MacOS swig: it's here/it's not

Fix Windows build, cleanup
Disable Chat Admin APIs
2026-06-21 14:41:37 +00:00 · 2024-05-26 17:35:09 -07:00 · 2024-05-26 16:21:06 -07:00 · 2024-05-25 09:36:34 -07:00 · 2024-05-25 09:02:10 -07:00 · 2024-05-25 08:35:11 -07:00
40 changed files with 1722 additions and 422 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,6 +9,7 @@ on:
 permissions:
  contents: read
  id-token: write
+  attestations: write

 defaults:
  run:
@@ -34,13 +35,11 @@ jobs:
            goal: build
            arch: x86_64
            openssl_archs: linux-x86_64
-            fullGamTest: yes
          - os: [self-hosted, linux, arm64]
            jid: 2
            goal: build
            arch: aarch64
            openssl_archs: linux-aarch64
-            fullGamTest: yes
          - os: ubuntu-20.04
            jid: 3
            goal: build
@@ -58,13 +57,11 @@ jobs:
            goal: build
            arch: x86_64
            openssl_archs: darwin64-x86_64
-            fullGamTest: yes
          - os: macos-14
            jid: 6
            goal: build
            arch: aarch64
            openssl_archs: darwin64-arm64
-            fullGamTest: yes
          - os: macos-14
            jid: 7
            goal: build
@@ -75,7 +72,6 @@ jobs:
            goal: build
            arch: Win64
            openssl_archs: VC-WIN64A
-            fullGamTest: yes
          - os: ubuntu-22.04
            goal: test
            python: "3.8"
@@ -118,7 +114,7 @@ jobs:
        with:
          path: |
            cache.tar.xz
-          key: gam-${{ matrix.jid }}-20240210
+          key: gam-${{ matrix.jid }}-20240526

      - name: Untar Cache archive
        if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -199,8 +195,9 @@ jobs:
          bash ./rust.sh -y
          source $HOME/.cargo/env
          # Install needed packages
-          brew update
-          brew install gpg swig
+          # brew update
+          # brew install gpg
+          brew install swig

      - name: Windows Configure VCode
        uses: ilammy/msvc-dev-cmd@v1
@@ -222,12 +219,6 @@ jobs:
            GAM_ARCHIVE_ARCH="x86_64"
            WIX_ARCH="x64"
            CHOC_OPS=""
-          elif [[ "${arch}" == "Win32" ]]; then
-            PYEXTERNALS_PATH="win32"
-            PYBUILDRELEASE_ARCH="Win32"
-            GAM_ARCHIVE_ARCH="x86"
-            WIX_ARCH="x86"
-            CHOC_OPS="--forcex86"
          fi
          if [[ "${RUNNER_OS}" == "macOS" ]]; then
            MAKE=make
@@ -497,22 +488,20 @@ jobs:
          cd pyinstaller
          export latest_release=$(git tag --list | grep -v dev | grep -v rc | sort -Vr | head -n1)
          #V6.0.0 causes errors on staticx
-          if [[ "${staticx}" == "yes" ]]; then
-            git checkout "v5.13.2"
-          elif [[ "${RUNNER_OS}" == "Windows" ]]; then
-            git checkout "v5.13.2"
-          elif [[ "${RUNNER_OS}" == "macOS" ]]; then
-            git checkout "v5.13.2"
-          else
-            git checkout "${latest_release}"
-          fi
+          #if [[ "${staticx}" == "yes" ]]; then
+          #  git checkout "v5.13.2"
+          #elif [[ "${RUNNER_OS}" == "Windows" ]]; then
+          #  git checkout "v5.13.2"
+          #elif [[ "${RUNNER_OS}" == "macOS" ]]; then
+          #  git checkout "v5.13.2"
+          #else
+          git checkout "${latest_release}"
+          #fi
          # remove pre-compiled bootloaders so we fail if bootloader compile fails
          rm -rvf PyInstaller/bootloader/*-*/*
          cd bootloader
+          export PYINSTALLER_BUILD_ARGS=""
          case "${arch}" in
-            "Win32")
-              export PYINSTALLER_BUILD_ARGS="--target-arch=32bit"
-              ;;
            "Win64")
              export PYINSTALLER_BUILD_ARGS="--target-arch=64bit"
              ;;
@@ -539,20 +528,31 @@ jobs:
          elif [[ "${RUNNER_OS}" == "Windows" ]]; then
            # Work around issue where PyInstaller picks up python3.dll from other Python versions
            # https://github.com/pyinstaller/pyinstaller/issues/7102
-            export PATH="/usr/bin"
+            export PATH="$(dirname ${PYTHON}):/usr/bin"
          else
            export gampath=$(realpath "${gampath}")
          fi
          export gam="${gampath}/gam"
          echo "gampath=${gampath}" >> $GITHUB_ENV
-          echo "gam=${gam}" >> $GITHUB_ENV
-          echo -e "GAM: ${gam}\nGAMPATH: ${gampath}"
          # TEMP force everything back to one file.
          export PYINSTALLER_BUILD_ONEFILE="yes"
          export distpath="./dist/gam"
          export gampath="${distpath}"
          "${PYTHON}" -m PyInstaller --clean --noconfirm --distpath="${distpath}" gam.spec
          cat build/gam/warn-gam.txt
+          if [ -x "$(command -v realpath)" ]; then
+               realpath=realpath
+             else
+               brew install coreutils
+               realpath=grealpath
+             fi
+          export gam=$(realpath "$gam")
+          if [[ "${RUNNER_OS}" == "Windows" ]]; then
+            export gam=$(cygpath -w "$gam")
+            echo "GAM on Windows at ${gam}"
+          fi
+          echo "gam=${gam}" >> $GITHUB_ENV
+          echo -e "GAM: ${gam}\nGAMPATH: ${gampath}"

      - name: Copy extra package files
        if: matrix.goal == 'build'
@@ -596,19 +596,26 @@ jobs:
          echo "GAM Version ${GAMVERSION}"
          echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV

+      - name: Attest Binary Provenance
+        uses: actions/attest-build-provenance@v1
+        if: matrix.goal == 'build'
+        with:
+          subject-path: ${{ env.gam }}
+
      - name: Linux/MacOS package
        if: runner.os != 'Windows' && matrix.goal == 'build'
        run: |
          if [[ "${RUNNER_OS}" == "macOS" ]]; then
-              GAM_ARCHIVE="gam-${GAMVERSION}-macos-${arch}.tar.xz"
+            GAM_ARCHIVE="gam-${GAMVERSION}-macos-${arch}.tar.xz"
          elif [[ "${RUNNER_OS}" == "Linux" ]]; then
-              if [[ "${staticx}" == "yes" ]]; then
-                libver="legacy"
-              else
-                libver="glibc$(ldd --version | awk '/ldd/{print $NF}')"
-              fi
-              GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(arch)-${libver}.tar.xz"
+            if [[ "${staticx}" == "yes" ]]; then
+              libver="legacy"
+            else
+              libver="glibc$(ldd --version | awk '/ldd/{print $NF}')"
+            fi
+            GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(arch)-${libver}.tar.xz"
          fi
+          echo "GAM Archive ${GAM_ARCHIVE}"
          tar -C dist/ --create --verbose --exclude-from "${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" --file $GAM_ARCHIVE --xz gam

      - name: Windows package
@@ -643,7 +650,7 @@ jobs:
          echo "We successfully compiled Python ${this_python} and OpenSSL ${this_openssl}"

      - name: Live API tests push only
-        if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.fullGamTest == 'yes'
+        if: (github.event_name == 'push' || github.event_name == 'schedule')
        env:
          PASSCODE: ${{ secrets.PASSCODE }}
        run: |
@@ -730,7 +737,7 @@ jobs:
          $gam info group $newgroup
          $gam info cigroup $newgroup membertree
          # confirm mailbox is provisoned before continuing
-          $gam user $newuser waitformailbox
+          $gam user $newuser waitformailbox retries 20
          $gam user $newuser imap on
          $gam user $newuser show imap
          $gam user $newuser show delegates
@@ -744,7 +751,7 @@ jobs:
          $gam user $gam_user insertemail subject "GHA insert $newbase" file gam.py labels INBOX,UNREAD # yep body is gam code
          $gam user $gam_user sendemail subject "GHA send $gam_user $newbase" file gam.py recipient admin@pdl.jaylee.us
          $gam user $gam_user draftemail subject "GHA draft $newbase" message "Draft message test"
-          $gam csvfile sample.csv:email waitformailbox
+          $gam csvfile sample.csv:email waitformailbox retries 20
          $gam user $newuser delegate to "${newbase}-bulkuser-1" || if [ $? != 50 ]; then exit $?; fi # expect a 50 return code (delegation failed)
          $gam users "$gam_user $newbase-bulkuser-1 $newbase-bulkuser-2 $newbase-bulkuser-3" delete messages query in:anywhere maxtodelete 99999 doit || if [ $? != 60 ]; then exit $?; fi # expect a 60 return code (no messages)
          $gam users "$newbase-bulkuser-4 $newbase-bulkuser-5 $newbase-bulkuser-6" trash messages query in:anywhere maxtotrash 99999 doit || if [ $? != 60 ]; then exit $?; fi # expect a 60 return code (no messages)
@@ -852,15 +859,24 @@ jobs:
          fi
          tar cJvvf cache.tar.xz $tar_folders

+      - name: Attest Build Archive Provenance
+        uses: actions/attest-build-provenance@v1
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal == 'build'
+        with:
+          subject-path: |
+            src/gam*.tar.xz
+            src/gam*.zip
+            src/gam*.msi
+
      - name: Archive production artifacts
        uses: actions/upload-artifact@v4
        if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal != 'test'
        with:
          name: gam-binaries-${{ env.GAMOS }}-${{ env.arch }}-${{ matrix.jid }}
          path: |
-            src/*.tar.xz
-            src/*.zip
-            src/*.msi
+            src/gam*.tar.xz
+            src/gam*.zip
+            src/gam*.msi

  merge:
    if: (github.event_name == 'push' || github.event_name == 'schedule')
@@ -876,11 +892,6 @@ jobs:
          name: gam-binaries
          pattern: gam-binaries-*

-#      - name: Delete Artifacts
-#        uses: geekyeggo/delete-artifact@v4
-#        with:
-#          name: gam-binaries-*
-
  publish:
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
--- a/docs/Authorization.md
+++ b/docs/Authorization.md
@@ -7,6 +7,7 @@
 - [Definitions](#definitions)
 - [Manage Projects](#manage-projects)
  - [Authorize a super admin to create projects](#authorize-a-super-admin-to-create-projects)
+  - [Authorize Service Account Key Uploads](#authorize-service-account-key-uploads)
  - [Authorize GAM to create projects](#authorize-gam-to-create-projects)
  - [Create a new GCP project folder](#create-a-new-gcp-project-folder)
  - [Create a new project for GAM authorization](#create-a-new-project-for-gam-authorization)
@@ -30,6 +31,7 @@
  - [Update an existing Service Account key](#update-an-existing-service-account-key)
  - [Replace all existing Service Account keys](#replace-all-existing-service-account-keys)
  - [Delete Service Account keys](#delete-service-account-keys)
+  - [Upload a Service Account key to a service account with no keys](#upload-a-service-account-key-to-a-service-account-with-no-keys)
  - [Display Service Account keys](#display-service-account-keys)
 - [Manage Service Account access](#manage-service-account-access)
  - [Full Service Account access](#full-service-account-access)
@@ -116,6 +118,7 @@ Verify whether the super admin you'll be using is in an OU where reauthenticatio

 Additional steps may be required if errors are encountered.
 * [Authorize a super admin to create projects](#authorize-a-super-admin-to-create-projects)
+* [Authorize Service Account Key Uploads](#authorize-service-account-key-uploads)
 * [Authorize GAM to create projects](#authorize-gam-to-create-projects)

 ## Headless computers and Cloud Shells
@@ -203,8 +206,51 @@ perform these steps and then retry the create project command.
 * Click in the Select a role box
 * Type project creator in the Filter box
 * Click Project Creator
+* Click + Add Another Role
+* Type organization policy administrator in the Filter box
+* Click Orgainzation Policy Administrator
 * Click Save

+## Authorize Service Account Key Uploads
+
+If you try to create a project and get an error saying that Constraint `constraints/iam.disableServiceAccountKeyUpload violated for service account projects/gam-project-xxx`,
+perform these steps and then you should be able to authorize and use your project.
+
+* Login as an existing super admin at console.cloud.google.com
+* In the upper left click the three lines to the left of Google Cloud and select IAM & Admin
+* Under IAM & Admin select IAM
+* Click the down arrow in the box to the right of Google Cloud
+* Click the three dots at the right and select IAM/Permissions
+* Now you should be at "Permissions for organization ..."
+* Click on Grant Access
+* Enter the new admin address in Principals
+* Click in the Select a role box
+* Type orgpolicy.policies.update in the Filter box
+* Click Organization Policy Administrator
+* Click Save
+* In the upper left click the three lines to the left of Google Cloud and select IAM & Admin
+* Under IAM & Admin select IAM
+* Click the down arrow in the box to the right of Google Cloud
+* Click the three dots at the right and select Manage Resources
+* Click the three dots and the end of the line for the GAM project just created
+* Click Settings
+* Click Organization Policies in the left column
+* Now you should be at "Policies for Gam Project"
+* Click in the Filter box
+* Enter iam.disableServiceAccountKeyUpload
+* Click the three dots at the end of the Disable Service Account Key Upload
+* Choose Edit policy
+* Click Override parent's policy
+* Click Add A Rule
+* Select Enforcement/Off
+* Click Done
+* Click Set Policy
+
+Wait a couple of minutes for the policy updates to complete and then do the following to upload the service account key:
+```
+gam upload sakey [admin <EmailAddress>]
+```
+
 ## Authorize GAM to create projects
 If you try to create a project and get an error saying "This app has been blocked on your domain for either being
 insecure or non-edutational"; you'll have to mark the GAM Project Creation app as trusted.
@@ -269,6 +315,9 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
        [projectname <ProjectName>] [parent <String>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 ```
 * `admin <EmailAddress>` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address
 * `appname <String>` - Application name, defaults to `GAM`
@@ -280,6 +329,8 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
 * `sadisplayname <ServiceAccountDisplayName>` - Service account display name
 * `sadescription <ServiceAccountDescription>` - Service account description

+You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys)
+
 ## Use an existing project for GAM authorization
 Use an existing project to create and download two files: `client_secrets.json` for the Client and `oauth2service.json` for the Service Account.

