||
|
'type': 'downloadUri'}},
|
||||||
'chrome.devices.managedguest.Wallpaper':
|
'chrome.devices.managedguest.Wallpaper':
|
||||||
{'wallpaperimage':
|
{'wallpaperimage':
|
||||||
{'casedField': 'wallpaperImage',
|
{'casedField': 'wallpaperImage',
|
||||||
@@ -28399,7 +28537,7 @@ def doUpdateChromePolicy():
|
|||||||
return value
|
return value
|
||||||
#if vtype == timeOfDay:
|
#if vtype == timeOfDay:
|
||||||
hours, minutes = value.split(':')
|
hours, minutes = value.split(':')
|
||||||
return {vtype: {'hours': hours, 'minutes': minutes}}
|
return {vtype: {'hours': int(hours), 'minutes': int(minutes)}}
|
||||||
|
|
||||||
cp = buildGAPIObject(API.CHROMEPOLICY)
|
cp = buildGAPIObject(API.CHROMEPOLICY)
|
||||||
cd = buildGAPIObject(API.DIRECTORY)
|
cd = buildGAPIObject(API.DIRECTORY)
|
||||||
@@ -28422,7 +28560,7 @@ def doUpdateChromePolicy():
|
|||||||
elif myarg == 'convertcrnl':
|
elif myarg == 'convertcrnl':
|
||||||
convertCRsNLs = True
|
convertCRsNLs = True
|
||||||
else:
|
else:
|
||||||
schemaName, schema = simplifyChromeSchema(_getChromePolicySchema(cp, Cmd.Previous(), '*'))
|
schemaName, schema = simplifyChromeSchemaUpdate(_getChromePolicySchema(cp, Cmd.Previous(), '*'))
|
||||||
body['requests'].append({'policyValue': {'policySchema': schemaName, 'value': {}},
|
body['requests'].append({'policyValue': {'policySchema': schemaName, 'value': {}},
|
||||||
'updateMask': ''})
|
'updateMask': ''})
|
||||||
schemaNameList.append(schemaName)
|
schemaNameList.append(schemaName)
|
||||||
@@ -28508,8 +28646,9 @@ def doUpdateChromePolicy():
|
|||||||
if field not in schema['settings']:
|
if field not in schema['settings']:
|
||||||
Cmd.Backup()
|
Cmd.Backup()
|
||||||
missingChoiceExit(schema['settings'])
|
missingChoiceExit(schema['settings'])
|
||||||
casedField = schema['settings'][field]['name']
|
field_settings = schema['settings'][field]
|
||||||
vtype = schema['settings'][field]['type']
|
casedField = field_settings['name']
|
||||||
|
vtype = field_settings['type']
|
||||||
value = getString(Cmd.OB_STRING, minLen=0 if vtype in {'TYPE_STRING', 'TYPE_LIST'} else 1)
|
value = getString(Cmd.OB_STRING, minLen=0 if vtype in {'TYPE_STRING', 'TYPE_LIST'} else 1)
|
||||||
if vtype in ['TYPE_INT64', 'TYPE_INT32', 'TYPE_UINT64']:
|
if vtype in ['TYPE_INT64', 'TYPE_INT32', 'TYPE_UINT64']:
|
||||||
if not value.isnumeric():
|
if not value.isnumeric():
|
||||||
@@ -28526,8 +28665,8 @@ def doUpdateChromePolicy():
|
|||||||
invalidChoiceExit(value, TRUE_FALSE, True)
|
invalidChoiceExit(value, TRUE_FALSE, True)
|
||||||
elif vtype == 'TYPE_ENUM':
|
elif vtype == 'TYPE_ENUM':
|
||||||
value = value.upper()
|
value = value.upper()
|
||||||
prefix = schema['settings'][field]['enum_prefix']
|
prefix = field_settings['enum_prefix']
|
||||||
enum_values = schema['settings'][field]['enums']
|
enum_values = field_settings['enums']
|
||||||
if value in enum_values:
|
if value in enum_values:
|
||||||
value = f'{prefix}{value}'
|
value = f'{prefix}{value}'
|
||||||
elif value.replace(prefix, '') in enum_values:
|
elif value.replace(prefix, '') in enum_values:
|
||||||
@@ -28554,6 +28693,9 @@ def doUpdateChromePolicy():
|
|||||||
elif value and not CHROME_TARGET_VERSION_PATTERN.match(value):
|
elif value and not CHROME_TARGET_VERSION_PATTERN.match(value):
|
||||||
Cmd.Backup()
|
Cmd.Backup()
|
||||||
invalidArgumentExit(Msg.CHROME_TARGET_VERSION_FORMAT)
|
invalidArgumentExit(Msg.CHROME_TARGET_VERSION_FORMAT)
|
||||||
|
if field_settings['namedType']:
|
||||||
|
body['requests'][-1]['policyValue']['value'][casedField] = {field_settings['namedType']: value}
|
||||||
|
else:
|
||||||
body['requests'][-1]['policyValue']['value'][casedField] = value
|
body['requests'][-1]['policyValue']['value'][casedField] = value
|
||||||
body['requests'][-1]['updateMask'] += f'{casedField},'
|
body['requests'][-1]['updateMask'] += f'{casedField},'
|
||||||
checkPolicyArgs(targetResource, printer_id, app_id)
|
checkPolicyArgs(targetResource, printer_id, app_id)
|
||||||
@@ -28855,7 +28997,9 @@ def _showChromePolicySchema(schema, FJQC, i=0, count=0):
|
|||||||
return
|
return
|
||||||
printEntity([Ent.CHROME_POLICY_SCHEMA, schema['name']], i, count)
|
printEntity([Ent.CHROME_POLICY_SCHEMA, schema['name']], i, count)
|
||||||
Ind.Increment()
|
Ind.Increment()
|
||||||
showJSON(None, schema)
|
showJSON(None, schema,
|
||||||
|
dictObjectsKey={'messageType': 'name', 'field': 'name',
|
||||||
|
'fieldDescriptions': 'field', 'knownValueDescriptions': 'value'})
|
||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
|
|
||||||
CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = {
|
CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = {
|
||||||
@@ -28878,6 +29022,9 @@ CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = {
|
|||||||
# [formatjson]
|
# [formatjson]
|
||||||
def doInfoChromePolicySchemas():
|
def doInfoChromePolicySchemas():
|
||||||
cp = buildGAPIObject(API.CHROMEPOLICY)
|
cp = buildGAPIObject(API.CHROMEPOLICY)
|
||||||
|
if checkArgumentPresent('std'):
|
||||||
|
doInfoChromePolicySchemasStd(cp)
|
||||||
|
return
|
||||||
FJQC = FormatJSONQuoteChar()
|
FJQC = FormatJSONQuoteChar()
|
||||||
fieldsList = []
|
fieldsList = []
|
||||||
name = _getChromePolicySchemaName()
|
name = _getChromePolicySchemaName()
|
||||||
@@ -28906,7 +29053,7 @@ def doInfoChromePolicySchemas():
|
|||||||
# [filter <String>]
|
# [filter <String>]
|
||||||
# <ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
|
# <ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
|
||||||
# [[formatjson [quotechar <Character>]]
|
# [[formatjson [quotechar <Character>]]
|
||||||
def doPrintShowChromeSchemas():
|
def doPrintShowChromePolicySchemas():
|
||||||
def _printChromePolicySchema(schema):
|
def _printChromePolicySchema(schema):
|
