mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
Compare commits
30 Commits
v7.08.02
...
20250612.0
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
f12d3abfc1 | ||
|
|
474aa069b7 | ||
|
|
c49708cbae | ||
|
|
43ecba07bb | ||
|
|
51f8ebe8e2 | ||
|
|
28edce3aca | ||
|
|
fe1f0285f8 | ||
|
|
da83121d0d | ||
|
|
f58a69e374 | ||
|
|
2f40a164c5 | ||
|
|
58a3fa7313 | ||
|
|
39ce5b7349 | ||
|
|
860d44d819 | ||
|
|
5e90ff143e | ||
|
|
28e05bf09a | ||
|
|
0781e27993 | ||
|
|
a441dddc06 | ||
|
|
4a42581e00 | ||
|
|
de2bfb0d52 | ||
|
|
f418287e65 | ||
|
|
fccf6c1278 | ||
|
|
ee874858b4 | ||
|
|
dde1354bd0 | ||
|
|
c241c2744f | ||
|
|
5ee1fa1b61 | ||
|
|
f06944a1fa | ||
|
|
27d4c37be3 | ||
|
|
2f1a7eb347 | ||
|
|
a5818e144d | ||
|
|
4e6f1717fb |
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
@@ -126,7 +126,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
cache.tar.xz
|
cache.tar.xz
|
||||||
key: gam-${{ matrix.jid }}-20250422
|
key: gam-${{ matrix.jid }}-20250611
|
||||||
|
|
||||||
- name: Untar Cache archive
|
- name: Untar Cache archive
|
||||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
|
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
|
||||||
|
|||||||
@@ -2725,6 +2725,7 @@ gam print chromschemas [todrive <ToDriveAttribute>*]
|
|||||||
<ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
|
<ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
|
||||||
[[formatjson [quotechar <Character>]]
|
[[formatjson [quotechar <Character>]]
|
||||||
|
|
||||||
|
gam info chromeschema std <SchemaName>
|
||||||
gam show chromeschemas std
|
gam show chromeschemas std
|
||||||
[filter <String>]
|
[filter <String>]
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,63 @@
|
|||||||
|
7.09.04
|
||||||
|
|
||||||
|
Fixed bug in `gam whatis <EmailItem>` where the check for an invitable user always failed.
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` where no organizers were displayed when `domain` in `gam.cfg` was blank.
|
||||||
|
|
||||||
|
Updated to Python 3.13.5
|
||||||
|
|
||||||
|
7.09.03
|
||||||
|
|
||||||
|
Updated `gam <UserTypeEntity> create focustime|outofoffice ... timerange <Time> <Time>` to check
|
||||||
|
that the first `<Time>` is less than the second `Time`; previously the event was not created.
|
||||||
|
|
||||||
|
For new installs the `enforce_expansive_access` Boolean variable in `gam.cfg` now defaults to True.
|
||||||
|
For existing installations, if `enforce_expansive_access` has not been added to `gam.cfg`,
|
||||||
|
a default value of True will be used.
|
||||||
|
|
||||||
|
7.09.02
|
||||||
|
|
||||||
|
Added command `gam info chromeschema std <SchemaName>` to display a Chrome policy schema in the same format as Legacy GAM.
|
||||||
|
|
||||||
|
Improved output of `gam show chromeschemas [std]` and `gam info chromeschema [std]` to more accurately display the schemas.
|
||||||
|
|
||||||
|
7.09.01
|
||||||
|
|
||||||
|
Fixed bug in `gam <UserTypeEntity> print diskusage` where the `ownedByMe` column was
|
||||||
|
blank for the top folder.
|
||||||
|
|
||||||
|
Fixed bug in `gam update chromepolicy` where the following error was generated
|
||||||
|
when updating policies with simple numerical values.
|
||||||
|
```
|
||||||
|
ERROR: Missing argument: Expected <value>"
|
||||||
|
```
|
||||||
|
|
||||||
|
7.09.00
|
||||||
|
|
||||||
|
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
|
||||||
|
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
|
||||||
|
is enabled prompting you to update your service account authorization so that the scope can be removed.
|
||||||
|
|
||||||
|
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
|
||||||
|
|
||||||
|
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
|
||||||
|
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
It's default value is False.
|
||||||
|
```
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
gam <UserTypeEntity> transfer drive
|
||||||
|
```
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
|
||||||
|
|
||||||
|
Updated to Python 3.13.4
|
||||||
|
|
||||||
7.08.02
|
7.08.02
|
||||||
|
|
||||||
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
|
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ if __name__ == '__main__':
|
|||||||
# One time initialization
|
# One time initialization
|
||||||
if platform.system() != 'Linux':
|
if platform.system() != 'Linux':
|
||||||
multiprocessing.freeze_support()
|
multiprocessing.freeze_support()
|
||||||
multiprocessing.set_start_method('spawn')
|
multiprocessing.set_start_method('spawn', force=True)
|
||||||
initializeLogging()
|
initializeLogging()
|
||||||
#
|
#
|
||||||
CallGAMCommand(['gam', 'version'])
|
CallGAMCommand(['gam', 'version'])
|
||||||
|
|||||||
@@ -11,5 +11,5 @@ from gam.__main__ import main
|
|||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
if platform.system() != 'Linux':
|
if platform.system() != 'Linux':
|
||||||
multiprocessing.freeze_support()
|
multiprocessing.freeze_support()
|
||||||
multiprocessing.set_start_method('spawn')
|
multiprocessing.set_start_method('spawn', force=True)
|
||||||
main()
|
main()
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.08.02'
|
__version__ = '7.09.04'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -4785,8 +4785,9 @@ def defaultSvcAcctScopes():
|
|||||||
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
|
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
|
||||||
saScopes = {}
|
saScopes = {}
|
||||||
for scope in scopesList:
|
for scope in scopesList:
|
||||||
saScopes.setdefault(scope['api'], [])
|
if not scope.get('offByDefault'):
|
||||||
saScopes[scope['api']].append(scope['scope'])
|
saScopes.setdefault(scope['api'], [])
|
||||||
|
saScopes[scope['api']].append(scope['scope'])
|
||||||
saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
|
saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
|
||||||
saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
|
saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
|
||||||
saScopes[API.DRIVETD] = saScopes[API.DRIVE3]
|
saScopes[API.DRIVETD] = saScopes[API.DRIVE3]
|
||||||
@@ -12232,7 +12233,7 @@ def checkServiceAccount(users):
|
|||||||
|
|
||||||
def authorizeScopes(message):
|
def authorizeScopes(message):
|
||||||
long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
|
long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
|
||||||
f'?clientScopeToAdd={",".join(checkScopes)}'
|
f'?clientScopeToAdd={",".join(sorted(checkScopes))}'
|
||||||
f'&clientIdToAdd={service_account}&overwriteClientId=true')
|
f'&clientIdToAdd={service_account}&overwriteClientId=true')
|
||||||
if GC.Values[GC.DOMAIN]:
|
if GC.Values[GC.DOMAIN]:
|
||||||
long_url += f'&dn={GC.Values[GC.DOMAIN]}'
|
long_url += f'&dn={GC.Values[GC.DOMAIN]}'
|
||||||
@@ -12244,10 +12245,12 @@ def checkServiceAccount(users):
|
|||||||
allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
|
allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
|
||||||
checkScopesSet = set()
|
checkScopesSet = set()
|
||||||
saScopes = {}
|
saScopes = {}
|
||||||
|
checkDeprecatedScopes = True
|
||||||
useColor = False
|
useColor = False
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
if myarg in {'scope', 'scopes'}:
|
if myarg in {'scope', 'scopes'}:
|
||||||
|
checkDeprecatedScopes = False
|
||||||
for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