@@ -289,8 +340,11 @@ Use an existing project to create and download two files: `client_secrets.json`
 * `<ServiceAccountDescription>` - `<ServiceAccountDisplayName>`

 ### Basic
-Use an existing project with default values for the service account. This is typically used when
-the system administrators have created a basic project and you now want to configure it as a GAM project.
+Use an existing uninitialized/uncredentialed project and configure it to be a GAM project; this typically used when
+the GCP  administrators have created a basic project because project creation is not available for most users.
+
+See Jay's notes about how to do this: https://github.com/GAM-team/GAM/wiki/GAM-with--minimal-GCP-rights
+
 ```
 gam use project [<EmailAddress>] [project <ProjectID>]
 ```
@@ -305,6 +359,9 @@ can not be re-downloaded.
 gam use project [admin <EmailAddress>] [project <ProjectID>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 ```
 * `admin <EmailAddress>` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address
 * `project <ProjectID>` - An existing Google project ID; if omitted, you will be prompted for the ID
@@ -312,6 +369,8 @@ gam use project [admin <EmailAddress>] [project <ProjectID>]
 * `sadisplayname <ServiceAccountDisplayName>` - Service account display name
 * `sadescription <ServiceAccountDescription>` - Service account description

+You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys)
+
 ## Update an existing project for GAM authorization
 This command is used when GAM has added new capabilities that require additional APIs to be added to your project.
 ```
@@ -649,6 +708,9 @@ file or define a new section in `gam.cfg` that references a different `oauth2ser
 gam create|add svcacct [[admin] <EmailAddress>] [<ProjectIDEntity>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 ```
 * `<EmailAddress>` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address

@@ -663,6 +725,8 @@ Use these options to select user-specified values..
 * `sadisplayname <ServiceAccountDisplayName>` - Service account display name
 * `sadescription <ServiceAccountDescription>` - Service account description

+You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys)
+
 After adding an additional service account, you can select specific access APIs for it.
 [Selective Service Account access](#selective-service-account-access)

@@ -719,6 +783,7 @@ There are several methods for generating private keys:
 * `localkeysize 1024` - Gam generates a 1024 bit key; this is not recommended
 * `localkeysize 2048` - Gam generates a 2048 bit key; this is the default
 * `localkeysize 4096` - Gam generates a 4096 bit key
+* `yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]` - [Using GAMADV-XTD3 with a YubiKey](Using-GAMADV-XTD3-with-a-YubiKey)

 When `localkeysize` is specified, the optional argument `validityhours <Number>` sets the length of time during which the key will be valid and should be used when the [GCP constraints/iam.serviceAccountKeyExpiryHours organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts#limit_key_expiry) is in use. Note that in order to account for system clock skew, GAM sets the key to be valid two minutes earlier than the current system time and thus it will also expire two minutes earlier.

@@ -744,16 +809,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga
 ```
 gam create sakey
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey retain_existing
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 ```
 To distribute `oauth2service.json` files with unique private keys perform the following steps:
 ```
@@ -774,16 +835,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga
 ```
 gam update sakey
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey replace_existing
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 ```
 ## Replace all existing Service Account keys
 Create a new Service Account private key; all existing private keys are revoked.
@@ -797,16 +854,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga
 ```
 gam replace sakeys
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakeys retain_none
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 ```
 ## Delete Service Account keys
 You can delete Service Accounts keys thus revoking access for that key. Generally, you will
@@ -814,10 +867,24 @@ delete a service account key for a distributed copy of an `oauth2service.json` f
 that user's service account access.

 You can disable your current Service Account key if you specify the `doit` argument. This is your
-acknowledgement that you will have to manually create a new Service Account key in the Developer's Console.
+acknowledgement that you will have to manually create a new Service Account key in the Developer's Console
+or upload a new key with the `gam upload sakey` command.
 ```
 gam delete sakeys <ServiceAccountKeyList>+ [doit]
 ```
+## Upload a Service Account key to a service account with no keys
+There are two cases where you will use this command:
+* Your workspace is configured to disable service account private key uploads and you are creating a project.
+* All of your service account keys have been deleted, either manually or with the `gam delete sakeys` command.
+
+The `oauth2service.json` file is updated with the new private key. If you had previously distributed
+any `oauth2service.json` file to other users, you must redistribute the updated file with the new key.
+```
+gam upload sakey [admin <EmailAddress>]
+        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
+```
 ## Display Service Account keys
 There are system keys and user keys; user keys are what Gam uses; GCP uses system keys.

--- a/docs/Bulk-Processing.md
+++ b/docs/Bulk-Processing.md
@@ -42,6 +42,7 @@ Batch files can contain the following types of lines:
  * GAM prints \<String\> and waits for the user to press any key
  * GAM continues
 * sleep \<Integer\> - Batch processing will suspend for \<Integer\> seconds before the next command line is processed
+  * To be effective, this should immediately follow commit-batch
 * print \<String\> - Print \<String\> on stderr
 * set \<KeywordString\> \<ValueString\>
  * Subsequent lines will have %\<KeywordString\>% replaced with \<ValueString\>
@@ -129,25 +130,29 @@ gam csv gsheet <user> <fileID> "<sheetName>" gam update user "~primaryEmail" add
 ## CSV files with redirection and select
 You should use the `multiprocess` option on any redirected files: `csv`, `stdout`, `stderr`.
 ```
-gam redirect csv ./filelistperms.csv multiprocess csv Users.csv gam user ~primaryEmail print filelist fields id,title,permissions,owners.emailaddress
+gam redirect csv ./filelistperms.csv multiprocess csv Users.csv gam user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
+gam redirect csv - multiprocess todrive csv Users.csv gam user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
 ```

 If you want to select a `gam.cfg` section for the command, you can select the section at the outer `gam` and save it
 or select the section at the inner `gam`.
 ```
-gam select <Section> save redirect csv ./filelistperms.csv multiprocess csv Users.csv gam user ~primaryEmail print filelist fields id,title,permissions,owners.emailaddress
-gam redirect csv ./filelistperms.csv multiprocess csv Users.csv gam select <Section> user ~primaryEmail print filelist fields id,title,permissions,owners.emailaddress
+gam select <Section> save redirect csv ./filelistperms.csv multiprocess csv Users.csv gam user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
+gam redirect csv ./filelistperms.csv multiprocess csv Users.csv gam select <Section> user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
+gam select <Section> save redirect csv - multiprocess todrive csv Users.csv gam user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
+gam redirect csv - multiprocess todrive csv Users.csv gam select <Section> user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
 ```

 ## Automatic batch processing
 You can enable automatic batch (parallel) processing when issuing commands of the form `gam <UserTypeEntity> ...`.
 In the following example, if the number of users in group sales@domain.com exceeds 1, then the `print filelist` command will be processed in parallel.
 ```
-gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess group sales@domain.com print filelist fields id,title,permissions,owners.emailaddress
+gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess group sales@domain.com print filelist fields id,name,mimetype,basicpermissions
+gam config auto_batch_min 1 redirect csv - multiprocess todrive group sales@domain.com print filelist fields id,name,mimetype,basicpermissions
 ```
 With automatic batch processing, you should use the `multiprocess` option on any redirected files: `csv`, `stdout`, `stderr`.

 If you want to select a `gam.cfg` section for the command, you must select and save it for it to be processed correctly.
 ```
-gam select <Section> save config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess group sales@domain.com print filelist fields id,title,permissions,owners.emailaddress
+gam select <Section> save config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess group sales@domain.com print filelist fields id,name,mimetype,basicpermissions
 ```
--- a/docs/CSV-Input-Filtering.md
+++ b/docs/CSV-Input-Filtering.md
@@ -83,11 +83,17 @@ Name:value form.
 * Each `<FieldNameFilter>:<RowValueFilter>` pair should be enclosed in `'`.
 * If `<FieldNameFilter>` contains a `:` or a space, it should be enclosed in `\"`.
 * If `<RegularExpression>` or `<DataSelector>` in `<RowValueFilter>` contain a space, it should be enclosed in `\"`.
+* If `<FieldNameFilter>` or `<RegularExpression>` in `<RowValueFilter>` contain a `\` to escape a special character
+or enter a special sequence, enter `\\\` on Linux and Mac OS, `\\` on Windows,

-Example:
+Examples:
 ```
 csv_input_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
 csv_input_row_filter "'email:data:\"csvfile gsheet:email user@domain.com FileID Sheet1\"'"
+Linux and Mac OS
+csv_input_row_filter "'phones.\\\d+.value:regex:(?:^\\\(510\\\) )|(?:^510[- ])\\\d{3}-\\\d{4}'"
+Windows
+csv_input_row_filter "'phones.\\d+.value:regex:(?:^\\(510\\) )|(?:^510[- ])\\d{3}-\\d{4}'"
 ```
 JSON form.
 ```
--- a/docs/CSV-Output-Filtering.md
+++ b/docs/CSV-Output-Filtering.md
@@ -89,13 +89,16 @@ Name:value form.
 * If `<FieldNameFilter>` contains a `:` or a space, it should be enclosed in `\"`.
 * If `<RegularExpression>` or `<DataSelector>` in `<RowValueFilter>` contain a space, it should be enclosed in `\"`.
 * If `<FieldNameFilter>` or `<RegularExpression>` in `<RowValueFilter>` contain a `\` to escape a special character
-or enter a special sequence, enter `\\\`.
+or enter a special sequence, enter `\\\` on Linux and Mac OS, `\\` on Windows,

-Example:
+Examples:
 ```
 csv_output_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
 csv_output_row_filter "'email:data:\"csvfile gsheet:email user@domain.com FileID Sheet1\"'"
+Linux and Mac OS
 csv_output_row_filter "'phones.\\\d+.value:regex:(?:^\\\(510\\\) )|(?:^510[- ])\\\d{3}-\\\d{4}'"
+Windows
+csv_output_row_filter "'phones.\\d+.value:regex:(?:^\\(510\\) )|(?:^510[- ])\\d{3}-\\d{4}'"
 ```
 JSON form.
 ```
--- a/docs/Calendars-Events.md
+++ b/docs/Calendars-Events.md
@@ -196,6 +196,7 @@ Client access works when accessing Resource calendars.

 <EventMatchProperty> ::=
        (matchfield attendees <EmailAddressEntity>)|
+        (matchfield attendeesonlydomainlist <DomainNameList>)|
        (matchfield attendeesdomainlist <DomainNameList>)|
        (matchfield attendeesnotdomainlist <DomainNameList>)|
        (matchfield attendeespattern <RegularExpression>)|
@@ -218,7 +219,6 @@ Client access works when accessing Resource calendars.
        (event|events <EventIdList> |
        <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVSubkeySelector> | <CSVDataSelector>)
        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
-
 <EventSelectEntity> ::=
        (<EventSelectProperty>+ <EventMatchProperty>*)

@@ -231,6 +231,7 @@ Client access works when accessing Resource calendars.
        lavender|peacock|sage|tangerine|tomato
 <PropertyKey> ::= <String>
 <PropertyValue> ::= <String>
+<TimeZone> ::= <String>

 <EventAttribute> ::=
        (allday <Date>)|
@@ -358,10 +359,14 @@ The Google Calendar API processes `<EventSelectProperty>*`; you may specify none

 GAM processes `<EventMatchProperty>*`; you may specify none or multiple properties.
 * `matchfield attendees <EmailAddressEntity>` - All of the attendees in `<EmailAddressEntity>` must be present
+* `matchfield attendeesonlydomainlist <DomainNameList>` - All attendee's email addresses must be in a domain in `<DomainNameList>`
+  * For example, this lets you look for events with all attendees in your internal domains. You should include `resource.calendar.google.com`
+    in `<DomainNameList>` if the events use resources.
 * `matchfield attendeesdomainlist <DomainNameList>` - Some attendee's email address must be in a domain in `<DomainNameList>`
  * For example, this lets you look for events with attendees in specific external domains
 * `matchfield attendeesnotdomainlist <DomainNameList>` - Some attendee's email address must be in a domain not in `<DomainNameList>`
-  * For example, this let you look for events with attendees not in your internal domains
+  * For example, this lets you look for events with attendees not in your internal domains. You should include `resource.calendar.google.com`
+    in `<DomainNameList>` if the events use resources.
 * `matchfield attendeespattern <RegularExpression>` - Some attendee's email address must match `<RegularExpression>`
 * `matchfield attendeesstatus [<AttendeeAttendance>] [<AttendeeStatus>] <EmailAddressEntity>` - All of the attendees in `<EmailAddressEntity>` must be present
 and must have the specified values.
--- a/docs/ChromeOS-Devices.md
+++ b/docs/ChromeOS-Devices.md
@@ -105,6 +105,7 @@ The second form is backwards compatible with Standard GAM and selection with `<C
        annotatedlocation|location|
        annotateduser|user|
        autoupdateexpiration|
+        autoupdatethrough|
        backlightinfo|
        bootmode|
        cpuinfo|
@@ -117,6 +118,9 @@ The second form is backwards compatible with Standard GAM and selection with `<C
        dockmacaddress|
        ethernetmacaddress|
        ethernetmacaddress0|
+        extendedsupporteligible|
+        extendedsupportstart|
+        extendedsupportenabled|
        firmwareversion|
        firstenrollmenttime|
        lastdeprovisiontimestamp|
--- a/docs/Context-Aware-Access-Levels.md
+++ b/docs/Context-Aware-Access-Levels.md
@@ -23,7 +23,7 @@ gam update project
 ```

 ## API documentation
-* https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies/list
+* https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies

 ## Grant Service Account Rights to Manage CAA
 In order for GAM to manage CAA access levels, you need to grant your service account a special role for your GCP organization.
--- a/docs/Drive-File-Selection.md
+++ b/docs/Drive-File-Selection.md
@@ -182,7 +182,7 @@ gam user testuser show fileinfo anydrivefilename "Test File"
 gam user testuser show fileinfo anydrivefilename:"Test File"
 ```
 ## Select file ownership
-By default, files the user owns are sisplayed; you can select the ownership characteristic.
+By default, files the user owns are displayed; you can select the ownership characteristic.
 ```
 anyowner|(showownedby any|me|others)
 ```
--- a/docs/GamUpdates.md
+++ b/docs/GamUpdates.md
@@ -10,6 +10,166 @@ Add the `-s` option to the end of the above commands to suppress creating the `g

 See [Downloads](https://github.com/taers232c/GAMADV-XTD3/wiki/Downloads) for Windows or other options, including manual installation

+### 6.76.06
+
+Fixed bug in `gam <UserTypeEntity> print messages ... positivecountsonly` where message counts with value 0 were deiplayed.
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print|messages` that adds
+additional columns of data to the CSV file output.
+
+Added option `showusagebytes` to `gam <UserTypeEntity> print|show drivesettings` that displays
+the following fields in bytes ```usageBytes,usageInDriveBytes,usageInDriveTrashBytes```
+in addition to the fields in their formatted form with units: ```usage,usageInDrive,usageInDriveTrash```.
+This will be most useful with `print` as the rows can be sorted based on the `usagexxxBytes` columns.
+
+### 6.76.05
+
+Added options `deletefromoldowner`, `addtonewowner <CalendarAttribute>*` and `nolistmessages`
+to `gam <UserTypeEntity> transfer calendars <UserItem>` that allow manipulation of the
+source and target user's calendar lists.
+
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Calendars-Access#transfer-calendar-ownership
+
+### 6.76.04
+
+Added the following fields to `<CrOSFieldName>`:
+```
+autoupdatethrough
+extendedsupporteligible
+extendedsupportstart
+extendedsupportenabled
+```
+
+### 6.76.03
+
+Added option `folderpathonly [<Boolean>]` to the following commands that causes GAM
+to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+```
+gam <UserTypeEntity> info drivefile ... filepath|fullpath
+gam <UserTypeEntity> show fileinfo ... filepath|fullpath
+gam <UserTypeEntity> print|show filepath
+gam <UserTypeEntity> print filelist ... filepath|fullpath
+```
+
+### 6.76.02
+
+Updated `gam update group` to handle the following error:
+```
+ERROR: 400: invalidArgument - Failed request validation in update settings: WHO_CAN_VIEW_MEMBERSHIP_CANNOT_BE_BROADER_THAN_WHO_CAN_SEE_GROUP
+```
+
+### 6.76.01
+
+Fixed bug in `gam create vaulthold matter <MatterItem> ... corpus calendar` that caused a trap.
+
+### 6.76.00
+
+Updated versions of `gam create|use project` that use keyword options to also accept the following options
+to define non-default Service Account key characteristics.
+```
+(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+(localkeysize 1024|2048|4096 [validityhours <Number>])|
+(yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber <String>)
+```
+
+### 6.75.05
+
+Added option `csv [todrive <ToDriveAttribute>*]` to `gam <UserTypeEntity> archive|delete|modify|spam|trash|untrash messages|threads`
+that causes GAM to display the command results in CSV form.
+
+### 6.75.04
+
+Added a command to print user counts by OrgUnit. By default, all users in the workspace are counted;
+you can specify a domain to only count users in that domain.
+```
+gam print usercountsbyorgunit [todrive <ToDriveAttribute>*]
+        [domain <String>]
+```
+
+Added option `uploadattachments [<DriveFileParentAttribute>]` to `gam <UserTypeEntity> show messages|threads` that
+causes GAM to upload all message attachments to the user's `My Drive`, the default, or to a specific folder.
+The existing option `attachmentnamepattern <RegularExpression>` can be used to select attachments to upload.
+
+### 6.75.03
+
+Fixed bug in `gam batch|tbatch` where the line `sleep <Integer>` in the batch file caused the error:
+```
+ERROR: Invalid argument: Expected <gam|commit-batch|print>
+```
+
+### 6.75.02
+
+Updated `gam report  <ActivityApplictionName>` to retry/handle the following error:
+```
+ERROR: 503: serviceNotAvailable - The service is currently unavailable.
+```
+
+### 6.75.01
+
+Added option `admin <EmailAddress>` to  `gam upload sakey`.
+
+### 6.75.00
+
+Updated `gam create project` to simplify handling the situation where your workspace is configured to disable service account private key uploads.
+
+Added command `gam upload sakey` to aid in this process.
+
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#upload-a-service-account-key-to-a-service-account-with-no-keys
+
+### 6.74.02
+
+Fixed bug in `gam <UserTypeEntity> print shareddrives ... formatjson` that caused a trap.
+
+### 6.74.01
+
+Updated `gam create|update drivefileacl <DriveFileEntity> ... expiration <Time>` to handle
+the following error caused by tryig to add an expiration time to a member of a Shared Drive.
+```
+ERROR: 403: expirationDateNotAllowedForSharedDriveMembers - Expiration dates are not allowed for shared drive members.
+```
+
+### 6.74.00
+
+Added `truncate_client_id` Boolean variable to `gam.cfg`. Prior to version 6.74.00, GAM stripped
+'.apps.googleusercontent.com' from `client_id` in `oauth2.txt` and passed the truncated value in API calls.
+At Jay's suggestion this is no longer performed by default; setting `truncate_client_id = true` restores the previous behavior.
+
+Do `gam oauth delete` and `gam oauth create` to set the untruncated value of `client_id` in `oauth2.txt`.
+
+### 6.73.00
+
+The Google Chat API has been updated so that chat members can now have their role set to manager.
+
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Chat#manage-chat-members
+
+### 6.72.16
+
+Updated `emailaddressList <EmailAddressList>` and `domainlist|notdomainlist <DomainNameList>`
+in `<PermissionMatch>` to perform case-insensitive matches as the API is returning mixed case
+ACL email addresses in some cases.
+
+### 6.75.15
+
+Updated all commands that display tasks to display the due date in GMT as the time portion
+is not supported by the API and converting the due date to local time may display the wrong date.
+
+Renamed license SKU `1010400001` from `Beyond Corp Enterprise` to `Chrome Enterprise Premium`.
+
+### 6.72.14
+
+Upgraded to Python 3.12.3 where possible.
+
+### 6.72.13
+
+Added the following option to `<EventMatchProperty>` that can be used to select
+events based on the domains of the attendees.
+```
+matchfield attendeesonlydomainlist <DomainNameList>
+```
+This returns true if all attendee's email addresses are in a domain in `<DomainNameList>`;
+for example this lets you look for events with attendees only in your internal domains.
+
 ### 6.72.12

 Added the following options to `<EventMatchProperty>` that can be used to select
--- a/docs/Groups-Membership.md
+++ b/docs/Groups-Membership.md
@@ -1,5 +1,6 @@
 Groups - Membership
 - [API documentation](#api-documentation)
+- [Query documentation](#query-documentation)
 - [Python Regular Expressions](Python-Regular-Expressions) Match function
 - [Definitions](#definitions)
 - [Collections of Users](#collections-of-users)
@@ -18,6 +19,10 @@
 ## API documentation
 * https://developers.google.com/admin-sdk/directory/v1/reference/members

+## Query documentation
+* https://developers.google.com/admin-sdk/directory/v1/guides/search-groups
+* https://cloud.google.com/identity/docs/reference/rest/v1/groups#dynamicgroupquery
+
 ## Definitions
 See [Collections of Items](Collections-of-Items)
 ```
--- a/docs/How-to-Upgrade-from-Standard-GAM.md
+++ b/docs/How-to-Upgrade-from-Standard-GAM.md
@@ -213,6 +213,7 @@ Section: DEFAULT
  todrive_timezone = ''
  todrive_upload_nodata = true
  todrive_user = ''
+  truncate_client_id = false
  update_cros_ou_with_id = false
  use_projectid_as_name = false
  user_max_results = 500
@@ -334,10 +335,10 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin/bin/gamadv-xtd3$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAMADV-XTD3 6.72.12 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
-Python 3.12.2 64-bit final
-MacOS Sonoma 14.2.1 x86_64
+Python 3.12.3 64-bit final
+MacOS Sonoma 14.4.1 x86_64
 Path: /Users/admin/bin/gamadv-xtd3
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

@@ -661,6 +662,7 @@ Section: DEFAULT
  todrive_timezone = ''
  todrive_upload_nodata = true
  todrive_user = ''
+  truncate_client_id = false
  update_cros_ou_with_id = false
  use_projectid_as_name = false
  user_max_results = 500
@@ -863,6 +865,7 @@ Section: DEFAULT
  todrive_timezone = ''
  todrive_upload_nodata = true
  todrive_user = ''
+  truncate_client_id = false
  update_cros_ou_with_id = false
  use_projectid_as_name = false
  user_max_results = 500
@@ -1006,9 +1009,9 @@ writes the credentials into the file oauth2.txt.
 C:\GAMADV-XTD3>del C:\GAMConfig\oauth2.txt
 C:\GAMADV-XTD3>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAMADV-XTD3 6.72.12 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
-Python 3.12.2 64-bit final
+Python 3.12.3 64-bit final
 Windows-10-10.0.17134 AMD64
 Path: C:\GAMADV-XTD3
 Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -1335,6 +1338,7 @@ Section: DEFAULT
  todrive_timezone = ''
  todrive_upload_nodata = true
  todrive_user = ''
+  truncate_client_id = false
  update_cros_ou_with_id = false
  use_projectid_as_name = false
  user_max_results = 500
--- a/docs/Install-GAM-as-Python-Library.md
+++ b/docs/Install-GAM-as-Python-Library.md
@@ -9,7 +9,7 @@ Scroll down to Install Git

 You can install GAM as a Python library with pip.
 ```
-pip install git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src --use-pep517
+pip install git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src
 ```

 Or as a PEP 508 Requirement Specifier, e.g. in requirements.txt file:
@@ -29,7 +29,7 @@ dependencies = [

 Target a specific revision or tag:
 ```
-advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git@v6.58.00#subdirectory=src
+advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git@v6.76.01#subdirectory=src
 ```

 ## Using the library
--- a/docs/Licenses.md
+++ b/docs/Licenses.md
@@ -20,7 +20,7 @@
 |--------------|------------|
 | AppSheet | 101038 |
 | Assured Controls | 101039 |
-| Beyond Corp Enterprise | 101040 |
+| Chrome Enterprise | 101040 |
 | Cloud Identity Free | 101001 |
 | Cloud Identity Premium | 101005 |
 | Cloud Search | 101035 |
@@ -43,7 +43,7 @@
 | AppSheet Enterprise Standard | 1010380002 | appsheetstandard |
 | AppSheet Enterprise Plus | 1010380003 | appsheetplus |
 | Assured Controls | 1010390001 | assuredcontrols |
-| Beyond Corp Enterprise | 1010400001 | bce |
+| Chrome Enterprise Premium | 1010400001 | cep | chromeenterprisepremium |
 | Cloud Identity Free | 1010010001 | cloudidentity |
 | Cloud Identity Premium | 1010050001 | cloudidentitypremium |
 | Cloud Search | 1010350001 | cloudsearch |
@@ -140,7 +140,7 @@
        appsheetstandard | appsheetenterprisestandard | 1010380002 | AppSheet Enterprise Standard |
        appsheetplus | appsheetenterpriseplus | 1010380003 | AppSheet Enterprise Plus |
        assuredcontrols | 1010390001 | Assured Controls |
-        bce | beyondcorp | beyondcorpenterprise | 1010400001 | Beyond Corp Enterprise |
+        bce | beyondcorp | beyondcorpenterprise | cep | chromeenterprisepremium | 1010400001 | Chrome Enterprise Premium |
        cdm | chrome | googlechromedevicemanagement | Google-Chrome-Device-Management |
        cloudidentity | identity | 1010010001 | Cloud Identity |
        cloudidentitypremium | identitypremium | 1010050001 | Cloud Identity Premium |
--- a/docs/Other-Resources.md
+++ b/docs/Other-Resources.md
@@ -4,14 +4,15 @@ The following are links to contributions of others in support of GAMADV-XTD3.

 Thank you.

-* Gabriel Clifton - https://docs.google.com/document/d/1p32QOBTr89GaG7RfCafSbFuhlUQ9r3qBM_666E0xvQM/edit
-* Steve Larsen - https://docs.google.com/spreadsheets/d/1MzzA-u-cmoQcJnQOovCnZcEKMjvOyFhfkdFdf10X_GI/edit
-* Iain Macleod - https://docs.google.com/document/d/1QxWAPdhROcx70OXLpSD9Trh3vs-nJKSMiaMZCTwOOTg/edit?pli=1#heading=h.2a2azzpy36k0
-* Kevin Melillo -  https://github.com/KevinMelilloIEEE/gam-script
-* James Seymour - https://sites.google.com/jis.edu.bn/gam-commands/home
 * Amado Tejada - https://github.com/amadotejada/GAMpass
-* Workspace Admins YouTube Channel - https://youtube.com/@googleworkspaceadmins
+* Brecht Sannen - https://gcloud.devoteam.com/blog/what-is-google-apps-manager-gam/
+* Gabriel Clifton - https://docs.google.com/document/d/1p32QOBTr89GaG7RfCafSbFuhlUQ9r3qBM_666E0xvQM/edit
 * Goldy Arora - https://www.goldyarora.com/license-notifier/
-* Paul Ogier (Taming.Tech) - GAMADV-XTD3 Tutorials https://www.youtube.com/watch?v=g9LDeyXQNLI&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w
+* Iain Macleod - https://docs.google.com/document/d/1QxWAPdhROcx70OXLpSD9Trh3vs-nJKSMiaMZCTwOOTg/edit?pli=1#heading=h.2a2azzpy36k0
+* James Seymour - https://sites.google.com/jis.edu.bn/gam-commands/home
+* Kevin Melillo -  https://github.com/KevinMelilloIEEE/gam-script
 * Paul Ogier (Taming.Tech) - GAMADV-XTD3 Course on Udemy https://taming.tech/GAMCourse
-* Paul Ogier (Taming.Tech) - https://taming.tech/taming-gam-a-practical-guide-to-gam-and-gamadv-xtd3/
+* Paul Ogier (Taming.Tech) - GAMADV-XTD3 Tutorials https://www.youtube.com/watch?v=g9LDeyXQNLI&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w
+* Paul Ogier (Taming.Tech) - https://taming.tech/taming-gam-a-practical-guide-to-gam-and-gamadv-xtd3/
+* Steve Larsen - https://docs.google.com/spreadsheets/d/1MzzA-u-cmoQcJnQOovCnZcEKMjvOyFhfkdFdf10X_GI/edit
+* Workspace Admins YouTube Channel - https://youtube.com/@googleworkspaceadmins
--- a/docs/Reports.md
+++ b/docs/Reports.md
@@ -143,7 +143,8 @@ Get Shared Drives ID and Name
 ```
 gam redirect csv ./SharedDrives.csv print shareddrives fields id,name
 ```
-Options:
+
+Options for the `gam report drive` commands below:
 * `maxactivities 1` - Limits the number of activities displayed for Shared Drives with activity.
 * `shownoactivities` - Displays a row for Shared Drives with no activity.
 * `addcsvdata shared_drive_id "~id"` adds the Shared Drive ID to the output.
--- a/docs/Resources.md
+++ b/docs/Resources.md
@@ -1,6 +1,7 @@
 # Resources
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)
+- [Region Codes](#region-codes)
 - [Special quoting](#special-quoting)
 - [Manage buildings](#manage-buildings)
 - [Display buildings](#display-buildings)
@@ -121,6 +122,252 @@ See [Collections of Items](Collections-of-Items)
        uservisibledescription
 <ResourceFieldNameList> ::= "<ResourceFieldName>(,<ResourceFieldName>)*"
 ```
+
+## Region Codes
+
+| Region | Code |
+|--------|------|
+| Afghanistan | AF |
+| Aland Islands | AX |
+| Albania | AL |
+| Algeria | DZ |
+| American Samoa | AS |
+| Andorra | AD |
+| Angola | AO |
+| Anguilla | AI |
+| Antarctica | AQ |
+| Antigua & Barbuda | AG |
+| Argentina | AR |
+| Armenia | AM |
+| Aruba | AW |
+| Ascension Island | AC |
+| Australia | AU |
+| Austria | AT |
+| Azerbaijan | AZ |
+| Bahamas | BS |
+| Bahrain | BH |
+| Bangladesh | BD |
+| Barbados | BB |
+| Belarus | BY |
+| Belgium | BE |
+| Belize | BZ |
+| Benin | BJ |
+| Bermuda | BM |
+| Bhutan | BT |
+| Bolivia | BO |
+| Bosnia & Herzegovina | BA |
+| Botswana | BW |
+| Bouvet Island | BV |
+| Brazil | BR |
+| British Indian Ocean Territory | IO |
+| British Virgin Islands | VG |
+| Brunei | BN |
+| Bulgaria | BG |
+| Burkina Faso | BF |
+| Burundi | BI |
+| Cambodia | KH |
+| Cameroon | CM |
+| Canada | CA |
+| Canary Islands | IC |
+| Cape Verde | CV |
+| Caribbean Netherlands | BQ |
+| Cayman Islands | KY |
+| Central African Republic | CF |
+| Ceuta & Melilla | EA |
+| Chad | TD |
+| Chile | CL |
+| China | CN |
+| Christmas Island | CX |
+| Clipperton Island | CP |
+| Cocos (Keeling) Islands | CC |
+| Columbia | CO |
+| Comoros | KM |
+| Congo - Brazzaville | CG |
+| Congo - Kinshasa | CD |
+| Cook Islands | CK |
+| Costa Rica | CR |
+| Cote d’Ivoire | CI |
+| Croatia | HR |
+| Cuba | CU |
+| Curacao | CW |
+| Cyprus | CY |
+| Czech Republic | CZ |
+| Falkland Islands | FK |
+| Faroe Islands | FO |
+| Fiji | FJ |
+| Finland | FI |
+| France | FR |
+| Gabon | GA |
+| Gambia | GM |
+| Georgia | GE |
+| Germany | DE |
+| Ghana | GH |
+| Gibraltar | GI |
+| Greece | GR |
+| Greenland | GL |
+| Grenada | GD |
+| Guadeloupe | GP |
+| Guam | GU |
+| Guatemala | GT |
+| Guernsey | GG |
+| Guinea | GN |
+| Guinea-Bissau | GW |
+| Guyana | GY |
+| Haiti | HT |
+| Heard & McDonald Islands | HM |
+| Honduras | HN |
+| Hong Kong SAR China | HK |
+| Hungary | HU |
+| Iceland | IS |
+| India | IN |
+| Indonesia | ID |
+| Iran | IR |
+| Iraq | IQ |
+| Ireland | IE |
+| Isle of Man | IM |
+| Israel | IL |
+| Italy | IT |
+| Jamaica | JM |
+| Japan | JP |
+| Jersey | JE |
+| Jordan | JO |
+| Kazakhstan | KZ |
+| Kenya | KE |
+| Kiribati | KI |
+| Kosovo | XK |
+| Kuwait | KW |
+| Kyrgyzstan | KG |
+| Laos | LA |
+| Latvia | LV |
+| Lebanon | LB |
+| Lesotho | LS |
+| Liberia | LR |
+| Libya | LY |
+| Liechtenstein | LI |
+| Lithuania | LT |
+| Luxembourg | LU |
+| Macau SAR China | MO |
+| Macedonia | MK |
+| Madagascar | MG |
+| Malawi | MW |
+| Malaysia | MY |
+| Maldives | MV |
+| Mali | ML |
+| Malta | MT |
+| Marshall Islands | MH |
+| Martinique | MQ |
+| Mauritania | MR |
+| Mauritius | MU |
+| Mayotte | YT |
+| Mexico | MX |
+| Micronesia | FM |
+| Moldova | MD |
+| Monaco | MC |
+| Mongolia | MN |
+| Montenegro | ME |
+| Montserrat | MS |
+| Morocco | MA |
+| Mozambique | MZ |
+| Myanmar | MM |
+| Namibia | NA |
+| Nauru | NR |
+| Nepal | NP |
+| Netherlands | NL |
+| New Caledonia | NC |
+| New Zealand | NZ |
+| Nicaragua | NI |
+| Niger | NE |
+| Nigeria | NG |
+| Niue | NU |
+| Norfolk Island | NF |
+| North Korea | KP |
+| Northern Mariana Islands | MP |
+| Norway | NO |
+| Oman | OM |
+| Pakistan | PK |
+| Palau | PW |
+| Palestinia Territories | PS |
+| Panama | PA |
+| Papua New Guinea | PG |
+| Paraguay | PY |
+| Peru | PE |
+| Philippines | PH |
+| Pitcairn Islands | PN |
+| Poland | PL |
+| Portugal | PT |
+| Puerto Rico | PR |
+| Qatar | QA |
+| Reunion | RE |
+| Romania | RO |
+| Russia | RU |
+| Rwanda | RW |
+| Samoa | WS |
+| San Marino | SM |
+| Sao Tomm & Principe | ST |
+| Saudi Arabia | SA |
+| Senegal | SN |
+| Serbia | RS |
+| Seychelles | SC |
+| Sierra Leone | SL |
+| Singapore | SG |
+| Sint Maarten | SX |
+| Slovakia | SK |
+| Slovenia | SI |
+| Solomon Islands | SB |
+| Somalia | SO |
+| South Africa | ZA |
+| South Georgia & South Sandwich Islands | GS |
+| South Korea | KR |
+| South Sudan | SS |
+| Spain | ES |
+| Sri Lanka | LK |
+| St. Barthelemy | BL |
+| St. Helena | SH |
+| St. Kitts & Nevis | KN |
+| St. Lucia | LC |
+| St. Martin | MF |
+| St. Pierre & Miquelon | PM |
+| St. Vincent & Grenadines | VC |
+| Sudan | SD |
+| Suriname | SR |
+| Svalbard & Jan Mayen | SJ |
+| Swaziland | SZ |
+| Sweden | SE |
+| Switzerland | CH |
+| Syria | SY |
+| Taiwan | TW |
+| Tajikistan | TJ |
+| Tanzania | TZ |
+| Thailand | TH |
+| Timor-Leste | TL |
+| Togo | TG |
+| Tokelau | TK |
+| Tonga | TO |
+| Trinidad & Tobago | TT |
+| Tristan da Cunha | TA |
+| Tunisia | TN |
+| Turkey | TR |
+| Turkmenistan | TM |
+| Turks & Caicos Islands | TC |
+| Tuvalu | TV |
+| U.S. Outlying Islands | UM |
+| U.S. Virgin Islands | VI |
+| Uganda | UG |
+| Ukraine | UA |
+| United Arab Emirates | AE |
+| United Kingdom | GB |
+| United States | US |
+| Unknown Region | ZZ |
+| Uraguay | UY |
+| Uzbekistan | UZ |
+| Vanuatu | VU |
+| Vatican City | VA |
+| Venezuela | VE |
+| Vietnam | VN |
+| Yemen | YE |
+| Zambia | ZM |
+| Zimbabwe | ZW |
+
 ## Special quoting
 When entering `<FeatureNameList>` with `<FeatureName>s`containing spaces, enclose the list in `"` and the names containing spaces in `'`.
 ```
@@ -133,10 +380,8 @@ When creating a building, at a minimum you must enter `address|addresslines` and

