I have a strange problem for about 2 weeks. My python script repeatedly (every 5 min) asking google directory api for gsuite users. A would like find users who has enable 2 factor auth (isEnrolledIn2Sv) Unfortunately when user turns on 2FA my script returns isEnrolledIn2Sv=True only several hours later.
When I asking it by gam ( https://github.com/jay0lee/GAM ) gets properly answer immediately.
What going on? Some kind of cache? Why google return to me not actual data for several hours? It is possible that my python library versions have bugs?
My python code:
from google.oauth2 import service_account
import googleapiclient.discovery
...
...
...
#inside class:
def run(self):
log("Start no2faMonitor ")
while (True):
log("checking no2fa list")
self.get_google_token()
self.ask_google_user()
log("Users in no2fa with 2-step verification: {}".format(len(self.users)))
for u in self.users:
self.send_notify(u)
time.sleep(274)
#---------------------------------------------------------------------------------
def get_google_token(self):
credentials = service_account.Credentials.from_service_account_file(config.ServiceAccountFile, scopes=config.GoogleScopes).with_subject(config.SubjectAccount)
self.directory = googleapiclient.discovery.build('admin', 'directory_v1', credentials=credentials)
#---------------------------------------------------------------------------------
def ask_google_user(self):
results = self.directory.users().list(customer="my_customer", query="orgUnitPath=/no2fa", maxResults=500).execute()
self.userdata = json.loads(json.dumps(results))
for element in self.userdata['users']:
log("user: {}, 2fa: {}".format(element['primaryEmail'], element['isEnrolledIn2Sv']))
...
...
...
element['isEnrolledIn2Sv'] contain "False" for users with turned on 2FA.
**pip3 list | grep google**
google 2.0.1
google-api-python-client 1.7.4
google-auth 1.5.1
google-auth-httplib2 0.0.3
Before about 2 weeks everythink worked OK, Good answers I recived after 5 min
Unfortunley my last answer is not true. I found right way to solve this issue.
After change metod form list() to get() all returned data is up to date.
list() should be used only to get user list, not it's parameters
results = self.directory.users().list(customer="my_customer", query="orgUnitPath=/no2fa", maxResults=500).execute()
unfortunley get() needs one requset per user.
getuser = self.directory.users().get(userKey=element['primaryEmail'], projection="full").execute()