mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
Compare commits
13 Commits
v7.08.02
...
20250605.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
4a42581e00 | ||
|
|
de2bfb0d52 | ||
|
|
f418287e65 | ||
|
|
fccf6c1278 | ||
|
|
ee874858b4 | ||
|
|
dde1354bd0 | ||
|
|
c241c2744f | ||
|
|
5ee1fa1b61 | ||
|
|
f06944a1fa | ||
|
|
27d4c37be3 | ||
|
|
2f1a7eb347 | ||
|
|
a5818e144d | ||
|
|
4e6f1717fb |
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
@@ -126,7 +126,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
cache.tar.xz
|
cache.tar.xz
|
||||||
key: gam-${{ matrix.jid }}-20250422
|
key: gam-${{ matrix.jid }}-20250603
|
||||||
|
|
||||||
- name: Untar Cache archive
|
- name: Untar Cache archive
|
||||||
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
|
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
|
||||||
|
|||||||
@@ -1,3 +1,29 @@
|
|||||||
|
7.09.00
|
||||||
|
|
||||||
|
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
|
||||||
|
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
|
||||||
|
is enabled prompting you to update your service account authorization so that the scope can be removed.
|
||||||
|
|
||||||
|
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
|
||||||
|
|
||||||
|
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
|
||||||
|
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
It's default value is False.
|
||||||
|
```
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
gam <UserTypeEntity> transfer drive
|
||||||
|
```
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
|
||||||
|
|
||||||
|
Updated to Python 3.13.4
|
||||||
|
|
||||||
7.08.02
|
7.08.02
|
||||||
|
|
||||||
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
|
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ if __name__ == '__main__':
|
|||||||
# One time initialization
|
# One time initialization
|
||||||
if platform.system() != 'Linux':
|
if platform.system() != 'Linux':
|
||||||
multiprocessing.freeze_support()
|
multiprocessing.freeze_support()
|
||||||
multiprocessing.set_start_method('spawn')
|
multiprocessing.set_start_method('spawn', force=True)
|
||||||
initializeLogging()
|
initializeLogging()
|
||||||
#
|
#
|
||||||
CallGAMCommand(['gam', 'version'])
|
CallGAMCommand(['gam', 'version'])
|
||||||
|
|||||||
@@ -11,5 +11,5 @@ from gam.__main__ import main
|
|||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
if platform.system() != 'Linux':
|
if platform.system() != 'Linux':
|
||||||
multiprocessing.freeze_support()
|
multiprocessing.freeze_support()
|
||||||
multiprocessing.set_start_method('spawn')
|
multiprocessing.set_start_method('spawn', force=True)
|
||||||
main()
|
main()
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.08.02'
|
__version__ = '7.09.00'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -4785,8 +4785,9 @@ def defaultSvcAcctScopes():
|
|||||||
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
|
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
|
||||||
saScopes = {}
|
saScopes = {}
|
||||||
for scope in scopesList:
|
for scope in scopesList:
|
||||||
saScopes.setdefault(scope['api'], [])
|
if not scope.get('offByDefault'):
|
||||||
saScopes[scope['api']].append(scope['scope'])
|
saScopes.setdefault(scope['api'], [])
|
||||||
|
saScopes[scope['api']].append(scope['scope'])
|
||||||
saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
|
saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
|
||||||
saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
|
saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
|
||||||
saScopes[API.DRIVETD] = saScopes[API.DRIVE3]
|
saScopes[API.DRIVETD] = saScopes[API.DRIVE3]
|
||||||
@@ -12232,7 +12233,7 @@ def checkServiceAccount(users):
|
|||||||
|
|
||||||
def authorizeScopes(message):
|
def authorizeScopes(message):
|
||||||
long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
|
long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
|
||||||
f'?clientScopeToAdd={",".join(checkScopes)}'
|
f'?clientScopeToAdd={",".join(sorted(checkScopes))}'
|
||||||
f'&clientIdToAdd={service_account}&overwriteClientId=true')
|
f'&clientIdToAdd={service_account}&overwriteClientId=true')
|
||||||
if GC.Values[GC.DOMAIN]:
|
if GC.Values[GC.DOMAIN]:
|
||||||
long_url += f'&dn={GC.Values[GC.DOMAIN]}'
|
long_url += f'&dn={GC.Values[GC.DOMAIN]}'
