Add resource options to event commands

We currently only have 13 JID accounts available for testing but after Linux arm64 changes needed 14 runners.

I'm disabling Python 3.9 tests for now since it's the oldest and due for deprecation in October.

If there's any concerns we can re-enable and disable something else or else Jay can rebuild the auth files to add a 14th JID Google account and credentials (not hard but cumbersome and time consuming).

.github/workflows/build.yml

@@ -17,7 +17,7 @@ defaults:
     working-directory: src
 
 env:
-  SCRATCH_COUNTER: 4
+  SCRATCH_COUNTER: 6
   OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
   OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
   OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
@@ -41,48 +41,57 @@ jobs:
             goal: build
             arch: x86_64
             openssl_archs: linux-x86_64
-          - os: [self-hosted, linux, arm64]
+          - os: ubuntu-24.04-arm
             jid: 3
             goal: build
             arch: aarch64
             openssl_archs: linux-aarch64
-          - os: ubuntu-22.04
+          - os: ubuntu-22.04-arm
             jid: 4
             goal: build
+            arch: aarch64
+            openssl_archs: linux-aarch64
+          - os: ubuntu-22.04
+            jid: 5
+            goal: build
             arch: x86_64
             openssl_archs: linux-x86_64
             staticx: yes
-          - os: [self-hosted, linux, arm64]
-            jid: 5
+          - os: ubuntu-22.04-arm
+            jid: 6
             goal: build
             arch: aarch64
             openssl_archs: linux-aarch64
             staticx: yes
           - os: macos-13
-            jid: 6
+            jid: 7
             goal: build
             arch: x86_64
             openssl_archs: darwin64-x86_64
           - os: macos-14
-            jid: 7
-            goal: build
-            arch: aarch64
-            openssl_archs: darwin64-arm64
-          - os: macos-15
             jid: 8
             goal: build
             arch: aarch64
             openssl_archs: darwin64-arm64
-          - os: windows-2022
+          - os: macos-15
             jid: 9
             goal: build
+            arch: aarch64
+            openssl_archs: darwin64-arm64
+          - os: windows-2022
+            jid: 10
+            goal: build
             arch: Win64
             openssl_archs: VC-WIN64A
-          - os: ubuntu-24.04
-            goal: test
-            python: "3.9"
-            jid: 10
-            arch: x86_64
+          # disable 3.9 test for now since it's oldest and due
+          # for removal in Oct 2025. We only have 13 jid accounts
+          # so we need this one off but can re-enable at some point
+          # if we feel the need.
+          #- os: ubuntu-24.04
+          #  goal: test
+          #  python: "3.9"
+          #  jid: 11
+          #  arch: x86_64
           - os: ubuntu-24.04
             goal: test
             python: "3.10"
@@ -120,7 +129,7 @@ jobs:
         with:
           path: |
             cache.tar.xz
-          key: gam-${{ matrix.jid }}-20241203
+          key: gam-${{ matrix.jid }}-20250116
 
       - name: Untar Cache archive
         if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -187,7 +196,7 @@ jobs:
           echo "gampath=${gampath}" >> $GITHUB_ENV
 
       - name: Install necessary Github-hosted Linux packages
-        if: runner.os == 'Linux' && runner.arch == 'X64'
+        if: runner.os == 'Linux'
         run: |
           echo "RUNNING: apt update..."
           sudo apt-get -qq --yes update
@@ -548,7 +557,6 @@ jobs:
             # https://github.com/pyinstaller/pyinstaller/issues/7102
             export PATH="$(dirname ${PYTHON}):/usr/bin"
           fi
-          #if ([ "${staticx}" != "yes" ] && [ "$RUNNER_OS" != "Windows" ]); then
           if [[ "$staticx" != "yes" ]]; then
             export PYINSTALLER_BUILD_ONEDIR=yes
           fi
@@ -594,6 +602,9 @@ jobs:
       - name: Install StaticX
         if: matrix.staticx == 'yes'
         run: |
+          sudo apt-get -qq --yes update
+          # arm64 needs to build a wheel and needs scons to build
+          sudo apt-get -qq --yes install scons
           "${PYTHON}" -m pip install --upgrade patchelf-wrapper
           "${PYTHON}" -m pip install --upgrade staticx
 

src/GamCommands.txt

@@ -1677,6 +1677,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
         (range <Date> <Date>)|
         (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)|
         (reminder <Number> email|popup))|
+	(resource <ResourceID>)|
         (selectattendees [<AttendeeAttendance>] [<AttendeeStatus>] <UserTypeEntity>)|
         (sequence <Integer>)|
         (sharedproperty <PropertyKey> <PropertyValue>)|
@@ -1707,8 +1708,10 @@ The following attributes are equivalent:
         clearattendees|
         clearhangoutsmeet|
         (clearprivateproperty <PropertyKey>)|
+        clearresources|
         (clearsharedproperty <PropertyKey>)|
         (removeattendee <EmailAddress>)|
+        (removeresource <ResourceID>)|
         (replacedescription <RegularExpression> <String>)|
         (selectremoveattendees <UserTypeEntity>)
 
