Update Downloads-Installs.md

.github/workflows/build.yml

@@ -252,18 +252,15 @@ jobs:
             PERL="c:\strawberry\perl\bin\perl.exe"
             if [[ "$RUNNER_ARCH" == "ARM64" ]]; then
               PYEXTERNALS_PATH="arm64"
-              GAM_ARCHIVE_ARCH="arm64"
               WIX_ARCH="arm64"
               CHOC_OPS=""
             elif [[ "$RUNNER_ARCH" == "X64" ]]; then
               PYEXTERNALS_PATH="amd64"
-              GAM_ARCHIVE_ARCH="x86_64"
               WIX_ARCH="x64"
               CHOC_OPS=""
             fi
             LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${PYTHON_SOURCE_PATH}/PCbuild/${PYEXTERNALS_PATH}"
             echo "PYTHON=${PYTHON_SOURCE_PATH}/PCbuild/${PYEXTERNALS_PATH}/python.exe" >> $GITHUB_ENV
-            echo "GAM_ARCHIVE_ARCH=${GAM_ARCHIVE_ARCH}" >> $GITHUB_ENV
             echo "WIX_ARCH=${WIX_ARCH}" >> $GITHUB_ENV
           fi
           echo "We'll run make with: ${MAKEOPT}"
@@ -662,33 +659,33 @@ jobs:
         run: |
           choco install wixtoolset
 
-      - name: Windows package
+      - name: Windows package zip
         if: runner.os == 'Windows' && matrix.goal != 'test'
         run: |
           echo "started in $(pwd)"
           cd "${gampath}/.."
           echo "moved to $(pwd)"
-          GAM_ARCHIVE="${GITHUB_WORKSPACE}/gam-${GAMVERSION}-windows-${GAM_ARCHIVE_ARCH}.zip"
+          GAM_ARCHIVE="${GITHUB_WORKSPACE}/gam-${GAMVERSION}-windows-${arch}.zip"
           /c/Program\ Files/7-Zip/7z.exe a -tzip "$GAM_ARCHIVE" gam7 "-xr@${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" -bb3
-          if [ "$RUNNER_ARCH" == "X64" ]; then
-            cd ../..
-            echo "moved to $(pwd)"
-            export MSI_FILENAME="${GITHUB_WORKSPACE}/gam-${GAMVERSION}-windows-${GAM_ARCHIVE_ARCH}.msi"
-            # auto-generate a lib.wxs based on the files PyInstaller created for the lib/ directory
-            /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/heat.exe dir "${gampath}/lib" -ke -srd -cg Lib -gg -dr lib -directoryid lib -out lib.wxs
-            $PYTHON tools/gen-wix-xml-filelist.py lib.wxs
-            echo "-- begin lib.wxs --"
-            cat lib.wxs
-            echo "-- end lib.wxs --"
-            /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/candle.exe -arch "${WIX_ARCH}" gam.wxs lib.wxs
-            /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/light.exe -ext /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/WixUIExtension.dll gam.wixobj lib.wixobj -b "${gampath}/lib" -o "$MSI_FILENAME" || true;
-            rm -v -f *.wixpdb
-            rm -v -f *.wixobj
-            echo "MSI_FILENAME=${MSI_FILENAME}" >> $GITHUB_ENV
-          fi
+
+      - name: Windows package MSI
+        if: runner.os == 'Windows' && matrix.goal != 'test'
+        run: |
+          export MSI_FILENAME="${GITHUB_WORKSPACE}/gam-${GAMVERSION}-windows-${arch}.msi"
+          # auto-generate a lib.wxs based on the files PyInstaller created for the lib/ directory
+          /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/heat.exe dir "${gampath}/lib" -ke -srd -cg Lib -gg -dr lib -directoryid lib -out lib.wxs
+          $PYTHON tools/gen-wix-xml-filelist.py lib.wxs
+          echo "-- begin lib.wxs --"
+          cat lib.wxs
+          echo "-- end lib.wxs --"
+          /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/candle.exe -arch "${WIX_ARCH}" gam.wxs lib.wxs
+          /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/light.exe -ext /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/WixUIExtension.dll gam.wixobj lib.wixobj -b "${gampath}/lib" -o "$MSI_FILENAME" || true;
+          rm -v -f *.wixpdb
+          rm -v -f *.wixobj
+          echo "MSI_FILENAME=${MSI_FILENAME}" >> $GITHUB_ENV
 
