From 4cef7c4c2d81584e8952dfe32c375622f35e2ded Mon Sep 17 00:00:00 2001
From: ejochman <34144949+ejochman@users.noreply.github.com>
Date: Fri, 1 Dec 2017 10:20:54 -0800
Subject: [PATCH 1/3] Centralize credential operations and improve separation
 of concerns (#633)

Improve code reuse and separation of concerns around credential handling by removing duplicate code handling invalid and expired credentials.
---
 src/gam.py | 121 +++++++++++++++++++++++++++++------------------------
 1 file changed, 66 insertions(+), 55 deletions(-)

diff --git a/src/gam.py b/src/gam.py
index 1a754a18..37a7c9c6 100755
--- a/src/gam.py
+++ b/src/gam.py
@@ -836,6 +836,17 @@ def getOauth2TxtStorageCredentials():
   except (KeyError, ValueError):
     return (storage, None)
 
+def getValidOauth2TxtCredentials():
+  """Gets OAuth2 credentials which are guaranteed to be fresh and valid."""
+  storage, credentials = getOauth2TxtStorageCredentials()
+  if credentials is None or credentials.invalid:
+    doRequestOAuth()
+    credentials = storage.get()
+  elif credentials.access_token_expired:
+    http = httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL])
+    credentials.refresh(http)
+  return credentials
+
 def getService(api, http):
   api, version, api_version = getAPIVersion(api)
   retries = 3
@@ -873,10 +884,7 @@ def getService(api, http):
 
 def buildGAPIObject(api):
   GM_Globals[GM_CURRENT_API_USER] = None
-  storage, credentials = getOauth2TxtStorageCredentials()
-  if not credentials or credentials.invalid:
-    doRequestOAuth()
-    credentials = storage.get()
+  credentials = getValidOauth2TxtCredentials()
   credentials.user_agent = GAM_INFO
   http = credentials.authorize(httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL],
                                              cache=GM_Globals[GM_CACHE_DIR]))
@@ -899,7 +907,7 @@ def buildGAPIObject(api):
       except KeyError:
         GC_Values[GC_CUSTOMER_ID] = MY_CUSTOMER
   else:
-    GC_Values[GC_DOMAIN] = credentials.id_token.get(u'hd', u'UNKNOWN').lower()
+    GC_Values[GC_DOMAIN] = _getValueFromOAuth(u'hd', credentials=credentials)
     if not GC_Values[GC_CUSTOMER_ID]:
       GC_Values[GC_CUSTOMER_ID] = MY_CUSTOMER
   return service
@@ -8662,11 +8670,8 @@ def doCreateResoldCustomer():
   result = callGAPI(res.customers(), u'insert', body=body, customerAuthToken=customerAuthToken, fields=u'customerId,customerDomain')
   print u'Created customer %s with id %s' % (result[u'customerDomain'], result[u'customerId'])
 
-def _getValueFromOAuth(field):
-  storage, credentials = getOauth2TxtStorageCredentials()
-  if credentials is None or credentials.invalid:
-    doRequestOAuth()
-    credentials = storage.get()
+def _getValueFromOAuth(field, credentials=None):
+  credentials = credentials if credentials is not None else getValidOauth2TxtCredentials()
   return credentials.id_token.get(field, u'Unknown')
 
 def doGetUserInfo(user_email=None):
@@ -11277,31 +11282,26 @@ def getUsersToModify(entity_type=None, entity=None, silent=False, member_type=No
   return full_users
 
 def OAuthInfo():
+  credentials = None
   if len(sys.argv) > 3:
     access_token = sys.argv[3]
   else:
-    storage, credentials = getOauth2TxtStorageCredentials()
-    if credentials is None or credentials.invalid:
-      doRequestOAuth()
-      credentials = storage.get()
+    credentials = getValidOauth2TxtCredentials()
     credentials.user_agent = GAM_INFO
-    http = httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL])
-    if credentials.access_token_expired:
-      credentials.refresh(http)
     access_token = credentials.access_token
     print u"\nOAuth File: %s" % GC_Values[GC_OAUTH2_TXT]
+
   oa2 = buildGAPIObject(u'oauth2')
   token_info = callGAPI(oa2, u'tokeninfo', access_token=access_token)
   print u"Client ID: %s" % token_info[u'issued_to']
-  try:
+  if credentials is not None:
     print u"Secret: %s" % credentials.client_secret
-  except UnboundLocalError:
-    pass
   scopes = token_info[u'scope'].split(u' ')
   print u'Scopes (%s):' % len(scopes)
   for scope in sorted(scopes):
     print u'  %s' % scope
-  print u'G Suite Admin: %s' % credentials.id_token.get(u'email', u'Unknown')
+  if credentials is not None:
+    print u'G Suite Admin: %s' % _getValueFromOAuth(u'email', credentials=credentials)
 
 def doDeleteOAuth():
   _, credentials = getOauth2TxtStorageCredentials()
@@ -11325,6 +11325,48 @@ def doDeleteOAuth():
     stderrErrorMsg(str(e))
     os.remove(GC_Values[GC_OAUTH2_TXT])
 
