GAM version merge (kaa-boom)

src/gam/gamlib/__init__.py

@@ -0,0 +1,17 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.

src/gam/gamlib/glaction.py

@@ -0,0 +1,302 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM action processing
+
+"""
+
+class GamAction():
+
+# Keys into NAMES; arbitrary values but must be unique
+  ACCEPT = 'acpt'
+  ADD = 'add '
+  ADD_PREVIEW = 'addp'
+  APPEND = 'apnd'
+  APPROVE = 'aprv'
+  ARCHIVE = 'arch'
+  BACKUP = 'back'
+  BLOCK = 'blok'
+  CANCEL = 'canc'
+  CANCEL_WIPE = 'canw'
+  CHECK = 'chek'
+  CLAIM = 'clai'
+  CLAIM_OWNERSHIP = 'clow'
+  CLEAR = 'clea'
+  CLOSE = 'clos'
+  COLLECT = 'collect'
+  COMMENT = 'comment'
+  COPY = 'copy'
+  COPY_MERGE = 'copm'
+  CREATE = 'crea'
+  CREATE_PREVIEW = 'crep'
+  CREATE_SHORTCUT = 'crsc'
+  DEDUP = 'dedu'
+  DELETE = 'dele'
+  DELETE_EMPTY = 'delm'
+  DELETE_PREVIEW = 'delp'
+  DEPROVISION = 'depr'
+  DISABLE = 'disa'
+  DOWNLOAD = 'down'
+  DRAFT = 'draf'
+  EMPTY = 'empt'
+  ENABLE = 'enbl'
+  EXISTS = 'exis'
+  EXPORT = 'expo'
+  EXTRACT = 'extr'
+  GET_COMMAND_RESULT = 'gtcr'
+  FETCH = 'fetc'
+  FORWARD = 'forw'
+  HIDE = 'hide'
+  IMPORT = 'impo'
+  INFO = 'info'
+  INITIALIZE = 'init'
+  INSERT = 'insr'
+  INVALIDATE = 'inva'
+  ISSUE_COMMAND = 'isco'
+  LIST = 'list'
+  LOOKUP = 'look'
+  MERGE = 'merg'
+  MODIFY = 'modi'
+  MOVE = 'move'
+  MOVE_MERGE = 'movm'
+  NOACTION = 'noac'
+  NOACTION_PREVIEW = 'noap'
+  PERFORM = 'perf'
+  PRE_PROVISIONED_DISABLE ='ppdi'
+  PRE_PROVISIONED_REENABLE ='ppre'
+  PRINT = 'prin'
+  PROCESS = 'proc'
+  PROCESS_PREVIEW = 'prop'
+  PURGE = 'purg'
+  RECREATE = 'recr'
+  REENABLE = 'reen'
+  REFRESH = 'refr'
+  RELABEL = 'rela'
+  REMOVE = 'remo'
+  REMOVE_PREVIEW = 'remp'
+  RENAME = 'rena'
+  REOPEN = 'reop'
+  REPLACE = 'repl'
+  REPLACE_DOMAIN = 'repd'
+  REPORT = 'repo'
+  RESET_YUBIKEY_PIV = 'rpiv'
+  RESPOND = 'resp'
+  RESTORE = 'rest'
+  RESUBMIT = 'res'
+  RETAIN = 'reta'
+  RETRIEVE_DATA = 'retd'
+  REVOKE = 'revo'
+  SAVE = 'save'
+  SEND = 'send'
+  SENDEMAIL = 'snem'
+  SET = 'set '
+  SETUP = 'setu'
+  SHARE = 'shar'
+  SHOW = 'show'
+  SIGNOUT = 'siou'
+  SKIP = 'skip'
+  SPAM = 'spam'
+  SUBMIT = 'subm'
+  SUSPEND = 'susp'
+  SYNC = 'sync'
+  TRANSFER = 'tran'
+  TRANSFER_OWNERSHIP = 'trow'
+  TRASH = 'tras'
+  TURNOFF2SV = 'to2s'
+  UNDELETE = 'unde'
+  UNHIDE = 'unhi'
+  UNSUSPEND = 'unsu'
+  UNTRASH = 'untr'
+  UPDATE = 'upda'
+  UPDATE_MOVE = 'upmo'
+  UPDATE_OWNER = 'updo'
+  UPDATE_PREVIEW = 'updp'
+  UPLOAD = 'uplo'
+  UNZIP = 'unzi'
+  USE = 'use '
+  VERIFY = 'vrfy'
+  WAITFORMAILBOX = 'wamb'
+  WATCH = 'watc'
+  WIPE = 'wipe'
+  WIPE_PREVIEW = 'wipp'
+  # Usage:
+  # ACTION_NAMES[1] n Items - Delete 10 Users
+  # Item xxx ACTION_NAMES[0] - User xxx Deleted
+  # These values can be translated into other languages
+  _NAMES = {
+    ACCEPT: ['Accepted', 'Accept'],
+    ADD: ['Added', 'Add'],
+    ADD_PREVIEW: ['Added (Preview)', 'Add (Preview)'],
+    APPEND: ['Appended', 'Append'],
+    APPROVE: ['Approved', 'Approve'],
+    ARCHIVE: ['Archived', 'Archive'],
+    BACKUP: ['Backed up', 'Backup'],
+    BLOCK: ['Blocked', 'Block'],
+    CANCEL: ['Cancelled', 'Cancel'],
+    CANCEL_WIPE: ['Wipe Cancelled', 'Cancel Wipe'],
+    CHECK: ['Checked', 'Check'],
+    CLAIM: ['Claimed', 'Claim'],
+    CLAIM_OWNERSHIP: ['Ownership Claimed', 'Claim Ownership'],
+    CLEAR: ['Cleared', 'Clear'],
+    CLOSE: ['Closed', 'Close'],
+    COLLECT: ['Collected', 'Collect'],
+    COMMENT: ['Commented', 'Comment'],
+    COPY: ['Copied', 'Copy'],
+    COPY_MERGE: ['Copied(Merge)', 'Copy(Merge)'],
+    CREATE: ['Created', 'Create'],
+    CREATE_PREVIEW: ['Created (Preview)', 'Create (Preview)'],
+    CREATE_SHORTCUT: ['Created Shortcut', 'Create SHORTCUT'],
+    DEDUP: ['Duplicates Deleted', 'Delete Duplicates'],
+    DELETE: ['Deleted', 'Delete'],
+    DELETE_EMPTY: ['Deleted', 'Delete Empty'],
+    DELETE_PREVIEW: ['Deleted (Preview)', 'Delete (Preview)'],
+    DEPROVISION: ['Deprovisioned', 'Deprovision'],
+    DISABLE: ['Disabled', 'Disable'],
+    DOWNLOAD: ['Downloaded', 'Download'],
+    DRAFT: ['Drafted', 'Draft'],
+    EMPTY: ['Emptied', 'Empty'],
+    ENABLE: ['Enabled', 'Enable'],
+    EXISTS: ['Exists', 'Exists'],
+    EXPORT: ['Exported', 'Export'],
+    EXTRACT: ['Extracted', 'Extract'],
+    FORWARD: ['Forwarded', 'Forward'],
+    GET_COMMAND_RESULT: ['Got Command Result', 'Get Command Result'],
+    HIDE: ['Hidden', 'Hide'],
+    IMPORT: ['Imported', 'Import'],
+    INFO: ['Shown', 'Show Info'],
+    INITIALIZE: ['Initialized', 'Initialize'],
+    INSERT: ['Inserted', 'Insert'],
+    INVALIDATE: ['Invalidated', 'Invalidate'],
+    ISSUE_COMMAND: ['Command Issued', 'Issue Command'],
+    LIST: ['Listed', 'List'],
+    LOOKUP: ['Lookedup', 'Lookup'],
+    MERGE: ['Merged', 'Merge'],
+    MODIFY: ['Modified', 'Modify'],
+    MOVE: ['Moved', 'Move'],
+    MOVE_MERGE: ['Moved(Merge)', 'Move(Merge)'],
+    NOACTION: ['No Action', 'No Action'],
+    NOACTION_PREVIEW: ['No Action (Preview)', 'No Action (Preview)'],
+    PERFORM: ['Action Performed', 'Perform Action'],
+    PRE_PROVISIONED_DISABLE: ['PreProvisioned Disabled', 'PreProvisioned Disable'],
+    PRE_PROVISIONED_REENABLE: ['PreProvisioned Reenabled', 'PreProvisioned Reenable'],
+    PRINT: ['Printed', 'Print'],
+    PROCESS: ['Processed', 'Process'],
+    PROCESS_PREVIEW: ['Processed (Preview)', 'Process (Preview)'],
+    PURGE: ['Purged', 'Purge'],
+    RECREATE: ['Recreated', 'Recreate'],
+    REENABLE: ['Reenabled', 'Reenable'],
+    REFRESH: ['Refreshed', 'Refresh'],
+    RELABEL: ['Relabeled', 'Relabel'],
+    REMOVE: ['Removed', 'Remove'],
+    REMOVE_PREVIEW: ['Removed (Preview)', 'Remove (Preview)'],
+    RENAME: ['Renamed', 'Rename'],
+    REOPEN: ['Reopened', 'Reopen'],
+    REPLACE: ['Replaced', 'Replace'],
+    REPLACE_DOMAIN: ['Domain Replaced', 'Replace Domain'],
+    REPORT: ['Reported', 'Report'],
+    RESET_YUBIKEY_PIV: ['Yubikey PIV Reset', 'Reset Yubikey PIV'],
+    RESPOND: ['Responded', 'Respond'],
+    RESTORE: ['Restored', 'Restore'],
+    RESUBMIT: ['Resubmitted', 'Resubmit'],
+    RETAIN: ['Retained', 'Retain'],
+    RETRIEVE_DATA: ['Data Retrieved', 'Retrieve Data'],
+    REVOKE: ['Revoked', 'Revoke'],
+    SAVE: ['Saved', 'Save'],
+    SEND: ['Sent', 'Send'],
+    SENDEMAIL: ['Email Sent', 'Send Email'],
+    SET: ['Set', 'Set'],
+    SETUP: ['Set Up', 'Set Up'],
+    SHARE: ['Shared', 'Share'],
+    SHOW: ['Shown', 'Show'],
+    SIGNOUT: ['Signed Out', 'Signout'],
+    SKIP: ['Skipped', 'Skip'],
+    SPAM: ['Marked as Spam', 'Mark as Spam'],
+    SUBMIT: ['Submitted', 'Submit'],
+    SUSPEND: ['Suspended', 'Suspend'],
+    SYNC: ['Synced', 'Sync'],
+    TRANSFER: ['Transferred', 'Transfer'],
+    TRANSFER_OWNERSHIP: ['Ownership Transferred', 'Transfer Ownership'],
+    TRASH: ['Trashed', 'Trash'],
+    TURNOFF2SV: ['2-Step Verification Turned Off', 'Turn Off 2-Step Verification'],
+    UNDELETE: ['Undeleted', 'Undelete'],
+    UNHIDE: ['Unhidden', 'Unhide'],
+    UNSUSPEND: ['Unsuspended', 'Unsuspend'],
+    UNTRASH: ['Untrashed', 'Untrash'],
+    UNZIP: ['Unzipped', 'Unzip'],
+    UPDATE: ['Updated', 'Update'],
+    UPDATE_MOVE: ['Updated/Moved', 'Update/Move'],
+    UPDATE_OWNER: ['Updated to Owner', 'Update to Owner'],
+    UPDATE_PREVIEW: ['Updated (Preview)', 'Update (Preview)'],
+    UPLOAD: ['Uploaded', 'Upload'],
+    USE: ['Used', 'Use'],
+    VERIFY: ['Verified', 'Verify'],
+    WAITFORMAILBOX: ['Mailbox is Setup', 'Check Mailbox is Setup'],
+    WATCH: ['Watched', 'Watch'],
+    WIPE: ['Wiped', 'Wipe'],
+    WIPE_PREVIEW: ['Wiped (Preview)', 'Wipe (Preview)'],
+    }
+  #
+  MODIFIER_CONTENTS_WITH = 'contents with'
+  MODIFIER_FOR = 'for'
+  MODIFIER_FROM = 'from'
+  MODIFIER_IN = 'in'
+  MODIFIER_INTO = 'into'
+  MODIFIER_PREVIOUSLY_IN = 'previously in'
+  MODIFIER_TO = 'to'
+  MODIFIER_WITH_COTEACHER_OWNER = 'with co-teacher as owner'
+  MODIFIER_WITH_NEW_TEACHER_OWNER = 'with new teacher as owner'
+  MODIFIER_WITH_CURRENT_OWNER = 'with current owner'
+  MODIFIER_WITH = 'with'
+  MODIFIER_WITH_CONTENT_FROM = 'with content from'
+  PREFIX_NOT = 'Not'
+  PREVIEW = 'Preview'
+  SUCCESS = 'Success'
+  SUFFIX_FAILED = 'Failed'
+
+  def __init__(self):
+    self.action = None
+
+  def Set(self, action):
+    self.action = action
+
+  def Get(self):
+    return self.action
+
+  def ToPerform(self):
+    return self._NAMES[self.action][1]
+
+  def Performed(self):
+    return self._NAMES[self.action][0]
+
+  def Failed(self):
+    return f'{self._NAMES[self.action][1]} {self.SUFFIX_FAILED}'
+
+  def NotPerformed(self):
+    actionWords = self._NAMES[self.action][0].split(' ')
+    if len(actionWords) != 2:
+      return f'{self.PREFIX_NOT} {self._NAMES[self.action][0]}'
+    return f'{actionWords[0]} {self.PREFIX_NOT} {actionWords[1]}'
+
+  def PerformedName(self, action):
+    return self._NAMES[action][0]
+
+  def ToPerformName(self, action):
+    return self._NAMES[action][1]
+
+  def csvFormat(self):
+    return self.action == self.PRINT

src/gam/gamlib/glapi.py

@@ -0,0 +1,766 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""Google API resources
+
+"""
+# APIs
+ACCESSCONTEXTMANAGER = 'accesscontextmanager'
+ALERTCENTER = 'alertcenter'
+ANALYTICS = 'analytics'
+ANALYTICS_ADMIN = 'analyticsadmin'
+CALENDAR = 'calendar'
+CBCM = 'cbcm'
+CHAT = 'chat'
+CHAT_MEMBERSHIPS = 'chatmemberships'
+CHAT_MESSAGES = 'chatmessages'
+CHAT_SPACES = 'chatspaces'
+CHAT_SPACES_DELETE = 'chatspacesdelete'
+CHROMEMANAGEMENT = 'chromemanagement'
+CHROMEMANAGEMENT_TELEMETRY = 'chromemanagementtelemetry'
+CHROMEPOLICY = 'chromepolicy'
+CHROMEVERSIONHISTORY = 'versionhistory'
+CLASSROOM = 'classroom'
+CLOUDCHANNEL = 'cloudchannel'
+CLOUDIDENTITY_DEVICES = 'cloudidentitydevices'
+CLOUDIDENTITY_GROUPS = 'cloudidentitygroups'
+CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso'
+CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits'
+CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta'
+CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations'
+CLOUDRESOURCEMANAGER = 'cloudresourcemanager'
+CLOUDRESOURCEMANAGER_V1 = 'cloudresourcemanager1'
+CONTACTS = 'contacts'
+CONTACTDELEGATION = 'contactdelegation'
+DATASTUDIO = 'datastudio'
+DATATRANSFER = 'datatransfer'
+DIRECTORY = 'directory'
+DIRECTORY_BETA = 'directory_beta'
+DOCS = 'docs'
+DRIVE2 = 'drive2'
+DRIVE3 = 'drive3'
+DRIVETD = 'drivetd'
+DRIVEACTIVITY = 'driveactivity'
+DRIVELABELS = 'drivelabels'
+DRIVELABELS_ADMIN = 'drivelabelsadmin'
+DRIVELABELS_USER = 'drivelabelsuser'
+EMAIL_AUDIT = 'email-audit'
+FORMS = 'forms'
+GMAIL = 'gmail'
+GROUPSMIGRATION = 'groupsmigration'
+GROUPSSETTINGS = 'groupssettings'
+IAM = 'iam'
+IAM_CREDENTIALS = 'iamcredentials'
+IAP = 'iap'
+KEEP = 'keep'
+LICENSING = 'licensing'
+OAUTH2 = 'oauth2'
+PEOPLE = 'people'
+PEOPLE_DIRECTORY = 'peopledirectory'
+PEOPLE_OTHERCONTACTS = 'peopleothercontacts'
+PRINTERS = 'printers'
+PUBSUB = 'pubsub'
+REPORTS = 'reports'
+RESELLER = 'reseller'
+SERVICEMANAGEMENT = 'servicemanagement'
+SERVICEUSAGE = 'serviceusage'
+SHEETS = 'sheets'
+SHEETSTD = 'sheetstd'
+SITES = 'sites'
+SITEVERIFICATION = 'siteVerification'
+STORAGE = 'storage'
+STORAGEREAD = 'storageread'
+STORAGEWRITE = 'storagewrite'
+TASKS = 'tasks'
+VAULT = 'vault'
+#
+CHROMEVERSIONHISTORY_URL = 'https://versionhistory.googleapis.com/v1/chrome/platforms'
+DRIVE_SCOPE = 'https://www.googleapis.com/auth/drive'
+GMAIL_SEND_SCOPE = 'https://www.googleapis.com/auth/gmail.send'
+GOOGLE_OAUTH2_TOKEN_ENDPOINT = "https://oauth2.googleapis.com/token"
+CLOUD_PLATFORM_SCOPE = 'https://www.googleapis.com/auth/cloud-platform'
+IAM_SCOPE = 'https://www.googleapis.com/auth/iam'
+PEOPLE_SCOPE = 'https://www.googleapis.com/auth/contacts'
+STORAGE_READONLY_SCOPE = 'https://www.googleapis.com/auth/devstorage.read_only'
+STORAGE_READWRITE_SCOPE = 'https://www.googleapis.com/auth/devstorage.read_write'
+USERINFO_EMAIL_SCOPE = 'https://www.googleapis.com/auth/userinfo.email' # email
+USERINFO_PROFILE_SCOPE = 'https://www.googleapis.com/auth/userinfo.profile' # profile
+VAULT_SCOPES = ['https://www.googleapis.com/auth/ediscovery', 'https://www.googleapis.com/auth/ediscovery.readonly']
+REQUIRED_SCOPES = [USERINFO_EMAIL_SCOPE, USERINFO_PROFILE_SCOPE]
+REQUIRED_SCOPES_SET = set(REQUIRED_SCOPES)
+#
+JWT_APIS = {
+  ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
+  CHAT: ['https://www.googleapis.com/auth/chat.bot'],
+  CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE]
+  }
+#
+APIS_NEEDING_ACCESS_TOKEN = {
+  CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
+  }
+#
+REFRESH_PERM_ERRORS = [
+  'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
+  'invalid_grant: Token has been expired or revoked',
+  ]
+
+OAUTH2_TOKEN_ERRORS = [
+  'access_denied',
+  'access_denied: Requested client not authorized',
+  'access_denied: Account restricted',
+  'internal_failure: Backend Error',
+  'internal_failure: None',
+  'invalid_grant',
+  'invalid_grant: Bad Request',
+  'invalid_grant: Invalid email or User ID',
+  'invalid_grant: Not a valid email',
+  'invalid_grant: Invalid JWT: No valid verifier found for issuer',
+  'invalid_grant: reauth related error (invalid_rapt)',
+  'invalid_grant: The account has been deleted',
+  'invalid_request: Invalid impersonation prn email address'
+  ]
+OAUTH2_UNAUTHORIZED_ERRORS = [
+  'unauthorized_client: Client is unauthorized to retrieve access tokens using this method',
+  'unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested',
+  'unauthorized_client: Unauthorized client or scope in request',
+  ]
+
+PROJECT_APIS = [
+  'accesscontextmanager.googleapis.com',
+  'admin.googleapis.com',
+  'alertcenter.googleapis.com',
+  'analytics.googleapis.com',
+  'analyticsadmin.googleapis.com',
+  'audit.googleapis.com',
+  'calendar-json.googleapis.com',
+  'chat.googleapis.com',
+  'chromemanagement.googleapis.com',
+  'chromepolicy.googleapis.com',
+  'classroom.googleapis.com',
+  'cloudchannel.googleapis.com',
+  'cloudidentity.googleapis.com',
+  'cloudresourcemanager.googleapis.com',
+  'contacts.googleapis.com',
+  'datastudio.googleapis.com',
+  'docs.googleapis.com',
+  'drive.googleapis.com',
+  'driveactivity.googleapis.com',
+  'drivelabels.googleapis.com',
+  'forms.googleapis.com',
+  'gmail.googleapis.com',
+  'groupsmigration.googleapis.com',
+  'groupssettings.googleapis.com',
+  'iam.googleapis.com',
+  'iap.googleapis.com',
+  'keep.googleapis.com',
+  'licensing.googleapis.com',
+  'people.googleapis.com',
+  'pubsub.googleapis.com',
+  'reseller.googleapis.com',
+  'sheets.googleapis.com',
+  'siteverification.googleapis.com',
+  'storage-api.googleapis.com',
+  'tasks.googleapis.com',
+  'vault.googleapis.com',
+  ]
+
+_INFO = {
+  ACCESSCONTEXTMANAGER: {'name': 'Access Context Manager API', 'version': 'v1', 'v2discovery': True},
+  ALERTCENTER: {'name': 'AlertCenter API', 'version': 'v1beta1', 'v2discovery': True},
+  ANALYTICS: {'name': 'Analytics API', 'version': 'v3', 'v2discovery': False},
+  ANALYTICS_ADMIN: {'name': 'Analytics Admin API', 'version': 'v1beta', 'v2discovery': True},
+  CALENDAR: {'name': 'Calendar API', 'version': 'v3', 'v2discovery': True, 'mappedAPI': 'calendar-json'},
+  CBCM: {'name': 'Chrome Browser Cloud Management API', 'version': 'v1.1beta1', 'v2discovery': True, 'localjson': True},
+  CHAT: {'name': 'Chat API', 'version': 'v1', 'v2discovery': True},
+  CHAT_MEMBERSHIPS: {'name': 'Chat API - Memberships', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
+  CHAT_MESSAGES: {'name': 'Chat API - Messages', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
+  CHAT_SPACES: {'name': 'Chat API - Spaces', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
+  CHAT_SPACES_DELETE: {'name': 'Chat API - Spaces Delete', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
+  CLASSROOM: {'name': 'Classroom API', 'version': 'v1', 'v2discovery': True},
+  CHROMEMANAGEMENT: {'name': 'Chrome Management API', 'version': 'v1', 'v2discovery': True},
+  CHROMEMANAGEMENT_TELEMETRY: {'name': 'Chrome Management API - Telemetry', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHROMEMANAGEMENT},
+  CHROMEPOLICY: {'name': 'Chrome Policy API', 'version': 'v1', 'v2discovery': True},
+  CHROMEVERSIONHISTORY: {'name': 'Chrome Version History API', 'version': 'v1', 'v2discovery': True},
+  CLOUDCHANNEL: {'name': 'Channel Channel API', 'version': 'v1', 'v2discovery': True},
+  CLOUDIDENTITY_DEVICES: {'name': 'Cloud Identity Devices API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_GROUPS: {'name': 'Cloud Identity Groups API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity Inbound SSO API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_USERINVITATIONS: {'name': 'Cloud Identity User Invitations API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDRESOURCEMANAGER: {'name': 'Cloud Resource Manager API v3', 'version': 'v3', 'v2discovery': True},
+  CONTACTS: {'name': 'Contacts API', 'version': 'v3', 'v2discovery': False},
+  CONTACTDELEGATION: {'name': 'Contact Delegation API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
+  DATASTUDIO: {'name': 'Data Studio API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
+  DATATRANSFER: {'name': 'Data Transfer API', 'version': 'datatransfer_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
+  DIRECTORY: {'name': 'Directory API', 'version': 'directory_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
+  DIRECTORY_BETA: {'name': 'Directory API', 'version': 'directory_v1.1beta1', 'v2discovery': True, 'mappedAPI': 'admin', 'localjson': True},
+  DOCS: {'name': 'Docs API', 'version': 'v1', 'v2discovery': True},
+  DRIVE2: {'name': 'Drive API v2', 'version': 'v2', 'v2discovery': False, 'mappedAPI': 'drive'},
+  DRIVE3: {'name': 'Drive API v3', 'version': 'v3', 'v2discovery': False, 'mappedAPI': 'drive'},
+  DRIVETD: {'name': 'Drive API v3 - todrive', 'version': 'v3', 'v2discovery': False, 'mappedAPI': 'drive'},
+  DRIVEACTIVITY: {'name': 'Drive Activity API v2', 'version': 'v2', 'v2discovery': True},
+  DRIVELABELS_ADMIN: {'name': 'Drive Labels API v2beta - Admin', 'version': 'v2beta', 'v2discovery': True, 'mappedAPI': DRIVELABELS},
+  DRIVELABELS_USER: {'name': 'Drive Labels API v2beta - User', 'version': 'v2beta', 'v2discovery': True, 'mappedAPI': DRIVELABELS},
+  EMAIL_AUDIT: {'name': 'Email Audit API', 'version': 'v1', 'v2discovery': False},
+  FORMS: {'name': 'Forms API', 'version': 'v1', 'v2discovery': True},
+  GMAIL: {'name': 'Gmail API', 'version': 'v1', 'v2discovery': True},
+  GROUPSMIGRATION: {'name': 'Groups Migration API', 'version': 'v1', 'v2discovery': False},
+  GROUPSSETTINGS: {'name': 'Groups Settings API', 'version': 'v1', 'v2discovery': True},
+  IAM: {'name': 'Identity and Access Management API', 'version': 'v1', 'v2discovery': True},
+  IAM_CREDENTIALS: {'name': 'Identity and Access Management Credentials API', 'version': 'v1', 'v2discovery': True},
+  IAP: {'name': 'Cloud Identity-Aware Proxy API', 'version': 'v1', 'v2discovery': True},
+  KEEP: {'name': 'Keep API', 'version': 'v1', 'v2discovery': True},
+  LICENSING: {'name': 'License Manager API', 'version': 'v1', 'v2discovery': True},
+  OAUTH2: {'name': 'OAuth2 API', 'version': 'v2', 'v2discovery': False},
+  PEOPLE: {'name': 'People API', 'version': 'v1', 'v2discovery': True},
+  PEOPLE_DIRECTORY: {'name': 'People Directory API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': PEOPLE},
+  PEOPLE_OTHERCONTACTS: {'name': 'People  API - Other Contacts', 'version': 'v1', 'v2discovery': True, 'mappedAPI': PEOPLE},
+  PRINTERS: {'name': 'Directory API Printers', 'version': 'directory_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
+  PUBSUB: {'name': 'Pub / Sub API', 'version': 'v1', 'v2discovery': True},
+  REPORTS: {'name': 'Reports API', 'version': 'reports_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
+  RESELLER: {'name': 'Reseller API', 'version': 'v1', 'v2discovery': True},
+  SERVICEMANAGEMENT: {'name': 'Service Management API', 'version': 'v1', 'v2discovery': True},
+  SERVICEUSAGE: {'name': 'Service Usage API', 'version': 'v1', 'v2discovery': True},
+  SHEETS: {'name': 'Sheets API', 'version': 'v4', 'v2discovery': True},
+  SHEETSTD: {'name': 'Sheets API - todrive', 'version': 'v4', 'v2discovery': True, 'mappedAPI': SHEETS},
+  SITES: {'name': 'Sites API', 'version': 'v1', 'v2discovery': False},
+  SITEVERIFICATION: {'name': 'Site Verification API', 'version': 'v1', 'v2discovery': True},
+  STORAGE: {'name': 'Cloud Storage API', 'version': 'v1', 'v2discovery': True},
+  STORAGEREAD: {'name': 'Cloud Storage API - Read', 'version': 'v1', 'v2discovery': True, 'mappedAPI': STORAGE},
+  STORAGEWRITE: {'name': 'Cloud Storage API - Write', 'version': 'v1', 'v2discovery': True, 'mappedAPI': STORAGE},
+  TASKS: {'name': 'Tasks API', 'version': 'v1', 'v2discovery': True},
+  VAULT: {'name': 'Vault API', 'version': 'v1', 'v2discovery': True},
+  }
+
+READONLY = ['readonly',]
+
+_CLIENT_SCOPES = [
+  {'name': 'Calendar API',
+   'api': CALENDAR,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/calendar'},
+  {'name': 'Chrome Browser Cloud Management API',
+   'api': CBCM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.device.chromebrowsers'},
+  {'name': 'Chrome Management API - read only',
+   'api': CHROMEMANAGEMENT,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/chrome.management.reports.readonly'},
+  {'name': 'Chrome Management API - Telemetry read only',
+   'api': CHROMEMANAGEMENT_TELEMETRY,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/chrome.management.telemetry.readonly'},
+  {'name': 'Chrome Policy API',
+   'api': CHROMEPOLICY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/chrome.management.policy'},
+  {'name': 'Chrome Printer Management API',
+   'api': PRINTERS,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.chrome.printers'},
+  {'name': 'Chrome Version History API',
+   'api': CHROMEVERSIONHISTORY,
+   'subscopes': [],
+   'scope': ''},
+  {'name': 'Classroom API - Courses',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.courses'},
+  {'name': 'Classroom API - Course Announcements',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.announcements'},
+  {'name': 'Classroom API - Course Topics',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.topics'},
+  {'name': 'Classroom API - Course Work/Materials',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.courseworkmaterials'},
+  {'name': 'Classroom API - Course Work/Submissions',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.coursework.students'},
+  {'name': 'Classroom API - Student Guardians',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.guardianlinks.students'},
+  {'name': 'Classroom API - Profile Emails',
+   'api': CLASSROOM,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/classroom.profile.emails'},
+  {'name': 'Classroom API - Profile Photos',
+   'api': CLASSROOM,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/classroom.profile.photos'},
+  {'name': 'Classroom API - Rosters',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.rosters'},
+  {'name': 'Cloud Channel API',
+   'api': CLOUDCHANNEL,
+   'subscopes': READONLY,
+   'offByDefault': True,
+   'scope': 'https://www.googleapis.com/auth/apps.order'},
+  {'name': 'Cloud Identity Groups API',
+   'api': CLOUDIDENTITY_GROUPS,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
+  {'name': 'Cloud Identity - Inbound SSO Settings',
+   'api': CLOUDIDENTITY_INBOUND_SSO,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/cloud-identity.inboundsso'},
+  {'name': 'Cloud Identity OrgUnits API',
+   'api': CLOUDIDENTITY_ORGUNITS_BETA,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/cloud-identity.orgunits'},
+  {'name': 'Cloud Identity User Invitations API',
+   'api': CLOUDIDENTITY_USERINVITATIONS,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/cloud-identity.userinvitations'},
+  {'name': 'Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)',
+   'api': STORAGEREAD,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': STORAGE_READONLY_SCOPE},
+  {'name': 'Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)',
+   'api': STORAGEWRITE,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': STORAGE_READWRITE_SCOPE},
+  {'name': 'Contacts API - Domain Shared Contacts and GAL',
+   'api': CONTACTS,
+   'subscopes': [],
+   'scope': 'https://www.google.com/m8/feeds'},
+  {'name': 'Contact Delegation API',
+   'api': CONTACTDELEGATION,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.contact.delegation'},
+  {'name': 'Data Transfer API',
+   'api': DATATRANSFER,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.datatransfer'},
+  {'name': 'Directory API - Chrome OS Devices',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.device.chromeos'},
+  {'name': 'Directory API - Customers',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.customer'},
+  {'name': 'Directory API - Domains',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.domain'},
+  {'name': 'Directory API - Groups',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.group'},
+  {'name': 'Directory API - Mobile Devices Directory',
+   'api': DIRECTORY,
+   'subscopes': ['readonly', 'action'],
+   'scope': 'https://www.googleapis.com/auth/admin.directory.device.mobile'},
+  {'name': 'Directory API - Organizational Units',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.orgunit'},
+  {'name': 'Directory API - Resource Calendars',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.resource.calendar'},
+  {'name': 'Directory API - Roles',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.rolemanagement'},
+  {'name': 'Directory API - User Schemas',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.userschema'},
+  {'name': 'Directory API - User Security',
+   'api': DIRECTORY,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/admin.directory.user.security'},
+  {'name': 'Directory API - Users',
+   'api': DIRECTORY,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/admin.directory.user'},
+  {'name': 'Email Audit API',
+   'api': EMAIL_AUDIT,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': 'https://apps-apis.google.com/a/feeds/compliance/audit/'},
+  {'name': 'Groups Migration API',
+   'api': GROUPSMIGRATION,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/apps.groups.migration'},
+  {'name': 'Groups Settings API',
+   'api': GROUPSSETTINGS,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/apps.groups.settings'},
+  {'name': 'License Manager API',
+   'api': LICENSING,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/apps.licensing'},
+  {'name': 'People Directory API - read only',
+   'api': PEOPLE_DIRECTORY,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/directory.readonly'},
+  {'name': 'People API',
+   'api': PEOPLE,
+   'subscopes': READONLY,
+   'scope': PEOPLE_SCOPE},
+  {'name': 'Pub / Sub API',
+   'api': PUBSUB,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': 'https://www.googleapis.com/auth/pubsub'},
+  {'name': 'Reports API - Audit Reports',
+   'api': REPORTS,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/admin.reports.audit.readonly'},
+  {'name': 'Reports API - Usage Reports',
+   'api': REPORTS,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/admin.reports.usage.readonly'},
+  {'name': 'Reseller API',
+   'api': RESELLER,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': 'https://www.googleapis.com/auth/apps.order'},
+  {'name': 'Site Verification API',
+   'api': SITEVERIFICATION,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/siteverification'},
+  {'name': 'Sites API',
+   'api': SITES,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': 'https://sites.google.com/feeds'},
+  {'name': 'Vault API',
+   'api': VAULT,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/ediscovery'},
+  ]
+
+_TODRIVE_CLIENT_SCOPES = [
+  {'name': 'Drive API - todrive_clientaccess',
+   'api': DRIVE3,
+   'subscopes': [],
+   'scope': DRIVE_SCOPE},
+  {'name': 'Gmail API - todrive_clientaccess',
+   'api': GMAIL,
+   'subscopes': [],
+   'scope': GMAIL_SEND_SCOPE},
+  {'name': 'Sheets API - todrive_clientaccess',
+   'api': SHEETS,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/spreadsheets'},
+  ]
+
+OAUTH2SA_SCOPES = 'us_scopes'
+
+_SVCACCT_SCOPES = [
+  {'name': 'AlertCenter API',
+   'api': ALERTCENTER,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/apps.alerts'},
+  {'name': 'Analytics API - read only',
+   'api': ANALYTICS,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/analytics.readonly'},
+  {'name': 'Analytics Admin API - read only',
+   'api': ANALYTICS_ADMIN,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/analytics.readonly'},
+  {'name': 'Calendar API',
+   'api': CALENDAR,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/calendar'},
+  {'name': 'Chat API - Memberships',
+   'api': CHAT_MEMBERSHIPS,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/chat.memberships'},
+  {'name': 'Chat API - Messages',
+   'api': CHAT_MESSAGES,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/chat.messages'},
+  {'name': 'Chat API - Spaces',
+   'api': CHAT_SPACES,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/chat.spaces'},
+  {'name': 'Chat API - Spaces Delete',
+   'api': CHAT_SPACES_DELETE,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/chat.delete'},
+  {'name': 'Classroom API - Course Announcements',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.announcements'},
+  {'name': 'Classroom API - Course Topics',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.topics'},
+  {'name': 'Classroom API - Course Work/Materials',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.courseworkmaterials'},
+  {'name': 'Classroom API - Course Work/Submissions',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.coursework.students'},
+  {'name': 'Classroom API - Profile Emails',
+   'api': CLASSROOM,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/classroom.profile.emails'},
+  {'name': 'Classroom API - Rosters',
+   'api': CLASSROOM,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/classroom.rosters'},
+  {'name': 'Cloud Identity Devices API',
+   'api': CLOUDIDENTITY_DEVICES,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/cloud-identity'},
+#  {'name': 'Cloud Identity User Invitations API',
+#   'api': CLOUDIDENTITY_USERINVITATIONS,
+#   'subscopes': READONLY,
+#   'scope': 'https://www.googleapis.com/auth/cloud-identity'},
+#  {'name': 'Contacts API - Users',
+#   'api': CONTACTS,
+#   'subscopes': [],
+#   'scope': 'https://www.google.com/m8/feeds'},
+  {'name': 'Data Studio API',
+   'api': DATASTUDIO,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/datastudio'},
+  {'name': 'Drive API',
+   'api': DRIVE3,
+   'subscopes': READONLY,
+   'scope': DRIVE_SCOPE},
+  {'name': 'Drive Activity API v2 - must pair with Drive API',
+   'api': DRIVEACTIVITY,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/drive.activity'},
+  {'name': 'Drive Labels API v2beta - Admin',
+   'api': DRIVELABELS_ADMIN,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/drive.admin.labels'},
+  {'name': 'Drive Labels API v2beta - User',
+   'api': DRIVELABELS_USER,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/drive.labels'},
+  {'name': 'Docs API',
+   'api': DOCS,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/documents'},
+  {'name': 'Forms API',
+   'api': FORMS,
+   'subscopes': [],
+   'scope': DRIVE_SCOPE},
+  {'name': 'Gmail API - Full Access',
+   'api': GMAIL,
+   'subscopes': [],
+   'scope': 'https://mail.google.com/'},
+  {'name': 'Gmail API - Full Access except immediate delete',
+   'api': GMAIL,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/gmail.modify'},
+  {'name': 'Gmail API - Basic Settings',
+   'api': GMAIL,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/gmail.settings.basic'},
+  {'name': 'Gmail API - Settings Sharing (Aliases, Delegates, Forwarding)',
+   'api': GMAIL,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
+  {'name': 'Identity and Access Management API',
+   'api': IAM,
+   'subscopes': [],
+   'scope': CLOUD_PLATFORM_SCOPE},
+  {'name': 'Keep API',
+   'api': KEEP,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/keep'},
+  {'name': 'OAuth2 API',
+   'api': OAUTH2,
+   'subscopes': [],
+   'scope': USERINFO_PROFILE_SCOPE},
+  {'name': 'People API',
+   'api': PEOPLE,
+   'subscopes': READONLY,
+   'scope': PEOPLE_SCOPE},
+  {'name': 'People Directory API - read only',
+   'api': PEOPLE_DIRECTORY,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/directory.readonly'},
+  {'name': 'People API - Other Contacts - read only',
+   'api': PEOPLE_OTHERCONTACTS,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/contacts.other.readonly'},
+  {'name': 'Sheets API',
+   'api': SHEETS,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/spreadsheets'},
+  {'name': 'Sites API',
+   'api': SITES,
+   'subscopes': [],
+   'scope': 'https://sites.google.com/feeds'},
+  {'name': 'Tasks API',
+   'api': TASKS,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/tasks'},
+  ]
+
+_SVCACCT_SPECIAL_SCOPES = [
+  {'name': 'Cloud Resource Manager API v3',
+   'api': CLOUDRESOURCEMANAGER,
+   'subscopes': [],
+   'scope': CLOUD_PLATFORM_SCOPE},
+  {'name': 'Drive API - todrive',
+   'api': DRIVETD,
+   'subscopes': [],
+   'scope': DRIVE_SCOPE},
+  {'name': 'Gmail API - Full Access - read only',
+   'api': GMAIL,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/gmail.readonly'},
+  {'name': 'Gmail API - Send Messages - including todrive',
+   'api': GMAIL,
+   'subscopes': [],
+   'scope': GMAIL_SEND_SCOPE},
+  {'name': 'Sheets API - todrive',
+   'api': SHEETSTD,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/spreadsheets'},
+  ]
+
+_USER_SVCACCT_ONLY_SCOPES = [
+  {'name': 'Groups Migration API',
+   'api': GROUPSMIGRATION,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/apps.groups.migration'},
+  ]
+
+DRIVE3_TO_DRIVE2_ABOUT_FIELDS_MAP = {
+  'displayName': 'name',
+  'limit': 'quotaBytesTotal',
+  'usage': 'quotaBytesUsedAggregate',
+  'usageInDrive': 'quotaBytesUsed',
+  'usageInDriveTrash': 'quotaBytesUsedInTrash',
+  }
+
+DRIVE3_TO_DRIVE2_CAPABILITIES_FIELDS_MAP = {
+  'canComment': 'canComment',
+  'canReadRevisions': 'canReadRevisions',
+  'canCopy': 'copyable',
+  'canEdit': 'editable',
+  'canShare': 'shareable',
+  }
+
+DRIVE3_TO_DRIVE2_CAPABILITIES_NAMES_MAP = {
+  'canChangeViewersCanCopyContent': 'canChangeRestrictedDownload',
+  }
+
+DRIVE3_TO_DRIVE2_CAPABILITIES_TITLES_MAP = {
+  'capabilities.canComment': 'canComment',
+  'capabilities.canReadRevisions': 'canReadRevisions',
+  'capabilities.canCopy': 'copyable',
+  'capabilities.canEdit': 'editable',
+  'capabilities.canShare': 'shareable',
+  }
+
+DRIVE3_TO_DRIVE2_FILES_FIELDS_MAP = {
+  'allowFileDiscovery': 'withLink',
+  'createdTime': 'createdDate',
+  'expirationTime': 'expirationDate',
+  'modifiedByMe': 'modified',
+  'modifiedByMeTime': 'modifiedByMeDate',
+  'modifiedTime': 'modifiedDate',
+  'name': 'title',
+  'restrictionTime': 'restrictionDate',
+  'sharedWithMeTime': 'sharedWithMeDate',
+  'size': 'fileSize',
+  'trashedTime': 'trashedDate',
+  'viewedByMe': 'viewed',
+  'viewedByMeTime': 'lastViewedByMeDate',
+  'webViewLink': 'alternateLink',
+  }
+
+DRIVE3_TO_DRIVE2_LABELS_MAP = {
+  'modifiedByMe': 'modified',
+  'starred': 'starred',
+  'trashed': 'trashed',
+  'viewedByMe': 'viewed',
+  }
+
+DRIVE3_TO_DRIVE2_REVISIONS_FIELDS_MAP = {
+  'modifiedTime': 'modifiedDate',
+  'keepForever': 'pinned',
+  'size': 'fileSize',
+  }
+
+def getAPIName(api):
+  return _INFO[api]['name']
+
+def getVersion(api):
+  version = _INFO[api]['version']
+  v2discovery = _INFO[api]['v2discovery']
+  api = _INFO[api].get('mappedAPI', api)
+  return (api, version, v2discovery)
+
+def getClientScopesSet(api):
+  return {scope['scope'] for scope in _CLIENT_SCOPES if scope['api'] == api}
+
+def getClientScopesList(todriveClientAccess):
+  caScopes = _CLIENT_SCOPES[:]
+  if todriveClientAccess:
+    caScopes.extend(_TODRIVE_CLIENT_SCOPES)
+  return sorted(caScopes, key=lambda k: k['name'])
+
+def getClientScopesURLs(todriveClientAccess):
+  caScopes = _CLIENT_SCOPES[:]
+  if todriveClientAccess:
+    caScopes.extend(_TODRIVE_CLIENT_SCOPES)
+  return sorted({scope['scope'] for scope in _CLIENT_SCOPES})
+
+def getSvcAcctScopeAPI(uscope):
+  for scope in _SVCACCT_SCOPES:
+    if uscope == scope['scope'] or (uscope.endswith('.readonly') and 'readonly' in scope['subscopes']):
+      return scope['api']
+  return None
+
+def getSvcAcctScopes(userServiceAccountAccessOnly, svcAcctSpecialScopes):
+  saScopes = [scope['scope'] for scope in _SVCACCT_SCOPES]
+  if userServiceAccountAccessOnly:
+    saScopes.extend([scope['scope'] for scope in _USER_SVCACCT_ONLY_SCOPES])
+  if svcAcctSpecialScopes:
+    saScopes.extend([scope['scope'] for scope in _SVCACCT_SPECIAL_SCOPES])
+  return saScopes
+
+def getSvcAcctScopesList(userServiceAccountAccessOnly, svcAcctSpecialScopes):
+  saScopes = _SVCACCT_SCOPES[:]
+  if userServiceAccountAccessOnly:
+    saScopes.extend(_USER_SVCACCT_ONLY_SCOPES)
+  if svcAcctSpecialScopes:
+    saScopes.extend(_SVCACCT_SPECIAL_SCOPES)
+  return sorted(saScopes, key=lambda k: k['name'])
+
+def hasLocalJSON(api):
+  return _INFO[api].get('localjson', False)

