mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
Compare commits
7 Commits
v7.10.04
...
20250626.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
130a483e4d | ||
|
|
cbd04bcec4 | ||
|
|
a51b245015 | ||
|
|
64356a9736 | ||
|
|
c18375abb7 | ||
|
|
c9c0cac57e | ||
|
|
8ca3717f97 |
4
.github/workflows/build.yml
vendored
4
.github/workflows/build.yml
vendored
@@ -810,7 +810,7 @@ jobs:
|
|||||||
echo "Created shared drive ${driveid}"
|
echo "Created shared drive ${driveid}"
|
||||||
$gam create user $newuser firstname GHA lastname $JID displayname "Github Actions ${JID}" password random recoveryphone 12125121110 recoveryemail jay0lee@gmail.com gha.jid $JID languages en+,en-GB- ou "${newou}"
|
$gam create user $newuser firstname GHA lastname $JID displayname "Github Actions ${JID}" password random recoveryphone 12125121110 recoveryemail jay0lee@gmail.com gha.jid $JID languages en+,en-GB- ou "${newou}"
|
||||||
$gam user $newuser add license workspaceenterpriseplus
|
$gam user $newuser add license workspaceenterpriseplus
|
||||||
$gam user $newuser update photo https://dummyimage.com/400x600/000/fff
|
$gam user $newuser update photo https://dummyimage.com/98x98/000/fff.jpg
|
||||||
$gam user $newuser get photo
|
$gam user $newuser get photo
|
||||||
$gam user $newuser delete photo
|
$gam user $newuser delete photo
|
||||||
$gam create alias $newalias user $newuser
|
$gam create alias $newalias user $newuser
|
||||||
@@ -920,7 +920,7 @@ jobs:
|
|||||||
$gam config enable_dasa true save
|
$gam config enable_dasa true save
|
||||||
$gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail || if [ $? != 50 ]; then exit $?; fi # expect a 50 return code (vault hold on user)
|
$gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail || if [ $? != 50 ]; then exit $?; fi # expect a 50 return code (vault hold on user)
|
||||||
$gam print mobile
|
$gam print mobile
|
||||||
$gam print devices
|
$gam print devices clientstates
|
||||||
$gam print browsers
|
$gam print browsers
|
||||||
$gam print cros allfields orderby serialnumber
|
$gam print cros allfields orderby serialnumber
|
||||||
$gam show crostelemetry storagepercentonly
|
$gam show crostelemetry storagepercentonly
|
||||||
|
|||||||
@@ -4124,6 +4124,7 @@ gam print devices [todrive <ToDriveAttribute>*]
|
|||||||
[orderby <DeviceOrderByFieldName> [ascending|descending]]
|
[orderby <DeviceOrderByFieldName> [ascending|descending]]
|
||||||
[all|company|personal|nocompanydevices|nopersonaldevices]
|
[all|company|personal|nocompanydevices|nopersonaldevices]
|
||||||
[nodeviceusers|oneuserperrow]
|
[nodeviceusers|oneuserperrow]
|
||||||
|
[clientstates]
|
||||||
[formatjson [quotechar <Character>]]
|
[formatjson [quotechar <Character>]]
|
||||||
[showitemcountonly]
|
[showitemcountonly]
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,12 @@
|
|||||||
|
7.10.06
|
||||||
|
|
||||||
|
"gam print devices clientstates" to include client states in device output
|
||||||
|
|
||||||
|
7.10.05
|
||||||
|
|
||||||
|
Google renamed an error: cannotModifyInheritedTeamDrivePermission became cannotModifyInheritedPermission.
|
||||||
|
GAM will now handle the new error.