|
for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
|
||||||
api = API.getSvcAcctScopeAPI(scope)
|
api = API.getSvcAcctScopeAPI(scope)
|
||||||
if api is not None:
|
if api is not None:
|
||||||
@@ -12264,10 +12267,12 @@ def checkServiceAccount(users):
|
|||||||
testPass = createGreenText('PASS')
|
testPass = createGreenText('PASS')
|
||||||
testFail = createRedText('FAIL')
|
testFail = createRedText('FAIL')
|
||||||
testWarn = createYellowText('WARN')
|
testWarn = createYellowText('WARN')
|
||||||
|
testDeprecated = createRedText('DEPRECATED')
|
||||||
else:
|
else:
|
||||||
testPass = 'PASS'
|
testPass = 'PASS'
|
||||||
testFail = 'FAIL'
|
testFail = 'FAIL'
|
||||||
testWarn = 'WARN'
|
testWarn = 'WARN'
|
||||||
|
testDeprecated = 'DEPRECATED'
|
||||||
if Act.Get() == Act.CHECK:
|
if Act.Get() == Act.CHECK:
|
||||||
if not checkScopesSet:
|
if not checkScopesSet:
|
||||||
for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
|
for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
|
||||||
@@ -12275,7 +12280,7 @@ def checkServiceAccount(users):
|
|||||||
else:
|
else:
|
||||||
if not checkScopesSet:
|
if not checkScopesSet:
|
||||||
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
|
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
|
||||||
selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES])
|
selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES] if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] else None)
|
||||||
if selectedScopes is None:
|
if selectedScopes is None:
|
||||||
return False
|
return False
|
||||||
i = 0
|
i = 0
|
||||||
@@ -12337,7 +12342,7 @@ def checkServiceAccount(users):
|
|||||||
if saTokenStatus == testFail:
|
if saTokenStatus == testFail:
|
||||||
invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
|
invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
|
||||||
_getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
|
_getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
|
||||||
if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] and API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
|
if API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
|
||||||
GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.IAM_SCOPE]
|
GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.IAM_SCOPE]
|
||||||
key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
|
key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
|
||||||
if key_type == 'default':
|
if key_type == 'default':
|
||||||
@@ -12399,6 +12404,38 @@ def checkServiceAccount(users):
|
|||||||
allScopesPass = False
|
allScopesPass = False
|
||||||
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
|
if checkDeprecatedScopes:
|
||||||
|
deprecatedScopes = sorted(API.DEPRECATED_SCOPES)
|
||||||
|
jcount = len(deprecatedScopes)
|
||||||
|
printKeyValueListWithCount([Msg.DEPRECATED_SCOPES, '',
|
||||||
|
Ent.Singular(Ent.USER), user,
|
||||||
|
Ent.Choose(Ent.SCOPE, jcount), jcount],
|
||||||
|
i, count)
|
||||||
|
Ind.Increment()
|
||||||
|
j = 0
|
||||||
|
for scope in deprecatedScopes:
|
||||||
|
j += 1
|
||||||
|
# try with and without email scope
|
||||||
|
for scopes in [[scope, API.USERINFO_EMAIL_SCOPE], [scope]]:
|
||||||
|
try:
|
||||||
|
credentials = getSvcAcctCredentials(scopes, user)
|
||||||
|
credentials.refresh(request)
|
||||||
|
break
|
||||||
|
except (httplib2.HttpLib2Error, google.auth.exceptions.TransportError, RuntimeError) as e:
|
||||||
|
handleServerError(e)
|
||||||
|
except google.auth.exceptions.RefreshError:
|
||||||
|
continue
|
||||||
|
if credentials.token:
|
||||||
|
token_info = callGAPI(oa2, 'tokeninfo', access_token=credentials.token)
|
||||||
|
if scope in token_info.get('scope', '').split(' ') and user == token_info.get('email', user).lower():
|
||||||
|
scopeStatus = testDeprecated
|
||||||
|
allScopesPass = False
|
||||||
|
else:
|
||||||
|
scopeStatus = testPass
|
||||||
|
else:
|
||||||
|
scopeStatus = testPass
|
||||||
|
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
||||||
|
Ind.Decrement()
|
||||||
service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
|
service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
|
||||||
if allScopesPass:
|
if allScopesPass:
|
||||||
if Act.Get() == Act.CHECK:
|
if Act.Get() == Act.CHECK:
|
||||||
@@ -13101,7 +13138,7 @@ def doWhatIs():
|
|||||||
entityUnknownWarning(Ent.EMAIL, email)
|
entityUnknownWarning(Ent.EMAIL, email)
|
||||||
setSysExitRC(ENTITY_IS_UKNOWN_RC)
|
setSysExitRC(ENTITY_IS_UKNOWN_RC)
|
||||||
return
|
return
|
||||||
if not invitableCheck or not getSvcAcctCredentials(API.CLOUDIDENTITY_USERINVITATIONS, _getAdminEmail(), softErrors=True):
|
if not invitableCheck:
|
||||||
isInvitableUser = False
|
isInvitableUser = False
|
||||||
else:
|
else:
|
||||||
isInvitableUser, ci = _getIsInvitableUser(None, email)
|
isInvitableUser, ci = _getIsInvitableUser(None, email)
|
||||||
@@ -25910,7 +25947,7 @@ def exitIfChatNotConfigured(chat, kvList, errMsg, i, count):
|
|||||||
if (('No bot associated with this project.' in errMsg) or
|
if (('No bot associated with this project.' in errMsg) or
|
||||||
('Invalid project number.' in errMsg) or
|
('Invalid project number.' in errMsg) or
|
||||||
('Google Chat app not found.' in errMsg)):
|
('Google Chat app not found.' in errMsg)):
|
||||||
systemErrorExit(API_ACCESS_DENIED_RC, Msg.TO_SET_UP_GOOGLE_CHAT.format(setupChatURL(chat)))
|
systemErrorExit(API_ACCESS_DENIED_RC, Msg.TO_SET_UP_GOOGLE_CHAT.format(setupChatURL(chat), GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['project_id']))
|
||||||
entityActionFailedWarning(kvList, errMsg, i, count)
|
entityActionFailedWarning(kvList, errMsg, i, count)
|
||||||
|
|
||||||
def _getChatAdminAccess(adminAPI, userAPI):
|
def _getChatAdminAccess(adminAPI, userAPI):
|
||||||
@@ -28081,7 +28118,10 @@ def simplifyChromeSchema(schema):
|
|||||||
'settings': {}
|
'settings': {}
|
||||||
}
|
}
|
||||||
fieldDescriptions = schema['fieldDescriptions']
|
fieldDescriptions = schema['fieldDescriptions']
|
||||||
|
savedSettingName = ''
|
||||||
|
savedTypeName = ''
|
||||||
for mtype in schema['definition']['messageType']:
|
for mtype in schema['definition']['messageType']:
|
||||||
|
numSettings = len(mtype['field'])
|
||||||
for setting in mtype['field']:
|
for setting in mtype['field']:
|
||||||
setting_name = setting['name']
|
setting_name = setting['name']
|
||||||
setting_dict = {'name': setting_name,
|
setting_dict = {'name': setting_name,
|
||||||
@@ -28089,6 +28129,9 @@ def simplifyChromeSchema(schema):
|
|||||||
'descriptions': [],
|
'descriptions': [],
|
||||||
'type': setting['type'],
|
'type': setting['type'],
|
||||||
}
|
}
|
||||||
|
if mtype['name'] == savedTypeName and numSettings == 1:
|
||||||
|
setting_dict['name'] = savedSettingName
|
||||||
|
savedTypeName = ''
|
||||||
if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED':
|
if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED':
|
||||||
setting_dict['type'] = 'TYPE_LIST'
|
setting_dict['type'] = 'TYPE_LIST'
|
||||||
if setting_dict['type'] == 'TYPE_ENUM':
|
if setting_dict['type'] == 'TYPE_ENUM':
|
||||||
@@ -28110,6 +28153,8 @@ def simplifyChromeSchema(schema):
|
|||||||
break
|
break
|
||||||
break
|
break
|
||||||
elif setting_dict['type'] == 'TYPE_MESSAGE':
|
