Updated gam create project to use a default project name of gam-project-a1b2c

docs/Authorization.md

@@ -1,7 +1,6 @@
 # Authorization
 - [Introduction](#introduction)
 - [Headless computers and Cloud Shells](#headless-computers-and-cloud-shells)
-- [Version 5 Update](#version-5-update)
 - [API documentation](#api-documentation)
 - [Python Regular Expressions](Python-Regular-Expressions)
 - [Definitions](#definitions)
@@ -127,25 +126,6 @@ as required by Google for headless computers/cloud shells; this is required as o
 * See: https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html
   * OAuth out-of-band (oob) flow will be deprecated
 
-## Version 5 Update
-GAM version `5.00.00` replaced the deprecated `oauth2client` library with the `google-auth` library.
-This change requires a one-time update of the client access file `oauth2.txt`; GAM will continue
-to use the old version of `oauth2.txt` until you perform the update. There is a small performance
-impact until the update is performed. However, you can't use the updated version of `oauth2.txt`
-in prior versions of GAM; if you want to run GAM `5.00.00` and prior versions of GAM,
-do not perform the update until you no longer need to run the prior versions of GAM.
-
-If you are running any GAM version `4.85.00` or later, perform the following command
-after installing `5.00.00` to perform the update.
-```
-gam oauth refresh
-```
-If you are running any GAM version before `4.85.00`, perform the following command
-after installing `5.00.00` to perform the update.
-```
-gam oauth update
-```
-
 ## API documentation
 * https://cloud.google.com/resource-manager/docs/creating-managing-organization#adding_an_organization_administrator
 * https://cloud.google.com/service-usage/docs/reference/rest
@@ -213,7 +193,7 @@ perform these steps and then retry the create project command.
 
 ## Authorize Service Account Key Uploads
 
-If you try to create a project and get an error saying that Constraint `constraints/iam.disableServiceAccountKeyUpload violated for service account projects/gam-project-xxx`,
+If you try to create a project and get an error saying that Constraint `constraints/iam.disableServiceAccountKeyUpload violated for service account projects/gam-project-xxxxx`,
 perform these steps and then you should be able to authorize and use your project.
 
 * Login as an existing super admin at console.cloud.google.com
@@ -293,7 +273,7 @@ You can skip these steps if you know that untrusted third-party apps are allowed
 
 ### Default values
 * `<AppName>` - "GAM"
-* `<ProjectID>` - "gam-project-abc-def-jki" where "abc-def-ghi" are randomly generated
+* `<ProjectID>` - "gam-project-a1b2c" where "a1b2c" are randomly generated
 * `<ProjectName>` - "GAM Project"
 * `<ServiceAccountName>` - `<ProjectID>`
 * `<ServiceAccountDisplayName>` - `<ProjectName>`

docs/GamUpdates.md

@@ -10,6 +10,22 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
 
 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
 
+### 7.00.18
+
+Updated `gam create project` to use a default project name of `gam-project-a1b2c` (`a1b2c` is a random string of 5 characters)
+instead of `gam-project-abc-123-xyz` to avoid the following warning:
+```
+Project: gam-project-abc-123-xyz, Service Account: gam-project-abc-123-xyz@gam-project-abc-123-xyz.iam.gserviceaccount.com, Extracting public certificate
+init.py:12382: UserWarning: Attribute's length must be >= 1 and <= 64, but it was 70
+init.py:12383: UserWarning: Attribute's length must be >= 1 and <= 64, but it was 70
+Project: gam-project-abc-123-xyz, Service Account: gam-project-abc-123-xyz@gam-project-abc-123-xyz.iam.gserviceaccount.com, Done generating private key and public certificate
+```
+
+### 7.00.17
+
+Update all user calendar commands to disable falling back to client access if service account
+authorization has never been performed.
+
 ### 7.00.16
 
 Updated `gam <UserTypeEntity> claim|transfer ownership` to show `Got N Drive Files/Folders that matched query` messages

docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md

@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin$ gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAM 7.00.16 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.00.18 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.0 64-bit final
 MacOS Sonoma 14.5 x86_64
@@ -923,7 +923,7 @@ writes the credentials into the file oauth2.txt.
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAM7 7.00.16 - https://github.com/GAM-team/GAM - pythonsource
+GAM7 7.00.18 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.0 64-bit final
 Windows-10-10.0.17134 AMD64