|
||||||
|
|
||||||
7.10.04
|
7.10.04
|
||||||
|
|
||||||
Updated `gam report <ActivityApplicationName>` to accept accept application names as defined
|
Updated `gam report <ActivityApplicationName>` to accept accept application names as defined
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.10.04'
|
__version__ = '7.10.06'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -29508,6 +29508,7 @@ def getCIDeviceEntity():
|
|||||||
return ([], ci, customer, False)
|
return ([], ci, customer, False)
|
||||||
|
|
||||||
DEVICE_USERNAME_PATTERN = re.compile(r'^(devices/.+)/(deviceUsers/.+)$')
|
DEVICE_USERNAME_PATTERN = re.compile(r'^(devices/.+)/(deviceUsers/.+)$')
|
||||||
|
DEVICE_USERNAME_CLIENT_STATE_PATTERN = re.compile(r'^(devices/.+/deviceUsers/.+)/clientStates/(.+)$')
|
||||||
DEVICE_USERNAME_FORMAT_REQUIRED = 'devices/<String>/deviceUsers/<String>'
|
DEVICE_USERNAME_FORMAT_REQUIRED = 'devices/<String>/deviceUsers/<String>'
|
||||||
def getCIDeviceUserEntity():
|
def getCIDeviceUserEntity():
|
||||||
ci = buildGAPICIDeviceServiceObject()
|
ci = buildGAPICIDeviceServiceObject()
|
||||||
@@ -29956,6 +29957,7 @@ DEVICE_ORDERBY_CHOICE_MAP = {
|
|||||||
# [orderby <DeviceOrderByFieldName> [ascending|descending]]
|
# [orderby <DeviceOrderByFieldName> [ascending|descending]]
|
||||||
# [all|company|personal|nocompanydevices|nopersonaldevices]
|
# [all|company|personal|nocompanydevices|nopersonaldevices]
|
||||||
# [nodeviceusers|oneuserperrow]
|
# [nodeviceusers|oneuserperrow]
|
||||||
|
# [clientstates]
|
||||||
# [formatjson [quotechar <Character>]]
|
# [formatjson [quotechar <Character>]]
|
||||||
# [showitemcountonly]
|
# [showitemcountonly]
|
||||||
def doPrintCIDevices():
|
def doPrintCIDevices():
|
||||||
@@ -29971,6 +29973,7 @@ def doPrintCIDevices():
|
|||||||
queries = [None]
|
queries = [None]
|
||||||
view, entityType = DEVICE_VIEW_CHOICE_MAP['all']
|
view, entityType = DEVICE_VIEW_CHOICE_MAP['all']
|
||||||
getDeviceUsers = True
|
getDeviceUsers = True
|
||||||
|
getClientStates = False
|
||||||
oneUserPerRow = showItemCountOnly = False
|
oneUserPerRow = showItemCountOnly = False
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
@@ -29986,6 +29989,8 @@ def doPrintCIDevices():
|
|||||||
view, entityType = DEVICE_VIEW_CHOICE_MAP[myarg]
|
view, entityType = DEVICE_VIEW_CHOICE_MAP[myarg]
|
||||||
elif myarg == 'nodeviceusers':
|
elif myarg == 'nodeviceusers':
|
||||||
getDeviceUsers = False
|
getDeviceUsers = False
|
||||||
|
elif myarg == 'clientstates':
|
||||||
|
getClientStates = True
|
||||||
elif myarg in {'oneuserperrow', 'oneitemperrow'}:
|
elif myarg in {'oneuserperrow', 'oneitemperrow'}:
|
||||||
getDeviceUsers = oneUserPerRow = True
|
getDeviceUsers = oneUserPerRow = True
|
||||||
elif getFieldsList(myarg, DEVICE_FIELDS_CHOICE_MAP, fieldsList, initialField='name'):
|
elif getFieldsList(myarg, DEVICE_FIELDS_CHOICE_MAP, fieldsList, initialField='name'):
|
||||||
@@ -30004,14 +30009,16 @@ def doPrintCIDevices():
|
|||||||
if FJQC.formatJSON and oneUserPerRow:
|
if FJQC.formatJSON and oneUserPerRow:
|
||||||
csvPF.SetJSONTitles(['name', 'user.name', 'JSON'])
|
csvPF.SetJSONTitles(['name', 'user.name', 'JSON'])
|
||||||
itemCount = 0
|
itemCount = 0
|
||||||
|
throwReasons = [GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED]
|
||||||
|
retryReasons = GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS
|
||||||
for query in queries:
|
for query in queries:
|
||||||
printGettingAllAccountEntities(entityType, query)
|
printGettingAllAccountEntities(entityType, query)
|
||||||
pageMessage = getPageMessage()
|
pageMessage = getPageMessage()
|
||||||
try:
