Document new Google Workspave Frontline license (#1363)

* Restandardize chromehistory columns; fix chromepolicy

* Update chromehistory.py

.github/ISSUE_TEMPLATE/aa-question.md

@@ -0,0 +1,14 @@
+---
+name: Question about using GAM
+about: Help with using GAM or running it for the first time
+title: Please use the GAM discussion group
+labels: invalid
+assignees: ''
+
+---
+
+If you need help with GAM, please do not file an issue here, it will be closed and ignored.
+
+Please post your question to the GAM discussion group where other admins are ready and willing to help:
+
+https://groups.google.com/g/google-apps-manager

.github/ISSUE_TEMPLATE/za-bug-report.md

@@ -0,0 +1,23 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: jay0lee
+
+---
+
+The issue tracker is for reporting product deficiencies. "How do I?" questions should be posted to the discussion forum at https://groups.google.com/group/google-apps-manager. When in doubt, start at the discussion forum and return here only when instructed to do so.
+
+Please confirm the following:
+* I have upgraded to the latest GAM release from https://git.io/gamreleases and I still have this issue.
+* I am typing the command as described in the GAM Wiki at https://github.com/jay0lee/gam/wiki
+
+Full steps to reproduce the issue:
+1.
+2.
+3.
+
+Expected outcome (what are you trying to do?):
+
+Actual outcome (what errors or bad behavior do you see instead?):

.github/ISSUE_TEMPLATE/zz-feature-request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for GAM
+title: ''
+labels: enhancement
+assignees: jay0lee
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/actions/decrypt.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+gpgfile="$1"
+echo "source file is ${gpgfile}"
+credsfile="$2"
+echo "target file is ${credsfile}"
+if [ -z ${PASSCODE+x} ]; then
+  echo "PASSCODE is unset";
+else
+  echo "PASSCODE is set";
+fi
+
+gpg --quiet --batch --yes --decrypt --passphrase="${PASSCODE}" \
+    --output "${credsfile}" "${gpgfile}"
+
+tar xf "${credsfile}" --directory "${gampath}"

.github/actions/linux-before-install.sh

@@ -1,3 +1,6 @@
+echo "RUNNING: apt update..."
+sudo apt-get -qq --yes update > /dev/null
+sudo apt-get -qq --yes install swig libpcsclite-dev
 if [[ "$TRAVIS_JOB_NAME" == *"Testing" ]]; then
   export python="python"
   export pip="pip"
@@ -5,7 +8,7 @@ if [[ "$TRAVIS_JOB_NAME" == *"Testing" ]]; then
   echo "running tests with this version"
 else
   export whereibelong=$(pwd)
-  echo "We are running on Ubuntu $TRAVIS_DIST $PLATFORM"
+  echo "We are running on $ImageOS $ImageVersion"
   export LD_LIBRARY_PATH=~/ssl/lib:~/python/lib
   cpucount=$(nproc --all)
   echo "This device has $cpucount CPUs for compiling..."
@@ -32,8 +35,6 @@ else
     rm -rf python
     mkdir ssl
     mkdir python
-    echo "RUNNING: apt update..."
-    sudo apt-get -qq --yes update > /dev/null
     echo "RUNNING: apt upgrade..."
     sudo apt-mark hold openssh-server
     sudo apt-get --yes upgrade
@@ -93,13 +94,14 @@ else
   python=~/python/bin/python3
   pip=~/python/bin/pip3
 
-  if ([ "${TRAVIS_DIST}" == "trusty" ] || [ "${TRAVIS_DIST}" == "xenial" ]) && [ "${PLATFORM}" == "x86_64" ]; then
+  if ([ "${ImageOS}" == "ubuntu16" ]) && [ "${HOSTTYPE}" == "x86_64" ]; then
     echo "Installing deps for StaticX..."
     if [ ! -d patchelf-$PATCHELF_VERSION ]; then
       echo "Downloading PatchELF $PATCHELF_VERSION"
-      wget https://nixos.org/releases/patchelf/patchelf-$PATCHELF_VERSION/patchelf-$PATCHELF_VERSION.tar.bz2
-      tar xf patchelf-$PATCHELF_VERSION.tar.bz2
-      cd patchelf-$PATCHELF_VERSION
+      wget https://github.com/NixOS/patchelf/archive/$PATCHELF_VERSION.tar.gz 
+      tar xf $PATCHELF_VERSION.tar.gz
+      cd patchelf-$PATCHELF_VERSION/
+      ./bootstrap.sh
       ./configure
       make
       sudo make install
@@ -107,11 +109,5 @@ else
     $pip install staticx
   fi
 
-  $pip install --upgrade git+git://github.com/pyinstaller/pyinstaller.git@$PYINSTALLER_COMMIT
-
   cd $whereibelong
 fi
-
-echo "Upgrading pip packages..."
-$pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 $pip install -U
-$pip install --upgrade -r src/requirements.txt

.github/actions/linux-install.sh

@@ -0,0 +1,32 @@
+export gampath="dist/gam"
+rm -rf $gampath
+mkdir -p $gampath
+export gampath=$(readlink -e $gampath)
+$python -OO -m PyInstaller --clean --noupx --strip -F --distpath $gampath gam.spec
+export gam="${gampath}/gam"
+export GAMVERSION=`$gam version simple`
+cp LICENSE $gampath
+cp GamCommands.txt $gampath
+this_glibc_ver=$(ldd --version | awk '/ldd/{print $NF}')
+GAM_ARCHIVE="gam-${GAMVERSION}-${GAMOS}-${PLATFORM}-glibc${this_glibc_ver}.tar.xz"
+rm $gampath/lastupdatecheck.txt
+# tar will cd to dist and tar up gam/
+tar -C dist/ --create --file $GAM_ARCHIVE --xz gam
+echo "PyInstaller GAM info:"
+du -h $gam
+time $gam version extended
+if ([ "${ImageOS}" == "ubuntu16" ]) && [ "${HOSTTYPE}" == "x86_64" ]; then
+  GAM_LEGACY_ARCHIVE=gam-${GAMVERSION}-${GAMOS}-${PLATFORM}-legacy.tar.xz
+  $python -OO -m staticx -l /lib/x86_64-linux-gnu/libresolv.so.2 -l /lib/x86_64-linux-gnu/libnss_dns.so.2 $gam $gam-staticx
+  strip $gam-staticx
+  rm $gampath/gam
+  mv $gam-staticx $gam
+  chmod 755 $gam
+  rm $gampath/lastupdatecheck.txt
+  tar -C dist/ --create --file $GAM_LEGACY_ARCHIVE --xz gam
+  echo "Legacy StaticX GAM info:"
+  du -h $gam
+  time $gam version extended
+fi
+echo "GAM packages:"
+ls -l gam-*.tar.xz

