def _get_customerid(): ''' returns customerId with format C{customer_id}''' gapi_directory_customer.setTrueCustomerId() customer_id = GC_Values[GC_CUSTOMER_ID] if customer_id[0] != 'C': customer_id = 'C' + customer_id return customer_id
def create(): ci = gapi_cloudidentity.build('cloudidentity_beta') initialGroupConfig = 'EMPTY' gapi_directory_customer.setTrueCustomerId() parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}' body = { 'groupKey': { 'id': gam.normalizeEmailAddressOrUID(sys.argv[3], noUid=True) }, 'parent': parent, 'labels': { 'cloudidentity.googleapis.com/groups.discussion_forum': '' }, } i = 4 while i < len(sys.argv): myarg = sys.argv[i].lower().replace('_', '') if myarg == 'name': body['displayName'] = sys.argv[i + 1] i += 2 elif myarg == 'description': body['description'] = sys.argv[i + 1] i += 2 elif myarg in ['alias', 'aliases']: # As of 2020/06/25 this doesn't work (yet?) aliases = sys.argv[i + 1].split(' ') body['additionalGroupKeys'] = [] for alias in aliases: body['additionalGroupKeys'].append({'id': alias}) i += 2 elif myarg in ['dynamic']: # As of 2020/06/25 this doesn't work (yet?) body['dynamicGroupMetadata'] = { 'queries': [{ 'query': sys.argv[i + 1], 'resourceType': 'USER' }] } i += 2 elif myarg in ['makeowner']: initialGroupConfig = 'WITH_INITIAL_OWNER' i += 1 else: print('should not get here') sys.exit(5) print(f'Creating group {body["groupKey"]["id"]}') gapi.call(ci.groups(), 'create', initialGroupConfig=initialGroupConfig, body=body)
def info_state(): ci = gapi_cloudidentity.build_dwd() gapi_directory_customer.setTrueCustomerId() customer = _get_device_customerid() customer_id = customer[10:] client_id = f'{customer_id}-gam' i, deviceuser = _get_deviceuser_name() while i < len(sys.argv): myarg = sys.argv[i].lower().replace('_', '') if myarg == 'clientid': client_id = f'{customer_id}-{sys.argv[i+1]}' i += 2 else: controlflow.invalid_argument_exit(sys.argv[i], 'gam info deviceuserstate') name = f'{deviceuser}/clientStates/{client_id}' result = gapi.call(ci.devices().deviceUsers().clientStates(), 'get', name=name, customer=customer) display.print_json(result)
def _get_groups_list(ci=None, member=None, parent=None): if not ci: ci = gapi_cloudidentity.build() if not parent: gapi_directory_customer.setTrueCustomerId() parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}' gam.printGettingAllItems('Groups', member) page_message = gapi.got_total_items_first_last_msg('Groups') if member: fields = 'nextPageToken,memberships(groupKey(id),relationType)' try: groups_to_get = gapi.get_all_pages( ci.groups().memberships(), 'searchTransitiveGroups', 'memberships', throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O], message_attribute=['groupKey', 'id'], page_message=page_message, parent='groups/-', query=member, pageSize=1000, fields=fields) except googleapiclient.errors.HttpError: controlflow.system_error_exit( 2, 'enterprisemember requires Enterprise license') return [ group['groupKey']['id'] for group in groups_to_get if group['relationType'] == 'DIRECT' ] else: groups_to_get = gapi.get_all_pages( ci.groups(), 'list', 'groups', message_attribute=['groupKey', 'id'], page_message=page_message, parent=parent, view='BASIC', pageSize=1000, fields='nextPageToken,groups(groupKey(id))') return [group['groupKey']['id'] for group in groups_to_get]
