revert to Python 3.8.1

I apologize

.travis.yml

@@ -173,6 +173,7 @@ install:
 script:
 # Discover and run all Python unit tests. Buffer output so that it's not sent to the build log.
 - $python -m unittest discover --start-directory ./ --pattern "*_test.py" --buffer
+- touch $gampath/nobrowser.txt
 - $gam version extended
 - $gam version | grep travis # travis should be part of the path (not /tmp or such)
 # determine which Python version GAM is built with and ensure it's at least build version from above.
@@ -267,7 +268,9 @@ script:
 - if [ "$e2e" = true ]; then $gam print users query "travis.jid=$jid" | $gam csv - gam delete user ~primaryEmail; fi
 - if [ "$e2e" = true ]; then $gam print mobile; fi
 - if [ "$e2e" = true ]; then $gam print cros allfields nolists; fi
-- if [ "$TRAVIS_OS_NAME" != "windows" ]; then bash <(curl -s -S -L https://git.io/install-gam) -l; fi
+- if [ "$e2e" = true ]; then $gam report customer todrive; fi
+- if [ "$e2e" = true ]; then $gam report users fulldatarequired accounts,gmail fields accounts:is_less_secure_apps_access_allowed,gmail:last_imap_time,gmail:last_pop_time filters "accounts:last_login_time>2019-01-01T00:00:00.000Z" todrive; fi
+- if [ "$e2e" = true ]; then $gam report admin start -3d todrive; fi
 
 before_deploy:
 - export TRAVIS_TAG="preview"

src/gam.py

@@ -191,9 +191,17 @@ def createColoredText(text, color):
   return text # Hand back the plain text, uncolorized.
 
 def createRedText(text):
-  """Uses ANSI encoding to create red colored text, if supported."""
+  """Uses ANSI encoding to create red colored text if supported."""
   return createColoredText(text, '\033[91m')
 
+def createGreenText(text):
+  """Uses ANSI encoding to create green colored text if supported."""
+  return createColoredText(text, '\u001b[32m')
+
+def createYellowText(text):
+  """Uses ANSI encoding to create yellow text if supported."""
+  return createColoredText(text, '\u001b[33m')
+
 COLORHEX_PATTERN = re.compile(r'^#[0-9a-fA-F]{6}$')
 
 def getColor(color):
@@ -750,7 +758,7 @@ def doGAMVersion(checkForArgs=True):
          f'{getOSPlatform()} {platform.machine()}\n'
          f'Path: {GM_Globals[GM_GAM_PATH]}'))
   if sys.platform.startswith('win') and \
-     cpu_bits != 32 and \
+     cpu_bits == 32 and \
      platform.machine().find('64') != -1:
     print(MESSAGE_UPDATE_GAM_TO_64BIT)
   if timeOffset:
@@ -1095,6 +1103,9 @@ def printPassFail(description, result):
 