src/gam/gamlib/glcfg.py

@@ -0,0 +1,536 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM gam.cfg variables
+
+"""
+
+import os
+
+TRUE = 'true'
+FALSE = 'false'
+DEFAULT_CHARSET = 'utf-8'
+MY_CUSTOMER = 'my_customer'
+NEVER = 'Never'
+TLS_CHOICE_MAP = {
+  '': '',
+  'tlsv1_2': 'TLSv1_2', 'tlsv1.2': 'TLSv1_2',
+  'tlsv1_3': 'TLSv1_3', 'tlsv1.3': 'TLSv1_3',
+  }
+
+FN_CACERTS_PEM = 'cacerts.pem'
+FN_CLIENT_SECRETS_JSON = 'client_secrets.json'
+FN_EXTRA_ARGS_TXT = 'extra-args.txt'
+FN_OAUTH2_TXT = 'oauth2.txt'
+FN_OAUTH2SERVICE_JSON = 'oauth2service.json'
+
+# Global variables defined in gam.cfg
+
+# The following XXX constants are the names of the items in gam.cfg
+# When retrieving lists of Google Drive activities from API, how many should be retrieved in each chunk
+ACTIVITY_MAX_RESULTS = 'activity_max_results'
+# Admin email address, required when enable_dasa is true, overrides oauth2.txt value otherwise
+ADMIN_EMAIL = 'admin_email'
+# Check if API calls rate exceeds limit
+API_CALLS_RATE_CHECK = 'api_calls_rate_check'
+# API calls per 100 seconds limit
+API_CALLS_RATE_LIMIT = 'api_calls_rate_limit'
+# Automatically generate gam batch command if number of users specified in gam users xxx command exceeds this number
+# Default: 0, do not automatically generate gam batch commands
+AUTO_BATCH_MIN = 'auto_batch_min'
+# When bailing on internal errors, how many total tries should be performed
+BAIL_ON_INTERNAL_ERROR_TRIES = 'bail_on_internal_error_tries'
+# When processing items in batches, how many should be processed in each batch
+BATCH_SIZE = 'batch_size'
+# Location of cacerts.pem for API calls
+CACERTS_PEM = 'cacerts_pem'
+# GAM cache directory
+CACHE_DIR = 'cache_dir'
+# GAM cache discovery only. If no_cache is False, only API discovery calls will be cached
+CACHE_DISCOVERY_ONLY = 'cache_discovery_only'
+# Channel custmerId from gam.cfg
+CHANNEL_CUSTOMER_ID = 'channel_customer_id'
+# Character set of batch, csv, data files
+CHARSET = 'charset'
+# When retrieving lists of Google Classroom items from API, how many should be retrieved in each chunk
+CLASSROOM_MAX_RESULTS = 'classroom_max_results'
+# Path to client_secrets.json
+CLIENT_SECRETS_JSON = 'client_secrets_json'
+# Allowed clock skew in seconds
+CLOCK_SKEW_IN_SECONDS = 'clock_skew_in_seconds'
+# Command logging filename
+CMDLOG = 'cmdlog'
+# Bogus Command logging maximum number of backup log files
+CMDLOG_MAX__BACKUPS = 'cmdlog_max__backups'
+# Command logging maximum number of backup log files
+CMDLOG_MAX_BACKUPS = 'cmdlog_max_backups'
+# Command logging max kilo bytes per log file
+CMDLOG_MAX_KILO_BYTES = 'cmdlog_max_kilo_bytes'
+# GAM config directory containing client_secrets.json, oauth2.txt, oauth2service.json, extra_args.txt
+CONFIG_DIR = 'config_dir'
+# When retrieving lists of Google Contacts from API, how many should be retrieved in each chunk
+CONTACT_MAX_RESULTS = 'contact_max_results'
+# Column delimiter in CSV input file
+CSV_INPUT_COLUMN_DELIMITER = 'csv_input_column_delimiter'
+# Quote character in CSV input file
+CSV_INPUT_QUOTE_CHAR = 'csv_input_quote_char'
+# Filter for input column values
+CSV_INPUT_ROW_FILTER = 'csv_input_row_filter'
+# Mode (and|or) for input column values
+CSV_INPUT_ROW_FILTER_MODE = 'csv_input_row_filter_mode'
+# Filter for input column drop values
+CSV_INPUT_ROW_DROP_FILTER = 'csv_input_row_drop_filter'
+# Mode (and|or) for input column drop values
+CSV_INPUT_ROW_DROP_FILTER_MODE = 'csv_input_row_drop_filter_mode'
+# Limit number of input rows
+CSV_INPUT_ROW_LIMIT = 'csv_input_row_limit'
+# Convert newlines in text fields to "\n" in CSV output file
+CSV_OUTPUT_CONVERT_CR_NL = 'csv_output_convert_cr_nl'
+# Column delimiter in CSV output file
+CSV_OUTPUT_COLUMN_DELIMITER = 'csv_output_column_delimiter'
+# Field list delimiter in CSV output file
+CSV_OUTPUT_FIELD_DELIMITER = 'csv_output_field_delimiter'
+# Filter for output column headers
+CSV_OUTPUT_HEADER_FILTER = 'csv_output_header_filter'
+# Filter for output column headers to drop
+CSV_OUTPUT_HEADER_DROP_FILTER = 'csv_output_header_drop_filter'
+# Force output column headers
+CSV_OUTPUT_HEADER_FORCE = 'csv_output_header_force'
+# Line terminator in CSV output file
+CSV_OUTPUT_LINE_TERMINATOR = 'csv_output_line_terminator'
+# Quote character in CSV output file
+CSV_OUTPUT_QUOTE_CHAR = 'csv_output_quote_char'
+# Filter for output column values
+CSV_OUTPUT_ROW_FILTER = 'csv_output_row_filter'
+# Mode (and|or) for output column values
+CSV_OUTPUT_ROW_FILTER_MODE = 'csv_output_row_filter_mode'
+# Filter for output column drop values
+CSV_OUTPUT_ROW_DROP_FILTER = 'csv_output_row_drop_filter'
+# Mode (and|or) for output column drop values
+CSV_OUTPUT_ROW_DROP_FILTER_MODE = 'csv_output_row_drop_filter_mode'
+# Limit number of output rows
+CSV_OUTPUT_ROW_LIMIT = 'csv_output_row_limit'
+# Column header subfield name delimiter in CSV output file
+CSV_OUTPUT_SUBFIELD_DELIMITER = 'csv_output_subfield_delimiter'
+# Add timestamp column to CSV output file
+CSV_OUTPUT_TIMESTAMP_COLUMN = 'csv_output_timestamp_column'
+# Output rows for users even if they do not have the print object (delegate, filters, ...)
+CSV_OUTPUT_USERS_AUDIT = 'csv_output_users_audit'
+# custmerId from gam.cfg or retrieved from Google
+CUSTOMER_ID = 'customer_id'
+# If debug_level > 0: extra_args['prettyPrint'] = True, httplib2.debuglevel = gam_debug_level, appsObj.debug = True
+DEBUG_LEVEL = 'debug_level'
+# When retrieving lists of ChromeOS devices from API, how many should be retrieved in each chunk
+DEVICE_MAX_RESULTS = 'device_max_results'
+# Domain obtained from gam.cfg or oauth2.txt
+DOMAIN = 'domain'
+# Google Drive download directory
+DRIVE_DIR = 'drive_dir'
+# When retrieving lists of Drive files/folders from API, how many should be retrieved in each chunk
+DRIVE_MAX_RESULTS = 'drive_max_results'
+# Use Drive V3 ntive names
+DRIVE_V3_NATIVE_NAMES = 'drive_v3_native_names'
+# When processing email messages in batches, how many should be processed in each batch
+EMAIL_BATCH_SIZE = 'email_batch_size'
+# Enable Delegated Admin Service Account
+ENABLE_DASA = 'enable_dasa'
+# When retrieving lists of calendar events from API, how many should be retrieved in each chunk
+EVENT_MAX_RESULTS = 'event_max_results'
+# Path to extra_args.txt
+EXTRA_ARGS = 'extra_args'
+# When processing items in batches, how many seconds should GAM wait between batches
+INTER_BATCH_WAIT = 'inter_batch_wait'
+# When retrieving lists of licenses from API, how many should be retrieved in each chunk
+LICENSE_MAX_RESULTS = 'license_max_results'
+# License SKUs to process
+LICENSE_SKUS = 'license_skus'
+# When retrieving lists of Google Group members from API, how many should be retrieved in each chunk
+MEMBER_MAX_RESULTS = 'member_max_results'
+# When deleting or modifying Gmail messages, how many should be processed in each batch
+MESSAGE_BATCH_SIZE = 'message_batch_size'
+# When retrieving lists of Gmail messages from API, how many should be retrieved in each chunk
+MESSAGE_MAX_RESULTS = 'message_max_results'
+# When retrieving lists of Mobile devices from API, how many should be retrieved in each chunk
+MOBILE_MAX_RESULTS = 'mobile_max_results'
+# Number of parallel multiprocess pool.apply_async calls; -1: no limit, 0: NUM_THREADS, >0: specific limit
+MULTIPROCESS_POOL_LIMIT = 'multiprocess_pool_limit'
+# Value to substitute for NEVER_TIME
+NEVER_TIME = 'never_time'
+# If no_browser is False, writeCSVfile won't open a browser when todrive is set
+# and doOAuthRequest prints a link and waits for the verification code when oauth2.txt is being created
+NO_BROWSER = 'no_browser'
+# Disable GAM API caching
+NO_CACHE = 'no_cache'
+# Do noit use URL shortner for authentication URLs
+NO_SHORT_URLS = 'no_short_urls'
+# Disable GAM update check
+NO_UPDATE_CHECK = 'no_update_check'
+# Disable SSL certificate validation
+NO_VERIFY_SSL = 'no_verify_ssl'
+# Number of threads for gam tbatch
+NUM_TBATCH_THREADS = 'num_tbatch_threads'
+# Number of threads for gam batch/csv
+NUM_THREADS = 'num_threads'
+# Path to oauth2.txt
+OAUTH2_TXT = 'oauth2_txt'
+# Path to oauth2service.json
+OAUTH2SERVICE_JSON = 'oauth2service_json'
+# When retrieving lists of people from API, how many should be retrieved in each chunk
+PEOPLE_MAX_RESULTS = 'people_max_results'
+# Use quick method to move Chromebooks to OU
+QUICK_CROS_MOVE = 'quick_cros_move'
+# Quick info user: nogroups nolicenses noschemas
+QUICK_INFO_USER = 'quick_info_user'
+# resellerId from gam.cfg or retrieved from Google
+RESELLER_ID = 'reseller_id'
+# Retry service not available errors on API calls
+RETRY_API_SERVICE_NOT_AVAILABLE = 'retry_api_service_not_available'
+# Default section to use for processing
+SECTION = 'section'
+# Show API calls retry data
+SHOW_API_CALLS_RETRY_DATA = 'show_api_calls_retry_data'
+# Show commands when processing batch/csv/loop
+SHOW_COMMANDS = 'show_commands'
+# Convert newlines in text fields to "\n" in show commands
+SHOW_CONVERT_CR_NL = 'show_convert_cr_nl'
+# Add (n/m) to end of messages if number of items to be processed exceeds this number
+SHOW_COUNTS_MIN = 'show_counts_min'
+# Enable/disable "Getting ... " messages
+SHOW_GETTINGS = 'show_gettings'
+# Enable/disable NL at end of "Got ..." messages
+SHOW_GETTINGS_GOT_NL = 'show_gettings_got_nl'
+# Enable/disable showing multiprocess info in redirected stdout/stderr
+SHOW_MULTIPROCESS_INFO = 'show_multiprocess_info'
+# SMTP fqdn
+SMTP_FQDN = 'smtp_fqdn'
+# SMTP host
+SMTP_HOST = 'smtp_host'
+# SMTP username
+SMTP_USERNAME = 'smtp_username'
+# SMTP password
+SMTP_PASSWORD = 'smtp_password'
+## Minimum TLS Version required for HTTPS connections
+TLS_MIN_VERSION = 'tls_min_version'
+## Maximum TLS Version used for HTTPS connections
+TLS_MAX_VERSION = 'tls_max_version'
+# Time Zone
+TIMEZONE = 'timezone'
+# Clear basic filter when updating an existing sheet
+TODRIVE_CLEARFILTER = 'todrive_clearfilter'
+# Use client access for todrive
+TODRIVE_CLIENTACCESS = 'todrive_clientaccess'
+# Enable conversion to Google Sheets when uploading todrive files
+TODRIVE_CONVERSION = 'todrive_conversion'
+# Save local copy of CSV file
+TODRIVE_LOCALCOPY = 'todrive_localcopy'
+# Specify locale for Google Sheets
+TODRIVE_LOCALE = 'todrive_locale'
+# Suppress opening browser on todrive upload
+TODRIVE_NOBROWSER = 'todrive_nobrowser'
+# Suppress sending email on todrive upload
+TODRIVE_NOEMAIL = 'todrive_noemail'
+# ID/Name of parent folder for todrive files
+TODRIVE_PARENT = 'todrive_parent'
+# Append timestamp to todrive sheet name
+TODRIVE_SHEET_TIMESTAMP = 'todrive_sheet_timestamp'
+# Sheet timestamp format, empty defalts to ISOFormat
+TODRIVE_SHEET_TIMEFORMAT = 'todrive_sheet_timeformat'
+# Append timestamp to todrive file name
+TODRIVE_TIMESTAMP = 'todrive_timestamp'
+# Timestamp format, empty defalts to ISOFormat
+TODRIVE_TIMEFORMAT = 'todrive_timeformat'
+# Specify timezone for Google Sheets
+TODRIVE_TIMEZONE = 'todrive_timezone'
+# Upload data files with no data
+TODRIVE_UPLOAD_NODATA = 'todrive_upload_nodata'
+# User for todrive files
+TODRIVE_USER = 'todrive_user'
+# Update CrOS org unit with orgUnitId
+UPDATE_CROS_OU_WITH_ID = 'update_cros_ou_with_id'
+# Use Project ID as Project Name and App Name
+USE_PROJECTID_AS_NAME = 'use_projectid_as_name'
+# When retrieving lists of Users from API, how many should be retrieved in each chunk
+USER_MAX_RESULTS = 'user_max_results'
+# User service account access only, no client access
+USER_SERVICE_ACCOUNT_ACCESS_ONLY = 'user_service_account_access_only'
+
+CSV_INPUT_ROW_FILTER_ITEMS = {CSV_INPUT_ROW_FILTER, CSV_INPUT_ROW_FILTER_MODE,
+                              CSV_INPUT_ROW_DROP_FILTER, CSV_INPUT_ROW_DROP_FILTER_MODE,
+                              CSV_INPUT_ROW_LIMIT}
+
+CSV_OUTPUT_ROW_FILTER_ITEMS = {CSV_OUTPUT_HEADER_FILTER, CSV_OUTPUT_HEADER_DROP_FILTER, CSV_OUTPUT_HEADER_FORCE,
+                               CSV_OUTPUT_ROW_FILTER, CSV_OUTPUT_ROW_FILTER_MODE,
+                               CSV_OUTPUT_ROW_DROP_FILTER, CSV_OUTPUT_ROW_DROP_FILTER_MODE,
+                               CSV_OUTPUT_ROW_LIMIT}
+
+Defaults = {
+  ACTIVITY_MAX_RESULTS: '100',
+  ADMIN_EMAIL: '',
+  API_CALLS_RATE_CHECK: FALSE,
+  API_CALLS_RATE_LIMIT: '100',
+  AUTO_BATCH_MIN: '0',
+  BAIL_ON_INTERNAL_ERROR_TRIES: '2',
+  BATCH_SIZE: '50',
+  CACERTS_PEM: '',
+  CACHE_DIR: '',
+  CACHE_DISCOVERY_ONLY: TRUE,
+  CHARSET: DEFAULT_CHARSET,
+  CHANNEL_CUSTOMER_ID: '',
+  CLASSROOM_MAX_RESULTS: '0',
+  CLIENT_SECRETS_JSON: FN_CLIENT_SECRETS_JSON,
+  CLOCK_SKEW_IN_SECONDS: '10',
+  CMDLOG: '',
+  CMDLOG_MAX_BACKUPS: 5,
+  CMDLOG_MAX_KILO_BYTES: 1000,
+  CONFIG_DIR: '',
+  CONTACT_MAX_RESULTS: '100',
+  CSV_INPUT_COLUMN_DELIMITER: ',',
+  CSV_INPUT_QUOTE_CHAR: '\'"\'',
+  CSV_INPUT_ROW_FILTER: '',
+  CSV_INPUT_ROW_FILTER_MODE: 'allmatch',
+  CSV_INPUT_ROW_DROP_FILTER: '',
+  CSV_INPUT_ROW_DROP_FILTER_MODE: 'anymatch',
+  CSV_INPUT_ROW_LIMIT: '0',
+  CSV_OUTPUT_COLUMN_DELIMITER: ',',
+  CSV_OUTPUT_CONVERT_CR_NL: FALSE,
+  CSV_OUTPUT_FIELD_DELIMITER: "' '",
+  CSV_OUTPUT_HEADER_FILTER: '',
+  CSV_OUTPUT_HEADER_DROP_FILTER: '',
+  CSV_OUTPUT_HEADER_FORCE: '',
+  CSV_OUTPUT_LINE_TERMINATOR: 'lf',
+  CSV_OUTPUT_QUOTE_CHAR: '\'"\'',
+  CSV_OUTPUT_ROW_FILTER: '',
+  CSV_OUTPUT_ROW_FILTER_MODE: 'allmatch',
+  CSV_OUTPUT_ROW_DROP_FILTER: '',
+  CSV_OUTPUT_ROW_DROP_FILTER_MODE: 'anymatch',
+  CSV_OUTPUT_ROW_LIMIT: '0',
+  CSV_OUTPUT_SUBFIELD_DELIMITER: '.',
+  CSV_OUTPUT_TIMESTAMP_COLUMN: '',
+  CSV_OUTPUT_USERS_AUDIT: FALSE,
+  CUSTOMER_ID: MY_CUSTOMER,
+  DEBUG_LEVEL: '0',
+  DEVICE_MAX_RESULTS: '200',
+  DOMAIN: '',
+  DRIVE_DIR: '',
+  DRIVE_MAX_RESULTS: '1000',
+  DRIVE_V3_NATIVE_NAMES: TRUE,
+  EMAIL_BATCH_SIZE: '50',
+  ENABLE_DASA: FALSE,
+  EVENT_MAX_RESULTS: '250',
+  EXTRA_ARGS: '',
+  INTER_BATCH_WAIT: '0',
+  LICENSE_MAX_RESULTS: '100',
+  LICENSE_SKUS: '',
+  MEMBER_MAX_RESULTS: '200',
+  MESSAGE_BATCH_SIZE: '50',
+  MESSAGE_MAX_RESULTS: '500',
+  MOBILE_MAX_RESULTS: '100',
+  MULTIPROCESS_POOL_LIMIT: '0',
+  NEVER_TIME: NEVER,
+  NO_BROWSER: FALSE,
+  NO_CACHE: FALSE,
+  NO_SHORT_URLS: TRUE,
+  NO_UPDATE_CHECK: TRUE,
+  NO_VERIFY_SSL: FALSE,
+  NUM_TBATCH_THREADS: '2',
+  NUM_THREADS: '5',
+  OAUTH2_TXT: FN_OAUTH2_TXT,
+  OAUTH2SERVICE_JSON: FN_OAUTH2SERVICE_JSON,
+  PEOPLE_MAX_RESULTS: '100',
+  QUICK_CROS_MOVE: FALSE,
+  QUICK_INFO_USER: FALSE,
+  RESELLER_ID: '',
+  RETRY_API_SERVICE_NOT_AVAILABLE: FALSE,
+  SECTION: '',
+  SHOW_API_CALLS_RETRY_DATA: FALSE,
+  SHOW_COMMANDS: FALSE,
+  SHOW_CONVERT_CR_NL: FALSE,
+  SHOW_COUNTS_MIN: '1',
+  SHOW_GETTINGS: TRUE,
+  SHOW_GETTINGS_GOT_NL: FALSE,
+  SHOW_MULTIPROCESS_INFO: FALSE,
+  SMTP_FQDN: '',
+  SMTP_HOST: '',
+  SMTP_USERNAME: '',
+  SMTP_PASSWORD: '',
+  TLS_MIN_VERSION: 'TLSv1_3',
+  TLS_MAX_VERSION: '',
+  TIMEZONE: 'utc',
+  TODRIVE_CLEARFILTER: FALSE,
+  TODRIVE_CLIENTACCESS: FALSE,
+  TODRIVE_CONVERSION: TRUE,
+  TODRIVE_LOCALCOPY: FALSE,
+  TODRIVE_LOCALE: '',
+  TODRIVE_NOBROWSER: '',
+  TODRIVE_NOEMAIL: '',
+  TODRIVE_PARENT: 'root',
+  TODRIVE_SHEET_TIMESTAMP: 'copy', # copy from TODRIVE_TIMESTAMP
+  TODRIVE_SHEET_TIMEFORMAT: 'copy', # copy from TODRIVE_TIMEFORMAT
+  TODRIVE_TIMESTAMP: FALSE,
+  TODRIVE_TIMEFORMAT: '',
+  TODRIVE_TIMEZONE: '',
+  TODRIVE_UPLOAD_NODATA: TRUE,
+  TODRIVE_USER: '',
+  UPDATE_CROS_OU_WITH_ID: FALSE,
+  USE_PROJECTID_AS_NAME: FALSE,
+  USER_MAX_RESULTS: '500',
+  USER_SERVICE_ACCOUNT_ACCESS_ONLY: FALSE,
+  }
+
+Values = {DEBUG_LEVEL: 0}
+
+TYPE_BOOLEAN = 'bool'
+TYPE_CHARACTER = 'char'
+TYPE_CHOICE = 'choi'
+TYPE_DATETIME = 'datm'
+TYPE_DIRECTORY = 'dire'
+TYPE_EMAIL = 'emai'
+TYPE_EMAIL_OPTIONAL = 'emao'
+TYPE_FILE = 'file'
+TYPE_FLOAT = 'floa'
+TYPE_HEADERFILTER = 'heaf'
+TYPE_HEADERFORCE = 'hefo'
+TYPE_INTEGER = 'inte'
+TYPE_LANGUAGE = 'lang'
+TYPE_LOCALE = 'locl'
+TYPE_PASSWORD = 'pass'
+TYPE_ROWFILTER = 'rowf'
+TYPE_STRING = 'stri'
+TYPE_TIMEZONE = 'tmzn'
+
+VAR_TYPE = 'type'
+VAR_ENVVAR = 'enva'
+VAR_CHOICES = 'chod'
+VAR_LIMITS = 'lmit'
+VAR_SFFT = 'sfft'
+VAR_SIGFILE = 'sigf'
+VAR_ACCESS = 'aces'
+
+VAR_INFO = {
+  ACTIVITY_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 500)},
+  ADMIN_EMAIL: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_ADMIN_EMAIL', VAR_LIMITS: (0, None)},
+  API_CALLS_RATE_CHECK: {VAR_TYPE: TYPE_BOOLEAN},
+  API_CALLS_RATE_LIMIT: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (50, None)},
+  AUTO_BATCH_MIN: {VAR_TYPE: TYPE_INTEGER, VAR_ENVVAR: 'GAM_AUTOBATCH', VAR_LIMITS: (0, 100)},
+  BAIL_ON_INTERNAL_ERROR_TRIES: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 10)},
+  BATCH_SIZE: {VAR_TYPE: TYPE_INTEGER, VAR_ENVVAR: 'GAM_BATCH_SIZE', VAR_LIMITS: (1, 1000)},
+  CACERTS_PEM: {VAR_TYPE: TYPE_FILE, VAR_ENVVAR: 'GAM_CA_FILE', VAR_ACCESS: os.R_OK},
+  CACHE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMCACHEDIR'},
+  CACHE_DISCOVERY_ONLY: {VAR_TYPE: TYPE_BOOLEAN, VAR_SIGFILE: 'allcache.txt', VAR_SFFT: (TRUE, FALSE)},
+  CHARSET: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GAM_CHARSET', VAR_LIMITS: (1, None)},
+  CHANNEL_CUSTOMER_ID: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  CLASSROOM_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (0, 1000)},
+  CLIENT_SECRETS_JSON: {VAR_TYPE: TYPE_FILE, VAR_ENVVAR: 'CLIENTSECRETS', VAR_ACCESS: os.R_OK},
+  CLOCK_SKEW_IN_SECONDS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (10, 3600)},
+  CMDLOG: {VAR_TYPE: TYPE_FILE, VAR_ACCESS: os.W_OK},
+  CMDLOG_MAX_BACKUPS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 10)},
+  CMDLOG_MAX_KILO_BYTES: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (100, 10000)},
+  CONFIG_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMUSERCONFIGDIR'},
+  CONTACT_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 10000)},
+  CSV_INPUT_COLUMN_DELIMITER: {VAR_TYPE: TYPE_CHARACTER},
+  CSV_INPUT_QUOTE_CHAR: {VAR_TYPE: TYPE_CHARACTER},
+  CSV_INPUT_ROW_FILTER: {VAR_TYPE: TYPE_ROWFILTER},
+  CSV_INPUT_ROW_FILTER_MODE: {VAR_TYPE: TYPE_CHOICE, VAR_CHOICES: {'allmatch': True, 'anymatch': False}},
+  CSV_INPUT_ROW_DROP_FILTER: {VAR_TYPE: TYPE_ROWFILTER},
+  CSV_INPUT_ROW_DROP_FILTER_MODE: {VAR_TYPE: TYPE_CHOICE, VAR_CHOICES: {'allmatch': True, 'anymatch': False}},
+  CSV_INPUT_ROW_LIMIT: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (0, None)},
+  CSV_OUTPUT_COLUMN_DELIMITER: {VAR_TYPE: TYPE_CHARACTER},
+  CSV_OUTPUT_CONVERT_CR_NL: {VAR_TYPE: TYPE_BOOLEAN},
+  CSV_OUTPUT_FIELD_DELIMITER: {VAR_TYPE: TYPE_CHARACTER},
+  CSV_OUTPUT_HEADER_FILTER: {VAR_TYPE: TYPE_HEADERFILTER},
+  CSV_OUTPUT_HEADER_DROP_FILTER: {VAR_TYPE: TYPE_HEADERFILTER},
+  CSV_OUTPUT_HEADER_FORCE: {VAR_TYPE: TYPE_HEADERFORCE},
+  CSV_OUTPUT_LINE_TERMINATOR: {VAR_TYPE: TYPE_CHOICE, VAR_CHOICES: {'cr': '\r', 'lf': '\n', 'crlf': '\r\n'}},
+  CSV_OUTPUT_QUOTE_CHAR: {VAR_TYPE: TYPE_CHARACTER},
+  CSV_OUTPUT_ROW_FILTER: {VAR_TYPE: TYPE_ROWFILTER},
+  CSV_OUTPUT_ROW_FILTER_MODE: {VAR_TYPE: TYPE_CHOICE, VAR_CHOICES: {'allmatch': True, 'anymatch': False}},
+  CSV_OUTPUT_ROW_DROP_FILTER: {VAR_TYPE: TYPE_ROWFILTER},
+  CSV_OUTPUT_ROW_DROP_FILTER_MODE: {VAR_TYPE: TYPE_CHOICE, VAR_CHOICES: {'allmatch': True, 'anymatch': False}},
+  CSV_OUTPUT_ROW_LIMIT: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (0, None)},
+  CSV_OUTPUT_SUBFIELD_DELIMITER: {VAR_TYPE: TYPE_CHARACTER},
+  CSV_OUTPUT_TIMESTAMP_COLUMN: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  CSV_OUTPUT_USERS_AUDIT: {VAR_TYPE: TYPE_BOOLEAN},
+  CUSTOMER_ID: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'CUSTOMER_ID', VAR_LIMITS: (0, None)},
+  DEBUG_LEVEL: {VAR_TYPE: TYPE_INTEGER, VAR_SIGFILE: 'debug.gam', VAR_LIMITS: (0, None), VAR_SFFT: ('0', '4')},
+  DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
+  DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
+  DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
+  DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
+  DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},
+  EMAIL_BATCH_SIZE: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 100)},
+  ENABLE_DASA: {VAR_TYPE: TYPE_BOOLEAN, VAR_SIGFILE: 'enabledasa.txt', VAR_SFFT: (FALSE, TRUE)},
+  EVENT_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 2500)},
+  EXTRA_ARGS: {VAR_TYPE: TYPE_FILE, VAR_SIGFILE: FN_EXTRA_ARGS_TXT, VAR_SFFT: ('', FN_EXTRA_ARGS_TXT), VAR_ACCESS: os.R_OK},
+  INTER_BATCH_WAIT: {VAR_TYPE: TYPE_FLOAT, VAR_LIMITS: (0.0, 60.0)},
+  LICENSE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (10, 1000)},
+  LICENSE_SKUS: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  MEMBER_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
+  MESSAGE_BATCH_SIZE: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
+  MESSAGE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 10000)},
+  MOBILE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 100)},
+  MULTIPROCESS_POOL_LIMIT: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (-1, None)},
+  NEVER_TIME: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  NO_BROWSER: {VAR_TYPE: TYPE_BOOLEAN, VAR_SIGFILE: 'nobrowser.txt', VAR_SFFT: (FALSE, TRUE)},
+  NO_CACHE: {VAR_TYPE: TYPE_BOOLEAN, VAR_SIGFILE: 'nocache.txt', VAR_SFFT: (FALSE, TRUE)},
+  NO_SHORT_URLS: {VAR_TYPE: TYPE_BOOLEAN, VAR_SIGFILE: 'noshorturls.txt', VAR_SFFT: (FALSE, TRUE)},
+  NO_UPDATE_CHECK: {VAR_TYPE: TYPE_BOOLEAN},
+  NO_VERIFY_SSL: {VAR_TYPE: TYPE_BOOLEAN},
+  NUM_TBATCH_THREADS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
+  NUM_THREADS: {VAR_TYPE: TYPE_INTEGER, VAR_ENVVAR: 'GAM_THREADS', VAR_LIMITS: (1, 1000)},
+  OAUTH2_TXT: {VAR_TYPE: TYPE_FILE, VAR_ENVVAR: 'OAUTHFILE', VAR_ACCESS: os.R_OK | os.W_OK},
+  OAUTH2SERVICE_JSON: {VAR_TYPE: TYPE_FILE, VAR_ENVVAR: 'OAUTHSERVICEFILE', VAR_ACCESS: os.R_OK | os.W_OK},
+  PEOPLE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (0, 1000)},
+  QUICK_CROS_MOVE: {VAR_TYPE: TYPE_BOOLEAN},
+  QUICK_INFO_USER: {VAR_TYPE: TYPE_BOOLEAN},
+  RESELLER_ID: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  RETRY_API_SERVICE_NOT_AVAILABLE: {VAR_TYPE: TYPE_BOOLEAN},
+  SECTION: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  SHOW_API_CALLS_RETRY_DATA: {VAR_TYPE: TYPE_BOOLEAN},
+  SHOW_COMMANDS: {VAR_TYPE: TYPE_BOOLEAN},
+  SHOW_CONVERT_CR_NL: {VAR_TYPE: TYPE_BOOLEAN},
+  SHOW_COUNTS_MIN: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (0, 100)},
+  SHOW_GETTINGS: {VAR_TYPE: TYPE_BOOLEAN},
+  SHOW_GETTINGS_GOT_NL: {VAR_TYPE: TYPE_BOOLEAN},
+  SHOW_MULTIPROCESS_INFO: {VAR_TYPE: TYPE_BOOLEAN},
+  SMTP_FQDN: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  SMTP_HOST: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  SMTP_USERNAME: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  SMTP_PASSWORD: {VAR_TYPE: TYPE_PASSWORD, VAR_LIMITS: (0, None)},
+  TLS_MIN_VERSION: {VAR_TYPE: TYPE_CHOICE, VAR_ENVVAR: 'GAM_TLS_MIN_VERSION', VAR_CHOICES: TLS_CHOICE_MAP},
+  TLS_MAX_VERSION: {VAR_TYPE: TYPE_CHOICE, VAR_ENVVAR: 'GAM_TLS_MAX_VERSION', VAR_CHOICES: TLS_CHOICE_MAP},
+  TIMEZONE: {VAR_TYPE: TYPE_TIMEZONE},
+  TODRIVE_CLEARFILTER: {VAR_TYPE: TYPE_BOOLEAN},
+  TODRIVE_CLIENTACCESS: {VAR_TYPE: TYPE_BOOLEAN},
+  TODRIVE_CONVERSION: {VAR_TYPE: TYPE_BOOLEAN},
+  TODRIVE_LOCALCOPY: {VAR_TYPE: TYPE_BOOLEAN},
+  TODRIVE_LOCALE: {VAR_TYPE: TYPE_LOCALE},
+  TODRIVE_NOBROWSER: {VAR_TYPE: TYPE_BOOLEAN, VAR_SIGFILE: 'nobrowser.txt', VAR_SFFT: (FALSE, TRUE)},
+  TODRIVE_NOEMAIL: {VAR_TYPE: TYPE_BOOLEAN, VAR_SIGFILE: 'notdemail.txt', VAR_SFFT: (FALSE, TRUE)},
+  TODRIVE_PARENT: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  TODRIVE_SHEET_TIMESTAMP: {VAR_TYPE: TYPE_BOOLEAN},
+  TODRIVE_SHEET_TIMEFORMAT: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  TODRIVE_TIMESTAMP: {VAR_TYPE: TYPE_BOOLEAN},
+  TODRIVE_TIMEFORMAT: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  TODRIVE_TIMEZONE: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  TODRIVE_UPLOAD_NODATA: {VAR_TYPE: TYPE_BOOLEAN},
+  TODRIVE_USER: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  UPDATE_CROS_OU_WITH_ID: {VAR_TYPE: TYPE_BOOLEAN},
+  USE_PROJECTID_AS_NAME: {VAR_TYPE: TYPE_BOOLEAN},
+  USER_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 500)},
+  USER_SERVICE_ACCOUNT_ACCESS_ONLY: {VAR_TYPE: TYPE_BOOLEAN},
+  }

