Managing multiple domains as a reseller
427 views
Skip to first unread message
Duncan Isaksen-Loxton
May 13, 2021, 5:17:09 AM5/13/21
to GAM for Google Workspace
Hi Everyone,
I'm posting this as I had some help from Ross the other day and I wanted to document it for other resellers & partners.
My issue was having to type three odd commands and create projects for every client we work on. This resulted in a conversation (Thanks Ross) and a script + strategy to streamline this process.
Here is what we did:
1) In our reseller account we created a project, authorised it with all the scopes and made sure it worked.
2) Through the magic of BASH wrote this script (and credit to the person that did it first, we just expanded it, but I'm sorry I can't find the original one) https://gist.github.com/65/b5e9cee9b5812b487b8ae3e8256e262b
Simply now we run gamselect google.com
- This searches for the resoldcustomer in the gam.cfg, it is there, switches. If not looks for it, finds the customer_id and adds it to the gam.cfg then switches to it.
3) When we switch to a new resoldcustomer we then open their console, go to Security > API > Domain Wide delegation and add the SAME (the one from our reseller account) clientid and scopes manually to the client domain.
Somewhere in the Google universe the permissions from our reseller project get delegated into the client acocunt. Once this is done we can operate on the client account with the same project.
We have only one issue now.
If you run gam info resoldcustomer google.com (a domain you have no permission to) the error is unhandled which busts up the bash script. Ross - can we get this handled, then the bash script will be a bit more graceful!
Thanks
Ross Scroggs
May 13, 2021, 10:35:34 AM5/13/21
to google-ap...@googlegroups.com
Duncan,
I need to see the error generated by: gam info resoldcustomer google.com (a domain you have no permission to)
Ross
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/652bd7b5-85bc-4399-b387-a3f5950ef5e4n%40googlegroups.com.
Ross Scroggs
Dominik Kugelmann
May 13, 2021, 10:57:23 AM5/13/21
to GAM for Google Workspace
Ross:
Customer ID: C02h8e9nw
Customer Domain: google.com
Traceback (most recent call last):
File "__init__.py", line 54364, in ProcessGAMCommand
File "__init__.py", line 11531, in doInfoResoldCustomer
KeyError: 'customerDomainVerified'
Ross Scroggs
May 13, 2021, 11:09:34 AM5/13/21
to google-ap...@googlegroups.com
Duncan/Dominik,
Thanks, I'll fix it; The fix may be delayed because I'm having trouble with the build site.
Ross
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/9ce69e91-59ac-4ca2-879a-fd5153e11277n%40googlegroups.com.
Ross Scroggs
Ross Scroggs
May 15, 2021, 10:15:44 AM5/15/21
to google-ap...@googlegroups.com
Duncan,
If you run gam info resoldcustomer google.com (a domain you have no permission to) the error is unhandled which busts up the bash script. Ross - can we get this handled, then the bash script will be a bit more graceful!
Duncan Isaksen-Loxton
May 16, 2021, 10:12:44 PM5/16/21
to GAM for Google Workspace
Super thanks Ross!
The gamselect.sh has been updated accordingly here https://gist.github.com/65/b5e9cee9b5812b487b8ae3e8256e262b
Kim Nilsson
May 18, 2021, 11:36:44 AM5/18/21
to GAM for Google Workspace
Duncan, reading your gist...
Does this mean that if you make a typo when running gamselect, your script will try to set up a new customer using the value you entered after gamselect?
Duncan Isaksen-Loxton
May 18, 2021, 4:58:35 PM5/18/21
to google-ap...@googlegroups.com
It should fail gracefully because the typo will not match a customer in your reseller account.
The steps are
1) if it’s in the gam.cfg switch over
2) not in gam.cfg yet check it’s a validated domain you have in your customer list
3) if it is then add it gam.cfg and switch
On Wed, 19 May 2021 at 1:36 am, Kim Nilsson <there.is.no...@gmail.com> wrote:
Duncan, reading your gist...Does this mean that if you make a typo when running gamselect, your script will try to set up a new customer using the value you entered after gamselect?
--
You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/SUMXQ_8R1DE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/531f8189-a281-4fea-b8b6-72f5a65aac3fn%40googlegroups.com.
Kim Nilsson
May 18, 2021, 5:01:26 PM5/18/21
to Google Apps Manager
Ah, that sounds great.
Dominik Kugelmann
May 26, 2021, 2:57:50 PM5/26/21
to GAM for Google Workspace
Duncan,
I just downloaded your script and tried to run it.
However when running it I get the following error:
➜ gamselect-script sh gamselect.sh domain.com
gamselect.sh: 42: gamselect.sh: Syntax error: "(" unexpected (expecting "fi")
I assume it's a simple fix that I am not quite experienced enough with shell scripts to fix.
Best,
Dominik
On Tuesday, 18 May 2021 at 23:01:26 UTC+2 Kim Nilsson wrote:
Ah, that sounds great.
Duncan Isaksen-Loxton
May 27, 2021, 1:06:22 AM5/27/21
to GAM for Google Workspace
Hi Dominik
I've just updated with the latest version, it has color now too! Let me know if it works, I've only tested on ohmyszh mac, no other bash shells.
Dominik Kugelmann
May 27, 2021, 2:07:52 PM5/27/21
to GAM for Google Workspace
Not sure if I'm downloading the old version or not but the one that I downloaded (with 63 lines) gives me the exact same error :/
Oh and I am using oh-my-zsh on a debian vm, btw ;)
Duncan Isaksen-Loxton
Jun 1, 2021, 8:50:46 PM6/1/21
to GAM for Google Workspace
Hi Dominik
Are you trying to use it to add a domain that you are authorised to access, and you can see in your reseller panel?