@@ -7352,11 +7355,11 @@ gam <UserTypeEntity> print filters [labelidsonly] [todrive <ToDriveAttribute>*]
 # Users - Forms
 
 gam <UserTypeEntity> create form
-        title <String> [description <String>] [isquiz [<Boolean>]
+        title <String> [description <String>] [isquiz [<Boolean>]] [<JSONData>]
         [drivefilename <DriveFileName>] [<DriveFileParentAttribute>]
         [(csv [todrive <ToDriveAttribute>*]) | returnidonly]
 gam <UserTypeEntity> update form <DriveFileEntity>
-        [title <String>] [description <String>] [isquiz [<Boolean>]
+        [title <String>] [description <String>] [isquiz [<Boolean>]] [<JSONData>]
 
 gam <UserTypeEntity> print forms <DriveFileEntity> [todrive <ToDriveAttribute>*]
         (addcsvdata <FieldName> <String>)*
@@ -7821,7 +7824,8 @@ gam <UserTypeEntity> delete noteacl <NotesNameEntity>
 # Users - Licenses
 
 gam <UserTypeEntity> create|add license <SKUIDList> [product|productid <ProductID>] [preview] [actioncsv]
-gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID> [preview] [actioncsv]
+gam <UserTypeEntity> update license <NewSKUID> [product|productid <ProductID>] [from] <OldSKUID>
+        [preview|archive] [actioncsv]
 gam <UserTypeEntity> delete license <SKUIDList> [product|productid <ProductID>] [preview] [actioncsv]
 gam <UserTypeEntity> sync license <SKUIDList> [product|productid <ProductID>] [addonly|removeonly] [allskus|onesku] [preview] [actioncsv]
 

src/GamUpdate.txt

@@ -1,3 +1,63 @@
+7.02.09
+
+Added option `clearresources` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that allows clearing all resources from a user's calendar events. For example, to clear all resources from a user's future events:
+```
+gam user user@domain.com update events primary matchfield attendeespattern @resource.calendar.google.com after now clearresources
+```
+
+Added option `resource <ResourceID>` to `<EventAttribute>` for use in `gam <UserTypeEntity> create|update events`
+that adds a resource to an event.
+
+Added option `removeresource <ResourceID>` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that removes a resource from an event.
+
+7.02.08
+
+Fixed bug in `gam print|show chromepolicies` that caused a trap when neither
+`ou|orgunit <OrgUnitItem>` nor `group <GroupItem>` was specified.
+
+7.02.07
+
+Updated `gam delete|update chromepolicy` to display the `<AppID>` or `<PrinterID>` (if specified)
+in the command status messages.
+
+7.02.06
+
+Added option `<JSONData>` to `gam <UserTypeEntity> create|update form` that allows for
+creation/modification of all fields in a form. `<JSONData>` is a list of form update requests.
+
+* See: https://developers.google.com/forms/api/reference/rest/v1/forms/batchUpdate
+
+7.02.05
+
+Updated `gam [<UserTypeEntity>] show shareddriveacls ... formatjson` to not display this line
+which interferes with the JSON output.
+```
+User: user@domain.com, Show N Shared Drives
+```
+
+7.02.04
+
+Updated code to eliminate trap caused by bug introduced in 7.02.00 that occurs when an invalid domain or OU is specified.
+
+7.02.03
+
+Added option `archive` to `gam <UserTypeEntity> update license <NewSKUID> from <OldSKUID>` that causes GAM
+to archive `<UserTypeEntity>` after updating their license to `<NewSKUID>`. This will be used when you want to
+archive a user with a non-archivable license. The `<NewSKUID>` license is assigned to the user and it then converts
+to the equivalent Archived User license when the user is archived.
+
+`<NewSKUID>` must be one of the following SKUs:
+```
+Google-Apps-Unlimited - G Suite Business
+1010020020 - Google Workspace Enterprise Plus
+1010020025 - Google Workspace Business Plus
+1010020026 - Google Workspace Enterprise Standard
+1010020027 - Google Workspace Business Starter
+1010020028 - Google Workspace Business Standard
+```
+
 7.02.02
 
 Updated `gam <UserTypeEntity> archive messages <GroupItem>` to retry the following unexpected error

src/gam-install.sh

@@ -323,6 +323,8 @@ echo_yellow "Downloading ${download_url} to $temp_archive_dir ($check_type)..."
 (cd "$temp_archive_dir" && curl -O -L -s "${curl_opts[@]}" "$download_url")
 
 mkdir -p "$target_dir"
+echo_yellow "Deleting contents of $target_dir/gam7/lib"
+rm -frv "$target_dir/gam7/lib"
 
 echo_yellow "Extracting archive to $target_dir"
 if [[ "$name" =~ tar.xz|tar.gz|tar ]]; then
@@ -379,7 +381,7 @@ while true; do
       ;;
     [Nn]*)
 #      config_cmd="config no_browser true"
-      touch "$target_dir/gam/nobrowser.txt" > /dev/null 2>&1
+      touch "$target_dir/gam7/nobrowser.txt" > /dev/null 2>&1
       break
       ;;
     *)