elif setting_dict['type'] == 'TYPE_MESSAGE':
|
||||||
|
savedSettingName = setting_name
|
||||||
|
savedTypeName = setting['typeName']
|
||||||
continue
|
continue
|
||||||
else:
|
else:
|
||||||
setting_dict['enums'] = None
|
setting_dict['enums'] = None
|
||||||
@@ -28215,14 +28260,11 @@ def doDeleteChromePolicy():
|
|||||||
entityActionFailedWarning(kvList, str(e))
|
entityActionFailedWarning(kvList, str(e))
|
||||||
|
|
||||||
CHROME_SCHEMA_SPECIAL_CASES = {
|
CHROME_SCHEMA_SPECIAL_CASES = {
|
||||||
|
# duration
|
||||||
'chrome.users.AutoUpdateCheckPeriodNewV2':
|
'chrome.users.AutoUpdateCheckPeriodNewV2':
|
||||||
{'autoupdatecheckperiodminutesnew':
|
{'autoupdatecheckperiodminutesnew':
|
||||||
{'casedField': 'autoUpdateCheckPeriodMinutesNew',
|
{'casedField': 'autoUpdateCheckPeriodMinutesNew',
|
||||||
'type': 'duration', 'minVal': 1, 'maxVal': 720}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 720}},
|
||||||
'chrome.users.Avatar':
|
|
||||||
{'useravatarimage':
|
|
||||||
{'casedField': 'userAvatarImage',
|
|
||||||
'type': 'downloadUri'}},
|
|
||||||
'chrome.users.BrowserSwitcherDelayDurationV2':
|
'chrome.users.BrowserSwitcherDelayDurationV2':
|
||||||
{'browserswitcherdelayduration':
|
{'browserswitcherdelayduration':
|
||||||
{'casedField': 'browserSwitcherDelayDuration',
|
{'casedField': 'browserSwitcherDelayDuration',
|
||||||
@@ -28264,10 +28306,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
{'maxinvalidationfetchdelay':
|
{'maxinvalidationfetchdelay':
|
||||||
{'casedField': 'maxInvalidationFetchDelay',
|
{'casedField': 'maxInvalidationFetchDelay',
|
||||||
'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}},
|
||||||
'chrome.users.PrintingMaxSheetsAllowed':
|
|
||||||
{'printingmaxsheetsallowednullable':
|
|
||||||
{'casedField': 'printingMaxSheetsAllowedNullable',
|
|
||||||
'type': 'value', 'minVal': 1, 'maxVal': None}},
|
|
||||||
'chrome.users.PrintJobHistoryExpirationPeriodNewV2':
|
'chrome.users.PrintJobHistoryExpirationPeriodNewV2':
|
||||||
{'printjobhistoryexpirationperioddaysnew':
|
{'printjobhistoryexpirationperioddaysnew':
|
||||||
{'casedField': 'printJobHistoryExpirationPeriodDaysNew',
|
{'casedField': 'printJobHistoryExpirationPeriodDaysNew',
|
||||||
@@ -28275,7 +28313,16 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
'chrome.users.RelaunchNotificationWithDurationV2':
|
'chrome.users.RelaunchNotificationWithDurationV2':
|
||||||
{'relaunchnotificationperiodduration':
|
{'relaunchnotificationperiodduration':
|
||||||
{'casedField': 'relaunchNotificationPeriodDuration',
|
{'casedField': 'relaunchNotificationPeriodDuration',
|
||||||
'type': 'duration', 'minVal': -1, 'maxVal': None}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 168},
|
||||||
|
'relaunchinitialquietperiodduration':
|
||||||
|
{'casedField': 'relaunchInitialQuietPeriodDuration',
|
||||||
|
'type': 'duration', 'minVal': 0, 'maxVal': None},
|
||||||
|
'relaunchwindowstarttime':
|
||||||
|
{'casedField': 'relaunchWindowStartTime',
|
||||||
|
'type': 'timeOfDay'},
|
||||||
|
'relaunchwindowdurationmin':
|
||||||
|
{'casedField': 'relaunchWindowDurationMin',
|
||||||
|
'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
|
||||||
'chrome.users.SecurityTokenSessionSettingsV2':
|
'chrome.users.SecurityTokenSessionSettingsV2':
|
||||||
{'securitytokensessionnotificationseconds':
|
{'securitytokensessionnotificationseconds':
|
||||||
{'casedField': 'securityTokenSessionNotificationSeconds',
|
{'casedField': 'securityTokenSessionNotificationSeconds',
|
||||||
@@ -28291,10 +28338,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
'updatessuppressedstarttime':
|
'updatessuppressedstarttime':
|
||||||
{'casedField': 'updatesSuppressedStartTime',
|
{'casedField': 'updatesSuppressedStartTime',
|
||||||
'type': 'timeOfDay'}},
|
'type': 'timeOfDay'}},
|
||||||
'chrome.users.Wallpaper':
|
|
||||||
{'wallpaperimage':
|
|
||||||
{'casedField': 'wallpaperImage',
|
|
||||||
'type': 'downloadUri'}},
|
|
||||||
'chrome.devices.EnableReportUploadFrequencyV2':
|
'chrome.devices.EnableReportUploadFrequencyV2':
|
||||||
{'reportdeviceuploadfrequency':
|
{'reportdeviceuploadfrequency':
|
||||||
{'casedField': 'reportDeviceUploadFrequency',
|
{'casedField': 'reportDeviceUploadFrequency',
|
||||||
@@ -28303,10 +28346,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
{'uptimelimitduration':
|
{'uptimelimitduration':
|
||||||
{'casedField': 'uptimeLimitDuration',
|
{'casedField': 'uptimeLimitDuration',
|
||||||
'type': 'duration', 'minVal': 1, 'maxVal': 365}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 365}},
|
||||||
'chrome.devices.SignInWallpaperImage':
|
|
||||||
{'devicewallpaperimage':
|
|
||||||
{'casedField': 'deviceWallpaperImage',
|
|
||||||
'type': 'downloadUri'}},
|
|
||||||
'chrome.devices.kiosk.AcPowerSettingsV2':
|
'chrome.devices.kiosk.AcPowerSettingsV2':
|
||||||
{'acidletimeout':
|
{'acidletimeout':
|
||||||
{'casedField': 'acIdleTimeout',
|
{'casedField': 'acIdleTimeout',
|
||||||
@@ -28333,10 +28372,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
'batteryscreenofftimeout':
|
'batteryscreenofftimeout':
|
||||||
{'casedField': 'batteryScreenOffTimeout',
|
{'casedField': 'batteryScreenOffTimeout',
|
||||||
'type': 'duration', 'minVal': 0, 'maxVal': 35000}},
|
'type': 'duration', 'minVal': 0, 'maxVal': 35000}},
|
||||||
'chrome.devices.managedguest.Avatar':
|
|
||||||
{'useravatarimage':
|
|
||||||
{'casedField': 'userAvatarImage',
|
|
||||||
'type': 'downloadUri'}},
|
|
||||||
'chrome.devices.managedguest.BrowsingDataLifetimeV2':
|
'chrome.devices.managedguest.BrowsingDataLifetimeV2':
|
||||||
{'browsinghistoryttl':
|
{'browsinghistoryttl':
|
||||||
{'casedField': 'browsingHistoryTtl',
|
{'casedField': 'browsingHistoryTtl',
|
||||||
@@ -28378,6 +28413,56 @@ CHROME_SCHEMA_SPECIAL_CASES = {
|
|||||||
{'sessiondurationlimit':
|
{'sessiondurationlimit':
|
||||||
{'casedField': 'sessionDurationLimit',
|
{'casedField': 'sessionDurationLimit',
|
||||||
'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
|
'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
|
||||||
|
# value
|
||||||
|
'chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays':
|
||||||
|
{'gaialockscreenofflinesignintimelimitdays':
|
||||||
|
{'casedField': 'gaiaLockScreenOfflineSigninTimeLimitDays',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 365}},
|
||||||
|
'chrome.users.GaiaOfflineSigninTimeLimitDays':
|
||||||
|
{'gaiaofflinesignintimelimitdays':
|
||||||
|
{'casedField': 'gaiaOfflineSigninTimeLimitDays',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 365}},
|
||||||
|
'chrome.users.PrintingMaxSheetsAllowed':
|
||||||
|
{'printingmaxsheetsallowednullable':
|
||||||
|
{'casedField': 'printingMaxSheetsAllowedNullable',
|
||||||
|
'type': 'value', 'minVal': 1, 'maxVal': None}},
|
||||||
|
'chrome.users.RemoteAccessHostClipboardSizeBytes':
|
||||||
|
{'remoteaccesshostclipboardsizebytes':
|
||||||
|
{'casedField': 'remoteAccessHostClipboardSizeBytes',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
|
||||||
|
'chrome.users.SamlLockScreenOfflineSigninTimeLimitDays':
|
||||||
|
{'samllockscreenofflinesignintimelimitdays':
|
||||||
|
{'casedField': 'samlLockScreenOfflineSigninTimeLimitDays',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 365}},
|
||||||
|
'chrome.devices.ExtensionCacheSize':
|
||||||
|