.github/actions/macos-before-install.sh

@@ -0,0 +1,136 @@
+mypath=$HOME
+whereibelong=$(pwd)
+cpucount=$(sysctl -n hw.ncpu)
+echo "This device has $cpucount CPUs for compiling..."
+
+#echo "Brew installing xz..."
+#brew install xz > /dev/null
+
+#brew upgrade
+
+brew install coreutils
+brew install bash
+
+# prefer standard GNU tools like date over MacOS defaults
+export PATH="/usr/local/opt/coreutils/libexec/gnubin:$(brew --prefix)/opt/gnu-tar/libexec/gnubin:$PATH"
+
+date --version
+gdate --version
+bash --version
+
+cd ~
+
+# Use official Python.org version of Python which is backwards compatible
+# with older MacOS versions
+if [ "$PLATFORM" == "x86_64" ]; then
+  export pyfile=python-$BUILD_PYTHON_VERSION-macosx10.9.pkg
+else
+  export pyfile=python-$BUILD_PYTHON_VERSION-macos11.0.pkg
+fi
+
+wget https://www.python.org/ftp/python/$BUILD_PYTHON_VERSION/$pyfile
+echo "installing Python $BUILD_PYTHON_VERSION..."
+sudo installer -pkg ./$pyfile -target /
+
+# This fixes https://github.com/pyinstaller/pyinstaller/issues/5062
+codesign --remove-signature /Library/Frameworks/Python.framework/Versions/3.9/Python
+
+#if [ ! -f python-$MIN_PYTHON_VERSION-macosx10.9.pkg ]; then
+#  wget --quiet https://www.python.org/ftp/python/$MIN_PYTHON_VERSION/python-$MIN_PYTHON_VERSION-macosx10.9.pkg
+#fi
+#sudo installer -pkg python-$MIN_PYTHON_VERSION-macosx10.9.pkg -target /
+
+#brew install openssl@1.1
+#brew upgrade python
+
+#export python=python3
+#export pip=pip3
+
+#echo "Python location:"
+#which $python
+
+cd ~
+
+#export LD_LIBRARY_PATH=~/ssl/lib:~/python/lib
+#export openssl=~/ssl/bin/openssl
+#export python=~/python/bin/python3
+#export pip=~/python/bin/pip3
+
+export python=/usr/local/bin/python3
+export pip=/usr/local/bin/pip3
+SSLVER=$($openssl version)
+SSLRESULT=$?
+PYVER=$($python -V)
+PYRESULT=$?
+
+brew install swig
+$pip install pyscard
+
+#wget --quiet https://www.python.org/ftp/python/$BUILD_PYTHON_VERSION/python-$BUILD_PYTHON_VERSION-macosx10.9.pkg
+
+#if [ $SSLRESULT -ne 0 ] || [[ "$SSLVER" != "OpenSSL $BUILD_OPENSSL_VERSION "* ]] || [ $PYRESULT -ne 0 ] || [[ "$PYVER" != "Python $BUILD_PYTHON_VERSION"* ]]; then
+#  echo "SSL Result: $SSLRESULT - SSL Ver: $SSLVER - Py Result: $PYRESULT - Py Ver: $PYVER"
+#  if [ $SSLRESULT -ne 0 ]; then
+#    echo "sslresult -ne 0"
+#  fi
+#  if [[ "$SSLVER" != "OpenSSL $BUILD_OPENSSL_VERSION "* ]]; then
+#    echo "sslver not equal to..."
+#  fi
+#  if [ $PYRESULT -ne 0 ]; then
+#    echo "pyresult -ne 0"
+#  fi
+#  if [[ "$PYVER" != "Python $BUILD_PYTHON_VERSION" ]]; then
+#    echo "pyver not equal to..."
+#  fi
+
+  # Start clean
+ # rm -rf python
+ # rm -rf ssl
+ # mkdir python
+ # mkdir ssl
+
+  # Compile latest OpenSSL
+#  wget --quiet https://www.openssl.org/source/openssl-$BUILD_OPENSSL_VERSION.tar.gz
+#  echo "Extracting OpenSSL..."
+#  tar xf openssl-$BUILD_OPENSSL_VERSION.tar.gz
+#  cd openssl-$BUILD_OPENSSL_VERSION
+#  echo "Compiling OpenSSL $BUILD_OPENSSL_VERSION..."
+#  ./config shared --prefix=$HOME/ssl
+#  echo "Running make for OpenSSL..."
+#  make -j$cpucount -s
+#  echo "Running make install for OpenSSL..."
+#  make install > /dev/null
+#  cd ~
+
+  # Compile latest Python
+#  echo "Downloading Python $BUILD_PYTHON_VERSION..."
+#  curl -O https://www.python.org/ftp/python/$BUILD_PYTHON_VERSION/Python-$BUILD_PYTHON_VERSION.tar.xz
+#  echo "Extracting Python..."
+#  tar xf Python-$BUILD_PYTHON_VERSION.tar.xz
+#  cd Python-$BUILD_PYTHON_VERSION
+#  echo "Compiling Python $BUILD_PYTHON_VERSION..."
+#  safe_flags="--with-openssl=$HOME/ssl --enable-shared --prefix=$HOME/python --with-ensurepip=upgrade"
+#  unsafe_flags="--enable-optimizations --with-lto"
+#  if [ ! -e Makefile ]; then
+#    echo "running configure with safe and unsafe"
+#    ./configure $safe_flags $unsafe_flags > /dev/null
+#  fi
+#  make -j$cpucount PROFILE_TASK="-m test.regrtest --pgo -j$(( $cpucount * 2 ))" -s
+#  RESULT=$?
+#  echo "First make exited with $RESULT"
+#  if [ $RESULT != 0 ]; then
+#    echo "Trying Python compile again without unsafe flags..."
+#    make clean
+#    ./configure $safe_flags > /dev/null
+#    make -j$cpucount -s
+#    echo "Sticking with safe Python for now..."
+#  fi
+#  echo "Installing Python..."
+#  make install > /dev/null
+#  cd ~
+#fi
+
+$python -V
+
+cd $whereibelong
+

.github/actions/macos-install.sh

@@ -1,16 +1,22 @@
-cd src
 echo "MacOS Version Info According to Python:"
 python -c "import platform; print(platform.mac_ver())"
+echo "Xcode versionn:"
+xcodebuild -version
 export gampath=dist/gam
 rm -rf $gampath
-$python -OO -m PyInstaller --clean --noupx --strip -F --distpath $gampath gam.spec
-export gam="$gampath/gam"
+if [ "$PLATFORM" == "x86_64" ]; then
+    export specfile="gam.spec"
+else
+    export specfile="gam-universal2.spec"
+fi
+$python -OO -m PyInstaller --clean --noupx --strip -F --distpath "${gampath}" "${specfile}"
+export gam="${gampath}/gam"
 $gam version extended
 export GAMVERSION=`$gam version simple`
-cp LICENSE $gampath
-cp GamCommands.txt $gampath
+cp LICENSE "${gampath}"
+cp GamCommands.txt "${gampath}"
 MACOSVERSION=$(defaults read loginwindow SystemVersionStampAsString)
-GAM_ARCHIVE=gam-$GAMVERSION-$GAMOS-$PLATFORM-MacOS$MACOSVERSION.tar.xz
-rm $gampath/lastupdatecheck.txt
+GAM_ARCHIVE="gam-${GAMVERSION}-${GAMOS}-${PLATFORM}-MacOS${MACOSVERSION}.tar.xz"
+rm "${gampath}/lastupdatecheck.txt"
 # tar will cd to dist/ and tar up gam/
 tar -C dist/ --create --file $GAM_ARCHIVE --xz gam

.github/actions/windows-before-install.sh

@@ -0,0 +1,57 @@
+if [[ "$PLATFORM" == "x86_64" ]]; then
+  export BITS="64"
+  export PYTHONFILE_BITS="-amd64"
+  export OPENSSL_BITS="-x64"
+elif [[ "$PLATFORM" == "x86" ]]; then
+  export BITS="32"
+  export PYTHONFILE_BITS=""
+  export OPENSSL_BITS=""
+  export CHOCOPTIONS="--forcex86"
+fi
+echo "This is a ${BITS}-bit build for ${PLATFORM}"
+
+export mypath=$(pwd)
+cd ~
+
+export python="python"
+export pip="pip"
+
+# pyscard needs swig, keep these two together
+choco install $CHOCOPTIONS swig
+$pip install pyscard
+
+# Python
+#echo "Installing Python..."
+#export python_file=python-${BUILD_PYTHON_VERSION}${PYTHONFILE_BITS}.exe
+#if [ ! -e $python_file ]; then
+#  echo "Downloading $python_file..."
+#  curl -O https://www.python.org/ftp/python/$BUILD_PYTHON_VERSION/$python_file
+#fi
+#until ./${python_file} /quiet InstallAllUsers=1 TargetDir=c:\\python; do echo "trying python again..."; done
+#export python=/c/python/python.exe
+#export pip=/c/python/scripts/pip.exe
+#until [ -f $python ]; do sleep 1; done
+#export PATH=$PATH:/c/python/scripts
+
+# OpenSSL
+#echo "Installing OpenSSL..."
+#export exefile=Win${BITS}OpenSSL_Light-${BUILD_OPENSSL_VERSION//./_}.exe
+#if [ ! -e $exefile ]; then
+#  echo "Downloading $exefile..."
+#  curl -O https://slproweb.com/download/$exefile
+#fi
+#until ./${exefile} /silent /sp- /suppressmsgboxes /DIR=C:\\ssl; do echo "trying openssl again..."; done
+#until cp -v /c/ssl/libcrypto-1_1${OPENSSL_BITS}.dll /c/python/DLLs/; do echo "trying libcrypto copy again..."; sleep 3; done
+#until cp -v /c/ssl/libssl-1_1${OPENSSL_BITS}.dll /c/python/DLLs/; do echo "trying libssl copy again..."; done
+#if [[ "$PLATFORM" == "x86_64" ]]; then
+#  cp -v /c/python/DLLs/libssl-1_1-x64.dll /c/python/DLLs/libssl-1_1.dll
+#  cp -v /c/python/DLLs/libcrypto-1_1-x64.dll /c/python/DLLs/libcrypto-1_1.dll
+#fi
+
+cd $mypath
+
+echo "PATH: $PATH"
+cd ..
+$python setup.py install
+echo "cd to $mypath"
+cd $mypath

.github/actions/windows-install.sh

@@ -1,4 +1,8 @@
-cd src
+if [[ "$PLATFORM" == "x86_64" ]]; then
+  export WIX_BITS="x64"
+elif [[ "$PLATFORM" == "x86" ]]; then
+  export WIX_BITS="x86"
+fi
 echo "compiling GAM with pyinstaller..."
 export gampath="dist/gam"
 rm -rf $gampath
@@ -8,7 +12,7 @@ pyinstaller --clean --noupx -F --distpath $gampath gam.spec
 export gam="${gampath}/gam"
 echo "running compiled GAM..."
 $gam version
-export GAMVERSION=`$gam version simple`
+export GAMVERSION=$($gam version simple)
 rm $gampath/lastupdatecheck.txt
 cp LICENSE $gampath
 cp GamCommands.txt $gampath