|
||||||
@@ -12244,10 +12245,12 @@ def checkServiceAccount(users):
|
|||||||
allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
|
allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
|
||||||
checkScopesSet = set()
|
checkScopesSet = set()
|
||||||
saScopes = {}
|
saScopes = {}
|
||||||
|
checkDeprecatedScopes = True
|
||||||
useColor = False
|
useColor = False
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
if myarg in {'scope', 'scopes'}:
|
if myarg in {'scope', 'scopes'}:
|
||||||
|
checkDeprecatedScopes = False
|
||||||
for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
|
for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
|
||||||
api = API.getSvcAcctScopeAPI(scope)
|
api = API.getSvcAcctScopeAPI(scope)
|
||||||
if api is not None:
|
if api is not None:
|
||||||
@@ -12264,10 +12267,12 @@ def checkServiceAccount(users):
|
|||||||
testPass = createGreenText('PASS')
|
testPass = createGreenText('PASS')
|
||||||
testFail = createRedText('FAIL')
|
testFail = createRedText('FAIL')
|
||||||
testWarn = createYellowText('WARN')
|
testWarn = createYellowText('WARN')
|
||||||
|
testDeprecated = createRedText('DEPRECATED')
|
||||||
else:
|
else:
|
||||||
testPass = 'PASS'
|
testPass = 'PASS'
|
||||||
testFail = 'FAIL'
|
testFail = 'FAIL'
|
||||||
testWarn = 'WARN'
|
testWarn = 'WARN'
|
||||||
|
testDeprecated = 'DEPRECATED'
|
||||||
if Act.Get() == Act.CHECK:
|
if Act.Get() == Act.CHECK:
|
||||||
if not checkScopesSet:
|
if not checkScopesSet:
|
||||||
for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
|
for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
|
||||||
@@ -12275,7 +12280,7 @@ def checkServiceAccount(users):
|
|||||||
else:
|
else:
|
||||||
if not checkScopesSet:
|
if not checkScopesSet:
|
||||||
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
|
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
|
||||||
selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES])
|
selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES] if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] else None)
|
||||||
if selectedScopes is None:
|
if selectedScopes is None:
|
||||||
return False
|
return False
|
||||||
i = 0
|
i = 0
|
||||||
@@ -12337,7 +12342,7 @@ def checkServiceAccount(users):
|
|||||||
if saTokenStatus == testFail:
|
if saTokenStatus == testFail:
|
||||||
invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
|
invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
|
||||||
_getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
|
_getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
|
||||||
if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] and API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
|
if API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
|
||||||
GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.IAM_SCOPE]
|
GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.IAM_SCOPE]
|
||||||
key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
|
key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
|
||||||
if key_type == 'default':
|
if key_type == 'default':
|
||||||
@@ -12399,6 +12404,38 @@ def checkServiceAccount(users):
|
|||||||
allScopesPass = False
|
allScopesPass = False
|
||||||
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
|
if checkDeprecatedScopes:
|
||||||
|
deprecatedScopes = sorted(API.DEPRECATED_SCOPES)
|
||||||
|
jcount = len(deprecatedScopes)
|
||||||
|
printKeyValueListWithCount([Msg.DEPRECATED_SCOPES, '',
|
||||||
|
Ent.Singular(Ent.USER), user,
|
||||||
|
Ent.Choose(Ent.SCOPE, jcount), jcount],
|
||||||
|
i, count)
|
||||||
|
Ind.Increment()
|
||||||
|
j = 0
|
||||||
|
for scope in deprecatedScopes:
|
||||||
|
j += 1
|
||||||
|
# try with and without email scope
|
||||||
|
for scopes in [[scope, API.USERINFO_EMAIL_SCOPE], [scope]]:
|
||||||
|
try:
|
||||||
|
credentials = getSvcAcctCredentials(scopes, user)
|
||||||
|
credentials.refresh(request)
|
||||||
|
break
|
||||||
|
except (httplib2.HttpLib2Error, google.auth.exceptions.TransportError, RuntimeError) as e:
|
||||||
|
handleServerError(e)
|
||||||
|
except google.auth.exceptions.RefreshError:
|
||||||
|
continue
|
||||||
|
if credentials.token:
|
||||||
|
token_info = callGAPI(oa2, 'tokeninfo', access_token=credentials.token)
|
||||||
|
if scope in token_info.get('scope', '').split(' ') and user == token_info.get('email', user).lower():
