gam7 7.18.4__py3-none-any.whl → 7.18.6__py3-none-any.whl

gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.18.04'
+__version__ = '7.18.06'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -3952,14 +3952,20 @@ def SetGlobalVariables():
     if checkArgumentPresent(Cmd.SELECT_CMD):
       sectionName = _selectSection()
       GM.Globals[GM.SECTION] = sectionName # Save section for inner gams
-      while Cmd.ArgumentsRemaining():
-        if checkArgumentPresent('save'):
-          GM.Globals[GM.PARSER].set(configparser.DEFAULTSECT, GC.SECTION, sectionName)
-          _writeGamCfgFile(GM.Globals[GM.PARSER], GM.Globals[GM.GAM_CFG_FILE], Act.SAVE)
-        elif checkArgumentPresent('verify'):
-          _verifyValues(sectionName, inputFilterSectionName, outputFilterSectionName)
-        else:
-          break
+# If command line is simply: gam select <SectionName>
+# assume save
+      if not Cmd.ArgumentsRemaining():
+        GM.Globals[GM.PARSER].set(configparser.DEFAULTSECT, GC.SECTION, sectionName)
+        _writeGamCfgFile(GM.Globals[GM.PARSER], GM.Globals[GM.GAM_CFG_FILE], Act.SAVE)
+      else:
+        while Cmd.ArgumentsRemaining():
+          if checkArgumentPresent('save'):
+            GM.Globals[GM.PARSER].set(configparser.DEFAULTSECT, GC.SECTION, sectionName)
+            _writeGamCfgFile(GM.Globals[GM.PARSER], GM.Globals[GM.GAM_CFG_FILE], Act.SAVE)
+          elif checkArgumentPresent('verify'):
+            _verifyValues(sectionName, inputFilterSectionName, outputFilterSectionName)
+          else:
+            break
   GM.Globals[GM.GAM_CFG_SECTION_NAME] = sectionName
 # showsections
   if checkArgumentPresent(Cmd.SHOWSECTIONS_CMD):
@@ -11482,13 +11488,14 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True)
   iam = getAPIService(API.IAM, httpObj)
   try:
     service_account = callGAPI(iam.projects().serviceAccounts(), 'create',
-                               throwReasons=[GAPI.NOT_FOUND, GAPI.PERMISSION_DENIED, GAPI.ALREADY_EXISTS],
+                               throwReasons=[GAPI.FAILED_PRECONDITION, GAPI.NOT_FOUND,
+                                             GAPI.PERMISSION_DENIED, GAPI.ALREADY_EXISTS],
                                name=f'projects/{projectInfo["projectId"]}',
                                body={'accountId': svcAcctInfo['name'],
                                      'serviceAccount': {'displayName': svcAcctInfo['displayName'],
                                                         'description': svcAcctInfo['description']}})
     entityActionPerformed([Ent.PROJECT, projectInfo['projectId'], Ent.SVCACCT, service_account['name'].rsplit('/', 1)[-1]])
-  except (GAPI.notFound, GAPI.permissionDenied) as e:
+  except (GAPI.failedPrecondition, GAPI.notFound, GAPI.permissionDenied) as e:
     entityActionFailedWarning([Ent.PROJECT, projectInfo['projectId']], str(e))
     return False
   except GAPI.alreadyExists as e:
@@ -44894,21 +44901,44 @@ def waitForMailbox(entityList):
     Ind.Decrement()
 
 def getUserLicenses(lic, user, skus):
-  def _callbackGetLicense(_, response, exception):
+  def _callbackGetLicense(request_id, response, exception):
     if exception is None:
       if response and 'skuId' in response:
         licenses.append(response['skuId'])
+        del sku_calls[request_id]
+    else:
+      _, reason, _ = checkGAPIError(exception, softErrors=True)
+      reasons_to_quit = [
+        GAPI.ACCESS_NOT_CONFIGURED, # license API not turned on
+        GAPI.PERMISSION_DENIED, # Admin doesn't have rights to license assignments
+        GAPI.NOT_FOUND # API call succeeded, user does not have this license
+      ]
+      if reason in reasons_to_quit:
+        del sku_calls[request_id]
 
   licenses = []
   svcargs = dict([('userId', user['primaryEmail']), ('productId', None), ('skuId', None), ('fields', 'skuId')]+GM.Globals[GM.EXTRA_ARGS_LIST])
   method = getattr(lic.licenseAssignments(), 'get')
   dbatch = lic.new_batch_http_request(callback=_callbackGetLicense)
+  sku_calls = {}
   for sku in skus:
     svcparms = svcargs.copy()
     svcparms['productId'] = sku[0]
-    svcparms['skuId'] = sku[1]
-    dbatch.add(method(**svcparms))
-  dbatch.execute()
+    sku_id = sku[1]
+    svcparms['skuId'] = sku_id
+    sku_calls[sku_id] = method(**svcparms)
+  try_count = 0
+  while sku_calls:
+    try_count += 1
+    dbatch = lic.new_batch_http_request(callback=_callbackGetLicense)
+    for sku_id, sku_call in sku_calls.items():
+      dbatch.add(sku_call, request_id=sku_id)
+    dbatch.execute()
+    if sku_calls:
+      if try_count >= 5:
+        # give up and return what we have
+        return licenses
+    time.sleep(5)
   return licenses
 