       - name: Upload gam MSI Windows for signing
-        if: runner.os == 'Windows' && runner.arch == 'X64' && matrix.goal != 'test'
+        if: runner.os == 'Windows' && matrix.goal != 'test'
         run: |
           export folder_number=$(date +%s)
           export folder_id=$($gam user gam-win-signer@pdl.jaylee.us add drivefile drivefilename "UPLOADING_FOR_SIGN ${folder_number}" parentid "1Xz3hYq4Mfa_r6D8EcBZHLDtHDFurYSvp" mimetype gfolder returnidonly)

src/GamUpdate.txt

@@ -1,3 +1,18 @@
+7.06.07
+
+Updated private key rotation progress messages in `gam create|use|update project`
+and `gam upload sakey`.
+
+Updated `gam use project` to display the following error message when the specifed project
+already has a service account.
+```
+Re-run the command specify a new service account name with: saname <ServiceAccountName>'
+```
+
+7.06.06
+
+Native support for Windows 11 Arm-based devices.
+
 7.06.05
 
 Updated code in `gam delete|update chromepolicy` to handle the `policyTargetKey[additionalTargetKeys]`

src/gam-install.sh

@@ -8,7 +8,7 @@ GAM installation script.
 OPTIONS:
    -h      show help.
    -d      Directory where gam folder will be installed. Default is \$HOME/bin/
-   -a      Architecture to install (i386, x86_64, x86_64_legacy, arm, arm64). Default is to detect your arch with "uname -m".
+   -a      Architecture to install (x86_64, arm64). Default is to detect your arch with "uname -m".
    -o      OS we are running (linux, macos). Default is to detect your OS with "uname -s".
    -b      OS version. Default is to detect on MacOS and Linux.
    -l      Just upgrade GAM to latest version. Skips project creation and auth.

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.06.05'
+__version__ = '7.06.06'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -11384,25 +11384,26 @@ def _waitForSvcAcctCompletion(i):
     sys.stdout.write(Msg.WAITING_FOR_ITEM_CREATION_TO_COMPLETE_SLEEPING.format(Ent.Singular(Ent.SVCACCT), sleep_time))
   time.sleep(sleep_time)
 
-def _grantRotateRights(iam, projectId, service_account, email, account_type='serviceAccount'):
+def _grantRotateRights(iam, projectId, service_account, account_type='serviceAccount'):
   body = {'policy': {'bindings': [{'role': 'roles/iam.serviceAccountKeyAdmin',
-                                   'members': [f'{account_type}:{email}']}]}}
+                                   'members': [f'{account_type}:{service_account}']}]}}
   maxRetries = 10
-  printEntityMessage([Ent.PROJECT, projectId, Ent.SVCACCT, email],
-                     Msg.HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY.format(email, service_account))
+  kvList = [Ent.PROJECT, projectId, Ent.SVCACCT, service_account]
+  printEntityMessage(kvList, Msg.GRANTING_RIGHTS_TO_ROTATE_ITS_OWN_PRIVATE_KEY.format('Granting'))
   for retry in range(1, maxRetries+1):
     try:
       callGAPI(iam.projects().serviceAccounts(), 'setIamPolicy',
                throwReasons=[GAPI.INVALID_ARGUMENT],
                resource=f'projects/{projectId}/serviceAccounts/{service_account}', body=body)
+      printEntityMessage(kvList, Msg.GRANTING_RIGHTS_TO_ROTATE_ITS_OWN_PRIVATE_KEY.format('Granted'))
       return True
     except GAPI.invalidArgument as e:
-      entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
+      entityActionFailedWarning(kvList, str(e))
       if 'does not exist' not in str(e) or retry == maxRetries:
         return False
       _waitForSvcAcctCompletion(retry)
     except Exception as e:
-      entityActionFailedWarning([Ent.PROJECT, projectId, Ent.SVCACCT, service_account], str(e))
+      entityActionFailedWarning(kvList, str(e))
       return False
 
 def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True):
@@ -11420,6 +11421,7 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True)
     return False
   except GAPI.alreadyExists as e:
     entityActionFailedWarning([Ent.PROJECT, projectInfo['projectId'], Ent.SVCACCT, svcAcctInfo['name']], str(e))
+    writeStderr(Msg.RERUN_THE_COMMAND_AND_SPECIFY_A_NEW_SANAME)
     return False
   GM.Globals[GM.SVCACCT_SCOPES_DEFINED] = False
   if create_key and not doProcessSvcAcctKeys(mode='retainexisting', iam=iam,
@@ -11428,7 +11430,7 @@ def _createOauth2serviceJSON(httpObj, projectInfo, svcAcctInfo, create_key=True)
                                              clientId=service_account['uniqueId']):
     return False
   sa_email = service_account['name'].rsplit('/', 1)[-1]
-  return _grantRotateRights(iam, projectInfo['projectId'], sa_email, sa_email)
+  return _grantRotateRights(iam, projectInfo['projectId'], sa_email)
 