||||||
row = flattenJSON(schema)
|
row = flattenJSON(schema)
|
||||||
if not FJQC.formatJSON:
|
if not FJQC.formatJSON:
|
||||||
@@ -28920,10 +29067,12 @@ def doPrintShowChromeSchemas():
|
|||||||
row['JSON'] = json.dumps(cleanJSON(schema), ensure_ascii=False, sort_keys=True)
|
row['JSON'] = json.dumps(cleanJSON(schema), ensure_ascii=False, sort_keys=True)
|
||||||
csvPF.WriteRowNoFilter(row)
|
csvPF.WriteRowNoFilter(row)
|
||||||
|
|
||||||
if checkArgumentPresent('std'):
|
|
||||||
doShowChromeSchemasStd()
|
|
||||||
return
|
|
||||||
cp = buildGAPIObject(API.CHROMEPOLICY)
|
cp = buildGAPIObject(API.CHROMEPOLICY)
|
||||||
|
if checkArgumentPresent('std'):
|
||||||
|
if not Act.csvFormat():
|
||||||
|
doShowChromePolicySchemasStd(cp)
|
||||||
|
return
|
||||||
|
unknownArgumentExit()
|
||||||
parent = _getCustomersCustomerIdWithC()
|
parent = _getCustomersCustomerIdWithC()
|
||||||
csvPF = CSVPrintFile(['name', 'schemaName', 'policyDescription',
|
csvPF = CSVPrintFile(['name', 'schemaName', 'policyDescription',
|
||||||
'policyApiLifecycle.policyApiLifecycleStage',
|
'policyApiLifecycle.policyApiLifecycleStage',
|
||||||
@@ -28983,9 +29132,55 @@ def doPrintShowChromeSchemas():
|
|||||||
if csvPF:
|
if csvPF:
|
||||||
csvPF.writeCSVfile('Chrome Policy Schemas')
|
csvPF.writeCSVfile('Chrome Policy Schemas')
|
||||||
|
|
||||||
|
def _showChromePolicySchemaStd(schema):
|
||||||
|
def _printEntry(mtypeName, mtypeEntry):
|
||||||
|
vtype = mtypeEntry['type']
|
||||||
|
if vtype != 'TYPE_MESSAGE':
|
||||||
|
printKeyValueList([f'{mtypeName}', f'{vtype}'])
|
||||||
|
else:
|
||||||
|
printKeyValueList([f'{mtypeName}'])
|
||||||
|
Ind.Increment()
|
||||||
|
if vtype == 'TYPE_ENUM':
|
||||||
|
enums = mtypeEntry['subtype']['enums']
|
||||||
|
descriptions = mtypeEntry['descriptions']
|
||||||
|
for i in range(len(enums)):
|
||||||
|
printKeyValueList([f'{enums[i]}', f'{descriptions[i]}'])
|
||||||
|
elif vtype == 'TYPE_MESSAGE':
|
||||||
|
for mfieldName, mfield in mtypeEntry['subtype']['field'].items():
|
||||||
|
# managedBookmarks is recursive
|
||||||
|
if mtypeName != 'entries':
|
||||||
|
_printEntry(mfieldName, mfield)
|
||||||
|
else:
|
||||||
|
for description in mtypeEntry.get('descriptions', []):
|
||||||
|
printKeyValueList([description])
|
||||||
|
Ind.Decrement()
|
||||||
|
|
||||||
|
printKeyValueList([f'{schema.get("name")}', f'{schema.get("description")}'])
|
||||||
|
Ind.Increment()
|
||||||
|
for _, mtypeEntry in schema['settings'].items():
|
||||||
|
if mtypeEntry['subfield']:
|
||||||
|
continue
|
||||||
|
for mfieldName, mfield in mtypeEntry['field'].items():
|
||||||
|
_printEntry(mfieldName, mfield)
|
||||||
|
Ind.Decrement()
|
||||||
|
|
||||||
|
# gam info chromeschema std <SchemaName>
|
||||||
|
def doInfoChromePolicySchemasStd(cp):
|
||||||
|
name = _getChromePolicySchemaName()
|
||||||
|
checkForExtraneousArguments()
|
||||||
|
try:
|
||||||
|
schema = callGAPI(cp.customers().policySchemas(), 'get',
|
||||||
|
throwReasons=[GAPI.NOT_FOUND, GAPI.BAD_REQUEST, GAPI.FORBIDDEN],
|
||||||
|
name=name)
|
||||||
|
_, schema_dict = simplifyChromeSchemaDisplay(schema)
|
||||||
|
_showChromePolicySchemaStd(schema_dict)
|
||||||
|
except GAPI.notFound:
|
||||||
|
entityUnknownWarning(Ent.CHROME_POLICY_SCHEMA, name)
|
||||||
|
except (GAPI.badRequest, GAPI.forbidden):
|
||||||
|
accessErrorExit(None)
|
||||||
|
|
||||||
# gam show chromeschemas std [filter <String>]
|
# gam show chromeschemas std [filter <String>]
|
||||||
def doShowChromeSchemasStd():
|
def doShowChromePolicySchemasStd(cp):
|
||||||
cp = buildGAPIObject(API.CHROMEPOLICY)
|
|
||||||
sfilter = None
|
sfilter = None
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
@@ -28999,35 +29194,10 @@ def doShowChromeSchemasStd():
|
|||||||
parent=parent, filter=sfilter)
|
parent=parent, filter=sfilter)
|
||||||
schemas = {}
|
schemas = {}
|
||||||
for schema in result:
|
for schema in result:
|
||||||
schema_name, schema_dict = simplifyChromeSchema(schema)
|
schema_name, schema_dict = simplifyChromeSchemaDisplay(schema)
|
||||||
schemas[schema_name.lower()] = schema_dict
|
schemas[schema_name.lower()] = schema_dict
|
||||||
for _, value in sorted(iter(schemas.items())):
|
for _, schema in sorted(iter(schemas.items())):
|
||||||
printKeyValueList([f'{value.get("name")}', f'{value.get("description")}'])
|
_showChromePolicySchemaStd(schema)
|
||||||
Ind.Increment()
|
|
||||||
for val in value['settings'].values():
|
|
||||||
vtype = val.get('type')
|
|
||||||
printKeyValueList([f'{val.get("name")}', f'{vtype}'])
|
|
||||||
Ind.Increment()
|
|
||||||
if vtype == 'TYPE_ENUM':
|
|
||||||
enums = val.get('enums', [])
|
|
||||||
descriptions = val.get('descriptions', [])
|
|
||||||
for i in range(len(val.get('enums', []))):
|
|
||||||
printKeyValueList([f'{enums[i]}', f'{descriptions[i]}'])
|
|
||||||
elif vtype == 'TYPE_BOOL':
|
|
||||||
pvs = val.get('descriptions')
|
|
||||||
for pvi in pvs:
|
|
||||||
if isinstance(pvi, dict):
|
|
||||||
pvalue = pvi.get('value')
|
|
||||||
pdescription = pvi.get('description')
|
|
||||||
printKeyValueList([f'{pvalue}', f'{pdescription}'])
|
|
||||||
elif isinstance(pvi, list):
|
|
||||||
printKeyValueList([f'{pvi[0]}'])
|
|
||||||
else:
|
|
||||||
description = val.get('descriptions')
|
|
||||||
if len(description) > 0:
|
|
||||||
printKeyValueList([f'{description[0]}'])
|
|
||||||
Ind.Decrement()
|
|
||||||
Ind.Decrement()
|
|
||||||
printBlankLine()
|
printBlankLine()
|
||||||
|
|
||||||
# gam create chromenetwork
|
# gam create chromenetwork
|
||||||
@@ -51488,6 +51658,9 @@ def getStatusEventDateTime(dateType, dateList):
|
|||||||
if dateType == 'timerange':
|
if dateType == 'timerange':
|
||||||
startTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
|
startTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
|
||||||
endTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
|
endTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
|
||||||
|
if startTime >= endTime:
|
||||||
|
Cmd.Backup()
|
||||||
|
usageErrorExit(Msg.INVALID_EVENT_TIMERANGE.format(dateType, startTime, endTime))
|
||||||
recurrence = []
|
recurrence = []
|
||||||
while checkArgumentPresent(['recurrence']):
|
while checkArgumentPresent(['recurrence']):
|
||||||
recurrence.append(getString(Cmd.OB_RECURRENCE))
|
recurrence.append(getString(Cmd.OB_RECURRENCE))
|
||||||
@@ -57259,6 +57432,7 @@ def printDiskUsage(users):
|
|||||||
topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}'
|
topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}'
|
||||||
else:
|
else:
|
||||||
topFolder['path'] = topFolder['name']
|
topFolder['path'] = topFolder['name']
|
||||||
|
topFolder.pop('ownedByMe', None)
|
||||||
elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'):
|
elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'):
|
||||||
topFolder['path'] = MY_DRIVE
|
topFolder['path'] = MY_DRIVE
|
||||||
else:
|
else:
|
||||||
@@ -57269,7 +57443,6 @@ def printDiskUsage(users):
|
|||||||
if owners:
|
if owners:
|
||||||
topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown')
|
topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown')
|
||||||
trashFolder['Owner'] = topFolder['Owner']
|
trashFolder['Owner'] = topFolder['Owner']
|
||||||
topFolder.pop('ownedByMe', None)
|
|
||||||
topFolder.pop('parents', None)
|
topFolder.pop('parents', None)
|
||||||
topFolder.update(zeroFolderInfo)
|
topFolder.update(zeroFolderInfo)
|
||||||
topFolder.pop(sizeField, None)
|
topFolder.pop(sizeField, None)
|
||||||
@@ -58716,7 +58889,7 @@ def initCopyMoveOptions(copyCmd):
|
|||||||
'showPermissionMessages': False,
|
'showPermissionMessages': False,
|
||||||
'sendEmailIfRequired': False,
|
'sendEmailIfRequired': False,
|
||||||
'useDomainAdminAccess': False,
|
'useDomainAdminAccess': False,
|
||||||
'enforceExpansiveAccess': False,
|
'enforceExpansiveAccess': GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS],
|
||||||
'copiedShortcutsPointToCopiedFiles': True,
|
'copiedShortcutsPointToCopiedFiles': True,
|
||||||
'createShortcutsForNonmovableFiles': False,
|
'createShortcutsForNonmovableFiles': False,
|
||||||
'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
|
'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
|
||||||
@@ -62096,7 +62269,8 @@ def transferDrive(users):
|
|||||||
targetUserFolderPattern = '#user# old files'
|
targetUserFolderPattern = '#user# old files'
|
||||||
targetUserOrphansFolderPattern = '#user# orphaned files'
|
targetUserOrphansFolderPattern = '#user# orphaned files'
|
||||||
targetIds = [None, None]
|
targetIds = [None, None]
|
||||||
createShortcutsForNonmovableFiles = enforceExpansiveAccess = False
|
createShortcutsForNonmovableFiles = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
mergeWithTarget = False
|
mergeWithTarget = False
|
||||||
thirdPartyOwners = {}
|
thirdPartyOwners = {}
|
||||||
skipFileIdEntity = initDriveFileEntity()
|
skipFileIdEntity = initDriveFileEntity()
|
||||||
@@ -62402,7 +62576,8 @@ def transferOwnership(users):
|
|||||||
body = {}
|
body = {}
|
||||||
newOwner = getEmailAddress()
|
newOwner = getEmailAddress()
|
||||||
OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
|
OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
|
||||||
changeParents = enforceExpansiveAccess = filepath = includeTrashed = noRecursion = False
|
changeParents = filepath = includeTrashed = noRecursion = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
pathDelimiter = '/'
|
pathDelimiter = '/'
|
||||||
csvPF = fileTree = None
|
csvPF = fileTree = None
|
||||||
addParents = ''
|
addParents = ''
|
||||||
@@ -62728,7 +62903,8 @@ def claimOwnership(users):
|
|||||||
onlyOwners = set()
|
onlyOwners = set()
|
||||||
skipOwners = set()
|
skipOwners = set()
|
||||||
subdomains = []
|
subdomains = []
|
||||||
enforceExpansiveAccess = filepath = includeTrashed = False
|
filepath = includeTrashed = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
pathDelimiter = '/'
|
pathDelimiter = '/'
|
||||||
addParents = ''
|
addParents = ''
|
||||||
parentBody = {}
|
parentBody = {}
|
||||||
@@ -63503,7 +63679,7 @@ def doCreateDriveFileACL():
|
|||||||
def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
||||||
fileIdEntity = getDriveFileEntity()
|
fileIdEntity = getDriveFileEntity()
|
||||||
isEmail, permissionId = getPermissionId()
|
isEmail, permissionId = getPermissionId()
|
||||||
enforceExpansiveAccess = None
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
removeExpiration = showTitles = updateSheetProtectedRanges = False
|
removeExpiration = showTitles = updateSheetProtectedRanges = False
|
||||||
showDetails = True
|
showDetails = True
|
||||||
csvPF = None
|
csvPF = None
|
||||||
@@ -63541,9 +63717,6 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
||||||
if 'role' not in body:
|
if 'role' not in body:
|
||||||
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
|
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
|
||||||
updateKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
|
|
||||||
if enforceExpansiveAccess is not None:
|
|
||||||
updateKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
|
|
||||||
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
|
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
|
||||||
if csvPF and showTitles:
|
if csvPF and showTitles:
|
||||||
csvPF.AddTitles(fileNameTitle)
|
csvPF.AddTitles(fileNameTitle)
|
||||||
@@ -63581,7 +63754,7 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
permission = callGAPI(drive.permissions(), 'update',
|
permission = callGAPI(drive.permissions(), 'update',