 USER_NAME_PROPERTY_PRINT_ORDER = [
@@ -46393,9 +46423,30 @@ def checkCIUserIsInvitable(users):
       return
   csvPF.writeCSVfile('Invitable Users')
 
+INBOUNDSSO_INPUT_MODE_CHOICE_MAP = {
+  'saml': 'saml',
+  'samlsso': 'saml',
+  'oidc': 'oidc',
+  'oidcsso': 'oidc',
+}
+
+INBOUNDSSO_OUTPUT_MODE_CHOICE_MAP = {
+  'all': 'all',
+  'saml': 'saml',
+  'samlsso': 'saml',
+  'oidc': 'oidc',
+  'oidcsso': 'oidc',
+}
+
+INBOUNDSSO_ALL_SAML = {'all', 'saml'}
+INBOUNDSSO_ALL_OIDC = {'all', 'oidc'}
+
 INBOUNDSSO_MODE_CHOICE_MAP = {
   'ssooff': 'SSO_OFF',
+  'saml': 'SAML_SSO',
   'samlsso': 'SAML_SSO',
+  'oidc': 'OIDC_SSO',
+  'oidcsso': 'OIDC_SSO',
   'domainwidesamlifenabled': 'DOMAIN_WIDE_SAML_IF_ENABLED'
   }
 
@@ -46405,29 +46456,49 @@ def getCIOrgunitID(cd, orgunit):
     ou_id = ou_id[3:]
   return f'orgUnits/{ou_id}'
 
-def _getInboundSSOProfiles(ci):
+def _getInboundSSOProfiles(ci, mode):
   customer = normalizeChannelCustomerID(GC.Values[GC.CUSTOMER_ID])
-  try:
-    return callGAPIpages(ci.inboundSamlSsoProfiles(), 'list', 'inboundSamlSsoProfiles',
-                         throwReasons=GAPI.CISSO_LIST_THROW_REASONS,
-                         retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                         bailOnInternalError=True,
-                         filter=f'customer=="{customer}"')
-  except (GAPI.notFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
-          GAPI.forbidden, GAPI.badRequest, GAPI.invalid,
-          GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
-    entityActionFailedWarning([Ent.INBOUND_SSO_PROFILE, customer], str(e))
-    return []
+  profiles = []
+  if mode in INBOUNDSSO_ALL_SAML:
+    try:
+      profiles.extend(callGAPIpages(ci.inboundSamlSsoProfiles(), 'list', 'inboundSamlSsoProfiles',
+                                    throwReasons=GAPI.CISSO_LIST_THROW_REASONS,
+                                    retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                                    bailOnInternalError=True,
+                                    filter=f'customer=="{customer}"'))
+    except (GAPI.notFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
+            GAPI.forbidden, GAPI.badRequest, GAPI.invalid,
+            GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
+      entityActionFailedWarning([Ent.INBOUND_SSO_PROFILE, customer], str(e))
+  if mode in INBOUNDSSO_ALL_OIDC:
+    try:
+      profiles.extend(callGAPIpages(ci.inboundOidcSsoProfiles(), 'list', 'inboundOidcSsoProfiles',
+                                    throwReasons=GAPI.CISSO_LIST_THROW_REASONS,
+                                    retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                                    bailOnInternalError=True,
+                                    filter=f'customer=="{customer}"'))
+    except (GAPI.notFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
+            GAPI.forbidden, GAPI.badRequest, GAPI.invalid,
+            GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
+      entityActionFailedWarning([Ent.INBOUND_SSO_PROFILE, customer], str(e))
+  return profiles
 