.github/workflows/build.yml

@@ -0,0 +1,344 @@
+name: Build and test GAM
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '37 22 * * *'
+
+defaults:
+  run:
+    shell: bash
+    working-directory: src
+
+env:
+  BUILD_PYTHON_VERSION: "3.9.4"
+  MIN_PYTHON_VERSION: "3.9.4"
+  BUILD_OPENSSL_VERSION: "1.1.1k"
+  MIN_OPENSSL_VERSION: "1.1.1i"
+  PATCHELF_VERSION: "0.12"
+  # PYINSTALLER_VERSION can be full commit hash or version like v4.20
+  PYINSTALLER_VERSION: "227eac14955c02db21d4702429896d4b74beed5e"
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-16.04
+            jid: 1
+            goal: "build"
+            gamos: "linux"
+            platform: "x86_64"
+          - os: ubuntu-18.04
+            jid: 2
+            goal: "build"
+            gamos: "linux"
+            platform: "x86_64"
+          - os: ubuntu-20.04
+            jid: 3
+            goal: "build"
+            gamos: "linux"
+            platform: "x86_64"
+#          - os: [self-hosted, linux, ARM]
+#            jid: 10
+#            goal: "build"
+#            gamos: "linux"
+#            platform: "arm"
+#          - os: [self-hosted, linux, ARM64]
+#            jid: 11
+#            goal: "build"
+#            gamos: "linux"
+#            platform: "arm64"
+          - os: macos-10.15
+            jid: 4
+            goal: "build"
+            gamos: "macos"
+            platform: "x86_64"
+#          - os: macos-11.0
+#            jid: 12
+#            goal: "build"
+#            gamos: "macos"
+#            platform: "universal2"
+          - os: windows-2019
+            jid: 5
+            goal: "build"
+            gamos: "windows"
+            python: 3.9.4
+            pyarch: "x64" 
+            platform: "x86_64"
+          - os: windows-2019
+            jid: 6
+            goal: "build"
+            gamos: "windows"
+            platform: "x86"
+            python: 3.9.4
+            pyarch: "x86"
+          - os: ubuntu-20.04
+            goal: "test"
+            python: "3.6"
+            jid: 7
+            gamos: "linux"
+            platform: "x86_64"
+          - os: ubuntu-20.04
+            goal: "test"
+            python: "3.7"
+            jid: 8
+            gamos: "linux"
+            platform: "x86_64"
+          - os: ubuntu-20.04
+            goal: "test"
+            python: "3.8"
+            jid: 9
+            gamos: "linux"
+            platform: "x86_64"
+
+    steps:
+
+      - uses: actions/checkout@master
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Cache multiple paths
+        uses: actions/cache@v2
+        if: matrix.goal != 'test'
+        with:
+          path: |
+            ~/python
+            ~/ssl
+          key: ${{ matrix.os }}-${{ matrix.jid }}-20210407
+
+      - name: Set env variables
+        env:
+          GAMOS: ${{ matrix.gamos }}
+          GOAL: ${{ matrix.goal }}
+          JID: ${{ matrix.jid }}
+          PLATFORM: ${{ matrix.platform }}
+        run: |
+          echo "GAMOS=${GAMOS}" >> $GITHUB_ENV
+          echo "GOAL=${GOAL}" >> $GITHUB_ENV
+          echo "JID=${JID}" >> $GITHUB_ENV
+          echo "PLATFORM=${PLATFORM}" >> $GITHUB_ENV
+          uname -a
+
+      - name: Use pre-compiled Python for testing and Windows
+        if: matrix.python != ''
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python }}
+          architecture: ${{ matrix.pyarch }}
+
+      - name: Set env variables for pre-compiled Python
+        if: matrix.goal == 'test'
+        run: |
+             export python=$(which python3)
+             export pip=$(which pip3)
+             export gam="${python} -m gam"
+             export gampath="$(readlink -e .)"
+             echo -e "python: $python\npip: $pip\ngam: $gam\ngampath: $gampath"
+             echo "python=${python}" >> $GITHUB_ENV
+             echo "pip=${pip}" >> $GITHUB_ENV
+             echo "gam=${gam}" >> $GITHUB_ENV
+             echo "gampath=${gampath}" >> $GITHUB_ENV
+             echo "RUNNING: apt update..."
+             sudo apt-get -qq --yes update > /dev/null
+             sudo apt-get -qq --yes install swig libpcsclite-dev
+
+      - name: Build and install Python, OpenSSL and PyInstaller
+        if: matrix.goal != 'test' && steps.cache-primes.outputs.cache-hit != 'true'
+        run: |
+             set +e
+             source ../.github/actions/${GAMOS}-before-install.sh
+             echo "PATH=$PATH" >> $GITHUB_ENV # keep gnutools for MacOS
+             echo "python=$python" >> $GITHUB_ENV
+             echo "pip=$pip" >> $GITHUB_ENV
+             echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $GITHUB_ENV
+             echo -e "Python: $python\nPip: $pip\nLD_LIB...: $LD_LIBRARY_PATH"
+             export url="https://codeload.github.com/pyinstaller/pyinstaller/tar.gz/${PYINSTALLER_VERSION}"
+             echo "Downloading ${url}"
+             curl -o pyinstaller.tar.gz --compressed "${url}"
+             tar xf pyinstaller.tar.gz
+             cd "pyinstaller-${PYINSTALLER_VERSION}/bootloader"
+             if [ "${PLATFORM}" == "x86" ]; then
+               BITS="32"
+             else
+               BITS="64"
+             fi
+             $python ./waf all --target-arch=${BITS}bit
+             cd ..
+             $python setup.py install
+             #$pip install pyinstaller
+
+      - name: Install pip requirements
+        if: matrix.os != 'self-hosted'
+        run: |
+             set +e
+             $pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 $pip install -U --force-reinstall
+
+             $pip install --upgrade -r requirements.txt
+
+      - name: Build GAM with PyInstaller
+        if: matrix.goal != 'test'
+        run: |
+             set +e
+             source ../.github/actions/${GAMOS}-install.sh
+             echo "gampath=$gampath" >> $GITHUB_ENV
+             echo "gam=$gam" >> $GITHUB_ENV
+             echo -e "GAM: ${gam}\nGAMPATH: ${gampath}\nGAMVERSION: ${GAMVERSION}"
+
+      - name: Basic Tests all jobs
+        run: |
+             echo -e "python: $python\npip: $pip\ngam: $gam\ngampath: $gampath\n"
+             $python -m unittest discover --start-directory ./ --pattern "*_test.py" --buffer
+             touch "${gampath}/nobrowser.txt"
+             $gam version extended
+             export GAMVERSION=$($gam version simple)
+             echo "GAM Version ${GAMVERSION}"
+             echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV
+
+      - name: Basic Tests build jobs only
+        if: matrix.goal != 'test'
+        run: |
+             export vline=$($gam version | grep "Python ")
+             export python_line=($vline)
+             export this_python=${python_line[1]}
+             $python tools/a_atleast_b.py "${this_python}" "${MIN_PYTHON_VERSION}"
+             export vline=$($gam version extended | grep "OpenSSL ")
+             export openssl_line=($vline)
+             export this_openssl="${openssl_line[1]}"
+             $python tools/a_atleast_b.py "${this_openssl}" "${MIN_OPENSSL_VERSION}"
+
+
+      - name: Live API tests push only
+        if: github.event_name == 'push' || github.event_name == 'schedule'
+        env: # Or as an environment variable
+          PASSCODE: ${{ secrets.PASSCODE }}
+        run: |
+             source ../.github/actions/decrypt.sh ../.github/actions/creds.tar.gpg creds.tar
+             export OAUTHFILE="oauth2.txt-gam-gha-${JID}"
+             echo "OAUTHFILE=${OAUTHFILE}" >> $GITHUB_ENV
+             export gam_user="gam-gha-${JID}@pdl.jaylee.us"
+             echo "gam_user=${gam_user}" >> $GITHUB_ENV
+             $gam oauth info
+             $gam info domain
+             $gam oauth refresh
+             $gam info user
+             export tstamp=$(date +%s%3N)
+             export newbase=gha-test-$JID-$tstamp
+             export newuser=$newbase@pdl.jaylee.us
+             export newgroup=$newbase-group@pdl.jaylee.us
+             export newalias=$newbase-alias@pdl.jaylee.us
+             export newbuilding=$newbase-building
+             export newresource=$newbase-resource
+             export GAM_THREADS=5
+             echo email > sample.csv;
+             for i in {01..10}; do