+def doRequestOAuth(login_hint=None):
+  storage, credentials = getOauth2TxtStorageCredentials()
+  if credentials is None or credentials.invalid:
+    http = httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL])
+    flags = cmd_flags(noLocalWebserver=GC_Values[GC_NO_BROWSER])
+    scopes = getScopesFromUser()
+    client_id, client_secret = getOAuthClientIDAndSecret()
+    login_hint = getValidateLoginHint(login_hint)
+    flow = oauth2client.client.OAuth2WebServerFlow(client_id=client_id,
+                                                   client_secret=client_secret, scope=scopes, redirect_uri=oauth2client.client.OOB_CALLBACK_URN,
+                                                   user_agent=GAM_INFO, response_type=u'code', login_hint=login_hint)
+    try:
+      credentials = oauth2client.tools.run_flow(flow=flow, storage=storage, flags=flags, http=http)
+    except httplib2.CertificateValidationUnsupported:
+      noPythonSSLExit()
+  else:
+    print u'It looks like you\'ve already authorized GAM. Refusing to overwrite existing file:\n\n%s' % GC_Values[GC_OAUTH2_TXT]
+
+def getOAuthClientIDAndSecret():
+  """Retrieves the OAuth client ID and client secret from JSON."""
+  MISSING_CLIENT_SECRETS_MESSAGE = u'''To use GAM you need to create an API project. Please run:
+
+gam create project
+'''
+
+  cs_data = readFile(GC_Values[GC_CLIENT_SECRETS_JSON], mode=u'rb', continueOnError=True, displayError=True, encoding=None)
+  if not cs_data:
+    systemErrorExit(14, MISSING_CLIENT_SECRETS_MESSAGE)
+  try:
+    cs_json = json.loads(cs_data)
+    client_id = cs_json[u'installed'][u'client_id']
+    # chop off .apps.googleusercontent.com suffix as it's not needed
+    # and we need to keep things short for the Auth URL.
+    client_id = re.sub(r'\.apps\.googleusercontent\.com$', u'', client_id)
+    client_secret = cs_json[u'installed'][u'client_secret']
+  except (ValueError, IndexError, KeyError):
+    message = (u'ERROR: the format of your client secrets file:\n\n%s\n\n is '
+               'incorrect. Please recreate the file.')
+    systemErrorExit(3, message)
+
+  return (client_id, client_secret)
+
 class cmd_flags(object):
   def __init__(self, noLocalWebserver):
     self.short_url = True
@@ -11434,7 +11476,8 @@ OAUTH2_MENU += '''
 OAUTH2_CMDS = [u's', u'u', u'e', u'c']
 MAXIMUM_SCOPES = 28 # max of 30 - 2 for email scope always included
 
-def doRequestOAuth(login_hint=None):
+def getScopesFromUser():
+  """Prompts the user to choose from a list of scopes to authorize."""
   def _checkMakeScopesList(scopes):
     del scopes[:]
     for i in range(num_scopes):
@@ -11454,26 +11497,6 @@ def doRequestOAuth(login_hint=None):
     scopes.insert(0, u'email') # Email Display Scope, always included
     return (True, u'')
 
-  MISSING_CLIENT_SECRETS_MESSAGE = u'''To use GAM you need to create an API project. Please run:
-
-gam create project
-'''
-
-  cs_data = readFile(GC_Values[GC_CLIENT_SECRETS_JSON], mode=u'rb', continueOnError=True, displayError=True, encoding=None)
-  if not cs_data:
-    systemErrorExit(14, MISSING_CLIENT_SECRETS_MESSAGE)
-  try:
-    cs_json = json.loads(cs_data)
-    client_id = cs_json[u'installed'][u'client_id']
-    # chop off .apps.googleusercontent.com suffix as it's not needed
-    # and we need to keep things short for the Auth URL.
-    client_id = re.sub(r'\.apps\.googleusercontent\.com$', u'', client_id)
-    client_secret = cs_json[u'installed'][u'client_secret']
-  except (ValueError, IndexError, KeyError):
-    print u'ERROR: the format of your client secrets file:\n\n%s\n\n is incorrect. Please recreate the file.'
-    sys.exit(3)
-
-  login_hint = getValidateLoginHint(login_hint)
   num_scopes = len(OAUTH2_SCOPES)
   menu = OAUTH2_MENU % tuple(range(num_scopes))
   selected_scopes = []
@@ -11535,19 +11558,7 @@ gam create project
       status, message = _checkMakeScopesList(scopes)
       if status:
         break
-  flow = oauth2client.client.OAuth2WebServerFlow(client_id=client_id,
-                                                 client_secret=client_secret, scope=scopes, redirect_uri=oauth2client.client.OOB_CALLBACK_URN,
-                                                 user_agent=GAM_INFO, response_type=u'code', login_hint=login_hint)
-  storage, credentials = getOauth2TxtStorageCredentials()
-  if credentials is None or credentials.invalid:
-    http = httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL])
-    flags = cmd_flags(noLocalWebserver=GC_Values[GC_NO_BROWSER])
-    try:
-      credentials = oauth2client.tools.run_flow(flow=flow, storage=storage, flags=flags, http=http)
-    except httplib2.CertificateValidationUnsupported:
-      noPythonSSLExit()
-  else:
-    print u'It looks like you\'ve already authorized GAM. Refusing to overwrite existing file:\n\n%s' % GC_Values[GC_OAUTH2_TXT]
+  return scopes
 
 def init_gam_worker():
   signal.signal(signal.SIGINT, signal.SIG_IGN)

From 48fa6b755e07ed368bd14d70b527df163b145131 Mon Sep 17 00:00:00 2001
From: Ross Scroggs <taers232c@users.noreply.github.com>
Date: Sun, 3 Dec 2017 11:27:53 -0800
Subject: [PATCH 2/3] Various cleanups (#635)

* Various small cleanups

* Update GamCommands.txt
---
 src/GamCommands.txt | 109 +++++++++++++++++++++++++++++++-------------
 src/gam.py          |  40 ++++++++--------
 2 files changed, 98 insertions(+), 51 deletions(-)

