From 3d6197307197dabb247ebcb6093688aafd531b60 Mon Sep 17 00:00:00 2001
From: Jay Lee <jay0lee@gmail.com>
Date: Wed, 30 Dec 2015 15:30:58 -0500
Subject: [PATCH 1/3] discovery files for 2 other gdata apis to standardize
 scope discovery

---
 src/email-audit-v1.json    | 34 ++++++++++++++++++++++++++++++++++
 src/email-settings-v1.json | 34 ++++++++++++++++++++++++++++++++++
 src/gam.py                 | 35 +++++++++++++++++++----------------
 3 files changed, 87 insertions(+), 16 deletions(-)
 create mode 100644 src/email-audit-v1.json
 create mode 100644 src/email-settings-v1.json

diff --git a/src/email-audit-v1.json b/src/email-audit-v1.json
new file mode 100644
index 00000000..b617e1f5
--- /dev/null
+++ b/src/email-audit-v1.json
@@ -0,0 +1,34 @@
+{
+ "kind": "discovery#restDescription",
+ "discoveryVersion": "v1",
+ "id": "email-audit:v1",
+ "name": "email-audit",
+ "version": "v1",
+ "revision": "20130823",
+ "title": "Email Audit API",
+ "description": "Lets you peform Google Apps Email Audits",
+ "ownerDomain": "google.com",
+ "ownerName": "Google",
+ "icons": {
+  "x16": "http://www.google.com/images/icons/product/search-16.gif",
+  "x32": "http://www.google.com/images/icons/product/search-32.gif"
+ },
+ "documentationLink": "https://developers.google.com/admin-sdk/email-audit",
+ "protocol": "rest",
+ "baseUrl": "https://apps-apis.google.com/",
+ "rootUrl": "https://apps-apis.google.com/",
+ "servicePath": "/a/feeds/compliance/audit/",
+ "auth": {
+  "oauth2": {
+   "scopes": {
+    "https://apps-apis.google.com/a/feeds/compliance/audit/": {
+     "description": "Manage email audits"
+    }
+   }
+  }
+ },
+ "schemas": {
+ },
+ "resources": {
+ }
+}
diff --git a/src/email-settings-v1.json b/src/email-settings-v1.json
new file mode 100644
index 00000000..d2ab10be
--- /dev/null
+++ b/src/email-settings-v1.json
@@ -0,0 +1,34 @@
+{
+ "kind": "discovery#restDescription",
+ "discoveryVersion": "v1",
+ "id": "email-settings:v1",
+ "name": "email-settings",
+ "version": "v1",
+ "revision": "20130823",
+ "title": "Email Settings API",
+ "description": "Lets you manage Google Apps Email Settings",
+ "ownerDomain": "google.com",
+ "ownerName": "Google",
+ "icons": {
+  "x16": "http://www.google.com/images/icons/product/search-16.gif",
+  "x32": "http://www.google.com/images/icons/product/search-32.gif"
+ },
+ "documentationLink": "https://developers.google.com/admin-sdk/email-settings",
+ "protocol": "rest",
+ "baseUrl": "https://apps-apis.google.com/",
+ "rootUrl": "https://apps-apis.google.com/",
+ "servicePath": "/a/feeds/emailsettings/2.0/",
+ "auth": {
+  "oauth2": {
+   "scopes": {
+    "https://apps-apis.google.com/a/feeds/emailsettings/2.0/": {
+     "description": "Manage email audits"
+    }
+   }
+  }
+ },
+ "schemas": {
+ },
+ "resources": {
+ }
+}
diff --git a/src/gam.py b/src/gam.py
index 5da9d282..0175f277 100755
--- a/src/gam.py
+++ b/src/gam.py
@@ -73,10 +73,6 @@ FN_OAUTH2SERVICE_JSON = u'oauth2service.json'
 MY_CUSTOMER = u'my_customer'
 UNKNOWN = u'Unknown'
 