{'extensioncachesize':
|
||||||
|
{'casedField': 'extensionCacheSize',
|
||||||
|
'type': 'value', 'minVal': 1048576, 'maxVal': None, 'default': 268435456}},
|
||||||
|
'chrome.devices.managedguest.PrintingMaxSheetsAllowed':
|
||||||
|
{'printingmaxsheetsallowednullable':
|
||||||
|
{'casedField': 'printingMaxSheetsAllowedNullable',
|
||||||
|
'type': 'value', 'minVal': 1, 'maxVal': None}},
|
||||||
|
'chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes':
|
||||||
|
{'remoteaccesshostclipboardsizebytes':
|
||||||
|
{'casedField': 'remoteAccessHostClipboardSizeBytes',
|
||||||
|
'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
|
||||||
|
# downloadUri
|
||||||
|
'chrome.users.Avatar':
|
||||||
|
{'useravatarimage':
|
||||||
|
{'casedField': 'userAvatarImage',
|
||||||
|
'type': 'downloadUri'}},
|
||||||
|
'chrome.users.Wallpaper':
|
||||||
|
{'wallpaperimage':
|
||||||
|
{'casedField': 'wallpaperImage',
|
||||||
|
'type': 'downloadUri'}},
|
||||||
|
'chrome.devices.SignInWallpaperImage':
|
||||||
|
{'devicewallpaperimage':
|
||||||
|
{'casedField': 'deviceWallpaperImage',
|
||||||
|
'type': 'downloadUri'}},
|
||||||
|
'chrome.devices.managedguest.Avatar':
|
||||||
|
{'useravatarimage':
|
||||||
|
{'casedField': 'userAvatarImage',
|
||||||
|
'type': 'downloadUri'}},
|
||||||
'chrome.devices.managedguest.Wallpaper':
|
'chrome.devices.managedguest.Wallpaper':
|
||||||
{'wallpaperimage':
|
{'wallpaperimage':
|
||||||
{'casedField': 'wallpaperImage',
|
{'casedField': 'wallpaperImage',
|
||||||
@@ -28399,7 +28484,7 @@ def doUpdateChromePolicy():
|
|||||||
return value
|
return value
|
||||||
#if vtype == timeOfDay:
|
#if vtype == timeOfDay:
|
||||||
hours, minutes = value.split(':')
|
hours, minutes = value.split(':')
|
||||||
return {vtype: {'hours': hours, 'minutes': minutes}}
|
return {vtype: {'hours': int(hours), 'minutes': int(minutes)}}
|
||||||
|
|
||||||
cp = buildGAPIObject(API.CHROMEPOLICY)
|
cp = buildGAPIObject(API.CHROMEPOLICY)
|
||||||
cd = buildGAPIObject(API.DIRECTORY)
|
cd = buildGAPIObject(API.DIRECTORY)
|
||||||
@@ -28855,7 +28940,7 @@ def _showChromePolicySchema(schema, FJQC, i=0, count=0):
|
|||||||
return
|
return
|
||||||
printEntity([Ent.CHROME_POLICY_SCHEMA, schema['name']], i, count)
|
printEntity([Ent.CHROME_POLICY_SCHEMA, schema['name']], i, count)
|
||||||
Ind.Increment()
|
Ind.Increment()
|
||||||
showJSON(None, schema)
|
showJSON(None, schema, dictObjectsKey={'messageType': 'name', 'field': 'name', 'fieldDescriptions': 'field'})
|
||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
|
|
||||||
CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = {
|
CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = {
|
||||||
@@ -28878,6 +28963,9 @@ CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = {
|
|||||||
# [formatjson]
|
# [formatjson]
|
||||||
def doInfoChromePolicySchemas():
|
def doInfoChromePolicySchemas():
|
||||||
cp = buildGAPIObject(API.CHROMEPOLICY)
|
cp = buildGAPIObject(API.CHROMEPOLICY)
|
||||||
|
if checkArgumentPresent('std'):
|
||||||
|
doInfoChromePolicySchemasStd(cp)
|
||||||
|
return
|
||||||
FJQC = FormatJSONQuoteChar()
|
FJQC = FormatJSONQuoteChar()
|
||||||
fieldsList = []
|
fieldsList = []
|
||||||
name = _getChromePolicySchemaName()
|
name = _getChromePolicySchemaName()
|
||||||
@@ -28906,7 +28994,7 @@ def doInfoChromePolicySchemas():
|
|||||||
# [filter <String>]
|
# [filter <String>]
|
||||||
# <ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
|
# <ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
|
||||||
# [[formatjson [quotechar <Character>]]
|
# [[formatjson [quotechar <Character>]]
|
||||||
def doPrintShowChromeSchemas():
|
def doPrintShowChromePolicySchemas():
|
||||||
def _printChromePolicySchema(schema):
|
def _printChromePolicySchema(schema):
|
||||||
row = flattenJSON(schema)
|
row = flattenJSON(schema)
|
||||||
if not FJQC.formatJSON:
|
if not FJQC.formatJSON:
|
||||||
@@ -28920,10 +29008,12 @@ def doPrintShowChromeSchemas():
|
|||||||
row['JSON'] = json.dumps(cleanJSON(schema), ensure_ascii=False, sort_keys=True)
|
row['JSON'] = json.dumps(cleanJSON(schema), ensure_ascii=False, sort_keys=True)
|
||||||
csvPF.WriteRowNoFilter(row)
|
csvPF.WriteRowNoFilter(row)
|
||||||
|
|
||||||
if checkArgumentPresent('std'):
|
|
||||||
doShowChromeSchemasStd()
|
|
||||||
return
|
|
||||||
cp = buildGAPIObject(API.CHROMEPOLICY)
|
cp = buildGAPIObject(API.CHROMEPOLICY)
|
||||||
|
if checkArgumentPresent('std'):
|
||||||
|
if not Act.csvFormat():
|
||||||
|
doShowChromePolicySchemasStd(cp)
|
||||||
|
return
|
||||||
|
unknownArgumentExit()
|
||||||
parent = _getCustomersCustomerIdWithC()
|
parent = _getCustomersCustomerIdWithC()
|
||||||
csvPF = CSVPrintFile(['name', 'schemaName', 'policyDescription',
|
csvPF = CSVPrintFile(['name', 'schemaName', 'policyDescription',
|
||||||
'policyApiLifecycle.policyApiLifecycleStage',
|
'policyApiLifecycle.policyApiLifecycleStage',
|
||||||
@@ -28983,9 +29073,51 @@ def doPrintShowChromeSchemas():
|
|||||||
if csvPF:
|
if csvPF:
|
||||||
csvPF.writeCSVfile('Chrome Policy Schemas')
|
csvPF.writeCSVfile('Chrome Policy Schemas')
|
||||||
|
|
||||||
|
def _showChromePolicySchemaStd(schema):
|
||||||
|
printKeyValueList([f'{schema.get("name")}', f'{schema.get("description")}'])
|
||||||
|
Ind.Increment()
|
||||||
|
for val in schema['settings'].values():
|
||||||
|
vtype = val.get('type')
|
||||||
|
printKeyValueList([f'{val.get("name")}', f'{vtype}'])
|
||||||
|
Ind.Increment()
|
||||||
|
if vtype == 'TYPE_ENUM':
|
||||||
|
enums = val.get('enums', [])
|
||||||
|
descriptions = val.get('descriptions', [])
|
||||||
|
for i in range(len(val.get('enums', []))):
|
||||||
|
printKeyValueList([f'{enums[i]}', f'{descriptions[i]}'])
|
||||||
|
elif vtype == 'TYPE_BOOL':
|
||||||
|
pvs = val.get('descriptions')
|
||||||
|
for pvi in pvs:
|
||||||
|
if isinstance(pvi, dict):
|
||||||
|
pvalue = pvi.get('value')
|
||||||
|
pdescription = pvi.get('description')
|
||||||
|
printKeyValueList([f'{pvalue}', f'{pdescription}'])
|
||||||
|
elif isinstance(pvi, list):
|
||||||
|
printKeyValueList([f'{pvi[0]}'])
|
||||||
|
else:
|
||||||
|
description = val.get('descriptions')
|
||||||
|
if len(description) > 0:
|
||||||
|
printKeyValueList([f'{description[0]}'])
|
||||||
|
Ind.Decrement()
|
||||||
|
Ind.Decrement()
|
||||||
|
|
||||||
|
# gam info chromeschema std <SchemaName>
|
||||||
|
def doInfoChromePolicySchemasStd(cp):
|
||||||
|
name = _getChromePolicySchemaName()
|
||||||
|
checkForExtraneousArguments()
|
||||||
|
try:
|
||||||
|
schema = callGAPI(cp.customers().policySchemas(), 'get',
|
||||||
|
throwReasons=[GAPI.NOT_FOUND, GAPI.BAD_REQUEST, GAPI.FORBIDDEN],
|
||||||
|
name=name)
|
||||||
|
_, schema_dict = simplifyChromeSchema(schema)
|
||||||
|
_showChromePolicySchemaStd(schema_dict)
|
||||||
|
except GAPI.notFound:
|
||||||
|
entityUnknownWarning(Ent.CHROME_POLICY_SCHEMA, name)
|
||||||
|
except (GAPI.badRequest, GAPI.forbidden):
|
||||||
|
accessErrorExit(None)
|
||||||
|
|
||||||
# gam show chromeschemas std [filter <String>]
|
# gam show chromeschemas std [filter <String>]
|
||||||
def doShowChromeSchemasStd():
|
def doShowChromePolicySchemasStd(cp):
|
||||||
cp = buildGAPIObject(API.CHROMEPOLICY)
|
|
||||||
sfilter = None
|
sfilter = None
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
@@ -29001,33 +29133,8 @@ def doShowChromeSchemasStd():