diff --git a/src/GamCommands.txt b/src/GamCommands.txt
index 8eb63724..db4913dd 100644
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -14,12 +14,49 @@ Primitives
 <Character> ::= a single character
 <Digit> ::= 0|1|2|3|4|5|6|7|8|9
 <Number> ::= <Digit>+
+<Float> ::= <Digit>*.<Digit>+
 <Hex> ::= <Digit>|a|b|c|d|e|f|A|B|C|D|E|F
 <Space> ::= an actual space character
 <String> ::= a string of characters, surrounded by " if it contains spaces
 <TrueValues> ::= true|on|yes|enabled|1
 <FalseValues>= false|off|no|disabled|0
-<DataTransferService> ::= googledrive|gdrive|drive|"drive and docs"|calendar
+
+<Charset> ::= ascii|mbcs|utf-8|utf-8-sig|utf-16|<String>
+<ColorName> ::=
+	aliceblue|antiquewhite|aqua|aquamarine|azure|beige|bisque|black|blanchedalmond|blue|blueviolet|brown|burlywood|
+	cadetblue|chartreuse|chocolate|coral|cornflowerblue|cornsilk|crimson|cyan|
+	darkblue|darkcyan|darkgoldenrod|darkgray|darkgrey|darkgreen|darkkhaki|darkmagenta|darkolivegreen|darkorange|darkorchid|darkred|
+	darksalmon|darkseagreen|darkslateblue|darkslategray|darkslategrey|darkturquoise|darkviolet|deeppink|deepskyblue|dimgray|dimgrey|dodgerblue|
+	firebrick|floralwhite|forestgreen|fuchsia|gainsboro|ghostwhite|gold|goldenrod|gray|grey|green|greenyellow|
+	honeydew|hotpink|indianred|indigo|ivory|khaki|
+	lavender|lavenderblush|lawngreen|lemonchiffon|lightblue|lightcoral|lightcyan|lightgoldenrodyellow|lightgray|lightgrey|lightgreen|lightpink|
+	lightsalmon|lightseagreen|lightskyblue|lightslategray|lightslategrey|lightsteelblue|lightyellow|lime|limegreen|linen|
+	magenta|maroon|mediumaquamarine|mediumblue|mediumorchid|mediumpurple|mediumseagreen|mediumslateblue|
+	mediumspringgreen|mediumturquoise|mediumvioletred|midnightblue|mintcream|mistyrose|moccasin|navajowhite|navy|
+	oldlace|olive|olivedrab|orange|orangered|orchid|palegoldenrod|palegreen|paleturquoise|palevioletred|
+	papayawhip|peachpuff|peru|pink|plum|powderblue|purple|red|rosybrown|royalblue|
+	saddlebrown|salmon|sandybrown|seagreen|seashell|sienna|silver|skyblue|slateblue|slategray|slategrey|snow|springgreen|steelblue|
+	tan|teal|thistle|tomato|turquoise|violet|wheat|white|whitesmoke|yellow|yellowgreen
+<FileFormat> ::=
+	csv|html|txt|tsv|jpeg|jpg|png|svg|pdf|rtf|pptx|xlsx|docx|odt|ods|openoffice|ms|microsoft|micro$oft
+<Language> ::=
+	ach|af|ag|ak|am|ar|az|be|bem|bg|bn|br|bs|ca|chr|ckb|co|crs|cs|cy|da|de|ee|el|en|en-gb|en-us|eo|es|es-419|et|eu|
+	fa|fi|fo|fr|fr-ca|fy|ga|gaa|gd|gl|gn|gu|ha|haw|he|hi|hr|ht|hu|hy|ia|id|ig|in|is|it|iw|ja|jw|
+	ka|kg|kk|km|kn|ko|kri|ku|ky|la|lg|ln|lo|loz|lt|lua|lv|mfe|mg|mi|mk|ml|mn|mo|mr|ms|mt|my|
+	ne|nl|nn|no|nso|ny|nyn|oc|om|or|pa|pcm|pl|ps|pt-br|pt-pt|qu|rm|rn|ro|ru|rw|
+	sd|sh|si|sk|sl|sn|so|sq|sr|sr-me|st|su|sv|sw|ta|te|tg|th|ti|tk|tl|tn|to|tr|tt|tum|tw|
+	ug|uk|ur|uz|vi|wo|xh|yi|yo|zh-cn|zh-hk|zh-tw|zu
+<MimeType> ::=
+	gdoc|gdocument|
+	gdrawing|
+	gfolder|gdirectory|
+	gform|
+	gfusion|
+	gmap|
+	gpresentation|
+	gscript|
+	gsite|
+	gsheet|gspreadsheet
 <ProductID> ::=
 	Google-Apps|
 	Google-Chrome-Device-Management|
@@ -47,9 +84,6 @@ Primitives
 	drive16tb|16tb|googledrivestorage16tb|Google-Drive-storage-16TB|
 	vault|googlevault|Google-Vault|
 	vfe|googlevaultformeremployee|Google-Vault-Former-Employee
-<Charset> ::= ascii|mbcs|utf-8|utf-8-sig|utf-16|<String>
-<FileFormat> ::= csv|html|txt|tsv|jpeg|jpg|png|svg|pdf|rtf|pptx|xlsx|docx|odt|ods|openoffice|ms|microsoft|micro$oft
-<Language> ::= ar|bn|bg|ca|zh-CN|zh-TW|hr|cs|da|nl|en|en-GB|et|fi|fr|de|el|gu|iw|is|in|it|ja|kn|ko|lv|lt|ms|ml|mr|no|or|fa|pl|pt-BR|pt-PT|ro|ru|sr|sk|sl|es|sv|tl|ta|te|th|tr|uk|ur|vi
 