|
||||||
|
scopeStatus = testDeprecated
|
||||||
|
allScopesPass = False
|
||||||
|
else:
|
||||||
|
scopeStatus = testPass
|
||||||
|
else:
|
||||||
|
scopeStatus = testPass
|
||||||
|
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
|
||||||
|
Ind.Decrement()
|
||||||
service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
|
service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
|
||||||
if allScopesPass:
|
if allScopesPass:
|
||||||
if Act.Get() == Act.CHECK:
|
if Act.Get() == Act.CHECK:
|
||||||
@@ -58716,7 +58753,7 @@ def initCopyMoveOptions(copyCmd):
|
|||||||
'showPermissionMessages': False,
|
'showPermissionMessages': False,
|
||||||
'sendEmailIfRequired': False,
|
'sendEmailIfRequired': False,
|
||||||
'useDomainAdminAccess': False,
|
'useDomainAdminAccess': False,
|
||||||
'enforceExpansiveAccess': False,
|
'enforceExpansiveAccess': GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS],
|
||||||
'copiedShortcutsPointToCopiedFiles': True,
|
'copiedShortcutsPointToCopiedFiles': True,
|
||||||
'createShortcutsForNonmovableFiles': False,
|
'createShortcutsForNonmovableFiles': False,
|
||||||
'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
|
'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
|
||||||
@@ -62096,7 +62133,8 @@ def transferDrive(users):
|
|||||||
targetUserFolderPattern = '#user# old files'
|
targetUserFolderPattern = '#user# old files'
|
||||||
targetUserOrphansFolderPattern = '#user# orphaned files'
|
targetUserOrphansFolderPattern = '#user# orphaned files'
|
||||||
targetIds = [None, None]
|
targetIds = [None, None]
|
||||||
createShortcutsForNonmovableFiles = enforceExpansiveAccess = False
|
createShortcutsForNonmovableFiles = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
mergeWithTarget = False
|
mergeWithTarget = False
|
||||||
thirdPartyOwners = {}
|
thirdPartyOwners = {}
|
||||||
skipFileIdEntity = initDriveFileEntity()
|
skipFileIdEntity = initDriveFileEntity()
|
||||||
@@ -62402,7 +62440,8 @@ def transferOwnership(users):
|
|||||||
body = {}
|
body = {}
|
||||||
newOwner = getEmailAddress()
|
newOwner = getEmailAddress()
|
||||||
OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
|
OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
|
||||||
changeParents = enforceExpansiveAccess = filepath = includeTrashed = noRecursion = False
|
changeParents = filepath = includeTrashed = noRecursion = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
pathDelimiter = '/'
|
pathDelimiter = '/'
|
||||||
csvPF = fileTree = None
|
csvPF = fileTree = None
|
||||||
addParents = ''
|
addParents = ''
|
||||||
@@ -62728,7 +62767,8 @@ def claimOwnership(users):
|
|||||||
onlyOwners = set()
|
onlyOwners = set()
|
||||||
skipOwners = set()
|
skipOwners = set()
|
||||||
subdomains = []
|
subdomains = []
|
||||||
enforceExpansiveAccess = filepath = includeTrashed = False
|
filepath = includeTrashed = False
|
||||||
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
pathDelimiter = '/'
|
pathDelimiter = '/'
|
||||||
addParents = ''
|
addParents = ''
|
||||||
parentBody = {}
|
parentBody = {}
|
||||||
@@ -63503,7 +63543,7 @@ def doCreateDriveFileACL():
|
|||||||
def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
||||||
fileIdEntity = getDriveFileEntity()
|
fileIdEntity = getDriveFileEntity()
|
||||||
isEmail, permissionId = getPermissionId()
|
isEmail, permissionId = getPermissionId()
|
||||||
enforceExpansiveAccess = None
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
removeExpiration = showTitles = updateSheetProtectedRanges = False
|
removeExpiration = showTitles = updateSheetProtectedRanges = False
|
||||||
showDetails = True
|
showDetails = True
|
||||||
csvPF = None
|
csvPF = None
|
||||||
@@ -63541,9 +63581,6 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
||||||
if 'role' not in body:
|
if 'role' not in body:
|
||||||
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
|
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
|
||||||
updateKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
|
|
||||||
if enforceExpansiveAccess is not None:
|
|
||||||
updateKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
|
|
||||||
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
|
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
|
||||||