def print_members(): ci = gapi_cloudidentity.build() todrive = False gapi_directory_customer.setTrueCustomerId() parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}' roles = [] titles = ['group'] csvRows = [] groups_to_get = [] i = 3 while i < len(sys.argv): myarg = sys.argv[i].lower().replace('_', '') if myarg == 'todrive': todrive = True i += 1 elif myarg in ['role', 'roles']: for role in sys.argv[i + 1].lower().replace(',', ' ').split(): if role in GROUP_ROLES_MAP: roles.append(GROUP_ROLES_MAP[role]) else: controlflow.system_error_exit( 2, f'{role} is not a valid role for "gam print group-members {myarg}"' ) i += 2 elif myarg in ['cigroup', 'cigroups']: group_email = gam.normalizeEmailAddressOrUID(sys.argv[i + 1]) groups_to_get = [group_email] i += 2 else: controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroup-members') if not groups_to_get: gam.printGettingAllItems('Groups', None) page_message = gapi.got_total_items_first_last_msg('Groups') groups_to_get = gapi.get_all_pages( ci.groups(), 'list', 'groups', message_attribute=['groupKey', 'id'], page_message=page_message, parent=parent, view='BASIC', pageSize=1000, fields='nextPageToken,groups(groupKey(id))') groups_to_get = [group['groupKey']['id'] for group in groups_to_get] i = 0 count = len(groups_to_get) for group_email in groups_to_get: i += 1 sys.stderr.write( f'Getting members for {group_email}{gam.currentCountNL(i, count)}') group_id = group_email_to_id(ci, group_email) print(f'Getting members of cigroup {group_email}...') page_message = f' {gapi.got_total_items_first_last_msg("Members")}' group_members = gapi.get_all_pages( ci.groups().memberships(), 'list', 'memberships', soft_errors=True, parent=group_id, view='FULL', pageSize=500, page_message=page_message, message_attribute=['memberKey', 'id']) #fields='nextPageToken,memberships(memberKey,roles,createTime,updateTime)') if roles: group_members = filter_members_to_roles(group_members, roles) for member in group_members: # reduce role to a single value member['role'] = get_single_role(member.pop('roles')) member = utils.flatten_json(member) for title in member: if title not in titles: titles.append(title) member['group'] = group_email csvRows.append(member) display.write_csv_file(csvRows, titles, 'Group Members', todrive)
def print_(): ci = gapi_cloudidentity.build() i = 3 members = membersCountOnly = managers = managersCountOnly = owners = ownersCountOnly = False gapi_directory_customer.setTrueCustomerId() parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}' aliasDelimiter = ' ' memberDelimiter = '\n' todrive = False titles = [] csvRows = [] roles = [] sortHeaders = False while i < len(sys.argv): myarg = sys.argv[i].lower() if myarg == 'todrive': todrive = True i += 1 elif myarg == 'delimiter': aliasDelimiter = memberDelimiter = sys.argv[i + 1] i += 2 elif myarg == 'sortheaders': sortHeaders = True i += 1 elif myarg in ['members', 'memberscount']: roles.append(ROLE_MEMBER) members = True if myarg == 'memberscount': membersCountOnly = True i += 1 elif myarg in ['owners', 'ownerscount']: roles.append(ROLE_OWNER) owners = True if myarg == 'ownerscount': ownersCountOnly = True i += 1 elif myarg in ['managers', 'managerscount']: roles.append(ROLE_MANAGER) managers = True if myarg == 'managerscount': managersCountOnly = True i += 1 else: controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroups') if roles: if members: display.add_titles_to_csv_file([ 'MembersCount', ], titles) if not membersCountOnly: display.add_titles_to_csv_file([ 'Members', ], titles) if managers: display.add_titles_to_csv_file([ 'ManagersCount', ], titles) if not managersCountOnly: display.add_titles_to_csv_file([ 'Managers', ], titles) if owners: display.add_titles_to_csv_file([ 'OwnersCount', ], titles) if not ownersCountOnly: display.add_titles_to_csv_file([ 'Owners', ], titles) gam.printGettingAllItems('Groups', None) page_message = gapi.got_total_items_first_last_msg('Groups') entityList = gapi.get_all_pages(ci.groups(), 'list', 'groups', page_message=page_message, message_attribute=['groupKey', 'id'], parent=parent, srcview='FULL', pageSize=500) i = 0 count = len(entityList) for groupEntity