|
|||||||
for schema in result:
|
for schema in result:
|
||||||
schema_name, schema_dict = simplifyChromeSchema(schema)
|
schema_name, schema_dict = simplifyChromeSchema(schema)
|
||||||
schemas[schema_name.lower()] = schema_dict
|
schemas[schema_name.lower()] = schema_dict
|
||||||
for _, value in sorted(iter(schemas.items())):
|
for _, schema in sorted(iter(schemas.items())):
|
||||||
printKeyValueList([f'{value.get("name")}', f'{value.get("description")}'])
|
_showChromePolicySchemaStd(schema)
|
||||||
Ind.Increment()
|
|
||||||
for val in value['settings'].values():
|
|
||||||
vtype = val.get('type')
|
|
||||||
printKeyValueList([f'{val.get("name")}', f'{vtype}'])
|
|
||||||
Ind.Increment()
|
|
||||||
if vtype == 'TYPE_ENUM':
|
|
||||||
enums = val.get('enums', [])
|
|
||||||
descriptions = val.get('descriptions', [])
|
|
||||||
for i in range(len(val.get('enums', []))):
|
|
||||||
printKeyValueList([f'{enums[i]}', f'{descriptions[i]}'])
|
|
||||||
elif vtype == 'TYPE_BOOL':
|
|
||||||
pvs = val.get('descriptions')
|
|
||||||
for pvi in pvs:
|
|
||||||
if isinstance(pvi, dict):
|
|
||||||
pvalue = pvi.get('value')
|
|
||||||
pdescription = pvi.get('description')
|
|
||||||
printKeyValueList([f'{pvalue}', f'{pdescription}'])
|
|
||||||
elif isinstance(pvi, list):
|
|
||||||
printKeyValueList([f'{pvi[0]}'])
|
|
||||||
else:
|
|
||||||
description = val.get('descriptions')
|
|
||||||
if len(description) > 0:
|
|
||||||
printKeyValueList([f'{description[0]}'])
|
|
||||||
Ind.Decrement()
|
|
||||||
Ind.Decrement()
|
|
||||||
printBlankLine()
|
printBlankLine()
|
||||||
|
|
||||||
# gam create chromenetwork
|
# gam create chromenetwork
|
||||||
@@ -51488,6 +51595,9 @@ def getStatusEventDateTime(dateType, dateList):
|
|||||||
if dateType == 'timerange':
|
if dateType == 'timerange':
|
||||||
startTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
|
startTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
|
||||||
endTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
|
endTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
|
||||||
|
if startTime >= endTime:
|
||||||
|
Cmd.Backup()
|
||||||
|
usageErrorExit(Msg.INVALID_EVENT_TIMERANGE.format(dateType, startTime, endTime))
|
||||||
recurrence = []
|
recurrence = []
|
||||||
while checkArgumentPresent(['recurrence']):
|
while checkArgumentPresent(['recurrence']):
|
||||||
recurrence.append(getString(Cmd.OB_RECURRENCE))
|
recurrence.append(getString(Cmd.OB_RECURRENCE))
|
||||||
@@ -57259,6 +57369,7 @@ def printDiskUsage(users):
|
|||||||
topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}'
|
topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}'
|
||||||
else:
|
else:
|
||||||
topFolder['path'] = topFolder['name']
|
topFolder['path'] = topFolder['name']
|
||||||
|
topFolder.pop('ownedByMe', None)
|
||||||
elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'):
|
elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'):
|
||||||
topFolder['path'] = MY_DRIVE
|
topFolder['path'] = MY_DRIVE
|
||||||
else:
|
else:
|
||||||
@@ -57269,7 +57380,6 @@ def printDiskUsage(users):
|
|||||||
if owners:
|
if owners:
|
||||||
topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown')
|
topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown')
|
||||||
trashFolder['Owner'] = topFolder['Owner']
|
trashFolder['Owner'] = topFolder['Owner']
|
||||||
topFolder.pop('ownedByMe', None)
|
|
||||||
topFolder.pop('parents', None)
|
topFolder.pop('parents', None)
|
||||||
topFolder.update(zeroFolderInfo)
|
topFolder.update(zeroFolderInfo)
|
||||||
topFolder.pop(sizeField, None)
|
topFolder.pop(sizeField, None)
|
||||||
@@ -58716,7 +58826,7 @@ def initCopyMoveOptions(copyCmd):
|
|||||||
'showPermissionMessages': False,
|
'showPermissionMessages': False,
|
||||||
'sendEmailIfRequired': False,
|
'sendEmailIfRequired': False,
|
||||||
'useDomainAdminAccess': False,
|
'useDomainAdminAccess': False,
|
||||||
'enforceExpansiveAccess': False,
|
'enforceExpansiveAccess': GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS],
|
||||||
'copiedShortcutsPointToCopiedFiles': True,
|
'copiedShortcutsPointToCopiedFiles': True,
|
||||||
'createShortcutsForNonmovableFiles': False,
|
'createShortcutsForNonmovableFiles': False,
|
||||||
'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
|
'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
|
||||||
@@ -62096,7 +62206,8 @@ def transferDrive(users):
|
|||||||
targetUserFolderPattern = '#user# old files'
|
targetUserFolderPattern = '#user# old files'
|
||||||
targetUserOrphansFolderPattern = '#user# orphaned files'
|
targetUserOrphansFolderPattern = '#user# orphaned files'
|
||||||
targetIds = [None, None]
|
targetIds = [None, None]
|
||||||
createShortcutsForNonmovableFiles = enforceExpansiveAccess = False
|
createShortcutsForNonmovableFiles = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
mergeWithTarget = False
|
mergeWithTarget = False
|
||||||
thirdPartyOwners = {}
|
thirdPartyOwners = {}
|
||||||
skipFileIdEntity = initDriveFileEntity()
|
skipFileIdEntity = initDriveFileEntity()
|
||||||
@@ -62402,7 +62513,8 @@ def transferOwnership(users):
|
|||||||
body = {}
|
body = {}
|
||||||
newOwner = getEmailAddress()
|
newOwner = getEmailAddress()
|
||||||
OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
|
OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
|
||||||
changeParents = enforceExpansiveAccess = filepath = includeTrashed = noRecursion = False
|
changeParents = filepath = includeTrashed = noRecursion = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
pathDelimiter = '/'
|
pathDelimiter = '/'
|
||||||
csvPF = fileTree = None
|
csvPF = fileTree = None
|
||||||
addParents = ''
|
addParents = ''
|
||||||
@@ -62728,7 +62840,8 @@ def claimOwnership(users):
|
|||||||
onlyOwners = set()
|
onlyOwners = set()
|
||||||
skipOwners = set()
|
skipOwners = set()
|
||||||
subdomains = []
|
subdomains = []
|
||||||
enforceExpansiveAccess = filepath = includeTrashed = False
|
filepath = includeTrashed = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
pathDelimiter = '/'
|
pathDelimiter = '/'
|
||||||
addParents = ''
|
addParents = ''
|
||||||
parentBody = {}
|
parentBody = {}
|
||||||
@@ -63503,7 +63616,7 @@ def doCreateDriveFileACL():
|
|||||||
def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
||||||
fileIdEntity = getDriveFileEntity()
|
fileIdEntity = getDriveFileEntity()
|
||||||
isEmail, permissionId = getPermissionId()
|
isEmail, permissionId = getPermissionId()
|
||||||
enforceExpansiveAccess = None
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
removeExpiration = showTitles = updateSheetProtectedRanges = False
|
removeExpiration = showTitles = updateSheetProtectedRanges = False
|
||||||
showDetails = True
|
showDetails = True
|
||||||
csvPF = None
|
csvPF = None
|
||||||
@@ -63541,9 +63654,6 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
||||||
if 'role' not in body:
|
if 'role' not in body:
|
||||||
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
|
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
|
||||||
updateKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
|
|
||||||
if enforceExpansiveAccess is not None:
|
|
||||||
updateKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
|
|
||||||
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
|
