gam7 7.25.0__py3-none-any.whl → 7.26.0__py3-none-any.whl

gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.25.00'
+__version__ = '7.26.00'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -49,7 +49,7 @@ from email.policy import SMTP as policySMTP
 import hashlib
 from html.entities import name2codepoint
 from html.parser import HTMLParser
-import http.client as http_client
+import http.client
 import importlib
 from importlib.metadata import version as lib_version
 import io
@@ -375,6 +375,37 @@ YUBIKEY_VALUE_ERROR_RC = 85
 YUBIKEY_MULTIPLE_CONNECTED_RC = 86
 YUBIKEY_NOT_FOUND_RC = 87
 
+DEBUG_REDACTION_PATTERNS = [
+  # Positional patterns that redact sensitive credentials based on their location
+  (r'(Bearer\s+)\S+', r'\1*****'), # access tokens and JWTs in auth header
+  (r'([?&]refresh_token=)[^&]*', r'\1*****'), # refresh token URL parameter
+  (r'([?&]client_secret=)[^&]*', r'\1*****'), # client secret URL parameter
+  (r'([?&]key=)[^&]*', r'\1*****'), # API key URL parameter
+  (r'([?&]code=)[^&]*', r'\1*****'), # auth code URL parameter
+
+  # Pattern match patterns that redact sensitive credentials based on known credential pattern
+  (r'ya29.[0-9A-Za-z-_]+', '*****'), # Access token
+  (r'1%2F%2F[0-9A-Za-z-_]{100}|1%2F%2F[0-9A-Za-z-_]{64}|1%2F%2F[0-9A-Za-z-_]{43}', '*****'), # Refresh token
+  (r'4/[0-9A-Za-z-_]+', '*****'), # Auth code
+  (r'GOCSPX-[0-9a-zA-Z-_]{28}', '*****'), # Client secret
+  (r'AIza[0-9A-Za-z-_]{35}', '*****'), # API key
+  (r'eyJ[a-zA-Z0-9\-_]+\.eyJ[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]*', '*****'), # JWT
+  ]
+
+def redactable_debug_print(*args):
+  processed_args = []
+  for arg in args:
+    if arg.startswith('b\''):
+      sbytes = arg[2:-1]
+      sbytes = bytes(sbytes, 'utf-8')
+      arg = sbytes.decode()
+      arg = arg.replace('\\r\\n', "\n          ")
+    if GC.Values[GC.DEBUG_REDACTION]:
+      for pattern, replace in DEBUG_REDACTION_PATTERNS:
+        arg = re.sub(pattern, replace, arg)
+    processed_args.append(arg)
+  print(*processed_args)
+
 # Multiprocessing lock
 mplock = None
 
@@ -3716,12 +3747,12 @@ def SetGlobalVariables():
     return stringlist
 
   def _getCfgTimezone(sectionName, itemName):
-    value = _stripStringQuotes(GM.Globals[GM.PARSER].get(sectionName, itemName).lower())
-    if value in {'utc', 'z'}:
+    value = _stripStringQuotes(GM.Globals[GM.PARSER].get(sectionName, itemName))
+    if value.lower() in {'utc', 'z'}:
       GM.Globals[GM.CONVERT_TO_LOCAL_TIME] = False
       return arrow.now('utc').tzinfo
     GM.Globals[GM.CONVERT_TO_LOCAL_TIME] = True
-    if value == 'local':
+    if value.lower() == 'local':
       return arrow.now(value).tzinfo
     try:
       return arrow.now(value).tzinfo
@@ -4124,6 +4155,8 @@ def SetGlobalVariables():
   GM.Globals[GM.OAUTH2_TXT_LOCK] = f'{GC.Values[GC.OAUTH2_TXT]}.lock'
 # Override httplib2 settings
   httplib2.debuglevel = GC.Values[GC.DEBUG_LEVEL]
+# Use our own print function for http.client so we can redact and cleanup
+  http.client.print = redactable_debug_print
 # Reset global variables if required
   if prevExtraArgsTxt != GC.Values[GC.EXTRA_ARGS]:
     GM.Globals[GM.EXTRA_ARGS_LIST] = [('prettyPrint', GC.Values[GC.DEBUG_LEVEL] > 0)]
@@ -4775,7 +4808,7 @@ def getService(api, httpObj):
           waitOnFailure(n, triesLimit, INVALID_JSON_RC, str(e))
           continue
         systemErrorExit(INVALID_JSON_RC, str(e))
-      except (http_client.ResponseNotReady, OSError, googleapiclient.errors.HttpError) as e:
+      except (http.client.ResponseNotReady, OSError, googleapiclient.errors.HttpError) as e:
         errMsg = f'Connection error: {str(e) or repr(e)}'
         if n != triesLimit:
           waitOnFailure(n, triesLimit, SOCKET_ERROR_RC, errMsg)
@@ -4810,7 +4843,6 @@ def defaultSvcAcctScopes():
         saScopes[scope['api']].append(scope['scope'])
       else:
         saScopes[scope['api']].extend(scope['scope'])
-  saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
   saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
   return saScopes
 