 def _createClientSecretsOauth2service(httpObj, login_hint, appInfo, projectInfo, svcAcctInfo, create_key=True):
   def _checkClientAndSecret(csHttpObj, client_id, client_secret):
@@ -11921,9 +11923,7 @@ def doUpdateProject():
       continue
     iam = getAPIService(API.IAM, httpObj)
     _getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
-    _grantRotateRights(iam, projectId,
-                       GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email'],
-                       GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email'])
+    _grantRotateRights(iam, projectId, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email'])
   Ind.Decrement()
 
 # gam delete project [[admin] <EmailAddress>] [<ProjectIDEntity>]
@@ -12786,7 +12786,7 @@ def doUploadSvcAcctKeys():
   iam = getAPIService(API.IAM, httpObj)
   if doProcessSvcAcctKeys(mode='upload', iam=iam):
     sa_email = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_email']
-    _grantRotateRights(iam, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['project_id'], sa_email, sa_email)
+    _grantRotateRights(iam, GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['project_id'], sa_email)
     sys.stdout.write(Msg.YOUR_GAM_PROJECT_IS_CREATED_AND_READY_TO_USE)
 
 # gam delete sakeys <ServiceAccountKeyList>

src/gam/gamlib/glmsgs.py

@@ -72,7 +72,7 @@ Please go to:
 24. Paste it at the "Enter your Client Secret: " prompt in your terminal
 25. Press return/enter in your terminal
 26. Switch back to the browser
-27. Click "CANCEL"
+27. Click "OK"
 28. These steps are complete
 '''
 ENTER_YOUR_CLIENT_ID = '\nEnter your Client ID: '
@@ -287,6 +287,7 @@ GAM_OUT_OF_MEMORY = 'GAM has run out of memory. If this is a large Google Worksp
 GENERATING_NEW_PRIVATE_KEY = 'Generating new private key'
 GETTING = 'Getting'
 GETTING_ALL = 'Getting all'
+GRANTING_RIGHTS_TO_ROTATE_ITS_OWN_PRIVATE_KEY = '{0} rights to rotate its own private key'
 GOOGLE_DELEGATION_ERROR = 'Google delegation error, delegator and delegate both exist and are valid for delegation'
 GOT = 'Got'
 GROUP_MAPS_TO_MULTIPLE_OUS = 'File: {0}, Group: {1} references multiple OUs: {2}'
@@ -294,13 +295,12 @@ GROUP_MAPS_TO_OU_INVALID_ROW = 'File: {0}, Invalid row, must contain non-blank <
 GUARDIAN_INVITATION_STATUS_NOT_PENDING = 'Guardian invitation status is not PENDING'
 HAS_CHILD_ORGS = 'Has child {0}'
 HAS_INVALID_FORMAT = '{0}: {1}, Has invalid format'
-HAS_RIGHTS_TO_ROTATE_OWN_PRIVATE_KEY = 'Giving account {0} rights to rotate {1} private key'
 HEADER_NOT_FOUND_IN_CSV_HEADERS = 'Header "{0}" not found in CSV headers of "{1}".'
 HELP_SYNTAX = 'Help: Syntax in file {0}\n'
 HELP_WIKI = 'Help: Documentation is at {0}\n'
 IGNORED = 'Ignored'
 INSTRUCTIONS_CLIENT_SECRETS_JSON = 'Please run\n\ngam create|use project\ngam oauth create\n\nto create and authorize a Client account.\n'
-INSTRUCTIONS_OAUTH2SERVICE_JSON = 'Please run\n\ngam create|use project\ngam user <user> check serviceaccount\n\nto create and authorize a Service account.\n'
+INSTRUCTIONS_OAUTH2SERVICE_JSON = 'Please run\n\ngam create|use project\ngam user <user> update serviceaccount\n\nto create and authorize a Service account.\n'
 INSUFFICIENT_PERMISSIONS_TO_PERFORM_TASK = 'Insufficient permissions to perform this task'
 INTER_BATCH_WAIT_INCREASED = 'inter_batch_wait increased to {0:.2f}'
 INVALID = 'Invalid'
@@ -468,6 +468,10 @@ REFUSING_TO_DEPROVISION_DEVICES = 'Refusing to deprovision {0} devices because a
 REPLY_TO_CUSTOM_REQUIRES_EMAIL_ADDRESS = 'replyto REPLY_TO_CUSTOM requires customReplyTo <EmailAddress>'
 REQUEST_COMPLETED_NO_FILES = 'Request completed but no results/files were returned, try requesting again'
 REQUEST_NOT_COMPLETE = 'Request needs to be completed before downloading, current status is: {0}'
+RERUN_THE_COMMAND_AND_SPECIFY_A_NEW_SANAME = """
+Re-run the command specify a new service account name with: saname <ServiceAccountName>
+See: https://github.com/GAM-team/GAM/wiki/Authorization#advanced-use
+"""
 RESOURCE_CAPACITY_FLOOR_REQUIRED = 'Options "capacity <Number>" (<Number> > 0) and "floor <String>" required'
 RESOURCE_FLOOR_REQUIRED = 'Option "floor <String>" required'
 RESULTS_TOO_LARGE_FOR_GOOGLE_SPREADSHEET = 'Results are too large for Google Spreadsheets. Uploading as a regular CSV file.'

