Setting G Suite user properties with App Script and the Admin SDK - google-apps-script

I'm trying to set a user's OU from an App Script inside App Maker.
(user is a variable with an email address)
function getUser(user) {
var x = AdminDirectory.Users.update(
{
orgUnitPath: "/",
userKey: user,
});
console.log("function ran");
}
This code errors with:
Exception: Invalid number of arguments provided. Expected 2-3 only at getUser (ServerScripts:107)
Invalid number of arguments provided. Expected 2-3 only
at getUser (ServerScripts:107)
at getUser (ClientHandoff:21:21)
at TestMoveOU.Panel1.Button1.onClick:1:1
What am I doing wrong here? Looking at the docs, you only need to provide the properties you're changing.

The Apps Script documentation says the following:
For detailed information on this service, see the reference documentation for the Admin SDK Directory API. Like all advanced services in Apps Script, the Admin SDK Directory service uses the same objects, methods, and parameters as the public API.
Therefore, we need to consult the documentation to get clarification on how to achieve this.
The method requires at least two parameters: that means that the the first parameter is a user object resource and the second parameter is the email address of the user: AdminDirectory.Users.update(resource, userKey). So you need to do this:
function getUser(user) {
var userResource = {
orgUnitPath: "/"
};
var updated = AdminDirectory.Users.update(userResource, user);
console.log(updated.primaryEmail);
}
So why do you need to specify the user email in the method when it is already being specified in the userResource object? Well, the email address in the userResource object would be the new value, in case you want to change the email address.
P.S. Perhaps you might wanna change the name of the function to something that is more of a match; updateUser() perhaps? I hope this helps!

Related

Why is doGet() failing without posting logs?

I suppose my question is twofold: doGet() in the following context will just fail after 0.1~0.2 seconds without posting logs, so I have no idea how to troubleshoot it by myself. Additionally, if I'm having the script execute on my behalf, do I have to push a request with my authorization token to a more "pertinent" area than just the sheet name, such as within the iteration itself? Read further for more details:
I have a source spreadsheet where I am cross-referencing user inputted data to validate the information we have "on file". Most of our clients are over the age of 55, so I am trying to reduce end-user complexity by having the script run on my behalf whenever they need to use it (to bypass the Authorization screen, with the big scary "This application could be unsafe!" message). The way I've read to accomplish this seems to be with doGet(), so I set up a low-level HTTP Get request that just pushes a doGet() with my OAuth token, returning the sheet name. I also set up a masking function specifically to do this, and linked it to the button originally used for the iteration logic. The doGet() looks like this:
const doGet = e => {
Logger.log(`Recieved HTTP request.`);
const content = ContentService.createTextOutput(iterator(e));
Logger.log(content);
return content;
}
and the button that uses UrlFetchApp looks like:
const runMask = () => {
const active = SpreadsheetApp.getActiveSheet().getSheetName();
const v4 = 'https://script.google.com/macros/s/<scriptid>/dev' // ScriptApp.getService().getUrl() posts 404
UrlFetchApp.fetch(`${v4}?sheetName='${active}'`, {
headers: { Authorization: `Bearer ${ScriptApp.getOAuthToken()}` },
});
I have some logs set up within the real runMask() that proceed all the way to the end of the program, giving me real URLs and OAuth tokens, so I know it's making it through runMask() without an issue. However, the doGet() log doesn't post anything, even at the top of the function. I can see that it's executing the trigger in my execution log, but the log itself remains empty.
I've tried:
using ScriptApp.getService().getUrl() in place of v4: posts 404 in the log w/ truncated server response
replacing ${active} with the name of the sheet: same issue; logging ${active} also returns the correct name of the sheet.
Beyond this, I'm not even sure what to do. I have everything scoped correctly (auth/spreadsheets.currentonly, auth/script.external_request, and auth/userinfo.email), and I have no issues about operational security (as both the spreadsheet and script are written by me, the clients have no need to grant access to their entire drive). Before trying to implement doGet() and bypass the authorization screen, the iterator itself worked just fine. As such, I have chosen not to include it here, as it's hardly relevant (the function that executes the iteration function never makes it to that point).
I understand this has been quite the deluge of information; I'd be happy to provide more information or context as needed.
Getting ReferenceError: iterator is not defined (line 12, file "ag2")
With this:
const doGet = e => {
Logger.log(`Recieved HTTP request.`);
const content = ContentService.createTextOutput(iterator(e));
Logger.log(content);
return content;
}
Issued with url/exec?option=A
It runs with
const doGet = e => {
Logger.log(`Recieved HTTP request.`);
const content = ContentService.createTextOutput(JSON.stringify(e));
Logger.log(content);
return content;
}
and returns the appropriate stringified object
Only use the test URL (/dev) for testing the web app from a web browser.
Before doGet from a web browser using a versioned deployment (/exec) remember to publish a new version.
Assign a Google Cloud Project to your Google Apps Script project. For details see https://developers.google.com/apps-script/guides/cloud-platform-projects.
To make it easier to debug your avoid calling functions from a Google Apps Script method like createTextOutput, instead, assign the function result to a variable and use it as the method parameter, i.e. replace
const content = ContentService.createTextOutput(iterator(e));
by
const something = iterator(e);
const content = ContentService.createTextOutput(something);
For debugging purposes, create a function to call your doGet function, and check that it hasn't any problem to run, i.e.
function __test__doGet(){
const e = {
parameter: {}
}
doGet(e);
}
Related
Exception handling in google apps script web apps
Issue:
When I saw your question, I'm worried about I have everything scoped correctly (auth/spreadsheets.currentonly, auth/script.external_request, and auth/userinfo.email).
If you are using only the following scopes at oauthScopes of appsscript.json,
https://www.googleapis.com/auth/spreadsheets.currentonly
https://www.googleapis.com/auth/script.external_request
https://www.googleapis.com/auth/userinfo.email
Unfortunately, these scopes cannot be used for access to Web Apps. Although I'm not sure about the method for running your function of runMask, I thought that this might be the reason for your issue.
Solution:
If you want to access Web Apps of https://script.google.com/macros/s/<scriptid>/dev using the access token retrieved by ScriptApp.getOAuthToken(), please include the following scope.
https://www.googleapis.com/auth/drive.readonly
or
https://www.googleapis.com/auth/drive
After you include the above scope, please reauthorize the scopes, and test it again. When your function of iterator has already been declared and the script worked, by running runMask, you can see the log of Logger.log(Recieved HTTP request.) and Logger.log(content) at the log.
Reference:
Taking advantage of Web Apps with Google Apps Script