+               echo "${newbase}-bulkuser-$i" >> sample.csv;
+             done
+             $gam create user $newuser firstname GHA lastname $JID password random recoveryphone 12125121110 recoveryemail jay0lee@gmail.com gha.jid $JID
+             $gam user $gam_user sendemail recipient $newuser subject "test message $newbase" message "GHA test message"
+             $gam user $gam_user sendemail recipient exchange@pdl.jaylee.us subject "test ${tstamp}" message "test message"
+             $gam create group $newgroup name "GHA $JID group" description "This is a description" isarchived true
+             $gam user $newuser add license gsuitebusiness
+             $gam update group $newgroup add owner $gam_user
+             $gam update group $newgroup add member $newuser
+             $gam csv sample.csv gam create user ~~email~~ firstname "GHA Bulk" lastname ~~email~~ gha.jid $JID
+             $gam csv sample.csv gam update user ~~email~~ recoveryphone 12125121110 recoveryemail jay0lee@gmail.com password random
+             $gam csv sample.csv gam update user ~~email~~ recoveryphone "" recoveryemail ""
+             $gam csv sample.csv gam user ~email add license gsuitebusiness
+             $gam csv sample.csv gam user $gam_user sendemail recipient ~~email~~@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
+             $gam csv sample.csv gam update group $newgroup add member ~email
+             $gam info group $newgroup
+             $gam user $gam_user check serviceaccount
+             # confirm mailbox is provisoned before continuing
+             $gam user $newuser waitformailbox
+             $gam user $newuser imap on
+             $gam user $newuser show imap
+             $gam user $newuser show delegates
+             #$gam user $newuser add contactdelegate "${newbase}-bulkuser-01"
+             #$gam user $newuser print contactdelegates
+             export biohazard=$(echo -e '\xe2\x98\xa3')
+             $gam user $newuser label "$biohazard unicode biohazard $biohazard"
+             $gam user $newuser show labels
+             $gam user $newuser show labels > labels.txt
+             $gam user $gam_user importemail subject "GHA import $newbase" message "This is a test import" labels IMPORTANT,UNREAD,INBOX,STARRED
+             $gam user $gam_user insertemail subject "GHA insert $newbase" file gam.py labels INBOX,UNREAD # yep body is gam code
+             $gam user $gam_user sendemail subject "GHA send $gam_user $newbase" file gam.py recipient admin@pdl.jaylee.us
+             $gam user $gam_user draftemail subject "GHA draft $newbase" message "Draft message test"
+             $gam csvfile sample.csv:email waitformailbox
+             $gam user $newuser delegate to "${newbase}-bulkuser-01"
+             $gam users "$gam_user $newbase-bulkuser-01 $newbase-bulkuser-02 $newbase-bulkuser-03" delete messages query in:anywhere maxtodelete 99999 doit
+             $gam users "$newbase-bulkuser-04 $newbase-bulkuser-05 $newbase-bulkuser-06" trash messages query in:anywhere maxtotrash 99999 doit
+             $gam users "$newbase-bulkuser-07 $newbase-bulkuser-08 $newbase-bulkuser-09" modify messages query in:anywhere maxtomodify 99999 addlabel IMPORTANT addlabel STARRED doit
+             $gam user $newuser delete label --ALL_LABELS--
+             $gam create feature name Whiteboard-$newbase
+             $gam create feature name VC-$newbase
+             $gam create building "My Building - $newbase" id $newbuilding floors 1,2,3,4,5,6,7,8,9,10,11,12,14,15 description "No 13th floor here..."
+             $gam create resource $newresource "Resource Calendar $tstamp" capacity 25 features Whiteboard-$newbase,VC-$newbase building $newbuilding floor 15 type Room
+             $gam info resource $newresource
+             $gam user $newuser show filelist
+             $gam calendar $gam_user printacl | $gam csv - gam calendar $gam_user delete id ~id # clear ACLs
+             $gam calendar $gam_user update read domain
+             $gam calendar $gam_user update freebusy default
+             $gam calendar $gam_user add editor $newuser
+             $gam calendar $gam_user showacl
+             $gam calendar $gam_user printacl | $gam csv - gam calendar $gam_user delete id ~id
+             $gam calendar $gam_user addevent summary "GHA test event" start $(date '+%FT%T.%N%:z' -d "now + 1 hour") end $(date '+%FT%T.%N%:z' -d "now + 2 hours") attendee $newgroup hangoutsmeet guestscanmodify true sendupdates all
+             $gam calendar $gam_user printevents after -0d
+             matterid=uid:$($gam create vaultmatter name "GHA matter $newbase" description "test matter" collaborators $newuser | head -1 | cut -d ' ' -f 3)
+             $gam create vaulthold matter $matterid name "GHA hold $newbase" corpus mail accounts $newuser
+             $gam print vaultmatters matterstate open
+             $gam print vaultholds matter $matterid
+             $gam print vaultcount matter $matterid corpus mail everyone todrive
+             $gam create vaultexport matter $matterid name "GHA export $newbase" corpus mail accounts $newuser
+             $gam print exports matter $matterid | $gam csv - gam info export $matterid id:~~id~~
+             $gam csv sample.csv gam user ~email add calendar id:$newresource
+             $gam delete resource $newresource
+             $gam delete feature Whiteboard-$newbase
+             $gam delete feature VC-$newbase
+             $gam delete building $newbuilding
+             $gam delete group $newgroup
+             $gam create alias $newalias user $newuser
+             $gam whatis $newuser
+             $gam user $gam_user show tokens
+             $gam print exports matter $matterid | $gam csv - gam download export $matterid id:~~id~~
+             $gam delete hold "GHA hold $newbase" matter $matterid
+             $gam update matter $matterid action close
+             $gam update matter $matterid action delete
+             $gam delete user $newuser
+             $gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail
+             $gam print mobile
+             $gam print devices
+             $gam print browsers
+             export sn="$JID$JID$JID$JID-$(openssl rand -base64 32 | sed 's/[^a-zA-Z0-9]//g')"
+             $gam create device serialnumber $sn devicetype android
+             $gam print cros allfields nolists
+             $gam report usageparameters customer
+             $gam report usage customer parameters gmail:num_emails_sent,accounts:num_1day_logins
+             $gam report customer todrive
+             $gam report users fields accounts:is_less_secure_apps_access_allowed,gmail:last_imap_time,gmail:last_pop_time filters "accounts:last_login_time>2019-01-01T00:00:00.000Z" todrive
+             $gam report admin start -3d todrive
+             $gam print devices nopersonaldevices nodeviceusers filter "serial:$JID$JID$JID$JID-" | $gam csv - gam delete device id ~name
+             $gam print userinvitations
+             $gam print userinvitations | $gam csv - gam create userinvitation ~name
+             export CUSTOMER_ID="C01wfv983"
+             export GA_DOMAIN="pdl.jaylee.us"
+             touch $gampath/enabledasa.txt
+             echo "printer model count:"
+             $gam print printermodels | wc -l
+             #$gam print printers
+             #$gam create printer displayname "${newbase}" uri ipp://localhost:631 driverless description "made by $(date)"
+             rm $gampath/enabledasa.txt
+
+      - name: Upload to Google Drive, build only.
+        if: github.event_name == 'push' && matrix.goal != 'test'
+        run: |
+             ls gam-$GAMVERSION-*
+             for gamfile in gam-$GAMVERSION-*; do
+               echo "Uploading file ${gamfile} to Google Drive..."
+               fileid=$($gam user $gam_user add drivefile localfile $gamfile drivefilename $GAMVERSION-${GITHUB_SHA:0:7}-$gamfile parentid 1N2zbO33qzUQFsGM49-m9AQC1ijzd_ru1 returnidonly)
+               echo "file uploaded as ${fileid}, setting ACL..."
+               $gam user $gam_user add drivefileacl $fileid anyone role reader withlink
+             done