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
|
||||||
if csvPF and showTitles:
|
if csvPF and showTitles:
|
||||||
csvPF.AddTitles(fileNameTitle)
|
csvPF.AddTitles(fileNameTitle)
|
||||||
@@ -63581,7 +63691,7 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
permission = callGAPI(drive.permissions(), 'update',
|
permission = callGAPI(drive.permissions(), 'update',
|
||||||
bailOnInternalError=True,
|
bailOnInternalError=True,
|
||||||
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
||||||
**updateKwargs,
|
useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
|
||||||
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
|
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
|
||||||
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
|
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
|
||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
@@ -63832,7 +63942,7 @@ def doCreatePermissions():
|
|||||||
def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
||||||
fileIdEntity = getDriveFileEntity()
|
fileIdEntity = getDriveFileEntity()
|
||||||
isEmail, permissionId = getPermissionId()
|
isEmail, permissionId = getPermissionId()
|
||||||
enforceExpansiveAccess = None
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
showTitles = updateSheetProtectedRanges = False
|
showTitles = updateSheetProtectedRanges = False
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
@@ -63847,9 +63957,6 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
else:
|
else:
|
||||||
unknownArgumentExit()
|
unknownArgumentExit()
|
||||||
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
||||||
deleteKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
|
|
||||||
if enforceExpansiveAccess is not None:
|
|
||||||
deleteKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
|
|
||||||
i, count, users = getEntityArgument(users)
|
i, count, users = getEntityArgument(users)
|
||||||
for user in users:
|
for user in users:
|
||||||
i += 1
|
i += 1
|
||||||
@@ -63882,7 +63989,7 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
break
|
break
|
||||||
callGAPI(drive.permissions(), 'delete',
|
callGAPI(drive.permissions(), 'delete',
|
||||||
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
||||||
**deleteKwargs,
|
useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
|
||||||
fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
|
fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
|
||||||
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
|
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
|
||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
@@ -63961,7 +64068,7 @@ def deletePermissions(users, useDomainAdminAccess=False):
|
|||||||
jsonData = getJSON([])
|
jsonData = getJSON([])
|
||||||
PM = PermissionMatch()
|
PM = PermissionMatch()
|
||||||
PM.SetDefaultMatch(False, {'role': 'owner'})
|
PM.SetDefaultMatch(False, {'role': 'owner'})
|
||||||
enforceExpansiveAccess = False
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
if myarg in ADMIN_ACCESS_OPTIONS:
|
if myarg in ADMIN_ACCESS_OPTIONS:
|
||||||
@@ -66071,7 +66178,11 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
showNoOrganizerDrives = SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP['false']
|
showNoOrganizerDrives = SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP['false']
|
||||||
fieldsList = ['role', 'type', 'emailAddress']
|
fieldsList = ['role', 'type', 'emailAddress']
|
||||||
cd = entityList = orgUnitId = query = matchPattern = None
|
cd = entityList = orgUnitId = query = matchPattern = None
|
||||||
domainList = [GC.Values[GC.DOMAIN]]
|
domainList = set()
|
||||||
|
if GC.Values[GC.DOMAIN]:
|
||||||
|
domainList.add(GC.Values[GC.DOMAIN])
|
||||||
|
else:
|
||||||
|
domainList.add(GM.Globals[GM.DECODED_ID_TOKEN].get('hd', 'UNKNOWN').lower())
|
||||||
oneOrganizer = True
|
oneOrganizer = True
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
@@ -66200,7 +66311,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
useDomainAdminAccess=useDomainAdminAccess,
|
useDomainAdminAccess=useDomainAdminAccess,
|
||||||
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
|
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
|
||||||
for permission in permissions:
|
for permission in permissions:
|
||||||
if permission['type'] in includeTypes and permission['role'] in roles:
|
if permission['type'] in includeTypes and permission['role'] in roles and permission.get('emailAddress', ''):
|
||||||
if domainList:
|
if domainList:
|
||||||
_, domain = permission['emailAddress'].lower().split('@', 1)
|
_, domain = permission['emailAddress'].lower().split('@', 1)
|
||||||
if domain not in domainList:
|
if domain not in domainList:
|
||||||
@@ -76067,7 +76178,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
|
|||||||
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
|
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
|
||||||
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
|
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
|
||||||
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
|
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
|
||||||
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas,
|
Cmd.ARG_CHROMESCHEMA: doPrintShowChromePolicySchemas,
|
||||||
Cmd.ARG_CHROMESNVALIDITY: doPrintChromeSnValidity,
|
Cmd.ARG_CHROMESNVALIDITY: doPrintChromeSnValidity,
|
||||||
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
||||||
Cmd.ARG_CIGROUP: doPrintCIGroups,
|
Cmd.ARG_CIGROUP: doPrintCIGroups,
|
||||||
@@ -76199,7 +76310,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
|
|||||||
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
|
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
|
||||||
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
|
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
|
||||||
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
|
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
|
||||||
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas,
|
Cmd.ARG_CHROMESCHEMA: doPrintShowChromePolicySchemas,
|
||||||
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
|
||||||
Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers,
|
Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers,
|
||||||
Cmd.ARG_CIPOLICY: doPrintShowCIPolicies,
|
Cmd.ARG_CIPOLICY: doPrintShowCIPolicies,
|
||||||
|
|||||||
@@ -118,6 +118,7 @@ JWT_APIS = {
|
|||||||
ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
|
ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
|
||||||
CHAT: ['https://www.googleapis.com/auth/chat.bot'],
|
CHAT: ['https://www.googleapis.com/auth/chat.bot'],
|
||||||
CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
|
CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
|
||||||
|
IAM: [IAM_SCOPE],
|
||||||
ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
|
ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
@@ -131,6 +132,12 @@ APIS_NEEDING_ACCESS_TOKEN = {
|
|||||||
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
|
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
|
DEPRECATED_SCOPES = {
|
||||||
|
'https://www.googleapis.com/auth/cloud-identity',
|
||||||
|
'https://www.googleapis.com/auth/cloud-platform',
|
||||||
|
'https://www.googleapis.com/auth/iam',
|
||||||
|
}
|
||||||
|
#
|
||||||