src/gam/gamlib/glentity.py

@@ -0,0 +1,765 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM entity processing
+
+"""
+
+class GamEntity():
+
+  ROLE_MANAGER = 'MANAGER'
+  ROLE_MEMBER = 'MEMBER'
+  ROLE_OWNER = 'OWNER'
+  ROLE_USER = 'USER'
+  ROLE_MANAGER_MEMBER = ','.join([ROLE_MANAGER, ROLE_MEMBER])
+  ROLE_MANAGER_OWNER = ','.join([ROLE_MANAGER, ROLE_OWNER])
+  ROLE_MEMBER_OWNER = ','.join([ROLE_MEMBER, ROLE_OWNER])
+  ROLE_MANAGER_MEMBER_OWNER = ','.join([ROLE_MANAGER, ROLE_MEMBER, ROLE_OWNER])
+  ROLE_PUBLIC = 'PUBLIC'
+
+  TYPE_CUSTOMER = 'CUSTOMER'
+  TYPE_EXTERNAL = 'EXTERNAL'
+  TYPE_OTHER = 'OTHER'
+  TYPE_GROUP = 'GROUP'
+  TYPE_SERVICE_ACCOUNT = 'SERVICE_ACCOUNT'
+  TYPE_USER = 'USER'
+
+# Keys into NAMES; arbitrary values but must be unique
+  ACCESS_TOKEN = 'atok'
+  ACCOUNT = 'acct'
+  ACTION = 'actn'
+  ACTIVITY = 'actv'
+  ADMINISTRATOR = 'admi'
+  ADMIN_ROLE = 'adro'
+  ADMIN_ROLE_ASSIGNMENT = 'adra'
+  ALERT = 'alrt'
+  ALERT_ID = 'alri'
+  ALERT_FEEDBACK = 'alfb'
+  ALERT_FEEDBACK_ID = 'alfi'
+  ALIAS = 'alia'
+  ALIAS_EMAIL = 'alie'
+  ALIAS_TARGET = 'alit'
+  ANALYTIC_ACCOUNT = 'anac'
+  ANALYTIC_ACCOUNT_SUMMARY = 'anas'
+  ANALYTIC_DATASTREAM = 'anad'
+  ANALYTIC_PROPERTY = 'anap'
+  ANALYTIC_UA_PROPERTY = 'anau'
+  API = 'api '
+  APP_ACCESS_SETTINGS = 'apps'
+  APP_ID = 'appi'
+  APP_NAME = 'appn'
+  APPLICATION_SPECIFIC_PASSWORD = 'aspa'
+  ARROWS_ENABLED = 'arro'
+  ATTACHMENT = 'atta'
+  ATTENDEE = 'atnd'
+  AUDIT_ACTIVITY_REQUEST = 'auda'
+  AUDIT_EXPORT_REQUEST = 'audx'
+  AUDIT_MONITOR_REQUEST = 'audm'
+  BACKUP_VERIFICATION_CODES = 'buvc'
+  BUILDING = 'bldg'
+  BUILDING_ID = 'bldi'
+  CAA_LEVEL = 'calv'
+  CALENDAR = 'cale'
+  CALENDAR_ACL = 'cacl'
+  CALENDAR_SETTINGS = 'cset'
+  CHANNEL_CUSTOMER = 'chcu'
+  CHANNEL_CUSTOMER_ENTITLEMENT = 'chce'
+  CHANNEL_OFFER = 'chof'
+  CHANNEL_PRODUCT = 'chpr'
+  CHANNEL_SKU = 'chsk'
+  CHAT_BOT = 'chbo'
+  CHAT_MEMBER = 'chme'
+  CHAT_MESSAGE = 'chms'
+  CHAT_MESSAGE_ID = 'chmi'
+  CHAT_SPACE = 'chsp'
+  CHAT_THREAD = 'chth'
+  CHROME_APP = 'capp'
+  CHROME_APP_DEVICE = 'capd'
+  CHROME_BROWSER = 'chbr'
+  CHROME_BROWSER_ENROLLMENT_TOKEN = 'cbet'
+  CHROME_CHANNEL = 'chan'
+  CHROME_DEVICE = 'chdv'
+  CHROME_MODEL = 'chmo'
+  CHROME_NETWORK_ID = 'chni'
+  CHROME_NETWORK_NAME = 'chnn'
+  CHROME_PLATFORM = 'cpla'
+  CHROME_POLICY = 'cpol'
+  CHROME_POLICY_IMAGE = 'cpim'
+  CHROME_POLICY_SCHEMA = 'cpsc'
+  CHROME_RELEASE = 'crel'
+  CHROME_VERSION = 'cver'
+  CLASSROOM_INVITATION = 'clai'
+  CLASSROOM_INVITATION_OWNER = 'clio'
+  CLASSROOM_INVITATION_STUDENT = 'clis'
+  CLASSROOM_INVITATION_TEACHER = 'clit'
+  CLASSROOM_OAUTH2_TXT_FILE = 'coa'
+  CLASSROOM_USER_PROFILE = 'clup'
+  CLIENT_ID = 'clid'
+  CLIENT_SECRETS_JSON_FILE = 'csjf'
+  CLOUD_IDENTITY_GROUP = 'cidg'
+  CLOUD_STORAGE_BUCKET = 'clsb'
+  CLOUD_STORAGE_FILE = 'clsf'
+  COLLABORATOR = 'cola'
+  COMMAND_ID = 'cmdi'
+  COMPANY_DEVICE = 'codv'
+  CONFIG_FILE = 'conf'
+  CONTACT = 'cont'
+  CONTACT_DELEGATE = 'cond'
+  CONTACT_GROUP = 'cogr'
+  CONTACT_GROUP_NAME = 'cogn'
+  COPYFROM_COURSE = 'cfco'
+  COPYFROM_GROUP = 'cfgr'
+  COURSE = 'cour'
+  COURSE_ALIAS = 'coal'
+  COURSE_ANNOUNCEMENT_ID = 'caid'
+  COURSE_ANNOUNCEMENT_STATE = 'cast'
+  COURSE_MATERIAL_DRIVEFILE = 'comd'
+  COURSE_MATERIAL_FORM = 'comf'
+  COURSE_MATERIAL_ID = 'cmid'
+  COURSE_MATERIAL_STATE = 'cmst'
+  COURSE_NAME = 'cona'
+  COURSE_STATE = 'cost'
+  COURSE_SUBMISSION_ID = 'csid'
+  COURSE_SUBMISSION_STATE = 'csst'
+  COURSE_TOPIC = 'ctop'
+  COURSE_TOPIC_ID = 'ctoi'
+  COURSE_WORK = 'cwrk'
+  COURSE_WORK_ID = 'cwid'
+  COURSE_WORK_STATE = 'cwst'
+  CREATOR_ID = 'crid'
+  CREDENTIALS = 'cred'
+  CRITERIA = 'crit'
+  CROS_DEVICE = 'cros'
+  CROS_SERIAL_NUMBER = 'crsn'
+  CUSTOMER_DOMAIN = 'cudo'
+  CUSTOMER_ID = 'cuid'
+  DATASTUDIO_ASSET = 'dsas'
+  DATASTUDIO_ASSET_DATASOURCE = 'dsad'
+  DATASTUDIO_ASSETID = 'dsai'
+  DATASTUDIO_ASSET_REPORT = 'dsar'
+  DATASTUDIO_PERMISSION = 'dspe'
+  DATE = 'date'
+  DEFAULT_LANGUAGE = 'dfla'
+  DELEGATE = 'dele'
+  DELETED_USER = 'del'
+  DELIVERY = 'deli'
+  DEVICE = 'devi'
+  DEVICE_FILE = 'devf'
+  DIRECTORY = 'drct'
+  DEVICE_USER = 'devu'
+  DEVICE_USER_CLIENT_STATE = 'ducs'
+  DISCOVERY_JSON_FILE = 'disc'
+  DOCUMENT = 'doc '
+  DOMAIN = 'doma'
+  DOMAIN_ALIAS = 'doal'
+  DOMAIN_CONTACT = 'doco'
+  DOMAIN_PEOPLE_CONTACT = 'dopc'
+  DOMAIN_PROFILE = 'dopr'
+  DRIVE_FILE = 'dfil'
+  DRIVE_FILE_ID = 'fili'
+  DRIVE_FILE_NAME = 'filn'
+  DRIVE_FILE_RENAMED = 'firn'
+  DRIVE_FILE_REVISION = 'filr'
+  DRIVE_FILE_SHORTCUT = 'fils'
+  DRIVE_FILE_OR_FOLDER = 'fifo'
+  DRIVE_FILE_OR_FOLDER_ACL = 'fiac'
+  DRIVE_FILE_OR_FOLDER_ID = 'fifi'
+  DRIVE_FOLDER = 'fold'
+  DRIVE_FOLDER_ID = 'foli'
+  DRIVE_FOLDER_NAME = 'foln'
+  DRIVE_FOLDER_PATH = 'folp'
+  DRIVE_FOLDER_RENAMED = 'forn'
+  DRIVE_FOLDER_SHORTCUT = 'fols'
+  DRIVE_LABEL = 'dlab'
+  DRIVE_LABEL_FIELD_ID = 'dlfi'
+  DRIVE_LABEL_ID = 'dlid'
+  DRIVE_LABEL_NAME = 'dlna'
+  DRIVE_ORPHAN_FILE_OR_FOLDER = 'orph'
+  DRIVE_PARENT_FOLDER = 'fipf'
+  DRIVE_PARENT_FOLDER_ID = 'fipi'
+  DRIVE_PARENT_FOLDER_REFERENCE = 'pfrf'
+  DRIVE_PATH = 'drvp'
+  DRIVE_SETTINGS = 'drvs'
+  DRIVE_SHORTCUT = 'drsc'
+  DRIVE_3PSHORTCUT = 'dr3s'
+  DRIVE_TRASH = 'drvt'
+  EMAIL = 'emai'
+  EMAIL_ALIAS = 'emal'
+  EMAIL_SETTINGS = 'emse'
+  ENTITY = 'enti'
+  EVENT = 'evnt'
+  FEATURE = 'feat'
+  FIELD = 'fiel'
+  FILE = 'file'
+  FILTER = 'filt'
+  FORM = 'form'
+  FORM_RESPONSE = 'frmr'
+  FORWARD_ENABLED = 'fwde'
+  FORWARDING_ADDRESS = 'fwda'
+  GCP_FOLDER = 'gcpf'
+  GCP_FOLDER_NAME = 'gcpn'
+  GMAIL_PROFILE = 'gmpr'
+  GROUP = 'grou'
+  GROUP_ALIAS = 'gali'
+  GROUP_EMAIL = 'gale'
+  GROUP_MEMBERSHIP = 'gmem'
+  GROUP_MEMBERSHIP_TREE = 'gmtr'
+  GROUP_SETTINGS = 'gset'
+  GROUP_TREE = 'gtre'
+  GUARDIAN = 'guar'
+  GUARDIAN_INVITATION = 'gari'
+  GUARDIAN_AND_INVITATION = 'gani'
+  IAM_POLICY = 'iamp'
+  IMAP_ENABLED = 'imap'
+  INBOUND_SSO_ASSIGNMENT = 'insa'
+  INBOUND_SSO_CREDENTIALS = 'insc'
+  INBOUND_SSO_PROFILE = 'insp'
+  INSTANCE = 'inst'
+  ITEM = 'item'
+  ISSUER_CN = 'iscn'
+  KEYBOARD_SHORTCUTS_ENABLED = 'kbsc'
+  LABEL = 'labe'
+  LABEL_ID = 'labi'
+  LANGUAGE = 'lang'
+  LICENSE = 'lice'
+  LOCATION = 'loca'
+  MD5HASH = 'md5h'
+  MEMBER = 'memb'
+  MEMBER_NOT_ARCHIVED = 'mena'
+  MEMBER_ARCHIVED = 'mear'
+  MEMBER_NOT_SUSPENDED = 'mens'
+  MEMBER_SUSPENDED = 'mesu'
+  MEMBER_NOT_SUSPENDED_NOT_ARCHIVED = 'nsna'
+  MEMBER_SUSPENDED_ARCHIVED = 'suar'
+  MEMBER_RESTRICTION = 'memr'
+  MEMBER_URI = 'memu'
+  MEMBERSHIP_TREE = 'metr'
+  MESSAGE = 'mesg'
+  MIMETYPE = 'mime'
+  MOBILE_DEVICE = 'mobi'
+  NAME = 'name'
+  NOTE = 'note'
+  NOTE_ACL = 'nota'
+  NOTES_ACLS = 'naac'
+  NONEDITABLE_ALIAS = 'neal'
+  OAUTH2_TXT_FILE = 'oaut'
+  OAUTH2SERVICE_JSON_FILE = 'oau2'
+  ORGANIZATIONAL_UNIT = 'orgu'
+  OTHER_CONTACT = 'otco'
+  OWNER = 'ownr'
+  OWNER_ID = 'owid'
+  PAGE_SIZE = 'page'
+  PARENT_ORGANIZATIONAL_UNIT = 'porg'
+  PARTICIPANT = 'part'
+  PEOPLE_CONTACT = 'peco'
+  PEOPLE_CONTACT_GROUP = 'pecg'
+  PEOPLE_PHOTO = 'peph'
+  PEOPLE_PROFILE = 'pepr'
+  PERMISSION = 'perm'
+  PERMISSION_ID = 'peid'
+  PERMITTEE = 'prmt'
+  PERSONAL_DEVICE = 'pedv'
+  PHOTO = 'phot'
+  POP_ENABLED = 'popa'
+  PRINTER = 'prin'
+  PRINTER_ID = 'prid'
+  PRINTER_MODEL = 'prmd'
+  PRIVILEGE = 'priv'
+  PRODUCT = 'prod'
+  PROFILE_SHARING_ENABLED = 'prof'
+  PROJECT = 'proj'
+  PROJECT_FOLDER = 'prjf'
+  PROJECT_ID = 'prji'
+  PUBLIC_KEY = 'pubk'
+  QUERY = 'quer'
+  RECIPIENT = 'recp'
+  RECIPIENT_BCC = 'rebc'
+  RECIPIENT_CC = 'recc'
+  REPORT = 'rept'
+  REQUEST_ID = 'reqi'
+  RESOURCE_CALENDAR = 'resc'
+  RESOURCE_ID = 'resi'
+  ROLE = 'role'
+  ROW = 'row '
+  SCOPE = 'scop'
+  SECTION = 'sect'
+  SENDAS_ADDRESS = 'sasa'
+  SENDER = 'send'
+  SERVICE = 'serv'
+  SHAREDDRIVE = 'tdrv'
+  SHAREDDRIVE_ACL = 'tdac'
+  SHAREDDRIVE_FOLDER = 'tdfo'
+  SHAREDDRIVE_ID = 'tdid'
+  SHAREDDRIVE_NAME = 'tdna'
+  SHAREDDRIVE_THEME = 'tdth'
+  SHEET = 'shet'
+  SHEET_ID = 'shti'
+  SIGNATURE = 'sign'
+  SITE = 'site'
+  SITE_ACL = 'sacl'
+  SIZE = 'size'
+  SKU = 'sku '
+  SMIME_ID = 'smid'
+  SNIPPETS_ENABLED = 'snip'
+  SSO_KEY = 'ssok'
+  SSO_SETTINGS = 'ssos'
+  SOURCE_USER = 'src'
+  SPREADSHEET = 'sprd'
+  SPREADSHEET_RANGE = 'ssrn'
+  STATUS = 'stat'
+  STUDENT = 'stud'
+  SUBSCRIPTION = 'subs'
+  SVCACCT = 'svac'
+  SVCACCT_KEY = 'svky'
+  TARGET_USER = 'tgt'
+  TASK = 'task'
+  TASKLIST = 'tali'
+  TEACHER = 'teac'
+  THREAD = 'thre'
+  TRANSFER_APPLICATION = 'trap'
+  TRANSFER_ID = 'trid'
+  TRANSFER_REQUEST = 'trnr'
+  TRASHED_EVENT = 'trev'
+  TRUSTED_APPLICATION = 'trus'
+  TYPE = 'type'
+  UNICODE_ENCODING_ENABLED = 'unic'
+  UNIQUE_ID = 'uniq'
+  URL = 'url '
+  USER = 'user'
+  USER_ALIAS = 'uali'
+  USER_EMAIL = 'uema'
+  USER_INVITATION = 'uinv'
+  USER_NOT_SUSPENDED = 'uns'
+  USER_SCHEMA = 'usch'
+  USER_SUSPENDED = 'usup'
+  VACATION = 'vaca'
+  VACATION_ENABLED = 'vace'
+  VALUE = 'val'
+  VAULT_EXPORT = 'vlte'
+  VAULT_HOLD = 'vlth'
+  VAULT_MATTER = 'vltm'
+  VAULT_MATTER_ARTIFACT = 'vlma'
+  VAULT_MATTER_ID = 'vlmi'
+  VAULT_OPERATION = 'vlto'
+  VAULT_QUERY = 'vltq'
+  WEBCLIPS_ENABLED = 'webc'
+  # _NAMES[0] is plural, _NAMES[1] is singular unless the item name is explicitly plural (Calendar Settings)
+  # For items with Boolean values, both entries are singular (Forward, POP)
+  # These values can be translated into other languages
+  _NAMES = {
+    ACCESS_TOKEN: ['Access Tokens', 'Access Token'],
+    ACCOUNT: ['Google Workspace Accounts', 'Google Workspace Account'],
+    ACTION: ['Actions', 'Action'],
+    ACTIVITY: ['Activities', 'Activity'],
+    ADMINISTRATOR: ['Administrators', 'Administrator'],
+    ADMIN_ROLE: ['Admin Roles', 'Admin Role'],
+    ADMIN_ROLE_ASSIGNMENT: ['Admin Role Assignments', 'Admin Role Assignment'],
+    ALERT: ['Alerts', 'Alert'],
+    ALERT_ID: ['Alert IDs', 'Alert ID'],
+    ALERT_FEEDBACK: ['Alert Feedbacks', 'Alert Feedback'],
+    ALERT_FEEDBACK_ID: ['Alert Feedback IDs', 'Alert Feedback ID'],
+    ALIAS: ['Aliases', 'Alias'],
+    ALIAS_EMAIL: ['Alias Emails', 'Alias Email'],
+    ALIAS_TARGET: ['Alias Targets', 'Alias Target'],
+    ANALYTIC_ACCOUNT: ['Analytic Accounts', 'Analytic Account'],
+    ANALYTIC_ACCOUNT_SUMMARY: ['Analytic Account Summaries', 'Analytic Account Summary'],
+    ANALYTIC_DATASTREAM: ['Analytic Datastreams', 'Analytic Datastream'],
+    ANALYTIC_PROPERTY: ['Analytic GA4 Properties', 'Analytic GA4 Property'],
+    ANALYTIC_UA_PROPERTY: ['Analytic UA Properties', 'Analytic UA Property'],
+    API: ['APIs', 'API'],
+    APP_ACCESS_SETTINGS: ['Application Access Settings', 'Application Access Settings'],
+    APP_ID: ['Application IDs', 'Application ID'],
+    APP_NAME: ['Application Names', 'Application Name'],
+    APPLICATION_SPECIFIC_PASSWORD: ['Application Specific Password IDs', 'Application Specific Password ID'],
+    ARROWS_ENABLED: ['Personal Indicator Arrows Enabled', 'Personal Indicator Arrows Enabled'],
+    ATTACHMENT: ['Attachments', 'Attachment'],
+    ATTENDEE: ['Attendees', 'Attendee'],
+    AUDIT_ACTIVITY_REQUEST: ['Audit Activity Requests', 'Audit Activity Request'],
+    AUDIT_EXPORT_REQUEST: ['Audit Export Requests', 'Audit Export Request'],
+    AUDIT_MONITOR_REQUEST: ['Audit Monitor Requests', 'Audit Monitor Request'],
+    BACKUP_VERIFICATION_CODES: ['Backup Verification Codes', 'Backup Verification Codes'],
+    BUILDING: ['Buildings', 'Building'],
+    BUILDING_ID: ['Building IDs', 'Building ID'],
+    CAA_LEVEL: ['CAA Levels', 'CAA Level'],
+    CALENDAR: ['Calendars', 'Calendar'],
+    CALENDAR_ACL: ['Calendar ACLs', 'Calendar ACL'],
+    CALENDAR_SETTINGS: ['Calendar Settings', 'Calendar Settings'],
+    CHANNEL_CUSTOMER: ['Channel Customers', 'Channel Customer'],
+    CHANNEL_CUSTOMER_ENTITLEMENT: ['Channel Customer Entitlements', 'Channel Customer Entitlement'],
+    CHANNEL_OFFER: ['Channel Offers', 'Channel Offer'],
+    CHANNEL_PRODUCT: ['Channel Products', 'Channel Product'],
+    CHANNEL_SKU: ['Channel SKUs', 'Channel SKU'],
+    CHAT_BOT: ['Chat BOTs', 'Chat BOT'],
+    CHAT_MESSAGE: ['Chat Messages', 'Chat Message'],
+    CHAT_MESSAGE_ID: ['Chat Message IDs', 'Chat Message ID'],
+    CHAT_MEMBER: ['Chat Members', 'Chat Member'],
+    CHAT_SPACE: ['Chat Spaces', 'Chat Space'],
+    CHAT_THREAD: ['Chat Threads', 'Chat Thread'],
+    CHROME_APP: ['Chrome Applications', 'Chrome Application'],
+    CHROME_APP_DEVICE: ['Chrome Application Devices', 'Chrome Application Device'],
+    CHROME_BROWSER: ['Chrome Browsers', 'Chrome Browser'],
+    CHROME_BROWSER_ENROLLMENT_TOKEN: ['Chrome Browser Enrollment Tokens', 'Chrome Browser Enrollment Token'],
+    CHROME_CHANNEL: ['Chrome Channels', 'Chrome Channel'],
+    CHROME_DEVICE: ['Chrome Devices', 'Chrome Device'],
+    CHROME_MODEL: ['Chrome Models', 'Chrome Model'],
+    CHROME_NETWORK_ID: ['Chrome Network IDs', 'Chrome Network ID'],
+    CHROME_NETWORK_NAME: ['Chrome Network Names', 'Chrome Network Name'],
+    CHROME_PLATFORM: ['Chrome Platforms', 'Chrome Platform'],
+    CHROME_POLICY: ['Chrome Policies', 'Chrome Policy'],
+    CHROME_POLICY_IMAGE: ['Chrome Policy Images', 'Chrome Policy Image'],
+    CHROME_POLICY_SCHEMA: ['Chrome Policy Schemas', 'Chrome Policy Schema'],
+    CHROME_RELEASE: ['Chrome Releases', 'Chrome Release'],
+    CHROME_VERSION: ['Chrome Versions', 'Chrome Version'],
+    CLASSROOM_INVITATION: ['Classroom Invitations', 'Classroom Invitation'],
+    CLASSROOM_INVITATION_OWNER: ['Classroom Owner Invitations', 'Classroom Owner Invitation'],
+    CLASSROOM_INVITATION_STUDENT: ['Classroom Student Invitations', 'Classroom Student Invitation'],
+    CLASSROOM_INVITATION_TEACHER: ['Classroom Teacher Invitations', 'Classroom Teacher Invitation'],
+    CLASSROOM_OAUTH2_TXT_FILE: ['Classroom OAuth2 File', 'Classroom OAuth2 File'],
+    CLASSROOM_USER_PROFILE: ['Classroom User Profile', 'Classroom User Profile'],
+    CLIENT_ID: ['Client IDs', 'Client ID'],
+    CLIENT_SECRETS_JSON_FILE: ['Client Secrets File', 'Client Secrets File'],
+    CLOUD_IDENTITY_GROUP: ['Cloud Identity Groups', 'Cloud Identity Group'],
+    CLOUD_STORAGE_BUCKET: ['Cloud Storage Buckets', 'Cloud Storage Bucket'],
+    CLOUD_STORAGE_FILE: ['Cloud Storage Files', 'Cloud Storage File'],
+    COLLABORATOR: ['Collaborators', 'Collaborator'],
+    COMMAND_ID: ['Command IDs', 'Command ID'],
+    COMPANY_DEVICE: ['Company Devices', 'Company Device'],
+    CONFIG_FILE: ['Config File', 'Config File'],
+    CONTACT: ['Contacts', 'Contact'],
+    CONTACT_DELEGATE: ['Contact Delegates', 'Contact Delegate'],
+    CONTACT_GROUP: ['Contact Groups', 'Contact Group'],
+    CONTACT_GROUP_NAME: ['Contact Group Names', 'Contact Group Name'],
+    COPYFROM_COURSE: ['Copy From Courses', 'CopyFrom Course'],
+    COPYFROM_GROUP: ['Copy From Groups', 'CopyFrom Group'],
+    COURSE: ['Courses', 'Course'],
+    COURSE_ALIAS: ['Course Aliases', 'Course Alias'],
+    COURSE_ANNOUNCEMENT_ID: ['Course Announcement IDs', 'Course Announcement ID'],
+    COURSE_ANNOUNCEMENT_STATE: ['Course Announcement States', 'Course Announcement State'],
+    COURSE_MATERIAL_DRIVEFILE: ['Course Material Drive Files', 'Course Material Drive File'],
+    COURSE_MATERIAL_FORM: ['Course Material Forms', 'Course Material Form'],
+    COURSE_MATERIAL_ID: ['Course Material IDs', 'Course Material ID'],
+    COURSE_MATERIAL_STATE: ['Course Material States', 'Course Material State'],
+    COURSE_NAME: ['Course Names', 'Course Name'],
+    COURSE_STATE: ['Course States', 'Course State'],
+    COURSE_SUBMISSION_ID: ['Course Submission IDs', 'Course Submission ID'],
+    COURSE_SUBMISSION_STATE: ['Course Submission States', 'Course Submission State'],
+    COURSE_TOPIC: ['Course Topics', 'Course Topic'],
+    COURSE_TOPIC_ID: ['Course Topic IDs', 'Course Topic ID'],
+    COURSE_WORK: ['Course Works', 'Course Work'],
+    COURSE_WORK_ID: ['Course Work IDs', 'Course Work ID'],
+    COURSE_WORK_STATE: ['Course Work States', 'Course Work State'],
+    CREATOR_ID: ['Creator IDs', 'Creator ID'],
+    CREDENTIALS: ['Credentials', 'Credentials'],
+    CRITERIA: ['Criteria', 'Criteria'],
+    CROS_DEVICE: ['CrOS Devices', 'CrOS Device'],
+    CROS_SERIAL_NUMBER: ['CrOS Serial Numbers', 'CrOS Serial Numbers'],
+    CUSTOMER_DOMAIN: ['Customer Domains', 'Customer Domain'],
+    CUSTOMER_ID: ['Customer IDs', 'Customer ID'],
+    DATASTUDIO_ASSET: ['Data Studio Assets', 'Data Studio Asset'],
+    DATASTUDIO_ASSET_DATASOURCE: ['Data Studio DATA_SOURCE Assets', 'Data Studio DATA_SOURCE Asset'],
+    DATASTUDIO_ASSETID: ['Data Studio Asset IDs', 'Data Studio Asset ID'],
+    DATASTUDIO_ASSET_REPORT: ['Data Studio REPORT Assets', 'Data Studio REPORT Asset'],
+    DATASTUDIO_PERMISSION: ['Data Studio Permissions', 'Data Studio Permission'],
+    DATE: ['Dates', 'Date'],
+    DEFAULT_LANGUAGE: ['Default Language', 'Default Language'],
+    DELEGATE: ['Delegates', 'Delegate'],
+    DELETED_USER: ['Deleted Users', 'Deleted User'],
+    DELIVERY: ['Delivery', 'Delivery'],
+    DEVICE: ['Devices', 'Device'],
+    DEVICE_FILE: ['Device Files', 'Device File'],
+    DEVICE_USER: ['Device Users', 'Device User'],
+    DEVICE_USER_CLIENT_STATE: ['Device Users Client States', 'Device User Client State'],
+    DIRECTORY: ['Directories', 'Directory'],
+    DISCOVERY_JSON_FILE: ['Discovery File', 'Discovery File'],
+    DOCUMENT: ['Documents', 'Document'],
+    DOMAIN: ['Domains', 'Domain'],
+    DOMAIN_ALIAS: ['Domain Aliases', 'Domain Alias'],
+    DOMAIN_CONTACT: ['Domain Contacts', 'Domain Contact'],
+    DOMAIN_PEOPLE_CONTACT: ['Domain People Contacts', 'Domain People Contact'],
+    DOMAIN_PROFILE: ['Domain Profiles', 'Domain Profile'],
+    DRIVE_FILE: ['Drive Files', 'Drive File'],
+    DRIVE_FILE_ID: ['Drive File IDs', 'Drive File ID'],
+    DRIVE_FILE_NAME: ['Drive File Names', 'Drive File Name'],
+    DRIVE_FILE_REVISION: ['Drive File Revisions', 'Drive File Revision'],
+    DRIVE_FILE_RENAMED: ['Drive Files Renamed', 'Drive File Renamed'],
+    DRIVE_FILE_SHORTCUT: ['Drive File Shortcuts', 'Drive File Shortcut'],
+    DRIVE_FILE_OR_FOLDER: ['Drive Files/Folders', 'Drive File/Folder'],
+    DRIVE_FILE_OR_FOLDER_ACL: ['Drive File/Folder ACLs', 'Drive File/Folder ACL'],
+    DRIVE_FILE_OR_FOLDER_ID: ['Drive File/Folder IDs', 'Drive File/Folder ID'],
+    DRIVE_FOLDER: ['Drive Folders', 'Drive Folder'],
+    DRIVE_FOLDER_ID: ['Drive Folder IDs', 'Drive Folder ID'],
+    DRIVE_FOLDER_NAME: ['Drive Folder Names', 'Drive Folder Name'],
+    DRIVE_FOLDER_PATH: ['Drive Folder Paths', 'Drive Folder Path'],
+    DRIVE_FOLDER_RENAMED: ['Drive Folders Renamed', 'Drive Folder Renamed'],
+    DRIVE_FOLDER_SHORTCUT: ['Drive Folder Shortcuts', 'Drive Folder Shortcut'],
+    DRIVE_LABEL: ['Drive Labels', 'Drive Label'],
+    DRIVE_LABEL_FIELD_ID: ['Drive Label Field IDs', 'Drive Label Field ID'],
+    DRIVE_LABEL_ID: ['Drive Label IDs', 'Drive Label ID'],
+    DRIVE_LABEL_NAME: ['Drive Label Names', 'Drive Label Name'],
+    DRIVE_ORPHAN_FILE_OR_FOLDER: ['Drive Orphan Files/Folders', 'Drive Orphan File/Folder'],
+    DRIVE_PARENT_FOLDER: ['Drive Parent Folders', 'Drive Parent Folder'],
+    DRIVE_PARENT_FOLDER_ID: ['Drive Parent Folder IDs', 'Drive Parent Folder ID'],
+    DRIVE_PARENT_FOLDER_REFERENCE: ['Drive Parent Folder References', 'Drive Parent Folder Reference'],
+    DRIVE_PATH: ['Drive Paths', 'Drive Path'],
+    DRIVE_SETTINGS: ['Drive Settings', 'Drive Settings'],
+    DRIVE_SHORTCUT: ['Drive Shortcuts', 'Drive Shortcut'],
+    DRIVE_3PSHORTCUT: ['Drive 3rd Party Shortcuts', 'Drive 3rd Party Shortcut'],
+    DRIVE_TRASH: ['Drive Trash', 'Drive Trash'],
+    EMAIL: ['Email Addresses', 'Email Address'],
+    EMAIL_ALIAS: ['Email Aliases', 'Email Alias'],
+    EMAIL_SETTINGS: ['Email Settings', 'Email Settings'],
+    ENTITY: ['Entities', 'Entity'],
+    EVENT: ['Events', 'Event'],
+    FEATURE: ['Features', 'Feature'],
+    FIELD: ['Fields', 'Field'],
+    FILE: ['Files', 'File'],
+    FILTER: ['Filters', 'Filter'],
+    FORM: ['Forms', 'Form'],
+    FORM_RESPONSE: ['Form Responses', 'Form Response'],
+    FORWARD_ENABLED: ['Forward Enabled', 'Forward Enabled'],
+    FORWARDING_ADDRESS: ['Forwarding Addresses', 'Forwarding Address'],
+    GCP_FOLDER: ['GCP Folders', 'GCP Folder'],
+    GCP_FOLDER_NAME: ['GCP Folder Names', 'GCP Folder Name'],
+    GMAIL_PROFILE: ['Gmail Profile', 'Gmail Profile'],
+    GROUP: ['Groups', 'Group'],
+    GROUP_ALIAS: ['Group Aliases', 'Group Alias'],
+    GROUP_EMAIL: ['Group Emails', 'Group Email'],
+    GROUP_MEMBERSHIP: ['Group Memberships', 'Group Membership'],
+    GROUP_MEMBERSHIP_TREE: ['Group Membership Trees', 'Group Membership Tree'],
+    GROUP_SETTINGS: ['Group Settings', 'Group Settings'],
+    GROUP_TREE: ['Group Trees', 'Group Tree'],
+    GUARDIAN: ['Guardians', 'Guardian'],
+    GUARDIAN_INVITATION: ['Guardian Invitations', 'Guardian Invitation'],
+    GUARDIAN_AND_INVITATION: ['Guardians and Invitations', 'Guardian and Invitation'],
+    IAM_POLICY: ['IAM Policies', 'IAM Policy'],
+    IMAP_ENABLED: ['IMAP Enabled', 'IMAP Enabled'],
+    INBOUND_SSO_ASSIGNMENT: ['Inbound SSO Assignments', 'Inbound SSO Assignment'],
+    INBOUND_SSO_CREDENTIALS: ['Inbound SSO Credentials', 'Inbound SSO Credential'],
+    INBOUND_SSO_PROFILE: ['Inbound SSO Profiles', 'Inbound SSO Profile'],
+    INSTANCE: ['Instances', 'Instance'],
+    ISSUER_CN: ['Issuer CNs', 'Issuer CN'],
+    ITEM: ['Items', 'Item'],
+    KEYBOARD_SHORTCUTS_ENABLED: ['Keyboard Shortcuts Enabled', 'Keyboard Shortcuts Enabled'],
+    LABEL: ['Labels', 'Label'],
+    LABEL_ID: ['Label IDs', 'Label ID'],
+    LANGUAGE: ['Languages', 'Language'],
+    LICENSE: ['Licenses', 'License'],
+    LOCATION: ['Locations', 'Location'],
+    MD5HASH: ['MD5 hash', 'MD5 Hash'],
+    MEMBER: ['Members', 'Member'],
+    MEMBER_NOT_ARCHIVED: ['Members (Not Archived)', 'Member (Not Archived)'],
+    MEMBER_ARCHIVED: ['Members (Archived)', 'Member (Archived)'],
+    MEMBER_NOT_SUSPENDED: ['Members (Not Suspended)', 'Member (Not Suspended)'],
+    MEMBER_SUSPENDED: ['Members (Suspended)', 'Member (Suspended)'],
+    MEMBER_NOT_SUSPENDED_NOT_ARCHIVED: ['Members (Not Suspended & Not Archived)', 'Member (Not Suspended & Not Archived)'],
+    MEMBER_SUSPENDED_ARCHIVED: ['Members (Suspended & Archived)', 'Member (Suspended & Archived)'],
+    MEMBER_RESTRICTION: ['Member Restrictions', 'Member Restriction'],
+    MEMBER_URI: ['Member URIs', 'Member URI'],
+    MEMBERSHIP_TREE: ['Membership Trees', 'Membership Tree'],
+    MESSAGE: ['Messages', 'Message'],
+    MIMETYPE: ['MIME Types', 'MIME Type'],
+    MOBILE_DEVICE: ['Mobile Devices', 'Mobile Device'],
+    NAME: ['Names', 'Name'],
+    NOTE: ['Notes', 'Note'],
+    NOTE_ACL: ['Note ACLs', 'Note ACL'],
+    NOTES_ACLS: ["'Note's ACLs", "Note's ACLs"],
+    NONEDITABLE_ALIAS: ['Non-Editable Aliases', 'Non-Editable Alias'],
+    OAUTH2_TXT_FILE: ['Client OAuth2 File', 'Client OAuth2 File'],
+    OAUTH2SERVICE_JSON_FILE: ['Service Account OAuth2 File', 'Service Account OAuth2 File'],
+    ORGANIZATIONAL_UNIT: ['Organizational Units', 'Organizational Unit'],
+    OTHER_CONTACT: ['Other Contacts', 'Other Contact'],
+    OWNER: ['Owners', 'Owner'],
+    OWNER_ID: ['Owner IDs', 'Owner ID'],
+    PAGE_SIZE: ['Page Size', 'Page Size'],
+    PARENT_ORGANIZATIONAL_UNIT: ['Parent Organizational Units', 'Parent Organizational Unit'],
+    PARTICIPANT: ['Participants', 'Participant'],
+    PEOPLE_CONTACT: ['People Contacts', 'Person Contact'],
+    PEOPLE_CONTACT_GROUP: ['People Contact Groups', 'People Contact Group'],
+    PEOPLE_PHOTO: ['People Photos', 'Person Photo'],
+    PEOPLE_PROFILE: ['People Profiles', 'People Profile'],
+    PERMISSION: ['Permissions', 'Permission'],
+    PERMISSION_ID: ['Permission IDs', 'Permission ID'],
+    PERMITTEE: ['Permittees', 'Permittee'],
+    PERSONAL_DEVICE: ['Personal Devices', 'Personal Device'],
+    PHOTO: ['Photos', 'Photo'],
+    POP_ENABLED: ['POP Enabled', 'POP Enabled'],
+    PRINTER: ['Printers', 'Printer'],
+    PRINTER_ID: ['Printer IDs', 'Printer ID'],
+    PRINTER_MODEL: ['Printer Models', 'Printer Model'],
+    PRIVILEGE: ['Privileges', 'Privilege'],
+    PRODUCT: ['Products', 'Product'],
+    PROFILE_SHARING_ENABLED: ['Profile Sharing Enabled', 'Profile Sharing Enabled'],
+    PROJECT: ['Projects', 'Project'],
+    PROJECT_FOLDER: ['Project Folders', 'Project Folder'],
+    PROJECT_ID: ['Project IDs', 'Project ID'],
+    PUBLIC_KEY: ['Public Key', 'Public Key'],
+    QUERY: ['Queries', 'Query'],
+    RECIPIENT: ['Recipients', 'Recipient'],
+    RECIPIENT_BCC: ['Recipients (BCC)', 'Recipient (BCC)'],
+    RECIPIENT_CC: ['Recipients (CC)', 'Recipient (CC)'],
+    REPORT: ['Reports', 'Report'],
+    REQUEST_ID: ['Request IDs', 'Request ID'],
+    RESOURCE_CALENDAR: ['Resource Calendars', 'Resource Calendar'],
+    RESOURCE_ID: ['Resource IDs', 'Resource ID'],
+    ROLE: ['Roles', 'Role'],
+    ROW: ['Rows', 'Row'],
+    SCOPE: ['Scopes', 'Scope'],
+    SECTION: ['Sections', 'Section'],
+    SENDAS_ADDRESS: ['SendAs Addresses', 'SendAs Address'],
+    SENDER: ['Senders', 'Sender'],
+    SERVICE: ['Services', 'Service'],
+    SHAREDDRIVE: ['Shared Drives', 'Shared Drive'],
+    SHAREDDRIVE_ACL: ['Shared Drive ACLs', 'Shared Drive ACL'],
+    SHAREDDRIVE_FOLDER: ['Shared Drive Folders', 'Shared Drive Folder'],
+    SHAREDDRIVE_ID: ['Shared Drive IDs', 'Shared Drive ID'],
+    SHAREDDRIVE_NAME: ['Shared Drive Names', 'Shared Drive Name'],
+    SHAREDDRIVE_THEME: ['Shared Drive Themes', 'Shared Drive Theme'],
+    SHEET: ['Sheets', 'Sheet'],
+    SHEET_ID: ['Sheet IDs', 'Sheet ID'],
+    SIGNATURE: ['Signatures', 'Signature'],
+    SITE: ['Sites', 'Site'],
+    SITE_ACL: ['Site ACLs', 'Site ACL'],
+    SIZE: ['Sizes', 'Size'],
+    SKU: ['SKUs', 'SKU'],
+    SMIME_ID: ['S/MIME Certificate IDs', 'S/MIME Certificate ID'],
+    SNIPPETS_ENABLED: ['Preview Snippets Enabled', 'Preview Snippets Enabled'],
+    SSO_KEY: ['SSO Key', 'SSO Key'],
+    SSO_SETTINGS: ['SSO Settings', 'SSO Settings'],
+    SOURCE_USER: ['Source Users', 'Source User'],
+    SPREADSHEET: ['Spreadsheets', 'Spreadsheet'],
+    SPREADSHEET_RANGE: ['Spreadsheet Ranges', 'Spreadsheet Range'],
+    STATUS: ['Status', 'Status'],
+    STUDENT: ['Students', 'Student'],
+    SUBSCRIPTION: ['Subscriptions', 'Subscription'],
+    SVCACCT: ['Service Accounts', 'Service Account'],
+    SVCACCT_KEY: ['Service Account Keys', 'Service Account Key'],
+    TARGET_USER: ['Target Users', 'Target User'],
+    TASK: ['Tasks', 'Task'],
+    TASKLIST: ['Tasklists', 'Tasklist'],
+    TEACHER: ['Teachers', 'Teacher'],
+    THREAD: ['Threads', 'Thread'],
+    TRANSFER_APPLICATION: ['Transfer Applications', 'Transfer Application'],
+    TRANSFER_ID: ['Transfer IDs', 'Transfer ID'],
+    TRANSFER_REQUEST: ['Transfer Requests', 'Transfer Request'],
+    TRASHED_EVENT: ['Trashed Events', 'Trashed Event'],
+    TRUSTED_APPLICATION: ['Trusted Applications', 'Trusted Application'],
+    TYPE: ['Types', 'Type'],
+    UNICODE_ENCODING_ENABLED: ['UTF-8 Encoding Enabled', 'UTF-8 Encoding Enabled'],
+    UNIQUE_ID: ['Unique IDs', 'Unique ID'],
+    URL: ['URLs', 'URL'],
+    USER: ['Users', 'User'],
+    USER_ALIAS: ['User Aliases', 'User Alias'],
+    USER_EMAIL: ['User Emails', 'User Email'],
+    USER_INVITATION: ['User Invitations', 'User Invitation'],
+    USER_NOT_SUSPENDED: ['Users (Not suspended)', 'User (Not suspended)'],
+    USER_SCHEMA: ['Schemas', 'Schema'],
+    USER_SUSPENDED: ['Users (Suspended)', 'User (Suspended)'],
+    VACATION: ['Vacation', 'Vacation'],
+    VACATION_ENABLED: ['Vacation Enabled', 'Vacation Enabled'],
+    VALUE: ['Values', 'Value'],
+    VAULT_EXPORT: ['Vault Exports', 'Vault Export'],
+    VAULT_HOLD: ['Vault Holds', 'Vault Hold'],
+    VAULT_MATTER: ['Vault Matters', 'Vault Matter'],
+    VAULT_MATTER_ARTIFACT: ['Vault Matter Artifacts', 'Vault Matter Artifact'],
+    VAULT_MATTER_ID: ['Vault Matter IDs', 'Vault Matter ID'],
+    VAULT_OPERATION: ['Vault Operations', 'Vault Operation'],
+    VAULT_QUERY: ['Vault Queries', 'Vault Query'],
+    WEBCLIPS_ENABLED: ['Web Clips Enabled', 'Web Clips Enabled'],
+    ROLE_MANAGER: ['Managers', 'Manager'],
+    ROLE_MEMBER: ['Members', 'Member'],
+    ROLE_OWNER: ['Owners', 'Owner'],
+    ROLE_USER: ['Users', 'User'],
+    ROLE_MANAGER_MEMBER: ['Members, Managers', 'Member, Manager'],
+    ROLE_MANAGER_OWNER: ['Managers, Owners', 'Manager, Owner'],
+    ROLE_MEMBER_OWNER: ['Members, Owners', 'Member, Owner'],
+    ROLE_MANAGER_MEMBER_OWNER: ['Members, Managers, Owners', 'Member, Manager, Owner'],
+    ROLE_PUBLIC: ['Public', 'Public'],
+    }
+
+  def __init__(self):
+    self.entityType = None
+    self.forWhom = None
+    self.preQualifier = ''
+    self.postQualifier = ''
+
+  def SetGetting(self, entityType):
+    self.entityType = entityType
+    self.preQualifier = self.postQualifier = ''
+
+  def SetGettingQuery(self, entityType, query):
+    self.entityType = entityType
+    self.preQualifier = f' that match query ({query})'
+    self.postQualifier = f' that matched query ({query})'
+
+  def SetGettingQualifier(self, entityType, qualifier):
+    self.entityType = entityType
+    self.preQualifier = self.postQualifier = qualifier
+
+  def Getting(self):
+    return self.entityType
+
+  def GettingPreQualifier(self):
+    return self.preQualifier
+
+  def GettingPostQualifier(self):
+    return self.postQualifier
+
+  def SetGettingForWhom(self, forWhom):
+    self.forWhom = forWhom
+
+  def GettingForWhom(self):
+    return self.forWhom
+
+  def Choose(self, entityType, count):
+    return self._NAMES[entityType][[0, 1][count == 1]]
+
+  def ChooseGetting(self, count):
+    return self._NAMES[self.entityType][[0, 1][count == 1]]
+
+  def Plural(self, entityType):
+    return self._NAMES[entityType][0]
+
+  def PluralGetting(self):
+    return self._NAMES[self.entityType][0]
+
+  def Singular(self, entityType):
+    return self._NAMES[entityType][1]
+
+  def SingularGetting(self):
+    return self._NAMES[self.entityType][1]
+
+  def MayTakeTime(self, entityType):
+    if entityType:
+      return f', may take some time on a large {self.Singular(entityType)}...'
+    return ''
+
+  def FormatEntityValueList(self, entityValueList):
+    evList = []
+    for j in range(0, len(entityValueList), 2):
+      evList.append(self.Singular(entityValueList[j]))
+      evList.append(entityValueList[j+1])
+    return evList
+
+  def TypeMessage(self, entityType, message):
+    return f'{self.Singular(entityType)}: {message}'
+
+  def TypeName(self, entityType, entityName):
+    return f'{self.Singular(entityType)}: {entityName}'
+
+  def TypeNameMessage(self, entityType, entityName, message):
+    return f'{self.Singular(entityType)}: {entityName} {message}'