|
||||||
bailOnInternalError=True,
|
bailOnInternalError=True,
|
||||||
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
||||||
**updateKwargs,
|
useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
|
||||||
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
|
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
|
||||||
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
|
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
|
||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
@@ -63832,7 +64005,7 @@ def doCreatePermissions():
|
|||||||
def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
||||||
fileIdEntity = getDriveFileEntity()
|
fileIdEntity = getDriveFileEntity()
|
||||||
isEmail, permissionId = getPermissionId()
|
isEmail, permissionId = getPermissionId()
|
||||||
enforceExpansiveAccess = None
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
showTitles = updateSheetProtectedRanges = False
|
showTitles = updateSheetProtectedRanges = False
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
@@ -63847,9 +64020,6 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
else:
|
else:
|
||||||
unknownArgumentExit()
|
unknownArgumentExit()
|
||||||
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
||||||
deleteKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
|
|
||||||
if enforceExpansiveAccess is not None:
|
|
||||||
deleteKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
|
|
||||||
i, count, users = getEntityArgument(users)
|
i, count, users = getEntityArgument(users)
|
||||||
for user in users:
|
for user in users:
|
||||||
i += 1
|
i += 1
|
||||||
@@ -63882,7 +64052,7 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
break
|
break
|
||||||
callGAPI(drive.permissions(), 'delete',
|
callGAPI(drive.permissions(), 'delete',
|
||||||
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
||||||
**deleteKwargs,
|
useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
|
||||||
fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
|
fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
|
||||||
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
|
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
|
||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
@@ -63961,7 +64131,7 @@ def deletePermissions(users, useDomainAdminAccess=False):
|
|||||||
jsonData = getJSON([])
|
jsonData = getJSON([])
|
||||||
PM = PermissionMatch()
|
PM = PermissionMatch()
|
||||||
PM.SetDefaultMatch(False, {'role': 'owner'})
|
PM.SetDefaultMatch(False, {'role': 'owner'})
|
||||||
enforceExpansiveAccess = False
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
if myarg in ADMIN_ACCESS_OPTIONS:
|
if myarg in ADMIN_ACCESS_OPTIONS:
|
||||||
@@ -65605,13 +65775,13 @@ def printShowSharedDrives(users, useDomainAdminAccess=False):
|
|||||||
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
|
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
|
||||||
Ind.Increment()
|
Ind.Increment()
|
||||||
j = 0
|
j = 0
|
||||||
for shareddrive in matchedFeed:
|
for shareddrive in sorted(matchedFeed, key=lambda k: k['name']):
|
||||||
j += 1
|
j += 1
|
||||||
shareddrive = stripNonShowFields(shareddrive)
|
shareddrive = stripNonShowFields(shareddrive)
|
||||||
_showSharedDrive(user, shareddrive, j, jcount, FJQC)
|
_showSharedDrive(user, shareddrive, j, jcount, FJQC)
|
||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
else:
|
else:
|
||||||
for shareddrive in matchedFeed:
|
for shareddrive in sorted(matchedFeed, key=lambda k: k['name']):
|
||||||
shareddrive = stripNonShowFields(shareddrive)
|
shareddrive = stripNonShowFields(shareddrive)
|
||||||
if FJQC.formatJSON:
|
if FJQC.formatJSON:
|
||||||
row = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name']}
|
row = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name']}
|
||||||
@@ -65986,7 +66156,7 @@ def printShowSharedDriveACLs(users, useDomainAdminAccess=False):
|
|||||||
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
|
entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
|
||||||
Ind.Increment()
|
Ind.Increment()
|
||||||
j = 0
|
j = 0
|
||||||
for shareddrive in matchFeed:
|
for shareddrive in sorted(matchFeed, key=lambda k: k['name']):
|
||||||
j += 1
|
j += 1
|
||||||
if not FJQC.formatJSON:
|
if not FJQC.formatJSON:
|
||||||
_showDriveFilePermissions(Ent.SHAREDDRIVE, f'{shareddrive["name"]} ({shareddrive["id"]}) - {shareddrive["createdTime"]}',
|
_showDriveFilePermissions(Ent.SHAREDDRIVE, f'{shareddrive["name"]} ({shareddrive["id"]}) - {shareddrive["createdTime"]}',
|
||||||
@@ -66000,7 +66170,7 @@ def printShowSharedDriveACLs(users, useDomainAdminAccess=False):
|
|||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
elif matchFeed:
|
elif matchFeed:
|
||||||
if oneItemPerRow:
|
if oneItemPerRow:
|
||||||
for shareddrive in matchFeed:
|
for shareddrive in sorted(matchFeed, key=lambda k: k['name']):
|
||||||
baserow = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name'], 'createdTime': shareddrive['createdTime']}
|
baserow = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name'], 'createdTime': shareddrive['createdTime']}
|
||||||
if addCSVData:
|
if addCSVData:
|
||||||
baserow.update(addCSVData)
|
baserow.update(addCSVData)
|
||||||
@@ -66021,7 +66191,7 @@ def printShowSharedDriveACLs(users, useDomainAdminAccess=False):
|
|||||||
baserow['JSON'] = json.dumps({})
|
baserow['JSON'] = json.dumps({})
|
||||||
csvPF.WriteRowNoFilter(baserow)
|
csvPF.WriteRowNoFilter(baserow)
|
||||||
else:
|
else:
|
||||||
for shareddrive in matchFeed:
|
for shareddrive in sorted(matchFeed, key=lambda k: k['name']):
|
||||||
baserow = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name'], 'createdTime': shareddrive['createdTime']}
|