if csvPF and showTitles:
|
if csvPF and showTitles:
|
||||||
csvPF.AddTitles(fileNameTitle)
|
csvPF.AddTitles(fileNameTitle)
|
||||||
@@ -63581,7 +63618,7 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
permission = callGAPI(drive.permissions(), 'update',
|
permission = callGAPI(drive.permissions(), 'update',
|
||||||
bailOnInternalError=True,
|
bailOnInternalError=True,
|
||||||
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
||||||
**updateKwargs,
|
useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
|
||||||
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
|
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
|
||||||
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
|
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
|
||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
@@ -63832,7 +63869,7 @@ def doCreatePermissions():
|
|||||||
def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
||||||
fileIdEntity = getDriveFileEntity()
|
fileIdEntity = getDriveFileEntity()
|
||||||
isEmail, permissionId = getPermissionId()
|
isEmail, permissionId = getPermissionId()
|
||||||
enforceExpansiveAccess = None
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
showTitles = updateSheetProtectedRanges = False
|
showTitles = updateSheetProtectedRanges = False
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
@@ -63847,9 +63884,6 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
else:
|
else:
|
||||||
unknownArgumentExit()
|
unknownArgumentExit()
|
||||||
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
|
||||||
deleteKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
|
|
||||||
if enforceExpansiveAccess is not None:
|
|
||||||
deleteKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
|
|
||||||
i, count, users = getEntityArgument(users)
|
i, count, users = getEntityArgument(users)
|
||||||
for user in users:
|
for user in users:
|
||||||
i += 1
|
i += 1
|
||||||
@@ -63882,7 +63916,7 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
break
|
break
|
||||||
callGAPI(drive.permissions(), 'delete',
|
callGAPI(drive.permissions(), 'delete',
|
||||||
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
|
||||||
**deleteKwargs,
|
useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
|
||||||
fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
|
fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
|
||||||
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
|
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
|
||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
@@ -63961,7 +63995,7 @@ def deletePermissions(users, useDomainAdminAccess=False):
|
|||||||
jsonData = getJSON([])
|
jsonData = getJSON([])
|
||||||
PM = PermissionMatch()
|
PM = PermissionMatch()
|
||||||
PM.SetDefaultMatch(False, {'role': 'owner'})
|
PM.SetDefaultMatch(False, {'role': 'owner'})
|
||||||
enforceExpansiveAccess = False
|
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
if myarg in ADMIN_ACCESS_OPTIONS:
|
if myarg in ADMIN_ACCESS_OPTIONS:
|
||||||
@@ -66200,7 +66234,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
|
|||||||
useDomainAdminAccess=useDomainAdminAccess,
|
useDomainAdminAccess=useDomainAdminAccess,
|
||||||
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
|
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
|
||||||
for permission in permissions:
|
for permission in permissions:
|
||||||
if permission['type'] in includeTypes and permission['role'] in roles:
|
if permission['type'] in includeTypes and permission['role'] in roles and permission.get('emailAddress', ''):
|
||||||
if domainList:
|
if domainList:
|
||||||
_, domain = permission['emailAddress'].lower().split('@', 1)
|
_, domain = permission['emailAddress'].lower().split('@', 1)
|
||||||
if domain not in domainList:
|
if domain not in domainList:
|
||||||
|
|||||||
@@ -118,6 +118,7 @@ JWT_APIS = {
|
|||||||
ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
|
ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
|
||||||
CHAT: ['https://www.googleapis.com/auth/chat.bot'],
|
CHAT: ['https://www.googleapis.com/auth/chat.bot'],
|
||||||
CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
|
CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
|
||||||
|
IAM: [IAM_SCOPE],
|
||||||
ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
|
ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
@@ -131,6 +132,12 @@ APIS_NEEDING_ACCESS_TOKEN = {
|
|||||||
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
|
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
|
DEPRECATED_SCOPES = {
|
||||||
|
'https://www.googleapis.com/auth/cloud-identity',
|
||||||
|
'https://www.googleapis.com/auth/cloud-platform',
|
||||||
|
'https://www.googleapis.com/auth/iam',
|
||||||
|
}
|
||||||
|
#
|
||||||
REFRESH_PERM_ERRORS = [
|
REFRESH_PERM_ERRORS = [
|
||||||
'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
|
'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
|
||||||
'invalid_grant: Token has been expired or revoked',
|
'invalid_grant: Token has been expired or revoked',
|
||||||
@@ -645,11 +652,11 @@ _SVCACCT_SCOPES = [
|
|||||||
'api': GMAIL,
|
'api': GMAIL,
|
||||||
'subscopes': [],
|
'subscopes': [],
|
||||||
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
|
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
|
||||||
{'name': 'Identity and Access Management API',
|
# {'name': 'Identity and Access Management API',
|
||||||
'api': IAM,
|
# 'api': IAM,
|
||||||
'offByDefault': True,
|
# 'offByDefault': True,
|
||||||
'subscopes': [],
|
# 'subscopes': [],
|
||||||
'scope': IAM_SCOPE},
|
# 'scope': CLOUD_PLATFORM_SCOPE},
|
||||||
{'name': 'Keep API',
|
{'name': 'Keep API',
|
||||||
'api': KEEP,
|
'api': KEEP,
|
||||||
'subscopes': READONLY,
|
'subscopes': READONLY,
|
||||||
|
|||||||
@@ -163,6 +163,8 @@ EMAIL_BATCH_SIZE = 'email_batch_size'
|
|||||||
ENABLE_DASA = 'enable_dasa'
|
ENABLE_DASA = 'enable_dasa'
|
||||||
# Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
|
# Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
|
||||||
ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
|
ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
|
||||||
|
# Value for enforceExpansiveAccess for commands that delete or update drive file ACLs/permissions.
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS = 'enforce_expansive_access'
|
||||||
# When retrieving lists of calendar events from API, how many should be retrieved in each chunk
|
# When retrieving lists of calendar events from API, how many should be retrieved in each chunk
|
||||||
EVENT_MAX_RESULTS = 'event_max_results'
|
EVENT_MAX_RESULTS = 'event_max_results'
|
||||||
# Path to extra_args.txt
|
# Path to extra_args.txt
|
||||||
@@ -377,6 +379,7 @@ Defaults = {
|
|||||||
DEVICE_MAX_RESULTS: '200',
|
DEVICE_MAX_RESULTS: '200',
|
||||||
DOMAIN: '',
|
DOMAIN: '',
|
||||||
DRIVE_DIR: '',
|
DRIVE_DIR: '',
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS: FALSE,
|
||||||
DRIVE_MAX_RESULTS: '1000',
|
DRIVE_MAX_RESULTS: '1000',
|
||||||
DRIVE_V3_BETA: FALSE,
|
DRIVE_V3_BETA: FALSE,
|
||||||
DRIVE_V3_NATIVE_NAMES: TRUE,
|
DRIVE_V3_NATIVE_NAMES: TRUE,
|
||||||
@@ -545,6 +548,7 @@ VAR_INFO = {
|
|||||||
DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
|
DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
|
||||||
DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
|
DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
|
||||||
DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
|
DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
|
||||||
|
ENFORCE_EXPANSIVE_ACCESS: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
|
DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
|
||||||
DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
|
DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},
|
DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},
|
||||||
|
|||||||
@@ -140,12 +140,13 @@ SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
|
|||||||
SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
|
SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
|
||||||
UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
|
UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
|
||||||
DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
|
DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
|
||||||
|
DEPRECATED_SCOPES = 'Deprecated scopes that GAM should NEVER have DwD access to'
|
||||||
SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
|
SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
|
||||||
|
|
||||||
Service Account Client name: {0} is fully authorized.
|
Service Account Client name: {0} is fully authorized.