src/gam/gamlib/glgapi.py

@@ -0,0 +1,759 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM GAPI resources
+
+"""
+# callGAPI throw reasons
+ABORTED = 'aborted'
+ACCESS_NOT_CONFIGURED = 'accessNotConfigured'
+ALREADY_EXISTS = 'alreadyExists'
+AUTH_ERROR = 'authError'
+BACKEND_ERROR = 'backendError'
+BAD_GATEWAY = 'badGateway'
+BAD_REQUEST = 'badRequest'
+CANNOT_ADD_PARENT = 'cannotAddParent'
+CANNOT_CHANGE_ORGANIZER = 'cannotChangeOrganizer'
+CANNOT_CHANGE_ORGANIZER_OF_INSTANCE = 'cannotChangeOrganizerOfInstance'
+CANNOT_CHANGE_OWN_ACL = 'cannotChangeOwnAcl'
+CANNOT_CHANGE_OWNER_ACL = 'cannotChangeOwnerAcl'
+CANNOT_CHANGE_OWN_PRIMARY_SUBSCRIPTION = 'cannotChangeOwnPrimarySubscription'
+CANNOT_COPY_FILE = 'cannotCopyFile'
+CANNOT_DELETE_ONLY_REVISION = 'cannotDeleteOnlyRevision'
+CANNOT_DELETE_PRIMARY_CALENDAR = 'cannotDeletePrimaryCalendar'
+CANNOT_DELETE_PRIMARY_SENDAS = 'cannotDeletePrimarySendAs'
+CANNOT_DELETE_RESOURCE_WITH_CHILDREN = 'cannotDeleteResourceWithChildren'
+CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION = 'cannotModifyInheritedTeamDrivePermission'
+CANNOT_MODIFY_RESTRICTED_LABEL = 'cannotModifyRestrictedLabel'
+CANNOT_MODIFY_VIEWERS_CAN_COPY_CONTENT = 'cannotModifyViewersCanCopyContent'
+CANNOT_MOVE_TRASHED_ITEM_INTO_TEAMDRIVE = 'cannotMoveTrashedItemIntoTeamDrive'
+CANNOT_MOVE_TRASHED_ITEM_OUT_OF_TEAMDRIVE = 'cannotMoveTrashedItemOutOfTeamDrive'
+CANNOT_REMOVE_OWNER = 'cannotRemoveOwner'
+CANNOT_SET_EXPIRATION = 'cannotSetExpiration'
+CANNOT_SHARE_GROUPS_WITHLINK = 'cannotShareGroupsWithLink'
+CANNOT_SHARE_USERS_WITHLINK = 'cannotShareUsersWithLink'
+CANNOT_SHARE_TEAMDRIVE_TOPFOLDER_WITH_ANYONEORDOMAINS = 'cannotShareTeamDriveTopFolderWithAnyoneOrDomains'
+CANNOT_SHARE_TEAMDRIVE_WITH_NONGOOGLE_ACCOUNTS = 'cannotShareTeamDriveWithNonGoogleAccounts'
+CANNOT_UPDATE_PERMISSION = 'cannotUpdatePermission'
+CONDITION_NOT_MET = 'conditionNotMet'
+CONFLICT = 'conflict'
+CROSS_DOMAIN_MOVE_RESTRICTION = 'crossDomainMoveRestriction'
+CUSTOMER_EXCEEDED_ROLE_ASSIGNMENTS_LIMIT = 'CUSTOMER_EXCEEDED_ROLE_ASSIGNMENTS_LIMIT'
+CUSTOMER_NOT_FOUND = 'customerNotFound'
+CYCLIC_MEMBERSHIPS_NOT_ALLOWED = 'cyclicMembershipsNotAllowed'
+DAILY_LIMIT_EXCEEDED = 'dailyLimitExceeded'
+DELETED = 'deleted'
+DELETED_USER_NOT_FOUND = 'deletedUserNotFound'
+DOMAIN_ALIAS_NOT_FOUND = 'domainAliasNotFound'
+DOMAIN_CANNOT_USE_APIS = 'domainCannotUseApis'
+DOMAIN_NOT_FOUND = 'domainNotFound'
+DOMAIN_NOT_VERIFIED_SECONDARY = 'domainNotVerifiedSecondary'
+DOMAIN_POLICY = 'domainPolicy'
+DUPLICATE = 'duplicate'
+EVENT_DURATION_EXCEEDS_LIMIT = 'eventDurationExceedsLimit'
+FAILED_PRECONDITION = 'failedPrecondition'
+FIELD_IN_USE = 'fieldInUse'
+FIELD_NOT_WRITABLE = 'fieldNotWritable'
+FILE_NEVER_WRITABLE = 'fileNeverWritable'
+FILE_NOT_FOUND = 'fileNotFound'
+FILE_ORGANIZER_NOT_YET_ENABLED_FOR_THIS_TEAMDRIVE = 'fileOrganizerNotYetEnabledForThisTeamDrive'
+FILE_ORGANIZER_ON_FOLDERS_IN_SHARED_DRIVE_ONLY = 'fileOrganizerOnFoldersInSharedDriveOnly'
+FILE_ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED = 'fileOrganizerOnNonTeamDriveNotSupported'
+FILE_OWNER_NOT_MEMBER_OF_TEAMDRIVE = 'fileOwnerNotMemberOfTeamDrive'
+FILE_OWNER_NOT_MEMBER_OF_WRITER_DOMAIN = 'fileOwnerNotMemberOfWriterDomain'
+FILE_WRITER_TEAMDRIVE_MOVE_IN_DISABLED = 'fileWriterTeamDriveMoveInDisabled'
+FORBIDDEN = 'forbidden'
+GATEWAY_TIMEOUT = 'gatewayTimeout'
+GROUP_NOT_FOUND = 'groupNotFound'
+ILLEGAL_ACCESS_ROLE_FOR_DEFAULT = 'illegalAccessRoleForDefault'
+INSUFFICIENT_ADMINISTRATOR_PRIVILEGES = 'insufficientAdministratorPrivileges'
+INSUFFICIENT_ARCHIVED_USER_LICENSES = 'insufficientArchivedUserLicenses'
+INSUFFICIENT_FILE_PERMISSIONS = 'insufficientFilePermissions'
+INSUFFICIENT_PARENT_PERMISSIONS = 'insufficientParentPermissions'
+INSUFFICIENT_PERMISSIONS = 'insufficientPermissions'
+INTERNAL_ERROR = 'internalError'
+INVALID = 'invalid'
+INVALID_ARGUMENT = 'invalidArgument'
+INVALID_ATTRIBUTE_VALUE = 'invalidAttributeValue'
+INVALID_CUSTOMER_ID = 'invalidCustomerId'
+INVALID_INPUT = 'invalidInput'
+INVALID_LINK_VISIBILITY = 'invalidLinkVisibility'
+INVALID_MEMBER = 'invalidMember'
+INVALID_MESSAGE_ID = 'invalidMessageId'
+INVALID_ORGUNIT = 'invalidOrgunit'
+INVALID_ORGUNIT_NAME = 'invalidOrgunitName'
+INVALID_OWNERSHIP_TRANSFER = 'invalidOwnershipTransfer'
+INVALID_PARAMETER = 'invalidParameter'
+INVALID_PARENT_ORGUNIT = 'invalidParentOrgunit'
+INVALID_QUERY = 'invalidQuery'
+INVALID_RESOURCE = 'invalidResource'
+INVALID_SCHEMA_VALUE = 'invalidSchemaValue'
+INVALID_SCOPE_VALUE = 'invalidScopeValue'
+INVALID_SHARING_REQUEST = 'invalidSharingRequest'
+LABEL_MULTIPLE_VALUES_FOR_SINGULAR_FIELD = 'labelMultipleValuesForSingularField'
+LABEL_MUTATION_FORBIDDEN = 'labelMutationForbidden'
+LABEL_MUTATION_ILLEGAL_SELECTION = 'labelMutationIllegalSelection'
+LABEL_MUTATION_UNKNOWN_FIELD = 'labelMutationUnknownField'
+LIMIT_EXCEEDED = 'limitExceeded'
+LOGIN_REQUIRED = 'loginRequired'
+MEMBER_NOT_FOUND = 'memberNotFound'
+NO_LIST_TEAMDRIVES_ADMINISTRATOR_PRIVILEGE = 'noListTeamDrivesAdministratorPrivilege'
+NO_MANAGE_TEAMDRIVE_ADMINISTRATOR_PRIVILEGE = 'noManageTeamDriveAdministratorPrivilege'
+NOT_A_CALENDAR_USER = 'notACalendarUser'
+NOT_FOUND = 'notFound'
+NOT_IMPLEMENTED = 'notImplemented'
+OPERATION_NOT_SUPPORTED = 'operationNotSupported'
+ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED = 'organizerOnNonTeamDriveNotSupported'
+ORGANIZER_ON_NON_TEAMDRIVE_ITEM_NOT_SUPPORTED = 'organizerOnNonTeamDriveItemNotSupported'
+ORGUNIT_NOT_FOUND = 'orgunitNotFound'
+OWNER_ON_TEAMDRIVE_ITEM_NOT_SUPPORTED = 'ownerOnTeamDriveItemNotSupported'
+OWNERSHIP_CHANGE_ACROSS_DOMAIN_NOT_PERMITTED = 'ownershipChangeAcrossDomainNotPermitted'
+PARTICIPANT_IS_NEITHER_ORGANIZER_NOR_ATTENDEE = 'participantIsNeitherOrganizerNorAttendee'
+PERMISSION_DENIED = 'permissionDenied'
+PERMISSION_NOT_FOUND = 'permissionNotFound'
+PHOTO_NOT_FOUND = 'photoNotFound'
+PUBLISH_OUT_NOT_PERMITTED = 'publishOutNotPermitted'
+QUERY_REQUIRES_ADMIN_CREDENTIALS = 'queryRequiresAdminCredentials'
+QUOTA_EXCEEDED = 'quotaExceeded'
+RATE_LIMIT_EXCEEDED = 'rateLimitExceeded'
+REQUIRED = 'required'
+REQUIRED_ACCESS_LEVEL = 'requiredAccessLevel'
+RESOURCE_EXHAUSTED = 'resourceExhausted'
+RESOURCE_ID_NOT_FOUND = 'resourceIdNotFound'
+RESOURCE_NOT_FOUND = 'resourceNotFound'
+RESPONSE_PREPARATION_FAILURE = 'responsePreparationFailure'
+REVISION_DELETION_NOT_SUPPORTED = 'revisionDeletionNotSupported'
+REVISION_NOT_FOUND = 'revisionNotFound'
+REVISIONS_NOT_SUPPORTED = 'revisionsNotSupported'
+SERVICE_LIMIT = 'serviceLimit'
+SERVICE_NOT_AVAILABLE = 'serviceNotAvailable'
+SHARE_IN_NOT_PERMITTED = 'shareInNotPermitted'
+SHARE_OUT_NOT_PERMITTED = 'shareOutNotPermitted'
+SHARE_OUT_NOT_PERMITTED_TO_USER = 'shareOutNotPermittedToUser'
+SHARING_RATE_LIMIT_EXCEEDED = 'sharingRateLimitExceeded'
+SHORTCUT_TARGET_INVALID = 'shortcutTargetInvalid'
+STORAGE_QUOTA_EXCEEDED = 'storageQuotaExceeded'
+SYSTEM_ERROR = 'systemError'
+TEAMDRIVE_ALREADY_EXISTS = 'teamDriveAlreadyExists'
+TEAMDRIVE_DOMAIN_USERS_ONLY_RESTRICTION = 'teamDriveDomainUsersOnlyRestriction'
+TEAMDRIVE_TEAM_MEMBERS_ONLY_RESTRICTION = 'teamDriveTeamMembersOnlyRestriction'
+TEAMDRIVE_HIERARCHY_TOO_DEEP = 'teamDriveHierarchyTooDeep'
+TEAMDRIVE_MEMBERSHIP_REQUIRED = 'teamDriveMembershipRequired'
+TEAMDRIVES_FOLDER_MOVE_IN_NOT_SUPPORTED = 'teamDrivesFolderMoveInNotSupported'
+TEAMDRIVES_FOLDER_SHARING_NOT_SUPPORTED = 'teamDrivesFolderSharingNotSupported'
+TEAMDRIVES_PARENT_LIMIT = 'teamDrivesParentLimit'
+TEAMDRIVES_SHARING_RESTRICTION_NOT_ALLOWED = 'teamDrivesSharingRestrictionNotAllowed'
+TEAMDRIVES_SHORTCUT_FILE_NOT_SUPPORTED = 'teamDrivesShortcutFileNotSupported'
+TIME_RANGE_EMPTY = 'timeRangeEmpty'
+TRANSIENT_ERROR = 'transientError'
+UNKNOWN_ERROR = 'unknownError'
+UPLOAD_TOO_LARGE = 'uploadTooLarge'
+USER_ACCESS = 'userAccess'
+USER_NOT_FOUND = 'userNotFound'
+USER_RATE_LIMIT_EXCEEDED = 'userRateLimitExceeded'
+#
+DEFAULT_RETRY_REASONS = [QUOTA_EXCEEDED, RATE_LIMIT_EXCEEDED, SHARING_RATE_LIMIT_EXCEEDED, USER_RATE_LIMIT_EXCEEDED,
+                         BACKEND_ERROR, BAD_GATEWAY, GATEWAY_TIMEOUT, INTERNAL_ERROR, TRANSIENT_ERROR]
+ACTIVITY_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST]
+ALERT_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR]
+CALENDAR_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, NOT_A_CALENDAR_USER]
+CIGROUP_CREATE_THROW_REASONS = [ALREADY_EXISTS, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_ARGUMENT, PERMISSION_DENIED]
+CIGROUP_GET_THROW_REASONS = [NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, INVALID, SYSTEM_ERROR, PERMISSION_DENIED]
+CIGROUP_LIST_THROW_REASONS = [RESOURCE_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, INVALID, SYSTEM_ERROR, PERMISSION_DENIED]
+CIGROUP_LIST_USERKEY_THROW_REASONS = CIGROUP_LIST_THROW_REASONS+[INVALID_ARGUMENT]
+CIGROUP_UPDATE_THROW_REASONS = [NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS,
+                                FORBIDDEN, BAD_REQUEST, INVALID, INVALID_INPUT, INVALID_ARGUMENT,
+                                SYSTEM_ERROR, PERMISSION_DENIED, FAILED_PRECONDITION]
+CIMEMBERS_THROW_REASONS = [MEMBER_NOT_FOUND, INVALID_MEMBER]
+CISSO_CREATE_THROW_REASONS = [FAILED_PRECONDITION, NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_ARGUMENT, PERMISSION_DENIED, INTERNAL_ERROR]
+CISSO_GET_THROW_REASONS = [NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, INVALID, SYSTEM_ERROR, PERMISSION_DENIED, INTERNAL_ERROR]
+CISSO_LIST_THROW_REASONS = [NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, INVALID, SYSTEM_ERROR, PERMISSION_DENIED, INTERNAL_ERROR]
+CISSO_UPDATE_THROW_REASONS = [NOT_FOUND, FAILED_PRECONDITION, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS,
+                              FORBIDDEN, BAD_REQUEST, INVALID, INVALID_INPUT, INVALID_ARGUMENT,
+                              SYSTEM_ERROR, PERMISSION_DENIED, INTERNAL_ERROR]
+CONTACT_DELEGATE_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, FAILED_PRECONDITION, PERMISSION_DENIED, FORBIDDEN, INVALID_ARGUMENT]
+COURSE_ACCESS_THROW_REASONS = [NOT_FOUND, INSUFFICIENT_PERMISSIONS, PERMISSION_DENIED, FORBIDDEN, INVALID_ARGUMENT]
+DATASTUDIO_THROW_REASONS = [INVALID_ARGUMENT, SERVICE_NOT_AVAILABLE, BAD_REQUEST, NOT_FOUND, PERMISSION_DENIED]
+DRIVE_USER_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, DOMAIN_POLICY]
+DRIVE_ACCESS_THROW_REASONS = DRIVE_USER_THROW_REASONS+[FILE_NOT_FOUND, FORBIDDEN, INTERNAL_ERROR, INSUFFICIENT_FILE_PERMISSIONS, UNKNOWN_ERROR, INVALID]
+DRIVE_COPY_THROW_REASONS = DRIVE_ACCESS_THROW_REASONS+[CANNOT_COPY_FILE, BAD_REQUEST, RESPONSE_PREPARATION_FAILURE, TEAMDRIVES_SHARING_RESTRICTION_NOT_ALLOWED,
+                                                       FIELD_NOT_WRITABLE, RATE_LIMIT_EXCEEDED, USER_RATE_LIMIT_EXCEEDED]
+DRIVE_GET_THROW_REASONS = DRIVE_USER_THROW_REASONS+[FILE_NOT_FOUND]
+DRIVE3_CREATE_ACL_THROW_REASONS = [BAD_REQUEST, INVALID, INVALID_SHARING_REQUEST, OWNERSHIP_CHANGE_ACROSS_DOMAIN_NOT_PERMITTED, CANNOT_SET_EXPIRATION,
+                                   NOT_FOUND, TEAMDRIVE_DOMAIN_USERS_ONLY_RESTRICTION, TEAMDRIVE_TEAM_MEMBERS_ONLY_RESTRICTION,
+                                   INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, SHARING_RATE_LIMIT_EXCEEDED,
+                                   PUBLISH_OUT_NOT_PERMITTED, SHARE_IN_NOT_PERMITTED, SHARE_OUT_NOT_PERMITTED, SHARE_OUT_NOT_PERMITTED_TO_USER,
+                                   CANNOT_SHARE_TEAMDRIVE_TOPFOLDER_WITH_ANYONEORDOMAINS,
+                                   CANNOT_SHARE_TEAMDRIVE_WITH_NONGOOGLE_ACCOUNTS,
+                                   OWNER_ON_TEAMDRIVE_ITEM_NOT_SUPPORTED,
+                                   ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED,
+                                   ORGANIZER_ON_NON_TEAMDRIVE_ITEM_NOT_SUPPORTED,
+                                   FILE_ORGANIZER_NOT_YET_ENABLED_FOR_THIS_TEAMDRIVE,
+                                   FILE_ORGANIZER_ON_FOLDERS_IN_SHARED_DRIVE_ONLY,
+                                   FILE_ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED,
+                                   TEAMDRIVES_FOLDER_SHARING_NOT_SUPPORTED, INVALID_LINK_VISIBILITY]
+DRIVE3_GET_ACL_REASONS = DRIVE_USER_THROW_REASONS+[FILE_NOT_FOUND, FORBIDDEN, INTERNAL_ERROR,
+                                                   INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, INSUFFICIENT_FILE_PERMISSIONS,
+                                                   UNKNOWN_ERROR, INVALID]
+DRIVE3_UPDATE_ACL_THROW_REASONS = [BAD_REQUEST, INVALID_OWNERSHIP_TRANSFER, CANNOT_REMOVE_OWNER, CANNOT_SET_EXPIRATION,
+                                   OWNERSHIP_CHANGE_ACROSS_DOMAIN_NOT_PERMITTED,
+                                   NOT_FOUND, TEAMDRIVE_DOMAIN_USERS_ONLY_RESTRICTION, TEAMDRIVE_TEAM_MEMBERS_ONLY_RESTRICTION,
+                                   INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, SHARING_RATE_LIMIT_EXCEEDED,
+                                   PUBLISH_OUT_NOT_PERMITTED, SHARE_IN_NOT_PERMITTED, SHARE_OUT_NOT_PERMITTED, SHARE_OUT_NOT_PERMITTED_TO_USER,
+                                   CANNOT_SHARE_TEAMDRIVE_TOPFOLDER_WITH_ANYONEORDOMAINS,
+                                   CANNOT_SHARE_TEAMDRIVE_WITH_NONGOOGLE_ACCOUNTS,
+                                   OWNER_ON_TEAMDRIVE_ITEM_NOT_SUPPORTED,
+                                   ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED,
+                                   ORGANIZER_ON_NON_TEAMDRIVE_ITEM_NOT_SUPPORTED,
+                                   FILE_ORGANIZER_NOT_YET_ENABLED_FOR_THIS_TEAMDRIVE,
+                                   FILE_ORGANIZER_ON_FOLDERS_IN_SHARED_DRIVE_ONLY,
+                                   FILE_ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED,
+                                   CANNOT_UPDATE_PERMISSION,
+                                   CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION,
+                                   FIELD_NOT_WRITABLE, PERMISSION_NOT_FOUND]
+DRIVE3_DELETE_ACL_THROW_REASONS = [BAD_REQUEST, CANNOT_REMOVE_OWNER,
+                                   CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION,
+                                   INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, SHARING_RATE_LIMIT_EXCEEDED,
+                                   NOT_FOUND, PERMISSION_NOT_FOUND]
+DRIVE3_MODIFY_LABEL_THROW_REASONS = DRIVE_USER_THROW_REASONS+[FILE_NOT_FOUND, NOT_FOUND, FORBIDDEN, INTERNAL_ERROR,
+                                                              INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, INSUFFICIENT_FILE_PERMISSIONS,
+                                                              UNKNOWN_ERROR, INVALID_INPUT, BAD_REQUEST,
+                                                              LABEL_MULTIPLE_VALUES_FOR_SINGULAR_FIELD, LABEL_MUTATION_FORBIDDEN,
+                                                              LABEL_MUTATION_ILLEGAL_SELECTION, LABEL_MUTATION_UNKNOWN_FIELD]
+GMAIL_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST]
+GMAIL_LIST_THROW_REASONS = [FAILED_PRECONDITION, PERMISSION_DENIED, INVALID, INVALID_ARGUMENT]
+GMAIL_SMIME_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, INVALID_ARGUMENT, FORBIDDEN, NOT_FOUND]
+GROUP_GET_RETRY_REASONS = [INVALID, SYSTEM_ERROR, SERVICE_NOT_AVAILABLE]
+GROUP_CREATE_THROW_REASONS = [DUPLICATE, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_INPUT]
+GROUP_GET_THROW_REASONS = [GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, INVALID, SYSTEM_ERROR]
+GROUP_UPDATE_THROW_REASONS = [GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_INPUT]
+GROUP_SETTINGS_THROW_REASONS = [NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, SYSTEM_ERROR, PERMISSION_DENIED,
+                                INVALID, INVALID_PARAMETER, INVALID_ATTRIBUTE_VALUE, INVALID_INPUT, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE, AUTH_ERROR, REQUIRED]
+GROUP_SETTINGS_RETRY_REASONS = [INVALID, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE]
+GROUP_LIST_THROW_REASONS = [RESOURCE_NOT_FOUND, DOMAIN_NOT_FOUND, FORBIDDEN, BAD_REQUEST]
+GROUP_LIST_USERKEY_THROW_REASONS = GROUP_LIST_THROW_REASONS+[INVALID_MEMBER, INVALID_INPUT]
+KEEP_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID_ARGUMENT, NOT_FOUND]
+MEMBERS_THROW_REASONS = [GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, INVALID, FORBIDDEN]
+MEMBERS_RETRY_REASONS = [SYSTEM_ERROR, SERVICE_NOT_AVAILABLE]
+ORGUNIT_GET_THROW_REASONS = [INVALID_ORGUNIT, ORGUNIT_NOT_FOUND, BACKEND_ERROR, BAD_REQUEST, INVALID_CUSTOMER_ID, LOGIN_REQUIRED]
+PEOPLE_ACCESS_THROW_REASONS = [SERVICE_NOT_AVAILABLE, FORBIDDEN, PERMISSION_DENIED]
+SHEETS_ACCESS_THROW_REASONS = DRIVE_USER_THROW_REASONS+[NOT_FOUND, PERMISSION_DENIED, FORBIDDEN, INTERNAL_ERROR, INSUFFICIENT_FILE_PERMISSIONS,
+                                                        BAD_REQUEST, INVALID, INVALID_ARGUMENT, FAILED_PRECONDITION]
+TASK_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
+TASKLIST_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
+USER_GET_THROW_REASONS = [USER_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, SYSTEM_ERROR]
+
+REASON_MESSAGE_MAP = {
+  ABORTED: [