baserow = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name'], 'createdTime': shareddrive['createdTime']}
|
||||||
if addCSVData:
|
if addCSVData:
|
||||||
baserow.update(addCSVData)
|
baserow.update(addCSVData)
|
||||||
@@ -66071,8 +66241,8 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
showNoOrganizerDrives = SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP['false']
|
showNoOrganizerDrives = SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP['false']
|
||||||
fieldsList = ['role', 'type', 'emailAddress']
|
fieldsList = ['role', 'type', 'emailAddress']
|
||||||
cd = entityList = orgUnitId = query = matchPattern = None
|
cd = entityList = orgUnitId = query = matchPattern = None
|
||||||
domainList = []
|
domainList = set([(GC.Values[GC.DOMAIN] if GC.Values[GC.DOMAIN] else _getValueFromOAuth('hd'))])
|
||||||
oneOrganizer = False
|
oneOrganizer = True
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
if csvPF and myarg == 'todrive':
|
if csvPF and myarg == 'todrive':
|
||||||
@@ -66104,7 +66274,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
elif myarg in ADMIN_ACCESS_OPTIONS:
|
elif myarg in ADMIN_ACCESS_OPTIONS:
|
||||||
useDomainAdminAccess = True
|
useDomainAdminAccess = True
|
||||||
elif myarg == 'domainlist':
|
elif myarg == 'domainlist':
|
||||||
domainList = set(getString(Cmd.OB_DOMAIN_NAME_LIST).replace(',', ' ').lower().split())
|
domainList = set(getString(Cmd.OB_DOMAIN_NAME_LIST, minLen=0).replace(',', ' ').lower().split())
|
||||||
elif myarg == 'includetypes':
|
elif myarg == 'includetypes':
|
||||||
for itype in getString(Cmd.OB_ORGANIZER_TYPE_LIST).lower().replace(',', ' ').split():
|
for itype in getString(Cmd.OB_ORGANIZER_TYPE_LIST).lower().replace(',', ' ').split():
|
||||||
if itype in PRINT_ORGANIZER_TYPES:
|
if itype in PRINT_ORGANIZER_TYPES:
|
||||||
@@ -66133,7 +66303,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
usageErrorExit(Msg.ONLY_ADMINISTRATORS_CAN_SPECIFY_SHARED_DRIVE_ORGUNIT)
|
usageErrorExit(Msg.ONLY_ADMINISTRATORS_CAN_SPECIFY_SHARED_DRIVE_ORGUNIT)
|
||||||
csvPF.AddTitles(['orgUnit', 'orgUnitId'])
|
csvPF.AddTitles(['orgUnit', 'orgUnitId'])
|
||||||
if not includeTypes:
|
if not includeTypes:
|
||||||
includeTypes = PRINT_ORGANIZER_TYPES
|
includeTypes = set(['user'])
|
||||||
fields = getItemFieldsFromFieldsList('permissions', fieldsList, True)
|
fields = getItemFieldsFromFieldsList('permissions', fieldsList, True)
|
||||||
i, count, users = getEntityArgument(users)
|
i, count, users = getEntityArgument(users)
|
||||||
for user in users:
|
for user in users:
|
||||||
@@ -66200,7 +66370,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
useDomainAdminAccess=useDomainAdminAccess,
|
useDomainAdminAccess=useDomainAdminAccess,
|
||||||
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
|
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
|
||||||
for permission in permissions:
|
for permission in permissions:
|
||||||
if permission['type'] in includeTypes and permission['role'] in roles:
|
if permission['type'] in includeTypes and permission['role'] in roles and permission.get('emailAddress', ''):
|
||||||
if domainList:
|
if domainList:
|
||||||
_, domain = permission['emailAddress'].lower().split('@', 1)
|
_, domain = permission['emailAddress'].lower().split('@', 1)
|
||||||
if domain not in domainList:
|
if domain not in domainList:
|
||||||
@@ -66222,7 +66392,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
pass
|
pass
|
||||||
if len(matchFeed) == 0:
|
if len(matchFeed) == 0:
|
||||||
setSysExitRC(NO_ENTITIES_FOUND_RC)
|
setSysExitRC(NO_ENTITIES_FOUND_RC)
|
||||||
for shareddrive in matchFeed:
|
for shareddrive in sorted(matchFeed, key=lambda k: k['name']):
|
||||||
row = {'id': shareddrive['id'], 'name': shareddrive['name'],
|
row = {'id': shareddrive['id'], 'name': shareddrive['name'],
|
||||||
'organizers': delimiter.join(shareddrive['organizers']),
|
'organizers': delimiter.join(shareddrive['organizers']),
|
||||||
'createdTime': shareddrive['createdTime']}
|
'createdTime': shareddrive['createdTime']}
|
||||||
@@ -76067,7 +76237,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
|
|||||||
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
|
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
|
||||||
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
|
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
|
||||||
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
|
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
|
||||||
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas,
|
Cmd.ARG_CHROMESCHEMA: doPrintShowChromePolicySchemas,
|
||||||
Cmd.ARG_CHROMESNVALIDITY: doPrintChromeSnValidity,
|
Cmd.ARG_CHROMESNVALIDITY: doPrintChromeSnValidity,
|
||||||
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
||||||
Cmd.ARG_CIGROUP: doPrintCIGroups,
|
Cmd.ARG_CIGROUP: doPrintCIGroups,
|
||||||
@@ -76199,7 +76369,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
|
|||||||
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
|
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
|
||||||
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
|
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
|
||||||
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
|
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
|
||||||
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas,
|
Cmd.ARG_CHROMESCHEMA: doPrintShowChromePolicySchemas,
|
||||||
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
||||||
Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers,
|
Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers,
|
||||||
Cmd.ARG_CIPOLICY: doPrintShowCIPolicies,
|
Cmd.ARG_CIPOLICY: doPrintShowCIPolicies,
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright (C) 2024 Ross Scroggs All Rights Reserved.