wiki/Downloads-Installs.md

@@ -24,18 +24,19 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
   - Start a terminal session.
 
 * Executable Archive, Manual, Raspberry Pi/ChromeOS ARM devices
-  - `gam-7.wx.yz-linux-aarch64-glibc2.35.tar.xz`
-  - `gam-7.wx.yz-linux-aarch64-legacy.tar.xz`
+  - `gam-7.wx.yz-linux-arm64-glibc2.35.tar.xz`
+  - `gam-7.wx.yz-linux-arm64-glibc2.39.tar.xz`
+  - `gam-7.wx.yz-linux-arm64-legacy.tar.xz`
   - Download the archive, extract the contents into some directory.
   - Start a terminal session.
 
 * Executable Archive, Manual, Mac OS versions Sonoma, Sequoia - M1/M2
-  - `gam-7.wx.yz-macos14.7-aarch64.tar.xz`
+  - `gam-7.wx.yz-macos14.7-arm64.tar.xz`
   - Download the archive, extract the contents into some directory.
   - Start a terminal session.
 
 * Executable Archive, Manual, Mac OS versions Sequoia - M3
-  - `gam-7.wx.yz-macos15.2-aarch64.tar.xz`
+  - `gam-7.wx.yz-macos15.4-arm64.tar.xz`
   - Download the archive, extract the contents into some directory.
   - Start a terminal session.
 
@@ -54,6 +55,16 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
   - Download the installer and run it.
   - Start a Command Prompt/PowerShell session.
 
+* Executable Archive, Manual, Windows 11 ARM
+  - `gam-7.wx.yz-windows-arm64.zip`
+  - Download the archive, extract the contents into some directory.
+  - Start a Command Prompt/PowerShell session.
+
+* Executable Installer, Manual, Windows 11 ARM
+  - `gam-7.wx.yz-windows-arm64.msi`
+  - Download the installer and run it.
+  - Start a Command Prompt/PowerShell session.
+
 * Source, all platforms
   - `Source code(zip)`
   - `Source code(tar.gz)`

wiki/GamUpdates.md

@@ -10,6 +10,21 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
 
 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
 
+### 7.06.07
+
+Updated private key rotation progress messages in `gam create|use|update project`
+and `gam upload sakey`.
+
+Updated `gam use project` to display the following error message when the specifed project
+already has a service account.
+```
+Re-run the command specify a new service account name with: saname <ServiceAccountName>'
+```
+
+### 7.06.06
+
+Native support for Windows 11 Arm-based devices.
+
 ### 7.06.05
 
 Updated code in `gam delete|update chromepolicy` to handle the `policyTargetKey[additionalTargetKeys]`

wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md

@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin$ gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@@ -989,7 +989,7 @@ writes the credentials into the file oauth2.txt.
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 Windows-10-10.0.17134 AMD64

wiki/Version-and-Help.md

@@ -4,7 +4,7 @@ k
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@@ -16,7 +16,7 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@@ -28,7 +28,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.06.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.07 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@@ -65,7 +65,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gam7
 Version Check:
   Current: 5.35.08
-   Latest: 7.06.05
+   Latest: 7.06.07
 echo $?
 1
 ```
@@ -73,7 +73,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.06.05
+7.06.07
 ```
 In Linux/MacOS you can do:
 ```
@@ -83,7 +83,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.06.05 - https://github.com/GAM-team/GAM
+GAM 7.06.07 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64