in entityList: i += 1 groupEmail = groupEntity['groupKey']['id'] group = utils.flatten_json(groupEntity) for a_key in group: if a_key not in titles: titles.append(a_key) groupKey_id = groupEntity['name'] if roles: sys.stderr.write( f' Getting {roles} for {groupEmail}{gam.currentCountNL(i, count)}' ) page_message = gapi.got_total_items_first_last_msg('Members') validRoles, listRoles, listFields = gam._getRoleVerification( roles, 'nextPageToken,members(email,id,role)') groupMembers = gapi.get_all_pages(ci.groups().memberships(), 'list', 'memberships', page_message=page_message, message_attribute='email', soft_errors=True, groupKey_id=groupKey_id, view='BASIC') if members: membersList = [] membersCount = 0 if managers: managersList = [] managersCount = 0 if owners: ownersList = [] ownersCount = 0 for member in groupMembers: member_email = member['memberKey']['id'] role = get_single_role(member.get('roles')) if not validRoles or role in validRoles: if role == ROLE_MEMBER: if members: membersCount += 1 if not membersCountOnly: membersList.append(member_email) elif role == ROLE_MANAGER: if managers: managersCount += 1 if not managersCountOnly: managersList.append(member_email) elif role == ROLE_OWNER: if owners: ownersCount += 1 if not ownersCountOnly: ownersList.append(member_email) elif members: membersCount += 1 if not membersCountOnly: membersList.append(member_email) if members: group['MembersCount'] = membersCount if not membersCountOnly: group['Members'] = memberDelimiter.join(membersList) if managers: group['ManagersCount'] = managersCount if not managersCountOnly: group['Managers'] = memberDelimiter.join(managersList) if owners: group['OwnersCount'] = ownersCount if not ownersCountOnly: group['Owners'] = memberDelimiter.join(ownersList) csvRows.append(group) if sortHeaders: display.sort_csv_titles([ 'Email', ], titles) display.write_csv_file(csvRows, titles, 'Groups', todrive)
def print_members(): ci = gapi_cloudidentity.build('cloudidentity_beta') todrive = False gapi_directory_customer.setTrueCustomerId() parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}' usemember = None roles = [] titles = ['group'] csvRows = [] groups_to_get = [] i = 3 while i < len(sys.argv): myarg = sys.argv[i].lower().replace('_', '') if myarg == 'todrive': todrive = True i += 1 elif myarg in ['role', 'roles']: for role in sys.argv[i + 1].lower().replace(',', ' ').split(): if role in GROUP_ROLES_MAP: roles.append(GROUP_ROLES_MAP[role]) else: controlflow.system_error_exit( 2, f'{role} is not a valid role for "gam print group-members {myarg}"' ) i += 2 elif myarg == 'enterprisemember': member = gam.convertUIDtoEmailAddress( sys.argv[i + 1], email_types=['user', 'group']) usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels" i += 2 elif myarg in ['cigroup', 'cigroups']: group_email = gam.normalizeEmailAddressOrUID(sys.argv[i + 1]) groups_to_get = [group_email] i += 2 else: controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroup-members') if not groups_to_get: gam.printGettingAllItems('Groups', usemember) page_message = gapi.got_total_items_first_last_msg('Groups') if usemember: try: groups_to_get = gapi.get_all_pages( ci.groups().memberships(), 'searchTransitiveGroups', 'memberships', throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O], message_attribute=['groupKey', 'id'], page_message=page_message, parent='groups/-', query=usemember, pageSize=1000, fields= 'nextPageToken,memberships(groupKey(id),relationType)') except googleapiclient.errors.HttpError: controlflow.system_error_exit( 2, f'enterprisemember requires Enterprise license') groups_to_get = [ group['groupKey']['id'] for group in groups_to_get if group['relationType'] == 'DIRECT' ] else: groups_to_get = gapi.get_all_pages( ci.groups(), 