 * Enter a single-line address as `address "123 Main Street"`
 * Enter a multi-line address as `addresslines "123 Main Street\nAnytown, US"`
-
-For `country|regioncode` see: http://www.unicode.org/cldr/charts/30/supplemental/territory_information.html
 ```
-gam create|add building <BuildIngID> <Name> <BuildingAttribute>*
+gam create|add building <Name> <BuildingAttribute>*
 gam update building <BuildIngID> <BuildingAttribute>*
 gam delete building <BuildingID>
 ```
--- a/docs/Users-Calendars-Access.md
+++ b/docs/Users-Calendars-Access.md
@@ -37,6 +37,17 @@ Calendar ACL roles (as seen in Calendar GUI):
 <UniqueID> ::= id:<String>
 <UserItem> ::= <EmailAddress>|<UniqueID>|<String>

+<CalendarAttribute> ::=
+        (backgroundcolor <ColorValue>)|
+        (color <CalendarColorName>)|
+        (colorindex|colorid <CalendarColorIndex>)|
+        (foregroundcolor <ColorValue>)|
+        (hidden <Boolean>)|
+        (notification clear|(email <CalendarEmailNotificatonEventTypeList>))|
+        (reminder clear|(email|pop <Number>)|(<Number> email|pop))|
+        (selected <Boolean>)|
+        (summary <String>)
+
 <CalendarSettings> ::=
        (description <String>)|
        (location <String>)|
@@ -134,15 +145,15 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
 ## Transfer calendar ownership

 You can transfer ownership of calendars from one user to another; only non-primary calendars owned by the source user can be transferred.
-You can update calendar settings as part of the transfer. In description, location and summary, #email#, #user# and #username# will be replaced
-by the original owner's full email address or just the name portion; #timestamp# will be replaced by the current date and time.
 ```
-gam <UserTypeEntity> transfer calendars <UserItem> <UserCalendarEntity>
+gam <UserTypeEntity> transfer calendars|seccals <UserItem> [<UserCalendarEntity>]
        [keepuser | (retainrole <CalendarACLRole>)] [sendnotifications <Boolean>]
        [noretentionmessages]
        [<CalendarSettings>] [append description|location|summary] [noupdatemessages]
-gam <UserTypeEntity> transfer seccals <UserItem> [keepuser] [sendnotifications <Boolean>]
+        [deletefromoldowner] [addtonewowner <CalendarAttribute>*] [nolistmessages]
 ```
+If `<UserCalendarEntity>` is not specified, all of a user's owned secondary calendars will be transferrdd.
+
 By default, the users in `<UserTypeEntity>` retain no role in the transferred calendars.
 * `keepuser` - The users in `<UserTypeEntity>` retain their ownership.
 * `retainrole <CalendarACLRole>` - The users in `<UserTypeEntity>` retain the specified role.
@@ -150,11 +161,23 @@ By default, the users in `<UserTypeEntity>` retain no role in the transferred ca

 By default, when you add or update a calendar ACL, a notification is sent to the affected users; use `sendnotifications false` to suppress sending the notifications.

+You can update calendar settings as part of the transfer. In description, location and summary, #email#, #user# and #username# will be replaced
+by the original owner's full email address or just the name portion; #timestamp# will be replaced by the current date and time.
 * `<CalendarSettings>` - The value specified will replace the existing value.
 * `append description|location|summary` - The specified <CalendarSettings> value will be appended to the existing value.
 * `noupdatemessages` - Suppress the settings update messages.

+You can manipulate the old and new owner's calendar lists.
+* `deletefromoldowner` - Delete the calendar from the old owner's calendar list
+* `addtonewowner <CalendarAttribute>*` - Add the calendar to the new owner's calendar list; optionally specify attributes
+* `nolistmessages` - Suppress the calendar list add/delete messages.
+
 ### Example
+Transfer a secondary calendar from oldowner to newowner. Remove the calendar from the old owner's calendar list and add to the new owner's  calendar list.
+```
+gam user oldowner@domain.com transfer calendars newowner@domain.com c_aaa123zzz@group.calendar.google.com removefromoldowner addtonewowner
+```
+
 Transfer ownership of all non-primary calendars from oldowner to newowner; append a message to the calendar description noting the old owner and the time of transfer.
 ```
 gam user oldowner@domain.com transfer calendars newowner@domain.com minaccessrole owner description "(Transferred from #user# on #timestamp#)" append description
--- a/docs/Users-Calendars-Events.md
+++ b/docs/Users-Calendars-Events.md
@@ -261,6 +261,7 @@

 <EventMatchProperty> ::=
        (matchfield attendees <EmailAddressEntity>)|
+        (matchfield attendeesonlydomainlist <DomainNameList>)|
        (matchfield attendeesdomainlist <DomainNameList>)|
        (matchfield attendeesnotdomainlist <DomainNameList>)|
        (matchfield attendeespattern <RegularExpression>)|
@@ -440,10 +441,14 @@ The Google Calendar API processes `<EventSelectProperty>*`; you may specify none

 GAM processes `<EventMatchProperty>*`; you may specify none or multiple properties.
 * `matchfield attendees <EmailAddressEntity>` - All of the attendees in `<EmailAddressEntity>` must be present
+* `matchfield attendeesonlydomainlist <DomainNameList>` - All attendee's email addresses must be in a domain in `<DomainNameList>`
+  * For example, this lets you look for events with all attendees in your internal domains. You should include `resource.calendar.google.com`
+    in `<DomainNameList>` if the events use resources.
 * `matchfield attendeesdomainlist <DomainNameList>` - Some attendee's email address must be in a domain in `<DomainNameList>`
  * For example, this lets you look for events with attendees in specific external domains
 * `matchfield attendeesnotdomainlist <DomainNameList>` - Some attendee's email address must be in a domain not in `<DomainNameList>`
-  * For example, this let you look for events with attendees not in your internal domains
+  * For example, this lets you look for events with attendees not in your internal domains. You should include `resource.calendar.google.com`
+    in `<DomainNameList>` if the events use resources.
 * `matchfield attendeespattern <RegularExpression>` - Some attendee's email address must match `<RegularExpression>`
 * `matchfield attendeesstatus [<AttendeeAttendance>] [<AttendeeStatus>] <EmailAddressEntity>` - All of the attendees in `<EmailAddressEntity>` must be present
 and must have the specified values.
--- a/docs/Users-Chat.md
+++ b/docs/Users-Chat.md
@@ -238,6 +238,20 @@ Delete members by specifying chatmember names.
 gam <UserTypeEntity> remove chatmember members <ChatMemberList>
 ```

+### Update members role
+Update members by specifying a chat space, user/group email addresses and role.
+```
+gam <UserTypeEntity> update chatmember <ChatSpace>
+        role member|manager
+        ((user <UserItem>)|(members <UserTypeEntity>))+
+```
+Update members by specifying chatmember names and role.
+```
+gam <UserTypeEntity> modify chatmember
+        role member|manager
+        members <ChatMemberList>
+```
+
 ## Display Chat Members
 ### Display information about a specific chat members
 ```
--- a/docs/Users-Drive-Activity-Settings.md
+++ b/docs/Users-Drive-Activity-Settings.md
@@ -141,10 +141,16 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
 ```
 gam <UserTypeEntity> print drivesettings [todrive <ToDriveAttribute>*]
        [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)]
-        [delimiter <Character>]
+        [delimiter <Character>] [showusagebytes]
 gam <UserTypeEntity> show drivesettings
        [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)]
-        [delimiter <Character>]
+        [delimiter <Character>] [showusagebytes]
 ```
 If no fields are selected, these fields will be displayed:
    `name,appInstalled,largestChangeId,limit,maxUploadSize,permissionId,rootFolderId,usage,usageInDrive,usageInDriveTrash`
+
+By default, these fields are displayed in formatted form with units: ```usage,usageInDrive,usageInDriveTrash```.
+
+The option `showusagebytes` also displays the following fields in bytes ```usageBytes,usageInDriveBytes,usageInDriveTrashBytes```.
+
+This will be most useful with `print` as the rows can be sorted based on the `usagexxxBytes` columns.
--- a/docs/Users-Drive-Files-Display.md
+++ b/docs/Users-Drive-Files-Display.md
@@ -396,7 +396,7 @@ Display file details in indented keyword: value format. The two forms are equiva
 ```
 gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [returnidonly]
-        [filepath|fullpath] [pathdelimiter <Character>]
+        [filepath|fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [showdrivename] [showshareddrivepermissions]
@@ -406,7 +406,7 @@ gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [formatjson]
 gam <UserTypeEntity> info drivefile <DriveFileEntity>
        [returnidonly]
-        [filepath|fullpath] [pathdelimiter <Character>]
+        [filepath|fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [showdrivename] [showshareddrivepermissions]
@@ -421,6 +421,10 @@ Use `filepath` to display the path(s) to the files in `<DriveFileEntity>`.

 Use `fullpath` to add additional path information indicating that a file is an Orphan or Shared with me.

+By default, the path to a file includes the file name as the last element of the path.
+Use `folderpathonly` to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+
 By default, file path components are separated by `/`; use `pathdelimiter <Character>` to use `<Character>` as the separator.