How to get the metadata of Pub/Sub event in Spring Cloud function on Google Cloud Function

I have created a simple Google Cloud Function with Spring Cloud Function library to get triggered on the arrival of the Pub/Sub message. I followed the sample function-sample-gcp-background. Whenever a message is triggered to the Pub/Sub, it gets printed from the Cloud Function as expected.
But I wonder how can I get the metadata of the Pub/Sub message in the Cloud Functon. The Google Cloud Function documentation says that
This metadata is accessible via the context object that is passed to
your function when it is invoked.
How can I access this metadata (or the context object) in a Spring Cloud Function application?
UPDATE :- Version spring-cloud-function-adapter-gcp:3.1.2
UPDATE 2:- I raised an issue in github and got the issue resolved. Thanks to Spring Cloud Function team.
When you use background function, the PubSub message and context are extracted and provided in the PubSub message. If you have a look to the PubSub object here; you have the Published Time and the Message ID embedded in it. You only have to use them!
Got the issue resolved as per the advice from spring-cloud-function team. The Consumer function needs to accept the parameter of type Message<PubSubMessage> instead of PubSubMessage to get the Context object.
#Bean
public Consumer<Message<PubSubMessage>> pubSubFunction() {
return message -> {
// The PubSubMessage data field arrives as a base-64 encoded string and must be decoded.
// See: https://cloud.google.com/functions/docs/calling/pubsub#event_structure
PubSubMessage payload = message.getPayload();
String decodedMessage = new String(
Base64.getDecoder().decode(message.getPayload().getData()), StandardCharsets.UTF_8);
System.out.println("Hello!!! Received Pub/Sub message with data: " + decodedMessage);
// Print out timestamp and event id
Context ctx = message.getHeaders().get("gcf_context", Context.class);
System.out.println(ctx.eventId());
System.out.println(ctx.timestamp());
};
}
Ref :- github issue #695