@@ -5089,7 +5121,7 @@ def callGData(service, function,
         e = e.args[0]
       handleOAuthTokenError(e, GDATA.SERVICE_NOT_APPLICABLE in throwErrors)
       raise GDATA.ERROR_CODE_EXCEPTION_MAP[GDATA.SERVICE_NOT_APPLICABLE](str(e))
-    except (http_client.ResponseNotReady, OSError) as e:
+    except (http.client.ResponseNotReady, OSError) as e:
       errMsg = f'Connection error: {str(e) or repr(e)}'
       if n != triesLimit:
         waitOnFailure(n, triesLimit, SOCKET_ERROR_RC, errMsg)
@@ -5399,7 +5431,7 @@ def callGAPI(service, function,
         e = e.args[0]
       handleOAuthTokenError(e, GAPI.SERVICE_NOT_AVAILABLE in throwReasons)
       raise GAPI.REASON_EXCEPTION_MAP[GAPI.SERVICE_NOT_AVAILABLE](str(e))
-    except (http_client.ResponseNotReady, OSError) as e:
+    except (http.client.ResponseNotReady, OSError) as e:
       errMsg = f'Connection error: {str(e) or repr(e)}'
       if n != triesLimit:
         waitOnFailure(n, triesLimit, SOCKET_ERROR_RC, errMsg)
@@ -12351,8 +12383,6 @@ def checkServiceAccount(users):
             saScopes[scope['api']].append(scope['roscope'])
             checkScopesSet.add(scope['roscope'])
         i += 1
-    if API.DRIVEACTIVITY in saScopes and API.DRIVE3 in saScopes:
-      saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
     if API.DRIVE3 in saScopes:
       saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
     GM.Globals[GM.OAUTH2SERVICE_JSON_DATA][API.OAUTH2SA_SCOPES] = saScopes

gam/gamlib/glcfg.py

@@ -149,6 +149,8 @@ CSV_OUTPUT_USERS_AUDIT = 'csv_output_users_audit'
 CUSTOMER_ID = 'customer_id'
 # If debug_level > 0: extra_args['prettyPrint'] = True, httplib2.debuglevel = gam_debug_level, appsObj.debug = True
 DEBUG_LEVEL = 'debug_level'
+# redact sensitive credentials from debug output
+DEBUG_REDACTION = 'debug_redaction'
 # Developer Preview API Key
 DEVELOPER_PREVIEW_API_KEY = 'developer_preview_api_key'
 # When retrieving lists of ChromeOS devices from API, how many should be retrieved in each chunk
@@ -378,6 +380,7 @@ Defaults = {
   CSV_OUTPUT_USERS_AUDIT: FALSE,
   CUSTOMER_ID: MY_CUSTOMER,
   DEBUG_LEVEL: '0',
+  DEBUG_REDACTION: TRUE,
   DEVELOPER_PREVIEW_API_KEY: '',
   DEVICE_MAX_RESULTS: '200',
   DOMAIN: '',
@@ -547,6 +550,7 @@ VAR_INFO = {
   CSV_OUTPUT_USERS_AUDIT: {VAR_TYPE: TYPE_BOOLEAN},
   CUSTOMER_ID: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'CUSTOMER_ID', VAR_LIMITS: (0, None)},
   DEBUG_LEVEL: {VAR_TYPE: TYPE_INTEGER, VAR_SIGFILE: 'debug.gam', VAR_LIMITS: (0, None), VAR_SFFT: ('0', '4')},
+  DEBUG_REDACTION: {VAR_TYPE: TYPE_BOOLEAN},
   DEVELOPER_PREVIEW_API_KEY: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
   DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
   DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},

gam/gamlib/glglobals.py

@@ -107,6 +107,8 @@ CURRENT_SVCACCT_USER = 'csa'
 DATETIME_NOW = 'dtno'
 # If debug_level > 0: extra_args['prettyPrint'] = True, httplib2.debuglevel = gam_debug_level, appsObj.debug = True
 DEBUG_LEVEL = 'dbgl'
+# Whether debug output should redact sensitive credentials
+DEBUG_REDACTION = 'dbrd'
 # Decoded ID token
 DECODED_ID_TOKEN = 'didt'
 # Index of start of <UserTypeEntity> in command line
@@ -263,6 +265,7 @@ Globals = {
   CURRENT_SVCACCT_USER: None,
   DATETIME_NOW: None,
   DEBUG_LEVEL: 0,
+  DEBUG_REDACTION: True,
   DECODED_ID_TOKEN: None,
   ENTITY_CL_DELAY_START: 1,
   ENTITY_CL_START: 1,