-def _convertInboundSSOProfileDisplaynameToName(ci=None, displayName=''):
+def _convertInboundSSOProfileDisplaynameToName(ci, mode, displayName='',
+                                               entityType=Ent.INBOUND_SSO_PROFILE):
   if displayName.lower().startswith('id:') or displayName.lower().startswith('uid:'):
     displayName = displayName.split(':', 1)[1]
-    if not displayName.startswith('inboundSamlSsoProfiles/'):
-      displayName = f'inboundSamlSsoProfiles/{displayName}'
+    if mode == 'all':
+      if not (displayName.startswith('inboundSamlSsoProfiles/') and
+              displayName.startswith('inboundOidcSsoProfiles/')):
+        displayName = f'inboundSamlSsoProfiles/{displayName}'
+    elif mode == 'saml':
+      if not displayName.startswith('inboundSamlSsoProfiles/'):
+        displayName = f'inboundSamlSsoProfiles/{displayName}'
+    else:
+      if not displayName.startswith('inboundOidcSsoProfiles/'):
+        displayName = f'inboundOidcSsoProfiles/{displayName}'
     return displayName
-  if not ci:
-    ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
-  profiles = _getInboundSSOProfiles(ci)
+  profiles = _getInboundSSOProfiles(ci, mode)
   matches = []
   for profile in profiles:
     if displayName.lower() == profile.get('displayName', '').lower():
@@ -46435,30 +46506,50 @@ def _convertInboundSSOProfileDisplaynameToName(ci=None, displayName=''):
   if len(matches) == 1:
     return matches[0]['name']
   if len(matches) == 0:
-    usageErrorExit(Msg.NO_SSO_PROFILE_MATCHES.format(displayName))
-  errMsg = Msg.MULTIPLE_SSO_PROFILES_MATCH.format(displayName)
-  for m in matches:
-    errMsg += f'  {m["name"]}  {m["displayName"]}\n'
-  usageErrorExit(errMsg)
+    errMsg = Msg.NO_SSO_PROFILE_MATCHES.format(displayName)
+  else:
+    errMsg = Msg.MULTIPLE_SSO_PROFILES_MATCH.format(displayName)
+    for m in matches:
+      errMsg += f'  {m["name"]}  {m["displayName"]}\n'
+  entityActionFailedWarning([entityType, None], errMsg)
+  return None
 
-def _getInboundSSOProfileArguments(body):
+def _getInboundSSOProfileArguments(body, mode):
   returnNameOnly = False
-  while Cmd.ArgumentsRemaining():
-    myarg = getArgument()
-    if myarg == 'name':
-      body['displayName'] = getString(Cmd.OB_STRING)
-    elif myarg == 'entityid':
-      body.setdefault('idpConfig', {})['entityId'] = getString(Cmd.OB_STRING)
-    elif myarg == 'loginurl':
-      body.setdefault('idpConfig', {})['singleSignOnServiceUri'] = getString(Cmd.OB_STRING)
-    elif myarg == 'logouturl':
-      body.setdefault('idpConfig', {})['logoutRedirectUri'] = getString(Cmd.OB_STRING)
-    elif myarg == 'changepasswordurl':
-      body.setdefault('idpConfig', {})['changePasswordUri'] = getString(Cmd.OB_STRING)
-    elif myarg == 'returnnameonly':
-      returnNameOnly = True
-    else:
-      unknownArgumentExit()
+  if mode == 'saml':
+    while Cmd.ArgumentsRemaining():
+      myarg = getArgument()
+      if myarg == 'name':
+        body['displayName'] = getString(Cmd.OB_STRING)
+      elif myarg == 'entityid':
+        body.setdefault('idpConfig', {})['entityId'] = getString(Cmd.OB_STRING)
+      elif myarg == 'loginurl':
+        body.setdefault('idpConfig', {})['singleSignOnServiceUri'] = getString(Cmd.OB_STRING)
+      elif myarg == 'logouturl':
+        body.setdefault('idpConfig', {})['logoutRedirectUri'] = getString(Cmd.OB_STRING)
+      elif myarg == 'changepasswordurl':
+        body.setdefault('idpConfig', {})['changePasswordUri'] = getString(Cmd.OB_STRING)
+      elif myarg == 'returnnameonly':
+        returnNameOnly = True
+      else:
+        unknownArgumentExit()
+  else:
+    while Cmd.ArgumentsRemaining():
+      myarg = getArgument()
+      if myarg == 'name':
+        body['displayName'] = getString(Cmd.OB_STRING)
+      elif myarg == 'issueruri':
+        body.setdefault('idpConfig', {})['issuerUri'] = getString(Cmd.OB_STRING)
+      elif myarg == 'changepasswordurl':
+        body.setdefault('idpConfig', {})['changePasswordUri'] = getString(Cmd.OB_STRING)
+      elif myarg == 'clientid':
+        body.setdefault('rpConfig', {})['clientId'] = getString(Cmd.OB_STRING)
+      elif myarg == 'clientsecret':
+        body.setdefault('rpConfig', {})['clientSecret'] = getString(Cmd.OB_STRING)
+      elif myarg == 'returnnameonly':
+        returnNameOnly = True
+      else:
+        unknownArgumentExit()
   return (returnNameOnly, body)
 
 def _showInboundSSOProfile(profile, FJQC, i=0, count=0):
@@ -46489,18 +46580,24 @@ def _processInboundSSOProfileResult(result, returnNameOnly, kvlist, function):
   else:
     writeStdout('inProgress\n')
 