 When `allfields` is specified (or no fields are specified), use `showdrivename` to display Shared(Team) Drive names.
@@ -479,16 +483,21 @@ By default, Gam displays the information as an indented list of keys and values.
 gam <UserTypeEntity> show filepath <DriveFileEntity>
        [returnpathonly]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
-        [stripcrsfromname] [fullpath] [pathdelimiter <Character>]
+        [stripcrsfromname]
+        [folderpathonly [<Boolean>]] [fullpath] [pathdelimiter <Character>]
 gam <UserTypeEntity> print filepath <DriveFileEntity> [todrive <ToDriveAttribute>*]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
-        [stripcrsfromname] [fullpath] [pathdelimiter <Character>]
-        [oneitemperrow]
+        [stripcrsfromname] [oneitemperrow]
+        [fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
 ```
 Use `returnpathonly` to display just the file path of the files in `<DriveFileEntity>`.

 Use `fullpath` to add additional path information indicating that a file is an Orphan or Shared with me.

+By default, the path to a file includes the file name as the last element of the path.
+Use `folderpathonly` to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+
 By default, file path components are separated by `/`; use `pathdelimiter <Character>` to use `<Character>` as the separator.

 The `stripcrsfromname` option strips nulls, carriage returns and linefeeds from drive file names.
@@ -1009,8 +1018,9 @@ gam <UserTypeEntity> print|show filelist [todrive <ToDriveAttribute>*]
        [excludetrashed]
        [maxfiles <Integer>] [nodataheaders <String>]
        [countsonly [summary none|only|plus] [summaryuser <String>]
-                    [showsource] [showsize] [showmimetypesize]] [countsrowfilter]
-        [filepath|fullpath [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
+                    [showsource] [showsize] [showmimetypesize]]
+        [countsrowfilter]
+        [filepath|fullpath [folderpathonly [<Boolean>]] [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        [showdrivename] [showshareddrivepermissions]
        [(showlabels details|ids)|(includelabels <DriveLabelIDList>)]
@@ -1117,13 +1127,13 @@ By default, when a folder is selected, only its contents are displayed.
 ## Choose what fields to display
 If no query or select is performed, use these options to get file path information:
 * `filepath|fullpath` - For files and folders, display the full path(s) to them starting at the root (My Drive)
-* `addcsvdata <FieldName> <String>` - Add additional columns of data from the command line to the output
 * `addpathstojson` - When this option and `formatjson` are specified, the path information will be included in the
 JSON data rather than as additional columns
+* `addcsvdata <FieldName> <String>` - Add additional columns of data from the command line to the output

 When used with `filepath` or `fullpath`, `showdepth` will display a `depth` column.
 Files/folders directly in `My Drive` are at depth 0, the depth increases by 1
-for each containing folder. For files with multiple parents, the maximum depth is displayed.
+for each containing folder.

 If a query or select is performed, use these options to get file path information:
 * `filepath` - For files, no path information is shown; for folders, the paths of all of its children are shown starting at the selected folder
@@ -1131,6 +1141,10 @@ If a query or select is performed, use these options to get file path informatio
 * `addpathstojson` - When this option and `formatjson` are specified, the path information will be included in the
 JSON data rather than as additional columns

+By default, the path to a file includes the file name as the last element of the path.
+Use `folderpathonly` to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+
 By default, file path components are separated by `/`; use `pathdelimiter <Character>` to use `<Character>` as the separator.

 By default, only the fields `id` and `webViewLink` are displayed.
--- a/docs/Users-Gmail-Messages-Threads.md
+++ b/docs/Users-Gmail-Messages-Threads.md
@@ -23,6 +23,7 @@
  - [Print only options](#print-only-options)
  - [Show only options](#show-only-options)
  - [Download attachments](#download-attachments)
+  - [Upload attachments](#upload-attachments)
  - [Display messages sent by delegates for delegator](#display-messages-sent-by-delegates-for-delegator)
 - [User attribute `replace <Tag> <UserReplacement>` processing](Tag-Replace)

@@ -180,6 +181,20 @@ Block emails between specific user groups
        (gdoc|ghtml <UserGoogleDoc>)|
        (gcsdoc|gcshtml <StorageBucketObjectName>)|
        (emlfile <FileName> [charset <Charset>]))
+
+<DriveFolderID> ::= <String>
+<DriveFolderName> ::= <String>
+<SharedDriveID> ::= <String>
+<SharedDriveName> ::= <String>
+
+<DriveFileParentAttribute> ::=
+        (parentid <DriveFolderID>)|
+        (parentname <DriveFolderName>)|
+        (anyownerparentname <DriveFolderName>)|
+        (teamdriveparentid <DriveFolderID>)|
+        (teamdriveparent <SharedDriveName>)|
+        (teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>)|
+        (teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>)
 ```
 ## Message queries with dates
 ```
@@ -345,10 +360,25 @@ Your command line will have: `embedimage file1.jpg image1` embedimage file2.jpg
 gam <UserTypeEntity> archive messages <GroupItem>
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_archive <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 ```

 Messages are archived to the group specified by `<GroupItem>`.

+By default, the command results are displayed as indented keys and values. Use the `csv` option
+to display the command results in CSV form.
+```
+$ gam user user@domain.com archive messages ids 18e9fc6581b9acab,18e9fc58c5491f4c    
+User: user@domain.com, Archive 2 Messages
+  User: user@domain.com, Message: 18e9fc6581b9acab, Archived (1/2)
+  User: user@domain.com, Message: 18e9fc58c5491f4c, Archived (2/2)
+$ gam user user@domain.com archive messages ids 18e9fc6581b9acab,18e9fc58c5491f4c csv
+User: user@domain.com, Archive 2 Messages
+User,id,action,error
+user@domain.com,18e9fc6581b9acab,Archived,
+user@domain.com,18e9fc58c5491f4c,Archived,
+```
+
 See below for message selection.

 ## Export messages/threads
@@ -406,20 +436,40 @@ See below for message selection.
 gam <UserTypeEntity> delete messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_delete <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> modify messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_modify <Number>])|(ids <MessageIDEntity>)
        (addlabel <LabelName>)* (removelabel <LabelName>)*
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> spam messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_spam <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> trash messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_trash <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> untrash messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_untrash <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 ```
+
+By default, the command results are displayed as indented keys and values. Use the `csv` option
+to display the command results in CSV form.
+```
+$ gam user user@domain.com delete messages ids 18e9fc6581b9acab,18e9fc58c5491f4c    
+User: user@domain.com, Delete 2 Messages
+  User: user@domain.com, Message: 18e9fc6581b9acab, Deleted (1/2)
+  User: user@domain.com, Message: 18e9fc58c5491f4c, Deleted (2/2)
+$ gam user user@domain.com delete messages ids 18e9fc6581b9acab,18e9fc58c5491f4c csv
+User: user@domain.com, Delete 2 Messages
+User,id,action,error
+user@domain.com,18e9fc6581b9acab,Deleted,
+user@domain.com,18e9fc58c5491f4c,Deleted,
+```
+
 ### Manage a specific set of messages
 * `ids <MessageIDEntity>` - A list of message ids

@@ -506,6 +556,7 @@ By default, Gam displays all messages.
  * `labelmatchpattern xyz` - Label must start with xyz
  * `labelmatchpattern .*xyz.*` - Label must contain xyz
  * `labelmatchpattern .*xyz` - Label must end with xyz
+  * `labelmatchpattern ^xyz$` - Label must extctly match xyz
 * `sendermatchpattern <RegularExpression>` - Only display messages if the sender matches the `<RegularExpression>`

 When `matchlabel <LabelName>` is specified, the following characters are replaced with a `-` in the generated query.
@@ -595,6 +646,16 @@ By default, when downloading attachments, an existing local file will not be ove
 * `overwrite true` - Overwite an existing file
 * `overwrite false` - Do not overwite an existing file; add a numeric prefix and create a new file

+## Upload attachments
+These options are valid with `show'.
+
+By default, message attachments are not uploaded to Google Drive.
+* `uploadattachments` - Upload message attachments
+* `attachmentnamepattern <RegularExpression>` - Limit the attachments uploaded to those whose names match `<RegularExpression>`
+
+By default, message attachments are uploaded to the root of the user's My Drive.
+* `<DriveFileParentAttributeh>` - Specify an alternate location for the uploaded attachments
+
 ## Display messages sent by delegates for delegator
 Display messages sent by a particular delegate for a delegator; the message is
 from the delegator but sent by the delegate.
--- a/docs/Users-Tasks.md
+++ b/docs/Users-Tasks.md
@@ -69,6 +69,8 @@ gam <UserTypeEntity> create task <TasklistEntity>
        <TaskAttribute>* [parent <TaskID>] [previous <TaskID>]
        [compact|formatjson|returnidonly]
 ```
+The API only supports all-day tasks; you should specify: `due YYYY-MM-DDT00:00:00Z`.
+
 By default, Gam displays the created task as an indented list of keys and values; the task notes text is displayed as individual lines.
 * `compact` - Display the task notes text with escaped carriage returns as \r and newlines as \n
 * `formatjson` - Display the task in JSON format
@@ -100,6 +102,9 @@ By default, Gam displays the moved task as an indented list of keys and values;
 * `formatjson` - Display the task in JSON format

 ## Display Tasks
+All commands that display tasks display the due date in GMT as the time portion
+is not supported by the API and converting the due date to local time may display the wrong date.
+
 ### Display selected tasks
 ```
 gam <UserTypeEntity> info task <TasklistIDTaskIDEntity>
@@ -119,6 +124,13 @@ gam <UserTypeEntity> show tasks [tasklists <TasklistEntity>]
        [orderby completed|due|updated]
        [countsonly|compact|formatjson]
 ```
+The API only supports dates in `duemin` and `duemax' but you must supply a null time:
+* `duemin YYYY-MM-DDT00:00:00Z` - Specify the starting due date
+* `duemax YYYY-MM-DDT00:00:00Z` - Specify one day beyond the ending due date
+
+For example: `duemin 2024-05-01T00:00:00Z duemax 2024-05-02T00:00:00Z` will
+display all tasks on 2024-05-01.
+
 By default, tasks are displayed in hierarchical order.
 * `orderby completed` - Display tasks in completed date order regardless of the hierarchy.
 * `orderby due` - Display tasks in due date order regardless of the hierarchy.
@@ -142,6 +154,13 @@ gam <UserTypeEntity> print tasks [tasklists <TasklistEntity>] [todrive <ToDriveA
        [orderby completed|due|updated]
        [countsonly | (formatjson [quotechar <Character>])]
 ```
+The API only supports dates in `duemin` and `duemax' but you must supply a null time:
+* `duemin YYYY-MM-DDT00:00:00Z` - Specify the starting due date
+* `duemax YYYY-MM-DDT00:00:00Z` - Specify one day beyond the ending due date
+
+For example: `duemin 2024-05-01T00:00:00Z duemax 2024-05-02T00:00:00Z` will
+display all tasks on 2024-05-01.
+
 By default, tasks are displayed in hierarchical order.
 * `orderby completed` - Display tasks in completed date order regardless of the hierarchy.
 * `orderby due` - Display tasks in due date order regardless of the hierarchy.
--- a/docs/Users.md
+++ b/docs/Users.md
@@ -37,6 +37,7 @@
 - [Print user domain counts](#print-user-domain-counts)
    - [Print domain counts for users in a specific domain and/or selected by a query](#print-domain-counts-for-users-in-a-specific-domain-and-or-selected-by-a-query)
    - [Print domain counts for users specified by `<UserTypeEntity>`](#print-domain-counts-for-users-specified-by-usertypeentity)
+- [Print user counts by OrgUnit](print-user-counts-by-orgunit)
 - [Print user list](#print-user-list)
 - [Display user counts](#display-user-counts)
 - [Verify domain membership]($verify-domain-membership)
@@ -1242,6 +1243,15 @@ $ more UsersList.csv
 ["testuser1@domain.org",  "testuser2@domain.org",  "testuser3@domain.org",  "testuser4@domain.org"] 
 ```

+## Print user counts by OrgUnit
+Display the count of archived, suspended and total users in each OrgUnit; display a grand total.
+
+By default, all users in the workspace are counted; you can specify a domain to only count users in that domain.
+```
+gam print usercountsbyorgunit [todrive <ToDriveAttribute>*]
+        [domain <String>]
+```
+
 ## Display user counts
 Display the number of users in an entity.
 ```
--- a/docs/Using-GAMADV-XTD3-with-a-YubiKey.md
+++ b/docs/Using-GAMADV-XTD3-with-a-YubiKey.md
@@ -28,7 +28,7 @@ The YubiKey can be configured with a PIN that must be entered in order for it to
 Yes but in practice this does not work very well with GAMADV-XTD3. The YubiKey will need to be touched every time there is a GAMADV-XTD3 command running which for batch or cron jobs may be constant. GAMADV-XTD3 can use a PIN configured on the YubiKey in order to offer an additional layer of protection.

 ### If I use a YubiKey, do I need to rotate the private key regularly?
-No, because the YubiKey generated the private key it cannot be digitally exported from the YubiKey so there is not chance for it to be copied and stolen. Instead you should physically secure the YubiKey from theft.
+No, because the YubiKey generated the private key it cannot be digitally exported from the YubiKey so there is no chance for it to be copied and stolen. Instead you should physically secure the YubiKey from theft.

 ### What data does the service account private key have access to?
 When using domain-wide delegation with GAMADV-XTD3, the service account and anyone possessing the service account private key oauth2service.json file has access to the Gmail, Drive and Calendar data of ALL Workspace users in your domain. For this reason, whether using a YubiKey or not, you should take strong measures to protect the service account private key.
--- a/docs/Vault-Takeout.md
+++ b/docs/Vault-Takeout.md
@@ -546,7 +546,7 @@ The `shownames` argument controls whether account and org unit names are display
 ## Vault Holds
 ## Create Vault Holds
 ```
-gam create vaulthold|hold matter <MatterItem> [name <String>] corpus drive|mail|groups|hangouts_chat
+gam create vaulthold|hold matter <MatterItem> [name <String>] corpus calendar|drive|mail|groups|hangouts_chat|voice
        [(accounts|groups|users <EmailItemList>) | (orgunit|org|ou <OrgUnit>)]
        [query <QueryVaultCorpus>]
        [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
@@ -560,10 +560,12 @@ Specify the name of the hold:
 * `default` - The hold will be named `GAM <corpus> Hold - <Time>`

 Specify the corpus of data, this option is required:
+* `calendar`
 * `drive`
 * `mail`
 * `groups`
 * `hangouts_chat`
+* `voice`

 Specify the search method, this option is required:
 * `accounts|groups|users <EmailAddressEntity>` - Search all accounts specified in `<EmailAddressEntity>`
--- a/docs/Version-and-Help.md
+++ b/docs/Version-and-Help.md
@@ -1,12 +1,12 @@
-# Version and Help
+\# Version and Help

 Print the current version of Gam with details
 ```
 gam version
-GAMADV-XTD3 6.72.11 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
-Python 3.12.2 64-bit final
-MacOS Sonoma 14.2.1 x86_64
+Python 3.12.3 64-bit final
+MacOS Sonoma 14.4.1 x86_64
 Path: /Users/Admin/bin/gamadv-xtd3
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Time: 2023-06-02T21:10:00-07:00
@@ -15,10 +15,10 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAMADV-XTD3 6.72.11 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
-Python 3.12.2 64-bit final
-MacOS Sonoma 14.2.1 x86_64
+Python 3.12.3 64-bit final
+MacOS Sonoma 14.4.1 x86_64
 Path: /Users/Admin/bin/gamadv-xtd3
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Your system time differs from www.googleapis.com by less than 1 second
@@ -27,17 +27,17 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAMADV-XTD3 6.72.11 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.06 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
-Python 3.12.2 64-bit final
-MacOS Sonoma 14.2.1 x86_64
+Python 3.12.3 64-bit final
+MacOS Sonoma 14.4.1 x86_64
 Path: /Users/Admin/bin/gamadv-xtd3
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Time: 2023-06-02T21:10:00-07:00
 Your system time differs from admin.googleapis.com by less than 1 second
 OpenSSL 3.1.1 30 May 2023
 cryptography 41.0.1
-filelock 3.12.2
+filelock 3.12.3
 google-api-python-client 2.88.0
 google-auth-httplib2 0.1.0
 google-auth-oauthlib 1.0.0
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gamadv-xtd3
 Version Check:
  Current: 5.35.08
-   Latest: 6.72.11
+   Latest: 6.76.06
 echo $?
 1
 ```
@@ -72,7 +72,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-6.72.11
+6.76.06
 ```
 In Linux/MacOS you can do:
 ```
@@ -82,10 +82,10 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 6.72.11 - https://github.com/taers232c/GAMADV-XTD3
+GAM 6.76.06 - https://github.com/taers232c/GAMADV-XTD3
 Ross Scroggs <ross.scroggs@gmail.com>
-Python 3.12.2 64-bit final
-MacOS Sonoma 14.2.1 x86_64
+Python 3.12.3 64-bit final
+MacOS Sonoma 14.4.1 x86_64
 Path: /Users/Admin/bin/gamadv-xtd3
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Time: 2023-06-02T21:10:00-07:00
--- a/docs/gam.cfg.md
+++ b/docs/gam.cfg.md
@@ -580,6 +580,10 @@ todrive_upload_nodata
 todrive_user
        Email address of user to receive CSV files when todrive is specified
        Default: '' which becomes admin user in admin_email or address from oauth2.txt
+truncate_client_id
+        Prior to version 6.74.00, GAM stripped '.apps.googleusercontent.com' from the client_id in oauth2.txt
+        and passed the truncated value in API calls; this is no longer performed unless truncate_client_id is true
+        Default: False
 update_cros_ou_with_id
        Update the OU of a Chromebook with the OU ID rather than the OU path.
        Set to true if you are getting the following error:
@@ -730,6 +734,7 @@ Section: DEFAULT
  todrive_timezone = ''
  todrive_upload_nodata = true
  todrive_user = ''
+  truncate_client_id = false
  update_cros_ou_with_id = false
  use_projectid_as_name = false
  user_max_results = 500
@@ -916,6 +921,7 @@ todrive_timestamp = false
 todrive_timezone = ''
 todrive_upload_nodata = true
 todrive_user = ''
+truncate_client_id = false
 update_cros_ou_with_id = false
 use_projectid_as_name = false