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.02.02'
+__version__ = '7.02.09'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -628,7 +628,7 @@ def formatKeyValueList(prefixStr, kvList, suffixStr):
   msg += suffixStr
   return msg
 
-# Something's wrong with CustomerID
+# Something's wrong with CustomerID??
 def accessErrorMessage(cd, errMsg=None):
   if cd is None:
     cd = buildGAPIObject(API.DIRECTORY)
@@ -652,10 +652,12 @@ def accessErrorMessage(cd, errMsg=None):
                                                          Ent.DOMAIN, GC.Values[GC.DOMAIN],
                                                          Ent.USER, GM.Globals[GM.ADMIN]])+[Msg.ACCESS_FORBIDDEN],
                               '')
-  return formatKeyValueList('',
-                            [Ent.Singular(Ent.CUSTOMER_ID), GC.Values[GC.CUSTOMER_ID],
-                             errMsg],
-                            '')
+  if errMsg:
+    return formatKeyValueList('',
+                              [Ent.Singular(Ent.CUSTOMER_ID), GC.Values[GC.CUSTOMER_ID],
+                               errMsg],
+                              '')
+  return None
 
 def accessErrorExit(cd, errMsg=None):
   systemErrorExit(INVALID_DOMAIN_RC, accessErrorMessage(cd or buildGAPIObject(API.DIRECTORY), errMsg))
@@ -23169,8 +23171,8 @@ def printShowContactDelegates(users):
       continue
     jcount = len(delegates)
     if not csvPF:
-      entityPerformActionNumItems([Ent.USER, user], jcount, Ent.CONTACT_DELEGATE, i, count)
       if not csvStyle:
+        entityPerformActionNumItems([Ent.USER, user], jcount, Ent.CONTACT_DELEGATE, i, count)
         Ind.Increment()
         j = 0
         for delegate in delegates:
@@ -27892,14 +27894,28 @@ def _getPolicyGroupTarget(cd, cp, myarg, orgUnit):
   targetResource = f"groups/{convertEmailAddressToUID(targetName, cd, emailType='group')}"
   return (targetName, targetName, targetResource, Ent.GROUP, cp.customers().policies().groups())
 
+def checkPolicyArgs(targetResource, printer_id, app_id):
+  if not targetResource:
+    missingArgumentExit('ou|org|orgunit|group')
+  if printer_id and app_id:
+    usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('printerid', 'appid'))
+
+def setPolicyKVList(baseList, printer_id, app_id):
+  kvList = baseList[:]
+  if app_id:
+    kvList.extend([Ent.APP_ID, app_id])
+  elif printer_id:
+    kvList.extend([Ent.PRINTER_ID, printer_id])
+  return kvList
+
 def updatePolicyRequests(body, targetResource, printer_id, app_id):
   for request in body['requests']:
     request.setdefault('policyTargetKey', {})
     request['policyTargetKey']['targetResource'] = targetResource
-    if printer_id:
-      request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
-    elif app_id:
+    if app_id:
       request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
+    elif printer_id:
+      request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
 