|
# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
|
||||||
#
|
#
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
@@ -118,6 +118,7 @@ JWT_APIS = {
|
|||||||
ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
|
ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
|
||||||
CHAT: ['https://www.googleapis.com/auth/chat.bot'],
|
CHAT: ['https://www.googleapis.com/auth/chat.bot'],
|
||||||
CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
|
CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
|
||||||
|
IAM: [IAM_SCOPE],
|
||||||
ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
|
ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
@@ -131,6 +132,12 @@ APIS_NEEDING_ACCESS_TOKEN = {
|
|||||||
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
|
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
|
DEPRECATED_SCOPES = {
|
||||||
|
'https://www.googleapis.com/auth/cloud-identity',
|
||||||
|
'https://www.googleapis.com/auth/cloud-platform',
|
||||||
|
'https://www.googleapis.com/auth/iam',
|
||||||
|
}
|
||||||
|
#
|
||||||
REFRESH_PERM_ERRORS = [
|
REFRESH_PERM_ERRORS = [
|
||||||
'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
|
'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
|
||||||
'invalid_grant: Token has been expired or revoked',
|
'invalid_grant: Token has been expired or revoked',
|
||||||
@@ -596,7 +603,7 @@ _SVCACCT_SCOPES = [
|
|||||||
{'name': 'Cloud Identity Devices API',
|
{'name': 'Cloud Identity Devices API',
|
||||||
'api': CLOUDIDENTITY_DEVICES,
|
'api': CLOUDIDENTITY_DEVICES,
|
||||||
'subscopes': READONLY,
|
'subscopes': READONLY,
|
||||||
'scope': 'https://www.googleapis.com/auth/cloud-identity'},
|
'scope': 'https://www.googleapis.com/auth/cloud-identity.devices'},
|
||||||
# {'name': 'Cloud Identity User Invitations API',
|
# {'name': 'Cloud Identity User Invitations API',
|
||||||
# 'api': CLOUDIDENTITY_USERINVITATIONS,
|
# 'api': CLOUDIDENTITY_USERINVITATIONS,
|
||||||
# 'subscopes': READONLY,
|
# 'subscopes': READONLY,
|
||||||
@@ -645,10 +652,11 @@ _SVCACCT_SCOPES = [
|
|||||||
'api': GMAIL,
|
'api': GMAIL,
|
||||||
'subscopes': [],
|
'subscopes': [],
|
||||||
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
|
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
|
||||||
{'name': 'Identity and Access Management API',
|
# {'name': 'Identity and Access Management API',
|
||||||
'api': IAM,
|
# 'api': IAM,
|
||||||
'subscopes': [],
|
# 'offByDefault': True,
|
||||||
'scope': CLOUD_PLATFORM_SCOPE},
|
# 'subscopes': [],
|
||||||
|
# 'scope': CLOUD_PLATFORM_SCOPE},
|
||||||
{'name': 'Keep API',
|
{'name': 'Keep API',
|
||||||
'api': KEEP,
|
'api': KEEP,
|
||||||
'subscopes': READONLY,
|
'subscopes': READONLY,
|
||||||
|
|||||||
@@ -163,6 +163,8 @@ EMAIL_BATCH_SIZE = 'email_batch_size'
|
|||||||
ENABLE_DASA = 'enable_dasa'
|
ENABLE_DASA = 'enable_dasa'
|
||||||
# Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
|
# Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
|
||||||
ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
|
ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
|
||||||
|
# Value for enforceExpansiveAccess for commands that delete or update drive file ACLs/permissions.
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS = 'enforce_expansive_access'
|
||||||
# When retrieving lists of calendar events from API, how many should be retrieved in each chunk
|
# When retrieving lists of calendar events from API, how many should be retrieved in each chunk
|
||||||
EVENT_MAX_RESULTS = 'event_max_results'
|
EVENT_MAX_RESULTS = 'event_max_results'
|
||||||
# Path to extra_args.txt
|
# Path to extra_args.txt
|
||||||
@@ -377,6 +379,7 @@ Defaults = {
|
|||||||
DEVICE_MAX_RESULTS: '200',
|
DEVICE_MAX_RESULTS: '200',
|
||||||
DOMAIN: '',
|
DOMAIN: '',
|
||||||
DRIVE_DIR: '',
|
DRIVE_DIR: '',
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS: TRUE,
|
||||||
DRIVE_MAX_RESULTS: '1000',
|
DRIVE_MAX_RESULTS: '1000',
|
||||||
DRIVE_V3_BETA: FALSE,
|
DRIVE_V3_BETA: FALSE,
|
||||||
DRIVE_V3_NATIVE_NAMES: TRUE,
|
DRIVE_V3_NATIVE_NAMES: TRUE,
|
||||||
@@ -545,6 +548,7 @@ VAR_INFO = {
|
|||||||
DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
|
DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
|
||||||
DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
|
DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
|
||||||
DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
|
DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
|
DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
|
||||||
DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
|
DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},
|
DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright (C) 2024 Ross Scroggs All Rights Reserved.
|
# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
|
||||||
#
|
#
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -140,12 +140,13 @@ SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
|
|||||||
SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
|
SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
|
||||||
UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
|
UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
|
||||||
DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
|
DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
|
||||||
|
DEPRECATED_SCOPES = 'Deprecated scopes that GAM should NEVER have DwD access to'
|
||||||
SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
|
SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
|
||||||
|
|
||||||
Service Account Client name: {0} is fully authorized.
|
Service Account Client name: {0} is fully authorized.
|
||||||
'''
|
'''
|
||||||
SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
|
SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
|
||||||
To authorize them (in case some scopes were unselected), please go to the following link in your browser:
|
To update authorization (in case some scopes were unselected), please go to the following link in your browser:
|
||||||
{0}
|
{0}
|
||||||
{1}
|
{1}
|
||||||
|
|
||||||
@@ -156,8 +157,8 @@ Click AUTHORIZE
|
|||||||
When the box closes you're done
|
When the box closes you're done
|
||||||
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
|
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
|
||||||
'''
|
'''
|
||||||
SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED!