docs/Version-and-Help.md

@@ -3,7 +3,7 @@
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.00.16 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.00.18 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.0 64-bit final
 MacOS Sonoma 14.5 x86_64
@@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.00.16 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.00.18 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.0 64-bit final
 MacOS Sonoma 14.5 x86_64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.00.16 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.00.18 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.0 64-bit final
 MacOS Sonoma 14.5 x86_64
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gam7
 Version Check:
   Current: 5.35.08
-   Latest: 7.00.16
+   Latest: 7.00.18
 echo $?
 1
 ```
@@ -72,7 +72,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.00.16
+7.00.18
 ```
 In Linux/MacOS you can do:
 ```
@@ -82,7 +82,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.00.16 - https://github.com/GAM-team/GAM
+GAM 7.00.18 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.0 64-bit final
 MacOS Sonoma 14.5 x86_64

src/GamUpdate.txt

@@ -1,3 +1,20 @@
+7.00.18
+
+Updated `gam create project` to use a default project name of `gam-project-a1b2c` (`a1b2c` is a random string of 5 characters)
+instead of `gam-project-abc-123-xyz` to avoid the following warning:
+```
+Project: gam-project-abc-123-xyz, Service Account: gam-project-abc-123-xyz@gam-project-abc-123-xyz.iam.gserviceaccount.com, Extracting public certificate
+init.py:12382: UserWarning: Attribute's length must be >= 1 and <= 64, but it was 70
+init.py:12383: UserWarning: Attribute's length must be >= 1 and <= 64, but it was 70
+Project: gam-project-abc-123-xyz, Service Account: gam-project-abc-123-xyz@gam-project-abc-123-xyz.iam.gserviceaccount.com, Done generating private key and public certificate
+```
+
+7.00.17
+
+Update all user calendar commands to disable falling back to client access if service account
+authorization has never been performed. Previously, in this circumstance, the admin's calendars
+rather than the user's calendars were processed.
+
 7.00.16
 
 Updated `gam <UserTypeEntity> claim|transfer ownership` to show `Got N Drive Files/Folders that matched query` messages

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.00.16'
+__version__ = '7.00.18'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -6056,7 +6056,7 @@ def checkGroupExists(cd, ci, ciGroupsAPI, group, i=0, count=0):
 
 # Turn the entity into a list of Users/CrOS devices
 def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isArchived=None,
-                     groupMemberType=Ent.TYPE_USER, noListConversion=False):
+                     groupMemberType=Ent.TYPE_USER, noListConversion=False, recursive=False, noCLArgs=False):
   def _incrEntityDoesNotExist(entityType):
     entityError['entityType'] = entityType
     entityError[ENTITY_ERROR_DNE] += 1
@@ -6227,32 +6227,33 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
       isSuspended = True
     cd = buildGAPIObject(API.DIRECTORY)
     groups = convertEntityToList(entity)
-    includeDerivedMembership = recursive = False
+    includeDerivedMembership = False
     domains = []
     rolesSet = set()
-    while Cmd.ArgumentsRemaining():
-      myarg = getArgument()
-      if myarg in GROUP_ROLES_MAP:
-        rolesSet.add(GROUP_ROLES_MAP[myarg])
-      elif myarg == 'primarydomain':
-        domains.append(GC.Values[GC.DOMAIN])
-      elif myarg == 'domains':
-        domains.extend(getEntityList(Cmd.OB_DOMAIN_NAME_ENTITY))
-      elif myarg == 'recursive':
-        recursive = True
-        includeDerivedMembership = False
-      elif myarg == 'includederivedmembership':
-        includeDerivedMembership = True
-        recursive = False
-      elif entityType == Cmd.ENTITY_GROUP_USERS_SELECT and myarg in SUSPENDED_ARGUMENTS:
-        isSuspended = _getIsSuspended(myarg)
-      elif entityType == Cmd.ENTITY_GROUP_USERS_SELECT and myarg in ARCHIVED_ARGUMENTS:
-        isArchived = _getIsArchived(myarg)
-      elif myarg == 'end':
-        break
-      else:
-        Cmd.Backup()
-        missingArgumentExit('end')
+    if not noCLArgs:
+      while Cmd.ArgumentsRemaining():
+        myarg = getArgument()
+        if myarg in GROUP_ROLES_MAP:
+          rolesSet.add(GROUP_ROLES_MAP[myarg])