 Basic items built from primitives
 <Boolean> ::= <TrueValues>|<FalseValues>
@@ -65,9 +99,15 @@ Basic items built from primitives
 <Minute> ::= <Digit><Digit>
 <Second> ::= <Digit><Digit>
 <MilliSeconds> ::= <Digit><Digit><Digit>
-<Date> ::= <Year>-<Month>-<Day>
-<DateTime> ::= <Year>-<Month>-<Day>(<Space>|T)<Hour>:<Minute>
-<Time> ::= <Year>-<Month>-<Day>(<Space>|T)<Hour>:<Minute>[:<Second>[.<MilliSeconds>[Z]]]
+<Date> ::=
+	<Year>-<Month>-<Day> |
+	(+|-)<Number>(d|w)
+<DateTime> ::=
+	<Year>-<Month>-<Day>(<Space>|T)<Hour>:<Minute> |
+	(+|-)<Number>(m|h|d|w)
+<Time> ::=
+	<Year>-<Month>-<Day>(<Space>|T)<Hour>:<Minute>:<Second>[.<MilliSeconds>](Z|(+|-(<Hour>:<Minute>))) |
+	(+|-)<Number>(m|h|d|w)
 <RegularExpression> ::= <Python Regular Expression, see: https://docs.python.org/2/library/re.html>
 <Tag> ::= <String>
 <UniqueID> ::= uid:<String>
@@ -75,17 +115,19 @@ Basic items built from primitives
 Named items
 <AccessToken> ::= <String>
 <ACLScope> ::= [user:]<EmailAddress>|group:<EmailAddress>|domain[:<DomainName>]|default
+<ASPID> ::= <String>
 <CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer
 <CalendarColorIndex> ::== <Number in range 1-24>
 <CalendarItem> ::= <EmailAddress>|<String>
 <ClientID> ::= <String>
+<ColorValue> ::= <ColorName>|<ColorHex>
 <CollaboratorItem> ::= <EmailAddress>|<UniqueID>|<String>
 <CourseAlias> ::= <String>
 <CourseID> ::= <Number>|d:<CourseAlias>
 <CourseParticipantType> ::= teacher|teachers|student|students
 <CourseState> ::= active|archived|provisioned|declined
 <CrOSID> ::= <String>
-<CrOSItem> ::= <CrOSID>|(query:<QueryCrOS>)(query:orgunitpath:<OrgUnitPath>)
+<CrOSItem> ::= <CrOSID>|(query:<QueryCrOS>)|(query:orgunitpath:<OrgUnitPath>)
 <CustomerID> ::= <String>
 <DomainAlias> ::= <String>
 <DriveFileACLRole> :: =commenter|editor|organizer|owner|reader|writer
@@ -124,6 +166,7 @@ Named items
 <OrgUnitPath> ::= /|(/<String)+
 <ParameterKey> ::= <String>
 <ParameterValue> ::= <String>
+<Password> ::= <String>
 <PermissionID> ::= id:<String>|<EmailAddress>|anyone|anyonewithlink
 <PrinterID> ::= <String>
 <PrintJobAge> ::= <Number>[m|h|d]
@@ -407,11 +450,12 @@ Items, separated by commas, with spaces or commas in the items themselves: "'it
 Items, separated by spaces, with spaces or commas in the items themselves: "'it em'( 'it,em')*"
 
 <ACLList> ::== "<ACLScope>(,<ACLScope>)*"
+<ASPIDList> ::= "<ASPID>(,<ASPID>)*"
 <CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
 <CollaboratorItemList> ::= "<CollaboratorItem>(,<CollaboratorItem>)*"
 <CourseAliasList> ::= "<CourseAlias>(,<CourseAlias>)*"
-<CourseStateList> ::= "<CourseState>(,<CourseState>)*"
 <CourseIDList> ::= "<CourseID>(,<CourseID>)*"
+<CourseStateList> ::= "<CourseState>(,<CourseState>)*"
 <CrOSFieldNameList> ::= "<CrOSFieldName>(,<CrOSFieldName>)*"
 <CrOSList> ::= "<CrOSID>(,<CrOSID>)*"
 <DriveFileList> ::= "<DriveFileItem>(,<DriveFileItem>)*"
@@ -457,7 +501,6 @@ Specify a collection of Users by directly specifying them or by specifiying item
 		(license|licenses|licence|licences <SKUIDList>)|
 		(query <QueryUser>)
 
-
 Item attributes
 <CalendarAttributes> ::=
 	(selected <Boolean>)|(hidden <Boolean>)|(summary <String>)|(colorindex|colorid <CalendarColorIndex>)|(backgroundcolor <ColorHex>)|(foregroundcolor <ColorHex>)|
@@ -486,12 +529,12 @@ Item attributes
 <DriveFileAddAttributes> ::=
 	(localfile <FileName>)|
 	(convert)|(ocr)|(ocrlanguage <Language>)|(restricted|restrict)|(starred|star)|(trashed|trash)|(viewed|view)|
-	(lastviewedbyme <Time>)|(modifieddate|modifiedtime <Time>)|(description <String>)|(mimetype gdoc|gdocument|gdrawing|gfolder|gdirectory|gform|gfusion|gpresentation|gscript|gsite|gsheet|gspreadsheet)|
+	(lastviewedbyme <Time>)|(modifieddate|modifiedtime <Time>)|(description <String>)|(mimetype <MimeType>)|
 	(parentid <DriveFolderID>)|(parentname <FolderName>)|(anyownerparentname <FolderName>)|writerscantshare
 <DriveFileUpdateAttributes> ::=
 	(localfile <FileName>)|
 	(convert)|(ocr)|(ocrlanguage <Language>)|(restricted|restrict <Boolean>)|(starred|star <Boolean>)|(trashed|trash <Boolean>)|(viewed|view <Boolean>)|
-	(lastviewedbyme <Time>)|(modifieddate <Time>)|(description <String>)|(mimetype gdoc|gdocument|gdrawing|gfolder|gdirectory|gform|gfusion|gpresentation|gscript|gsite|gsheet|gspreadsheet)|
+	(lastviewedbyme <Time>)|(modifieddate <Time>)|(description <String>)|(mimetype <MimeType>)|
 	(parentid <DriveFolderID>)|(parentname <FolderName>)|(anyownerparentname <FolderName>)|writerscantshare
 <EventAttributes> ::=
 	(anyonecanaddself)|(guestscantinviteothers)|(guestscantseeothers)|(notifyattendees)|(available)|(visibility default|public|prvate)|(tentative)|
@@ -567,11 +610,11 @@ Item attributes
 	(organization clear|([type domain_only|school|unknown|work] [customtype <String>] [name <String>] [title <String>] [department <String>] [symbol <String>]
 		[costcenter <String>]  [location <String>] [description <String>] [domain <String>] notprimary|primary))|
 	(org|ou|orgunitpath <OrgUnitPath>)
-	(password random|<String>)|
+	(password random|<Password>)|
 	(phone clear|([type work|home|other|work_fax|home_fax|other_fax|main|company_main|assistant|mobile|work_mobile|pager|work_pager|car|radio|callback|isdn|telex|tty_tdd|grand_central|(custom <String>)]
 		[value <String>] notprimary|primary))|
 	(posix clear|(username <String> uid <Integer> gid <Integer> [system|systemid <String>] [home|homedirectory <String>] [shell <String>] [gecos <String>] [primary <Boolean>] endposix))|
-	(relation clear|(spouse|child|mother|father|parent|brother|sister|friend|relative|domestic_partner|manager|dotted-line_managerassistant|admin_assistant|exec_assistant|referred_by|partner|<String> <String>))|
+	(relation clear|(spouse|child|mother|father|parent|brother|sister|friend|relative|domestic_partner|manager|dotted-line_manager|assistant|admin_assistant|exec_assistant|referred_by|partner|<String> <String>))|
 	(sshkeys clear|(key <String> [expires <Integer>] endssh))|
 	(suspended <Boolean>)|
 	(website clear|(home_page|blog|profile|work|home|other|ftp|reservations|app_install_page|<String> <URL> [notprimary|primary]))|
@@ -671,6 +714,8 @@ gam update customer <CustomerAttributes>*
 
