Fix missing scope issue; other minor fixs

src/gam/__init__.py

@@ -672,7 +672,7 @@ def SvcAcctAPIAccessDeniedExit():
   apiOrScopes = API.getAPIName(GM.Globals[GM.CURRENT_SVCACCT_API]) if GM.Globals[GM.CURRENT_SVCACCT_API] else ','.join(sorted(GM.Globals[GM.CURRENT_SVCACCT_API_SCOPES]))
   writeStderr(Msg.API_CHECK_SVCACCT_AUTHORIZATION.format(GM.Globals[GM.OAUTH2SERVICE_CLIENT_ID],
                                                          apiOrScopes,
-                                                         GM.Globals[GM.CURRENT_SVCACCT_USER]))
+                                                         GM.Globals[GM.CURRENT_SVCACCT_USER] or 'user@domain.com'))
   systemErrorExit(API_ACCESS_DENIED_RC, None)
 
 def SvcAcctAPIDisabledExit():
@@ -5496,7 +5496,7 @@ def buildGAPIObject(api, credentials=None):
 def getSaUser(user):
   currentClientAPI = GM.Globals[GM.CURRENT_CLIENT_API]
   currentClientAPIScopes = GM.Globals[GM.CURRENT_CLIENT_API_SCOPES]
-  userEmail = convertUIDtoEmailAddress(user) if user else None 
+  userEmail = convertUIDtoEmailAddress(user) if user else None
   GM.Globals[GM.CURRENT_CLIENT_API] = currentClientAPI
   GM.Globals[GM.CURRENT_CLIENT_API_SCOPES] = currentClientAPIScopes
   return userEmail
@@ -11379,7 +11379,7 @@ def _getLoginHintProjectInfo(createCmd):
   svcAcctInfo = {'name': '', 'displayName': '', 'description': ''}
   if not Cmd.PeekArgumentPresent(['admin', 'appname', 'supportemail', 'project', 'parent',
                                   'projectname', 'saname', 'sadisplayname', 'sadescription',
-                                  'algorithm', 'localkeysize', 'yubikey']):
+                                  'algorithm', 'localkeysize', 'validityhours', 'yubikey']):
     login_hint = getString(Cmd.OB_EMAIL_ADDRESS, optional=True)
     if login_hint and login_hint.find('@') == -1:
       Cmd.Backup()
@@ -11405,7 +11405,7 @@ def _getLoginHintProjectInfo(createCmd):
         pass
       elif createCmd and _getAppInfo(myarg, appInfo):
         pass
-      elif myarg in {'algorithm', 'localkeysize', 'yubikey'}:
+      elif myarg in {'algorithm', 'localkeysize', 'validityhours', 'yubikey'}:
         Cmd.Backup()
         break
       else:
@@ -12368,6 +12368,8 @@ def doProcessSvcAcctKeys(mode, iam=None, projectId=None, clientEmail=None, clien
         local_key_size = 0
       elif myarg == 'localkeysize':
         local_key_size = int(getChoice(['1024', '2048', '4096']))
+      elif myarg == 'validityhours':
+        validityHours = getInteger()
       elif myarg == 'yubikey':
         new_data['key_type'] = 'yubikey'
       elif myarg == 'yubikeyslot':
@@ -12376,8 +12378,6 @@ def doProcessSvcAcctKeys(mode, iam=None, projectId=None, clientEmail=None, clien
         new_data['yubikey_pin'] = readStdin('Enter your YubiKey PIN: ')
       elif myarg == 'yubikeyserialnumber':
         new_data['yubikey_serial_number'] = getInteger()
-      elif myarg == 'validityhours':
-        validityHours = getInteger()
       else:
         unknownArgumentExit()
     
@@ -39132,7 +39132,7 @@ def _setHoldQuery(body, queryParameters):
     if queryParameters.get('coveredData'):
       body['query'][queryType]['coveredData'] = queryParameters['coveredData']
 
-# gam create vaulthold|hold matter <MatterItem> [name <String>] corpus drive|mail|groups|hangouts_chat
+# gam create vaulthold|hold matter <MatterItem> [name <String>] corpus calendar|drive|mail|groups|hangouts_chat|voice
 #	[(accounts|groups|users <EmailItemList>) | (orgunit|org|ou <OrgUnit>)]
 #	[query <QueryVaultCorpus>]
 #	[terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]

src/gam/gamlib/glapi.py

@@ -113,6 +113,7 @@ REQUIRED_SCOPES_SET = set(REQUIRED_SCOPES)
 JWT_APIS = {
   ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
   CHAT: ['https://www.googleapis.com/auth/chat.bot'],
+  CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
   ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
   }
 #

src/gam/gamlib/glmsgs.py

@@ -111,7 +111,7 @@ Proceed to the authentication steps.
 SYSTEM_TIME_STATUS = 'System time status'
 YOUR_SYSTEM_TIME_DIFFERS_FROM_GOOGLE = 'Your system time differs from {0} by {1}'
 PRESS_ENTER_ONCE_AUTHORIZATION_IS_COMPLETE = 'Press enter once authorization is complete.'
-SERVICE_ACCOUNT_API_DISABLED = '{0} not enabled. Please run "gam update project" and "gam user user@domain.com check serviceaccount"'
+SERVICE_ACCOUNT_API_DISABLED = '{0} not enabled. Please run "gam update project" and "gam user user@domain.com update serviceaccount"'
 SERVICE_ACCOUNT_PRIVATE_KEY_AUTHENTICATION = 'Service Account Private Key Authentication'
 SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE = 'Service Account Private Key age; Google recommends rotating keys on a routine basis'
 SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
@@ -162,7 +162,7 @@ ALREADY_EXISTS_USE_MERGE_ARGUMENT = 'Already exists; use the "merge" argument to
 API_ACCESS_DENIED = 'API access Denied'
 API_CALLS_RETRY_DATA = 'API calls retry data\n'
 API_CHECK_CLIENT_AUTHORIZATION = 'Please make sure the Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam oauth create\n'
-API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} check serviceaccount\n'
+API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
 API_ERROR_SETTINGS = 'API error, some settings not set'
 ARE_BOTH_REQUIRED = 'Arguments {0} and {1} are both required'
 ARE_MUTUALLY_EXCLUSIVE = 'Arguments {0} and {1} are mutually exclusive'