+        elif myarg == 'primarydomain':
+          domains.append(GC.Values[GC.DOMAIN])
+        elif myarg == 'domains':
+          domains.extend(getEntityList(Cmd.OB_DOMAIN_NAME_ENTITY))
+        elif myarg == 'recursive':
+          recursive = True
+          includeDerivedMembership = False
+        elif myarg == 'includederivedmembership':
+          includeDerivedMembership = True
+          recursive = False
+        elif entityType == Cmd.ENTITY_GROUP_USERS_SELECT and myarg in SUSPENDED_ARGUMENTS:
+          isSuspended = _getIsSuspended(myarg)
+        elif entityType == Cmd.ENTITY_GROUP_USERS_SELECT and myarg in ARCHIVED_ARGUMENTS:
+          isArchived = _getIsArchived(myarg)
+        elif myarg == 'end':
+          break
+        else:
+          Cmd.Backup()
+          missingArgumentExit('end')
     if rolesSet:
       memberRoles = ','.join(sorted(rolesSet))
     for group in groups:
@@ -6293,19 +6294,19 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
   elif entityType in {Cmd.ENTITY_CIGROUP_USERS}:
     ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
     groups = convertEntityToList(entity)
-    recursive = False
     rolesSet = set()
-    while Cmd.ArgumentsRemaining():
-      myarg = getArgument()
-      if myarg in GROUP_ROLES_MAP:
-        rolesSet.add(GROUP_ROLES_MAP[myarg])
-      elif myarg == 'recursive':
-        recursive = True
-      elif myarg == 'end':
-        break
-      else:
-        Cmd.Backup()
-        missingArgumentExit('end')
+    if not noCLArgs:
+      while Cmd.ArgumentsRemaining():
+        myarg = getArgument()
+        if myarg in GROUP_ROLES_MAP:
+          rolesSet.add(GROUP_ROLES_MAP[myarg])
+        elif myarg == 'recursive':
+          recursive = True
+        elif myarg == 'end':
+          break
+        else:
+          Cmd.Backup()
+          missingArgumentExit('end')
     if rolesSet:
       memberRoles = ','.join(sorted(rolesSet))
     for group in groups:
@@ -11428,10 +11429,7 @@ def _getAppInfo(myarg, appInfo):
   return True
 
 def _generateProjectSvcAcctId(prefix):
-  psaId = prefix
-  for _ in range(3):
-    psaId += f'-{"".join(random.choice(LOWERNUMERIC_CHARS) for _ in range(3))}'
-  return psaId
+  return f'{prefix}-{"".join(random.choice(LOWERNUMERIC_CHARS) for _ in range(5))}'
 
 def _getLoginHintProjectInfo(createCmd):
   login_hint = None
@@ -37028,11 +37026,13 @@ def checkCalendarExists(cal, calId, showMessage=False):
       entityActionFailedWarning([Ent.CALENDAR, calId], str(e))
     return None
 
-def validateCalendar(calId, i=0, count=0):
+def validateCalendar(calId, i=0, count=0, noClientAccess=False):
   cal = None
   if not calId.endswith('.calendar.google.com'):
-    calId, cal = buildGAPIServiceObject(API.CALENDAR, calId, i, count, displayError=False)
+    calId, cal = buildGAPIServiceObject(API.CALENDAR, calId, i, count, displayError=noClientAccess)
   if not cal:
+    if noClientAccess:
+      return (calId, None)
     cal = buildGAPIObject(API.CALENDAR)
   try:
     callGAPI(cal.calendars(), 'get',
@@ -49759,7 +49759,7 @@ def _validateUserGetCalendarIds(user, i, count, calendarEntity,
     calIds = calendarEntity['dict'][user][:]
   else:
     calIds = calendarEntity['list'][:]
-  user, cal = validateCalendar(user, i, count)
+  user, cal = validateCalendar(user, i, count, noClientAccess=True)
   if not cal:
     return (user, None, None, 0)
   if calendarEntity['resourceIds']:
@@ -50178,7 +50178,7 @@ def printShowCalendars(users):
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
-    user, cal = validateCalendar(user, i, count)
+    user, cal = validateCalendar(user, i, count, noClientAccess=True)
     if not cal:
       continue
     if csvPF:
@@ -50278,7 +50278,7 @@ def printShowCalSettings(users):
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
-    user, cal = validateCalendar(user, i, count)
+    user, cal = validateCalendar(user, i, count, noClientAccess=True)
     if not cal:
       continue
     try:
@@ -50438,7 +50438,7 @@ def transferCalendars(users):
       _getCalendarAttributes(targetListBody, returnOnUnknownArgument=True)
     else:
       unknownArgumentExit()
-  targetUser, targetCal = validateCalendar(targetUser)
+  targetUser, targetCal = validateCalendar(targetUser, noClientAccess=True)
   if not targetCal:
     return
   colorRgbFormat = 'backgroundColor' in targetListBody or 'foregroundColor' in targetListBody