{gam7-7.25.0.dist-info → gam7-7.26.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gam7
-Version: 7.25.0
+Version: 7.26.0
 Summary: CLI tool to manage Google Workspace
 Project-URL: Homepage, https://github.com/GAM-team/GAM
 Project-URL: Issues, https://github.com/GAM-team/GAM/issues
@@ -17,7 +17,7 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
-Requires-Python: >=3.9
+Requires-Python: >=3.10
 Requires-Dist: arrow>=1.3.0
 Requires-Dist: chardet>=5.2.0
 Requires-Dist: cryptography>=44.0.2

{gam7-7.25.0.dist-info → gam7-7.26.0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-gam/__init__.py,sha256=KgQ0lP58wUrxs-hEKHB8E_pt7D0Wxq1R9X_vEczWPRU,3624274
+gam/__init__.py,sha256=g2mdigRmCIiRlX0-UKoDG3_xVSPZ9jTWCBvX2MXtXYA,3625606
 gam/__main__.py,sha256=VwEYS7a9vYQPbT6iLduMOoVUJ6p4R-HZgerZQmM1NpE,1307
 gam/cacerts.pem,sha256=DUsVo2XlFYwfkhe3gnxa-Km4Z4noz74hSApXwTT-nQE,44344
 gam/cbcm-v1.1beta1.json,sha256=xO5XloCQQULmPbFBx5bckdqmbLFQ7sJ2TImhE1ysDIY,19439
@@ -23,12 +23,12 @@ gam/atom/url.py,sha256=pxO1TlORxyKQTQ1bkBE1unFzjnv9c8LjJkm-UEORShY,4276
 gam/gamlib/__init__.py,sha256=z5mF-y0j8pm-YNFBaiuxB4M_GAUPG-cXWwrhYwrVReM,679
 gam/gamlib/glaction.py,sha256=1Il_HrChVnPkzZwiZs5au4mFQVtq4K1Z42uIuR6qdnI,9419
 gam/gamlib/glapi.py,sha256=g49VStWE64nCdrpNIMl60U06m98d3AGO8-vUDxgcBog,37048
-gam/gamlib/glcfg.py,sha256=jbcH7iIgknSYuSIzB0KEz7oQWjKpAUDDSS35gFY9eI8,28529
+gam/gamlib/glcfg.py,sha256=do_FR9m9m7Bmh2SgjLPk2pysU-wPHt7PlqPPjX90tpw,28684
 gam/gamlib/glclargs.py,sha256=LlTtwJJHqU48l7SQT4bcZCWlw3Y46g42Bn1ACGW8gIk,53307
 gam/gamlib/glentity.py,sha256=KWFomkoNE6lLE83zVqVIlJ2rkzfLkhEasW1M0TWGieA,35373
 gam/gamlib/glgapi.py,sha256=pdBbwNtnCwFWxJGaP-_3hdTjSNoOCJF2yo76WdQOi1k,40426
 gam/gamlib/glgdata.py,sha256=weRppttWm6uRyqtBoGPKoHiNZ2h28nhfUV4J_mbCszY,2707
-gam/gamlib/glglobals.py,sha256=oJfaLUQj46XqwrOzRfWhGqO0f1P26xjJZefaILJUFGE,9695
+gam/gamlib/glglobals.py,sha256=U1eCXHOkWAtwVXG8-0HL4ZzQP0YcbeFlhJxbOa_x1QI,9804
 gam/gamlib/glindent.py,sha256=RfBa2LDfLIqPLL5vMfC689TCVmqn8xf-qulSzkiatrc,1228
 gam/gamlib/glmsgs.py,sha256=ODq-KS3jhXH5DB5DEo6eCX1DHhy4OGv_jeQjiLVPOHM,34049
 gam/gamlib/glskus.py,sha256=29vlBLBJCL4u9GawCt3eNeZq9HQG3hGFZk9-EainNng,15384
@@ -47,8 +47,8 @@ gam/gdata/apps/audit/__init__.py,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrK
 gam/gdata/apps/audit/service.py,sha256=Z1eueThcNeVUMWP1DRWc_DGHrJCiJI8W_xj6L-cqu-Q,9658
 gam/gdata/apps/contacts/__init__.py,sha256=Um6zgIkiahZns7yAEuC3pxHSMD8iciZ_EoynSLoYPfU,30463
 gam/gdata/apps/contacts/service.py,sha256=5lNb-Ii1Gyek6ePFji3kyoYtCBc8CuJTwagx2BL2o14,15684
-gam7-7.25.0.dist-info/METADATA,sha256=5lZQJEOoo854RjAvSCT2Mp_RiCfJ484PXNa9oulJi_0,3092
-gam7-7.25.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-gam7-7.25.0.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
-gam7-7.25.0.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-gam7-7.25.0.dist-info/RECORD,,
+gam7-7.26.0.dist-info/METADATA,sha256=3oXqEu4CCb57Wjr8dvY1DHHG7-9ly_bvO80W5Zo6k8s,3093
+gam7-7.26.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+gam7-7.26.0.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
+gam7-7.26.0.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+gam7-7.26.0.dist-info/RECORD,,