|
try:
|
||||||
devices = callGAPIpages(ci.devices(), 'list', 'devices',
|
devices = callGAPIpages(ci.devices(), 'list', 'devices',
|
||||||
pageMessage=pageMessage,
|
pageMessage=pageMessage,
|
||||||
throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
|
throwReasons=throwReasons,
|
||||||
retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
|
retryReasons=retryReasons,
|
||||||
customer=customer, filter=query,
|
customer=customer, filter=query,
|
||||||
orderBy=OBY.orderBy, view=view, fields=fields, pageSize=100)
|
orderBy=OBY.orderBy, view=view, fields=fields, pageSize=100)
|
||||||
if showItemCountOnly:
|
if showItemCountOnly:
|
||||||
@@ -30030,10 +30037,27 @@ def doPrintCIDevices():
|
|||||||
try:
|
try:
|
||||||
deviceUsers = callGAPIpages(ci.devices().deviceUsers(), 'list', 'deviceUsers',
|
deviceUsers = callGAPIpages(ci.devices().deviceUsers(), 'list', 'deviceUsers',
|
||||||
pageMessage=pageMessage,
|
pageMessage=pageMessage,
|
||||||
throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
|
throwReasons=throwReasons,
|
||||||
retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
|
retryReasons=retryReasons,
|
||||||
customer=customer, filter=query, parent=parent,
|
customer=customer, filter=query, parent=parent,
|
||||||
orderBy=OBY.orderBy, fields=userFields, pageSize=20)
|
orderBy=OBY.orderBy, fields=userFields, pageSize=20)
|
||||||
|
if getClientStates:
|
||||||
|
printGettingAllAccountEntities(Ent.DEVICE_USER_CLIENT_STATE, None)
|
||||||
|
states = callGAPIpages(ci.devices().deviceUsers().clientStates(), 'list', 'clientStates',
|
||||||
|
pageMessage=pageMessage,
|
||||||
|
throwReasons=throwReasons,
|
||||||
|
retryReasons=retryReasons,
|
||||||
|
customer=customer, filter=query, parent='devices/-/deviceUsers/-')
|
||||||
|
for state in states:
|
||||||
|
mg = DEVICE_USERNAME_CLIENT_STATE_PATTERN.match(state['name'])
|
||||||
|
if mg:
|
||||||
|
du = mg.group(1)
|
||||||
|
state_name = mg.group(2)
|
||||||
|
for i in range(len(deviceUsers)):
|
||||||
|
if deviceUsers[i]['name'] == du:
|
||||||
|
deviceUsers[i].setdefault('clientstates', {})
|
||||||
|
deviceUsers[i]['clientstates'][state_name] = state
|
||||||
|
break
|
||||||
for deviceUser in deviceUsers:
|
for deviceUser in deviceUsers:
|
||||||
mg = DEVICE_USERNAME_PATTERN.match(deviceUser['name'])
|
mg = DEVICE_USERNAME_PATTERN.match(deviceUser['name'])
|
||||||
if mg:
|
if mg:
|
||||||
@@ -59527,7 +59551,8 @@ def _copyPermissions(drive, user, i, count, j, jcount,
|
|||||||
entityActionPerformed(kvList, k, kcount)
|
entityActionPerformed(kvList, k, kcount)
|
||||||
except (GAPI.notFound, GAPI.permissionNotFound,
|
except (GAPI.notFound, GAPI.permissionNotFound,
|
||||||
GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
||||||
GAPI.fileNeverWritable, GAPI.badRequest, GAPI.cannotRemoveOwner, GAPI.cannotModifyInheritedTeamDrivePermission,
|
GAPI.fileNeverWritable, GAPI.badRequest, GAPI.cannotRemoveOwner,
|
||||||
|
GAPI.cannotModifyInheritedTeamDrivePermission, GAPI.cannotModifyInheritedPermission,
|
||||||
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded, GAPI.cannotDeletePermission) as e:
|
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded, GAPI.cannotDeletePermission) as e:
|
||||||
entityActionFailedWarning(kvList, str(e), k, kcount)
|
entityActionFailedWarning(kvList, str(e), k, kcount)
|
||||||
except (GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
|
except (GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
|
||||||
@@ -59554,7 +59579,8 @@ def _copyPermissions(drive, user, i, count, j, jcount,
|
|||||||
entityActionPerformed(kvList, k, kcount)
|