-# gam create inboundssoprofile [name <SSOProfileName>]
+def _getInboundSSOModeService(ci):
+  mode = getChoice(INBOUNDSSO_INPUT_MODE_CHOICE_MAP, defaultChoice='saml', mapChoice=True)
+  service = ci.inboundSamlSsoProfiles() if mode == 'saml' else ci.inboundOidcSsoProfiles()
+  return (mode, service)
+
+# gam create inboundssoprofile [saml|oidc] [name <SSOProfileName>]
 #	[entityid <String>] [loginurl <URL>] [logouturl <URL>] [changepasswordurl <URL>]
 #	[returnnameonly]
 def doCreateInboundSSOProfile():
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
+  mode, service = _getInboundSSOModeService(ci)
   body = {'customer': normalizeChannelCustomerID(GC.Values[GC.CUSTOMER_ID]),
           'displayName': 'SSO Profile'
          }
-  returnNameOnly, body = _getInboundSSOProfileArguments(body)
+  returnNameOnly, body = _getInboundSSOProfileArguments(body, mode)
   kvlist = [Ent.INBOUND_SSO_PROFILE, body['displayName']]
   try:
-    result = callGAPI(ci.inboundSamlSsoProfiles(), 'create',
+    result = callGAPI(service, 'create',
                       throwReasons=GAPI.CISSO_CREATE_THROW_REASONS,
                       retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
                       bailOnInternalError=True,
@@ -46511,16 +46608,19 @@ def doCreateInboundSSOProfile():
           GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
     entityActionFailedWarning(kvlist, str(e))
 
-# gam update inboundssoprofile <SSOProfileItem>
+# gam update inboundssoprofile [saml|oidc] <SSOProfileItem>
 #	[entityid <String>] [loginurl <URL>] [logouturl <URL>] [changepasswordurl <URL>]
 #	[returnnameonly]
 def doUpdateInboundSSOProfile():
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
-  name = _convertInboundSSOProfileDisplaynameToName(ci, getString(Cmd.OB_STRING))
-  returnNameOnly, body = _getInboundSSOProfileArguments({})
+  mode, service = _getInboundSSOModeService(ci)
+  name = _convertInboundSSOProfileDisplaynameToName(ci, mode, getString(Cmd.OB_STRING))
+  if not name:
+    return
+  returnNameOnly, body = _getInboundSSOProfileArguments({}, mode)
   kvlist = [Ent.INBOUND_SSO_PROFILE, name]
   try:
-    result = callGAPI(ci.inboundSamlSsoProfiles(), 'patch',
+    result = callGAPI(service, 'patch',
                       throwReasons=GAPI.CISSO_UPDATE_THROW_REASONS,
                       retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
                       bailOnInternalError=True,
@@ -46533,14 +46633,17 @@ def doUpdateInboundSSOProfile():
           GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
     entityActionFailedWarning(kvlist, str(e))
 
-# gam delete inboundssoprofile <SSOProfileItem>
+# gam delete inboundssoprofile [saml|oidc] <SSOProfileItem>
 def doDeleteInboundSSOProfile():
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
-  name = _convertInboundSSOProfileDisplaynameToName(ci, getString(Cmd.OB_STRING))
+  mode, service = _getInboundSSOModeService(ci)
+  name = _convertInboundSSOProfileDisplaynameToName(ci, mode, getString(Cmd.OB_STRING))
+  if not name:
+    return
   checkForExtraneousArguments()
   kvlist = [Ent.INBOUND_SSO_PROFILE, name]
   try:
-    result = callGAPI(ci.inboundSamlSsoProfiles(), 'delete',
+    result = callGAPI(service, 'delete',
                       throwReasons=GAPI.CISSO_UPDATE_THROW_REASONS,
                       retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
                       bailOnInternalError=True,
@@ -46553,33 +46656,54 @@ def doDeleteInboundSSOProfile():
           GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
     entityActionFailedWarning(kvlist, str(e))
 
-def _getInboundSSOProfile(ci, name):
+def _getInboundSSOProfileByName(ci, mode, name):
+  notFound = False
   kvlist = [Ent.INBOUND_SSO_PROFILE, name]
-  try:
-    return callGAPI(ci.inboundSamlSsoProfiles(), 'get',
-                    throwReasons=GAPI.CISSO_GET_THROW_REASONS,
-                    retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                    bailOnInternalError=True,
-                    name=name)
-  except GAPI.notFound:
+  if mode in INBOUNDSSO_ALL_SAML:
+    try:
+      return callGAPI(ci.inboundSamlSsoProfiles(), 'get',
+                      throwReasons=GAPI.CISSO_GET_THROW_REASONS,
+                      retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                      bailOnInternalError=True,
+                      name=name)
+    except GAPI.notFound:
+      notFound = True
+    except (GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.forbidden,
+            GAPI.badRequest, GAPI.invalid, GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
+      entityActionFailedWarning(kvlist, str(e))
+  if mode in INBOUNDSSO_ALL_OIDC:
+    try:
+      return callGAPI(ci.inboundOidcSsoProfiles(), 'get',
+                      throwReasons=GAPI.CISSO_GET_THROW_REASONS,
+                      retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                      bailOnInternalError=True,
+                      name=name)
+    except GAPI.notFound:
+      notFound = True
+    except (GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.forbidden,
+            GAPI.badRequest, GAPI.invalid, GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
+      entityActionFailedWarning(kvlist, str(e))
+  if notFound:
     entityActionFailedWarning(kvlist, Msg.DOES_NOT_EXIST)
-  except (GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.forbidden,
-          GAPI.badRequest, GAPI.invalid, GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
-    entityActionFailedWarning(kvlist, str(e))
   return None
 