 gam info customer
 
+<DataTransferService> ::= googledrive|gdrive|drive|"drive and docs"|calendar
+
 gam create datatransfer|transfer <OldOwnerID> <DataTransferService> <NewOwnerID> (<ParameterKey> <ParameterValue>)*
 gam info datatransfer|transfer <TransferID>
 gam print datatransfers|transfers [todrive] [olduser|oldowner <UserItem>] [newuser|newowner <UserItem>] [status <String>]
@@ -872,7 +917,7 @@ gam undelete vaultmatter|matter <MatterItem>
 gam info vaultmatter|matter <MatterItem>
 gam print vaultmatters|matters [todrive] [basic|full]
 
-gam <UserTypeEntity> delete|del asp|asps|applicationspecificpasswords <AspID>
+gam <UserTypeEntity> delete|del asp|asps|applicationspecificpasswords all|<ASPIDList>
 gam <UserTypeEntity> show asps|asp|applicationspecificpasswords
 
 gam <UserTypeEntity> update backupcodes|backupcode|verificationcodes
@@ -899,7 +944,7 @@ gam <UserTypeEntity> show fileinfo <DriveFileID> [allfields|<DriveFieldName>*]
 gam <UserTypeEntity> show filerevisions <DriveFileID>
 gam <UserTypeEntity> show filetree [anyowner] (orderby <DriveOrderByFieldName> [ascending|descending])*
 
-gam <UserTypeEntity> add drivefile [drivefilename <DriveFileName>] <DriveFileAddAttributes>*
+gam <UserTypeEntity> create|add drivefile [drivefilename <DriveFileName>] <DriveFileAddAttributes>*
 gam <UserTypeEntity> update drivefile (id <DriveFileID)|(drivefilename <DriveFileName>)|(query <QueryDriveFile) [copy] [newfilename <DriveFileName>] <DriveFileUpdateAttributes>*
 gam <UserTypeEntity> get drivefile (id <DriveFileID>)|(drivefilename <DriveFileName>)|(query <QueryDriveFile>) [format <FileFormatList>] [targetfolder <FilePath>] [revision <Number>]
 gam <UserTypeEntity> delete|del drivefile <DriveFileID>|<DriveFileURL>|(query:<QueryDriveFile>) [purge|untrash]
@@ -907,18 +952,18 @@ gam <UserTypeEntity> transfer drive <UserItem> [keepuser]
 gam <UserTypeEntity> delete|del emptydrivefolders
 gam <UserTypeEntity> empty drivetrash
 
-gam <UserTypeEntity> add drivefileacl <DriveFileID> anyone|(user <UserItem>)|(group <GroupItem>)|(domain <DomainName>)
+gam <UserTypeEntity> create|add drivefileacl <DriveFileID> [asadmin] anyone|(user <UserItem>)|(group <GroupItem>)|(domain <DomainName>)
 	(role <DriveFileACLRole>) [withlink|discoverable] [expires <Time>] [sendemail] [emailmessage <String>]
-gam <UserTypeEntity> update drivefileacl <DriveFileID> <PermissionID>
+gam <UserTypeEntity> update drivefileacl <DriveFileID> <PermissionID> [asadmin]
 	(role <DriveFileACLRole>) [withlink|discoverable] [expires <Time>] [removeexpiration]
-gam <UserTypeEntity> delete|del drivefileacl <DriveFileID> <PermissionID>
-gam <UserTypeEntity> show drivefileacl <DriveFileID>
+gam <UserTypeEntity> delete|del drivefileacl <DriveFileID> <PermissionID> [asadmin]
+gam <UserTypeEntity> show drivefileacl <DriveFileID> [asadmin]
 
 gam <UserTypeEntity> delete|del alias|aliases
 
 gam <UserTypeEntity> delete|del group|groups
 
-gam <UserTypeEntity> add license <SKUID> [product|productid <ProductID>]
+gam <UserTypeEntity> create|add license <SKUID> [product|productid <ProductID>]
 gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID>
 gam <UserTypeEntity> delete|del license <SKUID> [product|productid <ProductID>]
 
@@ -938,7 +983,7 @@ gam <UserTypeEntity> update user <UserAttributes>
 
 gam <UserTypeEntity> deprovision|deprov
 
-gam <UserTypeEntity> [add] label|labels <Name> [messagelistvisibility hide|show] [labellistvisibility hide|show|showifunread]
+gam <UserTypeEntity> [create|add] label|labels <Name> [messagelistvisibility hide|show] [labellistvisibility hide|show|showifunread]
 gam <UserTypeEntity> update labelsettings <LabelName> [name <Name>] [messagelistvisibility hide|show] [labellistvisibility hide|show|showifunread]
 gam <UserTypeEntity> update label|labels [search <RegularExpression>] [replace <LabelReplacement>] [merge]
 gam <UserTypeEntity> delete|del label|labels <LabelName>|regex:<RegularExpression>|--ALL_LABELS--
@@ -952,13 +997,13 @@ gam <UserTypeEntity> untrash messages query <QueryGmail> [doit] [max_to_untrash|
 gam <UserTypeEntity> show gmailprofile [todrive]
 gam <UserTypeEntity> show gplusprofile [todrive]
 
