__BONUS__: `safire list all` will create both csv and xlsx files listing name/unique id/etc. for all projects, service accounts, shared drives, groups and group members for your account. Handy for use with other apps and scripts.
- Simple usage syntax: e.g. `safire list projects`
- Available main commands:
- list
- add / create
- remove / delete
- auth
- enable
- rename
- Most commands will tell you which subcommands are available by simply typing the main command with no flags. e.g. `safire list` or optionally `safire list -h` . Subcommands include:
- User configuration information such as project name/prefix, number of projects to create, service account prefix and so on are in the `config.py` file in the /safire/safire folder.
- Credential files and files created by safire are by default in the user home (~ in linux) directory under safire/creds, safire/data and safire/svcaccts. This location can be changed in config.py
- NOTE: Commands below are in the format `safire command subcommand` This assumes you pip install the script. You can run it directly without installing by navigating to /safire/safire and using `./safire.py command subcommand`
- Then go to https://console.cloud.google.com/apis/library. Ensure you choose your main project (dropdown at the top of the page), then enable the following APIs:
- You will use this JSON to create a token which allows you access to your account and gives you permission to create projects, service accounts, etc.
- Keep one copy of this JSON in a safe place, then put a copy named `creds.json` in the `~/safire/creds` folder [specified in your config.py file - you can change the location if you like]
Once you have this initial project created, all the APIs above enabled and have created/downloaded the credentials creds.json you are ready to use safire.
`Don't be afraid to play with the commands. You can fix almost anything by deleting and recreating components in a few minutes. [The exception being projects, which you should not delete as they go into a 30-day holding bin before being fully deleted, and count against your project quota.]`
- create auth token to enable safire to access your account: `safire auth all` will create two tokens, one to access projects/drives/etc and one to access groups
- add projects: `safire add projects 5` will add 5 projects using the prefix in your config.py file
List drives, projects, service accounts (SAs), SA json keys, groups and group members. In most cases a filter can be applied.
COMMANDS
COMMAND is one of the following:
all
List all drives, projects, service accounts, json keys, groups and group members. Also exports these lists with full data fields to csv and xlsx files in data_path folder
drives
List team/shared drives. Match 'filter'
groups
List groups in the authorized account. Match 'filter'
jsons
alias: jsons = keys. List service account jsons/keys in the svcaccts folder. Match 'filter'
keys
alias: jsons = keys. List service account jsons/keys in the svcaccts folder. Match 'filter'
members
List members in groups. Groups match 'filter'
projects
List projects. Match 'filter'
sas
List service accounts for projects. Projects match 'filter'
__add__
safire add
SYNOPSIS
safire add COMMAND
DESCRIPTION
Add projects, drives, service accounts(SAs), SA keys/jsons and group members
COMMANDS
COMMAND is one of the following:
apis
Enables apis for projects. 'drive' and 'iam' apis by default. Automatic when projects are created but can be run manually also.
drive
Create a team/shared drive. Usage: 'safire add drive some_name'
drives
Create team/shared drives. Usage: 'safire add teamdrive some_filename' containing a list of drive names
jsons
Create and download json/key files to svcaccts folder. Add to TDs and/or groups.
keys
Create and download json/key files to svcaccts folder. Add to TDs and/or groups.
members
'add members' requires two arguments. Both 'project_filter' and 'group_filter' can be either the full project/group name or a partial name which matches some projects/groups. You can add SA emails from multiple projects to multiple groups if you wish.
projects
Create projects in authorized account. Usage: 'safire add projects 1'. Uses defaults in config if none specified.
sas
Create N service accounts/SAs in projects which match 'filter'. Usage: 'safire add sas 5 xyz' will add 5 SAs to all projects containing 'xys' if fewer than 100 exist. Will not overwrite SAs.
user
Add user (typically group name) to a shared/team drive. Usage: 'safire add someTDid mygroup@domain.com'
__delete__
NAME
safire delete
SYNOPSIS
safire delete COMMAND
DESCRIPTION
Delete sas, jsons/keys, drives and group members. Note: 'remove' and 'delete' are equivalent commands
COMMANDS
COMMAND is one of the following:
drive
Delete a team/shared drive. Usage: 'safire add teamdrive unique ID'. USE CAREFULLY! Does not work with non-empty drives.
drives
Delete team/shared drives. Usage: 'safire add teamdrive some_filename' with unique IDs. USE CAREFULLY
jsons
Remove json keys from svcaccts path
members
Remove members from groups. Match 'filter'
sas
Usage: 'safire remove sas filter' where filter is a string to match the projects from which you want to delete service accounts. To remove all SAs for all projects use "" as your filter
user
Remove user (typically group name) from a shared/team drive. Usage: 'safire remove someTDid mygroup@domain.com'
__auth__
NAME
safire auth
SYNOPSIS
safire auth GROUP | COMMAND
DESCRIPTION
Authorize the app to access your projects, SAs, drives and groups. To generate creds.json go to https://developers.google.com/apps-script/api/quickstart/python , click Enable then download a json, rename it to creds.json and put a copy in the /creds folder
GROUPS
GROUP is one of the following:
scopes_all
scopes_group
scopes_proj
COMMANDS
COMMAND is one of the following:
all
Create an auth token for adding/removing group members
ask
check
groups
Create an auth token for adding/removing group members
projects
Create an auth token for accessing and changing projects, service accounts, json keys and drives
__enable__
NAME
safire enable
SYNOPSIS
safire enable COMMAND
DESCRIPTION
Add projects, drives, service accounts(SAs), SA keys/jsons and group members
COMMANDS
COMMAND is one of the following:
apis
Enables apis for projects. 'drive' and 'iam' apis by default. Automatic when projects are created but can be run manually also.
__rename__
NAME
safire rename
SYNOPSIS
safire rename COMMAND
DESCRIPTION
Rename json/key files to their email prefix, email numeric (omit prefix), uniqId or in a sequence. Usage: 'safire rename jsons email' [choice email, email_seq, uniq, seq] Renaming is repeatable. Can always delete and redownload keys if needed.
Many ideas, some bits of code and inspiration from spazzlo, fionera and generally from l3uddz, ncw and others - all of whose projects are excellent and some of them do some/all of what safire does. If I forgot to mention you here let me know.