-# gam info inboundssoprofile <SSOProfileItem> [formatjson]
+# gam info inboundssoprofile [all|saml|oidc] <SSOProfileItem> [formatjson]
 def doInfoInboundSSOProfile():
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
-  name = _convertInboundSSOProfileDisplaynameToName(ci, getString(Cmd.OB_STRING))
+  mode = getChoice(INBOUNDSSO_OUTPUT_MODE_CHOICE_MAP, defaultChoice='all', mapChoice=True)
+  name = getString(Cmd.OB_STRING)
   FJQC = FormatJSONQuoteChar(formatJSONOnly=True)
-  profile = _getInboundSSOProfile(ci, name)
+  name = _convertInboundSSOProfileDisplaynameToName(ci, mode, name)
+  if not name:
+    return
+  mode = 'saml' if name.startswith('inboundSamlSsoProfiles/') else 'oidc'
+  profile = _getInboundSSOProfileByName(ci, mode, name)
   if profile:
     _showInboundSSOProfile(profile, FJQC)
 
-# gam show inboundssoprofile
+# gam show inboundssoprofile [all|saml|oidc]
 #	[formatjson]
-# gam print inboundssoprofile [todrive <ToDriveAttribute>*]
+# gam print inboundssoprofile [all|saml|oidc] [todrive <ToDriveAttribute>*]
 #	[[formatjson [quotechar <Character>]]
 def doPrintShowInboundSSOProfiles():
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
@@ -46587,6 +46711,7 @@ def doPrintShowInboundSSOProfiles():
   csvPF = CSVPrintFile(['name']) if Act.csvFormat() else None
   FJQC = FormatJSONQuoteChar(csvPF)
   cfilter = f'customer=="{customer}"'
+  mode = getChoice(INBOUNDSSO_OUTPUT_MODE_CHOICE_MAP, defaultChoice='all', mapChoice=True)
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if csvPF and myarg == 'todrive':
@@ -46595,7 +46720,7 @@ def doPrintShowInboundSSOProfiles():
       FJQC.GetFormatJSONQuoteChar(myarg, True)
   if csvPF:
     printGettingAllAccountEntities(Ent.INBOUND_SSO_PROFILE, cfilter)
-  profiles = _getInboundSSOProfiles(ci)
+  profiles = _getInboundSSOProfiles(ci, mode)
   if not csvPF:
     count = len(profiles)
     if not FJQC.formatJSON:
@@ -46665,6 +46790,7 @@ def _processInboundSSOCredentialsResult(result, kvlist, function):
 #	(pemfile <FileName>)|(generatekey [keysize 1024|2048|4096]) [replaceolddest]
 def doCreateInboundSSOCredential():
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
+  mode = 'saml'
   profile = None
   generateKey = replaceOldest = False
   keySize = 2048
@@ -46672,7 +46798,11 @@ def doCreateInboundSSOCredential():
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg == 'profile':
-      profile = _convertInboundSSOProfileDisplaynameToName(ci, getString(Cmd.OB_STRING))
+      profile = _convertInboundSSOProfileDisplaynameToName(ci, mode,
+                                                           getString(Cmd.OB_STRING),
+                                                           Ent.INBOUND_SSO_CREDENTIALS)
+      if not profile:
+        return
     elif myarg == 'pemfile':
       pemData = readFile(getString(Cmd.OB_FILE_NAME))
     elif myarg == 'generatekey':
@@ -46776,15 +46906,24 @@ def doPrintShowInboundSSOCredentials():
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
   csvPF = CSVPrintFile(['name']) if Act.csvFormat() else None
   FJQC = FormatJSONQuoteChar(csvPF)
+  mode = 'saml'
   profiles = []
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg in {'profile', 'profiles'}:
-      profiles = [_convertInboundSSOProfileDisplaynameToName(ci, profile) for profile in getString(Cmd.OB_STRING_LIST).split(',')]
+      errors = 0
+      for profile in getEntityList(Cmd.OB_STRING_LIST, shlexSplit=True):
+        name = _convertInboundSSOProfileDisplaynameToName(ci, mode, profile, Ent.INBOUND_SSO_CREDENTIALS)
+        if name:
+          profiles.append(name)
+        else:
+          errors += 1
+      if errors:
+        return
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, True)
   if not profiles:
-    profiles = [p['name'] for p in _getInboundSSOProfiles(ci)]
+    profiles = [p['name'] for p in _getInboundSSOProfiles(ci, mode)]
   count = len(profiles)
   i = 0
   for profile in profiles:
@@ -46877,6 +47016,7 @@ def _getInboundSSOAssignmentByTarget(ci, cd, target):
   usageErrorExit(Msg.NO_SSO_PROFILE_ASSIGNED.format(targetType, target))
 