 def doCheckServiceAccount(users):
   i = 5
+  test_pass = createGreenText('PASS')
+  test_fail = createRedText('FAIL')
+  test_warn = createYellowText('WARN')
   check_scopes = []
   while i < len(sys.argv):
     myarg = sys.argv[i].lower()
@@ -1106,9 +1117,9 @@ def doCheckServiceAccount(users):
   print('Computer clock status:')
   timeOffset, nicetime = getLocalGoogleTimeOffset()
   if timeOffset < MAX_LOCAL_GOOGLE_TIME_OFFSET:
-    time_status = 'PASS'
+    time_status = test_pass
   else:
-    time_status = 'FAIL'
+    time_status = test_fail
   printPassFail(MESSAGE_YOUR_SYSTEM_TIME_DIFFERS_FROM_GOOGLE_BY % ('www.googleapis.com', nicetime), time_status)
   oa2 = googleapiclient.discovery.build('oauth2', 'v1', transport.create_http())
   print('Service Account Private Key Authentication:')
@@ -1120,13 +1131,36 @@ def doCheckServiceAccount(users):
     credentials.refresh(request)
     sa_token_info = gapi.call(oa2, 'tokeninfo', access_token=credentials.token)
     if sa_token_info:
-      sa_token_result = 'PASS'
+      sa_token_result = test_pass
     else:
-      sa_token_result = 'FAIL'
+      sa_token_result = test_fail
   except google.auth.exceptions.RefreshError as e:
-    sa_token_result = 'FAIL'
+    sa_token_result = test_fail
     auth_error = str(e.args[0])
   printPassFail(f'Authenticating...{auth_error}', sa_token_result)
+  if sa_token_result == test_fail:
+    controlflow.system_error_exit(3, 'Invalid private key in oauth2service.json. Please delete the file and then\nrecreate with "gam create project" or "gam use project"')
+  print('Checking key age. Google recommends rotating keys on a routine basis...')
+  try:
+    iam = buildGAPIServiceObject('iam', None)
+    project = GM_Globals[GM_OAUTH2SERVICE_ACCOUNT_CLIENT_ID]
+    key_id = GM_Globals[GM_OAUTH2SERVICE_JSON_DATA]['private_key_id']
+    name = f'projects/-/serviceAccounts/{project}/keys/{key_id}'
+    key = gapi.call(iam.projects().serviceAccounts().keys(), 'get', name=name, throw_reasons=[gapi.errors.ErrorReason.FOUR_O_THREE])
+    # Both Google and GAM set key valid after to day before creation
+    key_created = dateutil.parser.parse(key['validAfterTime'], ignoretz=True) + datetime.timedelta(days=1)
+    key_age = datetime.datetime.now() - key_created
+    key_days = key_age.days
+    if key_days > 30:
+      print('Your key is old. Recommend running "gam rotate sakey" to get a new key')
+      key_age_result = test_warn
+    else:
+      key_age_result = test_pass
+  except googleapiclient.errors.HttpError:
+    key_age_result = test_warn
+    key_days = 'UNKNOWN'
+    print('Unable to check key age, please run "gam update project"')
+  printPassFail(f'Key is {key_days} days old', key_age_result)
   if not check_scopes:
     for _, scopes in list(API_SCOPE_MAPPING.items()):
       for scope in scopes:
@@ -1153,12 +1187,12 @@ def doCheckServiceAccount(users):
         token_info = gapi.call(oa2, 'tokeninfo', access_token=credentials.token)
         if scope in token_info.get('scope', '').split(' ') and \
            user == token_info.get('email', user).lower():
-          result = 'PASS'
+          result = test_pass
         else:
-          result = 'FAIL'
+          result = test_fail
           all_scopes_pass = False
       else:
-        result = 'FAIL'
+        result = test_fail
         all_scopes_pass = False
       printPassFail(scope, result)
     service_account = GM_Globals[GM_OAUTH2SERVICE_ACCOUNT_CLIENT_ID]
@@ -1238,9 +1272,9 @@ def showReport():
   rep = buildGAPIObject('reports')
   report = sys.argv[2].lower()
   report = REPORT_CHOICE_MAP.get(report.replace('_', ''), report)
-  valid_apps = _getEnumValuesMinusUnspecified(rep._rootDesc['resources']['activities']['methods']['list']['parameters']['applicationName']['enum'])
+  valid_apps = _getEnumValuesMinusUnspecified(rep._rootDesc['resources']['activities']['methods']['list']['parameters']['applicationName']['enum'])+['customer', 'user']
   if report not in valid_apps:
-    controlflow.expected_argument_exit("report", ", ".join(valid_apps), report)
+    controlflow.expected_argument_exit("report", ", ".join(sorted(valid_apps)), report)
   customerId = GC_Values[GC_CUSTOMER_ID]
   if customerId == MY_CUSTOMER:
     customerId = None
@@ -11314,7 +11348,7 @@ and follow recommend steps to authorize GAM for Drive access.''')
     else:
       mimeType = MIMETYPE_GA_SPREADSHEET
     body = {'description': QuotedArgumentList(sys.argv),
-            f'name': '{GC_Values[GC_DOMAIN]} - {list_type}',
+            'name': f'{GC_Values[GC_DOMAIN]} - {list_type}',
             'mimeType': mimeType}
     result = gapi.call(drive.files(), 'create', fields='webViewLink',
                        body=body,