+    ('Label name exists or conflicts', DUPLICATE),
+    ],
+  CONDITION_NOT_MET: [
+    ('Cyclic memberships not allowed', CYCLIC_MEMBERSHIPS_NOT_ALLOWED),
+    ('undelete', DELETED_USER_NOT_FOUND),
+    ],
+  FAILED_PRECONDITION: [
+    ('Bad Request', BAD_REQUEST),
+    ('Mail service not enabled', SERVICE_NOT_AVAILABLE),
+    ],
+  INVALID: [
+    ('userId', USER_NOT_FOUND),
+    ('memberKey', INVALID_MEMBER),
+    ('A system error has occurred', SYSTEM_ERROR),
+    ('Invalid attribute value', INVALID_ATTRIBUTE_VALUE),
+    ('Invalid Customer Id', INVALID_CUSTOMER_ID),
+    ('Invalid Input: INVALID_OU_ID', INVALID_ORGUNIT),
+    ('Invalid Input: custom_schema', INVALID_SCHEMA_VALUE),
+    ('Invalid Input: groupKey', INVALID_INPUT),
+    ('Invalid Input: resource', INVALID_RESOURCE),
+    ('Invalid Input:', INVALID_INPUT),
+    ('Invalid Input', INVALID_INPUT),
+    ('Invalid Org Unit', INVALID_ORGUNIT),
+    ('Invalid Ou Id', INVALID_ORGUNIT),
+    ('Invalid Ou Name', INVALID_ORGUNIT_NAME),
+    ('Invalid Parent Orgunit Id', INVALID_PARENT_ORGUNIT),
+    ('Invalid query', INVALID_QUERY),
+    ('Invalid scope value', INVALID_SCOPE_VALUE),
+    ('Invalid value', INVALID_INPUT),
+    ('New domain name is not a verified secondary domain', DOMAIN_NOT_VERIFIED_SECONDARY),
+    ('PermissionDenied', PERMISSION_DENIED),
+    ],
+  INVALID_ARGUMENT: [
+    ('Cannot delete primary send-as', CANNOT_DELETE_PRIMARY_SENDAS),
+    ('Invalid id value', INVALID_MESSAGE_ID),
+    ('Invalid ids value', INVALID_MESSAGE_ID),
+    ],
+  NOT_FOUND: [
+    ('userKey', USER_NOT_FOUND),
+    ('groupKey', GROUP_NOT_FOUND),
+    ('memberKey', MEMBER_NOT_FOUND),
+    ('photo', PHOTO_NOT_FOUND),
+    ('resource_id', RESOURCE_ID_NOT_FOUND),
+    ('resourceId', RESOURCE_ID_NOT_FOUND),
+    ('Customer doesn\'t exist', CUSTOMER_NOT_FOUND),
+    ('Domain alias does not exist', DOMAIN_ALIAS_NOT_FOUND),
+    ('Domain not found', DOMAIN_NOT_FOUND),
+    ('domain', DOMAIN_NOT_FOUND),
+    ('File not found', FILE_NOT_FOUND),
+    ('Org unit not found', ORGUNIT_NOT_FOUND),
+    ('Permission not found', PERMISSION_NOT_FOUND),
+    ('Resource Not Found', RESOURCE_NOT_FOUND),
+    ('Revision not found', REVISION_NOT_FOUND),
+    ('Shared Drive not found', NOT_FOUND),
+    ('Not Found', NOT_FOUND),
+    ],
+  REQUIRED: [
+    ('Login Required', LOGIN_REQUIRED),
+    ('memberKey', MEMBER_NOT_FOUND),
+    ],
+  RESOURCE_NOT_FOUND: [
+    ('resourceId', RESOURCE_ID_NOT_FOUND),
+    ],
+  }
+
+class aborted(Exception):
+  pass
+class accessNotConfigured(Exception):
+  pass
+class alreadyExists(Exception):
+  pass
+class authError(Exception):
+  pass
+class backendError(Exception):
+  pass
+class badRequest(Exception):
+  pass
+class cannotAddParent(Exception):
+  pass
+class cannotChangeOrganizer(Exception):
+  pass
+class cannotChangeOrganizerOfInstance(Exception):
+  pass
+class cannotChangeOwnAcl(Exception):
+  pass
+class cannotChangeOwnerAcl(Exception):
+  pass
+class cannotChangeOwnPrimarySubscription(Exception):
+  pass
+class cannotCopyFile(Exception):
+  pass
+class cannotDeleteOnlyRevision(Exception):
+  pass
+class cannotDeletePrimaryCalendar(Exception):
+  pass
+class cannotDeletePrimarySendAs(Exception):
+  pass
+class cannotDeleteResourceWithChildren(Exception):
+  pass
+class cannotModifyInheritedTeamDrivePermission(Exception):
+  pass
+class cannotModifyRestrictedLabel(Exception):
+  pass
+class cannotModifyViewersCanCopyContent(Exception):
+  pass
+class cannotMoveTrashedItemIntoTeamDrive(Exception):
+  pass
+class cannotMoveTrashedItemOutOfTeamDrive(Exception):
+  pass
+class cannotRemoveOwner(Exception):
+  pass
+class cannotSetExpiration(Exception):
+  pass
+class cannotShareGroupsWithLink(Exception):
+  pass
+class cannotShareUsersWithLink(Exception):
+  pass
+class cannotShareTeamDriveTopFolderWithAnyoneOrDomains(Exception):
+  pass
+class cannotShareTeamDriveWithNonGoogleAccounts(Exception):
+  pass
+class cannotUpdatePermission(Exception):
+  pass
+class conditionNotMet(Exception):
+  pass
+class conflict(Exception):
+  pass
+class crossDomainMoveRestriction(Exception):
+  pass
+class customerExceededRoleAssignmentsLimit(Exception):
+  pass
+class customerNotFound(Exception):
+  pass
+class cyclicMembershipsNotAllowed(Exception):
+  pass
+class deleted(Exception):
+  pass
+class deletedUserNotFound(Exception):
+  pass
+class domainAliasNotFound(Exception):
+  pass
+class domainCannotUseApis(Exception):
+  pass
+class domainNotFound(Exception):
+  pass
+class domainNotVerifiedSecondary(Exception):
+  pass
+class domainPolicy(Exception):
+  pass
+class duplicate(Exception):
+  pass
+class eventDurationExceedsLimit(Exception):
+  pass
+class failedPrecondition(Exception):
+  pass
+class fieldInUse(Exception):
+  pass
+class fieldNotWritable(Exception):
+  pass
+class fileNeverWritable(Exception):
+  pass
+class fileNotFound(Exception):
+  pass
+class fileOrganizerNotYetEnabledForThisTeamDrive(Exception):
+  pass
+class fileOrganizerOnFoldersInSharedDriveOnly(Exception):
+  pass
+class fileOrganizerOnNonTeamDriveNotSupported(Exception):
+  pass
+class fileOwnerNotMemberOfTeamDrive(Exception):
+  pass
+class fileOwnerNotMemberOfWriterDomain(Exception):
+  pass
+class fileWriterTeamDriveMoveInDisabled(Exception):
+  pass
+class forbidden(Exception):
+  pass
+class groupNotFound(Exception):
+  pass
+class illegalAccessRoleForDefault(Exception):
+  pass
+class insufficientAdministratorPrivileges(Exception):
+  pass
+class insufficientArchivedUserLicenses(Exception):
+  pass
+class insufficientFilePermissions(Exception):
+  pass
+class insufficientParentPermissions(Exception):
+  pass
+class insufficientPermissions(Exception):
+  pass
+class internalError(Exception):
+  pass
+class invalid(Exception):
+  pass
+class invalidArgument(Exception):
+  pass
+class invalidAttributeValue(Exception):
+  pass
+class invalidCustomerId(Exception):
+  pass
+class invalidInput(Exception):
+  pass
+class invalidLinkVisibility(Exception):
+  pass
+class invalidMember(Exception):
+  pass
+class invalidMessageId(Exception):
+  pass
+class invalidOrgunit(Exception):
+  pass
+class invalidOrgunitName(Exception):
+  pass
+class invalidOwnershipTransfer(Exception):
+  pass
+class invalidParameter(Exception):
+  pass
+class invalidParentOrgunit(Exception):
+  pass
+class invalidQuery(Exception):
+  pass
+class invalidResource(Exception):
+  pass
+class invalidSchemaValue(Exception):
+  pass
+class invalidScopeValue(Exception):
+  pass
+class invalidSharingRequest(Exception):
+  pass
+class labelMultipleValuesForSingularField(Exception):
+  pass
+class labelMutationForbidden(Exception):
+  pass
+class labelMutationIllegalSelection(Exception):
+  pass
+class labelMutationUnknownField(Exception):
+  pass
+class limitExceeded(Exception):
+  pass
+class loginRequired(Exception):
+  pass
+class memberNotFound(Exception):
+  pass
+class noListTeamDrivesAdministratorPrivilege(Exception):
+  pass
+class noManageTeamDriveAdministratorPrivilege(Exception):
+  pass
+class notACalendarUser(Exception):
+  pass
+class notFound(Exception):
+  pass
+class notImplemented(Exception):
+  pass
+class operationNotSupported(Exception):
+  pass
+class organizerOnNonTeamDriveNotSupported(Exception):
+  pass
+class organizerOnNonTeamDriveItemNotSupported(Exception):
+  pass
+class orgunitNotFound(Exception):
+  pass
+class ownerOnTeamDriveItemNotSupported(Exception):
+  pass
+class ownershipChangeAcrossDomainNotPermitted(Exception):
+  pass
+class participantIsNeitherOrganizerNorAttendee(Exception):
+  pass
+class permissionDenied(Exception):
+  pass
+class permissionNotFound(Exception):
+  pass
+class photoNotFound(Exception):
+  pass
+class publishOutNotPermitted(Exception):
+  pass
+class queryRequiresAdminCredentials(Exception):
+  pass
+class quotaExceeded(Exception):
+  pass
+class rateLimitExceeded(Exception):
+  pass
+class required(Exception):
+  pass
+class requiredAccessLevel(Exception):
+  pass
+class resourceExhausted(Exception):
+  pass
+class resourceIdNotFound(Exception):
+  pass
+class resourceNotFound(Exception):
+  pass
+class responsePreparationFailure(Exception):
+  pass
+class revisionDeletionNotSupported(Exception):
+  pass
+class revisionNotFound(Exception):
+  pass
+class revisionsNotSupported(Exception):
+  pass
+class serviceLimit(Exception):
+  pass
+class serviceNotAvailable(Exception):
+  pass
+class shareInNotPermitted(Exception):
+  pass
+class shareOutNotPermitted(Exception):
+  pass
+class shareOutNotPermittedToUser(Exception):
+  pass
+class sharingRateLimitExceeded(Exception):
+  pass
+class shortcutTargetInvalid(Exception):
+  pass
+class storageQuotaExceeded(Exception):
+  pass
+class systemError(Exception):
+  pass
+class teamDriveAlreadyExists(Exception):
+  pass
+class teamDriveDomainUsersOnlyRestriction(Exception):
+  pass
+class teamDriveTeamMembersOnlyRestriction(Exception):
+  pass
+class teamDriveHierarchyTooDeep(Exception):
+  pass
+class teamDriveMembershipRequired(Exception):
+  pass
+class teamDrivesFolderMoveInNotSupported(Exception):
+  pass
+class teamDrivesFolderSharingNotSupported(Exception):
+  pass
+class teamDrivesParentLimit(Exception):
+  pass
+class teamDrivesSharingRestrictionNotAllowed(Exception):
+  pass
+class teamDrivesShortcutFileNotSupported(Exception):
+  pass
+class timeRangeEmpty(Exception):
+  pass
+class transientError(Exception):
+  pass
+class unknownError(Exception):
+  pass
+class uploadTooLarge(Exception):
+  pass
+class userAccess(Exception):
+  pass
+class userNotFound(Exception):
+  pass
+class userRateLimitExceeded(Exception):
+  pass
+
+REASON_EXCEPTION_MAP = {
+  ABORTED: aborted,
+  ACCESS_NOT_CONFIGURED: accessNotConfigured,
+  ALREADY_EXISTS: alreadyExists,
+  AUTH_ERROR: authError,
+  BACKEND_ERROR: backendError,
+  BAD_REQUEST: badRequest,
+  CANNOT_ADD_PARENT: cannotAddParent,
+  CANNOT_CHANGE_ORGANIZER: cannotChangeOrganizer,
+  CANNOT_CHANGE_ORGANIZER_OF_INSTANCE: cannotChangeOrganizerOfInstance,
+  CANNOT_CHANGE_OWN_ACL: cannotChangeOwnAcl,
+  CANNOT_CHANGE_OWNER_ACL: cannotChangeOwnerAcl,
+  CANNOT_CHANGE_OWN_PRIMARY_SUBSCRIPTION: cannotChangeOwnPrimarySubscription,
+  CANNOT_COPY_FILE: cannotCopyFile,
+  CANNOT_DELETE_ONLY_REVISION: cannotDeleteOnlyRevision,
+  CANNOT_DELETE_PRIMARY_CALENDAR: cannotDeletePrimaryCalendar,
+  CANNOT_DELETE_PRIMARY_SENDAS: cannotDeletePrimarySendAs,
+  CANNOT_DELETE_RESOURCE_WITH_CHILDREN: cannotDeleteResourceWithChildren,
+  CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION: cannotModifyInheritedTeamDrivePermission,
+  CANNOT_MODIFY_RESTRICTED_LABEL: cannotModifyRestrictedLabel,
+  CANNOT_MODIFY_VIEWERS_CAN_COPY_CONTENT: cannotModifyViewersCanCopyContent,
+  CANNOT_MOVE_TRASHED_ITEM_INTO_TEAMDRIVE: cannotMoveTrashedItemIntoTeamDrive,
+  CANNOT_MOVE_TRASHED_ITEM_OUT_OF_TEAMDRIVE: cannotMoveTrashedItemOutOfTeamDrive,
+  CANNOT_REMOVE_OWNER: cannotRemoveOwner,
+  CANNOT_SET_EXPIRATION: cannotSetExpiration,
+  CANNOT_SHARE_GROUPS_WITHLINK: cannotShareGroupsWithLink,
+  CANNOT_SHARE_USERS_WITHLINK: cannotShareUsersWithLink,
+  CANNOT_SHARE_TEAMDRIVE_TOPFOLDER_WITH_ANYONEORDOMAINS: cannotShareTeamDriveTopFolderWithAnyoneOrDomains,
+  CANNOT_SHARE_TEAMDRIVE_WITH_NONGOOGLE_ACCOUNTS: cannotShareTeamDriveWithNonGoogleAccounts,
+  CANNOT_UPDATE_PERMISSION: cannotUpdatePermission,
+  CONDITION_NOT_MET: conditionNotMet,
+  CONFLICT: conflict,
+  CROSS_DOMAIN_MOVE_RESTRICTION: crossDomainMoveRestriction,
+  CUSTOMER_EXCEEDED_ROLE_ASSIGNMENTS_LIMIT: customerExceededRoleAssignmentsLimit,
+  CUSTOMER_NOT_FOUND: customerNotFound,
+  CYCLIC_MEMBERSHIPS_NOT_ALLOWED: cyclicMembershipsNotAllowed,
+  DELETED: deleted,
+  DELETED_USER_NOT_FOUND: deletedUserNotFound,
+  DOMAIN_ALIAS_NOT_FOUND: domainAliasNotFound,
+  DOMAIN_CANNOT_USE_APIS: domainCannotUseApis,
+  DOMAIN_NOT_FOUND: domainNotFound,
+  DOMAIN_NOT_VERIFIED_SECONDARY: domainNotVerifiedSecondary,
+  DOMAIN_POLICY: domainPolicy,
+  DUPLICATE: duplicate,
+  EVENT_DURATION_EXCEEDS_LIMIT: eventDurationExceedsLimit,
+  FAILED_PRECONDITION: failedPrecondition,
+  FIELD_IN_USE: fieldInUse,
+  FIELD_NOT_WRITABLE: fieldNotWritable,
+  FILE_NEVER_WRITABLE: fileNeverWritable,
+  FILE_NOT_FOUND: fileNotFound,
+  FILE_ORGANIZER_NOT_YET_ENABLED_FOR_THIS_TEAMDRIVE: fileOrganizerNotYetEnabledForThisTeamDrive,
+  FILE_ORGANIZER_ON_FOLDERS_IN_SHARED_DRIVE_ONLY: fileOrganizerOnFoldersInSharedDriveOnly,
+  FILE_ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED: fileOrganizerOnNonTeamDriveNotSupported,
+  FILE_OWNER_NOT_MEMBER_OF_TEAMDRIVE: fileOwnerNotMemberOfTeamDrive,
+  FILE_OWNER_NOT_MEMBER_OF_WRITER_DOMAIN: fileOwnerNotMemberOfWriterDomain,
+  FILE_WRITER_TEAMDRIVE_MOVE_IN_DISABLED: fileWriterTeamDriveMoveInDisabled,
+  FORBIDDEN: forbidden,
+  GROUP_NOT_FOUND: groupNotFound,
+  ILLEGAL_ACCESS_ROLE_FOR_DEFAULT: illegalAccessRoleForDefault,
+  INSUFFICIENT_ADMINISTRATOR_PRIVILEGES: insufficientAdministratorPrivileges,
+  INSUFFICIENT_ARCHIVED_USER_LICENSES: insufficientArchivedUserLicenses,
+  INSUFFICIENT_FILE_PERMISSIONS: insufficientFilePermissions,
+  INSUFFICIENT_PARENT_PERMISSIONS: insufficientParentPermissions,
+  INSUFFICIENT_PERMISSIONS: insufficientPermissions,
+  INTERNAL_ERROR: internalError,
+  INVALID: invalid,
+  INVALID_ARGUMENT: invalidArgument,
+  INVALID_ATTRIBUTE_VALUE: invalidAttributeValue,
+  INVALID_CUSTOMER_ID: invalidCustomerId,
+  INVALID_INPUT: invalidInput,
+  INVALID_LINK_VISIBILITY: invalidLinkVisibility,
+  INVALID_MEMBER: invalidMember,
+  INVALID_MESSAGE_ID: invalidMessageId,
+  INVALID_ORGUNIT: invalidOrgunit,
+  INVALID_ORGUNIT_NAME: invalidOrgunitName,
+  INVALID_OWNERSHIP_TRANSFER: invalidOwnershipTransfer,
+  INVALID_PARAMETER: invalidParameter,
+  INVALID_PARENT_ORGUNIT: invalidParentOrgunit,
+  INVALID_QUERY: invalidQuery,
+  INVALID_RESOURCE: invalidResource,
+  INVALID_SCHEMA_VALUE: invalidSchemaValue,
+  INVALID_SCOPE_VALUE: invalidScopeValue,
+  INVALID_SHARING_REQUEST: invalidSharingRequest,
+  LABEL_MULTIPLE_VALUES_FOR_SINGULAR_FIELD: labelMultipleValuesForSingularField,
+  LABEL_MUTATION_FORBIDDEN: labelMutationForbidden,
+  LABEL_MUTATION_ILLEGAL_SELECTION: labelMutationIllegalSelection,
+  LABEL_MUTATION_UNKNOWN_FIELD: labelMutationUnknownField,
+  LIMIT_EXCEEDED: limitExceeded,
+  LOGIN_REQUIRED: loginRequired,
+  MEMBER_NOT_FOUND: memberNotFound,
+  NO_LIST_TEAMDRIVES_ADMINISTRATOR_PRIVILEGE: noListTeamDrivesAdministratorPrivilege,
+  NO_MANAGE_TEAMDRIVE_ADMINISTRATOR_PRIVILEGE: noManageTeamDriveAdministratorPrivilege,
+  NOT_A_CALENDAR_USER: notACalendarUser,
+  NOT_FOUND: notFound,
+  NOT_IMPLEMENTED: notImplemented,
+  OPERATION_NOT_SUPPORTED: operationNotSupported,
+  ORGANIZER_ON_NON_TEAMDRIVE_NOT_SUPPORTED: organizerOnNonTeamDriveNotSupported,
+  ORGANIZER_ON_NON_TEAMDRIVE_ITEM_NOT_SUPPORTED: organizerOnNonTeamDriveItemNotSupported,
+  ORGUNIT_NOT_FOUND: orgunitNotFound,
+  OWNER_ON_TEAMDRIVE_ITEM_NOT_SUPPORTED: ownerOnTeamDriveItemNotSupported,
+  OWNERSHIP_CHANGE_ACROSS_DOMAIN_NOT_PERMITTED: ownershipChangeAcrossDomainNotPermitted,
+  PARTICIPANT_IS_NEITHER_ORGANIZER_NOR_ATTENDEE: participantIsNeitherOrganizerNorAttendee,
+  PERMISSION_DENIED: permissionDenied,
+  PERMISSION_NOT_FOUND: permissionNotFound,
+  PHOTO_NOT_FOUND: photoNotFound,
+  PUBLISH_OUT_NOT_PERMITTED: publishOutNotPermitted,
+  QUERY_REQUIRES_ADMIN_CREDENTIALS: queryRequiresAdminCredentials,
+  QUOTA_EXCEEDED: quotaExceeded,
+  RATE_LIMIT_EXCEEDED: rateLimitExceeded,
+  REQUIRED: required,
+  REQUIRED_ACCESS_LEVEL: requiredAccessLevel,
+  RESOURCE_EXHAUSTED: resourceExhausted,
+  RESOURCE_ID_NOT_FOUND: resourceIdNotFound,
+  RESOURCE_NOT_FOUND: resourceNotFound,
+  RESPONSE_PREPARATION_FAILURE: responsePreparationFailure,
+  REVISION_DELETION_NOT_SUPPORTED: revisionDeletionNotSupported,
+  REVISION_NOT_FOUND: revisionNotFound,
+  REVISIONS_NOT_SUPPORTED: revisionsNotSupported,
+  SERVICE_LIMIT: serviceLimit,
+  SERVICE_NOT_AVAILABLE: serviceNotAvailable,
+  SHARE_IN_NOT_PERMITTED: shareInNotPermitted,
+  SHARE_OUT_NOT_PERMITTED: shareOutNotPermitted,
+  SHARE_OUT_NOT_PERMITTED_TO_USER: shareOutNotPermittedToUser,
+  SHARING_RATE_LIMIT_EXCEEDED: sharingRateLimitExceeded,
+  SHORTCUT_TARGET_INVALID: shortcutTargetInvalid,
+  STORAGE_QUOTA_EXCEEDED: storageQuotaExceeded,
+  SYSTEM_ERROR: systemError,
+  TEAMDRIVE_ALREADY_EXISTS: teamDriveAlreadyExists,
+  TEAMDRIVE_DOMAIN_USERS_ONLY_RESTRICTION: teamDriveDomainUsersOnlyRestriction,
+  TEAMDRIVE_TEAM_MEMBERS_ONLY_RESTRICTION: teamDriveTeamMembersOnlyRestriction,
+  TEAMDRIVE_HIERARCHY_TOO_DEEP: teamDriveHierarchyTooDeep,
+  TEAMDRIVE_MEMBERSHIP_REQUIRED: teamDriveMembershipRequired,
+  TEAMDRIVES_FOLDER_MOVE_IN_NOT_SUPPORTED: teamDrivesFolderMoveInNotSupported,
+  TEAMDRIVES_FOLDER_SHARING_NOT_SUPPORTED: teamDrivesFolderSharingNotSupported,
+  TEAMDRIVES_PARENT_LIMIT: teamDrivesParentLimit,
+  TEAMDRIVES_SHARING_RESTRICTION_NOT_ALLOWED: teamDrivesSharingRestrictionNotAllowed,
+  TEAMDRIVES_SHORTCUT_FILE_NOT_SUPPORTED: teamDrivesShortcutFileNotSupported,
+  TIME_RANGE_EMPTY: timeRangeEmpty,
+  TRANSIENT_ERROR: transientError,
+  UNKNOWN_ERROR: unknownError,
+  UPLOAD_TOO_LARGE: uploadTooLarge,
+  USER_ACCESS: userAccess,
+  USER_NOT_FOUND: userNotFound,
+  USER_RATE_LIMIT_EXCEEDED: userRateLimitExceeded,
+  }