-gam <UserTypeEntity> add delegate|delegates <EmailAddress>
+gam <UserTypeEntity> create|add delegate|delegates <EmailAddress>
 gam <UserTypeEntity> delegate|delegates to <EmailAddress>
 gam <UserTypeEntity> delete|del delegate|delegates <EmailAddress>
 gam <UserTypeEntity> show delegates|delegate [csv]
 gam <UserTypeEntity> print delegates [todrive]
 
-gam <UserTypeEntity> [add] filter [from <EmailAddress>] [to <EmailAddress>] [subject <String>] [haswords|query <List>] [nowords|negatedquery <List>] [musthaveattachment|hasattachment] [excludechats] [size larger|smaller <ByteCount>]
+gam <UserTypeEntity> [create|add] filter [from <EmailAddress>] [to <EmailAddress>] [subject <String>] [haswords|query <List>] [nowords|negatedquery <List>] [musthaveattachment|hasattachment] [excludechats] [size larger|smaller <ByteCount>]
 	[label <LabelID>] [important|notimportant] [star] [trash] [markread] [archive] [neverspam] [forward <EmailAddress>]
 gam <UserTypeEntity> delete filters <FilterIDEntity>
 gam <UserTypeEntity> show filters
@@ -970,7 +1015,7 @@ gam <UserTypeEntity> forward <TrueValues> keep|leaveininbox|archive|delete|trash
 gam <UserTypeEntity> show forward
 gam <UserTypeEntity> print forward [todrive]
 
-gam <UserTypeEntity> add forwardingaddress|forwardingaddresses <EmailAddress>
+gam <UserTypeEntity> create|add forwardingaddress|forwardingaddresses <EmailAddress>
 gam <UserTypeEntity> delete forwardingaddress|forwardingaddresses <EmailAddress>
 gam <UserTypeEntity> show forwardingaddress|forwardingaddresses
 gam <UserTypeEntity> info forwardingaddress|forwardingaddresses <EmailAddress>
@@ -982,14 +1027,14 @@ gam <UserTypeEntity> show imap|imap4
 gam <UserTypeEntity> pop|pop3 <Boolean> [for allmail|newmail|mailfromnowon|fromnowown] [action keep|leaveininbox|archive|delete|trash|markread]
 gam <UserTypeEntity> show pop|pop3
 
-gam <UserTypeEntity> [add] sendas <EmailAddress> <Name> [signature|sig <String>|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)*] [html] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
+gam <UserTypeEntity> [create|add] sendas <EmailAddress> <Name> [signature|sig <String>|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)*] [html] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
 gam <UserTypeEntity> update sendas <EmailAddress> [name <Name>] [signature|sig <String>|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)*] [html] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
 gam <UserTypeEntity> delete sendas <EmailAddress>
 gam <UserTypeEntity> show sendas [format]
 gam <UserTypeEntity> info sendas <EmailAddress> [format]
 gam <UserTypeEntity> print sendas [todrive]
 
-gam <UserTypeEntity> add smime file <FileName> [password <Password>] [sendas|sendasemail <EmailAddress>] [default]
+gam <UserTypeEntity> create|add smime file <FileName> [password <Password>] [sendas|sendasemail <EmailAddress>] [default]
 gam <UserTypeEntity> update smime [id <S/MIMEID>] [sendas|sendasemail <EmailAddress>] [default]
 gam <UserTypeEntity> delete smime [id <S/MIMEID>] [sendas|sendasemail <EmailAddress>]
 gam <UserTypeEntity> show smime [primaryonly]
@@ -998,11 +1043,13 @@ gam <UserTypeEntity> print smime [todrive] [primaryonly]
 gam <UserTypeEntity> signature|sig <String>|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)* [html] [name <String>] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
 gam <UserTypeEntity> show signature|sig [format]
 
-gam <UserTypeEntity> add teamdrive <Name>
-gam <UserTypeEntity> update teamdrive <TeamDriveID> [name <Name>]
+gam <UserTypeEntity> create|add teamdrive <Name>
+gam <UserTypeEntity> update teamdrive <TeamDriveID> [name <Name>] [(theme|themeid <String>) | ([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])]
 gam <UserTypeEntity> delete teamdrive <TeamDriveID>
-gam <UserTypeEntity> show teamdrives
-gam <UserTypeEntity> print teamdrives [todrive]
+gam <UserTypeEntity> show teamdriveinfo <TeamDriveID> [asadmin]
+gam <UserTypeEntity> show teamdrives [asadmin]
+gam <UserTypeEntity> print teamdrives [todrive] [asadmin]
+gam <UserTypeEntity> show teamdrivethemes
 
 gam <UserTypeEntity> vacation <FalseValues>
 gam <UserTypeEntity> vacation <TrueValues> subject <String> (message <String>)|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)* [html]
diff --git a/src/gam.py b/src/gam.py
index 37a7c9c6..09e16c63 100755
--- a/src/gam.py
+++ b/src/gam.py
@@ -3877,8 +3877,8 @@ def showDriveFileACL(users):
     if not drive:
       continue
     feed = callGAPIpages(drive.permissions(), u'list', u'permissions',
-        fileId=fileId, fields=u'*', supportsTeamDrives=True,
-        useDomainAdminAccess=useDomainAdminAccess)
+                         fileId=fileId, fields=u'*', supportsTeamDrives=True,
+                         useDomainAdminAccess=useDomainAdminAccess)
     for permission in feed:
       printPermission(permission)
       print u''
@@ -3916,8 +3916,8 @@ def delDriveFileACL(users):
       continue
     print u'Removing permission for %s from %s' % (permissionId, fileId)
     callGAPI(drive.permissions(), u'delete', fileId=fileId,
-        permissionId=permissionId, supportsTeamDrives=True,
-        useDomainAdminAccess=useDomainAdminAccess)
+             permissionId=permissionId, supportsTeamDrives=True,
+             useDomainAdminAccess=useDomainAdminAccess)
 