 def _getInboundSSOAssignmentArguments(ci, cd, body):
+  mode = None
   rank = 0
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
@@ -46884,9 +47024,19 @@ def _getInboundSSOAssignmentArguments(ci, cd, body):
       rank = getInteger(minVal=1)
     elif myarg == 'mode':
       body['ssoMode'] = getChoice(INBOUNDSSO_MODE_CHOICE_MAP, mapChoice=True)
-    elif myarg == 'profile':
-      body['samlSsoInfo'] = {'inboundSamlSsoProfile':
-                               _convertInboundSSOProfileDisplaynameToName(ci, getString(Cmd.OB_STRING))}
+      if body['ssoMode'] == 'SAML_SSO':
+        mode = 'saml'
+        profile = 'inboundSamlSsoProfile'
+      elif body['ssoMode'] == 'OIDC_SSO':
+        mode = 'oidc'
+        profile = 'inboundOidcSsoProfile'
+    elif mode and myarg == 'profile':
+      name = _convertInboundSSOProfileDisplaynameToName(ci, mode,
+                                                        getString(Cmd.OB_STRING),
+                                                        Ent.INBOUND_SSO_ASSIGNMENT)
+      if not name:
+        return None
+      body['samlSsoInfo'] = {profile: name}
     elif myarg == 'neverredirect':
       body['signInBehavior'] = {'redirectCondition': 'NEVER'}
     elif myarg == 'group':
@@ -46897,7 +47047,7 @@ def _getInboundSSOAssignmentArguments(ci, cd, body):
       unknownArgumentExit()
   if 'ssoMode' not in body:
     missingArgumentExit('mode')
-  if body['ssoMode'] == 'SAML_SSO' and 'samlSsoInfo' not in body:
+  if mode and 'samlSsoInfo' not in body:
     missingArgumentExit('profile')
   if 'targetGroup' in body:
     if 'targetOrgUnit' in body:
@@ -46935,13 +47085,17 @@ def _processInboundSSOAssignmentResult(result, kvlist, ci, cd, function):
   else:
     entityActionPerformedMessage(kvlist, Msg.ACTION_IN_PROGRESS.format(f'{function} inboundssoassignment'))
 
-# gam create inboundssoassignment (group <GroupItem> rank <Number>)|(ou|org|orgunit <OrgUnitItem>)
-#	(mode sso_off)|(mode saml_sso profile <SSOProfileItem>)(mode domain_wide_saml_if_enabled) [neverredirect]
+# gam create inboundssoassignment
+#	(group <GroupItem> rank <Number>)|(ou|org|orgunit <OrgUnitItem>)
+#	(mode sso_off)|(mode saml_sso profile <SSOProfileItem>)|(mode oidc_sso profile <SSOProfileName>}|(mode domain_wide_saml_if_enabled)
+#	[neverredirect]
 def doCreateInboundSSOAssignment():
   cd = buildGAPIObject(API.DIRECTORY)
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
   body = {'customer': normalizeChannelCustomerID(GC.Values[GC.CUSTOMER_ID])}
   body = _getInboundSSOAssignmentArguments(ci, cd, body)
+  if not body:
+    return
   kvlist = [Ent.INBOUND_SSO_ASSIGNMENT, body['customer']]
   try:
     result = callGAPI(ci.inboundSsoAssignments(), 'create',
@@ -46955,8 +47109,10 @@ def doCreateInboundSSOAssignment():
           GAPI.systemError, GAPI.permissionDenied, GAPI.internalError, GAPI.serviceNotAvailable) as e:
     entityActionFailedWarning(kvlist, str(e))
 
-# gam update inboundssoassignment [(group <GroupItem> rank <Number>)|(ou|org|orgunit <OrgUnitItem>)]
-#	[(mode sso_off)|(mode saml_sso profile <SSOProfileItem>)(mode domain_wide_saml_if_enabled)] [neverredirect]
+# gam update inboundssoassignment <SSOAssignmentName>
+#	[(group <GroupItem> rank <Number>)|(ou|org|orgunit <OrgUnitItem>)]
+#	(mode sso_off)|(mode saml_sso profile <SSOProfileItem>)|(mode oidc_sso profile <SSOProfileName>}|(mode domain_wide_saml_if_enabled)
+#	[neverredirect]
 def doUpdateInboundSSOAssignment():
   cd = buildGAPIObject(API.DIRECTORY)
   ci = buildGAPIObject(API.CLOUDIDENTITY_INBOUND_SSO)
@@ -47013,14 +47169,20 @@ def doInfoInboundSSOAssignment():
     return
   name = assignment.get('samlSsoInfo', {}).get('inboundSamlSsoProfile')
   if name:
-    profile = _getInboundSSOProfile(ci, name)
+    profile = _getInboundSSOProfileByName(ci, 'saml', name)
     if profile:
       assignment['samlSsoInfo']['inboundSamlSsoProfile'] = profile
+  else:
+    name = assignment.get('oidcSsoInfo', {}).get('inboundOidcSsoProfile')
+    if name:
+      profile = _getInboundSSOProfileByName(ci, 'oidc', name)
+      if profile:
+        assignment['oidcSsoInfo']['inboundOidcSsoProfile'] = profile
   _showInboundSSOAssignment(assignment, FJQC, ci, cd)
 