--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -263,7 +263,7 @@ If an item contains spaces, it should be surrounded by ".
        appsheetstandard | appsheetenterprisestandard | 1010380002 | AppSheet Enterprise Standard |
        appsheetplus | appsheetenterpriseplus | 1010380003 | AppSheet Enterprise Plus |
        assuredcontrols | 1010390001 | Assured Controls |
-        bce | beyondcorp | beyondcorpenterprise | 1010400001 | Beyond Corp Enterprise |
+        bce | beyondcorp | beyondcorpenterprise | cep | chromeenterprisepremium | 1010400001 | Chrome Enterprise Premium |
        cdm | chrome | googlechromedevicemanagement | Google-Chrome-Device-Management |
        cloudidentity | identity | 1010010001 | Cloud Identity |
        cloudidentitypremium | identitypremium | 1010050001 | Cloud Identity Premium |
@@ -1338,10 +1338,16 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
        [projectname <ProjectName>] [parent <String>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 gam use project [<EmailAddress>] [<ProjectID>]
 gam use project [admin <EmailAddress>] [project <ProjectID>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 gam update project [[admin] <EmailAddress>] [<ProjectIDEntity>]
 gam delete project [[admin] <EmailAddress>] [<ProjectIDEntity>]
 gam show projects [[admin] <EmailAddress>] [all|<ProjectIDEntity>]
@@ -1354,6 +1360,9 @@ gam info currentprojectid
 gam create|add svcacct [[admin] <EmailAddress>] [<ProjectIDEntity>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 gam delete svcacct [[admin] <EmailAddress>] [<ProjectIDEntity>]
        (saemail <ServiceAccountEmail>)|(saname <ServiceAccountName>)|(sauniqueid <ServiceAccountUniqueID>)
 gam check svcacct <UserTypeEntity> (scope|scopes <APIScopeURLList>)*
@@ -1367,44 +1376,35 @@ gam print svcaccts [[admin] <EmailAddress>] [all|<ProjectIDEntity>]

 gam create sakey
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (localkeysize 1024|2048|4096)|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey|sakeys retain_existing
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)

 gam update sakey
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey|sakeys replace_current
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)

 gam replace sakeys
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (localkeysize 1024|2048|4096)|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey|sakeys retain_none
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
+
+gam upload sakey [admin <EmailAddress>]
+        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)

 gam delete sakeys <ServiceAccountKeyList>+ [doit]
 gam show sakeys [all|system|user]
@@ -1597,6 +1597,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]

 <EventMatchProperty> ::=
        (matchfield attendees <EmailAddressEntity>)|
+        (matchfield attendeesonlydomainlist <DomainNameList>)|
        (matchfield attendeesdomainlist <DomainNameList>)|
        (matchfield attendeesnotdomainlist <DomainNameList>)|
        (matchfield attendeespattern <RegularExpression>)|
@@ -2229,6 +2230,7 @@ gam <CrOSTypeEntity> update <CrOSAttribute>+ [quickcrosmove [<Boolean>]] [nobatc
        annotatedlocation|location|
        annotateduser|user|
        autoupdateexpiration|
+        autoupdatethrough|
        backlightinfo|
        bootmode|
        cpuinfo|
@@ -2241,6 +2243,9 @@ gam <CrOSTypeEntity> update <CrOSAttribute>+ [quickcrosmove [<Boolean>]] [nobatc
        dockmacaddress|
        ethernetmacaddress|
        ethernetmacaddress0|
+        extendedsupporteligible|
+        extendedsupportstart|
+        extendedsupportenabled|
        firmwareversion|
        firstenrollmenttime|
        lastdeprovisiontimestamp|
@@ -5096,7 +5101,7 @@ gam show vaultexports|exports
        [fields <VaultExportFieldNameList>] [shownames]
        [formatjson]

-gam create vaulthold|hold matter <MatterItem> [name <String>] corpus drive|mail|groups|hangouts_chat
+gam create vaulthold|hold matter <MatterItem> [name <String>] corpus calendar|drive|mail|groups|hangouts_chat|voice
        [(accounts|groups|users <EmailItemList>) | (orgunit|org|ou <OrgUnit>)]
        [query <QueryVaultCorpus>]
        [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
@@ -5521,6 +5526,11 @@ gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
        [formatjson [quotechar <Character>]] [countsonly|countonly]
        [issuspended <Boolean>]

+Print user counts by OrgUnits
+
+gam print usercountsbyorgunit [todrive <ToDriveAttribute>*]
+        [domain <String>]
+
 Print lists of users

 gam <UserTypeEntity> print userlist [todrive <ToDriveAttribute>*]
@@ -5691,12 +5701,12 @@ gam <UserTypeEntity> print calendaracls <UserCalendarEntity> [todrive <ToDriveAt
        [noselfowner] (addcsvdata <FieldName> <String>)*
        [formatjson [quotechar <Character>]]

-Transfer ownership of a selection of users calendars to another user
+Transfer ownership of a selection of a users secondary calendars to another user

-gam <UserTypeEntity> transfer calendars <UserItem> <UserCalendarEntity>
+gam <UserTypeEntity> transfer calendars|seccals <UserItem> [<UserCalendarEntity>]
        [keepuser | (retainrole <CalendarACLRole>)] [sendnotifications <Boolean>] [noretentionmessages]
-        <CalendarSettings>] [append description|location|summary] [noupdatemessages]
-gam <UserTypeEntity> transfer seccals <UserItem> [keepuser] [sendnotifications <Boolean>]
+        <CalendarSettings>* [append description|location|summary] [noupdatemessages]
+        [deletefromoldowner] [addtonewowner <CalendarAttribute>*] [nolistmessages]

 <AttendeeAttendance> ::= optional|required
 <AttendeeStatus> ::= accepted|declined|needsaction|tentative
@@ -5979,6 +5989,12 @@ gam <UserTypeEntity> delete chatmember <ChatSpace>
        ((user <UserItem>)|(members <UserTypeEntity>)|
         (group <GroupItem>)|(groups <GroupEntity>))+
 gam <UserTypeEntity> remove chatmember members <ChatMemberList>
+gam <UserTypeEntity> update chatmember <ChatSpace>
+        role member|manager
+        ((user <UserItem>)|(members <UserTypeEntity>))+
+gam <UserTypeEntity> modify chatmember
+        role member|manager
+        members <ChatMemberList>

 gam <UserTypeEntity> info chatmember members <ChatMemberList>
        [formatjson]
@@ -6233,7 +6249,7 @@ gam <UserTypeEntity> untrash drivefile <DriveFileEntity>

 gam <UserTypeEntity> info drivefile <DriveFileEntity>
        [returnidonly]
-        [filepath|fullpath] [pathdelimiter <Character>]
+        [filepath|fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [showdrivename] [showshareddrivepermissions]
@@ -6716,7 +6732,7 @@ gam <UserTypeEntity> collect orphans

 gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [returnidonly]
-        [filepath|fullpath] [pathdelimiter <Character>]
+        [filepath|fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [showdrivename] [showshareddrivepermissions]
@@ -6726,13 +6742,14 @@ gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [formatjson]

 gam <UserTypeEntity> show filepath <DriveFileEntity>
-        [returnidonly]
+        [returnpathonly]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
-        [stripcrsfromname] [fullpath] [pathdelimiter <Character>]
+        [stripcrsfromname]
+        [fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
 gam <UserTypeEntity> print filepath <DriveFileEntity> [todrive <ToDriveAttribute>*]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
-        [stripcrsfromname] [fullpath] [pathdelimiter <Character>]
-        [oneitemperrow]
+        [stripcrsfromname] [oneitemperrow]
+        [fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]

 gam <UserTypeEntity> print filecounts [todrive <ToDriveAttribute>*]
        [((query <QueryDriveFile>) | (fullquery <QueryDriveFile>) | <DriveFileQueryShortcut>)
@@ -6826,7 +6843,7 @@ gam <UserTypeEntity> print filelist [todrive <ToDriveAttribute>*]
        [countsonly [summary none|only|plus] [summaryuser <String>]
                    [showsource] [showsize] [showmimetypesize]]
        [countsrowfilter]
-        [filepath|fullpath [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
+        [filepath|fullpath [folderpathonly [<Boolean>]] [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        [showdrivename] [showshareddrivepermissions]
        [(showlabels details|ids)|(includelabels <DriveLabelIDList>)]
@@ -6887,8 +6904,12 @@ gam <UserTypeEntity> print|show driveactivity [todrive <ToDriveAttribute>*]
        usageindrivetrash
 <DriveSettingsFieldNameList> ::= "<DriveSettingsFieldName>(,<DriveSettingsFieldName>)*"

-gam <UserTypeEntity> print drivesettings [todrive <ToDriveAttribute>*] [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)] [delimiter <Character>]
-gam <UserTypeEntity> show drivesettings [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)] [delimiter <Character>]
+gam <UserTypeEntity> print drivesettings [todrive <ToDriveAttribute>*]
+        [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)]
+        [delimiter <Character>] [showusagebytes]
+gam <UserTypeEntity> show drivesettings
+        [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)]
+        [delimiter <Character>] [showusagebytes]

 gam <UserTypeEntity> print emptydrivefolders [todrive <ToDriveAttribute>*]
        [select <DriveFileEntity>]
@@ -7148,22 +7169,28 @@ gam <UserTypeEntity> insert message
 gam <UserTypeEntity> archive messages <GroupItem>
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_archive <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> delete messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_delete <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> modify messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_modify <Number>])|(ids <MessageIDEntity>)
        (addlabel <LabelName>)* (removelabel <LabelName>)*
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> spam messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_spam <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> trash messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_trash <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> untrash messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_untrash <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]

 gam <UserTypeEntity> export message|messages
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+ [quick|notquick] [doit] [max_to_export <Number>])|(ids <MessageIDEntity>)
@@ -7188,9 +7215,10 @@ gam <UserTypeEntity> show messages|threads
        [countsonly|positivecountsonly] [useronly]
        [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String>] [dateheaderconverttimezone [<Boolean>]]
        [showlabels] [delimiter <Character>] [showbody] [showdate] [showsize] [showsnippet]
-        [showattachments [attachmentnamepattern <RegularExpression>] [noshowtextplain]]
-        [saveattachments [attachmentnamepattern <RegularExpression>]]
-            [targetfolder <FilePath>] [overwrite [<Boolean>]]
+        [[attachmentnamepattern <RegularExpression>]
+            [showattachments [noshowtextplain]]
+            [saveattachments [targetfolder <FilePath>] [overwrite [<Boolean>]]]
+            [uploadattachments [<DriveFileParentAttribute>]]]
 gam <UserTypeEntity> print messages|threads [todrive <ToDriveAttribute>*]
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])*
         [quick|notquick] [max_to_print <Number>] [includespamtrash])|(ids <MessageIDEntity>)
@@ -7198,8 +7226,10 @@ gam <UserTypeEntity> print messages|threads [todrive <ToDriveAttribute>*]
        [countsonly|positivecountsonly] [useronly]
        [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String> [dateheaderconverttimezone [<Boolean>]]]
        [showlabels] [delimiter <Character>] [showbody] [showdate] [showsize] [showsnippet]
-        [showattachments [attachmentnamepattern <RegularExpression>]]
-        [convertcrnl]
+        [convertcrnl] [delimiter <Character>]
+        [[attachmentnamepattern <RegularExpression>]
+            [showattachments [noshowtextplain]]]
+        (addcsvdata <FieldName> <String>)*

 # Users - Gmail - Profile

--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -2,6 +2,166 @@

 Merged GAM-Team version

+6.76.06
+
+Fixed bug in `gam <UserTypeEntity> print messages ... positivecountsonly` where message counts with value 0 were deiplayed.
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print|messages` that adds
+additional columns of data to the CSV file output.
+
+Added option `showusagebytes` to `gam <UserTypeEntity> print|show drivesettings` that displays
+the following fields in bytes ```usageBytes,usageInDriveBytes,usageInDriveTrashBytes```
+in addition to the fields in their formatted form with units: ```usage,usageInDrive,usageInDriveTrash```.
+This will be most useful with `print` as the rows can be sorted based on the `usagexxxBytes` columns.
+
+6.76.05
+
+Added options `deletefromoldowner`, `addtonewowner <CalendarAttribute>*` and `nolistmessages`
+to `gam <UserTypeEntity> transfer calendars <UserItem>` that allow manipulation of the
+old and new owners's calendar lists.
+
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Calendars-Access#transfer-calendar-ownership
+
+6.76.04
+
+Added the following fields to `<CrOSFieldName>`:
+```
+autoupdatethrough
+extendedsupporteligible
+extendedsupportstart
+extendedsupportenabled
+```
+
+6.76.03
+
+Added option `folderpathonly [<Boolean>]` to the following commands that causes GAM
+to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+```
+gam <UserTypeEntity> info drivefile ... filepath|fullpath
+gam <UserTypeEntity> show fileinfo ... filepath|fullpath
+gam <UserTypeEntity> print|show filepath
+gam <UserTypeEntity> print filelist ... filepath|fullpath
+```
+
+6.76.02
+
+Updated `gam update group` to handle the following error:
+```
+ERROR: 400: invalidArgument - Failed request validation in update settings: WHO_CAN_VIEW_MEMBERSHIP_CANNOT_BE_BROADER_THAN_WHO_CAN_SEE_GROUP
+```
+
+6.76.01
+
+Fixed bug in `gam create vaulthold matter <MatterItem> ... corpus calendar` that caused a trap.
+
+6.76.00
+
+Updated versions of `gam create|use project` that use keyword options to also accept the following options
+to define non-default Service Account key characteristics.
+```
+(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+(localkeysize 1024|2048|4096 [validityhours <Number>])|
+(yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber <String>)
+```
+
+6.75.05
+
+Added option `csv [todrive <ToDriveAttribute>*]` to `gam <UserTypeEntity> archive|delete|modify|spam|trash|untrash messages|threads`
+that causes GAM to display the command results in CSV form.
+
+6.75.04
+
+Added a command to print user counts by OrgUnit. By default, all users in the workspace are counted;
+you can specify a domain to only count users in that domain.
+```
+gam print usercountsbyorgunit [todrive <ToDriveAttribute>*]
+        [domain <String>]
+```
+
+Added option `uploadattachments [<DriveFileParentAttribute>]` to `gam <UserTypeEntity> show messages|threads` that
+causes GAM to upload all message attachments to the user's `My Drive`, the default, or to a specific folder.
+The existing option `attachmentnamepattern <RegularExpression>` can be used to select attachments to upload.
+
+6.75.03
+
+Fixed bug in `gam batch|tbatch` where the line `sleep <Integer>` in the batch file caused the error:
+```
+ERROR: Invalid argument: Expected <gam|commit-batch|print>
+```
+
+6.75.02
+
+Updated `gam report  <ActivityApplictionName>` to retry/handle the following error:
+```
+ERROR: 503: serviceNotAvailable - The service is currently unavailable.
+```
+
+6.75.01
+
+Added option `admin <EmailAddress>` to  `gam upload sakey`.
+
+6.75.00
+
+Updated `gam create project` to simplify handling the situation where your workspace is configured to disable service account private key uploads.
+
+Added command `gam upload sakey` to aid in this process.
+
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#upload-a-service-account-key-to-a-service-account-with-no-keys
+
+6.74.02
+
+Fixed bug in `gam <UserTypeEntity> print shareddrives ... formatjson` that caused a trap.
+
+6.74.01
+
+Updated `gam create|update drivefileacl <DriveFileEntity> ... expiration <Time>` to handle
+the following error caused by tryig to add an expiration time to a member of a Shared Drive.
+```
+ERROR: 403: expirationDateNotAllowedForSharedDriveMembers - Expiration dates are not allowed for shared drive members.
+```
+
+6.74.00
+
+Added `truncate_client_id` Boolean variable to `gam.cfg`. Prior to version 6.74.00, GAM stripped
+'.apps.googleusercontent.com' from `client_id` in `oauth2.txt` and passed the truncated value in API calls.
+At Jay's suggestion this is no longer performed by default; setting `truncate_client_id = true` restores the previous behavior.
+
+Do `gam oauth delete` and `gam oauth create` to set the untruncated value of `client_id` in `oauth2.txt`.
+
+6.73.00
+
+The Google Chat API has been updated so that chat members can now have their role set to manager.
+
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Chat#manage-chat-members
+
+6.72.16
+
+Updated `emailaddressList <EmailAddressList>` and `domainlist|notdomainlist <DomainNameList>`
+in `<PermissionMatch>` to perform case-insensitive matches as the API is returning mixed case
+ACL email addresses in some cases.
+
+6.72.15
+
+Updated all commands that display tasks to display the due date in GMT as the time portion
+is not supported by the API and converting the due date to local time may display the wrong date.
+
+Renamed license SKU `1010400001` from `Beyond Corp Enterprise` to `Chrome Enterprise Premium`.
+
+6.72.14
+
+Upgraded to Python 3.12.3 where possible.
+
+6.72.13
+
+Added the following option to `<EventMatchProperty>` that can be used to select
+events based on the domains of the attendees.
+```
+matchfield attendeesonlydomainlist <DomainNameList>
+```
+This returns true if all attendee's email addresses are in a domain in `<DomainNameList>`;
+for example this lets you look for events with attendees only in your internal domains.
+
 6.72.12