I've tried this script a lot on CROSH on a Chromebook and on Mac and have not had any issues, so any more info you can give me would be helpful.
Cheers
Dominik Kugelmann (they/them)
Jun 2, 2021, 10:58:47 AM6/2/21
to google-ap...@googlegroups.com
Hi Duncan,
I simply tried to switch between existing accounts for now.
Its somewhat weird that I can't get it to work yet...
--
You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/SUMXQ_8R1DE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/3b4d39cd-6579-46d2-ac31-2b8a25ff327an%40googlegroups.com.
Duncan Isaksen-Loxton
Jun 14, 2021, 3:31:37 AM6/14/21
to GAM for Google Workspace
Turns out some of the commands used were not POSIX compatibale so after a call with Dominik some adjustments have been made and it should be more cross terminal compatible.
Cheers
Dominik Kugelmann (they/them)
Jun 14, 2021, 4:57:07 AM6/14/21
to google-ap...@googlegroups.com
Thank you Duncan for your time! It works great now! Love it!
Servus and Goodbye,
Servus and Goodbye,
Dominik
___
Dominik Kugelmann (they/them)
22d | Chief of Vision & Founder
Current time zone:
If it’s super urgent please don’t send a mail and call me 2x in a row!
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/d5bcd899-279a-4667-b975-f1aefda75c97n%40googlegroups.com.
Message has been deleted
Ross Scroggs
Jul 27, 2021, 3:59:53 PM7/27/21
to google-ap...@googlegroups.com
On Tue, Jul 27, 2021 at 12:10 PM Guido Walter Pettinari <guido.p...@idearia.it> wrote:
Thank you very much, Duncan! I managed to make it work fine on a MacOs Big Sur 👍
I only have one issue: when I issue user-specific commands like gam user info show sendas I get the following error:
- User: in...@example.com, Service not applicable/Does not exist
Here is a screenshot of the error > https://idearia.link/xSaX6kOn the other hand, non user-specific commands such as gam print aliases work fine.What am I doing wrong?Thanks!Guido
--via Tacito, 7 - 00193 Romatel 06 95944604 | fax 06 95944605Usi i social network? Contattaci su:
Ai sensi del D. Lgs. n. 196/2003 e successive modifiche/integrazioni le informazioni contenute in questo messaggio di posta elettronica sono riservate e per uso esclusivo del destinatario; qualsiasi pubblicazione, utilizzo o diffusione anche parziale dello stesso non può essere effettuata senza autorizzazione e potrebbe costituire un illecito penale. Qualora non siate tra i legittimi destinatari di questa e-mail Vi preghiamo cortesemente di cancellarla dal sistema dopo aver notificato al mittente, rispondendo alla comunicazione, l'errore da questi commesso.
Ricorda di proteggere l'ambiente: stampa questa mail solo se strettamente necessario!
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/b557a01f-e186-4a51-9fc1-aeda132ed091n%40googlegroups.com.
Ross Scroggs
Dominik Kugelmann (they/them)
Jul 27, 2021, 4:26:50 PM7/27/21
to google-ap...@googlegroups.com
Yes; you still need to supply the client ID to your customers admin console for these commands to work. So what Ross said ;)
On Tue, 27 Jul 2021 at 21:10, Guido Walter Pettinari <guido.p...@idearia.it> wrote:
Thank you very much, Duncan! I managed to make it work fine on a MacOs Big Sur 👍
I only have one issue: when I issue user-specific commands like gam user info show sendas I get the following error:
- User: in...@example.com, Service not applicable/Does not exist
Here is a screenshot of the error > https://idearia.link/xSaX6kOn the other hand, non user-specific commands such as gam print aliases work fine.What am I doing wrong?Thanks!Guido
Il giorno lunedì 14 giugno 2021 alle 09:31:37 UTC+2 Duncan Isaksen-Loxton ha scritto:
via Tacito, 7 - 00193 Romatel 06 95944604 | fax 06 95944605Usi i social network? Contattaci su:Ai sensi del D. Lgs. n. 196/2003 e successive modifiche/integrazioni le informazioni contenute in questo messaggio di posta elettronica sono riservate e per uso esclusivo del destinatario; qualsiasi pubblicazione, utilizzo o diffusione anche parziale dello stesso non può essere effettuata senza autorizzazione e potrebbe costituire un illecito penale. Qualora non siate tra i legittimi destinatari di questa e-mail Vi preghiamo cortesemente di cancellarla dal sistema dopo aver notificato al mittente, rispondendo alla comunicazione, l'errore da questi commesso.
Ricorda di proteggere l'ambiente: stampa questa mail solo se strettamente necessario!
--
You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/SUMXQ_8R1DE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/b557a01f-e186-4a51-9fc1-aeda132ed091n%40googlegroups.com.
Duncan Isaksen-Loxton
Jul 27, 2021, 6:05:58 PM7/27/21
to google-ap...@googlegroups.com
Take your client I’d and then scopes from your reseller account and add it to the Api domain wide delegation area of each client you work with - that will authorise you fir each of your clients then the check service account will work.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAPyiHiNNrun_YmA6ppADLAF5y4ct%3D8k%2B66WT-Jrzs-_ibtE0vQ%40mail.gmail.com.
|
Reply all
Reply to author
Forward
0 new messages