entityActionPerformed(kvList, k, kcount)
|
||||||
except (GAPI.notFound, GAPI.permissionNotFound,
|
except (GAPI.notFound, GAPI.permissionNotFound,
|
||||||
GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
||||||
GAPI.fileNeverWritable, GAPI.badRequest, GAPI.cannotRemoveOwner, GAPI.cannotModifyInheritedTeamDrivePermission,
|
GAPI.fileNeverWritable, GAPI.badRequest, GAPI.cannotRemoveOwner,
|
||||||
|
GAPI.cannotModifyInheritedTeamDrivePermission, GAPI.cannotModifyInheritedPermission,
|
||||||
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded) as e:
|
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded) as e:
|
||||||
entityActionFailedWarning(kvList, str(e), k, kcount)
|
entityActionFailedWarning(kvList, str(e), k, kcount)
|
||||||
except (GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
|
except (GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
|
||||||
@@ -60561,7 +60587,8 @@ def _updateMoveFilePermissions(drive, user, i, count,
|
|||||||
entityActionPerformed(kvList, k, kcount)
|
entityActionPerformed(kvList, k, kcount)
|
||||||
except (GAPI.notFound, GAPI.permissionNotFound,
|
except (GAPI.notFound, GAPI.permissionNotFound,
|
||||||
GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
||||||
GAPI.fileNeverWritable, GAPI.badRequest, GAPI.cannotRemoveOwner, GAPI.cannotModifyInheritedTeamDrivePermission,
|
GAPI.fileNeverWritable, GAPI.badRequest, GAPI.cannotRemoveOwner,
|
||||||
|
GAPI.cannotModifyInheritedTeamDrivePermission, GAPI.cannotModifyInheritedPermission,
|
||||||
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded, GAPI.cannotDeletePermission) as e:
|
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded, GAPI.cannotDeletePermission) as e:
|
||||||
entityActionFailedWarning(kvList, str(e), k, kcount)
|
entityActionFailedWarning(kvList, str(e), k, kcount)
|
||||||
except (GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
|
except (GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
|
||||||
@@ -63984,7 +64011,8 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
GAPI.targetUserRoleLimitedByLicenseRestriction, GAPI.insufficientAdministratorPrivileges,
|
GAPI.targetUserRoleLimitedByLicenseRestriction, GAPI.insufficientAdministratorPrivileges,
|
||||||
GAPI.publishOutNotPermitted, GAPI.shareInNotPermitted, GAPI.shareOutNotPermitted, GAPI.shareOutNotPermittedToUser,
|
GAPI.publishOutNotPermitted, GAPI.shareInNotPermitted, GAPI.shareOutNotPermitted, GAPI.shareOutNotPermittedToUser,
|
||||||
GAPI.organizerOnNonTeamDriveItemNotSupported, GAPI.fileOrganizerOnNonTeamDriveNotSupported,
|
GAPI.organizerOnNonTeamDriveItemNotSupported, GAPI.fileOrganizerOnNonTeamDriveNotSupported,
|
||||||
GAPI.cannotUpdatePermission, GAPI.cannotModifyInheritedTeamDrivePermission, GAPI.fieldNotWritable) as e:
|
GAPI.cannotUpdatePermission, GAPI.cannotModifyInheritedTeamDrivePermission, GAPI.cannotModifyInheritedPermission,
|
||||||
|
GAPI.fieldNotWritable) as e:
|
||||||
entityActionFailedWarning([Ent.USER, user, entityType, fileName], str(e), j, jcount)
|
entityActionFailedWarning([Ent.USER, user, entityType, fileName], str(e), j, jcount)
|
||||||
except (GAPI.notFound, GAPI.teamDriveDomainUsersOnlyRestriction, GAPI.teamDriveTeamMembersOnlyRestriction,
|
except (GAPI.notFound, GAPI.teamDriveDomainUsersOnlyRestriction, GAPI.teamDriveTeamMembersOnlyRestriction,
|
||||||
GAPI.cannotShareTeamDriveTopFolderWithAnyoneOrDomains, GAPI.ownerOnTeamDriveItemNotSupported,
|
GAPI.cannotShareTeamDriveTopFolderWithAnyoneOrDomains, GAPI.ownerOnTeamDriveItemNotSupported,
|
||||||
@@ -64257,7 +64285,8 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
|
|||||||