 def addDriveFileACL(users):
   fileId = sys.argv[5]
@@ -7318,7 +7318,7 @@ def doGetTeamDriveInfo(users):
       print u'Failed to access Drive as %s' % user
       continue
     result = callGAPI(drive.teamdrives(), u'get', teamDriveId=teamDriveId,
-        useDomainAdminAccess=useDomainAdminAccess, fields=u'*')
+                      useDomainAdminAccess=useDomainAdminAccess, fields=u'*')
     print_json(None, result)
 
 def doCreateTeamDrive(users):
@@ -7330,7 +7330,6 @@ def doCreateTeamDrive(users):
       i += 2
     else:
       print u'ERROR: %s is not a valid argument to "gam <users> create teamdrive"' % sys.argv[i]
-      print sys.argv
       sys.exit(3)
   for user in users:
     drive = buildGAPIServiceObject(u'drive3', user)
@@ -7404,8 +7403,8 @@ def printShowTeamDrives(users, csvFormat):
     if not drive:
       continue
     results = callGAPIpages(drive.teamdrives(), u'list', u'teamDrives',
-        useDomainAdminAccess=useDomainAdminAccess, fields=u'*',
-        q=q, soft_errors=True)
+                            useDomainAdminAccess=useDomainAdminAccess, fields=u'*',
+                            q=q, soft_errors=True)
     if not results:
       continue
     for td in results:
@@ -9464,14 +9463,16 @@ def doGetASPs(users):
 
 def doDelASP(users):
   cd = buildGAPIObject(u'directory')
-  codeIds = sys.argv[5].lower().split(u',')
+  codeIdList = sys.argv[5].lower()
+  if codeIdList == u'all':
+    allCodeIds = True
+  else:
+    allCodeIds = False
+    codeIds = codeIdList.replace(u',', u' ').split()
   for user in users:
-    if codeIds == [u'all']:
-      codeIds = []
-      asps = callGAPIitems(cd.asps(), u'list', u'items', userKey=user)
-      if asps:
-        for asp in asps:
-          codeIds.append(asp[u'codeId'])
+    if allCodeIds:
+      asps = callGAPIitems(cd.asps(), u'list', u'items', userKey=user, fields=u'items/codeId')
+      codeIds = [asp[u'codeId'] for asp in asps]
     for codeId in codeIds:
       callGAPI(cd.asps(), u'delete', userKey=user, codeId=codeId)
       print u'deleted ASP %s for %s' % (codeId, user)
@@ -9923,7 +9924,7 @@ USER_ARGUMENT_TO_PROPERTY_MAP = {
   u'lastlogintime': [u'lastLoginTime',],
   u'lastname': [u'name.familyName',],
   u'location': [u'locations',],
-  u'locations': [u'locations'],
+  u'locations': [u'locations',],
   u'name': [u'name.givenName', u'name.familyName', u'name.fullName',],
   u'nicknames': [u'aliases', u'nonEditableAliases',],
   u'noneditablealiases': [u'aliases', u'nonEditableAliases',],
@@ -10741,8 +10742,7 @@ def doPrintCrosActivity():
   startDate = endDate = None
   listLimit = 0
   delimiter = u','
-  query = None
-  orgUnitPath = None
+  query = orgUnitPath = None
   i = 3
   while i < len(sys.argv):
     myarg = sys.argv[i].lower().replace(u'_', u'')
@@ -11273,7 +11273,7 @@ def getUsersToModify(entity_type=None, entity=None, silent=False, member_type=No
     for user in users:
       if user[:4] == u'uid:':
         full_users.append(user[4:])
-      elif user != u'*' and user.find(u'@') == -1:
+      elif user != u'*' and user != GC_Values[GC_CUSTOMER_ID] and user.find(u'@') == -1:
         full_users.append(u'%s@%s' % (user, GC_Values[GC_DOMAIN]))
       else:
         full_users.append(user)
@@ -12320,7 +12320,7 @@ def ProcessGAMCommand(args):
       elif addWhat == u'teamdrive':
         doCreateTeamDrive(users)
       else:
-        print u'ERROR: %s is not a valid argument for "gam <users> add"' % addWhat
+        print u'ERROR: %s is not a valid argument for "gam <users> %s"' % (addWhat, command)
         sys.exit(2)
     elif command == u'update':
       updateWhat = sys.argv[4].lower()

From eb4b8479f3c7ac4ab6481de1eec3df605616db68 Mon Sep 17 00:00:00 2001
From: Ross Scroggs <taers232c@users.noreply.github.com>
Date: Wed, 6 Dec 2017 16:09:21 -0800
Subject: [PATCH 3/3] Minor cleanups (#636)

* Minor cleanups

In print users allow actual field names isenforcedin2sv and isenrolledin2sv

In print users, add delimiter and sortheaders options

In print groups, add sortheaders option

* Fixed bug in gam oauth create where entering `e` to exit without changes didn't exit.
---
 src/GamCommands.txt |  9 ++++++---
 src/gam.py          | 26 ++++++++++++++++++--------
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/src/GamCommands.txt b/src/GamCommands.txt
index db4913dd..3fc1dc1e 100644
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -422,8 +422,8 @@ Named items
 	ipwhitelisted|
 	isdelegatedadmin|admin|isadmin|
 	ismailboxsetup|
-	is2svenforced|
-	is2svenrolled|
+	isenforcedin2sv|is2svenforced|
+	isenrolledin2sv|is2svenrolled|
 	lastlogintime|
 	locations|location|
 	noneditablealiases|aliases|nicknames|
@@ -468,6 +468,7 @@ Items, separated by spaces, with spaces or commas in the items themselves: "'it
 <GroupList> ::= "<GroupItem>(,<GroupItem>)*"
 <GuardianStateList> ::= "<GuardianState>(,<GuardianState>)*"
 <LabelNameList> ::= "<LabelName>(,<LabelName)*"
+<LanguageList> ::= "<Language>(,<Language)*"
 <MatterItemList> ::= "<MatterItem>(,<MatterItem>)*"
 <MembersFieldNameList> ::= "<MembersFieldName>(,<MembersFieldName>)*"
 <MobileList> ::= "<MobileId>(,<MobileId>)*"
@@ -802,8 +803,9 @@ gam delete group <GroupItem>
 gam info group <GroupItem> [nousers] [noaliases] [groups]
 