src/gam/gamlib/glgdata.py

@@ -0,0 +1,98 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM GData resources
+
+"""
+API_DEPRECATED_MSG = 'Contacts API is being deprecated.'
+
+# callGData throw errors
+API_DEPRECATED = 612
+BAD_GATEWAY = 601
+BAD_REQUEST = 602
+DOES_NOT_EXIST = 1301
+ENTITY_EXISTS = 1300
+FORBIDDEN = 603
+GATEWAY_TIMEOUT = 612
+INSUFFICIENT_PERMISSIONS = 604
+INTERNAL_SERVER_ERROR = 1000
+INVALID_DOMAIN = 605
+INVALID_INPUT = 1317
+INVALID_VALUE = 1801
+NAME_NOT_VALID = 1303
+NOT_FOUND = 606
+NOT_IMPLEMENTED = 607
+PRECONDITION_FAILED = 608
+QUOTA_EXCEEDED = 609
+SERVICE_NOT_APPLICABLE = 1410
+SERVICE_UNAVAILABLE = 610
+TOKEN_EXPIRED = 611
+TOKEN_INVALID = 403
+UNKNOWN_ERROR = 600
+#
+NON_TERMINATING_ERRORS = [API_DEPRECATED, BAD_GATEWAY, GATEWAY_TIMEOUT, QUOTA_EXCEEDED, SERVICE_UNAVAILABLE, TOKEN_EXPIRED]
+EMAILSETTINGS_THROW_LIST = [INVALID_DOMAIN, DOES_NOT_EXIST, SERVICE_NOT_APPLICABLE, BAD_REQUEST, NAME_NOT_VALID, INTERNAL_SERVER_ERROR, INVALID_VALUE]
+#
+class apiDeprecated(Exception):
+  pass
+class badRequest(Exception):
+  pass
+class doesNotExist(Exception):
+  pass
+class entityExists(Exception):
+  pass
+class forbidden(Exception):
+  pass
+class insufficientPermissions(Exception):
+  pass
+class internalServerError(Exception):
+  pass
+class invalidDomain(Exception):
+  pass
+class invalidInput(Exception):
+  pass
+class invalidValue(Exception):
+  pass
+class nameNotValid(Exception):
+  pass
+class notFound(Exception):
+  pass
+class notImplemented(Exception):
+  pass
+class preconditionFailed(Exception):
+  pass
+class serviceNotApplicable(Exception):
+  pass
+
+ERROR_CODE_EXCEPTION_MAP = {
+  API_DEPRECATED: apiDeprecated,
+  BAD_REQUEST: badRequest,
+  DOES_NOT_EXIST: doesNotExist,
+  ENTITY_EXISTS: entityExists,
+  FORBIDDEN: forbidden,
+  INSUFFICIENT_PERMISSIONS: insufficientPermissions,
+  INTERNAL_SERVER_ERROR: internalServerError,
+  INVALID_DOMAIN: invalidDomain,
+  INVALID_INPUT: invalidInput,
+  INVALID_VALUE: invalidValue,
+  NAME_NOT_VALID: nameNotValid,
+  NOT_FOUND: notFound,
+  NOT_IMPLEMENTED: notImplemented,
+  PRECONDITION_FAILED: preconditionFailed,
+  SERVICE_NOT_APPLICABLE: serviceNotApplicable,
+  }

src/gam/gamlib/glglobals.py

@@ -0,0 +1,277 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM global variables
+
+"""
+
+# The following GM_XXX constants are arbitrary but must be unique
+# Most errors print a message and bail out with a return code
+# Some commands want to set a non-zero return code but not bail
+# GAM admin user
+ADMIN = 'admin'
+# Number/length of API call retries
+API_CALLS_RETRY_DATA = 'rtry'
+# GAM cache directory. If no_cache is True, this variable will be set to None
+CACHE_DIR = 'gacd'
+# Reset GAM cache directory after discovery
+CACHE_DISCOVERY_ONLY = 'gcdo'
+# Classroom service not available
+CLASSROOM_SERVICE_NOT_AVAILABLE = 'csna'
+# Command logging
+CMDLOG_HANDLER = 'clha'
+CMDLOG_LOGGER = 'cllo'
+# Convert to local time
+CONVERT_TO_LOCAL_TIME = 'ctlt'
+# Credentials scopes
+CREDENTIALS_SCOPES = 'crsc'
+# csvfile keyfield <FieldName> [delimiter <Character>] (matchfield <FieldName> <MatchPattern>)* [datafield <FieldName>(:<FieldName>*) [delimiter <String>]]
+CSVFILE = 'csvf'
+# { key: [datafieldvalues]}
+CSV_DATA_DICT = 'csdd'
+CSV_KEY_FIELD = 'cskf'
+CSV_SUBKEY_FIELD = 'cssk'
+CSV_DATA_FIELD = 'csdf'
+# Filter for input column drop values
+CSV_INPUT_ROW_DROP_FILTER = 'cird'
+# Mode (and|or) for input column drop values
+CSV_INPUT_ROW_DROP_FILTER_MODE = 'cidm'
+# Filter for input column values
+CSV_INPUT_ROW_FILTER = 'cirf'
+# Mode (and|or) for input column values
+CSV_INPUT_ROW_FILTER_MODE = 'cirm'
+# Limit number of input rows
+CSV_INPUT_ROW_LIMIT = 'cirl'
+# Column delimiter in CSV output file
+CSV_OUTPUT_COLUMN_DELIMITER = 'codl'
+# Filter for output column headers to drop
+CSV_OUTPUT_HEADER_DROP_FILTER = 'cohd'
+# Filter for output column headers
+CSV_OUTPUT_HEADER_FILTER = 'cohf'
+# Force output column headers
+CSV_OUTPUT_HEADER_FORCE = 'cofh'
+# Quote character in CSV output file
+CSV_OUTPUT_QUOTE_CHAR = 'coqc'
+# Filter for output column drop values
+CSV_OUTPUT_ROW_DROP_FILTER = 'cord'
+# Mode (and|or) for output column drop values
+CSV_OUTPUT_ROW_DROP_FILTER_MODE = 'codm'
+# Filter for output column values
+CSV_OUTPUT_ROW_FILTER = 'corf'
+# Mode (and|or) for output column values
+CSV_OUTPUT_ROW_FILTER_MODE = 'corm'
+# Limit number of output rows
+CSV_OUTPUT_ROW_LIMIT = 'corl'
+# Add timestamp column to CSV output file
+CSV_OUTPUT_TIMESTAMP_COLUMN = 'csv_output_timestamp_column'
+# CSV todrive options
+CSV_TODRIVE = 'todr'
+# Current API services
+CURRENT_API_SERVICES = 'caps'
+# Current Client API
+CURRENT_CLIENT_API = 'ccap'
+# Current Client API scopes
+CURRENT_CLIENT_API_SCOPES = 'ccas'
+# Current Service Account API
+CURRENT_SVCACCT_API = 'csap'
+# Current Service Account API scopes
+CURRENT_SVCACCT_API_SCOPES = 'csas'
+# Current Service Account user
+CURRENT_SVCACCT_USER = 'csa'
+# datetime.datetime.now
+DATETIME_NOW = 'dtno'
+# If debug_level > 0: extra_args['prettyPrint'] = True, httplib2.debuglevel = gam_debug_level, appsObj.debug = True
+DEBUG_LEVEL = 'dbgl'
+# Decoded ID token
+DECODED_ID_TOKEN = 'didt'
+# Index of start of <UserTypeEntity> in command line
+ENTITY_CL_DELAY_START = 'ecld'
+ENTITY_CL_START = 'ecls'
+# Extra arguments to pass to GAPI functions
+EXTRA_ARGS_LIST = 'exad'
+# gam.cfg file
+GAM_CFG_FILE = 'gcfi'
+GAM_CFG_PATH = 'gcpa'
+GAM_CFG_SECTION = 'gcse'
+GAM_CFG_SECTION_NAME = 'gcsn'
+# Path to gam
+GAM_PATH = 'gpth'
+# Python source, PyInstaller or StaticX?
+GAM_TYPE = 'gtyp'
+# Length of last Got message
+LAST_GOT_MSG_LEN = 'lgml'
+# License SKUs
+LICENSE_SKUS = 'lsku'
+# Make Building ID/Name map
+MAKE_BUILDING_ID_NAME_MAP = 'mkbm'
+# Dictionary mapping Building ID to Name
+MAP_BUILDING_ID_TO_NAME = 'bi2n'
+# Dictionary mapping Building Name to ID
+MAP_BUILDING_NAME_TO_ID = 'bn2i'
+# Dictionary mapping OrgUnit ID to Name
+MAP_ORGUNIT_ID_TO_NAME = 'oi2n'
+# Dictionary mapping Shared Drive ID to Name
+MAP_SHAREDDRIVE_ID_TO_NAME = 'si2n'
+# Make Role ID/Name map
+MAKE_ROLE_ID_NAME_MAP = 'mkrm'
+# Dictionary mapping Role ID to Name
+MAP_ROLE_ID_TO_NAME = 'ri2n'
+# Dictionary mapping Role Name to ID
+MAP_ROLE_NAME_TO_ID = 'rn2i'
+# Dictionary mapping User ID to Name
+MAP_USER_ID_TO_NAME = 'ui2n'
+# Multiprocess exit condition
+MULTIPROCESS_EXIT_CONDITION = 'mpec'
+# Multiprocess exit processing
+MULTIPROCESS_EXIT_PROCESSING = 'mpep'
+# Number of batch items
+NUM_BATCH_ITEMS = 'nbat'
+# Values retrieved from oauth2service.json
+OAUTH2SERVICE_CLIENT_ID = 'osci'
+OAUTH2SERVICE_JSON_DATA = 'osjd'
+# Values retrieved from oauth2.txt
+OAUTH2_CLIENT_ID = 'oaci'
+# oauth2.txt lock file
+OAUTH2_TXT_LOCK = 'oatl'
+# gam.cfg parser
+PARSER = 'pars'
+# Process ID
+PID = 'pid '
+# Check API calls rate
+RATE_CHECK_COUNT = 'rccn'
+RATE_CHECK_START = 'rcst'
+# Section name from outer gam, passed to inner gams
+SECTION = 'sect'
+# redirected files
+SAVED_STDOUT = 'svso'
+STDERR = 'stde'
+STDOUT = 'stdo'
+# Scopes values retrieved from oauth2service.json
+SVCACCT_SCOPES = 'sasc'
+# Were scopes values retrieved from oauth2service.json
+SVCACCT_SCOPES_DEFINED = 'sasd'
+# Most errors print a message and bail out with a return code
+# Some commands want to set a non-zero return code but not bail
+SYSEXITRC = 'sxrc'
+# Encodings
+SYS_ENCODING = 'syen'
+# Shared by threadBatchWorker and threadBatchGAMCommands
+TBATCH_QUEUE = 'batq'
+# redirected file fields: name, mode, encoding, write header, multiproces, queue
+REDIRECT_NAME = 'rdfn'
+REDIRECT_MODE = 'rdmo'
+REDIRECT_FD = 'rdfd'
+REDIRECT_MULTI_FD = 'rdmf'
+REDIRECT_STD = 'rdst'
+REDIRECT_ENCODING = 'rden'
+REDIRECT_WRITE_HEADER = 'rdwh'
+REDIRECT_MULTIPROCESS = 'rdmp'
+REDIRECT_QUEUE = 'rdq'
+REDIRECT_QUEUE_NAME = 'name'
+REDIRECT_QUEUE_TODRIVE = 'todrive'
+REDIRECT_QUEUE_CSVPF = 'csvpf'
+REDIRECT_QUEUE_DATA = 'rows'
+REDIRECT_QUEUE_ARGS = 'args'
+REDIRECT_QUEUE_GLOBALS = 'globals'
+REDIRECT_QUEUE_VALUES = 'values'
+REDIRECT_QUEUE_START = 'start'
+REDIRECT_QUEUE_END = 'end'
+REDIRECT_QUEUE_EOF = 'eof'
+#
+Globals = {
+  ADMIN: None,
+  API_CALLS_RETRY_DATA: {},
+  CACHE_DIR: None,
+  CACHE_DISCOVERY_ONLY: True,
+  CLASSROOM_SERVICE_NOT_AVAILABLE: False,
+  CMDLOG_HANDLER: None,
+  CMDLOG_LOGGER: None,
+  CONVERT_TO_LOCAL_TIME: False,
+  CREDENTIALS_SCOPES: set(),
+  CSVFILE: {},
+  CSV_DATA_DICT: {},
+  CSV_KEY_FIELD: None,
+  CSV_SUBKEY_FIELD: None,
+  CSV_DATA_FIELD: None,
+  CSV_INPUT_ROW_DROP_FILTER: [],
+  CSV_INPUT_ROW_DROP_FILTER_MODE: False,
+  CSV_INPUT_ROW_FILTER: [],
+  CSV_INPUT_ROW_FILTER_MODE: True,
+  CSV_INPUT_ROW_LIMIT: 0,
+  CSV_OUTPUT_COLUMN_DELIMITER: None,
+  CSV_OUTPUT_HEADER_DROP_FILTER: [],
+  CSV_OUTPUT_HEADER_FILTER: [],
+  CSV_OUTPUT_HEADER_FORCE: [],
+  CSV_OUTPUT_QUOTE_CHAR: None,
+  CSV_OUTPUT_ROW_DROP_FILTER: [],
+  CSV_OUTPUT_ROW_DROP_FILTER_MODE: False,
+  CSV_OUTPUT_ROW_FILTER: [],
+  CSV_OUTPUT_ROW_FILTER_MODE: True,
+  CSV_OUTPUT_ROW_LIMIT: 0,
+  CSV_OUTPUT_TIMESTAMP_COLUMN: None,
+  CSV_TODRIVE: {},
+  CURRENT_API_SERVICES: {},
+  CURRENT_CLIENT_API: None,
+  CURRENT_CLIENT_API_SCOPES: set(),
+  CURRENT_SVCACCT_API: None,
+  CURRENT_SVCACCT_API_SCOPES: set(),
+  CURRENT_SVCACCT_USER: None,
+  DATETIME_NOW: None,
+  DEBUG_LEVEL: 0,
+  DECODED_ID_TOKEN: None,
+  ENTITY_CL_DELAY_START: 1,
+  ENTITY_CL_START: 1,
+  EXTRA_ARGS_LIST: [],
+  GAM_CFG_FILE: '',
+  GAM_CFG_PATH: '',
+  GAM_CFG_SECTION: '',
+  GAM_CFG_SECTION_NAME: '',
+  GAM_PATH: '.',
+  GAM_TYPE: '',
+  LAST_GOT_MSG_LEN: 0,
+  LICENSE_SKUS: [],
+  MAKE_BUILDING_ID_NAME_MAP: True,
+  MAKE_ROLE_ID_NAME_MAP: True,
+  MAP_BUILDING_ID_TO_NAME: {},
+  MAP_BUILDING_NAME_TO_ID: {},
+  MAP_ORGUNIT_ID_TO_NAME: {},
+  MAP_SHAREDDRIVE_ID_TO_NAME: {},
+  MAP_ROLE_ID_TO_NAME: {},
+  MAP_ROLE_NAME_TO_ID: {},
+  MAP_USER_ID_TO_NAME: {},
+  MULTIPROCESS_EXIT_CONDITION: None,
+  MULTIPROCESS_EXIT_PROCESSING: False,
+  NUM_BATCH_ITEMS: 0,
+  OAUTH2SERVICE_CLIENT_ID: None,
+  OAUTH2SERVICE_JSON_DATA: {},
+  OAUTH2_CLIENT_ID: None,
+  OAUTH2_TXT_LOCK: None,
+  PARSER: None,
+  PID: 0,
+  RATE_CHECK_COUNT: 0,
+  RATE_CHECK_START: 0,
+  SECTION: None,
+  SAVED_STDOUT: None,
+  STDERR: {},
+  STDOUT: {},
+  SVCACCT_SCOPES: {},
+  SVCACCT_SCOPES_DEFINED: False,
+  SYSEXITRC: 0,
+  SYS_ENCODING: 'utf-8',
+  TBATCH_QUEUE: None
+  }

src/gam/gamlib/glindent.py

@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM indent processing
+
+"""
+
+class GamIndent():
+
+  INDENT_SPACES_PER_LEVEL = '  '
+
+  def __init__(self):
+    self.indent = 0
+
+  def Reset(self):
+    self.indent = 0
+
+  def Increment(self):
+    self.indent += 1
+
+  def Decrement(self):
+    self.indent -= 1
+
+  def Spaces(self):
+    return self.INDENT_SPACES_PER_LEVEL*self.indent
+
+  def SpacesSub1(self):
+    return self.INDENT_SPACES_PER_LEVEL*(self.indent-1)
+
+  def MultiLineText(self, message, n=0):
+    return message.replace('\n', f'\n{self.INDENT_SPACES_PER_LEVEL*(self.indent+n)}').rstrip()