.travis.yml

@@ -1,253 +0,0 @@
-if: tag IS blank
-os: linux
-language: python
-dist: xenial
-
-env:
-  global:
-    - BUILD_PYTHON_VERSION=3.8.3
-    - MIN_PYTHON_VERSION=3.8.3
-    - BUILD_OPENSSL_VERSION=1.1.1g
-    - MIN_OPENSSL_VERSION=1.1.1g
-    - PATCHELF_VERSION=0.10
-    - PYINSTALLER_COMMIT=3010fdfaa037e9b19e936711d0c0be9b314b03c6
-    - secure: "FSKvLaiqhKz21SVgAQZI3bSX34Ffyev4l+R2G//QXNDu6UVQcuFsykzw+eZEG7fkhotXr8BMDL7xIkookiL8eLwUtcd/Z95HCjPBBHcmCSQleyvuuJBxdrQ9xldmiGLzMCYiumSH9OH4uJhQ39Yjnjsa8TK+PlTci6a/BTzlYyBSyDYDf7Iv/uhfQPDHL3pNwrQPHf4fL6/jcvo+uaPcv83AVZkNzZjjyoi9Aa+uh9xlbyHg11jp44463qqxoxTdYik3pYuXRBPjknjOGcnFHqn+QOVSdRQoiwbmT8xVuYuCzTv9THhuJ//i5u7s4y3Xyl7u17B3tdm86UlMpQHy/w9EsYaSBPOU4oPNomRtOnTSugh0v9ZBwptP5XfbslII/iA+LQdzTHhchn0W0CRyDqjOMSestWlrsq5NZJtBJTYHbebllOhEI7xbj9tY+re1zFWSPMOPgHJP23ovsdk3hD9OT93AzRHInCx5IxL6QvEgRhAancRuGkf2rGP0g/vX9fQ0Il3rNMSQxHB5CyHUBtUJ9nhU79YkMDZicD0jFMEwjWJO3itAp3ynoLXRgktgQCYUfgc9SpdWKD5SXLCYnSo22JD3D1P6h2EertRHaoKRLb+CRXQC/lM8uh/W+BjA2Xe6Vut2I/72ndjM+10T7E2xk1CFyCH37a5p8cH26Fs="
-    - secure: "J9380tGLOZWa7dSH1y5Il8T5JQpN6ad81gI6VR1HIU0svpRdjgikyDA7ca2MKYDUYYY9yVSkTV6gCl6iIU/9+SKaYugpP+tkvdGYkC2moJdcTgYM/WOnIK9ExQ3BPhN1neGxJjPTwKo1ft27mtZ2I5vuCiBwIcnKWLnKPyW3PD+mWpfqiLuEzkHoAh6G3jC4qbcCrZDeX/knE+PzqESUEi+8k1G8gYcSDWujba9ypSsqZ8T/MXagGla6l7y2Rz+/KZTJmFHwKAA10V+xPLVqxoiqi4ar66yUqy0BamwRXPcseI+ns3Q+4lUpMqVQ5GlRy7LF1xC8myjmcAexXk0F9hg+CMzewKI8UgmQH/ZJvQZEh8s6mW26+CqA4d3zMQkWaR0WtEtpiuH7AGHCflIqvEQ6UiG7ia3B8iZfW2wl0j/kqx4OuHkS3r0pWKVVIIvCj9Ow2BHP7SpiV1AcUGsVxzwbgTh67fitna3Z3c6Uj8ccQlNr7ZIt1az6Wf3w5njijkLOiBpQSLKunTTCTSge/JzBTKUcie3RE9vzirl58gUxAt36nDtPWnory+RttMZrOkBVbTeSxp+IUe8pNwLFPHABsafXsjkfzBOtFmm+0ZXWt2Rlog5NvlemJfQUWDlsL4g+BSakzN+4sIPKzSauWDHyaEeULY7Uprkil6c5zwo="
-    - secure: "szcjWHPr0Bf1KCkyTrV5Fu3ADhWk+pg8YWucjXHdybmhaQIKG7iBNg8LJ5d0OBTwAg31wK4ZgyLVSa2gKrAZ3UeDjykJFsR711xDSQOod51Wrgqu4FbXDewE817DUk3Cwe1l5DCu3/fjEw4vbm8B/qb7iMTRKCq6hJd97FwT5oauP0QHNPer9JjrW4F0Hk9ttkgEU2dXWvBMsTJsDOGNI3ddABE2HskxV4T4thelDYGKBDHhUOAsRwSjXgWy77Tvz98psPIvd+6+WPYNRdRWcPDyAR3Z1O/fNjUymrQI6eMaHoSFrmhDS5lbhjINRfdUmECyfCfIFeLWWiw4g4bq7l+4HBORbei55tAIjhEsxJQoqHi0Q5dD5TFh8IiWqowkFbpvNonMSIpKtB0cyT5jU1G/jRA7MPcIvSrdzHaDkoDNHJgAeZfgjOhzTGYYD19lGIljz5BQBcNFZY2dJbja+Jr4He2CMAOBOdERa4Zn1VyNfOmd8Bn5hu0C9D2ybnSCxjXXq5TRiktR8X7WycVZYfqMZXAwP9FEHVitJ4MZEGUc7S92K5gX4wmjcJjLS+Xo/0nsduQm8PuiMjbcPM7/oGx8Xm1KuSfHdKWMBoaesPaDvRX+YcuiNstXf1DkCWl72TsFABzddlNUMl/s2YSKkCSHAJ5ILqrB28Gx89kzVlg="
-    - secure: "CPsDgSoZIHLyjpUbYEsx1GbB+UZcPXCEsz9qT6XRM+qMFKLlSnHxoJ7gMrJtqfjTh+1gLB3UTjQjFr+jAenqLWzaJh7Zdtpg9BOG6aXC8CAi1h0U5ZMNSA/+5lQxOXuhN8HmXI1r8xPNRFXBdZFea+072/2HJTwmgYlVTTQ8FrbXQJCzs2cFqxnVeFmuG3N49AJuoy3B+P2DMpqPzABbQt7Jf5H9Foq+16iXxhRkYA8/8H2nF7ZE8IdJuRpqhBUoPF/8Mt2QBLIlvNIdIzFEy2O7ZhwL9Dt08AG9v5c91QPzjsLok2e+5hFGaeMpGQJCE1V3uHyrOAeyZs1QYr7qBWbjQCVh0Phxz9yOA9RPfnQdjyJTq4QEj6vVYvCi5K/CGp/DnnLnGyYJKZOt7nBx02fTVI136UXqt29eF5NRkCpnUqah2s0OXkijsw5Y9LsbwiUxELKtCthESOwN8e/ZNvn/gjPfZWIaB0gupRNugL8Xo9Cx6vFmaW8wzm1IutJvo1mWvkWMvuYYjvd4aDyP6s7PFnSX7DoD/pfxoQuzjwHO2OD93nCOx0ofnNojLNooeJPKLikiwS4qKc8exWd+TlnccKSkXO8Y8S+XRgeE652YNlf+9DH79lNLeK0N0W2tRExX5JaEyJQCuvK0WZi02kxvjmUHhwLAOv9ueC2UCRs="
-    - secure: "JMv9mkSQBJXvUznXcyvngFaOfd2fHYEQQTH8BnS03pqAL0HkWSheG/R2HFJlJv1VJ9MDMf+wVzwMvU/kzkOT68nIgyFWnLBkT6fw+Mw7t/dG96/nOh7DPuaTVzKS0xRbMhDaqZOA9GW13TVnpVdIw79vbhQM69N9Gj80j8oM1cHgMi+fkJSDU3EN/vMJOGKSB3DTpyqAG/nYyZ38tLib8ic12za/YL3HIu8QRHa3fr37+cyrVKgGebGg++yK34p8lC1W4apiO30drmHVQhKWrWnmdcssdGmVM7NystMGGAzUwsJcmRFJuREv1LXiijDzjIRVduceeRYgPi1KHB5ZdL9vji0gM1eHYZZefhcJb6WgPDbCtbjdlCId4v+1bNfsh+dMmhM+vBZDtDEt3UC3MBeYTmklQT2w9zCXHuPBQigj7W4zLm6GxnAXife0SQMfmr736QBvSLUJWtd2tRgS+dRG/LvWxrP5Urvfgs8iRtEVZLDpRR+bSjvLs1UEKLN13KMKYuVwieHbxJn2kY7d5wmZVBYdaokl0yrTkZZ6J9xIphxM8GXJU1BnMZY9zn+Xq3jm576QYnNYUwCtUjOis00Ct4UVuuFqIqZ7bJL7GT4AHTENAk+9GtXVCo3/jnv161rxgoSdnUG6VmrpnyA9jSpcIvMVcE129oghBJ2+PkU="
-    - secure: "otePbb9W6CAuwzayL0dDAvCryzF2s5HHAIytvMW/xnzOuRMR03lumj9bhg56YCB/nIuTncAjToYmsMh2Acrp1Xcx8/DzqKse1K9nkfJgsB+EYeXmy8pVJnCxhHeLCzUPJjUfRoPBm+5GHAkeoviUyxenwbOFm3/Uhtay7i2ZU8K1FsECqx4FZXVh8rrGHqFGzHNimqDDvFUQM6f9a+BevEio8+/aDooaFfvVqPixDYXpi2+99DB/0hZKwcUpj6pOUUszATkAl0kJdOSWI6E7bQa63i6SfhcBNHfvbDqhpcAGs1TIXHbXwWGfySABKgT9mkq64CY3bc/QZ6HeWe6P5tJmt4mGBxDMOWMYj4qtCskQCCCiY9+sCx61Sj8W5w8exjQvvvFA088cKtbCKAx8FIil4CuYPtIjDQFkiNI2bC6BmkUen7qe4z7dSF2AZPb6CuSsBjoXL8Ezle3e1pRrkR+SYbxMSaZVcQoG8hinTqaXhlS5gXi97ZzRrJWn3tUB6JWEBeEkIfTJmrJolbLYIMcADNhKenrW8k6nV32JkvMsCgMFCIkJsIZeuQ9ZYgSZ3CXPODux/D2/4/gNa+353Fs3DTlDQxRTgoaYi9UDIRrKZAkoELFclxuGSKMCCheevQ8FMCmXfxUocwLSgjlO7g4rTJa9Kggn7VltucXiVWY="
-    - secure: "WKdB+WpZG/7SKpPpgM6DAwzVg0QQuxFMJEZE324pagJ74xv+GlObTLm6kU4SAZf6TuRSChTXDAD4paJXkxpq3LlXjp9aKxPASbG5PgZMnGL6bZ40c/UUqrwVy2HLnXPKSNuDBX1RidGXmH3u4YvufjguNnlOLvHYfMHIRGjiEL4ZvC38GB/3YDmID1zI6w8NzTCpFvxeNdg1qhhOBUKyt+icRUwBu8DfgLidzTrO0j5jo3UeqO/w3E9t3nnRgSiO25mBYwWySm1QBK1VS3F5iG9jo1J6GKMOFbWi3lOBoqnWotpfwID+p1vMNX35phHwmMrtoBYfMTV4A2CvQpGyQhn58qyMoKnhLz+NIOxlHN83qcu65bTMG+7ji0pgUl3jhp3ZPyWUjRYQpoVAg5f3UAnUzJgBrOUC0N60ukJVacT/kvkO10CLfz+0+eefW53r+GCkTi2m8iDezZn1olinpLs+Mt0M4VfQ52RVtq3WB6uxN7RjgtrK5XGi2zVAsvfHp+vqFQ6uu+iioiWNji88cTlMuKheo+FWwozNQzd8+4Vxe9w01mLek57Q0dpXiKWL3vMS4Qc4T9E6UzutllDyg/c61LW6Afcqw3jL4HN0UNG3zFefno47oKrmB13HcxakLEC8sdNfE1kWGvB7jqD0snXsz/8rz7rf0IqnK0kaCAc="