-# gam show inboundssoassignment
+# gam show inboundssoassignments
 #	[formatjson]
-# gam print inboundssoassignment [todrive <ToDriveAttribute>*]
+# gam print inboundssoassignments [todrive <ToDriveAttribute>*]
 #	[[formatjson [quotechar <Character>]]
 def doPrintShowInboundSSOAssignments():
   cd = buildGAPIObject(API.DIRECTORY)
@@ -71135,7 +71297,7 @@ def _processMessagesThreads(users, entityType):
       try:
         callGAPI(gmail.users().messages(), function,
                  throwReasons=GAPI.GMAIL_THROW_REASONS+[GAPI.INVALID_MESSAGE_ID, GAPI.INVALID, GAPI.INVALID_ARGUMENT,
-                                                        GAPI.FAILED_PRECONDITION, GAPI.PERMISSION_DENIED],
+                                                        GAPI.FAILED_PRECONDITION, GAPI.PERMISSION_DENIED, GAPI.QUOTA_EXCEEDED],
                  userId='me', body=body)
         for messageId in body['ids']:
           mcount += 1
@@ -71145,7 +71307,7 @@ def _processMessagesThreads(users, entityType):
             csvPF.WriteRow({'User': user, entityHeader: messageId, 'action': Act.Performed()})
       except GAPI.serviceNotAvailable:
         mcount += bcount
-      except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied) as e:
+      except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.quotaExceeded) as e:
         _processMessageFailed(user, idsList, f'{str(e)} ({mcount+1}-{mcount+bcount}/{jcount})')
         mcount += bcount
       except GAPI.invalidMessageId:
@@ -71158,7 +71320,8 @@ def _processMessagesThreads(users, entityType):
 
   _GMAIL_ERROR_REASON_TO_MESSAGE_MAP = {GAPI.NOT_FOUND: Msg.DOES_NOT_EXIST,
                                         GAPI.INVALID_MESSAGE_ID: Msg.INVALID_MESSAGE_ID,
-                                        GAPI.FAILED_PRECONDITION: Msg.FAILED_PRECONDITION}
+                                        GAPI.FAILED_PRECONDITION: Msg.FAILED_PRECONDITION,
+                                        GAPI.QUOTA_EXCEEDED: Msg.QUOTA_EXCEEDED}
 
   def _callbackProcessMessage(request_id, _, exception):
     ri = request_id.splitlines()
@@ -71169,7 +71332,9 @@ def _processMessagesThreads(users, entityType):
         csvPF.WriteRow({'User': ri[RI_ENTITY], entityHeader: ri[RI_ITEM], 'action': Act.Performed()})
     else:
       http_status, reason, message = checkGAPIError(exception)
-      _processMessageFailed(ri[RI_ENTITY], ri[RI_ITEM], getHTTPError(_GMAIL_ERROR_REASON_TO_MESSAGE_MAP, http_status, reason, message), int(ri[RI_J]), int(ri[RI_JCOUNT]))
+      _processMessageFailed(ri[RI_ENTITY], ri[RI_ITEM],
+                            getHTTPError(_GMAIL_ERROR_REASON_TO_MESSAGE_MAP, http_status, reason, message),
+                            int(ri[RI_J]), int(ri[RI_JCOUNT]))
 
   def _batchProcessMessagesThreads(service, function, user, jcount, messageIds, **kwargs):
     svcargs = dict([('userId', 'me'), ('id', None), ('fields', '')]+list(kwargs.items())+GM.Globals[GM.EXTRA_ARGS_LIST])
@@ -71267,7 +71432,9 @@ def _processMessagesThreads(users, entityType):
       continue
     if parameters['messageEntity'] is None:
       if parameters['maxToProcess'] and jcount > parameters['maxToProcess']:
-        entityNumEntitiesActionNotPerformedWarning([Ent.USER, user], entityType, jcount, Msg.COUNT_N_EXCEEDS_MAX_TO_PROCESS_M.format(jcount, Act.ToPerform(), parameters['maxToProcess']), i, count)
+        entityNumEntitiesActionNotPerformedWarning([Ent.USER, user], entityType, jcount,
+                                                   Msg.COUNT_N_EXCEEDS_MAX_TO_PROCESS_M.format(jcount, Act.ToPerform(), parameters['maxToProcess']),
+                                                   i, count)
         continue
       if not parameters['doIt']:
         entityNumEntitiesActionNotPerformedWarning([Ent.USER, user], entityType, jcount, Msg.USE_DOIT_ARGUMENT_TO_PERFORM_ACTION, i, count)