'list', 'groups', message_attribute=['groupKey', 'id'], page_message=page_message, parent=parent, view='BASIC', pageSize=1000, fields='nextPageToken,groups(groupKey(id))') groups_to_get = [ group['groupKey']['id'] for group in groups_to_get ] i = 0 count = len(groups_to_get) for group_email in groups_to_get: i += 1 sys.stderr.write( f'Getting members for {group_email}{gam.currentCountNL(i, count)}') group_id = group_email_to_id(ci, group_email) print(f'Getting members of cigroup {group_email}...') page_message = f' {gapi.got_total_items_first_last_msg("Members")}' group_members = gapi.get_all_pages( ci.groups().memberships(), 'list', 'memberships', soft_errors=True, parent=group_id, view='FULL', pageSize=500, page_message=page_message, message_attribute=['memberKey', 'id']) #fields='nextPageToken,memberships(memberKey,roles,createTime,updateTime)') if roles: group_members = filter_members_to_roles(group_members, roles) for member in group_members: # reduce role to a single value member['role'] = get_single_role(member.pop('roles')) member = utils.flatten_json(member) for title in member: if title not in titles: titles.append(title) member['group'] = group_email csvRows.append(member) display.write_csv_file(csvRows, titles, 'Group Members', todrive)
def print_(): ci = gapi_cloudidentity.build('cloudidentity_beta') i = 3 members = membersCountOnly = managers = managersCountOnly = owners = ownersCountOnly = False gapi_directory_customer.setTrueCustomerId() parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}' usemember = None memberDelimiter = '\n' todrive = False titles = [] csvRows = [] roles = [] sortHeaders = False while i < len(sys.argv): myarg = sys.argv[i].lower() if myarg == 'todrive': todrive = True i += 1 elif myarg == 'enterprisemember': member = gam.convertUIDtoEmailAddress( sys.argv[i + 1], email_types=['user', 'group']) usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels" i += 2 elif myarg == 'delimiter': memberDelimiter = sys.argv[i + 1] i += 2 elif myarg == 'sortheaders': sortHeaders = True i += 1 elif myarg in ['members', 'memberscount']: roles.append(ROLE_MEMBER) members = True if myarg == 'memberscount': membersCountOnly = True i += 1 elif myarg in ['owners', 'ownerscount']: roles.append(ROLE_OWNER) owners = True if myarg == 'ownerscount': ownersCountOnly = True i += 1 elif myarg in ['managers', 'managerscount']: roles.append(ROLE_MANAGER) managers = True if myarg == 'managerscount': managersCountOnly = True i += 1 else: controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroups') if roles: if members: display.add_titles_to_csv_file([ 'MembersCount', ], titles) if not membersCountOnly: display.add_titles_to_csv_file([ 'Members', ], titles) if managers: display.add_titles_to_csv_file([ 'ManagersCount', ], titles) if not managersCountOnly: display.add_titles_to_csv_file([ 'Managers', ], titles) if owners: display.add_titles_to_csv_file([ 'OwnersCount', ], titles) if not ownersCountOnly: display.add_titles_to_csv_file([ 'Owners', ], titles) gam.printGettingAllItems('Groups', usemember) page_message = gapi.got_total_items_first_last_msg('Groups') if usemember: try: result = gapi.get_all_pages( ci.groups().memberships(), 'searchTransitiveGroups', 'memberships', throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O], page_message=page_message, message_attribute=['groupKey', 'id'], parent='groups/-', query=usemember, fields= 'nextPageToken,memberships(group,groupKey(id),relationType)', pageSize=1000) except googleapiclient.errors.HttpError: controlflow.system_error_exit( 2, f'enterprisemember requires Enterprise license') entityList = [] for entity in result: if entity['relationType'] == 'DIRECT': entityList.append( gapi.call(ci.groups(), 'get', name=entity['group'])) else: entityList = gapi.get_all_pages(ci.groups(), 'list', 'groups', page_message=page_message, message_attribute=['groupKey', 'id'], parent=parent, view='FULL', pageSize=500) i = 0 count = len(entityList) for groupEntity in entityList: i += 1 groupEmail = groupEntity['groupKey']['id'] for k, v in iter(groupEntity.pop('labels', {}).items()): if v == '': groupEntity[f'labels.