 # gam delete chromepolicy
 #	(<SchemaName> [<JSONData>])+
@@ -27935,15 +27951,14 @@ def doDeleteChromePolicy():
           body['requests'][-1].setdefault('policyTargetKey', {})
           for atk in jsonData['additionalTargetKeys']:
             body['requests'][-1]['policyTargetKey']['additionalTargetKeys'] = {atk['name']: atk['value']}
-  if not targetResource:
-    missingArgumentExit('ou|org|orgunit|group')
+  checkPolicyArgs(targetResource, printer_id, app_id)
   count = len(body['requests'])
   if count != 1:
     entityPerformActionNumItems([entityType, targetName], count, Ent.CHROME_POLICY)
     if count == 0:
       return
+  kvList = setPolicyKVList([entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)], printer_id, app_id)
   updatePolicyRequests(body, targetResource, printer_id, app_id)
-  kvList = [entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)]
   try:
     callGAPI(service, function,
              throwReasons=[GAPI.NOT_FOUND, GAPI.PERMISSION_DENIED,
@@ -28189,12 +28204,11 @@ def doUpdateChromePolicy():
             invalidArgumentExit(Msg.CHROME_TARGET_VERSION_FORMAT)
         body['requests'][-1]['policyValue']['value'][casedField] = value
         body['requests'][-1]['updateMask'] += f'{casedField},'
-  if not targetResource:
-    missingArgumentExit('ou|org|orgunit|group')
+  checkPolicyArgs(targetResource, printer_id, app_id)
   count = len(body['requests'])
   if count > 0 and not body['requests'][-1]['updateMask']:
     body['requests'].pop()
-  kvList = [entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)]
+  kvList = setPolicyKVList([entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)], printer_id, app_id)
   if count != 1:
     entityPerformActionNumItems(kvList, count, Ent.CHROME_POLICY)
     if count == 0:
@@ -28236,10 +28250,10 @@ CHROME_POLICY_SHOW_CHOICE_MAP = {
 def doPrintShowChromePolicies():
   def normalizedPolicy(policy):
     norm = {'name': policy['value']['policySchema']}
-    if printerId:
-      norm['printerId'] = printerId
-    elif appId:
-      norm['appId'] = appId
+    if app_id:
+      norm['appId'] = app_id
+    elif printer_id:
+      norm['printerId'] = printer_id
     if entityType == Ent.ORGANIZATIONAL_UNIT:
       orgUnitId = policy.get('targetKey', {}).get('targetResource')
       norm['orgUnitPath'] = convertOrgUnitIDtoPath(cd, orgUnitId) if orgUnitId else UNKNOWN
@@ -28335,7 +28349,7 @@ def doPrintShowChromePolicies():
   if csvPF:
     csvPF.SetNoEscapeChar(True)
   FJQC = FormatJSONQuoteChar(csvPF)
-  appId = groupEmail = orgUnit = printerId = None
+  app_id = groupEmail = orgUnit = printer_id = targetResource = None
   showPolicies = CHROME_POLICY_SHOW_ALL
   psFilters = []
   while Cmd.ArgumentsRemaining():
@@ -28346,10 +28360,10 @@ def doPrintShowChromePolicies():
       orgUnit, targetName, targetResource, entityType, _ = _getPolicyOrgUnitTarget(cd, cp, myarg, groupEmail)
     elif myarg == 'group':
       groupEmail, targetName, targetResource, entityType, _ = _getPolicyGroupTarget(cd, cp, myarg, orgUnit)
-    elif (not printerId and not appId) and myarg == 'printerid':
-      printerId = getString(Cmd.OB_PRINTER_ID)
-    elif (not printerId and not appId) and myarg == 'appid':
-      appId = getString(Cmd.OB_APP_ID)
+    elif myarg == 'printerid':
+      printer_id = getString(Cmd.OB_PRINTER_ID)
+    elif myarg == 'appid':
+      app_id = getString(Cmd.OB_APP_ID)
     elif myarg == 'filter':
       for psFilter in getString(Cmd.OB_STRING).replace(',', ' ').split():
         psFilters.append(psFilter)
@@ -28363,20 +28377,19 @@ def doPrintShowChromePolicies():
       showPolicies = getChoice(CHROME_POLICY_SHOW_CHOICE_MAP, mapChoice=True)
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, False)
-  if not targetResource:
-    missingArgumentExit('ou|org|orgunit|group')
+  checkPolicyArgs(targetResource, printer_id, app_id)
   body = {'policyTargetKey': {'targetResource': targetResource}}
-  if printerId:
-    body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printerId}
-    if not psFilters:
-      psFilters = ['chrome.printers.*']
-  elif appId:
-    body['policyTargetKey']['additionalTargetKeys'] = {'app_id': appId}
+  if app_id:
+    body['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
     if not psFilters:
       psFilters = ['chrome.users.apps.*',
                    'chrome.devices.kiosk.apps.*',
                    'chrome.devices.managedguest.apps.*',
                     ]
+  elif printer_id:
+    body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
+    if not psFilters:
+      psFilters = ['chrome.printers.*']
   elif not psFilters:
     if entityType == Ent.ORGANIZATIONAL_UNIT:
       psFilters = ['chrome.users.*',
@@ -28410,10 +28423,10 @@ def doPrintShowChromePolicies():
       csvPF.AddTitles(['group'])
     csvPF.SetSortAllTitles()
     if not FJQC.formatJSON:
-      if printerId:
-        csvPF.AddSortTitles(['printerId'])
-      elif appId:
+      if app_id:
         csvPF.AddSortTitles(['appId'])
+      elif printer_id:
+        csvPF.AddSortTitles(['printerId'])
     else:
       csvPF.SetJSONTitles(csvPF.titlesList+['JSON'])
   policies = []
@@ -28440,11 +28453,7 @@ def doPrintShowChromePolicies():
   if not csvPF:
     jcount = len(policies)
     if not FJQC.formatJSON:
-      kvList = [entityType, targetName]
-      if printerId:
-        kvList.extend([Ent.PRINTER_ID, printerId])
-      elif appId:
-        kvList.extend([Ent.APP_ID, appId])
+      kvList = setPolicyKVList([entityType, targetName], printer_id, app_id)
       entityPerformActionModifierNumItems(kvList, Msg.MAXIMUM_OF, jcount, Ent.CHROME_POLICY)
     Ind.Increment()
     j = 0
@@ -38318,6 +38327,7 @@ def _getCalendarEventAttribute(myarg, body, parameters, function):
           for subfield in subfields:
             body.pop(subfield, None)
 