REFRESH_PERM_ERRORS = [
|
REFRESH_PERM_ERRORS = [
|
||||||
'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
|
'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
|
||||||
'invalid_grant: Token has been expired or revoked',
|
'invalid_grant: Token has been expired or revoked',
|
||||||
@@ -645,11 +652,11 @@ _SVCACCT_SCOPES = [
|
|||||||
'api': GMAIL,
|
'api': GMAIL,
|
||||||
'subscopes': [],
|
'subscopes': [],
|
||||||
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
|
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
|
||||||
{'name': 'Identity and Access Management API',
|
# {'name': 'Identity and Access Management API',
|
||||||
'api': IAM,
|
# 'api': IAM,
|
||||||
'offByDefault': True,
|
# 'offByDefault': True,
|
||||||
'subscopes': [],
|
# 'subscopes': [],
|
||||||
'scope': IAM_SCOPE},
|
# 'scope': CLOUD_PLATFORM_SCOPE},
|
||||||
{'name': 'Keep API',
|
{'name': 'Keep API',
|
||||||
'api': KEEP,
|
'api': KEEP,
|
||||||
'subscopes': READONLY,
|
'subscopes': READONLY,
|
||||||
|
|||||||
@@ -163,6 +163,8 @@ EMAIL_BATCH_SIZE = 'email_batch_size'
|
|||||||
ENABLE_DASA = 'enable_dasa'
|
ENABLE_DASA = 'enable_dasa'
|
||||||
# Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
|
# Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
|
||||||
ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
|
ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
|
||||||
|
# Value for enforceExpansiveAccess for commands that delete or update drive file ACLs/permissions.
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS = 'enforce_expansive_access'
|
||||||
# When retrieving lists of calendar events from API, how many should be retrieved in each chunk
|
# When retrieving lists of calendar events from API, how many should be retrieved in each chunk
|
||||||
EVENT_MAX_RESULTS = 'event_max_results'
|
EVENT_MAX_RESULTS = 'event_max_results'
|
||||||
# Path to extra_args.txt
|
# Path to extra_args.txt
|
||||||
@@ -377,6 +379,7 @@ Defaults = {
|
|||||||
DEVICE_MAX_RESULTS: '200',
|
DEVICE_MAX_RESULTS: '200',
|
||||||
DOMAIN: '',
|
DOMAIN: '',
|
||||||
DRIVE_DIR: '',
|
DRIVE_DIR: '',
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS: TRUE,
|
||||||
DRIVE_MAX_RESULTS: '1000',
|
DRIVE_MAX_RESULTS: '1000',
|
||||||
DRIVE_V3_BETA: FALSE,
|
DRIVE_V3_BETA: FALSE,
|
||||||
DRIVE_V3_NATIVE_NAMES: TRUE,
|
DRIVE_V3_NATIVE_NAMES: TRUE,
|
||||||
@@ -545,6 +548,7 @@ VAR_INFO = {
|
|||||||
DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
|
DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
|
||||||
DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
|
DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
|
||||||
DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
|
DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
|
DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
|
||||||
DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
|
DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},
|
DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright (C) 2024 Ross Scroggs All Rights Reserved.
|
# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
|
||||||
#
|
#
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -140,12 +140,13 @@ SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
|
|||||||
SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
|
SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
|
||||||
UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
|
UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
|
||||||
DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
|
DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
|
||||||
|
DEPRECATED_SCOPES = 'Deprecated scopes that GAM should NEVER have DwD access to'
|
||||||
SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
|
SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
|
||||||
|
|
||||||
Service Account Client name: {0} is fully authorized.
|
Service Account Client name: {0} is fully authorized.
|
||||||
'''
|
'''
|
||||||
SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
|
SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
|
||||||
To authorize them (in case some scopes were unselected), please go to the following link in your browser:
|
To update authorization (in case some scopes were unselected), please go to the following link in your browser:
|
||||||
{0}
|
{0}
|
||||||
{1}
|
{1}
|
||||||
|
|
||||||
@@ -156,8 +157,8 @@ Click AUTHORIZE
|
|||||||
When the box closes you're done
|
When the box closes you're done
|
||||||
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
|
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
|
||||||
'''
|
'''
|
||||||
SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED!
|
SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED or should be DISABLED!
|
||||||
To authorize them, please go to the following link in your browser:
|
To update authorization, please go to the following link in your browser:
|
||||||
{0}
|
{0}
|
||||||
{1}
|
{1}
|
||||||
|
|
||||||
@@ -309,6 +310,7 @@ INVALID_ATTENDEE_CHANGE = 'Invalid attendee change "{0}"'
|
|||||||
INVALID_CHARSET = 'Invalid charset "{0}"'
|
INVALID_CHARSET = 'Invalid charset "{0}"'
|
||||||
INVALID_DATE_TIME_RANGE = '{0} {1} must be greater than/equal to {2} {3}'
|
INVALID_DATE_TIME_RANGE = '{0} {1} must be greater than/equal to {2} {3}'
|
||||||
INVALID_ENTITY = 'Invalid {0}, {1}'
|
INVALID_ENTITY = 'Invalid {0}, {1}'
|
||||||
|
INVALID_EVENT_TIMERANGE = '{0} {1} must be less than {2}'
|
||||||
INVALID_FILE_SELECTION_WITH_ADMIN_ACCESS = 'Invalid file selection with adminaccess|asadmin'
|
INVALID_FILE_SELECTION_WITH_ADMIN_ACCESS = 'Invalid file selection with adminaccess|asadmin'
|
||||||
INVALID_GROUP = 'Invalid Group'
|
INVALID_GROUP = 'Invalid Group'
|
||||||
INVALID_HTTP_HEADER = 'Invalid http header data: {0}'
|
INVALID_HTTP_HEADER = 'Invalid http header data: {0}'
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
|
# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
|
||||||
#
|
#
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
|
# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
|
||||||
#
|
#
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@@ -10,6 +10,76 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
|
|||||||
|
|
||||||
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
||||||
|
|
||||||
|
### 7.09.03
|
||||||
|
|
||||||
|
Updated `gam <UserTypeEntity> create focustime|outofoffice ... timerange <Time> <Time>` to check
|
||||||
|
that the first `<Time>` is less than the second `Time`; previously the event was not created.
|
||||||
|
|
||||||
|
For new installs the `enforce_expansive_access` Boolean variable in `gam.cfg` now defaults to True.
|
||||||
|
For existing installations, if `enforce_expansive_access` has not been added to `gam.cfg`,
|
||||||
|
a default value of True will be used.
|
||||||
|
|
||||||
|
### 7.09.02
|
||||||
|
|
||||||
|
Added command `gam info chromeschema std <SchemaName>` to display a Chrome policy schema in the same format as Legacy GAM.
|
||||||
|
|
||||||
|
Improved output of `gam show chromeschemas [std]` and `gam info chromeschema [std]` to more accurately display the schemas.
|
||||||
|
|
||||||
|
### 7.09.01
|
||||||
|
|
||||||
|
Fixed bug in `gam <UserTypeEntity> print diskusage` where the `ownedByMe` column was
|
||||||
|
blank for the top folder.