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
|
||||||
_updateSheetProtectedRangesACLchange(sheet, user, i, count, j, jcount, fileId, fileName, False, permission)
|
_updateSheetProtectedRangesACLchange(sheet, user, i, count, j, jcount, fileId, fileName, False, permission)
|
||||||
except (GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
except (GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
||||||
GAPI.fileNeverWritable, GAPI.badRequest, GAPI.cannotRemoveOwner, GAPI.cannotModifyInheritedTeamDrivePermission,
|
GAPI.fileNeverWritable, GAPI.badRequest, GAPI.cannotRemoveOwner,
|
||||||
|
GAPI.cannotModifyInheritedTeamDrivePermission, GAPI.cannotModifyInheritedPermission,
|
||||||
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded, GAPI.cannotDeletePermission) as e:
|
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded, GAPI.cannotDeletePermission) as e:
|
||||||
entityActionFailedWarning([Ent.USER, user, entityType, fileName], str(e), j, jcount)
|
entityActionFailedWarning([Ent.USER, user, entityType, fileName], str(e), j, jcount)
|
||||||
except GAPI.notFound as e:
|
except GAPI.notFound as e:
|
||||||
@@ -64313,7 +64342,8 @@ def deletePermissions(users, useDomainAdminAccess=False):
|
|||||||
fileId=ri[RI_ENTITY], permissionId=ri[RI_ITEM], supportsAllDrives=True)
|
fileId=ri[RI_ENTITY], permissionId=ri[RI_ITEM], supportsAllDrives=True)
|
||||||
entityActionPerformed([Ent.DRIVE_FILE_OR_FOLDER_ID, ri[RI_ENTITY], Ent.PERMISSION_ID, ri[RI_ITEM]], int(ri[RI_J]), int(ri[RI_JCOUNT]))
|
entityActionPerformed([Ent.DRIVE_FILE_OR_FOLDER_ID, ri[RI_ENTITY], Ent.PERMISSION_ID, ri[RI_ITEM]], int(ri[RI_J]), int(ri[RI_JCOUNT]))
|
||||||
except (GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
except (GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
|
||||||
GAPI.badRequest, GAPI.cannotRemoveOwner, GAPI.cannotModifyInheritedTeamDrivePermission,
|
GAPI.badRequest, GAPI.cannotRemoveOwner,
|
||||||
|
GAPI.cannotModifyInheritedTeamDrivePermission, GAPI.cannotModifyInheritedPermission,
|
||||||
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded, GAPI.permissionNotFound, GAPI.cannotDeletePermission,
|
GAPI.insufficientAdministratorPrivileges, GAPI.sharingRateLimitExceeded, GAPI.permissionNotFound, GAPI.cannotDeletePermission,
|
||||||
GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
|
GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
|
||||||
entityActionFailedWarning([Ent.DRIVE_FILE_OR_FOLDER_ID, ri[RI_ENTITY], Ent.PERMISSION_ID, ri[RI_ITEM]], str(e), int(ri[RI_J]), int(ri[RI_JCOUNT]))
|
entityActionFailedWarning([Ent.DRIVE_FILE_OR_FOLDER_ID, ri[RI_ENTITY], Ent.PERMISSION_ID, ri[RI_ITEM]], str(e), int(ri[RI_J]), int(ri[RI_JCOUNT]))
|
||||||
|
|||||||
@@ -41,6 +41,7 @@ CANNOT_DELETE_PERMISSION = 'cannotDeletePermission'
|
|||||||
CANNOT_DELETE_PRIMARY_CALENDAR = 'cannotDeletePrimaryCalendar'
|
CANNOT_DELETE_PRIMARY_CALENDAR = 'cannotDeletePrimaryCalendar'
|
||||||
CANNOT_DELETE_PRIMARY_SENDAS = 'cannotDeletePrimarySendAs'
|
CANNOT_DELETE_PRIMARY_SENDAS = 'cannotDeletePrimarySendAs'
|
||||||
CANNOT_DELETE_RESOURCE_WITH_CHILDREN = 'cannotDeleteResourceWithChildren'
|
CANNOT_DELETE_RESOURCE_WITH_CHILDREN = 'cannotDeleteResourceWithChildren'
|
||||||
|
CANNOT_MODIFY_INHERITED_PERMISSION = 'cannotModifyInheritedPermission'
|
||||||
CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION = 'cannotModifyInheritedTeamDrivePermission'
|
CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION = 'cannotModifyInheritedTeamDrivePermission'
|
||||||
CANNOT_MODIFY_RESTRICTED_LABEL = 'cannotModifyRestrictedLabel'
|
CANNOT_MODIFY_RESTRICTED_LABEL = 'cannotModifyRestrictedLabel'
|