|
SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED or should be DISABLED!
|
||||||
To authorize them, please go to the following link in your browser:
|
To update authorization, please go to the following link in your browser:
|
||||||
{0}
|
{0}
|
||||||
{1}
|
{1}
|
||||||
|
|
||||||
@@ -309,6 +310,7 @@ INVALID_ATTENDEE_CHANGE = 'Invalid attendee change "{0}"'
|
|||||||
INVALID_CHARSET = 'Invalid charset "{0}"'
|
INVALID_CHARSET = 'Invalid charset "{0}"'
|
||||||
INVALID_DATE_TIME_RANGE = '{0} {1} must be greater than/equal to {2} {3}'
|
INVALID_DATE_TIME_RANGE = '{0} {1} must be greater than/equal to {2} {3}'
|
||||||
INVALID_ENTITY = 'Invalid {0}, {1}'
|
INVALID_ENTITY = 'Invalid {0}, {1}'
|
||||||
|
INVALID_EVENT_TIMERANGE = '{0} {1} must be less than {2}'
|
||||||
INVALID_FILE_SELECTION_WITH_ADMIN_ACCESS = 'Invalid file selection with adminaccess|asadmin'
|
INVALID_FILE_SELECTION_WITH_ADMIN_ACCESS = 'Invalid file selection with adminaccess|asadmin'
|
||||||
INVALID_GROUP = 'Invalid Group'
|
INVALID_GROUP = 'Invalid Group'
|
||||||
INVALID_HTTP_HEADER = 'Invalid http header data: {0}'
|
INVALID_HTTP_HEADER = 'Invalid http header data: {0}'
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
|
# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
|
||||||
#
|
#
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
|
# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
|
||||||
#
|
#
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@@ -10,6 +10,90 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
|
|||||||
|
|
||||||
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
||||||
|
|
||||||
|
### 7.09.05
|
||||||
|
|
||||||
|
Improved output of `gam info|show chromeschemas [std]` to more accurately display the schemas.
|
||||||
|
|
||||||
|
Fixed bugs in `gam update chromepolicy` that caused invalid error messaages.
|
||||||
|
|
||||||
|
### 7.09.04
|
||||||
|
|
||||||
|
Fixed bug in `gam whatis <EmailItem>` where the check for an invitable user always failed.
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` where no organizers were displayed when `domain` in `gam.cfg` was blank.
|
||||||
|
|
||||||
|
Updated to Python 3.13.5
|
||||||
|
|
||||||
|
### 7.09.03
|
||||||
|
|
||||||
|
Updated `gam <UserTypeEntity> create focustime|outofoffice ... timerange <Time> <Time>` to check
|
||||||
|
that the first `<Time>` is less than the second `Time`; previously the event was not created.
|
||||||
|
|
||||||
|
For new installs the `enforce_expansive_access` Boolean variable in `gam.cfg` now defaults to True.
|
||||||
|
For existing installations, if `enforce_expansive_access` has not been added to `gam.cfg`,
|
||||||
|
a default value of True will be used.
|
||||||
|
|
||||||
|
### 7.09.02
|
||||||
|
|
||||||
|
Added command `gam info chromeschema std <SchemaName>` to display a Chrome policy schema in the same format as Legacy GAM.
|
||||||
|
|
||||||
|
Improved output of `gam show chromeschemas [std]` and `gam info chromeschema [std]` to more accurately display the schemas.
|
||||||
|
|
||||||
|
### 7.09.01
|
||||||
|
|
||||||
|
Fixed bug in `gam <UserTypeEntity> print diskusage` where the `ownedByMe` column was
|
||||||
|
blank for the top folder.
|
||||||
|
|
||||||
|
Fixed bug in `gam update chromepolicy` where the following error was generated
|
||||||
|
when updating policies with simple numerical values.
|
||||||
|
```
|
||||||
|
ERROR: Missing argument: Expected <value>"
|
||||||
|
```
|
||||||
|
|
||||||
|
### 7.09.00
|
||||||
|
|
||||||
|
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
|
||||||
|
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
|
||||||
|
is enabled prompting you to update your service account authorization so that the scope can be removed.
|
||||||
|
|
||||||
|
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
|
||||||
|
|
||||||
|
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
|
||||||
|
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
It's default value is False.
|
||||||
|
```
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
gam <UserTypeEntity> transfer drive
|
||||||
|
```
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
|
||||||
|
|
||||||
|
Updated to Python 3.13.4
|
||||||
|
|
||||||
|
### 7.08.02
|
||||||
|
|
||||||
|
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
|
||||||
|
|
||||||
|
* `domainlist` - The workspace primary domain
|
||||||
|
* `includetypes` - user
|
||||||
|
* `oneorganizer` - True
|
||||||
|
* `shownoorganizerdrives` - True
|
||||||
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
|
These commands produce the same result.
|
||||||
|
```
|
||||||
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
||||||
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
|
```
|
||||||
|
|
||||||
### 7.08.01
|
### 7.08.01
|
||||||
|
|
||||||
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
|
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
|
||||||
|
|||||||
@@ -152,7 +152,7 @@ gam update group|groups <GroupEntity> create|add [<GroupRole>]
|
|||||||
[preview] [actioncsv]
|
[preview] [actioncsv]
|
||||||
<UserItem>|<UserTypeEntity>
|
<UserItem>|<UserTypeEntity>
|
||||||
```
|
```
|
||||||
To add a group as a memmber of another group, just specify its email address.
|
To add a group as a member of another group, just specify its email address.
|
||||||
```
|
```
|
||||||
gam update group group1@domain.com add member group2@domain.com
|
gam update group group1@domain.com add member group2@domain.com
|
||||||
```
|
```
|
||||||
@@ -208,7 +208,7 @@ gam update group|groups <GroupEntity> delete|remove [<GroupRole>]
|
|||||||
```
|
```
|
||||||
`<GroupRole>` is ignored, deletions take place regardless of role.
|
`<GroupRole>` is ignored, deletions take place regardless of role.
|
||||||
|
|
||||||
To remove a group as a memmber of another group, just specify its email address.
|
To remove a group as a member of another group, just specify its email address.