src/gam/gamlib/glmsgs.py

@@ -0,0 +1,485 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM messages
+
+"""
+
+# These values can be translated into other languages
+# Project creation messages in order of appearance
+CREATING_PROJECT = 'Creating project "{0}"...\n'
+CHECK_INTERRUPTED = 'Check interrupted'
+CHECKING_PROJECT_CREATION_STATUS = 'Checking project creation status...\n'
+NO_RIGHTS_GOOGLE_CLOUD_ORGANIZATION = 'Looks like you have no rights to your Google Cloud Organization.\nAttempting to fix that...\n'
+YOUR_ORGANIZATION_NAME_IS = 'Your organization name is {0}\n'
+YOU_HAVE_NO_RIGHTS_TO_CREATE_PROJECTS_AND_YOU_ARE_NOT_A_SUPER_ADMIN = 'You have no rights to create projects for your organization and you don\'t seem to be a super admin! Sorry, there\'s nothing more I can do.'
+LOOKS_LIKE_NO_ONE_HAS_RIGHTS_TO_YOUR_GOOGLE_CLOUD_ORGANIZATION_ATTEMPTING_TO_GIVE_YOU_CREATE_RIGHTS = 'Looks like no one has rights to your Google Cloud Organization. Attempting to give you create rights...\n'
+THE_FOLLOWING_RIGHTS_SEEM_TO_EXIST = 'The following rights seem to exist:\n'
+GIVING_LOGIN_HINT_THE_CREATOR_ROLE = 'Giving {0} the role of {1}...\n'
+ACCEPT_CLOUD_TOS = '''
+Please go to:
+
+https://console.cloud.google.com/projectselector2/home/dashboard?supportedpurview=project
+
+sign in as {0} and accept the Terms of Service (ToS). As soon as you've accepted the ToS popup, you can return here and press enter.\n'''
+
+PROJECT_STILL_BEING_CREATED_SLEEPING = 'Project still being created. Sleeping {0} seconds\n'
+FAILED_TO_CREATE_PROJECT = 'Failed to create project: {0}\n'
+SETTING_GAM_PROJECT_CONSENT_SCREEN = 'Setting GAM project consent screen...\n'
+CREATE_PROJECT_INSTRUCTIONS = '''
+Please go to:
+
+  {0}
+
+1. Choose "Desktop App" or "Other" for "Application type".
+2. Enter "GAM" or another desired value for "Name".
+3. Click the blue "Create" button.
+4. Copy your "Client ID" value that shows on the next page.
+'''
+ENTER_YOUR_CLIENT_ID = '\nEnter your Client ID: '
+GO_BACK_TO_YOUR_BROWSER_AND_COPY_YOUR_CLIENT_SECRET_VALUE = '\n5. Go back to your browser and copy your "Client Secret" value.\n'
+ENTER_YOUR_CLIENT_SECRET = '\nEnter your Client Secret: '
+GO_BACK_TO_YOUR_BROWSER_AND_CLICK_OK_TO_CLOSE_THE_OAUTH_CLIENT_POPUP = '\n6. Go back to your browser and click OK to close the "OAuth client" popup if it\'s still open.\n'
+IS_NOT_A_VALID_CLIENT_ID = '''
+
+{0}
+
+Is not a valid Client ID.
+
+Please make sure you are following the directions exactly and that there are no extra spaces in your Client ID.
+'''
+IS_NOT_A_VALID_CLIENT_SECRET = '''
+
+{0}
+
+Is not a valid Client Secret.
+
+Please make sure you are following the directions exactly and that there are no extra spaces in your Client Secret.
+'''
+TRUST_GAM_CLIENT_ID = '''
+Now it's important to mark the GAM Client ID as trusted by your Workspace instance.
+
+Please go to:
+
+  https://admin.google.com/ac/owl/list?tab=configuredApps
+
+1. Click on: Add app > OAuth App Name Or Client ID.
+2. Enter the following Client ID value:
+
+  {0}
+
+3. Press Search, select the GAM app, press Select, check the box and press Select.
+4. Keep the default scope or select a preferred scope that includes your GAM admin.
+5. Press Continue
+6. Select Trusted radio button, press Continue and Finish.
+7. Press enter once trust is complete.'
+'''
+
+YOUR_GAM_PROJECT_IS_CREATED_AND_READY_TO_USE = 'That\'s it! Your GAM Project is created and ready to use.\n'
+
+# check|update service messages in order of appearance
+SYSTEM_TIME_STATUS = 'System time status'
+YOUR_SYSTEM_TIME_DIFFERS_FROM_GOOGLE = 'Your system time differs from {0} by {1}'
+PRESS_ENTER_ONCE_AUTHORIZATION_IS_COMPLETE = 'Press enter once authorization is complete.'
+SERVICE_ACCOUNT_API_DISABLED = '{0} not enabled. Please run "gam update project" and "gam user user@domain.com check serviceaccount"'
+SERVICE_ACCOUNT_PRIVATE_KEY_AUTHENTICATION = 'Service Account Private Key Authentication'
+SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE = 'Service Account Private Key age; Google recommends rotating keys on a routine basis'
+SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
+SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
+UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
+DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
+SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
+
+Service Account Client name: {0} is fully authorized.
+'''
+SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
+To authorize them (in case some scopes were unselected), please go to the following link in your browser:
+{0}
+    {1}
+
+You will be directed to the Google Workspace admin console Security > API Controls > Domain-wide Delegation page
+The "Add a new Client ID" box will open
+Make sure that "Overwrite existing client ID" is checked
+Click AUTHORIZE
+When the box closes you're done
+After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
+'''
+SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED!
+To authorize them, please go to the following link in your browser:
+{0}
+    {1}
+
+You will be directed to the Google Workspace admin console Security > API Controls > Domain-wide Delegation page
+The "Add a new Client ID" box will open
+Make sure that "Overwrite existing client ID" is checked
+Click AUTHORIZE
+When the box closes you're done
+After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
+'''
+# General messages
+ACCESS_FORBIDDEN = 'Access Forbidden'
+ACTION_APPLIED = 'Action Applied'
+ACTION_IN_PROGRESS = 'Action {0} in progress'
+ACTION_MAY_BE_DELAYED = 'Action may be delayed'
+ADMIN_STATUS_CHANGED_TO = 'Admin Status Changed to'
+ALL = 'All'
+ALL_FOLDER_NAMES_MUST_BE_NON_BLANK = 'All folder names must be non-blank: {0}'
+ALL_SKU_PRODUCTIDS_MUST_MATCH = 'All SKU productIds must match, {0} != {1}'
+ALREADY_WAS_OWNER = 'Already was owner'
+ALREADY_EXISTS = 'Already exists'
+ALREADY_EXISTS_IN_TARGET_FOLDER = 'Already exists in {0}: {1}'
+ALREADY_EXISTS_USE_MERGE_ARGUMENT = 'Already exists; use the "merge" argument to merge the labels'
+API_ACCESS_DENIED = 'API access Denied'
+API_CALLS_RETRY_DATA = 'API calls retry data\n'
+API_CHECK_CLIENT_AUTHORIZATION = 'Please make sure the Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam oauth create\n'
+API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} check serviceaccount\n'
+API_ERROR_SETTINGS = 'API error, some settings not set'
+ARE_MUTUALLY_EXCLUSIVE = 'Arguments {0} and {1} are mutually exclusive'
+AS = 'as'
+ATTENDEES_ADD = 'Add Attendees'
+ATTENDEES_ADD_REMOVE = 'Add/Remove Attendees'
+ATTENDEES_REMOVE = 'Remove Attendees'
+AUTHORIZATION_FILE_ALREADY_EXISTS = '{0} already exists. Please delete or rename it before attempting to {1} project.'
+AUTHENTICATION_FLOW_COMPLETE = '\nThe authentication flow has completed.'
+AUTHENTICATION_FLOW_COMPLETE_CLOSE_BROWSER = 'The authentication flow has completed. You may close this browser window and return to {0}.'
+AUTHENTICATION_FLOW_FAILED = 'The authentication flow failed, reissue command'
+BAD_ENTITIES_IN_SOURCE = '{0} {1} {2} in source marked >>> <<< above'
+BAD_REQUEST = 'Bad Request'
+BATCH = 'Batch'
+BATCH_CSV_LOOP_DASH_DEBUG_INCOMPATIBLE = '"gam {0} - ..." is not compatible with debugging. Disable debugging by setting debug_level = 0 in gam.cfg'
+BATCH_CSV_WAIT_N_PROCESSES = '{0},0/{1},Waiting for {2} running {3} to finish before terminating\n'
+BATCH_CSV_PROCESSING_COMPLETE = '{0},0/{1},Processing complete\n'
+BATCH_NOT_PROCESSED_ERRORS = '{0}batch file: {1}, not processed, {2} {3}\n'
+CAN_NOT_DELETE_USER_WITH_VAULT_HOLD = '{0}: The user may be (or have recently been) on Google Vault Hold and thus not eligible for deletion. You can check holds with "gam user {1} show vaultholds".'
+CAN_NOT_BE_SPECIFIED_MORE_THAN_ONCE = 'Argument {0} can not be specified more than once'
+CHROME_TARGET_VERSION_FORMAT = r'^([a-z]+)-(\d+)$ or ^(\d{1,4}\.){1,4}$'
+COLUMN_DOES_NOT_MATCH_ANY_INPUT_COLUMNS = '{0} column "{1}" does not match any input columns'
+COLUMN_DOES_NOT_MATCH_ANY_OUTPUT_COLUMNS = '{0} column "{1}" does not match any output columns'
+COMMAND_NOT_COMPATIBLE_WITH_ENABLE_DASA = 'gam {0} {1} is not compatible with enable_dasa = true in gam.cfg'
+COMMIT_BATCH_COMPLETE = '{0},0/{1},commit-batch - running {2} finished, proceeding\n'
+COMMIT_BATCH_WAIT_N_PROCESSES = '{0},0/{1},commit-batch - waiting for {2} running {3} to finish before proceeding\n'
+CONFIRM_WIPE_YUBIKEY_PIV = 'This will wipe all YubiKey PIV keys and configuration from your YubiKey. Are you sure? (y/N) '
+CONTACT_ADMINISTRATOR_FOR_PASSWORD = 'Contact administrator for password'
+CONTACT_PHOTO_NOT_FOUND = 'Contact photo not found'
+CONTAINS_AT_LEAST_1_ITEM = 'Contains at least 1 item'
+COUNT_N_EXCEEDS_MAX_TO_PROCESS_M = 'Count {0} exceeds maximum to {1} {2}'
+CORRUPT_FILE = 'Corrupt file'
+COULD_NOT_FIND_ANY_YUBIKEY = 'Could not find any YubiKey\n'
+COULD_NOT_FIND_YUBIKEY_WITH_SERIAL = 'Could not find YubiKey with serial number {0}\n'
+CREATE_USER_NOTIFY_MESSAGE = 'Hello #givenname# #familyname#,\n\nYou have a new account at #domain#\nAccount details:\nUsername: #user#\nPassword: #password#\nStart using your new account by signing in at\nhttps://www.google.com/accounts/AccountChooser?Email=#user#&continue=https://workspace.google.com/dashboard\n'
+CREATE_USER_NOTIFY_SUBJECT = 'Welcome to #domain#'
+CSV_DATA_ALREADY_SAVED = 'CSV data already saved'
+CSV_FILE_HEADERS = 'The CSV file ({0}) has the following headers:\n'
+CSV_SAMPLE_COMMANDS = 'Here are the first {0} commands {1} will run\n'
+DATA_FIELD_MISMATCH = 'datafield {0} does not match saved datafield {1}'
+DATA_UPLOADED_TO_DRIVE_FILE = 'Data uploaded to Drive File'
+DEFAULT_SMIME = 'Default S/MIME'
+DELETED = 'Deleted'
+DEVICE_LIST_BUG = 'GAM hit Google internal bug 237397223. Please file a Google Support ticket stating that you are encountering this bug.'
+DEVICE_LIST_BUG_WORKAROUND_NOT_POSSIBLE = 'GAM workaround for this issue only works if orderby argument is not used and query does not contain \'register\'.'
+DEVICE_LIST_BUG_ATTEMPTING_WORKAROUND = 'GAM is attempting to work around the bug by filtering for devices created on or after the newest we\'ve seen ({0})...\n'
+DIRECTLY_IN_THE = ' directly in the {0}'
+DISABLE_TLS_MIN_MAX = 'Execute: gam select default config tls_max_version "" tls_min_version "" save\n'
+DISPLAYNAME_NOT_ALLOWED_WHEN_UPDATING_MULTIPLE_SCHEMAS = 'displayname not allowed when updating multiple schemas'
+DOES_NOT_EXIST = 'Does not exist'
+DOES_NOT_EXIST_OR_HAS_INVALID_FORMAT = '{0}: {1}, Does not exist or has invalid format, {2}'
+DOES_NOT_MATCH = 'Does not match {0}'
+DOMAIN_NOT_FOUND_IN_DNS = 'Domain not found in DNS!'
+DOMAIN_NOT_VERIFIED_SECONDARY = 'Domain is not a verified secondary domain'
+DONE_GENERATING_PRIVATE_KEY_AND_PUBLIC_CERTIFICATE = 'Done generating private key and public certificate'
+DO_NOT_EXIST = 'Do not exist'
+DOWNLOADING_AGAIN_AND_OVER_WRITING = 'Downloading again and over-writing...'
+DUPLICATE = 'Duplicate'
+DUPLICATE_ALREADY_A_ROLE = 'Duplicate, already a {0}'
+DYNAMIC_GROUP_MEMBERSHIP_CANNOT_BE_MODIFIED = 'Dynamic group membership cannot be modified'
+EITHER = 'Either'
+EMAIL_ADDRESS_IS_UNMANAGED_ACCOUNT = 'The email address is an unmanaged account'
+ENABLE_PROJECT_APIS_AUTOMATICALLY_OR_MANUALLY = 'Do you want to enable project APIs [a]utomatically or [m]anually? (a/m): '
+ENTER_GSUITE_ADMIN_EMAIL_ADDRESS = '\nEnter your Google Workspace admin email address? '
+ENTER_MANAGE_GCP_PROJECT_EMAIL_ADDRESS = '\nEnter your Google Workspace admin or GCP project manager email address authorized to manage project(s): {0}? '
+ENTER_VERIFICATION_CODE_OR_URL = 'Enter verification code or paste "Unable to connect" URL from other computer (only URL data up to &scope required): '
+ENTITY_DOES_NOT_EXIST = '{0} does not exist'
+ENTITY_NAME_NOT_VALID = 'Entity Name Not Valid'
+ERROR = 'error'
+ERRORS = 'errors'
+EVENT_IS_CANCELED = 'Event is canceled'
+EXECUTE_GAM_OAUTH_CREATE = '\nPlease run\n\ngam oauth delete\ngam oauth create\n\n'
+EXISTS = 'Exists'
+EXPECTED = 'Expected'
+EXPORT_NOT_COMPLETE = 'Export needs to be complete before downloading, current status is: {0}'
+EXTRACTING_PUBLIC_CERTIFICATE = 'Extracting public certificate'
+FAILED_PRECONDITION = 'Failed precondition'
+FAILED_TO_PARSE_AS_JSON = 'Failed to parse as JSON'
+FAILED_TO_PARSE_AS_LIST = 'Failed to parse as list'
+FIELD_NOT_FOUND_IN_SCHEMA = 'Field {0} not found in schema {1}'
+FINISHED = 'Finished'
+FILTER_CAN_ONLY_CONTAIN_ONE_CATEGORY_LABEL = 'Filter can only contain one CATEGORY label'
+FILTER_CAN_ONLY_CONTAIN_ONE_USER_LABEL = 'Filter can only contain one USER label'
+FOR = 'for'
+FORBIDDEN = 'Forbidden'
+FORMAT_NOT_AVAILABLE = 'Format ({0}) not available'
+FORMAT_NOT_DOWNLOADABLE = 'Format not downloadable'
+FROM = 'From'
+FULL_PATH_MUST_START_WITH_DRIVE = 'fullpath must start with {0} or {1}'
+GAM_LATEST_VERSION_NOT_AVAILABLE = 'GAM Latest Version information not available'
+GAM_OUT_OF_MEMORY = 'GAM has run out of memory. If this is a large Google Workspace instance, you should use a 64-bit version of GAM on Windows or a 64-bit version of Python on other systems.'
+GENERATING_NEW_PRIVATE_KEY = 'Generating new private key'
+GETTING = 'Getting'
+GETTING_ALL = 'Getting all'
+GOOGLE_DELEGATION_ERROR = 'Google delegation error, delegator and delegate both exist and are valid for delegation'
+GOT = 'Got'
+GROUP_MAPS_TO_MULTIPLE_OUS = 'File: {0}, Group: {1} references multiple OUs: {2}'
+GROUP_MAPS_TO_OU_INVALID_ROW = 'File: {0}, Invalid row, must contain non-blank <EmailAddress> and <OrgUnitPath>: <{1}> <{2}>'
+GUARDIAN_INVITATION_STATUS_NOT_PENDING = 'Guardian invitation status is not PENDING'
+HAS_CHILD_ORGS = 'Has child {0}'
+HAS_INVALID_FORMAT = '{0}: {1}, Has invalid format'
+HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY = 'Giving account {0} rights to rotate {1} private key'
+HEADER_NOT_FOUND_IN_CSV_HEADERS = 'Header "{0}" not found in CSV headers of "{1}".'
+HELP_SYNTAX = 'Help: Syntax in file {0}\n'
+HELP_WIKI = 'Help: Documentation is at {0}\n'
+IGNORED = 'Ignored'
+INSTRUCTIONS_CLIENT_SECRETS_JSON = 'Please run\n\ngam create|use project\ngam oauth create\n\nto create and authorize a Client account.\n'
+INSTRUCTIONS_OAUTH2SERVICE_JSON = 'Please run\n\ngam create|use project\ngam user <user> check serviceaccount\n\nto create and authorize a Service account.\n'
+INSUFFICIENT_PERMISSIONS_TO_PERFORM_TASK = 'Insufficient permissions to perform this task'
+INTER_BATCH_WAIT_INCREASED = 'inter_batch_wait increased to {0:.2f}'
+INVALID = 'Invalid'
+INVALID_ALIAS = 'Invalid Alias'
+INVALID_ATTENDEE_CHANGE = 'Invalid attendee change "{0}"'
+INVALID_CHARSET = 'Invalid charset "{0}"'
+INVALID_DATE_TIME_RANGE = '{0} {1} must be greater than/equal to {2} {3}'
+INVALID_ENTITY = 'Invalid {0}, {1}'
+INVALID_FILE_SELECTION_WITH_ADMIN_ACCESS = 'Invalid file selection with adminaccess|asadmin'
+INVALID_GROUP = 'Invalid Group'
+INVALID_HTTP_HEADER = 'Invalid http header data: {0}'
+INVALID_JSON_INFORMATION = 'Google API reported Invalid JSON Information'
+INVALID_JSON_SETTING = 'Invalid JSON setting'
+INVALID_LIST = 'Invalid list'
+INVALID_MEMBER = 'Invalid Member address'
+INVALID_MESSAGE_ID = 'Invalid message id(s)'
+INVALID_MIMETYPE = 'Invalid mimeType {0}, must be {1}'
+INVALID_NUMBER_OF_CHAT_SPACE_MEMBERS = '{0} type {1} number of members, {2}, must be in range {3} to {4}'
+INVALID_ORGUNIT = 'Invalid Organizational Unit'
+INVALID_PATH = 'Invalid Path'
+INVALID_PERMISSION_ATTRIBUTE_TYPE = 'permission attribute {0} not allowed with type {1}'
+INVALID_REGION = 'See: https://github.com/taers232c/GAMADV-XTD3/wiki/Context-Aware-Access-Levels#caa-region-codes'
+INVALID_QUERY = 'Invalid Query'
+INVALID_RE = 'Invalid RE'
+INVALID_REQUEST = 'Invalid Request'
+INVALID_RESELLER_CUSTOMER_NAME = 'name must be: accounts/<ResellerID>/customers/<ChannelCustomerID>'
+INVALID_ROLE = 'Invalid subkeyfield Role, must be one of: {0}'
+INVALID_SCHEMA_VALUE = 'Invalid Schema Value'
+INVALID_SCOPE = 'Invalid Scope'
+INVALID_SITE = 'Invalid Site ({0}), must match pattern ({1})'
+INVALID_TAG_SPECIFICATION = 'Invalid tag, expected field.subfield or field.subfield.subfield.string'
+IN_SKIPIDS = 'In skipids'
+IN_THE = ' in the {0}'
+IN_TRASH_AND_EXCLUDE_TRASHED = 'In Trash and excludeTrashed'
+IS_EXPIRED_OR_REVOKED = '{0}: {1}, Is expired or has been revoked'
+IS_NOT_DONE_CHECKING_IN_SECONDS = 'Is not done, checking again in {0} seconds'
+IS_NOT_UNIQUE = 'Is not unique, {0}: {1}'
+IS_REQD_TO_CHG_PWD_NO_DELEGATION = 'Is required to change password at next login. You must change password or clear changepassword flag for delegation.'
+IS_SUSPENDED_NO_BACKUPCODES = 'User is suspended. You must unsuspend to process backupcodes'
+IS_SUSPENDED_NO_DELEGATION = 'Is suspended. You must unsuspend for delegation.'
+KIOSK_MODE_REQUIRED = ' This command ({0}) requires that the ChromeOS device be in Kiosk mode.'
+LESS_THAN_1_SECOND = 'less than 1 second'
+LIST_CHROMEOS_INVALID_INPUT_PAGE_TOKEN_RETRY = 'List ChromeOSdevices Invalid Input: pageToken retry'
+LOGGING_INITIALIZATION_ERROR = 'Logging initialization error: {0}'
+LOOKING_UP_GOOGLE_UNIQUE_ID = 'Looking up Google Unique ID'
+MARKED_AS = 'Marked as'
+MATCHED_THE_FOLLOWING = 'Matched the following'
+MATTER_NOT_OPEN = 'Matter needs to be open, current state is: {0}'
+MAXIMUM_OF = 'maximum of'
+MEMBERSHIP_IS_PENDING_WILL_DELETE_ADD_TO_ACCEPT = 'Membership is pending, will delete and add to accept'
+MIMETYPE_MISMATCH = 'Shortcut target mimeType {0} does not match actual target mimeType {1}'
+MIMETYPE_NOT_PRESENT_IN_ATTACHMENT = 'MIME type not present in attachment'
+MISMATCH_RE_SEARCH_REPLACE_SUBFIELDS = 'The subfield ({2}) in replace "{3}" exceeds the number of subfields ({0}) in search "{1}"'
+MISMATCH_SEARCH_REPLACE_SUBFIELDS = 'The number of subfields ({0}) in search "{1}" does not match the number of subfields ({2}) in replace "{3}"'
+MISSING_FIELDS = 'Missing fields: {0}\n'
+MULTIPLE_BUILDINGS_SAME_NAME = '{0} {1} with the same (case-insensitive) name exist'
+MULTIPLE_ENTITIES_FOUND = 'Multiple {0} ({1}) found, {2}'
+MULTIPLE_ITEMS_SPECIFIED = 'Multiple {0} are specfied, only one is allowed'
+MULTIPLE_ITEMS_MARKED_PRIMARY = 'Multiple {0} are marked primary, only one can be primary'
+MULTIPLE_PARENTS_SPECIFIED = 'Multiple parents ({0}) specified, only one is allowed'
+MULTIPLE_SEARCH_METHODS_SPECIFIED = 'Multiple search methods ({0}) specified, only one is allowed'
+MULTIPLE_SSO_PROFILES_MATCH = 'Multiple SSO profiles match display name {0}:\n'
+MULTIPLE_YUBIKEYS_CONNECTED = 'Multiple YubiKeys connected. Specify yubikey_serial_number and one of {0}\n'
+MUST_BE_NUMERIC = 'Must be numeric'
+NEED_READ_ACCESS = 'Need Read access'
+NEED_READ_WRITE_ACCESS = 'Need Read/Write access'
+NEED_WRITE_ACCESS = 'Need Write access'
+NESTED_LOOP_CMD_NOT_ALLOWED = 'Command can not be nested.'
+NEWUSER_REQUIREMENTS = 'newuser option requires: at least 1 recipient and givenname, familyname and password options'
+NEW_OWNER_MUST_DIFFER_FROM_OLD_OWNER = 'New owner must differ from old owner'
+NO_DATA = 'No data'
+NON_BLANK = 'Non-blank'
+NON_EMPTY = 'Non-empty'
+NOT_A = 'Not a'
+NOT_A_PRIMARY_EMAIL_ADDRESS = 'Not a primary email address'
+NOT_A_MEMBER = 'Not a member'
+NOT_ACTIVE = 'Not Active'
+NOT_ALLOWED = 'Not Allowed'
+NOT_AN_ENTITY = 'Not a {0}'
+NOT_COMPATIBLE = 'Not Compatible'
+NOT_COPYABLE = 'Not Copyable'
+NOT_COPYABLE_INTO_ITSELF = 'Not copyable into itself'
+NOT_COPYABLE_SAME_NAME_CURRENT_FOLDER_MERGE = 'Not copyable with same name into current folder with duplicatefolders merge'
+NOT_COPYABLE_SAME_NAME_CURRENT_FOLDER_OVERWRITE = 'Not copyable with same name into current folder with duplicatefiles overwriteall|overwriteolder'
+NOT_DELETABLE = 'Not Deletable'
+NOT_FOUND = 'Not Found'
+NOT_MOVABLE = 'Not Movable'
+NOT_MOVABLE_IN_TRASH = 'Not Movable, in Trash'
+NOT_MOVABLE_INTO_ITSELF = 'Not movable into itself'
+NOT_MOVABLE_SAME_NAME_CURRENT_FOLDER_MERGE = 'Not movable with same name into current folder with duplicatefolders merge'
+NOT_MOVABLE_SAME_NAME_CURRENT_FOLDER_OVERWRITE = 'Not movable with same name into current folder with duplicatefiles overwriteall|overwriteolder'
+NOT_OWNED_BY = 'Not owned by {0}'
+NOT_SELECTED = 'Not Selected'
+NOT_WRITABLE = 'Not Writable'
+NOW_THE_PRIMARY_DOMAIN = 'Now the primary domain'
+NO_ACTION_SPECIFIED = 'No action specified'
+NO_AVAILABLE_LICENSES = "There aren't enough available licenses for the specified product-SKU pair(s)"
+NO_CHANGES = 'No changes'
+NO_CLIENT_ACCESS_ALLOWED = 'No Client Access allowed'
+NO_CLIENT_ACCESS_CREATE_UPDATE_ALLOWED = 'No Client Access create/update allowed'
+NO_COLUMNS_SELECTED_WITH_CSV_OUTPUT_HEADER_FILTER = 'No columns selected with {0} and {1}'
+NO_CREDENTIALS_REPLACEMENT = '{0}: {1} has {2} {3}. We only replace if there are 2.\n'
+NO_CSV_DATA_TO_UPLOAD = 'No CSV data to upload'
+NO_CSV_FILE_DATA_FOUND = 'No CSV file data found'
+NO_CSV_FILE_DATA_SAVED = 'No CSV file data saved'
+NO_CSV_FILE_SUBKEYS_SAVED = 'No CSV file subkeys saved'
+NO_DATA_TRANSFER_APP_FOR_PARAMETER = 'No data transfer application for key {0}'
+NO_ENTITIES_FOUND = 'No {0} found'
+NO_ENTITIES_MATCHED = 'No {0} matched'
+NO_FILTER_ACTIONS = 'No {0} actions specified'
+NO_FILTER_CRITERIA = 'No {0} criteria specified'
+NO_LABELS_MATCH = 'No Labels match'
+NO_MESSAGES_WITH_LABEL = 'No Messages with Label'
+NO_PARENTS_TO_CONVERT_TO_SHORTCUTS = 'No parents to convert to shortcuts'
+NO_REPORT_AVAILABLE = 'No {0} report available.'
+NO_SCOPES_FOR_API = 'There are no scopes authorized for the {0}'
+NO_SERIAL_NUMBERS_SPECIFIED = 'No serial numbers specified'
+NO_SSO_PROFILE_MATCHES = 'No SSO profile matches display name {0}'
+NO_SSO_PROFILE_ASSIGNED = 'No SSO profile assigned to {0} {1}'
+NO_SVCACCT_ACCESS_ALLOWED = 'No Service Account Access allowed'
+NO_TRANSFER_LACK_OF_DISK_SPACE = 'Transfer not performed due to lack of target drive space.'
+NO_USAGE_PARAMETERS_DATA_AVAILABLE = 'No usage parameters data available.'
+NO_USER_COUNTS_DATA_AVAILABLE = 'No User counts data available.'
+OAUTH2_GO_TO_LINK_MESSAGE = """
+Go to the following link in a browser on this computer or on another computer:
+
+    {url}
+
+If you use a browser on another computer, you will get a browser error that the site can't be reached AFTER you
+click the Allow button, paste "Unable to connect" URL from other computer (only URL data up to &scope required):
+"""
+ON_CURRENT_PRIVATE_KEY = ' on current key'
+ON_VAULT_HOLD = 'On Google Vault Hold'
+ONLY_ADMINISTRATORS_CAN_PERFORM_SHARED_DRIVE_QUERIES = 'Only administrators can perform Shared Drive queries'
+ONLY_ADMINISTRATORS_CAN_SPECIFY_SHARED_DRIVE_ORGUNIT = 'Only administrators can specify Shared Drive Org Unit'
+ONLY_ONE_DEVICE_SELECTION_ALLOWED = 'Only one device selection allowed, filter = "{0}"'
+ONLY_ONE_JSON_RANGE_ALLOWED = 'Only one range/json allowed'
+ONLY_ONE_OWNER_ALLOWED = 'Only one owner allowed'
+OR = 'or'
+PERMISSION_DENIED = 'The caller does not have permission'
+PLEASE_CORRECT_YOUR_SYSTEM_TIME = 'Please correct your system time.'
+PLEASE_ENTER_A_OR_M = 'Please enter a or m ...\n'
+PLEASE_SELECT_ENTITY_TO_PROCESS = '{0} {1} found, please select the correct one to {2} and specify with {3}'
+PLEASE_SPECIFY_BUILDING_EXACT_CASE_NAME_OR_ID = 'Please specify building by exact case name or ID.'
+PREVIEW_ONLY = 'Preview Only'
+PRIMARY_EMAIL_DID_NOT_MATCH_PATTERN = 'primaryEmail address did not match pattern: {0}'
+PROCESS = 'process'
+PROCESSES = 'processes'
+PROCESSING_ITEM_N = '{0},0,Processing item {1}\n'
+PROCESSING_ITEM_N_OF_M = '{0},0,Processing item {1}/{2}\n'
+PROFILE_PHOTO_NOT_FOUND = 'Profile photo not found'
+PROFILE_PHOTO_IS_DEFAULT = 'Profile photo is default'
+REASON_ONLY_VALID_WITH_CONTENTRESTRICTIONS_READONLY_TRUE = 'reason only valid with contentrestrictions readonly true'
+REAUTHENTICATION_IS_NEEDED = 'Reauthentication is needed, please run\n\ngam oauth create'
+RECOMMEND_RUNNING_GAM_ROTATE_SAKEY = 'Recommend running "gam rotate sakey" to get a new key\n'
+REFUSING_TO_DEPROVISION_DEVICES = 'Refusing to deprovision {0} devices because acknowledge_device_touch_requirement not specified.\nDeprovisioning a device means the device will have to be physically wiped and re-enrolled to be managed by your domain again.\nThis requires physical access to the device and is very time consuming to perform for each device.\nPlease add "acknowledge_device_touch_requirement" to the GAM command if you understand this and wish to proceed with the deprovision.\nPlease also be aware that deprovisioning can have an effect on your device license count.\nSee https://support.google.com/chrome/a/answer/3523633 for full details.'
+REPLY_TO_CUSTOM_REQUIRES_EMAIL_ADDRESS = 'replyto REPLY_TO_CUSTOM requires customReplyTo <EmailAddress>'
+REQUEST_COMPLETED_NO_FILES = 'Request completed but no results/files were returned, try requesting again'
+REQUEST_NOT_COMPLETE = 'Request needs to be completed before downloading, current status is: {0}'
+RESOURCE_CAPACITY_FLOOR_REQUIRED = 'Options "capacity <Number>" (<Number> > 0) and "floor <String>" required'
+RESOURCE_FLOOR_REQUIRED = 'Option "floor <String>" required'
+RESULTS_TOO_LARGE_FOR_GOOGLE_SPREADSHEET = 'Results are too large for Google Spreadsheets. Uploading as a regular CSV file.'
+RETRIES_EXHAUSTED = 'Retries {0} exhausted'
+ROLE_MUST_BE_ORGANIZER = 'Role must be organizer'
+ROLE_NOT_IN_SET = 'Role not in set: {0})'
+SCHEMA_WOULD_HAVE_NO_FIELDS = '{0} would have no {1}'
+SELECTED = 'Selected'
+SERVICE_NOT_APPLICABLE = 'Service not applicable/Does not exist'
+SERVICE_NOT_APPLICABLE_THIS_ADDRESS = 'Service not applicable for this address: {0}'
+STARTING_THREAD = 'Starting thread'
+STATISTICS_COPY_FILE = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Copy Failed: {5}, Not copyable: {6}, Permissions Failed: {7}, Protected Ranges Failed: {8}'
+STATISTICS_COPY_FOLDER = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Merged: {5}, Copy Failed: {6}, Not writable: {7}, Permissions Failed: {8}'
+STATISTICS_MOVE_FILE = 'Total: {0}, Moved: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Move Failed: {5}, Not movable: {6}'
+STATISTICS_MOVE_FOLDER = 'Total: {0}, Moved: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Merged: {5}, Move Failed: {6}, Not writable: {7}'
+STATISTICS_USER_NOT_ORGANIZER = 'User not organizer: {0}'
+STRING_LENGTH = 'string length'
+SUBKEY_FIELD_MISMATCH = 'subkeyfield {0} does not match saved subkeyfield {1}'
+SUBSCRIPTION_NOT_FOUND = 'Could not find subscription'
+SUFFIX_NOT_ALLOWED_WITH_CUSTOMLANGUAGE = 'Suffix {0} not allowed with customLanguage {1}'
+THREAD = 'thread'
+THREADS = 'threads'
+TO = 'To'
+TO_SET_UP_GOOGLE_CHAT = """
+To set up Google Chat for your API project, please go to:
+
+    {0}
+
+and complete all fields.
+"""
+TOTAL_ITEMS_IN_ENTITY = 'Total {0} in {1}'
+TRIMMED_MESSAGE_FROM_LENGTH_TO_MAXIMUM = 'Trimmed message of length {0} to maximum length {1}'
+UNABLE_TO_GET_PERMISSION_ID = 'Unable to get Permission ID for <{0}>'
+UNABLE_TO_CREATE_NOT_FOUND_USER = 'Unable to create not found user, some required field (givenName, familyName, password/notfoundpassword) not present'
+UNAVAILABLE = 'Unavailable'
+UNKNOWN = 'Unknown'
+UNKNOWN_API_OR_VERSION = 'Unknown Google API or version: ({0}), contact {1}'
+UNRECOVERABLE_ERROR = 'Unrecoverable error'
+UPDATE_ATTENDEE_CHANGES = 'Update attendee changes'
+UPDATE_GAM_TO_64BIT = "You're running a 32-bit version of GAM on a 64-bit version of Windows, upgrade to a windows-x86_64 version of GAM"
+UPDATE_USER_PASSWORD_CHANGE_NOTIFY_MESSAGE = 'The account password for #givenname# #familyname#, #user# has been changed to: #password#\n'
+UPDATE_USER_PASSWORD_CHANGE_NOTIFY_SUBJECT = 'Account #user# password has been changed'
+UPLOAD_CSV_FILE_INTERNAL_ERROR = 'Google reported "{0}" but the file was probably uploaded, check that it has {1} rows'
+UPLOADING_NEW_PUBLIC_CERTIFICATE_TO_GOOGLE = 'Uploading new public certificate to Google...\n'
+URL_ERROR = 'URL error: {0}'
+USED = 'Used'
+USER_BELONGS_TO_N_GROUPS_THAT_MAP_TO_ORGUNITS = 'User belongs to {0} groups ({1}) that map to OUs'
+USER_CANCELLED = 'User cancelled'
+USER_HAS_MULTIPLE_DIRECT_OR_INHERITED_MEMBERSHIPS_IN_GROUP = 'User has multiple direct or inherited memberships in group'
+USER_IN_OTHER_DOMAIN = '{0}: {1} in other domain.'
+USER_IS_NOT_ORGANIZER = 'User is not organizer, use anyorganizer option to override'
+USER_NOT_IN_MATCHUSERS = 'User not in matchusers'
+USER_SUBS_NOT_ALLOWED_TAG_REPLACEMENT = 'user substitutions not allowed in replace <Tag> <String>'
+USE_DOIT_ARGUMENT_TO_PERFORM_ACTION = 'Use the "doit" argument to perform action'
+USING_N_PROCESSES = '{0},0/{1},Using {2} {3}...\n'
+VALUES_ARE_NOT_CONSISTENT = 'Values are not consistent'
+VERSION_UPDATE_AVAILABLE = 'Version update available'
+WAITING_FOR_SERVICE_ACCOUNT_CREATION_TO_COMPLETE_SLEEPING = 'Waiting for Service Account creation to complete. Sleeping {0} seconds\n'
+WAITING_FOR_SHARED_DRIVE_CREATION_TO_COMPLETE_SLEEPING = 'Waiting for Shared Drive creation to complete. Sleeping {0} seconds\n'
+WHAT_IS_YOUR_PROJECT_ID = '\nWhat is your project ID? '
+WILL_RERUN_WITH_NO_BROWSER_TRUE = 'Will re-run command with no_browser true\n'
+WITH = 'with'
+WOULD_MAKE_MEMBERSHIP_CYCLE = 'Would make membership cycle'
+WRITER_ACCESS_REQUIRED_TO_BOTH_CALENDARS = 'Writer access required to both calendars'
+WROTE_PRIVATE_KEY_DATA = 'Wrote private key data to {0}\n'
+WROTE_PUBLIC_CERTIFICATE = 'Wrote public certificate to {0}\n'
+YOU_CAN_ADD_DOMAIN_TO_ACCOUNT = 'You can now add: {0} or its subdomains as secondary or domain aliases of the Google Workspace Account: {1}'
+YUBIKEY_GENERATING_NONEXPORTABLE_PRIVATE_KEY = 'YubiKey is generating a non-exportable private key...\n'
+YUBIKEY_PIN_SET_TO = 'YubiKey PIN set to: {0}\n'