||||||
CANNOT_MODIFY_VIEWERS_CAN_COPY_CONTENT = 'cannotModifyViewersCanCopyContent'
|
CANNOT_MODIFY_VIEWERS_CAN_COPY_CONTENT = 'cannotModifyViewersCanCopyContent'
|
||||||
@@ -248,10 +249,10 @@ DRIVE3_UPDATE_ACL_THROW_REASONS = [BAD_REQUEST, INVALID_OWNERSHIP_TRANSFER, CANN
|
|||||||
FILE_ORGANIZER_ON_FOLDERS_IN_SHARED_DRIVE_ONLY,
|
FILE_ORGANIZER_ON_FOLDERS_IN_SHARED_DRIVE_ONLY,
|
||||||
FILE_ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED,
|
FILE_ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED,
|
||||||
CANNOT_UPDATE_PERMISSION,
|
CANNOT_UPDATE_PERMISSION,
|
||||||
CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION,
|
CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION, CANNOT_MODIFY_INHERITED_PERMISSION,
|
||||||
FIELD_NOT_WRITABLE, PERMISSION_NOT_FOUND]
|
FIELD_NOT_WRITABLE, PERMISSION_NOT_FOUND]
|
||||||
DRIVE3_DELETE_ACL_THROW_REASONS = [BAD_REQUEST, CANNOT_REMOVE_OWNER,
|
DRIVE3_DELETE_ACL_THROW_REASONS = [BAD_REQUEST, CANNOT_REMOVE_OWNER,
|
||||||
CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION,
|
CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION, CANNOT_MODIFY_INHERITED_PERMISSION,
|
||||||
INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, SHARING_RATE_LIMIT_EXCEEDED,
|
INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, SHARING_RATE_LIMIT_EXCEEDED,
|
||||||
NOT_FOUND, PERMISSION_NOT_FOUND, CANNOT_DELETE_PERMISSION]
|
NOT_FOUND, PERMISSION_NOT_FOUND, CANNOT_DELETE_PERMISSION]
|
||||||
DRIVE3_MODIFY_LABEL_THROW_REASONS = DRIVE_USER_THROW_REASONS+[FILE_NOT_FOUND, NOT_FOUND, FORBIDDEN, INTERNAL_ERROR,
|
DRIVE3_MODIFY_LABEL_THROW_REASONS = DRIVE_USER_THROW_REASONS+[FILE_NOT_FOUND, NOT_FOUND, FORBIDDEN, INTERNAL_ERROR,
|
||||||
@@ -398,6 +399,8 @@ class cannotDeletePrimarySendAs(Exception):
|
|||||||
pass
|
pass
|
||||||
class cannotDeleteResourceWithChildren(Exception):
|
class cannotDeleteResourceWithChildren(Exception):
|
||||||
pass
|
pass
|
||||||
|
class cannotModifyInheritedPermission(Exception):
|
||||||
|
pass
|
||||||
class cannotModifyInheritedTeamDrivePermission(Exception):
|
class cannotModifyInheritedTeamDrivePermission(Exception):
|
||||||
pass
|
pass
|
||||||
class cannotModifyRestrictedLabel(Exception):
|
class cannotModifyRestrictedLabel(Exception):
|
||||||
@@ -698,6 +701,7 @@ REASON_EXCEPTION_MAP = {
|
|||||||
CANNOT_DELETE_PRIMARY_CALENDAR: cannotDeletePrimaryCalendar,
|
CANNOT_DELETE_PRIMARY_CALENDAR: cannotDeletePrimaryCalendar,
|
||||||
CANNOT_DELETE_PRIMARY_SENDAS: cannotDeletePrimarySendAs,
|
CANNOT_DELETE_PRIMARY_SENDAS: cannotDeletePrimarySendAs,
|
||||||
CANNOT_DELETE_RESOURCE_WITH_CHILDREN: cannotDeleteResourceWithChildren,
|
CANNOT_DELETE_RESOURCE_WITH_CHILDREN: cannotDeleteResourceWithChildren,
|
||||||
|
CANNOT_MODIFY_INHERITED_PERMISSION: cannotModifyInheritedPermission,
|
||||||
CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION: cannotModifyInheritedTeamDrivePermission,
|
CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION: cannotModifyInheritedTeamDrivePermission,
|
||||||
CANNOT_MODIFY_RESTRICTED_LABEL: cannotModifyRestrictedLabel,
|
CANNOT_MODIFY_RESTRICTED_LABEL: cannotModifyRestrictedLabel,
|
||||||
CANNOT_MODIFY_VIEWERS_CAN_COPY_CONTENT: cannotModifyViewersCanCopyContent,
|
CANNOT_MODIFY_VIEWERS_CAN_COPY_CONTENT: cannotModifyViewersCanCopyContent,
|
||||||
|
|||||||
@@ -10,6 +10,19 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
|
|||||||
|
|
||||||
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
|
||||||
|
|
||||||
|
### 7.10.05
|
||||||
|
|
||||||
|
Google renamed an error: cannotModifyInheritedTeamDrivePermission became cannotModifyInheritedPermission.