 Added the following options to `<EventMatchProperty>` that can be used to select
--- a/src/gam-install.sh
+++ b/src/gam-install.sh
@@ -162,13 +162,14 @@ fi

 if [ -z ${GHCLIENT+x} ]; then
  check_type="unauthenticated"
+  echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
+  release_json=$(curl -s "$release_url" 2>&1 /dev/null)
 else
  check_type="authenticated"
+  echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
+  release_json=$(curl -s "$GHCLIENT" "$release_url" 2>&1 /dev/null)
 fi

-echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
-release_json=$(curl -s "$GHCLIENT" "$release_url" 2>&1 /dev/null)
-
 echo_yellow "Getting file and download URL..."
 # Python is sadly the nearest to universal way to safely handle JSON with Bash
 # At least this code should be compatible with just about any Python version ever
@@ -241,7 +242,11 @@ trap "rm -rf $temp_archive_dir" EXIT

 echo_yellow "Downloading file $name from $browser_download_url to $temp_archive_dir ($check_type)..."
 # Save archive to temp w/o losing our path
-(cd "$temp_archive_dir" && curl -O -L $GHCLIENT $browser_download_url)
+if [ -z ${GHCLIENT+x} ]; then
+  (cd "$temp_archive_dir" && curl -O -L $browser_download_url)
+else
+  (cd "$temp_archive_dir" && curl -O -L $GHCLIENT $browser_download_url)
+fi

 mkdir -p "$target_dir"

--- a/src/gam/init.py
+++ b/src/gam/init.py
--- a/src/gam/gamlib/glapi.py
+++ b/src/gam/gamlib/glapi.py
@@ -29,8 +29,10 @@ CBCM = 'cbcm'
 CHAT = 'chat'
 CHAT_EVENTS = 'chatevents'
 CHAT_MEMBERSHIPS = 'chatmemberships'
+CHAT_MEMBERSHIPS_ADMIN = 'chatmembershipsadmin'
 CHAT_MESSAGES = 'chatmessages'
 CHAT_SPACES = 'chatspaces'
+CHAT_SPACES_ADMIN = 'chatspacesadmin'
 CHAT_SPACES_DELETE = 'chatspacesdelete'
 CHROMEMANAGEMENT = 'chromemanagement'
 CHROMEMANAGEMENT_APPDETAILS = 'chromemanagementappdetails'
@@ -72,6 +74,7 @@ KEEP = 'keep'
 LICENSING = 'licensing'
 LOOKERSTUDIO = 'datastudio'
 OAUTH2 = 'oauth2'
+ORGPOLICY = 'orgpolicy'
 PEOPLE = 'people'
 PEOPLE_DIRECTORY = 'peopledirectory'
 PEOPLE_OTHERCONTACTS = 'peopleothercontacts'
@@ -95,7 +98,9 @@ YOUTUBE = 'youtube'
 CHROMEVERSIONHISTORY_URL = 'https://versionhistory.googleapis.com/v1/chrome/platforms'
 DRIVE_SCOPE = 'https://www.googleapis.com/auth/drive'
 GMAIL_SEND_SCOPE = 'https://www.googleapis.com/auth/gmail.send'
-GOOGLE_OAUTH2_TOKEN_ENDPOINT = "https://oauth2.googleapis.com/token"
+GOOGLE_AUTH_PROVIDER_X509_CERT_URL = 'https://www.googleapis.com/oauth2/v1/certs'
+GOOGLE_OAUTH2_ENDPOINT = 'https://accounts.google.com/o/oauth2/v2/auth'
+GOOGLE_OAUTH2_TOKEN_ENDPOINT = 'https://oauth2.googleapis.com/token'
 CLOUD_PLATFORM_SCOPE = 'https://www.googleapis.com/auth/cloud-platform'
 IAM_SCOPE = 'https://www.googleapis.com/auth/iam'
 PEOPLE_SCOPE = 'https://www.googleapis.com/auth/contacts'
@@ -110,7 +115,8 @@ REQUIRED_SCOPES_SET = set(REQUIRED_SCOPES)
 JWT_APIS = {
  ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
  CHAT: ['https://www.googleapis.com/auth/chat.bot'],
-  CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE]
+  CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
+  ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
  }
 #
 APIS_NEEDING_ACCESS_TOKEN = {
@@ -193,8 +199,10 @@ _INFO = {
  CHAT: {'name': 'Chat API', 'version': 'v1', 'v2discovery': True},
  CHAT_EVENTS: {'name': 'Chat API - Events', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CHAT_MEMBERSHIPS: {'name': 'Chat API - Memberships', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
+  CHAT_MEMBERSHIPS_ADMIN: {'name': 'Chat API - Admin Memberships', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CHAT_MESSAGES: {'name': 'Chat API - Messages', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CHAT_SPACES: {'name': 'Chat API - Spaces', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
+  CHAT_SPACES_ADMIN: {'name': 'Chat API - Admin  Spaces', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CHAT_SPACES_DELETE: {'name': 'Chat API - Spaces Delete', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CLASSROOM: {'name': 'Classroom API', 'version': 'v1', 'v2discovery': True},
  CHROMEMANAGEMENT: {'name': 'Chrome Management API', 'version': 'v1', 'v2discovery': True},
@@ -234,6 +242,7 @@ _INFO = {
  LICENSING: {'name': 'License Manager API', 'version': 'v1', 'v2discovery': True},
  LOOKERSTUDIO: {'name': 'Looker Studio API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
  OAUTH2: {'name': 'OAuth2 API', 'version': 'v2', 'v2discovery': False},
+  ORGPOLICY: {'name': 'Organization Policy API', 'version': 'v2', 'v2discovery': True},
  PEOPLE: {'name': 'People API', 'version': 'v1', 'v2discovery': True},
  PEOPLE_DIRECTORY: {'name': 'People Directory API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': PEOPLE},
  PEOPLE_OTHERCONTACTS: {'name': 'People  API - Other Contacts', 'version': 'v1', 'v2discovery': True, 'mappedAPI': PEOPLE},
@@ -509,6 +518,10 @@ _SVCACCT_SCOPES = [
   'api': CHAT_MEMBERSHIPS,
   'subscopes': READONLY,
   'scope': 'https://www.googleapis.com/auth/chat.memberships'},
+#  {'name': 'Chat API - Admin Memberships',
+#   'api': CHAT_MEMBERSHIPS_ADMIN,
+#   'subscopes': READONLY,
+#    'scope': 'https://www.googleapis.com/auth/chat.admin.memberships'},
  {'name': 'Chat API - Messages',
   'api': CHAT_MESSAGES,
   'subscopes': READONLY,
@@ -517,6 +530,10 @@ _SVCACCT_SCOPES = [
   'api': CHAT_SPACES,
   'subscopes': READONLY,
   'scope': 'https://www.googleapis.com/auth/chat.spaces'},
+#  {'name': 'Chat API - Admin Spaces',
+#   'api': CHAT_SPACES_ADMIN,
+#   'subscopes': READONLY,
+#   'scope': 'https://www.googleapis.com/auth/chat.admin.spaces'},
  {'name': 'Chat API - Spaces Delete',
   'api': CHAT_SPACES_DELETE,
   'subscopes': [],
--- a/src/gam/gamlib/glcfg.py
+++ b/src/gam/gamlib/glcfg.py
@@ -288,6 +288,8 @@ TODRIVE_TIMEZONE = 'todrive_timezone'
 TODRIVE_UPLOAD_NODATA = 'todrive_upload_nodata'
 # User for todrive files
 TODRIVE_USER = 'todrive_user'
+# Truncate Client ID
+TRUNCATE_CLIENT_ID  = 'truncate_client_id'
 # Update CrOS org unit with orgUnitId
 UPDATE_CROS_OU_WITH_ID = 'update_cros_ou_with_id'
 # Use course owner for course access
@@ -430,6 +432,7 @@ Defaults = {
  TODRIVE_TIMEZONE: '',
  TODRIVE_UPLOAD_NODATA: TRUE,
  TODRIVE_USER: '',
+  TRUNCATE_CLIENT_ID: FALSE,
  UPDATE_CROS_OU_WITH_ID: FALSE,
  USE_COURSE_OWNER_ACCESS: FALSE,
  USE_PROJECTID_AS_NAME: FALSE,
@@ -590,6 +593,7 @@ VAR_INFO = {
  TODRIVE_TIMEZONE: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
  TODRIVE_UPLOAD_NODATA: {VAR_TYPE: TYPE_BOOLEAN},
  TODRIVE_USER: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  TRUNCATE_CLIENT_ID: {VAR_TYPE: TYPE_BOOLEAN},
  UPDATE_CROS_OU_WITH_ID: {VAR_TYPE: TYPE_BOOLEAN},
  USE_COURSE_OWNER_ACCESS: {VAR_TYPE: TYPE_BOOLEAN},
  USE_PROJECTID_AS_NAME: {VAR_TYPE: TYPE_BOOLEAN},
--- a/src/gam/gamlib/glclargs.py
+++ b/src/gam/gamlib/glclargs.py
@@ -776,6 +776,7 @@ class GamCLArgs():
  ARG_TRUSTEDAPPS = 'trustedapps'
  ARG_USER = 'user'
  ARG_USERS = 'users'
+  ARG_USERCOUNTSBYORGUNIT = 'usercountsbyorgunit'
  ARG_USERINVITATION = 'userinvitation'
  ARG_USERINVITATIONS = 'userinvitations'
  ARG_USERLIST = 'userlist'
--- a/src/gam/gamlib/glgapi.py
+++ b/src/gam/gamlib/glgapi.py
@@ -70,6 +70,7 @@ DOMAIN_POLICY = 'domainPolicy'
 DOWNLOAD_QUOTA_EXCEEDED = 'downloadQuotaExceeded'
 DUPLICATE = 'duplicate'
 EVENT_DURATION_EXCEEDS_LIMIT = 'eventDurationExceedsLimit'
+EXPIRATION_DATE_NOT_ALLOWED_FOR_SHARED_DRIVE_MEMBERS = 'expirationDateNotAllowedForSharedDriveMembers'
 FAILED_PRECONDITION = 'failedPrecondition'
 FIELD_IN_USE = 'fieldInUse'
 FIELD_NOT_WRITABLE = 'fieldNotWritable'
@@ -208,7 +209,8 @@ DRIVE_COPY_THROW_REASONS = DRIVE_ACCESS_THROW_REASONS+[CANNOT_COPY_FILE, BAD_REQ
                                                       FIELD_NOT_WRITABLE, RATE_LIMIT_EXCEEDED, USER_RATE_LIMIT_EXCEEDED,
                                                       STORAGE_QUOTA_EXCEEDED, TEAMDRIVE_FILE_LIMIT_EXCEEDED, TEAMDRIVE_HIERARCHY_TOO_DEEP]
 DRIVE_GET_THROW_REASONS = DRIVE_USER_THROW_REASONS+[FILE_NOT_FOUND, DOWNLOAD_QUOTA_EXCEEDED]
-DRIVE3_CREATE_ACL_THROW_REASONS = [BAD_REQUEST, INVALID, INVALID_SHARING_REQUEST, OWNERSHIP_CHANGE_ACROSS_DOMAIN_NOT_PERMITTED, CANNOT_SET_EXPIRATION,
+DRIVE3_CREATE_ACL_THROW_REASONS = [BAD_REQUEST, INVALID, INVALID_SHARING_REQUEST, OWNERSHIP_CHANGE_ACROSS_DOMAIN_NOT_PERMITTED,
+                                   CANNOT_SET_EXPIRATION, EXPIRATION_DATE_NOT_ALLOWED_FOR_SHARED_DRIVE_MEMBERS,
                                   NOT_FOUND, TEAMDRIVE_DOMAIN_USERS_ONLY_RESTRICTION, TEAMDRIVE_TEAM_MEMBERS_ONLY_RESTRICTION,
                                   TARGET_USER_ROLE_LIMITED_BY_LICENSE_RESTRICTION, INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, SHARING_RATE_LIMIT_EXCEEDED,
                                   PUBLISH_OUT_NOT_PERMITTED, SHARE_IN_NOT_PERMITTED, SHARE_OUT_NOT_PERMITTED, SHARE_OUT_NOT_PERMITTED_TO_USER,
@@ -224,7 +226,8 @@ DRIVE3_CREATE_ACL_THROW_REASONS = [BAD_REQUEST, INVALID, INVALID_SHARING_REQUEST
 DRIVE3_GET_ACL_REASONS = DRIVE_USER_THROW_REASONS+[FILE_NOT_FOUND, FORBIDDEN, INTERNAL_ERROR,
                                                   INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, INSUFFICIENT_FILE_PERMISSIONS,
                                                   UNKNOWN_ERROR, INVALID]
-DRIVE3_UPDATE_ACL_THROW_REASONS = [BAD_REQUEST, INVALID_OWNERSHIP_TRANSFER, CANNOT_REMOVE_OWNER, CANNOT_SET_EXPIRATION,
+DRIVE3_UPDATE_ACL_THROW_REASONS = [BAD_REQUEST, INVALID_OWNERSHIP_TRANSFER, CANNOT_REMOVE_OWNER,
+                                   CANNOT_SET_EXPIRATION, EXPIRATION_DATE_NOT_ALLOWED_FOR_SHARED_DRIVE_MEMBERS,
                                   OWNERSHIP_CHANGE_ACROSS_DOMAIN_NOT_PERMITTED,
                                   NOT_FOUND, TEAMDRIVE_DOMAIN_USERS_ONLY_RESTRICTION, TEAMDRIVE_TEAM_MEMBERS_ONLY_RESTRICTION,
                                   TARGET_USER_ROLE_LIMITED_BY_LICENSE_RESTRICTION, INSUFFICIENT_ADMINISTRATOR_PRIVILEGES, SHARING_RATE_LIMIT_EXCEEDED,
@@ -260,7 +263,8 @@ GROUP_GET_RETRY_REASONS = [INVALID, SYSTEM_ERROR, SERVICE_NOT_AVAILABLE]
 GROUP_CREATE_THROW_REASONS = [DUPLICATE, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_INPUT]
 GROUP_UPDATE_THROW_REASONS = [GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_INPUT]
 GROUP_SETTINGS_THROW_REASONS = [NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, SYSTEM_ERROR, PERMISSION_DENIED,
-                                INVALID, INVALID_PARAMETER, INVALID_ATTRIBUTE_VALUE, INVALID_INPUT, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE, AUTH_ERROR, REQUIRED]
+                                INVALID, INVALID_ARGUMENT, INVALID_PARAMETER, INVALID_ATTRIBUTE_VALUE, INVALID_INPUT,
+                                SERVICE_LIMIT, SERVICE_NOT_AVAILABLE, AUTH_ERROR, REQUIRED]
 GROUP_SETTINGS_RETRY_REASONS = [INVALID, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE]
 GROUP_LIST_THROW_REASONS = [RESOURCE_NOT_FOUND, DOMAIN_NOT_FOUND, FORBIDDEN, BAD_REQUEST]
 GROUP_LIST_USERKEY_THROW_REASONS = GROUP_LIST_THROW_REASONS+[INVALID_MEMBER, INVALID_INPUT]
@@ -442,6 +446,8 @@ class duplicate(Exception):
  pass
 class eventDurationExceedsLimit(Exception):
  pass
+class expirationDateNotAllowedForSharedDriveMembers(Exception):
+  pass
 class failedPrecondition(Exception):
  pass
 class fieldInUse(Exception):
@@ -702,6 +708,7 @@ REASON_EXCEPTION_MAP = {
  DOWNLOAD_QUOTA_EXCEEDED: downloadQuotaExceeded,
  DUPLICATE: duplicate,
  EVENT_DURATION_EXCEEDS_LIMIT: eventDurationExceedsLimit,
+  EXPIRATION_DATE_NOT_ALLOWED_FOR_SHARED_DRIVE_MEMBERS: expirationDateNotAllowedForSharedDriveMembers,
  FAILED_PRECONDITION: failedPrecondition,
  FIELD_IN_USE: fieldInUse,
  FIELD_NOT_WRITABLE: fieldNotWritable,
--- a/src/gam/gamlib/glglobals.py
+++ b/src/gam/gamlib/glglobals.py
@@ -171,6 +171,10 @@ RATE_CHECK_COUNT = 'rccn'
 RATE_CHECK_START = 'rcst'
 # Section name from outer gam, passed to inner gams
 SECTION = 'sect'
+# Enable/disable "Getting ... " messages
+SHOW_GETTINGS = 'shog'
+# Enable/disable NL at end of "Got ..." messages
+SHOW_GETTINGS_GOT_NL = 'shgn'
 # redirected files
 SAVED_STDOUT = 'svso'
 STDERR = 'stde'
@@ -287,6 +291,8 @@ Globals = {
  RATE_CHECK_COUNT: 0,
  RATE_CHECK_START: 0,
  SECTION: None,
+  SHOW_GETTINGS: True,
+  SHOW_GETTINGS_GOT_NL: False,
  SAVED_STDOUT: None,
  STDERR: {},
  STDOUT: {},
--- a/src/gam/gamlib/glmsgs.py
+++ b/src/gam/gamlib/glmsgs.py
@@ -91,13 +91,27 @@ Please go to:
 8. Press enter here on the terminal once trust is complete.
 '''