src/gam/gamlib/glskus.py

@@ -0,0 +1,210 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""Google SKUs
+
+"""
+
+# Products/SKUs
+_PRODUCTS = {
+  '101001': 'Cloud Identity Free',
+  '101005': 'Cloud Identity Premium',
+  '101031': 'Google Workspace for Education',
+  '101033': 'Google Voice',
+  '101034': 'Google Workspace Archived User',
+  '101035': 'Cloud Search',
+  '101036': 'Google Meet Global Dialing',
+  '101037': 'Google Workspace for Education',
+  '101038': 'AppSheet',
+  '101039': 'Assured Controls',
+  '101040': 'Beyond Corp Enterprise',
+  'Google-Apps': 'Google Workspace',
+  'Google-Chrome-Device-Management': 'Google Chrome Device Management',
+  'Google-Drive-storage': 'Google Drive Storage',
+  'Google-Vault': 'Google Vault',
+  }
+_SKUS = {
+  '1010010001': {
+    'product': '101001', 'aliases': ['identity', 'cloudidentity'], 'displayName': 'Cloud Identity'},
+  '1010050001': {
+    'product': '101005', 'aliases': ['identitypremium', 'cloudidentitypremium'], 'displayName': 'Cloud Identity Premium'},
+  '1010310002': {
+    'product': '101031', 'aliases': ['gsefe', 'e4e', 'gsuiteenterpriseeducation'], 'displayName': 'Google Workspace for Education Plus - Legacy'},
+  '1010310003': {
+    'product': '101031', 'aliases': ['gsefes', 'e4es', 'gsuiteenterpriseeducationstudent'], 'displayName': 'Google Workspace for Education Plus - Legacy (Student)'},
+  '1010310005': {
+    'product': '101031', 'aliases': ['gwes', 'workspaceeducationstandard'], 'displayName': 'Google Workspace for Education Standard'},
+  '1010310006': {
+    'product': '101031', 'aliases': ['gwesstaff', 'workspaceeducationstandardstaff'], 'displayName': 'Google Workspace for Education Standard (Staff)'},
+  '1010310007': {
+    'product': '101031', 'aliases': ['gwesstudent', 'workspaceeducationstandardstudent'], 'displayName': 'Google Workspace for Education Standard (Extra Student)'},
+  '1010310008': {
+    'product': '101031', 'aliases': ['gwep', 'workspaceeducationplus'], 'displayName': 'Google Workspace for Education Plus'},
+  '1010310009': {
+    'product': '101031', 'aliases': ['gwepstaff', 'workspaceeducationplusstaff'], 'displayName': 'Google Workspace for Education Plus (Staff)'},
+  '1010310010': {
+    'product': '101031', 'aliases': ['gwepstudent', 'workspaceeducationplusstudent'], 'displayName': 'Google Workspace for Education Plus (Extra Student)'},
+  '1010330003': {
+    'product': '101033', 'aliases': ['gvstarter', 'voicestarter', 'googlevoicestarter'], 'displayName': 'Google Voice Starter'},
+  '1010330004': {
+    'product': '101033', 'aliases': ['gvstandard', 'voicestandard', 'googlevoicestandard'], 'displayName': 'Google Voice Standard'},
+  '1010330002': {
+    'product': '101033', 'aliases': ['gvpremier', 'voicepremier', 'googlevoicepremier'], 'displayName': 'Google Voice Premier'},
+  '1010350001': {
+    'product': '101035', 'aliases': ['cloudsearch'], 'displayName': 'Cloud Search'},
+  '1010360001': {
+    'product': '101036', 'aliases': ['meetdialing','googlemeetglobaldialing'], 'displayName': 'Google Meet Global Dialing'},
+  '1010370001': {
+    'product': '101037', 'aliases': ['gwetlu', 'workspaceeducationupgrade'], 'displayName': 'Google Workspace for Education: Teaching and Learning Upgrade'},
+  '1010380001': {
+    'product': '101038', 'aliases': ['appsheetcore'], 'displayName': 'AppSheet Core'},
+  '1010380002': {
+    'product': '101038', 'aliases': ['appsheetstandard', 'appsheetenterprisestandard'], 'displayName': 'AppSheet Enterprise Standard'},
+  '1010380003': {
+    'product': '101038', 'aliases': ['appsheetplus', 'appsheetenterpriseplus'], 'displayName': 'AppSheet Enterprise Plus'},
+  '1010390001': {
+    'product': '101039', 'aliases': ['assuredcontrols'], 'displayName': 'Assured Controls'},
+  '1010400001': {
+    'product': '101040', 'aliases': ['beyondcorp', 'beyondcorpenterprise', 'bce'], 'displayName': 'Beyond Corp Enterprise'},
+  'Google-Apps': {
+    'product': 'Google-Apps', 'aliases': ['standard', 'free'], 'displayName': 'G Suite Legacy'},
+  'Google-Apps-For-Business': {
+    'product': 'Google-Apps', 'aliases': ['gafb', 'gafw', 'basic', 'gsuitebasic'], 'displayName': 'G Suite Basic'},
+  'Google-Apps-For-Government': {
+    'product': 'Google-Apps', 'aliases': ['gafg', 'gsuitegovernment', 'gsuitegov'], 'displayName': 'Google Workspace Government'},
+  'Google-Apps-For-Postini': {
+    'product': 'Google-Apps', 'aliases': ['gams', 'postini', 'gsuitegams', 'gsuitepostini', 'gsuitemessagesecurity'], 'displayName': 'Google Apps Message Security'},
+  'Google-Apps-Lite': {
+    'product': 'Google-Apps', 'aliases': ['gal', 'gsl', 'lite', 'gsuitelite'], 'displayName': 'G Suite Lite'},
+  'Google-Apps-Unlimited': {
+    'product': 'Google-Apps', 'aliases': ['gau', 'gsb', 'unlimited', 'gsuitebusiness'], 'displayName': 'G Suite Business'},
+  '1010020020': {
+    'product': 'Google-Apps', 'aliases': ['gae', 'gse', 'enterprise', 'gsuiteenterprise',
+                                          'wsentplus', 'workspaceenterpriseplus'], 'displayName': 'Google Workspace Enterprise Plus'},
+  '1010020025': {
+    'product': 'Google-Apps', 'aliases': ['wsbizplus', 'workspacebusinessplus'], 'displayName': 'Google Workspace Business Plus'},
+  '1010020026': {
+    'product': 'Google-Apps', 'aliases': ['wsentstan', 'workspaceenterprisestandard'], 'displayName': 'Google Workspace Enterprise Standard'},
+  '1010020027': {
+    'product': 'Google-Apps', 'aliases': ['wsbizstart', 'wsbizstarter', 'workspacebusinessstarter'], 'displayName': 'Google Workspace Business Starter'},
+  '1010020028': {
+    'product': 'Google-Apps', 'aliases': ['wsbizstan', 'workspacebusinessstandard'], 'displayName': 'Google Workspace Business Standard'},
+  '1010020029': {
+    'product': 'Google-Apps', 'aliases': ['wes', 'wsentstarter', 'workspaceenterprisestarter'], 'displayName': 'Workspace Enterprise Starter'},
+  '1010020030': {
+    'product': 'Google-Apps', 'aliases': ['wsflw', 'workspacefrontline', 'workspacefrontlineworker'], 'displayName': 'Google Workspace Frontline'},
+  '1010340001': {
+    'product': '101034', 'aliases': ['gseau', 'enterprisearchived', 'gsuiteenterprisearchived'], 'displayName': 'Google Workspace Enterprise Plus - Archived User'},
+  '1010340002': {
+    'product': '101034', 'aliases': ['gsbau', 'businessarchived', 'gsuitebusinessarchived'], 'displayName': 'Google Workspace Business - Archived User'},
+  '1010340003': {
+    'product': '101034', 'aliases': ['wsbizplusarchived', 'workspacebusinessplusarchived'], 'displayName': 'Google Workspace Business Plus - Archived User'},
+  '1010340004': {
+    'product': '101034', 'aliases': ['wsentstanarchived', 'workspaceenterprisestandardarchived'], 'displayName': 'Google Workspace Enterprise Standard - Archived User'},
+  '1010060001': {
+    'product': '101006', 'aliases': ['gsuiteessentials', 'essentials',
+                                     'd4e', 'driveenterprise', 'drive4enterprise',
+                                     'wsess', 'workspaceesentials'], 'displayName': 'Google Workspace Essentials'},
+  '1010060003': {
+    'product': 'Google-Apps', 'aliases': ['wsentess', 'workspaceenterpriseessentials'], 'displayName': 'Google Workspace Enterprise Essentials'},
+  'Google-Drive-storage-20GB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive20gb', '20gb', 'googledrivestorage20gb'], 'displayName': 'Google Drive Storage 20GB'},
+  'Google-Drive-storage-50GB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive50gb', '50gb', 'googledrivestorage50gb'], 'displayName': 'Google Drive Storage 50GB'},
+  'Google-Drive-storage-200GB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive200gb', '200gb', 'googledrivestorage200gb'], 'displayName': 'Google Drive Storage 200GB'},
+  'Google-Drive-storage-400GB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive400gb', '400gb', 'googledrivestorage400gb'], 'displayName': 'Google Drive Storage 400GB'},
+  'Google-Drive-storage-1TB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive1tb', '1tb', 'googledrivestorage1tb'], 'displayName': 'Google Drive Storage 1TB'},
+  'Google-Drive-storage-2TB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive2tb', '2tb', 'googledrivestorage2tb'], 'displayName': 'Google Drive Storage 2TB'},
+  'Google-Drive-storage-4TB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive4tb', '4tb', 'googledrivestorage4tb'], 'displayName': 'Google Drive Storage 4TB'},
+  'Google-Drive-storage-8TB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive8tb', '8tb', 'googledrivestorage8tb'], 'displayName': 'Google Drive Storage 8TB'},
+  'Google-Drive-storage-16TB': {
+    'product': 'Google-Drive-storage', 'aliases': ['drive16tb', '16tb', 'googledrivestorage16tb'], 'displayName': 'Google Drive Storage 16TB'},
+  'Google-Vault': {
+    'product': 'Google-Vault', 'aliases': ['vault', 'googlevault'], 'displayName': 'Google Vault'},
+  'Google-Vault-Former-Employee': {
+    'product': 'Google-Vault', 'aliases': ['vfe', 'googlevaultformeremployee'], 'displayName': 'Google Vault - Former Employee'},
+  'Google-Chrome-Device-Management': {
+    'product': 'Google-Chrome-Device-Management', 'aliases': ['chrome', 'cdm', 'googlechromedevicemanagement'], 'displayName': 'Google Chrome Device Management'}
+  }
+
+def getProductAndSKU(sku):
+  l_sku = sku.lower().replace('-', '').replace(' ', '').replace('"', '').replace("'", '').strip()
+  if l_sku.startswith('nv:'):
+    if ':' in sku[3:]:
+      return sku[3:].split(':', 1)
+    return (None, sku)
+  for a_sku, sku_values in list(_SKUS.items()):
+    if ((l_sku == a_sku.lower().replace('-', '')) or
+        (l_sku in sku_values['aliases']) or
+        (l_sku == sku_values['displayName'].lower().replace(' ', ''))):
+      return (sku_values['product'], a_sku)
+  return (None, sku)
+
+def productIdToDisplayName(productId):
+  return _PRODUCTS.get(productId, productId)
+
+def formatProductIdDisplayName(productId):
+  productIdDisplay = productIdToDisplayName(productId)
+  if productId == productIdDisplay:
+    return productId
+  return f'{productId} ({productIdDisplay})'
+
+def normalizeProductId(product):
+  l_product = product.lower().replace('-', '').replace(' ', '').strip()
+  if l_product.startswith('nv:'):
+    return (True, product[3:])
+  for a_sku, sku_values in list(_SKUS.items()):
+    if ((l_product == sku_values['product'].lower().replace('-', '')) or
+        (l_product == a_sku.lower().replace('-', '')) or
+        (l_product in sku_values['aliases']) or
+        (l_product == sku_values['displayName'].lower().replace(' ', ''))):
+      return (True, sku_values['product'])
+  return (False, product)
+
+def getSortedProductList():
+  return sorted(_PRODUCTS)
+
+def skuIdToDisplayName(skuId):
+  return _SKUS[skuId]['displayName'] if skuId in _SKUS else skuId
+
+def formatSKUIdDisplayName(skuId):
+  skuIdDisplay = skuIdToDisplayName(skuId)
+  if skuId == skuIdDisplay:
+    return skuId
+  return f'{skuId} ({skuIdDisplay})'
+
+def getSortedSKUList():
+  return sorted(_SKUS)
+
+def convertProductListToSKUList(productList):
+  skuList = []
+  for productId in productList:
+    skuList += [(productId, skuId) for skuId in _SKUS if _SKUS[skuId]['product'] == productId]
+  return skuList
+
+def getAllSKUs():
+  return convertProductListToSKUList(sorted(_PRODUCTS))
+
+def getGSuiteSKUs():
+  return convertProductListToSKUList(['Google-Apps', '101031'])

src/gam/gamlib/gluprop.py

@@ -0,0 +1,279 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM user properties
+
+"""
+
+# notes
+# a|b|c
+# getKeywordAttribute(CUSTOM_TYPE_NOCUSTOM, attrdict)
+
+#CUSTOM_TYPE_NOCUSTOM = {
+#    PTKW_CL_TYPE_KEYWORD: 'type',
+#    PTKW_CL_CUSTOM_KEYWORD: None,
+#    PTKW_ATTR_TYPE_KEYWORD: 'type',
+#    PTKW_ATTR_TYPE_CUSTOM_VALUE: None,
+#    PTKW_ATTR_CUSTOMTYPE_KEYWORD: None,
+#    PTKW_KEYWORD_LIST: ['a', 'b', 'c']
+#    }
+
+# addresses, ims
+# type a|b|c|([custom] <String>)
+# getChoice([CUSTOM_TYPE_CUSTOM[PTKW_CL_TYPE_KEYWORD]])
+# getKeywordAttribute(CUSTOM_TYPE_CUSTOM, attrdict)
+
+# emails, externalids, relations, websites
+# [type] a|b|c|([custom] <String>)
+# getChoice([CUSTOM_TYPE_CUSTOM[PTKW_CL_TYPE_KEYWORD]], defaultChoice=None)
+# getKeywordAttribute(CUSTOM_TYPE_IMPLICIT, attrdict)
+
+# locations, phones
+# type a|b|c|([custom] <String>)
+# if argument == CUSTOM_TYPE_CUSTOM[PTKW_CL_TYPE_KEYWORD]:
+#   getKeywordAttribute(CUSTOM_TYPE_CUSTOM, attrdict)
+
+#CUSTOM_TYPE_CUSTOM = {
+#    PTKW_CL_TYPE_KEYWORD: 'type',
+#    PTKW_CL_CUSTOM_KEYWORD: 'custom',
+#    PTKW_ATTR_TYPE_KEYWORD: 'type',
+#    PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom',
+#    PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+#    PTKW_KEYWORD_LIST: ['custom', 'a', 'b', 'c']
+#    }
+
+# organizations
+# (type a|b|c|([custom] <String>)) | (custom_type <String>)
+# if argument == CUSTOM_TYPE_DIFFERENT_KEYWORD[PTKW_CL_TYPE_KEYWORD]:
+#   getKeywordAttribute(CUSTOM_TYPE_DIFFERENT_KEYWORD, attrdict)
+# elif argument == CUSTOM_TYPE_DIFFERENT_KEYWORD[PTKW_CL_CUSTOM_KEYWORD]:
+#   attrdict[CUSTOM_TYPE_DIFFERENT_KEYWORD[PTKW_ATTR_CUSTOMTYPE_KEYWORD]] = getValue()
+
+#CUSTOM_TYPE_DIFFERENT_KEYWORD = {
+#    PTKW_CL_TYPE_KEYWORD: 'type',
+#    PTKW_CL_CUSTOM_KEYWORD: 'custom',
+#    PTKW_CL_CUSTOMTYPE_KEYWORD: 'custom_type',
+#    PTKW_ATTR_TYPE_KEYWORD: 'type',
+#    PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom',
+#    PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+#    PTKW_KEYWORD_LIST: ['custom', 'a', 'b', 'c']
+#    }
+
+# Keys into USER_PROPERTIES
+CLASS = 'clas'
+TITLE = 'titl'
+TYPE_KEYWORDS = 'tykw'
+PTKW_CL_TYPE_KEYWORD = 'ctkw'
+PTKW_CL_CUSTOM_KEYWORD = 'ccuk'
+PTKW_CL_CUSTOMTYPE_KEYWORD = 'cctk'
+PTKW_ATTR_TYPE_KEYWORD = 'atkw'
+PTKW_ATTR_TYPE_CUSTOM_VALUE = 'atcv'
+PTKW_ATTR_CUSTOMTYPE_KEYWORD = 'actk'
+PTKW_KEYWORD_LIST = 'kwli'
+#
+PC_ADDRESSES = 'addr'
+PC_ALIASES = 'alia'
+PC_ARRAY = 'arry'
+PC_BOOLEAN = 'bool'
+PC_EMAILS = 'emai'
+PC_GENDER = 'gndr'
+PC_IMS = 'ims '
+PC_LANGUAGES = 'lang'
+PC_LOCATIONS = 'loca'
+PC_NAME = 'name'
+PC_NOTES = 'note'
+PC_ORGANIZATIONS = 'orga'
+PC_POSIX = 'posi'
+PC_SCHEMAS = 'schm'
+PC_SSH = 'ssh '
+PC_STRING = 'stri'
+PC_TIME = 'time'
+
+PROPERTIES = {
+  'primaryEmail':
+    {CLASS: PC_STRING, TITLE: 'User',},
+  'name':
+    {CLASS: PC_NAME, TITLE: 'Name',},
+  'givenName':
+    {CLASS: PC_STRING, TITLE: 'First Name',},
+  'familyName':
+    {CLASS: PC_STRING, TITLE: 'Last Name',},
+  'fullName':
+    {CLASS: PC_STRING, TITLE: 'Full Name',},
+  'displayName':
+    {CLASS: PC_STRING, TITLE: 'Display Name',},
+  'languages':
+    {CLASS: PC_LANGUAGES, TITLE: 'Languages',},
+  'languageCode':
+    {CLASS: PC_LANGUAGES, TITLE: 'Languages',},
+  'customLanguage':
+    {CLASS: PC_LANGUAGES, TITLE: 'Custom Languages',},
+  'password':
+    {CLASS: PC_STRING, TITLE: 'Password',},
+  'hashFunction':
+    {CLASS: PC_STRING, TITLE: 'Hash Function',},
+  'isAdmin':
+    {CLASS: PC_BOOLEAN, TITLE: 'Is a Super Admin',},
+  'isDelegatedAdmin':
+    {CLASS: PC_BOOLEAN, TITLE: 'Is Delegated Admin',},
+  'isEnrolledIn2Sv':
+    {CLASS: PC_BOOLEAN, TITLE: '2-step enrolled',},
+  'isEnforcedIn2Sv':
+    {CLASS: PC_BOOLEAN, TITLE: '2-step enforced',},
+  'agreedToTerms':
+    {CLASS: PC_BOOLEAN, TITLE: 'Has Agreed to Terms',},
+  'ipWhitelisted':
+    {CLASS: PC_BOOLEAN, TITLE: 'IP Whitelisted',},
+  'archived':
+    {CLASS: PC_BOOLEAN, TITLE: 'Is Archived',},
+  'suspended':
+    {CLASS: PC_BOOLEAN, TITLE: 'Account Suspended',},
+  'suspensionReason':
+    {CLASS: PC_STRING, TITLE: 'Suspension Reason',},
+  'changePasswordAtNextLogin':
+    {CLASS: PC_BOOLEAN, TITLE: 'Must Change Password',},
+  'recoveryEmail':
+    {CLASS: PC_STRING, TITLE: 'Recovery Email',},
+  'recoveryPhone':
+    {CLASS: PC_STRING, TITLE: 'Recovery Phone',},
+  'id':
+    {CLASS: PC_STRING, TITLE: 'Google Unique ID',},
+  'customerId':
+    {CLASS: PC_STRING, TITLE: 'Customer ID',},
+  'isMailboxSetup':
+    {CLASS: PC_BOOLEAN, TITLE: 'Mailbox is setup',},
+  'includeInGlobalAddressList':
+    {CLASS: PC_BOOLEAN, TITLE: 'Included in GAL',},
+  'creationTime':
+    {CLASS: PC_TIME, TITLE: 'Creation Time',},
+  'lastLoginTime':
+    {CLASS: PC_TIME, TITLE: 'Last login time',},
+  'deletionTime':
+    {CLASS: PC_TIME, TITLE: 'Deletion Time',},
+  'orgUnitPath':
+    {CLASS: PC_STRING, TITLE: 'Google Org Unit Path',},
+  'thumbnailPhotoUrl':
+    {CLASS: PC_STRING, TITLE: 'Photo URL',},
+  'addresses':
+    {CLASS: PC_ADDRESSES, TITLE: 'Addresses',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'home', 'other', 'work'],},},
+  'emails':
+    {CLASS: PC_EMAILS, TITLE: 'Other Emails',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'home', 'other', 'work'],},},
+  'externalIds':
+    {CLASS: PC_ARRAY, TITLE: 'External IDs',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'account', 'customer', 'login_id', 'network', 'organization'],},},
+  'gender':
+    {CLASS: PC_GENDER, TITLE: 'Gender',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'other',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'other', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customGender',
+        PTKW_KEYWORD_LIST: ['male', 'female', 'other', 'unknown'],},},
+  'ims':
+    {CLASS: PC_IMS, TITLE: 'IMs',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'home', 'other', 'work'],},},
+  'keywords':
+    {CLASS: PC_ARRAY, TITLE: 'Keywords',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'mission', 'occupation', 'outlook'],},},
+  'locations':
+    {CLASS: PC_LOCATIONS, TITLE: 'Locations',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'default', 'desk'],},},
+  'notes':
+    {CLASS: PC_NOTES, TITLE: 'Notes',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: None,
+        PTKW_ATTR_TYPE_KEYWORD: 'contentType', PTKW_ATTR_TYPE_CUSTOM_VALUE: None, PTKW_ATTR_CUSTOMTYPE_KEYWORD: None,
+        PTKW_KEYWORD_LIST: ['text_plain', 'text_html'],},},
+  'organizations':
+    {CLASS: PC_ORGANIZATIONS, TITLE: 'Organizations',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom', PTKW_CL_CUSTOMTYPE_KEYWORD: 'customtype',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: None, PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'domain_only', 'school', 'unknown', 'work'],},},
+  'phones':
+    {CLASS: PC_ARRAY, TITLE: 'Phones',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'home', 'work', 'other',
+                            'home_fax', 'work_fax', 'other_fax',
+                            'mobile', 'pager',
+                            'company_main', 'assistant',
+                            'car', 'radio', 'isdn', 'callback',
+                            'telex', 'tty_tdd', 'work_mobile',
+                            'work_pager', 'main', 'grand_central'],},},
+  'posixAccounts':
+    {CLASS: PC_POSIX, TITLE: 'Posix Accounts',},
+  'relations':
+    {CLASS: PC_ARRAY, TITLE: 'Relations',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'spouse', 'child', 'mother',
+                            'father', 'parent', 'brother',
+                            'sister', 'friend', 'relative',
+                            'domestic_partner', 'partner',
+                            'manager', 'dotted_line_manager',
+                            'assistant', 'admin_assistant', 'exec_assistant',
+                            'referred_by'],},},
+  'sshPublicKeys':
+    {CLASS: PC_SSH, TITLE: 'SSH Public Keys',},
+  'websites':
+    {CLASS: PC_ARRAY, TITLE: 'Websites',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'home', 'work',
+                            'home_page', 'ftp', 'blog',
+                            'profile', 'other', 'reservations',
+                            'app_install_page', 'resume'],},},
+  'customSchemas':
+    {CLASS: PC_SCHEMAS, TITLE: 'Custom Schemas',
+     TYPE_KEYWORDS:
+       {PTKW_CL_TYPE_KEYWORD: 'type', PTKW_CL_CUSTOM_KEYWORD: 'custom',
+        PTKW_ATTR_TYPE_KEYWORD: 'type', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customType',
+        PTKW_KEYWORD_LIST: ['custom', 'home', 'other', 'work'],},},
+  'aliases': {
+    CLASS: PC_ALIASES, TITLE: 'Email Aliases',},
+  'nonEditableAliases': {
+    CLASS: PC_ALIASES, TITLE: 'NonEditable Aliases',},
+  }
+#
+IM_PROTOCOLS = {
+  PTKW_CL_TYPE_KEYWORD: 'protocol', PTKW_CL_CUSTOM_KEYWORD: 'custom_protocol',
+  PTKW_ATTR_TYPE_KEYWORD: 'protocol', PTKW_ATTR_TYPE_CUSTOM_VALUE: 'custom_protocol', PTKW_ATTR_CUSTOMTYPE_KEYWORD: 'customProtocol',
+  PTKW_KEYWORD_LIST: ['custom_protocol', 'aim', 'gtalk', 'icq', 'jabber', 'msn', 'net_meeting', 'qq', 'skype', 'xmpp', 'yahoo']
+  }

src/gam/gamlib/glverlibs.py

@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""GAM extended library versions
+
+"""
+
+GAM_VER_LIBS = ['cryptography',
+                'filelock',
+                'google-api-python-client',
+                'google-auth-httplib2',
+                'google-auth-oauthlib',
+                'google-auth',
+                'httplib2',
+                'passlib',
+                'python-dateutil',
+                'yubikey-manager',
+                ]

src/gam/gamlib/yubikey.py

@@ -0,0 +1,196 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+#
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""YubiKey"""
+
+import base64
+import datetime
+from secrets import SystemRandom
+import string
+import sys
+
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding
+from smartcard.Exceptions import CardConnectionException
+from ykman.device import list_all_devices
+from ykman.piv import generate_self_signed_certificate, generate_chuid
+from yubikit.piv import DEFAULT_MANAGEMENT_KEY, \
+                        InvalidPinError, \
+                        KEY_TYPE, \
+                        MANAGEMENT_KEY_TYPE, \
+                        PIN_POLICY, \
+                        PivSession, \
+                        OBJECT_ID, \
+                        SLOT, \
+                        TOUCH_POLICY
+from yubikit.core.smartcard import ApduError, SmartCardConnection
+
+YUBIKEY_CONNECTION_ERROR_RC = 80
+YUBIKEY_INVALID_KEY_TYPE_RC = 81
+YUBIKEY_INVALID_SLOT_RC = 82
+YUBIKEY_INVALID_PIN_RC = 83
+YUBIKEY_APDU_ERROR_RC = 84
+YUBIKEY_VALUE_ERROR_RC = 85
+YUBIKEY_MULTIPLE_CONNECTED_RC = 86
+YUBIKEY_NOT_FOUND_RC = 87
+
+from gam import mplock
+
+from gam import systemErrorExit
+from gam import readStdin
+from gam import writeStdout
+
+from gam.gamlib import glmsgs as Msg
+
+PIN_PUK_CHARS = string.ascii_letters+string.digits+string.punctuation
+
+class YubiKey():
+
+  def __init__(self, service_account_info=None):
+    self.key_type = None
+    self.slot = None
+    self.serial_number = None
+    self.pin = None
+    self.key_id = None
+    if service_account_info:
+      key_type = service_account_info.get('yubikey_key_type', 'RSA2048')
+      try:
+        self.key_type = getattr(KEY_TYPE, key_type.upper())
+      except AttributeError:
+        systemErrorExit(YUBIKEY_INVALID_KEY_TYPE_RC, f'{key_type} is not a valid value for yubikey_key_type')
+      slot = service_account_info.get('yubikey_slot', 'AUTHENTICATION')
+      try:
+        self.slot = getattr(SLOT, slot.upper())
+      except AttributeError:
+        systemErrorExit(YUBIKEY_INVALID_SLOT_RC, f'{slot} is not a valid value for yubikey_slot')
+      self.serial_number = service_account_info.get('yubikey_serial_number')
+      self.pin = service_account_info.get('yubikey_pin')
+      self.key_id = service_account_info.get('private_key_id')
+
+  def _connect(self):
+    try:
+      devices = list_all_devices()
+      for (device, info) in devices:
+        if info.serial == self.serial_number:
+          return device.open_connection(SmartCardConnection)
+    except CardConnectionException as err:
+      systemErrorExit(YUBIKEY_CONNECTION_ERROR_RC, f'YubiKey - {err}')
+
+  def get_certificate(self):
+    try:
+      conn = self._connect()
+      with conn:
+        session = PivSession(conn)
+        if self.pin:
+          try:
+            session.verify_pin(self.pin)
+          except InvalidPinError as err:
+            systemErrorExit(YUBIKEY_INVALID_PIN_RC, f'YubiKey - {err}')
+        try:
+          cert = session.get_certificate(self.slot)
+        except ApduError as err:
+          systemErrorExit(YUBIKEY_APDU_ERROR_RC, f'YubiKey - {err}')
+      cert_pem = cert.public_bytes(serialization.Encoding.PEM).decode()
+      publicKeyData = base64.b64encode(cert_pem.encode())
+      if isinstance(publicKeyData, bytes):
+        publicKeyData = publicKeyData.decode()
+      return publicKeyData
+    except ValueError as err:
+      systemErrorExit(YUBIKEY_VALUE_ERROR_RC, f'YubiKey - {err}')
+
+  def get_serial_number(self):
+    try:
+      devices = list_all_devices()
+      if not devices:
+        systemErrorExit(YUBIKEY_NOT_FOUND_RC, Msg.COULD_NOT_FIND_ANY_YUBIKEY)
+      if self.serial_number:
+        for (_, info) in devices:
+          if info.serial == self.serial_number:
+            return info.serial
+        systemErrorExit(YUBIKEY_NOT_FOUND_RC, Msg.COULD_NOT_FIND_YUBIKEY_WITH_SERIAL.format(self.serial_number))
+      if len(devices) > 1:
+        serials = ', '.join([str(info.serial) for (_, info) in devices])
+        systemErrorExit(YUBIKEY_MULTIPLE_CONNECTED_RC, Msg.MULTIPLE_YUBIKEYS_CONNECTED.format(serials))
+      return devices[0][1].serial
+    except ValueError as err:
+      systemErrorExit(YUBIKEY_VALUE_ERROR_RC, f'YubiKey - {err}')
+
+  def reset_piv(self):
+    '''Resets YubiKey PIV app and generates new key for GAM to use.'''
+    reply = str(readStdin(Msg.CONFIRM_WIPE_YUBIKEY_PIV).lower().strip())
+    if reply != 'y':
+      sys.exit(1)
+    try:
+      conn = self._connect()
+      with conn:
+        piv = PivSession(conn)
+        piv.reset()
+        rnd = SystemRandom()
+        new_puk = ''.join(rnd.choice(PIN_PUK_CHARS) for _ in range(8))
+        new_pin = ''.join(rnd.choice(PIN_PUK_CHARS) for _ in range(8))
+        piv.change_puk('12345678', new_puk)
+        piv.change_pin('123456', new_pin)
+        writeStdout(Msg.YUBIKEY_PIN_SET_TO.format(new_pin))
+        piv.authenticate(MANAGEMENT_KEY_TYPE.TDES, DEFAULT_MANAGEMENT_KEY)
+        piv.verify_pin(new_pin)
+        writeStdout(Msg.YUBIKEY_GENERATING_NONEXPORTABLE_PRIVATE_KEY)
+        pubkey = piv.generate_key(SLOT.AUTHENTICATION,
+                                  KEY_TYPE.RSA2048,
+                                  PIN_POLICY.ALWAYS,
+                                  TOUCH_POLICY.NEVER)
+        now = datetime.datetime.utcnow()
+        valid_to = now + datetime.timedelta(days=36500)
+        subject = 'CN=GAM Created Key'
+        piv.authenticate(MANAGEMENT_KEY_TYPE.TDES, DEFAULT_MANAGEMENT_KEY)
+        piv.verify_pin(new_pin)
+        cert = generate_self_signed_certificate(piv,
+                                                SLOT.AUTHENTICATION,
+                                                pubkey,
+                                                subject,
+                                                now,
+                                                valid_to)
+        piv.put_certificate(SLOT.AUTHENTICATION, cert)
+        piv.put_object(OBJECT_ID.CHUID, generate_chuid())
+    except ValueError as err:
+      systemErrorExit(YUBIKEY_VALUE_ERROR_RC, f'YubiKey - {err}')
+
+  def sign(self, message):
+    if mplock is not None:
+      mplock.acquire()
+    try:
+      conn = self._connect()
+      with conn:
+        session = PivSession(conn)
+        if self.pin:
+          try:
+            session.verify_pin(self.pin)
+          except InvalidPinError as err:
+            systemErrorExit(YUBIKEY_INVALID_PIN_RC, f'YubiKey - {err}')
+        try:
+          signed = session.sign(slot=self.slot,
+                                key_type=self.key_type,
+                                message=message,
+                                hash_algorithm=hashes.SHA256(),
+                                padding=padding.PKCS1v15())
+        except ApduError as err:
+          systemErrorExit(YUBIKEY_APDU_ERROR_RC, f'YubiKey - {err}')
+    except ValueError as err:
+      systemErrorExit(YUBIKEY_VALUE_ERROR_RC, f'YubiKey - {err}')
+    if mplock is not None:
+      mplock.release()
+    return signed