-    - secure: "Lah0Q4bWyEJXTBLZHCNkuEuU5wlDQzLF6aQwW47RyVtyRDYW8uQRQFkbb/3oj4QAAgXl0sOcDFnRaaWmlOStPIIYKKVY8Mk6ufyDCz8inWoPNJoSbdqbAi761HacGUsEfSNDrPNB7fst47UZaX7WNAO3q1QjCCGSEJQVpJE2MDAjcSJhAgLPt3JRFSOSwvqxcDLZI+wF9AM81OWNp6QisAdI4LPUJK3L4M4dLh9+apFRb1OMld++scWah1SB5Qj6tPzMvX96mp1XfWB1fJXuf8Yvks02H6ZcAXubK2HXe3iJZKVqGB67kShNN52P+wg0ZZO4OP4kZ2PXahnB7hhxIfEfWsNVy/w4ww1N6K907BfT6RDmsgNP1ZP8kpq6H4pTnWgAy9WDxjatzbNFAHtMzakGjYJNFxZJVco2FL0ipNQ7htoVAA4sUb+VbRQv4O/oZTLMNnnco19+TFJzuZuS4Rjxj/zX63gXkj/W7wou3hw+NpI/PL2hUXIc5imXSLfVQwri8Nl+6IOjV2gWR/vR1VhQqbLsTF6TZQKNI4lvbRTs1nNeqNMW1lHizI3r9Kernj2noAsxJK7wFTZ64OUkQvSNphfmVow29JYQKXbpxbmRrdnmfmtnMsxUngpx9WsTPhrprt5hIAqiBspHemrs+H3LiIml6IY/3l9bcPlc0gA="
-    - secure: "sNc7kC0CuH/TCZh2WwEN51GcA1fSpcliCHpFB+WX7ieQiRu3xKn2avby/T7vbvX0viXRER59arFGQF4i/dyr2g4tlZLVRYjPeiApfduKZ7Lb+vZGro3cWesfHG6Abk2VcgZZli1IDrgrHH5qAWnA9xNnKvKBL9NDM73Zj92BmlDFVEzadTii8brWvced/YP3jNXEmM5ZIufgpe2yidBB2bLWYJXb3Cf1MvzMG4tqNAtZTrI32q50mokz/uTqp3MRJ+cR8sOI+2+2xSbT0zZGLSRZf96/7FKtE0QIDxdWAe4XdlHq1CluRVk30Ju5BEn0QzoYLryCIuw3JjDl1Yksw4IA5imljZJlOmWa2l6fX0HNxMw+z0R/1d2HARA8BY7/uQKv4guV3Cf3jpsWoKSsM1WxqOqsuEFOoRQ2eQNJEaSuC6+j/vzNoj61pOuG0R9OC2PFcFCZ9fomIrZMse+7M3WIj4+mp7e+JDK8DgVdUlqkBVCx1Ospseb5pm6lDx8F5NbgqZgGXgyoWVpqZnyYOoOutezMoD6MI2wXzJaepV/L3+LD5f6q3DAa/sRAEEsBFGyMHXiPYbziEiy8Hz09Sz3inT5rzS8OLOinwAI2sHiIYHTl340XfWdYz6AlNhYLCGwwmtkntbjOj5UVW06IgBBx44ujpZSUjv7SOrACPGU="
-    - secure: "t9/mC8eSsxXIB2vjcZGtGISxrSY3Yd+XS4+/i1YG1mxSov3R6UdhVl2blLgrvFfVCSo61YMAzJbXKtZlXPzhLDXxpsSlWiatjNrKKo4D2unnlHsyEMJ4wfz8cJ8pKyynP7Kc1ZuaqTSMcEZgk85tlew8Zy/VH6g3Mc/7DvP4SxEDRsP+DdCplZc0vbxHDaV3iC93bwNRfy1UQypwJJ2WQviRema3Umneg8hVl2V35zbaBoy45ubCkUoCbRCDaUyoHA10GrE1OUOLsioar/dj6K2W3EhAtehHLWrUZhhl07rayrrRDQYDTdebifB/MWlvR5FjM/Dr5M4k2ciss4ol3IR5LypRLD+/YBtzeIuqkDbUkaBowY+oUj6OWlzEbzAUrUNa5mnyR2jhr8ivZUeEEWLxljsu8gWq65mzgiZt/u+kVCnMLciUv0//0nrsNsEMI9pau2ZxbcpItFVKdZYXFdmHWG+qPCgMcbgsUM3xqaIc7fNwbk2Aa6erIGqD2VkwWzD/xksweg4lsgQ0N1tXMfoWWKh4Xj/OFom+S+3w9uSx/jQma7nXm+PKQL8dIo7rqza3fz9biq5T6mhwUrqCpFIJv7mrMwaTT1UfOchjiLL3CGeO7Amv7Avmh3fhMPbypF0sws79d7ewZbyv+oSzn+pxlCdzBU1GYx6veApbzhg="
-    - secure: "ljVx3TgpBJ/ylMKDVmXabi9UNi5YvrRM5UBTrRk7XPu1YFYS4FI1GcGlyvYhToc4fKt4jLhX9qU+s/rZY+odO0x/HpmJglMBCrY+QcWOzuyaP1U5dCET+evuqFdEAZIzLQc4VDjL1aQLZh+OG7bjoBClVAan6a+pmW0yxBC6rNtCWTESG4rY3wOeTpoI0Q1gM7gg5Zkj4Z+yLvYeJdoKHijM7C3/R/VVTqUFqArk+Js7Qb2qTqm03SHP0ahRQA8XSfbPebSkJyX9oLbidanBEaQE6sqnp9Qh+8VGcnn7VkSu6oq2+ZXz4xlSMrH2Iv2JXl68Td51LsLo9BxaMCL68ssgTFfXPSrrcLwholNEt1pXk5nhBl1l6MZ1UwUJyBm+AXZp/4sCK9/P0rGa2d1rOcpOz7nobH7BDktqEJkrR6VzkTMx1aOwtF+JSt7SJQ1RrRdm9uKfOZZsnw17+VgVAHo/ttY0C3cRl10oaF1C/IdliDfa5gJdZ2VSZtJxyewqKwGiZrqCRv2fQyIuGsqfHXsyHVL6q1KfVcHjaXBvh0o6xZ6duieFT4FNHg7clv1qPQV+cLh4L11nugiihRTeYQtKyUnP5YIL+jlcGNM6KqKhF9RN5c+zOqWNmEcz6O8nljY5mFWdIxL6dFfE3+4wpw7snFP0PrWIWl5SmrU5ipY="
-    - secure: "L0ivSUmbOHNmKWVR2zeYcVR+Xr6780dYA829MyksXfg9OrieTS+qVqSODKexFW89dp4Wf8xFdT9f16xSqjA/xSuX12uiISMiTcFKP39ZnQZ//NDkx1T4pZaeNiysqT+2Ys9OaKTWxn8luFtAYp+DaluancQtEw6+M8H3jQyQZimGHl0QB6BK2A5VA2vko+7ebIdwu5Df5E7lc/LG42H+DdSFkSj7Meu5XMyPHSZRAdOE5doO++tqFKzgs2WbDRHRUP4R4LqtDlGn8+5qnQtQKUN4V9UGrKM95R34BhgUlgOqOFAjFDug71/1/rRyv9XnzKkAdTIbxV7nmxSL+APhQDqpwPr01EP9gtZBOycswV/igJYotgqkhzwNAYrmwOA5Ta8S18Ck0feDEqT20w8yKS4QwV2Ihg4q7CqDFu7i+9iSRUCd/RVrGtG0U5Zo1b3+1JcNxXH/ErUeyHPfrk4vktxfHmU+omqwkfvTRy5upn0Ycr57YHOJc/Iyur7vE07HcnBfAwV0d5KO6HJ7M1n6hmMxeyKmf+qiyQQnphySvHHAfa/9Sec7omwwKv4bn33DwFGc8GWvL6cZXWhmGhFvd+LslpZl0vZ+7Bz0tXlAg4t8V48y/ZtyoSpny0HP4UstdA43PttvZ6q2y8LUNk4LBP5btKmp27Fszuj/rldtj5g="
-    - secure: "Dox8JthAJqWT9eh3Jt4Morbf4pGN9OjduJXe/lYMsmFvqNg7b94P2QdumWBPmVjDq4YjDVirMejBA/TNwORgKfg7pI7MOw+qqoHpT9xyPecXi3ecyBay13e16p0GNRlc5pUu5JcU8sgCpttvM0EAw6bOuQIhnnkIFesbOvwoxGYjMzjmWMNuikR3CjKbo0LDtD5NJXT1OMSqrRuh8NM/BoKyn/kCdSaq9wI2GUMbkg09/kFJkQOvtMXPkM7dIhr/9UC0ouMIyqe/MHa8O6Y4xESdqiTql9uz1+eZfHIRrgFlHfxDvkMv87Cx5OuL+O+qeT/a+RYLCRJspMoq94IYHGg2iyEfBO2YAkogl53wiEf2KF2JdiNGT0xId7bxCJj3efTuCAXV1oqaHpJli1Mhvs7zPEtf78B4tkWEgjhGr5pBLIlbhNjS5wtTHJX4BUzoiP+wODj4h7rjPAah42nWF8XOMlboVi56sOCLjiHBOvYObqyhSfiQxoi2XHphsrZqw6H03tr4Kqd9HVmuoSvRiv+NOu24Ubr6MrrQM2/G72TrTx0/aBlt8Dx5nx2oWZ9ZMiDUR3XlvDLUi45SpY5qESXz08nRlcdS9EvUpK7C+77bNvX+A3dIhsxnxuNaf2naf+QnYYbvh7q4Qbrj4v6EMYS90Uky1JHdoc2wMua8J+w="
-    - secure: "Is2Lv/rxKKrXnxFns9KQYseD02tjY9qbgSteVtJavG1cLJDvkTwb6X+Thvgo4cxk5fQPiXScrQaYzHjVVuNleD+dyD1HC/8CU2Xq+tjBhPjdcccHFSbk06DpcETmLGRyMORXG9JkYlgXHLLXtu/9icppWEHgra+zvchVL2YDhofYne8FMNBb/lq0AAC2wgzAS33tW1+57HaYnzl0hf6+Q6lwqoH2/aTfGMRFDgyJ0HK+5IVfLnQJ+OuGFSrj8/0FWSggR5+EXDIddDgovFgaCghMjHYp21bzn0eIAJtuNFFultwk/UC1lT9joXTKEzgLTAh+w13yz1T3x9rNuv6FDKCotBIS/ZDtPmgvyZ8xvB4SzyULnTRSVn7YvspKR6PAO/qxGNudUD5H8tRKer4qKnKjHzSUcVBlRHb4yE6FqqY1Z9RLEcomWO43nJwb6saNHR9BYedyi0gA+EbA+P259QFClW1dWEQ2LQhDa+0VRssOqZ0BQblPFyz+e5Vc9kfAMbOuoss8fjkiYv+twXv7nT27xrVT5okfKDSiy5opZD6d36N5FibZPYiMrVx00YZdkFB+5EqQuJ7lqKUMkZJTeApLzj+h+/4aAOWd3paj5ghv7m+9ReohsNKFHyjaSy97RhMAZjzqgMMdD8rjUSKDhvNKvvQECWHlaXwL129GB0s="