|
||||||
'''
|
'''
|
||||||
SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
|
SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
|
||||||
To authorize them (in case some scopes were unselected), please go to the following link in your browser:
|
To update authorization (in case some scopes were unselected), please go to the following link in your browser:
|
||||||
{0}
|
{0}
|
||||||
{1}
|
{1}
|
||||||
|
|
||||||
@@ -156,8 +157,8 @@ Click AUTHORIZE
|
|||||||
When the box closes you're done
|
When the box closes you're done
|
||||||
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
|
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
|
||||||
'''
|
'''
|
||||||
SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED!
|
SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED or should be DISABLED!
|
||||||
To authorize them, please go to the following link in your browser:
|
To update authorization, please go to the following link in your browser:
|
||||||
{0}
|
{0}
|
||||||
{1}
|
{1}
|
||||||
|
|
||||||
|
|||||||
@@ -10,6 +10,50 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
|
|||||||
|
|
||||||
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
||||||
|
|
||||||
|
### 7.09.00
|
||||||
|
|
||||||
|
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
|
||||||
|
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
|
||||||
|
is enabled prompting you to update your service account authorization so that the scope can be removed.
|
||||||
|
|
||||||
|
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
|
||||||
|
|
||||||
|
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
|
||||||
|
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
It's default value is False.
|
||||||
|
```
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
gam <UserTypeEntity> transfer drive
|
||||||
|
```
|
||||||
|
|
||||||
|
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
|
||||||
|
|
||||||
|
Updated to Python 3.13.4
|
||||||
|
|
||||||
|
### 7.08.02
|
||||||
|
|
||||||
|
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
|
||||||
|
|
||||||
|
* `domainlist` - The workspace primary domain
|
||||||
|
* `includetypes` - user
|
||||||
|
* `oneorganizer` - True
|
||||||
|
* `shownoorganizerdrives` - True
|
||||||
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
|
These commands produce the same result.
|
||||||
|
```
|
||||||
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
||||||
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
|
```
|
||||||
|
|
||||||
### 7.08.01
|
### 7.08.01
|
||||||
|
|
||||||
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
|
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
|
||||||
|
|||||||
@@ -251,9 +251,9 @@ writes the credentials into the file oauth2.txt.
|
|||||||
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
|
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
|
||||||
admin@server:/Users/admin$ gam version
|
admin@server:/Users/admin$ gam version
|
||||||
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
|
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.00 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/admin/bin/gam7
|
Path: /Users/admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -989,9 +989,9 @@ writes the credentials into the file oauth2.txt.
|
|||||||
C:\>del C:\GAMConfig\oauth2.txt
|
C:\>del C:\GAMConfig\oauth2.txt
|
||||||
C:\>gam version
|
C:\>gam version
|
||||||
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
|
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pythonsource
|
GAM 7.09.00 - https://github.com/GAM-team/GAM - pythonsource
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
Windows-10-10.0.17134 AMD64
|
Windows-10-10.0.17134 AMD64
|
||||||
Path: C:\GAM7
|
Path: C:\GAM7
|
||||||
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
|
|||||||
@@ -443,16 +443,18 @@ By default, organizers for all Shared Drives are displayed; use the following op
|
|||||||
For multiple organizers:
|
For multiple organizers:
|
||||||
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
||||||
|
|
||||||
The command defaults match the script defaults:
|
The command defaults do not match the script defaults, they are set for the most common use case:
|
||||||
* `domainlist` - All domains
|
* `domainlist` - The workspace primary domain
|
||||||
* `includetypes` - user,group
|
* `includetypes` - user
|
||||||
* `oneorganizer` - False
|
* `oneorganizer` - True
|
||||||
* `shownoorganizerdrives` - True
|
* `shownoorganizerdrives` - True
|
||||||
* `includefileorganizers` - False
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
||||||
```
|
```
|
||||||
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