{k}'] = True else: groupEntity[f'labels.{k}'] = v group = utils.flatten_json(groupEntity) for a_key in group: if a_key not in titles: titles.append(a_key) groupKey_id = groupEntity['name'] if roles: sys.stderr.write( f' Getting {roles} for {groupEmail}{gam.currentCountNL(i, count)}' ) page_message = gapi.got_total_items_first_last_msg('Members') validRoles, _, _ = gam._getRoleVerification( '.'.join(roles), 'nextPageToken,members(email,id,role)') groupMembers = gapi.get_all_pages( ci.groups().memberships(), 'list', 'memberships', page_message=page_message, message_attribute=['memberKey', 'id'], soft_errors=True, parent=groupKey_id, view='BASIC') if members: membersList = [] membersCount = 0 if managers: managersList = [] managersCount = 0 if owners: ownersList = [] ownersCount = 0 for member in groupMembers: member_email = member['memberKey']['id'] role = get_single_role(member.get('roles')) if not validRoles or role in validRoles: if role == ROLE_MEMBER: if members: membersCount += 1 if not membersCountOnly: membersList.append(member_email) elif role == ROLE_MANAGER: if managers: managersCount += 1 if not managersCountOnly: managersList.append(member_email) elif role == ROLE_OWNER: if owners: ownersCount += 1 if not ownersCountOnly: ownersList.append(member_email) elif members: membersCount += 1 if not membersCountOnly: membersList.append(member_email) if members: group['MembersCount'] = membersCount if not membersCountOnly: group['Members'] = memberDelimiter.join(membersList) if managers: group['ManagersCount'] = managersCount if not managersCountOnly: group['Managers'] = memberDelimiter.join(managersList) if owners: group['OwnersCount'] = ownersCount if not ownersCountOnly: group['Owners'] = memberDelimiter.join(ownersList) csvRows.append(group) if sortHeaders: display.sort_csv_titles(['name', 'groupKey.id'], titles) display.write_csv_file(csvRows, titles, 'Groups', todrive)
def update_state(): ci = gapi_cloudidentity.build_dwd() gapi_directory_customer.setTrueCustomerId() customer = _get_device_customerid() customer_id = customer[10:] client_id = f'{customer_id}-gam' body = {} i, deviceuser = _get_deviceuser_name() while i < len(sys.argv): myarg = sys.argv[i].lower().replace('_', '') if myarg == 'clientid': client_id = f'{customer_id}-{sys.argv[i+1]}' i += 2 elif myarg in ['assettag', 'assettags']: body['assetTags'] = gam.shlexSplitList(sys.argv[i + 1]) if body['assetTags'] == ['clear']: # TODO: this doesn't work to clear # existing values. Figure out why. body['assetTags'] = [None] i += 2 elif myarg in ['compliantstate', 'compliancestate']: comp_states = gapi.get_enum_values_minus_unspecified( ci._rootDesc['schemas'] ['GoogleAppsCloudidentityDevicesV1ClientState']['properties'] ['complianceState']['enum']) body['complianceState'] = sys.argv[i + 1].upper() if body['complianceState'] not in comp_states: controlflow.expected_argument_exit('compliant_state', ', '.join(comp_states), sys.argv[i + 1]) i += 2 elif myarg == 'customid': body['customId'] = sys.argv[i + 1] i += 2 elif myarg == 'healthscore': health_scores = gapi.get_enum_values_minus_unspecified( ci._rootDesc['schemas'] ['GoogleAppsCloudidentityDevicesV1ClientState']['properties'] ['healthScore']['enum']) body['healthScore'] = sys.argv[i + 1].upper() if body['healthScore'] == 'CLEAR': body['healthScore'] = None if body['healthScore'] and