|
||||||
```
|
```
|
||||||
gam update group group1@domain.com remove group2@domain.com
|
gam update group group1@domain.com remove group2@domain.com
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -251,9 +251,9 @@ writes the credentials into the file oauth2.txt.
|
|||||||
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
|
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
|
||||||
admin@server:/Users/admin$ gam version
|
admin@server:/Users/admin$ gam version
|
||||||
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
|
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.05 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/admin/bin/gam7
|
Path: /Users/admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -989,9 +989,9 @@ writes the credentials into the file oauth2.txt.
|
|||||||
C:\>del C:\GAMConfig\oauth2.txt
|
C:\>del C:\GAMConfig\oauth2.txt
|
||||||
C:\>gam version
|
C:\>gam version
|
||||||
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
|
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pythonsource
|
GAM 7.09.05 - https://github.com/GAM-team/GAM - pythonsource
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
Windows-10-10.0.17134 AMD64
|
Windows-10-10.0.17134 AMD64
|
||||||
Path: C:\GAM7
|
Path: C:\GAM7
|
||||||
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
|
|||||||
@@ -435,22 +435,26 @@ Options `shareddriveadminquery|query` and `orgunit|org|ou` require `adminaccess|
|
|||||||
|
|
||||||
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
|
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
|
||||||
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
|
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
|
||||||
|
* `shareddrives|teamdrives <SharedDriveIDList>` - Select the Shared Drive IDs specified in `<SharedDriveIDList>`
|
||||||
|
* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Select the Shared Drive IDs specified in `<FileSelector>|<CSVFileSelector>`
|
||||||
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
|
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
|
||||||
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
|
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
|
||||||
|
|
||||||
For multiple organizers:
|
For multiple organizers:
|
||||||
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
||||||
|
|
||||||
The command defaults match the script defaults:
|
The command defaults do not match the script defaults, they are set for the most common use case:
|
||||||
* `domainlist` - All domains
|
* `domainlist` - The workspace primary domain
|
||||||
* `includetypes` - user,group
|
* `includetypes` - user
|
||||||
* `oneorganizer` - False
|
* `oneorganizer` - True
|
||||||
* `shownoorganizerdrives` - True
|
* `shownoorganizerdrives` - True
|
||||||
* `includefileorganizers` - False
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
||||||
```
|
```
|
||||||
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
```
|
```
|
||||||
|
|
||||||
## Display all Shared Drives with no members
|
## Display all Shared Drives with no members
|
||||||
|
|||||||
@@ -413,22 +413,26 @@ Options `shareddriveadminquery|query` and `orgunit|org|ou` require `adminaccess|
|
|||||||
|
|
||||||
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
|
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
|
||||||
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
|
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
|
||||||
|
* `shareddrives|teamdrives <SharedDriveIDList>` - Select the Shared Drive IDs specified in `<SharedDriveIDList>`
|
||||||
|
* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Select the Shared Drive IDs specified in `<FileSelector>|<CSVFileSelector>`
|
||||||
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
|
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
|
||||||
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
|
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
|
||||||
|
|
||||||
For multiple organizers:
|
For multiple organizers:
|
||||||
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
||||||
|
|
||||||
The command defaults match the script defaults:
|
The command defaults do not match the script defaults, they are set for the most common use case:
|
||||||
* `domainlist` - All domains
|
* `domainlist` - The workspace primary domain
|
||||||
* `includetypes` - user,group
|
* `includetypes` - user
|
||||||
* `oneorganizer` - False
|
* `oneorganizer` - True
|
||||||
* `shownoorganizerdrives` - True
|
* `shownoorganizerdrives` - True
|
||||||
* `includefileorganizers` - False
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
||||||
```
|
```
|
||||||
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
```
|
```
|
||||||
|
|
||||||
## Manage Shared Drive access
|
## Manage Shared Drive access
|
||||||
|
|||||||
@@ -3,9 +3,9 @@
|
|||||||
Print the current version of Gam with details
|
Print the current version of Gam with details
|
||||||
```
|
```
|
||||||
gam version
|
gam version
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.05 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -15,9 +15,9 @@ Time: 2023-06-02T21:10:00-07:00
|
|||||||
Print the current version of Gam with details and time offset information
|
Print the current version of Gam with details and time offset information
|
||||||
```
|
```
|
||||||
gam version timeoffset
|
gam version timeoffset
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.05 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -27,9 +27,9 @@ Your system time differs from www.googleapis.com by less than 1 second
|
|||||||
Print the current version of Gam with extended details and SSL information
|
Print the current version of Gam with extended details and SSL information
|
||||||
```
|
```
|
||||||
gam version extended
|
gam version extended
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.05 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
|
|||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Version Check:
|
Version Check:
|
||||||
Current: 5.35.08
|
Current: 5.35.08
|
||||||
Latest: 7.08.01
|
Latest: 7.09.05
|
||||||
echo $?
|
echo $?
|
||||||
1
|
1
|
||||||
```
|
```
|
||||||
@@ -72,7 +72,7 @@ echo $?
|
|||||||
Print the current version number without details
|
Print the current version number without details
|
||||||
```
|
```
|
||||||
gam version simple
|
gam version simple
|
||||||
7.08.01
|
7.09.05
|
||||||
```
|
```
|
||||||
In Linux/MacOS you can do:
|
In Linux/MacOS you can do:
|
||||||
```
|
```
|
||||||
@@ -82,9 +82,9 @@ echo $VER
|
|||||||
Print the current version of Gam and address of this Wiki
|
Print the current version of Gam and address of this Wiki
|
||||||
```
|
```
|
||||||
gam help
|
gam help
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM
|
GAM 7.09.05 - https://github.com/GAM-team/GAM
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
|
|||||||
@@ -328,6 +328,16 @@ enable_dasa
|
|||||||
admin_email, customer_id and domain must be set when enable_dasa is True,
|
admin_email, customer_id and domain must be set when enable_dasa is True,
|
||||||
customer_id may not be set to my_customer
|
customer_id may not be set to my_customer
|
||||||
Signal file: OldGamPath/enabledasa.txt
|
Signal file: OldGamPath/enabledasa.txt
|
||||||
|
enforce_expansive_access
|
||||||
|
The default value for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
Default: True
|
||||||
event_max_results
|
event_max_results
|
||||||
When retrieving lists of Calendar events from API,
|
When retrieving lists of Calendar events from API,
|
||||||
how many should be retrieved in each API call
|
how many should be retrieved in each API call
|
||||||
|
|||||||
Reference in New Issue
Block a user