+  cd = None
   if function == 'insert' and myarg in {'id', 'eventid'}:
     body['id'] = getEventID()
   elif function == 'import' and myarg == 'icaluid':
@@ -38398,6 +38408,17 @@ def _getCalendarEventAttribute(myarg, body, parameters, function):
       if responseStatus is not None:
         addAttendee['responseStatus'] = responseStatus
       parameters['attendees'].append(addAttendee)
+  elif function == 'update' and myarg == 'clearresources':
+    parameters['clearResources'] = True
+  elif myarg == 'resource':
+    if cd is None:
+      cd = buildGAPIObject(API.DIRECTORY)
+    parameters['attendees'].append({'email': _validateResourceId(cd, getString(Cmd.OB_RESOURCE_ID), 0, 0, True),
+                                    'responseStatus': 'accepted', 'resource': True})
+  elif myarg == 'removeresource':
+    if cd is None:
+      cd = buildGAPIObject(API.DIRECTORY)
+    parameters['removeAttendees'].add(_validateResourceId(cd, getString(Cmd.OB_RESOURCE_ID), 0, 0, True))
   elif myarg == 'json':
     jsonData = getJSON(EVENT_JSON_CLEAR_FIELDS)
     if function == 'insert':
@@ -38707,7 +38728,7 @@ def _validateCalendarGetEvents(origUser, user, origCal, calId, j, jcount, calend
 
 def _getCalendarCreateImportUpdateEventOptions(function, entityType):
   body = {}
-  parameters = {'clearAttendees': False, 'replaceMode': False,
+  parameters = {'clearAttendees': False, 'replaceMode': False, 'clearResources': False,
                 'attendees': [], 'removeAttendees': set(),
                 'replaceDescription': [], 'sendUpdates': 'none',
                 'csvPF': None, 'FJQC': FormatJSONQuoteChar(None), 'showDayOfWeek': False}
@@ -38818,7 +38839,7 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
   updateFieldList = []
   if parameters['replaceDescription']:
     updateFieldList.append('description')
-  if not parameters['replaceMode'] and (parameters['attendees'] or parameters['removeAttendees']):
+  if not parameters['replaceMode'] and (parameters['attendees'] or parameters['removeAttendees'] or parameters['clearResources']):
     updateFieldList.append('attendees')
   updateFields = ','.join(updateFieldList)
   if 'attendees' not in updateFieldList:
@@ -38869,6 +38890,8 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
               body['attendees'] = []
             if parameters['removeAttendees']:
               body['attendees'] = [attendee for attendee in body['attendees'] if attendee['email'].lower() not in parameters['removeAttendees']]
+            if parameters['clearResources']:
+              body['attendees'] = [attendee for attendee in body['attendees'] if not attendee['email'].lower().endswith('@resource.calendar.google.com')]
         event = callGAPI(cal.events(), 'patch',
                          throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.DELETED, GAPI.FORBIDDEN,
                                                                    GAPI.INVALID, GAPI.REQUIRED, GAPI.TIME_RANGE_EMPTY, GAPI.EVENT_DURATION_EXCEEDS_LIMIT,
@@ -39618,18 +39641,19 @@ def doCalendarsPrintShowSettings(calIds):
   if csvPF:
     csvPF.writeCSVfile('Calendar Settings')
 
-def _validateResourceId(resourceId, i, count):
-  cd = buildGAPIObject(API.DIRECTORY)
+def _validateResourceId(cd, resourceId, i, count, exitOnNotFound):
   try:
     return callGAPI(cd.resources().calendars(), 'get',
                     throwReasons=[GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
                     customer=GC.Values[GC.CUSTOMER_ID], calendarResourceId=resourceId, fields='resourceEmail')['resourceEmail']
   except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden):
+    if exitOnNotFound:
+      entityDoesNotExistExit(Ent.RESOURCE_CALENDAR, resourceId, i, count)
     checkEntityAFDNEorAccessErrorExit(cd, Ent.RESOURCE_CALENDAR, resourceId, i, count)
     return None
 
-def _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAction=True):
-  calId = _validateResourceId(resourceId, i, count)
+def _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity, showAction=True):
+  calId = _validateResourceId(cd, resourceId, i, count, False)
   if not calId:
     return (None, None, 0)
   if ACLScopeEntity['dict']:
@@ -39647,23 +39671,25 @@ def _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAct
 # gam resources <ResourceEntity> create calendaracls <CalendarACLRole> <CalendarACLScopeEntity> [sendnotifications <Boolean>]
 def doResourceCreateCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   role, ACLScopeEntity, sendNotifications = getCalendarCreateUpdateACLsOptions(True)
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity)
     if jcount == 0:
       continue
     _createCalendarACLs(cal, Ent.RESOURCE_CALENDAR, calId, i, count, role, ruleIds, jcount, sendNotifications)
 