```
|
```
|
||||||
|
|
||||||
## Display all Shared Drives with no members
|
## Display all Shared Drives with no members
|
||||||
|
|||||||
@@ -421,16 +421,18 @@ By default, organizers for all Shared Drives are displayed; use the following op
|
|||||||
For multiple organizers:
|
For multiple organizers:
|
||||||
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
|
||||||
|
|
||||||
The command defaults match the script defaults:
|
The command defaults do not match the script defaults, they are set for the most common use case:
|
||||||
* `domainlist` - All domains
|
* `domainlist` - The workspace primary domain
|
||||||
* `includetypes` - user,group
|
* `includetypes` - user
|
||||||
* `oneorganizer` - False
|
* `oneorganizer` - True
|
||||||
* `shownoorganizerdrives` - True
|
* `shownoorganizerdrives` - True
|
||||||
* `includefileorganizers` - False
|
* `includefileorganizers` - False
|
||||||
|
|
||||||
|
To select organizers from any domain, use: `domainlist ""`
|
||||||
|
|
||||||
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
|
||||||
```
|
```
|
||||||
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
|
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
|
||||||
```
|
```
|
||||||
|
|
||||||
## Manage Shared Drive access
|
## Manage Shared Drive access
|
||||||
|
|||||||
@@ -3,9 +3,9 @@
|
|||||||
Print the current version of Gam with details
|
Print the current version of Gam with details
|
||||||
```
|
```
|
||||||
gam version
|
gam version
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.00 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -15,9 +15,9 @@ Time: 2023-06-02T21:10:00-07:00
|
|||||||
Print the current version of Gam with details and time offset information
|
Print the current version of Gam with details and time offset information
|
||||||
```
|
```
|
||||||
gam version timeoffset
|
gam version timeoffset
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.00 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -27,9 +27,9 @@ Your system time differs from www.googleapis.com by less than 1 second
|
|||||||
Print the current version of Gam with extended details and SSL information
|
Print the current version of Gam with extended details and SSL information
|
||||||
```
|
```
|
||||||
gam version extended
|
gam version extended
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.09.00 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
|
|||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Version Check:
|
Version Check:
|
||||||
Current: 5.35.08
|
Current: 5.35.08
|
||||||
Latest: 7.08.01
|
Latest: 7.09.00
|
||||||
echo $?
|
echo $?
|
||||||
1
|
1
|
||||||
```
|
```
|
||||||
@@ -72,7 +72,7 @@ echo $?
|
|||||||
Print the current version number without details
|
Print the current version number without details
|
||||||
```
|
```
|
||||||
gam version simple
|
gam version simple
|
||||||
7.08.01
|
7.09.00
|
||||||
```
|
```
|
||||||
In Linux/MacOS you can do:
|
In Linux/MacOS you can do:
|
||||||
```
|
```
|
||||||
@@ -82,9 +82,9 @@ echo $VER
|
|||||||
Print the current version of Gam and address of this Wiki
|
Print the current version of Gam and address of this Wiki
|
||||||
```
|
```
|
||||||
gam help
|
gam help
|
||||||
GAM 7.08.01 - https://github.com/GAM-team/GAM
|
GAM 7.09.00 - https://github.com/GAM-team/GAM
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.3 64-bit final
|
Python 3.13.4 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
|
||||||
|
|||||||
@@ -328,6 +328,16 @@ enable_dasa
|
|||||||
admin_email, customer_id and domain must be set when enable_dasa is True,
|
admin_email, customer_id and domain must be set when enable_dasa is True,
|
||||||
customer_id may not be set to my_customer
|
customer_id may not be set to my_customer
|
||||||
Signal file: OldGamPath/enabledasa.txt
|
Signal file: OldGamPath/enabledasa.txt
|
||||||
|
enforce_expansive_access
|
||||||
|
The default value for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
|
||||||
|
gam <UserTypeEntity> delete permissions
|
||||||
|
gam <UserTypeEntity> delete drivefileacl
|
||||||
|
gam <UserTypeEntity> update drivefileacl
|
||||||
|
gam <UserTypeEntity> copy drivefile
|
||||||
|
gam <UserTypeEntity> move drivefile
|
||||||
|
gam <UserTypeEntity> transfer ownership
|
||||||
|
gam <UserTypeEntity> claim ownership
|
||||||
|
Default: False
|
||||||
event_max_results
|
event_max_results
|
||||||
When retrieving lists of Calendar events from API,
|
When retrieving lists of Calendar events from API,
|
||||||
how many should be retrieved in each API call
|
how many should be retrieved in each API call
|
||||||
|
|||||||
Reference in New Issue
Block a user