Chromeosdevices deviceid vs serial number

The Chromeosdevices API relies on the deviceID parameter to find devices on the back end. That has caused a bunch of confusion and frustration on my end. Initially, I thought the deviceID was the serial # of the device. We typically do all searches for device on Google's Admin console using the serial #'s, so it just made sense. I realize now that the deviceID is not the serial #.
Is there a way, then, to translate serial # to deviceId? I'm thinking I may need to export out the entire directory in some table, and then do look ups using the serial # as the reference key. But, it would be nice to figure out a programmatic way to do it. I tried searching stack overflow to no avail.
Thanks,
Figured this out. What a headache. First, if you're developing an Apps Script, there is no need to access the Admin Directory API via UrlFetchApp and trying to get it to work with Oauth2 libraries. All you need is the direct API, which I wish was illustrated in Google's API document and API explorer. Instead, use Admin SDK directly. You can create a script file with a bunch of helper functions to call from your main script:
function getDeviceId(serialnum) {
var optionalArgs = {
projection: 'BASIC',
query: serialnum,};
var chromebook = (AdminDirectory.Chromeosdevices.list("my_customer", optionalArgs)) ;
var chromebookDevID = chromebook.chromeosdevices[0].deviceId;
return chromebookDevID ;
}
For example, you call this function, pass in the serial number, and it will return the chromebook's deviceId as such
var deviceId = getDeviceId('5CD81072C4');
From this, you can also have helper functions to enable / disable chromebooks:
function disableChromeBook(deviceId) {
AdminDirectory.Chromeosdevices.action({"action": "disable"}, "my_customer", deviceId) ;
}
function enableChromeBook(deviceId) {
AdminDirectory.Chromeosdevices.action({"action": "reenable"}, "my_customer", deviceId)
}
I found the Google API document to be really obtuse. I hope this helps someone else out. Took me awhile.

Different IP while making two requets throught UrlFetchApp in same script

Can we relly that while Google App Script is executed by a Time Trigger, and makes two subsequest request using UrlFetchApp, both are made by same server with the same IP?
I need to ensure it, because in one request I query for an Access token for a remote service and with another I'm using this Access token. The remote service that I'm quering checks if the Access token was requested by the client with the same IP as requests that use this Access Token.
EDIT
I examined the behavior by time-triggering some dumb scripts with just few consecutive UrlFetchApp requests in them and checked server logs. I had two clear observations:
IP may vary in consecutive calls within one trigger
There is clear rotation of the IPs, sometimes there is a group of 7 consecutive calls with the same IP, sometimes 6. But in general there are always groups.
Because I wanted to only use Google infrastructure for my script and occasional failure was not a problem, I came up with a ugly ugly but working solution:
function batchRequest(userLogin, userPassword, webapiKey, resource, attributes, values ){
var token = requestToken(userLogin, userPassword, webapiKey ); // requestToken method uses UrlFetchApp.fetch
var result = request(resource, token, attributes, values); // requestToken method uses UrlFetchApp.fetch with options.muteHttpExceptions set to true so that we can read the response code
var i = 0;
while (result.getResponseCode() == 500 && i < 10){
token = requestToken(userLogin, userPassword, webapiKey ); // requestToken method uses UrlFetchApp.fetch
result = request(resource, token, attributes, values);
i++;
}
return result;
}
So I simply try hard max 10 times and hope to hook up to have the two requests — one for token and another for some bussiness logic — done in a same ‘IP group’.
I put more detailed description here: https://medium.com/p/dd0746642d7
Within the same trigger call yes. From another trigger no. Based on experience nce but i havent seen this docummented.

Strange permission issue with getOwner method in Google Apps Script

When using this line of code in a Google Apps Script
var user = folders[n].getOwner().getEmail()
I get an error saying I am not authorized to perform such an action (your version may vary, I am translating from italian).
What gives? I am just retrieving an information, such as the owner of a folder.
When the script processes a folder I own, the error does not arise, the error arises when it encounters a folder not of mine. The matter is that this line of code is just for spotting folders which are not of mine, to avoid issuing method that would correctly rise an error, like setTrashed. The script looks for empty folders to delete them, but I cannot delete folders I am not the owner of of course. And yes I am into Google apps for business, does it make some difference?
There isn't any specifc warning about file.getOwner().getEmail(), but there is for Class Session.
In limited-privilege executions (such as in response to onOpen or
onEdit), we only return the identity of the active user if both the
user and the script owner are part of the same domain. This is to
protect the privacy of consumer users, who may not want their email
address exposed.
I have no problem with this in a consumer account.
The following function is an excerpt from a gist I posted for a previous question. It wraps the call to .getEmail() (or getUserLoginId() if you prefer) in a try ... catch block, so it avoids errors for users crossing Apps Domains.
function getFileInfo (file,fileType) {
var fileInfo = {
id: file.getId(),
name: file.getName(),
size: file.getSize(),
type: (fileType == "file") ? docTypeToText_(file.getFileType()) : "folder",
created: file.getDateCreated(),
description: file.getDescription(),
owner: file.getOwner()
}
try {
fileInfo.owner = file.getOwner().getEmail()//.getUserLoginId()
} catch(e)
{
// Possible permission problem
fileInfo.owner = "unknown";
}
return fileInfo;
}
UPDATE: Since this was first posted, something has changed. Now my consumer account encounters the aforementioned error when trying to access getOwner() for a file shared from another account. (March 3, 2013)