-GDATA_EMAIL_SETTINGS_SCOPE = u'https://apps-apis.google.com/a/feeds/emailsettings/2.0/'
-GDATA_ADMIN_SETTINGS_SCOPE = u'https://apps-apis.google.com/a/feeds/domain/'
-GDATA_EMAIL_AUDIT_SCOPE = u'https://apps-apis.google.com/a/feeds/compliance/audit/'
-
 #
 # Global variables
 #
@@ -561,7 +557,7 @@ def doGAMVersion():
                                                                                                                          GM_Globals[GM_GAM_PATH])
 
 def tryOAuth(gdataObject, scope):
-  scope = [scope, u'email']
+  scope.append(u'email')
   credentials = oauth2client.client.SignedJwtAssertionCredentials(GM_Globals[GM_OAUTH2SERVICE_ACCOUNT_EMAIL],
                                                                   GM_Globals[GM_OAUTH2SERVICE_KEY],
                                                                   scope=scope, user_agent=GAM_INFO, sub=GC_Values[GC_ADMIN]) # TODO lookup admin user from file
@@ -772,6 +768,8 @@ API_VER_MAPPING = {
   u'oauth2': u'v2',
   u'reports': u'reports_v1',
   u'siteVerification': u'v1',
+  u'email-settings': u'v1',
+  u'email-audit': u'v1'
   }
 
 def getAPIVer(api):
@@ -782,7 +780,7 @@ def getAPIScope(service):
   granted_scopes = api_scopes # TODO fix to lookup from file
   return [val for val in api_scopes if val in granted_scopes] + [u'email']
 
-def getServiceFromDiscoveryDocument(api, version, http):
+def getServiceFromDiscoveryDocument(api, version, http=None):
   disc_filename = u'%s-%s.json' % (api, version)
   disc_file = os.path.join(GC_Values[GC_SITE_DIR], disc_filename)
   if hasattr(sys, '_MEIPASS'):
@@ -858,18 +856,24 @@ def commonAppsObjInit(appsObj, scope):
 
 def getAdminSettingsObject():
   import gdata.apps.adminsettings.service
+  service = getServiceFromDiscoveryDocument(u'admin-settings', u'v1')
+  scope = service._rootDesc[u'auth'][u'oauth2']['scopes'].keys()
   return commonAppsObjInit(gdata.apps.adminsettings.service.AdminSettingsService(),
-    GDATA_ADMIN_SETTINGS_SCOPE)
+    scope)
 
 def getAuditObject():
   import gdata.apps.audit.service
+  service = getServiceFromDiscoveryDocument(u'email-audit', u'v1')
+  scope = service._rootDesc[u'auth'][u'oauth2']['scopes'].keys()
   return commonAppsObjInit(gdata.apps.audit.service.AuditService(),
-    GDATA_EMAIL_AUDIT_SCOPE)
+    scope)
 
 def getEmailSettingsObject():
   import gdata.apps.emailsettings.service
+  service = getServiceFromDiscoveryDocument(u'email-settings', u'v1')
+  scope = service._rootDesc[u'auth'][u'oauth2']['scopes'].keys()
   return commonAppsObjInit(gdata.apps.emailsettings.service.EmailSettingsService(),
-    GDATA_EMAIL_SETTINGS_SCOPE)
+    scope)
 
 def geturl(url, dst):
   import urllib2
@@ -8720,6 +8724,7 @@ def doRequestOAuth():
   admin_email = raw_input(u'Please enter your admin email address: ')
   apis = API_VER_MAPPING.keys()
   apis.remove(u'oauth2')
+  all_apis = {}
   for api in apis:
     version = getAPIVer(api)
     if api in [u'directory', u'reports', u'datatransfer']:
@@ -8730,13 +8735,11 @@ def doRequestOAuth():
       service = googleapiclient.discovery.build(api, version, http=http, cache_discovery=False)
     except googleapiclient.errors.UnknownApiNameOrVersion:
       service = getServiceFromDiscoveryDocument(api, version, http)
-    print u'%s: %s' % (service._rootDesc['title'], service._rootDesc['description'])
-    for scope in service._rootDesc[u'auth'][u'oauth2'][u'scopes'].items():
-      scope_value = scope[0]
-      scope_description = scope[1][u'description']
-      print u'  %s\n  %s' % (scope_value, scope_description)
-      print
-    print
+    all_apis[api] = service._rootDesc
+  i = 0
+  for api in all_apis.values():
+    print u'[*]  %s) %s' % (i, api[u'title'])
+    i += 1
 
 def batch_worker():
   while True:

From 881cc4d2555a18601beaa29a872ecef9d02bf68b Mon Sep 17 00:00:00 2001
From: Jay Lee <jay0lee@gmail.com>
Date: Wed, 30 Dec 2015 15:36:24 -0500
Subject: [PATCH 2/3] redo of Ross' latest patch against my updates

---
 src/gam.py | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/gam.py b/src/gam.py
index 0175f277..b00f1d73 100755
--- a/src/gam.py
+++ b/src/gam.py
@@ -556,7 +556,7 @@ def doGAMVersion():
                                                                                                                          platform.platform(), platform.machine(),
                                                                                                                          GM_Globals[GM_GAM_PATH])
 
-def tryOAuth(gdataObject, scope):
+def tryOAuth(gdataObject, scope, soft_errors=False):
   scope.append(u'email')
   credentials = oauth2client.client.SignedJwtAssertionCredentials(GM_Globals[GM_OAUTH2SERVICE_ACCOUNT_EMAIL],
                                                                   GM_Globals[GM_OAUTH2SERVICE_KEY],
@@ -5334,7 +5334,6 @@ def doCreateUser():
 
 def doCreateGroup():
   cd = buildGAPIObject(u'directory')
-  use_gs_api = False
   body = dict()
   body[u'email'] = sys.argv[3]
   if body[u'email'].find(u'@') == -1:
@@ -5997,7 +5996,6 @@ def doUpdateGroup():
           print u'ERROR: %s is not a valid argument for "gam update group"' % sys.argv[i]
           sys.exit(2)
         gs_body[attrib] = value
-        use_gs_api = True
         i += 2
     if group[:4].lower() == u'uid:': # group settings API won't take uid so we make sure cd API is used so that we can grab real email.
       use_cd_api = True
@@ -6255,12 +6253,7 @@ def doGetUserInfo(user_email=None):
       user_email = sys.argv[3]
       i = 4
     else:
-      storage = oauth2client.file.Storage(GC_Values[GC_OAUTH2_TXT])
-      credentials = storage.get()
-      if credentials is None or credentials.invalid:
-        doRequestOAuth()
-        credentials = storage.get()
-      user_email = credentials.id_token[u'email']
+      user_email = GC_Values[GC_ADMIN]
   if user_email[:4].lower() == u'uid:':
     user_email = user_email[4:]
   elif user_email.find(u'@') == -1:

From b6c5f1b1e73b9b012808713e70c5488c351ba06c Mon Sep 17 00:00:00 2001
From: Jay Lee <jay0lee@gmail.com>
Date: Wed, 30 Dec 2015 15:39:40 -0500
Subject: [PATCH 3/3] gdata discovery files wrap into Windows build

---
 src/gam.spec | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/gam.spec b/src/gam.spec
index 57abac1f..83620ea1 100644
--- a/src/gam.spec
+++ b/src/gam.spec
@@ -11,6 +11,8 @@ for d in a.datas:
 a.datas += [('httplib2/cacerts.txt', 'httplib2\cacerts.txt', 'DATA')]
 a.datas += [('cloudprint-v2.json', 'cloudprint-v2.json', 'DATA')]
 a.datas += [('admin-settings-v1.json', 'admin-settings-v1.json', 'DATA')]
+a.datas += [('email-settings-v1.json', 'email-settings-v1.json', 'DATA')]
+a.datas += [('email-audit-v1.json', 'email-audit-v1.json', 'DATA')]
 pyz = PYZ(a.pure)
 exe = EXE(pyz,
           a.scripts,