|
||||||
|
GAM will now handle the new error.
|
||||||
|
|
||||||
|
### 7.10.04
|
||||||
|
|
||||||
|
Updated `gam report <ActivityApplicationName>` to accept accept application names as defined
|
||||||
|
in the Reports API discovery document; this means that GAM does not have to be updated when
|
||||||
|
Google defines a new application name.
|
||||||
|
|
||||||
|
`gemini_in_workspace_apps` is now available in `gam report`.
|
||||||
|
|
||||||
### 7.10.03
|
### 7.10.03
|
||||||
|
|
||||||
Fixed bug in commands that modify messages where the `labelids <LabelIdList>` option
|
Fixed bug in commands that modify messages where the `labelids <LabelIdList>` option
|
||||||
|
|||||||
@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
|
|||||||
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
|
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
|
||||||
admin@server:/Users/admin$ gam version
|
admin@server:/Users/admin$ gam version
|
||||||
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
|
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
|
||||||
GAM 7.10.03 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.10.05 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.5 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
@@ -989,7 +989,7 @@ writes the credentials into the file oauth2.txt.
|
|||||||
C:\>del C:\GAMConfig\oauth2.txt
|
C:\>del C:\GAMConfig\oauth2.txt
|
||||||
C:\>gam version
|
C:\>gam version
|
||||||
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
|
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
|
||||||
GAM 7.10.03 - https://github.com/GAM-team/GAM - pythonsource
|
GAM 7.10.05 - https://github.com/GAM-team/GAM - pythonsource
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.5 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
Windows-10-10.0.17134 AMD64
|
Windows-10-10.0.17134 AMD64
|
||||||
|
|||||||
@@ -39,20 +39,18 @@ config csv_output_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
|
|||||||
## Activity reports
|
## Activity reports
|
||||||
```
|
```
|
||||||
<ActivityApplicationName> ::=
|
<ActivityApplicationName> ::=
|
||||||
access|accesstransparency|
|
accesstransparency|access|
|
||||||
admin|
|
admin|
|
||||||
calendar|calendars|
|
calendar|calendars|
|
||||||
chat|
|
chat|
|
||||||
chrome|
|
chrome|
|
||||||
classroom|
|
classroom|
|
||||||
contextawareaccess|
|
contextawareaccess|
|
||||||
currents|gplus|google+|
|
gplus|currents|google+|
|
||||||
datastudio|
|
datastudio|
|
||||||
devices|mobile|
|
|
||||||
domain|
|
|
||||||
drive|doc|docs|
|
drive|doc|docs|
|
||||||
gcp|cloud|
|
gcp|cloud|
|
||||||
gemini|geminiforworkspace|
|
geminiinworkspaceapps|gemini|geminiforworkspace|
|
||||||
groups|group|
|
groups|group|
|
||||||
groupsenterprise|enterprisegroups|
|
groupsenterprise|enterprisegroups|
|
||||||
jamboard|
|
jamboard|
|
||||||
|
|||||||
@@ -1,19 +1,12 @@
|
|||||||
# Using GAM7 with a delegated admin service account
|
# Using GAM7 with a delegated admin service account
|
||||||
- [Thanks](#thanks)
|
|
||||||
- [Introduction](#introduction)
|
- [Introduction](#introduction)
|
||||||
- [Advantages](#advantages)
|
- [Advantages](#advantages)
|
||||||
- [Disadvantages](#disadvantages)
|
- [Disadvantages](#disadvantages)
|
||||||
- [Setup Steps](#setup-steps)
|
- [Setup Steps](#setup-steps)
|
||||||
|
|
||||||
## Thanks
|
|
||||||
|
|
||||||
Thanks to Jay Lee for the original version of this document.