 def _resourceUpdateDeleteCalendarACLs(entityList, function, ACLScopeEntity, role, sendNotifications):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity)
     if jcount == 0:
       continue
     _updateDeleteCalendarACLs(cal, function, Ent.RESOURCE_CALENDAR, calId, i, count, role, ruleIds, jcount, sendNotifications)
@@ -39686,13 +39712,14 @@ def doResourceDeleteCalendarACLs(entityList):
 #	[formatjson]
 def doResourceInfoCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   ACLScopeEntity = getCalendarSiteACLScopeEntity()
   FJQC = _getCalendarInfoACLOptions()
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAction=not FJQC.formatJSON)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity, showAction=not FJQC.formatJSON)
     if jcount == 0:
       continue
     _infoCalendarACLs(cal, resourceId, Ent.RESOURCE_CALENDAR, calId, i, count, ruleIds, jcount, FJQC)
@@ -39711,12 +39738,13 @@ def doResourceInfoCalendarACLs(entityList):
 #	[formatjson]
 def doResourcePrintShowCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   csvPF, FJQC, noSelfOwner, addCSVData = _getCalendarPrintShowACLOptions(['resourceId', 'resourceEmail'])
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId = _validateResourceId(resourceId, i, count)
+    calId = _validateResourceId(cd, resourceId, i, count, False)
     if not calId:
       continue
     _printShowCalendarACLs(cal, resourceId, Ent.RESOURCE_CALENDAR, calId, i, count, csvPF, FJQC, noSelfOwner, addCSVData)
@@ -65566,31 +65594,29 @@ def printShowSharedDrives(users, useDomainAdminAccess=False):
     else:
       matchedFeed = feed
     jcount = len(matchedFeed)
+    if jcount == 0:
+      setSysExitRC(NO_ENTITIES_FOUND_RC)
     if not csvPF:
       if not FJQC.formatJSON:
         entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
-    if jcount == 0:
-      setSysExitRC(NO_ENTITIES_FOUND_RC)
+      Ind.Increment()
+      j = 0
+      for shareddrive in matchedFeed:
+        j += 1
+        shareddrive = stripNonShowFields(shareddrive)
+        _showSharedDrive(user, shareddrive, j, jcount, FJQC)
+      Ind.Decrement()
     else:
-      if not csvPF:
-        Ind.Increment()
-        j = 0
-        for shareddrive in matchedFeed:
-          j += 1
-          shareddrive = stripNonShowFields(shareddrive)
-          _showSharedDrive(user, shareddrive, j, jcount, FJQC)
-        Ind.Decrement()
-      else:
-        for shareddrive in matchedFeed:
-          shareddrive = stripNonShowFields(shareddrive)
-          if FJQC.formatJSON:
-            row = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name']}
-            if not useDomainAdminAccess:
-              row['role'] = shareddrive['role'] if not guiRoles else SHAREDDRIVE_API_GUI_ROLES_MAP[shareddrive['role']]
-            row['JSON'] = json.dumps(cleanJSON(shareddrive, timeObjects=SHAREDDRIVE_TIME_OBJECTS), ensure_ascii=False, sort_keys=True)
-            csvPF.WriteRow(row)
-          else:
-            csvPF.WriteRowTitles(flattenJSON(shareddrive, flattened={'User': user}, timeObjects=SHAREDDRIVE_TIME_OBJECTS))
+      for shareddrive in matchedFeed:
+        shareddrive = stripNonShowFields(shareddrive)
+        if FJQC.formatJSON:
+          row = {'User': user, 'id': shareddrive['id'], 'name': shareddrive['name']}
+          if not useDomainAdminAccess:
+            row['role'] = shareddrive['role'] if not guiRoles else SHAREDDRIVE_API_GUI_ROLES_MAP[shareddrive['role']]
+          row['JSON'] = json.dumps(cleanJSON(shareddrive, timeObjects=SHAREDDRIVE_TIME_OBJECTS), ensure_ascii=False, sort_keys=True)
+          csvPF.WriteRow(row)
+        else:
+          csvPF.WriteRowTitles(flattenJSON(shareddrive, flattened={'User': user}, timeObjects=SHAREDDRIVE_TIME_OBJECTS))
   if csvPF:
     csvPF.writeCSVfile('SharedDrives')
 
@@ -65649,29 +65675,27 @@ def doPrintShowOrgunitSharedDrives():
                       customer=_getCustomersCustomerIdWithC(),
                       filter="type == 'shared_drive'")
   jcount = len(sds)
+  if jcount == 0:
+    setSysExitRC(NO_ENTITIES_FOUND_RC)
   if not csvPF:
     if not FJQC.formatJSON:
       entityPerformActionNumItems([Ent.ORGANIZATIONAL_UNIT, orgUnitPath], jcount, Ent.SHAREDDRIVE)
-  if jcount == 0:
-    setSysExitRC(NO_ENTITIES_FOUND_RC)
+    Ind.Increment()
+    j = 0
+    for shareddrive in sds:
+      j += 1
+      _getOrgUnitSharedDriveInfo(shareddrive)
+      _showOrgUnitSharedDrive(shareddrive, j, jcount, FJQC)
+    Ind.Decrement()
   else:
-    if not csvPF:
-      Ind.Increment()
-      j = 0
-      for shareddrive in sds:
-        j += 1
-        _getOrgUnitSharedDriveInfo(shareddrive)
-        _showOrgUnitSharedDrive(shareddrive, j, jcount, FJQC)
-      Ind.Decrement()
-    else:
-      for shareddrive in sds:
-        _getOrgUnitSharedDriveInfo(shareddrive)
-        if FJQC.formatJSON:
-          row = {'name': shareddrive['name']}
-          row['JSON'] = json.dumps(cleanJSON(shareddrive), ensure_ascii=False, sort_keys=True)
-          csvPF.WriteRow(row)
-        else:
-          csvPF.WriteRowTitles(flattenJSON(shareddrive))
+    for shareddrive in sds:
+      _getOrgUnitSharedDriveInfo(shareddrive)
+      if FJQC.formatJSON:
+        row = {'name': shareddrive['name']}
+        row['JSON'] = json.dumps(cleanJSON(shareddrive), ensure_ascii=False, sort_keys=True)
+        csvPF.WriteRow(row)
+      else:
+        csvPF.WriteRowTitles(flattenJSON(shareddrive))
   if csvPF:
     csvPF.writeCSVfile('OrgUnit {orgUnitPath} SharedDrives')
 