-    - secure: "l7vWxfcu1RgXbStq76Mzz2I5Iu4e31729OyLYqulXZzft3wO+idvgQKy/JSwajiKgOxlpBuI0wrncgIUYshcRvE4yB0y9+QIMDTegJzTADtRSUyVNCIZfTgvtOvzrlW0iCdVsxLBtYcJWJVPdjF2q59ED1jahd1AuJJqX5e61gfr0eZ9+cNiHbX1u3VpmGchFNWQF4KvebE4WKs5xWEds+AtbTODdQq3H6kKQK3fTVJnbz6WMO+bEWgWI7orfSE20lku/3Q3eMLhNOcPwH8WnUoTTvDWol5Cq5NfPhkKF5aV7kIbNXkxswM7yBPAPumBiXdM1BHpfd4+0YQ/fqRtnqxw85HEYpT8dRewHimCl4IccgGCR+G0tK8RNleKL28GWrz86gRVpXMEhOU3ILwb8as3SdQWLwhXXy5uKGJmsdrCNAH4/8eu3XczO5VN2wOo7narYuBgGcl2eLW9TOLyNVKFKxbQnDLBiOybLNoOV42DCRYt7v3Eknkv1Z0dmX6n23q1z9if9kkfAFgRQWsTbNZyWeIwWuX8b2a0Zq0znS3JflSKxzqS7RHADfBOJEVM86AiGkw0XkR4o31yDrY+zOrkJ3GxfV/HpqG7LzCd9tFeexanneDCE1FJhCkDjpnc0Mdyx+1gVf+u2MkgrU0BbCf2EESBAlC/FTRvxTmk/6s="
-    - secure: "bvtQ348bxKwTtB8X0zMxeTsM0jEJozbS6/rzH/88Fk90a+KO8SdXen0Kj9/LahV4duMn2xTTRmxMCVj424FbcVTgBkJpIO7btqTcNASORkmK+9wGTK6Bgb9R5sHLbVrbrMYJzsMQR0MWxE8ibPLlyom+ssUIqr7HAjnRyYSDiKChGhgBfdE/0G9OE/DuQaU/ZkTuEYfc4527QNLJ8Bt1aLDdCHJLxzCojNaTHB215Tz7dmpnJjWa45BXxkMwLTpxIJuY7wA7K+2UBJfLvZv5QiPYyeUlosV7FwhCN9e90+dc2x8HPJbwe/Ysv5dm8/FfNTgTe6IkKw1z9kev9/W1tYCtqMzn9GnlIH2000ZUomhHKbc4UUl8sskF2jGr14rSz7pfaTyvXNvK7nKLKM7mZAO/cAaQvZoGEx0s6B7a7YX38NmJWcM0UUD603n4G9uVZNoxjyr8HWC6pho8MY8/u5aFKMPd+C8DaDWeSzNJDZRyi62v+t2iyyZuQUtVXtnDpv8GQW4tYFIJCkkrTm5VNNgD2x3WRsEr3LsBa3BonOmi3a1VrdIpyidDzBEWFUR59a/C0lU5J2UX5W1vu/Pnr9/8p898sDvvDbluz47OR9xoVOjtmGdt/ENJa4EOY1q/eRIN6zrt/cwwjIKgTcYOVk7DFDMXQuYlDeEFuHSJ5Xs="
-    - secure: "VWY3aJGMFB+E5ObJpUUXNQrnkEpA1pbfey8Z0pe9X/n5ubmDBIAfCPP7hqT/lAF/1hj5+HA6oWEa2FzeJZOL9q8cuymHzkehiX9n3f6GktirMtEoG3Hk/CiW/ZxKf9KyBNRVsqsOiXvfzMcMSU6ZrSV+4ZHIVl0zO5cehSaaiTTqVU5K474N5TCc8SAvpSRpxjZVRXy8rWF7WMaG4Xm6aa/IELccjJL8s6sahk3wT++5pzewxv4XBWf4bNA7+MNLpnzKmm2S5T/uohsw00F/j82g9xFT3qYm6vgaR4ql0aNvxd9gZ/6vdVpqBIUZmcFi9yTSFSsSSH2cNGFk3IU9Ecdh1Psi3B5pTpYzy7BbLWyKo70wBkOoY8qCwJ/wtj+2TcfR72qR8ryXgkbIoXxe04VkPqRNEezk3U+UxUvLLDEWthxjuCRCydT8FaCfYm9N+l5Un8TNmY4W9mOSu5IXKJ7oSQDrJG65Z2uZKQrWm0ToOo1nNLFclFuM+K8JWNOKysfh451LHdbmA0rkoaLUat2ttDBtQpbw3h+Hwn3SW6BfELg6WDJXHyAPNRMPSc2Grk2o7mFfTMJhHQG4U+k2bL+AHJU0nPWzuEJyMraquqKOCcHz56A+6j1PN3wpLbIC18nNPN9Q3TDPiBmwzwEg+zLu0DKTu3Oe4IRKRNTuocI="
-    - secure: "BSZK3v2RYsNKv/8lBZ/dKagYF+znGXIeDY271A2nCS8DXx+y0octwI5RT08+UqdD1AvhPOPjdnSXG+M2NOSLlfBoXF/0t9S39+qy3EhGgxYAcWcVDXnrOrHEOALg1cQkCA2D/CG+eeG/36SmAn6FINTLaAOilxWGGCeL0KOB5mqPPnPogaYhowIwDkj0Hfsfrw8011XzgbufNr15GIYJ+nP7f41NcgIbnNkqXY6Q1jiWs1DuKXNDr5WGPqztHtVf7RtcpVmShzptAcAMdRqCGKF7atCZhXPbd69j3qf7F533/tCSCIrszR/Wp4BKlJfVCRCk1oiEcfRvprJqeFJ+0WJCVzyD7hXfnkBg2Tb5PmzvxOFM+hsqRu4mY3UdjqXukzAe5O0O6Uo8sqzqQUIjUooRnNQ4GdPd+7wMbyBZn4PJaW6YTi/7zg7mAegqot6uyEGGpWb6iFYrf6DX75GUfTciNktv+ez0AeqYFwNBLgcOsmaq+3V+aR+dIxsxIzC/i5GCTHvMYOIp6Q2tPCuIug0tX6uxm++vMOoMLK+vG1fVQ0Cd8m6yQIWEXUu0VBs1MTlJD+vX6LsK8CGo0Dt3ZS3JmC4TGGo9CBSEkeDvnKvQeX6x3NBIFWvgt+Hjxh4S9U+vW+AaUXpV9k+NEhesC/8Ys0UGbGYsTDzHdx9TMBY="
-    - secure: "sskZYJ/+xmHh5GNvw3QRf10+sBGOjlub29jOTxjXIRYUyZfkhjsF8CR9NP59CBFuqgN716Mj1uEVEcx0aaepr/zWweQSnqa9lZgFD9nDYALVNh1b4oyqfhYG1sw57ZHdBsJOBF4mKBnahly/QQj11Ya25GyIS2IewwCWVNtCOJYietSssG9l0+qc+RPG5Ub/lEKA3VRrtbUuApcIYszt33DumgZ4wzkzICl1SuOy8V15vHVlkBqASJheEDa4Hia+eAMo6e7OCE5KWjl7K2MxTvtszwFi7lgMCyPCOy6DkaULACfBnQeloh42B2Qhd/ta04vuRKg6y4fKSrnegpeOAa9aGxF1ufvG9IvPsRTsu4+w63b9xsQUN9MyDgxcJe0YeUHPgPYL6mqAjCIKvL62LlIyrQ8IAteoh3MC+4Xb8crXaLGINTcLwYvLwxsHMuC/58hdQ23I4DqnyZGAS3L1IhpX4QvYN6xc7H+ptaiQttweoH5VpMAduSrmSnNmvLOc4g2PvbRES6D95moQ7qk7iX6vpu+PevL5HtQCbB8SFyFLTYWsqZaG+4NrjpIi2hLzUT35meHwrvxG/MsfeqOVlnBfa93VnX75vxOkRFNY56sOtrTJaiVZ+rQUdszAZz3KGPbyrSlz3KxV+ZKxZH6/0oFteAJttXFjWQdICnKGDSo="
-    - secure: "sdzU5bPs1w7Nzf3F5Gtk/iq2Kfq3zfLQNGcehLZp1gJXzNf7F6HZLOn6GaXQ/5RVlhqR5nOmzMpVQs88rZv+6PE6YqGMugTxHIQeNmXtGnuEDJSBvGT9Ok8ENxcwKwL93g9SCd9P8mTspxklOsW2Bk3No2+Zlc/aQguBcX44TwYF42KuBU4O7oS6pUg8NjnuQp2zTyhp0ouzyAudatPyu1BLci/3lbx+MehutQw1y4Om6g8tfwf950UONZQdqq9MBluu7yYb1oHkdC1J4qgwdCZkJslWIwQHCH5UE4AW9iVG0qVrLpzBGtV27Kfy/Vf8r2gMYzbiur2h2+zzWSDm8/bk8YLn7u1FBpjGJdJ0pX0ZrZr+hMV2vH3e54NvA5WyRU7tw8mZ1PoDYd/FM5KXIYbscSbSRCqTsbPgyVIHuoOWXeeSe+/Ef1ifZv3HHf6ARfUIWupKfAipxChc7QUMI/HEQ9QPsqgBaooZD9chGsWAgv+8tFxdteqkx4Yh+AuZp1rVykB/9vAamUBebQxy0oeGm65j6X1rksfjAPkfeDYB7L4Ruy7tUwPtvYrAHPoWrf9O0g/qDRsw0vdqp42CjszpIxhuPhVRDx0i0wquqw2LnIU3ejRv2R8d1SecVKBBcVsWLFvc9iR4rNIi5JnxITRtiwL1Xv3Vcgx7WwxExtE="
-    - secure: "f9n1KmU5NuV4jGkrhLNiPD+3Cy7t4D7Rq8YsPlmyB2A6u6IHMuOVP95IwH6Zt0cmMDBrZGthj3/0iu5kzxzqD0m135PT17wSEqsDfDMyKRZJQuYSO/ESVxnSca3afRH7Ds7/ipQVd/ljZgwEnW3JMaOQiIdbbIquNOOTeY0/wsXkreDamXZaKKqUoeadkAV4AkKhM0xcMg+Vni1i71TYPBWrZPLVAu3ZrSvU/cE5mtBUIkbr9EgsEE+WR23QCgtwxKzNxrXetBcPXDsJb98/ABgpoItm5Ko/Zk6pkib44f+iQtn7Y6j3lieELCH5Sn0uy3RrMxkl7xicB7zPYME94NEPHCmshyVsH3RxWfcBG4kauRNBCLYLl5HYF2t1lWZ6In5qlx8xN3Tf0KrbM3vzAEOnnfZt83h3q5OuWl+jzTOcv9xHmeW0lnwEEfS0nxUV3KDqLFBczcUxKBmsA2aWnJZ2HV+kls6OaWZ987m6V2pIGR2uviGT7I4ngjCSOJzbwYbvJbJqYAI97FWP/5pqv97xHLCSSJh6TBO4NMQ7Ib/W1XT6NZyPOjNGSLpd79UA3cTzU2+UYr/7RxZpAKONSAMTJh7CX451XQwgovpFZ2quXs2BzqcVpy8AlUc45ygnFOALOANAkcRP5QFhmff0jpXstjPW83/GksbtaiLhIiQ="
-cache:
-  directories:
-    - $HOME/.cache/pip
-    - $HOME/python
-    - $HOME/ssl
-
-jobs:
-  allow_failures:
-    - python: nightly
-  fast_finish: true
-  include:
-    - os: linux
-      name: "Linux 64-bit Focal"
-      dist: focal
-      language: shell
-    - os: linux
-      name: "Linux 64-bit Bionic"
-      dist: bionic
-      language: shell
-    - os: linux
-      name: "Linux 64-bit Xenial"
-      dist: xenial
-      language: shell
-    - os: linux
-      dist: bionic
-      arch: arm64
-      name: "Linux ARM64 Bionic"
-      language: shell
-      filter_secrets: false