body['healthScore'] not in health_scores: controlflow.expected_argument_exit('health_score', ', '.join(health_scores), sys.argv[i + 1]) i += 2 elif myarg == 'customvalue': allowed_types = ['bool', 'number', 'string'] value_type = sys.argv[i + 1].lower() if value_type not in allowed_types: controlflow.expected_argument_exit('custom_value', ', '.join(allowed_types), sys.argv[i + 1]) key = sys.argv[i + 2] value = sys.argv[i + 3] if value_type == 'bool': value = gam.getBoolean(value, key) elif value_type == 'number': value = int(value) body.setdefault('keyValuePairs', {}) body['keyValuePairs'][key] = {f'{value_type}Value': value} i += 4 elif myarg in ['managedstate']: managed_states = gapi.get_enum_values_minus_unspecified( ci._rootDesc['schemas'] ['GoogleAppsCloudidentityDevicesV1ClientState']['properties'] ['managed']['enum']) body['managed'] = sys.argv[i + 1].upper() if body['managed'] == 'CLEAR': body['managed'] = None if body['managed'] and body['managed'] not in managed_states: controlflow.expected_argument_exit('managed_state', ', '.join(managed_states), sys.argv[i + 1]) i += 2 elif myarg in ['scorereason']: body['scoreReason'] = sys.argv[i + 1] if body['scoreReason'] == 'clear': body['scoreReason'] = None i += 2 else: controlflow.invalid_argument_exit(sys.argv[i], 'gam update deviceuserstate') name = f'{deviceuser}/clientStates/{client_id}' updateMask = ','.join(body.keys()) result = gapi.call(ci.devices().deviceUsers().clientStates(), 'patch', name=name, customer=customer, updateMask=updateMask, body=body) display.print_json(result)
def print_members(): ci = gapi_cloudidentity.build(CIGROUP_API_BETA) todrive = False gapi_directory_customer.setTrueCustomerId() parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}' usemember = None roles = [] titles = ['group'] csvRows = [] groups_to_get = [] i = 3 while i < len(sys.argv): myarg = sys.argv[i].lower().replace('_', '') if myarg == 'todrive': todrive = True i += 1 elif myarg in ['role', 'roles']: for role in sys.argv[i + 1].lower().replace(',', ' ').split(): if role in GROUP_ROLES_MAP: roles.append(GROUP_ROLES_MAP[role]) else: controlflow.system_error_exit( 2, f'{role} is not a valid role for "gam print group-members {myarg}"' ) i += 2 elif myarg == 'enterprisemember': member = gam.convertUIDtoEmailAddress( sys.argv[i + 1], email_types=['user', 'group']) usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels" i += 2 elif myarg in ['cigroup', 'cigroups']: group_email = gam.normalizeEmailAddressOrUID(sys.argv[i + 1]) groups_to_get = [group_email] i += 2 else: controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroup-members') if not groups_to_get: groups_to_get = _get_groups_list(ci, usemember, parent) i = 0 count = len(groups_to_get) for group_email in groups_to_get: i += 1 sys.stderr.write( f'Getting members for {group_email}{gam.currentCountNL(i, count)}') group_id = group_email_to_id(ci, group_email) print(f'Getting members of cigroup {group_email}...') page_message = f' {gapi.got_total_items_first_last_msg("Members")}' group_members = gapi.get_all_pages( ci.groups().memberships(), 'list', 'memberships', soft_errors=True, parent=group_id, view='FULL', pageSize=500, page_message=page_message, message_attribute=[CIGROUP_MEMBERKEY, 'id']) #fields=f'nextPageToken,memberships({CIGROUP_MEMBERKEY},roles,createTime,updateTime)') if roles: group_members = filter_members_to_roles(group_members, roles) for member in group_members: # reduce role to a single value member['role'] = get_single_role(member.pop('roles')) member = utils.flatten_json(member) for title in member: if title not in titles: titles.append(title) member['group'] = group_email csvRows.append(member) display.write_csv_file(csvRows, titles, 'Group Members', todrive)