@@ -65756,7 +65780,7 @@ SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP = {
 #	[oneitemperrow] [maxitems <Integer>]
 #	[shownopermissionsdrives false|true|only]
 #	[<DrivePermissionsFieldName>*|(fields <DrivePermissionsFieldNameList>)]
-#	[formatjsn]
+#	[formatjson]
 def printShowSharedDriveACLs(users, useDomainAdminAccess=False):
   def _printPermissionRow(baserow, permission):
     row = baserow.copy()
@@ -65946,7 +65970,8 @@ def printShowSharedDriveACLs(users, useDomainAdminAccess=False):
     if jcount == 0:
       setSysExitRC(NO_ENTITIES_FOUND_RC)
     if not csvPF:
-      entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
+      if not FJQC.formatJSON:
+        entityPerformActionNumItems([Ent.USER, user], jcount, Ent.SHAREDDRIVE, i, count)
       Ind.Increment()
       j = 0
       for shareddrive in matchFeed:
@@ -67173,7 +67198,7 @@ LICENSE_PREVIEW_TITLES = ['user', 'productId', 'skuId', 'action', 'message']
 
 def getLicenseParameters(operation):
   lic = buildGAPIObject(API.LICENSING)
-  parameters = {LICENSE_PRODUCT_SKUIDS: [], 'csvPF': None, 'preview': False, 'syncOperation': 'addremove', 'syncACLsMode': None}
+  parameters = {LICENSE_PRODUCT_SKUIDS: [], 'csvPF': None, 'preview': False, 'syncOperation': 'addremove', 'syncACLsMode': None, 'archive': False}
   skuLocation = Cmd.Location()
   if operation != 'patch':
     parameters[LICENSE_PRODUCT_SKUIDS] = getGoogleSKUList(allowUnknownProduct=True)
@@ -67203,6 +67228,10 @@ def getLicenseParameters(operation):
       if operation == 'patch':
         titles.insert(2, 'oldskuId')
       parameters['csvPF'] = CSVPrintFile(titles)
+    elif operation == 'patch' and myarg == 'archive':
+      if skuId not in SKU.ARCHIVABLE_SKUS:
+        usageErrorExit(Msg.SKU_HAS_NO_MATCHING_ARCHIVED_USER_SKU.format(skuId))
+      parameters['archive'] = True
     else:
       unknownArgumentExit()
   for productSku in parameters[LICENSE_PRODUCT_SKUIDS]:
@@ -67308,13 +67337,17 @@ def createLicense(users):
   if parameters['csvPF']:
     parameters['csvPF'].writeCSVfile('Create Licenses')
 
-# gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID> [preview] [actioncsv]
+# gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID>
+#	[preview] [actioncsv] [archive]
 def updateLicense(users):
   lic, parameters = getLicenseParameters('patch')
   j, jcount, users = getEntityArgument(users)
   Act.Set([Act.UPDATE, Act.UPDATE_PREVIEW][parameters['preview']])
+  cd = None
   if parameters['preview']:
     message = Act.PREVIEW
+  elif parameters['archive']:
+    cd = buildGAPIObject(API.DIRECTORY)
   productId, skuId, oldSkuId = parameters[LICENSE_PRODUCT_SKUIDS][0]
   body = {'skuId': skuId}
   entityPerformActionModifierNumItems([Ent.LICENSE, SKU.skuIdToDisplayName(skuId)], Msg.FOR, jcount, Ent.USER)
@@ -67340,6 +67373,22 @@ def updateLicense(users):
     except GAPI.userNotFound as e:
       message = str(e)
       entityUnknownWarning(Ent.USER, user, j, jcount)
+    if parameters['archive'] and message == Act.SUCCESS:
+      Act.Set(Act.ARCHIVE)
+      try:
+        callGAPI(cd.users(), 'update',
+                 throwReasons=[GAPI.USER_NOT_FOUND, GAPI.DOMAIN_NOT_FOUND,
+                               GAPI.FORBIDDEN, GAPI.BAD_REQUEST,
+                               GAPI.INSUFFICIENT_ARCHIVED_USER_LICENSES],
+                 retryReasons=[GAPI.INSUFFICIENT_ARCHIVED_USER_LICENSES],
+                 userKey=user, body={'archived': True})
+        entityActionPerformed([Ent.USER, user], j, jcount)
+      except GAPI.userNotFound:
+        entityUnknownWarning(Ent.USER, user, j, jcount)
+      except (GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.forbidden, GAPI.badRequest,
+              GAPI.insufficientArchivedUserLicenses) as e:
+        entityActionFailedWarning([Ent.USER, user], str(e), j, jcount)
+      Act.Set(Act.UPDATE)
     if parameters['csvPF']:
       _writeLicenseAction(productId, skuId, oldSkuId, parameters, user, Act.UPDATE, message)
   Ind.Decrement()
@@ -67524,10 +67573,10 @@ def updatePhoto(users):
     body = {'photoData': base64.urlsafe_b64encode(image_data).decode(UTF8)}
     try:
       callGAPI(cd.users().photos(), 'update',
-               throwReasons=[GAPI.USER_NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID_INPUT],
+               throwReasons=[GAPI.USER_NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID_INPUT, GAPI.CONDITION_NOT_MET],
                userKey=user, body=body, fields='')
       entityActionPerformed([Ent.USER, user, Ent.PHOTO, filename], i, count)
-    except GAPI.invalidInput as e:
+    except (GAPI.invalidInput, GAPI.conditionNotMet) as e:
       entityActionFailedWarning([Ent.USER, user, Ent.PHOTO, filename], str(e), i, count)
     except (GAPI.userNotFound, GAPI.forbidden):
       entityUnknownWarning(Ent.USER, user, i, count)
@@ -71961,7 +72010,8 @@ def updateFormRequestUpdateMasks(ubody):
         v['updateMask'] = ','.join(v['updateMask'])
         break
 