 gam print groups [todrive] ([domain <DomainName>] [member <UserItem>])
-	[maxresults <Number>] [allfields|([settings] <GroupFieldName>* [fields <GroupFieldNameList>])] [delimiter <Character>]
+	[maxresults <Number>] [allfields|([settings] <GroupFieldName>* [fields <GroupFieldNameList>])]
 	[members|memberscount] [managers|managerscount] [owners|ownerscount]
+	[delimiter <Character>] [sortheaders]
 
 gam print group-members|groups-members [todrive] ([domain <DomainName>] [member <UserItem>])|[group <GroupItem>]
 	[membernames] [fields <MembersFieldNameList>]
@@ -837,6 +839,7 @@ gam print users [todrive] ([domain <DomainName>] [query <QueryUser>] [deleted_on
 	[groups] [license|licenses|licence|licences] [emailpart|emailparts|username]
 	[orderby <UserOrderByFieldName> [ascending|descending]] [userview]
 	[allfields|basic|full | ((<UserFieldName>* | fields <UserFieldNameList>) [schemas|custom all|<SchemaNameList>])]
+	[delimiter <Character>] [sortheaders]
 gam <UserTypeEntity> print
 
 Summary of printing:
diff --git a/src/gam.py b/src/gam.py
index 09e16c63..36cf9783 100755
--- a/src/gam.py
+++ b/src/gam.py
@@ -9918,6 +9918,8 @@ USER_ARGUMENT_TO_PROPERTY_MAP = {
   u'ipwhitelisted': [u'ipWhitelisted',],
   u'isadmin': [u'isAdmin', u'isDelegatedAdmin',],
   u'isdelegatedadmin': [u'isAdmin', u'isDelegatedAdmin',],
+  u'isenforcedin2sv': [u'isEnforcedIn2Sv',],
+  u'isenrolledin2sv': [u'isEnrolledIn2Sv',],
   u'is2svenforced': [u'isEnforcedIn2Sv',],
   u'is2svenrolled': [u'isEnrolledIn2Sv',],
   u'ismailboxsetup': [u'isMailboxSetup',],
@@ -9971,6 +9973,8 @@ def doPrintUsers():
   customFieldMask = None
   sortHeaders = getGroupFeed = getLicenseFeed = email_parts = False
   viewType = deleted_only = orderBy = sortOrder = None
+  groupDelimiter = u' '
+  licenseDelimiter = u','
   i = 3
   while i < len(sys.argv):
     myarg = sys.argv[i].lower().replace(u'_', u'')
@@ -9984,6 +9988,12 @@ def doPrintUsers():
       sortHeaders = True
       fieldsList = []
       i += 1
+    elif myarg == u'delimiter':
+      groupDelimiter = licenseDelimiter = sys.argv[i+1]
+      i += 2
+    elif myarg == u'sortheaders':
+      sortHeaders = True
+      i += 1
     elif myarg in [u'custom', u'schemas']:
       fieldsList.append(u'customSchemas')
       if sys.argv[i+1].lower() == u'all':
@@ -10079,12 +10089,7 @@ def doPrintUsers():
       user_email = user[u'primaryEmail']
       sys.stderr.write(u"Getting Group Membership for %s (%s/%s)\r\n" % (user_email, user_count, total_users))
       groups = callGAPIpages(cd.groups(), u'list', u'groups', userKey=user_email)
-      grouplist = u''
-      for groupname in groups:
-        grouplist += groupname[u'email']+u' '
-      if grouplist[-1:] == u' ':
-        grouplist = grouplist[:-1]
-      user.update(Groups=grouplist)
+      user[u'Groups'] = groupDelimiter.join([groupname[u'email'] for groupname in groups])
       user_count += 1
   if getLicenseFeed:
     titles.append(u'Licenses')
@@ -10093,7 +10098,7 @@ def doPrintUsers():
       for user in csvRows:
         u_licenses = licenses.get(user[u'primaryEmail'].lower())
         if u_licenses:
-          user[u'Licenses'] = u','.join([_skuIdToDisplayName(skuId) for skuId in u_licenses])
+          user[u'Licenses'] = licenseDelimiter.join([_skuIdToDisplayName(skuId) for skuId in u_licenses])
   writeCSVfile(csvRows, titles, u'Users', todrive)
 
 GROUP_ARGUMENT_TO_PROPERTY_TITLE_MAP = {
@@ -10188,6 +10193,9 @@ def doPrintGroups():
       for field in GROUP_ARGUMENT_TO_PROPERTY_TITLE_MAP:
         addFieldTitleToCSVfile(field, GROUP_ARGUMENT_TO_PROPERTY_TITLE_MAP, cdfieldsList, fieldsTitles, titles)
       i += 1
+    elif myarg == u'sortheaders':
+      sortHeaders = True
+      i += 1
     elif myarg == u'fields':
       fieldNameList = sys.argv[i+1]
       for field in fieldNameList.lower().replace(u',', u' ').split():
@@ -11331,6 +11339,8 @@ def doRequestOAuth(login_hint=None):
     http = httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL])
     flags = cmd_flags(noLocalWebserver=GC_Values[GC_NO_BROWSER])
     scopes = getScopesFromUser()
+    if scopes is None:
+      return
     client_id, client_secret = getOAuthClientIDAndSecret()
     login_hint = getValidateLoginHint(login_hint)
     flow = oauth2client.client.OAuth2WebServerFlow(client_id=client_id,
@@ -11551,7 +11561,7 @@ def getScopesFromUser():
             for i in range(num_scopes):
               selected_scopes[i] = u' '
           elif selection == u'e':
-            return
+            return None
           break
         sys.stdout.write(u'{0}Invalid input "{1}"\n'.format(ERROR_PREFIX, choice))
     if selection == u'c':