-YOUR_GAM_PROJECT_IS_CREATED_AND_READY_TO_USE = 'That\'s it! Your GAM Project is created and ready to use.\n'
+ENABLE_SERVICE_ACCOUNT_PRIVATE_KEY_UPLOAD = '''
+Your workspace is configured to disable service account private key uploads.
+
+Please go to:
+
+  https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#authorize-service-account-key-uploads
+
+Follow the steps to allow a service account private key upload for the project ({0}) just created.
+Once those steps are completed, you can continue with your project authentication.
+'''
+
+YOUR_GAM_PROJECT_IS_CREATED_AND_READY_TO_USE = '''
+That\'s it! Your GAM Project is created and ready to use.
+Proceed to the authentication steps.
+'''

 # check|update service messages in order of appearance
 SYSTEM_TIME_STATUS = 'System time status'
 YOUR_SYSTEM_TIME_DIFFERS_FROM_GOOGLE = 'Your system time differs from {0} by {1}'
 PRESS_ENTER_ONCE_AUTHORIZATION_IS_COMPLETE = 'Press enter once authorization is complete.'
-SERVICE_ACCOUNT_API_DISABLED = '{0} not enabled. Please run "gam update project" and "gam user user@domain.com check serviceaccount"'
+SERVICE_ACCOUNT_API_DISABLED = '{0} not enabled. Please run "gam update project" and "gam user user@domain.com update serviceaccount"'
 SERVICE_ACCOUNT_PRIVATE_KEY_AUTHENTICATION = 'Service Account Private Key Authentication'
 SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE = 'Service Account Private Key age; Google recommends rotating keys on a routine basis'
 SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
@@ -148,7 +162,7 @@ ALREADY_EXISTS_USE_MERGE_ARGUMENT = 'Already exists; use the "merge" argument to
 API_ACCESS_DENIED = 'API access Denied'
 API_CALLS_RETRY_DATA = 'API calls retry data\n'
 API_CHECK_CLIENT_AUTHORIZATION = 'Please make sure the Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam oauth create\n'
-API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} check serviceaccount\n'
+API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
 API_ERROR_SETTINGS = 'API error, some settings not set'
 ARE_BOTH_REQUIRED = 'Arguments {0} and {1} are both required'
 ARE_MUTUALLY_EXCLUSIVE = 'Arguments {0} and {1} are mutually exclusive'
--- a/src/gam/gamlib/glskus.py
+++ b/src/gam/gamlib/glskus.py
@@ -32,7 +32,7 @@ _PRODUCTS = {
  '101037': 'Google Workspace for Education',
  '101038': 'AppSheet',
  '101039': 'Assured Controls',
-  '101040': 'Beyond Corp Enterprise',
+  '101040': 'Chrome Enterprise',
  '101043': 'Google Workspace Additional Storage',
  '101047': 'Gemini',
  '101049': 'Education Endpoint Management',
@@ -83,7 +83,7 @@ _SKUS = {
  '1010390001': {
    'product': '101039', 'aliases': ['assuredcontrols'], 'displayName': 'Assured Controls'},
  '1010400001': {
-    'product': '101040', 'aliases': ['beyondcorp', 'beyondcorpenterprise', 'bce'], 'displayName': 'Beyond Corp Enterprise'},
+    'product': '101040', 'aliases': ['beyondcorp', 'beyondcorpenterprise', 'bce', 'cep', 'chromeenterprisepremium'], 'displayName': 'Chrome Enterprise Premium'},
  '1010430001': {
    'product': '101043', 'aliases': ['gwas', 'plusstorage'], 'displayName': 'Google Workspace Additional Storage'},
  '1010470001': {
Author	SHA1	Message	Date
Ross Scroggs	33d9949283	MacOS swig: it's here/it's not	2024-05-26 17:35:09 -07:00
Ross Scroggs	41078d5ff6	Fix Windows build, cleanup	2024-05-26 16:21:06 -07:00
Ross Scroggs	52316774ad	Disable Chat Admin APIs	2024-05-25 09:36:34 -07:00
Ross Scroggs	ce545ad062	Chat Admin APIs default to off	2024-05-25 09:02:10 -07:00
Ross Scroggs	2e5df12df1	Update print messages and print drivesettings	2024-05-25 08:35:11 -07:00
Jay Lee	46b9de642d	actions: remove fullGamTest logic Ensure live Google API tests run on test runners so we are exercising our code against Python versions other than the version used by GAM binaries. These runners generally finish fastest anyway since they never need to compile OpenSSL, Python or PyInstaller.	2024-05-22 21:29:04 -04:00
Jay Lee	a9d600234c	[no ci] actions: macOS runner now ships with rust, gnupg and swig	2024-05-22 21:15:33 -04:00
Jay Lee	5c8b69e8b7	actions: move PyInstaller back to latest to see what happens	2024-05-22 21:08:58 -04:00
Ross Scroggs	29792677d7	Added option `showusagebytes` to `gam <UserTypeEntity> print\|show drivesettings`	2024-05-22 13:18:02 -07:00
Ross Scroggs	7de9e986e0	Updated transfer calendars to manipulate calendar lists	2024-05-19 09:49:06 -07:00
Ross Scroggs	2b711be6a4	Merge branch 'main' of https://github.com/GAM-team/GAM	2024-05-17 11:05:06 -07:00
Ross Scroggs	16ef9e60d5	Add new fields to CrOSFieldName	2024-05-17 11:05:03 -07:00
Jay Lee	4d1a31c6bf	[actions] else not lse	2024-05-17 13:16:07 -04:00
Ross Scroggs	5a5b98cccb	Added option `folderpathonly [<Boolean>]` to commands that display paths	2024-05-17 07:42:32 -07:00
Ross Scroggs	f94afedfa8	Fix typo	2024-05-16 16:18:03 -07:00
Ross Scroggs	c9996f4942	MacOS 14.5 curl doesn't like empty arguments	2024-05-16 09:59:16 -07:00
Ross Scroggs	d32942a1d7	Updated `gam update group` to handle the following error: ERROR: 400: invalidArgument - Failed request validation in update settings: WHO_CAN_VIEW_MEMBERSHIP_CANNOT_BE_BROADER_THAN_WHO_CAN_SEE_GROUP	2024-05-14 11:34:59 -07:00
Ross Scroggs	95d1e4ab7c	Updated `gam update group` to handle the following error: ERROR: 400: invalidArgument - Failed request validation in update settings: WHO_CAN_VIEW_MEMBERSHIP_CANNOT_BE_BROADER_THAN_WHO_CAN_SEE_GROUP	2024-05-14 11:30:22 -07:00
Ross Scroggs	dd4fb084e6	Update docs; improve error message on missing SA scope	2024-05-14 08:10:42 -07:00
Ross Scroggs	2c039c3730	Fix missing scope issue; other minor fixs	2024-05-13 20:17:22 -07:00
Jay Lee	0cef0aecb5	retain None type for user, not empty string	2024-05-13 16:53:43 +00:00
Ross Scroggs	4ed9d7ac1f	Fixed bug in `gam create vaulthold ... corpus calendar` that caused a trap.	2024-05-09 10:10:29 -07:00
Ross Scroggs	21b2093b55	Updated versions of `gam create\|use project`	2024-05-07 20:00:23 -07:00
Jay Lee	d4ea2ec978	Update build.yml	2024-05-06 10:57:55 -04:00
Jay Lee	8cffa6e394	Update build.yml	2024-05-06 10:47:12 -04:00
Jay Lee	58337e0722	actions: fix gam location with realpath	2024-05-06 10:31:28 -04:00
Jay Lee	cedbae36b7	actions: missing export	2024-05-06 10:13:17 -04:00
Jay Lee	d5e9df41fb	actions: fix Windows gam.exe location	2024-05-06 09:53:18 -04:00
Jay Lee	e7323f0b74	actions: archives are in src/	2024-05-06 09:43:10 -04:00
Jay Lee	00d3600881	actions: GH Attestation for GAM executables and packages https://github.blog/changelog/2024-05-02-artifact-attestations-public-beta/ attest that GAM was built on GitHub actions to help end users validate they're running a legit GAM binary.	2024-05-06 09:35:49 -04:00
Ross Scroggs	4c799aaf10	Added option `csv [todrive <ToDriveAttribute>*]` to message processing commands	2024-05-04 18:39:09 -07:00
Ross Scroggs	a8938f84f0	print user counts by ou, upload message attachments	2024-05-03 17:52:54 -07:00
Ross Scroggs	ab5aa02bf8	Fixed bug in `gam batch\|tbatch`	2024-05-02 15:14:11 -07:00
Ross Scroggs	42d33786a1	Updated `gam report <ActivityApplictionName>` to retry/handle the following error: ERROR: 503: serviceNotAvailable - The service is currently unavailable.	2024-05-01 13:33:13 -07:00
Ross Scroggs	683435cfb8	Added option `admin <EmailAddress>` to `gam upload sakey`.	2024-04-26 09:16:22 -07:00
Ross Scroggs	6b8170dd2f	Improved code in `gam upload sakey`.	2024-04-26 08:33:50 -07:00
Ross Scroggs	941fe97785	Updated `gam create project` to simplify handling the situation when your workspace is configured to disable service account private key uploads.	2024-04-25 22:23:16 -07:00
Ross Scroggs	f87e013ec4	Fixed bug in `gam <UserTypeEntity> print shareddrives ... formatjson` that caused a trap.	2024-04-25 08:46:14 -07:00
Ross Scroggs	fc792bf454	Updated `gam create\|update drivefileacl <DriveFileEntity> ... expiration <Time>` to handle the following ERROR: 403: expirationDateNotAllowedForSharedDriveMembers - Expiration dates are not allowed for shared drive members.	2024-04-23 15:18:37 -07:00
Ross Scroggs	b4b9bd2436	Added `truncate_client_id` Boolean variable to `gam.cfg` doc cleanup	2024-04-22 18:31:06 -07:00
Ross Scroggs	0e455a2e40	Added `truncate_client_id` Boolean variable to `gam.cfg`	2024-04-22 18:26:24 -07:00
Ross Scroggs	b384bdb503	Do not truncate client_id by default	2024-04-22 17:17:47 -07:00
jeffssh	10a6348ddd	fixed minor typo not -> no (#1685 )	2024-04-19 15:41:30 -04:00
Ross Scroggs	74be07a9ef	The Google Chat API has been updated so that chat members can now have their role set to manager.	2024-04-19 10:05:35 -07:00
Ross Scroggs	5607d659fb	Updated `emailaddressList <EmailAddressList>` and `domainlist\|notdomainlist <DomainNameList>` in `<PermissionMatch>` to perform case-insensitive matches	2024-04-18 15:03:14 -07:00
Ross Scroggs	da1ef497a1	Merge branch 'main' of https://github.com/GAM-team/GAM	2024-04-18 13:03:00 -07:00
Ross Scroggs	ac4fef0e4b	Updated all commands that display tasks to display the due date in GMT	2024-04-18 12:43:39 -07:00
Jay Lee	0bc44582af	BCE > CEP to match admin console product name change	2024-04-17 14:13:51 -04:00
Ross Scroggs	baf0c7863f	Upgraded to Python 3.12.3 where possible.	2024-04-16 19:52:03 -07:00
Ross Scroggs	b00077151b	Added the following option to `<EventMatchProperty>` ``` matchfield attendeesonlydomainlist <DomainNameList> ```	2024-04-16 18:34:13 -07:00