gam/gamlib/glmsgs.py

@@ -465,6 +465,7 @@ PROCESSING_ITEM_N = '{0},0,Processing item {1}\n'
 PROCESSING_ITEM_N_OF_M = '{0},0,Processing item {1}/{2}\n'
 PROFILE_PHOTO_NOT_FOUND = 'Profile photo not found'
 PROFILE_PHOTO_IS_DEFAULT = 'Profile photo is default'
+QUOTA_EXCEEDED = 'Quota exceeded'
 REASON_ONLY_VALID_WITH_CONTENTRESTRICTIONS_READONLY_TRUE = 'reason only valid with contentrestrictions readonly true'
 REAUTHENTICATION_IS_NEEDED = 'Reauthentication is needed, please run\n\ngam oauth create'
 RECOMMEND_RUNNING_GAM_ROTATE_SAKEY = 'Recommend running "gam rotate sakey" to get a new key\n'

{gam7-7.18.4.dist-info → gam7-7.18.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gam7
-Version: 7.18.4
+Version: 7.18.6
 Summary: CLI tool to manage Google Workspace
 Project-URL: Homepage, https://github.com/GAM-team/GAM
 Project-URL: Issues, https://github.com/GAM-team/GAM/issues

{gam7-7.18.4.dist-info → gam7-7.18.6.dist-info}/RECORD

@@ -1,4 +1,4 @@
-gam/__init__.py,sha256=lSFipSI6fSlg0J9H08IWN05Mo_kIh61EeR86LIEGQ-c,3577219
+gam/__init__.py,sha256=E5u75yFxYquGMVAfkhxCDcSpYauMaL2akfztrblZEPo,3584006
 gam/__main__.py,sha256=amz0-959ph6zkZKqjaar4n60yho-T37w6qWI36qx0CA,1049
 gam/cacerts.pem,sha256=82Ak7btW_2XvocLUvAwPmpx8Chi0oqtZUG1gseLK_t4,50235
 gam/cbcm-v1.1beta1.json,sha256=xO5XloCQQULmPbFBx5bckdqmbLFQ7sJ2TImhE1ysDIY,19439
@@ -31,7 +31,7 @@ gam/gamlib/glgapi.py,sha256=pdBbwNtnCwFWxJGaP-_3hdTjSNoOCJF2yo76WdQOi1k,40426
 gam/gamlib/glgdata.py,sha256=weRppttWm6uRyqtBoGPKoHiNZ2h28nhfUV4J_mbCszY,2707
 gam/gamlib/glglobals.py,sha256=J0xcHggVrUBzHJ5GruenKV-qV1zPKcK2qWgAgN3i5Jw,9608
 gam/gamlib/glindent.py,sha256=RfBa2LDfLIqPLL5vMfC689TCVmqn8xf-qulSzkiatrc,1228
-gam/gamlib/glmsgs.py,sha256=Acd7kdtYcBJwTxQIosXR3cEc4ze8yeMQvFMlFb9e9Qs,33963
+gam/gamlib/glmsgs.py,sha256=vephDvTNbv55f79QzZWEKDcBTXr8knrwDxvx-1TYM6M,33997
 gam/gamlib/glskus.py,sha256=e1u3zw1MGQjBgAFXqjrGWQl2d7eYpVlMYGpIKNwjskQ,15360
 gam/gamlib/gluprop.py,sha256=IyPLCyvn7-NHTUenM71YPQPXRZXx6CB5q-GtJ-FYd1c,11461
 gam/gamlib/glverlibs.py,sha256=xoQXiwcE_-HVYKv-VYA8O0mazRsc9mN-_ysj1dAlMyc,992
@@ -65,8 +65,8 @@ gam/googleapiclient/discovery_cache/base.py,sha256=yCDPtxnbNN-p5_9fzBacC6P3wcUPl
 gam/googleapiclient/discovery_cache/file_cache.py,sha256=sim3Mg4HgRYo3vX75jvcKy_aV568EvIrtBfvfbw-044,4774
 gam/iso8601/__init__.py,sha256=Z2PsYbXgAH5a5xzUvgczCboPzqWpm65kRcIngCnhViU,1218
 gam/iso8601/iso8601.py,sha256=Li2FHZ4sBTWuthuQhyCvmvj0j6At8JbGzkSv2fc2RHU,4384
-gam7-7.18.4.dist-info/METADATA,sha256=9Jont_975UdHfv5JG2oX6m9QUjoCE-wMBIpGS_UR6xg,2940
-gam7-7.18.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-gam7-7.18.4.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
-gam7-7.18.4.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-gam7-7.18.4.dist-info/RECORD,,
+gam7-7.18.6.dist-info/METADATA,sha256=0RPFGDNkA24f5tyNH_NHgVcrdkiDKXHU6ZP-6F-cmQE,2940
+gam7-7.18.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+gam7-7.18.6.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
+gam7-7.18.6.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+gam7-7.18.6.dist-info/RECORD,,