src/gapi/errors.py

@@ -115,6 +115,7 @@ class ErrorReason(Enum):
   DUPLICATE = 'duplicate'
   FAILED_PRECONDITION = 'failedPrecondition'
   FORBIDDEN = 'forbidden'
+  FOUR_O_THREE = '403'
   GATEWAY_TIMEOUT = 'gatewayTimeout'
   GROUP_NOT_FOUND = 'groupNotFound'
   INTERNAL_ERROR = 'internalError'

src/project-apis.txt

@@ -4,6 +4,7 @@ appsactivity.googleapis.com
 calendar-json.googleapis.com
 chat.googleapis.com
 classroom.googleapis.com
+cloudidentity.googleapis.com
 contacts.googleapis.com
 drive.googleapis.com
 iap.googleapis.com

src/travis/windows-x86-before-install.sh

@@ -2,12 +2,15 @@ echo "Installing Net-Framework-Core..."
 export mypath=$(pwd)
 cd ~
 until powershell Install-WindowsFeature Net-Framework-Core; do echo "trying again..."; done
-cinst -y --forcex86 python3
+#cinst -y --forcex86 python3
+export python_file=python-$BUILD_PYTHON_VERSION.exe
+wget --quiet https://www.python.org/ftp/python/$BUILD_PYTHON_VERSION/$python_file
+powershell ".\\${python_file} /quiet InstallAllUsers=1 TargetDir=c:\\python"
 until cinst -y wixtoolset; do echo "trying again..."; done
-export PATH=$PATH:/c/Python38/scripts
+export PATH=$PATH:/c/python/scripts
 cd $mypath
-export python=/c/Python38/python.exe
-export pip=/c/Python38/scripts/pip.exe
+export python=/c/python/python.exe
+export pip=/c/python/scripts/pip.exe
 
 $pip install --upgrade pip
 $pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 $pip install -U

src/travis/windows-x86_64-before-install.sh

@@ -9,14 +9,18 @@ cd ~
 #fi
 #echo "Installing $exefile..."
 #powershell ".\\${exefile} /silent /sp- /suppressmsgboxes /DIR=C:\\ssl"
-cinst -y python3
+#cup -y chocolatey
+#cinst -y python3
+export python_file=python-$BUILD_PYTHON_VERSION-amd64.exe
+wget --quiet https://www.python.org/ftp/python/$BUILD_PYTHON_VERSION/$python_file
+powershell ".\\${python_file} /quiet InstallAllUsers=1 TargetDir=c:\\python"
 until cinst -y wixtoolset; do echo "trying again..."; done
 #until cp -v /c/ssl/libcrypto-1_1-x64.dll /c/Python37/DLLs/libcrypto-1_1.dll; do echo "trying again..."; done
 #until cp -v /c/ssl/libssl-1_1-x64.dll /c/Python37/DLLs/libssl-1_1.dll; do echo "trying again..."; done
-export PATH=$PATH:/c/Python38/scripts
+export PATH=$PATH:/c/python/scripts
 cd $mypath
-export python=/c/Python38/python.exe
-export pip=/c/Python38/scripts/pip.exe
+export python=/c/python/python.exe
+export pip=/c/python/scripts/pip.exe
 
 $pip install --upgrade pip
 $pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 $pip install -U

src/var.py

@@ -6,7 +6,7 @@ import platform
 import re
 
 gam_author = 'Jay Lee <jay0lee@gmail.com>'
-gam_version = '4.98'
+gam_version = '4.99'
 gam_license = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 GAM_URL = 'https://git.io/gam'
@@ -105,7 +105,6 @@ SKUS = {
 PRODUCTID_NAME_MAPPINGS = {
   '101001': 'Cloud Identity Free',
   '101005': 'Cloud Identity Premium',
-  '101006': 'Drive Enterprise',
   '101031': 'G Suite Enterprise for Education',
   '101033': 'Google Voice',
   '101034': 'G Suite Archived',