|
||||||
|
|
||||||
|
Fixed bug in `gam update chromepolicy` where the following error was generated
|
||||||
|
when updating policies with simple numerical values.
|
||||||
|
```
|
||||||
|
ERROR: Missing argument: Expected <value>"
|
||||||
|
```
|
||||||
|
|
||||||
|
### 7.09.00
|
||||||
|
|
||||||
|
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
|
||||||
|
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
|
||||||
|
is enabled prompting you to update your service account authorization so that the scope can be removed.
|
||||||
|
|
||||||
|
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
|
||||||
|
|
||||||
|
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
|
||||||
|
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
It's default value is False.
|
||||||
|
```
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
gam <UserTypeEntity> transfer drive
|
||||||
|
```
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
|
||||||
|
|
||||||
|
Updated to Python 3.13.4
|
||||||
|
|
||||||
|
### 7.08.02
|
||||||
|
|
||||||
|
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
|
||||||
|
|
||||||
|
* `domainlist` - The workspace primary domain
|
||||||
|
* `includetypes` - user
|
||||||
|
* `oneorganizer` - True
|
||||||
|
* `shownoorganizerdrives` - True
|
||||||
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
|
These commands produce the same result.
|
||||||
|
```
|
||||||
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
||||||
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
|
```
|
||||||
|
|
||||||
### 7.08.01
|
### 7.08.01
|
||||||
|
|
||||||
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
|
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
|
||||||
|
|||||||
@@ -152,7 +152,7 @@ gam update group|groups <GroupEntity> create|add [<GroupRole>]
|
|||||||
[preview] [actioncsv]
|
[preview] [actioncsv]
|
||||||
<UserItem>|<UserTypeEntity>
|
<UserItem>|<UserTypeEntity>
|
||||||
```
|
```
|
||||||
To add a group as a memmber of another group, just specify its email address.
|
To add a group as a member of another group, just specify its email address.
|
||||||
```
|
```
|
||||||
gam update group group1@domain.com add member group2@domain.com
|
gam update group group1@domain.com add member group2@domain.com
|
||||||
```
|
```
|
||||||
@@ -208,7 +208,7 @@ gam update group|groups <GroupEntity> delete|remove [<GroupRole>]
|
|||||||
```
|
```
|
||||||
`<GroupRole>` is ignored, deletions take place regardless of role.
|
`<GroupRole>` is ignored, deletions take place regardless of role.
|
||||||
|
|
||||||
To remove a group as a memmber of another group, just specify its email address.
|
To remove a group as a member of another group, just specify its email address.
|
||||||
```
|
```
|
||||||
gam update group group1@domain.com remove group2@domain.com
|
gam update group group1@domain.com remove group2@domain.com
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -251,9 +251,9 @@ writes the credentials into the file oauth2.txt.
|
|||||||
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
|
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
|
||||||
admin@server:/Users/admin$ gam version
|
admin@server:/Users/admin$ gam version
|
||||||
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
|
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.03 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/admin/bin/gam7
|
Path: /Users/admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -989,9 +989,9 @@ writes the credentials into the file oauth2.txt.
|
|||||||
C:\>del C:\GAMConfig\oauth2.txt
|
C:\>del C:\GAMConfig\oauth2.txt
|
||||||
C:\>gam version
|
C:\>gam version
|
||||||
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
|
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pythonsource
|
GAM 7.09.03 - https://github.com/GAM-team/GAM - pythonsource
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
Windows-10-10.0.17134 AMD64
|
Windows-10-10.0.17134 AMD64
|
||||||
Path: C:\GAM7
|
Path: C:\GAM7
|
||||||
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
|
|||||||
@@ -443,16 +443,18 @@ By default, organizers for all Shared Drives are displayed; use the following op
|
|||||||
For multiple organizers:
|
For multiple organizers:
|
||||||
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
||||||
|
|
||||||
The command defaults match the script defaults:
|
The command defaults do not match the script defaults, they are set for the most common use case:
|
||||||
* `domainlist` - All domains
|
* `domainlist` - The workspace primary domain
|
||||||
* `includetypes` - user,group
|
* `includetypes` - user
|
||||||
* `oneorganizer` - False
|
* `oneorganizer` - True
|
||||||
* `shownoorganizerdrives` - True
|
* `shownoorganizerdrives` - True
|
||||||
* `includefileorganizers` - False
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
||||||
```
|
```
|
||||||
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
```
|
```
|
||||||
|
|
||||||
## Display all Shared Drives with no members
|
## Display all Shared Drives with no members
|
||||||
|
|||||||
@@ -421,16 +421,18 @@ By default, organizers for all Shared Drives are displayed; use the following op
|
|||||||
For multiple organizers:
|
For multiple organizers:
|
||||||
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
||||||
|
|
||||||
The command defaults match the script defaults:
|
The command defaults do not match the script defaults, they are set for the most common use case:
|
||||||
* `domainlist` - All domains
|
* `domainlist` - The workspace primary domain
|
||||||
* `includetypes` - user,group
|
* `includetypes` - user
|
||||||
* `oneorganizer` - False
|
* `oneorganizer` - True
|
||||||
* `shownoorganizerdrives` - True
|
* `shownoorganizerdrives` - True
|
||||||
* `includefileorganizers` - False
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
||||||
```
|
```
|
||||||
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
```
|
```
|
||||||
|
|
||||||
## Manage Shared Drive access
|
## Manage Shared Drive access
|
||||||
|
|||||||
@@ -3,9 +3,9 @@
|
|||||||
Print the current version of Gam with details
|
Print the current version of Gam with details
|
||||||
```
|
```
|
||||||
gam version
|
gam version
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.03 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -15,9 +15,9 @@ Time: 2023-06-02T21:10:00-07:00
|
|||||||
Print the current version of Gam with details and time offset information
|
Print the current version of Gam with details and time offset information
|
||||||
```
|
```
|
||||||
gam version timeoffset
|
gam version timeoffset
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.03 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -27,9 +27,9 @@ Your system time differs from www.googleapis.com by less than 1 second
|
|||||||
Print the current version of Gam with extended details and SSL information
|
Print the current version of Gam with extended details and SSL information
|
||||||
```
|
```
|
||||||
gam version extended
|
gam version extended
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.03 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
|
|||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Version Check:
|
Version Check:
|
||||||
Current: 5.35.08
|
Current: 5.35.08
|
||||||
Latest: 7.08.01
|
Latest: 7.09.03
|
||||||
echo $?
|
echo $?
|
||||||
1
|
1
|
||||||
```
|
```
|
||||||
@@ -72,7 +72,7 @@ echo $?
|
|||||||
Print the current version number without details
|
Print the current version number without details
|
||||||
```
|
```
|
||||||
gam version simple
|
gam version simple
|
||||||
7.08.01
|
7.09.03
|
||||||
```
|
```
|
||||||
In Linux/MacOS you can do:
|
In Linux/MacOS you can do:
|
||||||
```
|
```
|
||||||
@@ -82,9 +82,9 @@ echo $VER
|
|||||||
Print the current version of Gam and address of this Wiki
|
Print the current version of Gam and address of this Wiki
|
||||||
```
|
```
|
||||||
gam help
|
gam help
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM
|
GAM 7.09.03 - https://github.com/GAM-team/GAM
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
|
|||||||
@@ -328,6 +328,16 @@ enable_dasa
|
|||||||
admin_email, customer_id and domain must be set when enable_dasa is True,
|
admin_email, customer_id and domain must be set when enable_dasa is True,
|
||||||
customer_id may not be set to my_customer
|
customer_id may not be set to my_customer
|
||||||
Signal file: OldGamPath/enabledasa.txt
|
Signal file: OldGamPath/enabledasa.txt
|
||||||
|
enforce_expansive_access
|
||||||
|
The default value for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
Default: True
|
||||||
event_max_results
|
event_max_results
|
||||||
When retrieving lists of Calendar events from API,
|
When retrieving lists of Calendar events from API,
|
||||||
how many should be retrieved in each API call
|
how many should be retrieved in each API call
|
||||||
|
|||||||
Reference in New Issue
Block a user