|
|
||||||
|
|
||||||
## Introduction
|
## Introduction
|
||||||
Delegated admin service accounts (DASA) are regular [GCP service accounts](https://cloud.google.com/iam/docs/service-accounts#what_are_service_accounts) that are granted a Workspace [delegated admin role](https://support.google.com/a/answer/33325). Service accounts have an email address like `gam-project-xuw-sp1-c4b@gam-project-xuw-sp1-c4b.iam.gserviceaccount.com` and are not part of a Workspace or Cloud Identity domain even if they are owned by a project in the domain’s organization. Service accounts cannot login to Google web services interactively, they are only able to call Google APIs.
|
Delegated admin service accounts (DASA) are regular [GCP service accounts](https://cloud.google.com/iam/docs/service-accounts#what_are_service_accounts) that are granted a Workspace [delegated admin role](https://support.google.com/a/answer/33325). Service accounts have an email address like `gam-project-xuw-sp1-c4b@gam-project-xuw-sp1-c4b.iam.gserviceaccount.com` and are not part of a Workspace or Cloud Identity domain even if they are owned by a project in the domain’s organization. Service accounts cannot login to Google web services interactively, they are only able to call Google APIs.
|
||||||
|
|
||||||
GAM7 version 6.50.00 or higher is required.
|
|
||||||
|
|
||||||
## Advantages
|
## Advantages
|
||||||
* DASA accounts don’t require a Workspace or Cloud Identity license.
|
* DASA accounts don’t require a Workspace or Cloud Identity license.
|
||||||
* DASA accounts don’t have a password login that can be phished or captured, they use [RSA private keys](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) to sign authentication requests which makes them very secure. You should however [rotate the key](https://jaylee.us/qwm) on a regular basis and keep it safe and secured!
|
* DASA accounts don’t have a password login that can be phished or captured, they use [RSA private keys](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) to sign authentication requests which makes them very secure. You should however [rotate the key](https://jaylee.us/qwm) on a regular basis and keep it safe and secured!
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
Print the current version of Gam with details
|
Print the current version of Gam with details
|
||||||
```
|
```
|
||||||
gam version
|
gam version
|
||||||
GAM 7.10.03 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.10.05 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.5 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
@@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00
|
|||||||
Print the current version of Gam with details and time offset information
|
Print the current version of Gam with details and time offset information
|
||||||
```
|
```
|
||||||
gam version timeoffset
|
gam version timeoffset
|
||||||
GAM 7.10.03 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.10.05 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.5 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
|
|||||||
Print the current version of Gam with extended details and SSL information
|
Print the current version of Gam with extended details and SSL information
|
||||||
```
|
```
|
||||||
gam version extended
|
gam version extended
|
||||||
GAM 7.10.03 - https://github.com/GAM-team/GAM - pyinstaller
|
GAM 7.10.05 - https://github.com/GAM-team/GAM - pyinstaller
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.5 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
|
|||||||
Path: /Users/Admin/bin/gam7
|
Path: /Users/Admin/bin/gam7
|
||||||
Version Check:
|
Version Check:
|
||||||
Current: 5.35.08
|
Current: 5.35.08
|
||||||
Latest: 7.10.03
|
Latest: 7.10.05
|
||||||
echo $?
|
echo $?
|
||||||
1
|
1
|
||||||
```
|
```
|
||||||
@@ -72,7 +72,7 @@ echo $?
|
|||||||
Print the current version number without details
|
Print the current version number without details
|
||||||
```
|
```
|
||||||
gam version simple
|
gam version simple
|
||||||
7.10.03
|
7.10.05
|
||||||
```
|
```
|
||||||
In Linux/MacOS you can do:
|
In Linux/MacOS you can do:
|
||||||
```
|
```
|
||||||
@@ -82,7 +82,7 @@ echo $VER
|
|||||||
Print the current version of Gam and address of this Wiki
|
Print the current version of Gam and address of this Wiki
|
||||||
```
|
```
|
||||||
gam help
|
gam help
|
||||||
GAM 7.10.03 - https://github.com/GAM-team/GAM
|
GAM 7.10.05 - https://github.com/GAM-team/GAM
|
||||||
GAM Team <google-apps-manager@googlegroups.com>
|
GAM Team <google-apps-manager@googlegroups.com>
|
||||||
Python 3.13.5 64-bit final
|
Python 3.13.5 64-bit final
|
||||||
MacOS Sequoia 15.5 x86_64
|
MacOS Sequoia 15.5 x86_64
|
||||||
|
|||||||
Reference in New Issue
Block a user