-# gam <UserTypeEntity> create form title <String> [description <String>] [isquiz [<Boolean>]]
+# gam <UserTypeEntity> create form
+#	title <String> [description <String>] [isquiz [<Boolean>]] [<JSONData>]
 #	[drivefilename <DriveFileName>] [<DriveFileParentAttribute>]
 #	[(csv [todrive <ToDriveAttribute>*]) | returnidonly]
 def createForm(users):
@@ -71980,6 +72030,9 @@ def createForm(users):
       updateFormInfoRequest(myarg, getString(Cmd.OB_STRING, minLen=0), ubody)
     elif myarg == 'isquiz':
       updateFormSettingsRequest('isQuiz', getBoolean(), ubody)
+    elif myarg == 'json':
+      jsonData = getJSON([])
+      ubody['requests'].extend(jsonData.get('requests', []))
     elif myarg == 'drivefilename':
       body['name'] = getString(Cmd.OB_DRIVE_FILE_NAME)
     elif getDriveFileParentAttribute(myarg, parentParms):
@@ -72042,7 +72095,8 @@ def createForm(users):
   if csvPF:
     csvPF.writeCSVfile('Forms')
 
-# gam <UserTypeEntity> update form <DriveFileEntity> [title <String>] [description <String>] [isquiz [Boolean>]
+# gam <UserTypeEntity> update form <DriveFileEntity>
+#	[title <String>] [description <String>] [isquiz [Boolean>]] [<JSONData>]
 def updateForm(users):
   ubody = {'includeFormInResponse': False, 'requests': []}
   fileIdEntity = getDriveFileEntity()
@@ -72054,6 +72108,9 @@ def updateForm(users):
       updateFormInfoRequest(myarg, getString(Cmd.OB_STRING, minLen=0), ubody)
     elif myarg == 'isquiz':
       updateFormSettingsRequest('isQuiz', getBoolean(), ubody)
+    elif myarg == 'json':
+      jsonData = getJSON([])
+      ubody['requests'].extend(jsonData.get('requests', []))
     else:
       unknownArgumentExit()
   updateFormRequestUpdateMasks(ubody)

src/gam/gamlib/glmsgs.py

@@ -459,6 +459,7 @@ SERVICE_NOT_APPLICABLE = 'Service not applicable/Does not exist'
 SERVICE_NOT_APPLICABLE_THIS_ADDRESS = 'Service not applicable for this address: {0}'
 SERVICE_NOT_ENABLED = '{0} Service/App not enabled'
 SHORTCUT_TARGET_CAPABILITY_IS_FALSE = '{0} capability {1} is False'
+SKU_HAS_NO_MATCHING_ARCHIVED_USER_SKU = 'SKU {0} has no matching Archived User SKU'
 STARTING_THREAD = 'Starting thread'
 STATISTICS_COPY_FILE = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Copy Failed: {5}, Not copyable: {6}, In skipids: {7}, Permissions Failed: {8}, Protected Ranges Failed: {9}'
 STATISTICS_COPY_FOLDER = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Merged: {5}, Copy Failed: {6}, Not writable: {7}, Permissions Failed: {8}'

src/gam/gamlib/glskus.py

@@ -182,6 +182,8 @@ _SKUS = {
     'product': 'Google-Chrome-Device-Management', 'aliases': ['chrome', 'cdm', 'googlechromedevicemanagement'], 'displayName': 'Google Chrome Device Management'}
   }
 
+ARCHIVABLE_SKUS = {'1010020020', '1010020025', '1010020026', '1010020027', '1010020028', 'Google-Apps-Unlimited'}
+
 def getProductAndSKU(sku):
   l_sku = sku.lower().replace('-', '').replace(' ', '').replace('"', '').replace("'", '').strip()
   if l_sku.startswith('nv:'):

src/gam/googleapiclient/version.py

@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-__version__ = "2.146.0"
+__version__ = "2.156.0"