-    - os: linux
-      dist: xenial
-      arch: arm64
-      name: "Linux ARM64 Xenial"
-      language: shell
-      filter_secrets: false
-    - os: linux
-      name: "Python 3.6 Source Testing"
-      language: python
-      python: 3.6
-    - os: linux
-      name: "Python 3.7 Source Testing"
-      language: python
-      python: 3.7
-    - os: linux
-      name: "Python 3.9 dev Source Testing"
-      language: python
-      python: 3.9-dev
-    - os: linux
-      name: "Python trunk nightly Source Testing"
-      language: python
-      python: nightly
-    - os: linux
-      name: "Python PyPi Source Testing"
-      language: python
-      python: pypy3
-    - os: osx
-      name: "MacOS 10.13"
-      language: generic
-      osx_image: xcode10.1
-    - os: osx
-      name: "MacOS 10.14"
-      language: generic
-      osx_image: xcode11.3
-    - os: osx
-      name: "MacOS 10.15"
-      language: generic
-      osx_image: xcode11.5
-    - os: windows
-      name: "Windows 64-bit"
-      language: shell
-    - os: windows
-      name: "Windows 32-bit"
-      language: shell
-
-before_install:
-- if [ "${TRAVIS_OS_NAME}" == "osx" ]; then
-    export GAMOS="macos";
-  else
-    export GAMOS="${TRAVIS_OS_NAME}";
-  fi
-- if [ "${TRAVIS_JOB_NAME}" == "Windows 32-bit" ]; then
-    export PLATFORM="x86";
-  elif [ "${TRAVIS_CPU_ARCH}" == "amd64" ]; then
-    export PLATFORM="x86_64";
-  else
-    export PLATFORM="${TRAVIS_CPU_ARCH}";
-  fi
-- source src/travis/${TRAVIS_OS_NAME}-before-install.sh
-
-install:
-- source src/travis/${TRAVIS_OS_NAME}-install.sh
-
-script:
-# Discover and run all Python unit tests. Buffer output so that it's not sent to the build log.
-- $python -m unittest discover --start-directory ./ --pattern "*_test.py" --buffer
-- touch $gampath/nobrowser.txt
-- $gam version extended
-- $gam version | grep travis # travis should be part of the path (not /tmp or such)
-# determine which Python version GAM is built with and ensure it's at least build version from above.
-- if [[ "$TRAVIS_JOB_NAME" != *"Testing" ]];  then vline=$($gam version | grep "Python "); python_line=($vline); this_python=${python_line[1]}; $python tools/a_atleast_b.py $this_python $MIN_PYTHON_VERSION; fi
-# determine which OpenSSL version GAM is built with and ensure it's at least build version from above.
-- if [[ "$TRAVIS_JOB_NAME" != *"Testing" ]]; then vline=$($gam version extended | grep "OpenSSL "); openssl_line=($vline); this_openssl=${openssl_line[1]}; $python tools/a_atleast_b.py $this_openssl $MIN_OPENSSL_VERSION; fi
-- if [[ "$TRAVIS_JOB_NAME" != *"Testing" ]]; then $gam version extended | grep TLSv1\.[23]; fi # Builds should default TLS 1.2 or 1.3 to Google
-- if [[ "$TRAVIS_JOB_NAME" != *"Testing" ]]; then GAM_TLS_MIN_VERSION=TLSv1_2 $gam version extended location tls-v1-0.badssl.com:1010; [[ $? == 3 ]]; fi # expect fail since server doesn't support our TLS version
-- export jid="$(cut -d'.' -f2 <<<"$TRAVIS_JOB_NUMBER")"
-- if [ "$TRAVIS_EVENT_TYPE" != "pull_request" ]; then export e2e=true; fi
-- if [ "$e2e" = true ]; then export gam_user=gam-travis-$jid@pdl.jaylee.us; fi
-- if [ "$e2e" = true ]; then openssl aes-256-cbc -K $encrypted_ab10ec38326e_key -iv $encrypted_ab10ec38326e_iv -in travis/oauth2service.json.enc -out $gampath/oauth2service.json -d; fi
-- if [ "$e2e" = true ]; then cat travis/cfg_template.json | $python travis/svars-write.py &> /dev/null; fi
-- if [ "$e2e" = true ]; then $gam info domain; fi
-- if [ "$e2e" = true ]; then $gam oauth info; fi
-- if [ "$e2e" = true ]; then $gam oauth refresh; fi
-- if [ "$e2e" = true ]; then $gam info user; fi
-- if [ "$e2e" = true ]; then export tstamp=$(date +%s%3N);
-  export newbase=travis-test-$jid-$tstamp;
-  export newuser=$newbase@pdl.jaylee.us;
-  export newgroup=$newbase-group@pdl.jaylee.us;
-  export newalias=$newbase-alias@pdl.jaylee.us;
-  export newbuilding=$newbase-building;
-  export newresource=$newbase-resource;
-  export GAM_THREADS=5; fi
-- if [ "$e2e" = true ]; then echo email > sample.csv;
-  for i in {01..20};
-    do echo $newbase-bulkuser-$i >> sample.csv;
-  done; fi
-- if [ "$e2e" = true ]; then $gam create user $newuser firstname Travis lastname $jid password random recoveryphone 12125121110 recoveryemail jay0lee@gmail.com travis.jid $jid; fi
-- if [ "$e2e" = true ]; then $gam user $gam_user sendemail recipient $newuser subject "test message $newbase" message "Travis test message"; fi
-- if [ "$e2e" = true ]; then $gam create group $newgroup name "Travis $jid group" description "This is a description" isarchived true; fi
-- if [ "$e2e" = true ]; then $gam user $newuser add license gsuitebusiness; fi
-- if [ "$e2e" = true ]; then $gam update group $newgroup add owner $gam_user; fi
-- if [ "$e2e" = true ]; then $gam update group $newgroup add member $newuser; fi
-- if [ "$e2e" = true ]; then $gam csv sample.csv gam create user ~~email~~ firstname "Travis Bulk" lastname ~~email~~ travis.jid $jid; fi
-- if [ "$e2e" = true ]; then $gam csv sample.csv gam update user ~~email~~ recoveryphone 12125121110 recoveryemail jay0lee@gmail.com password random; fi
-- if [ "$e2e" = true ]; then $gam csv sample.csv gam update user ~~email~~ recoveryphone "" recoveryemail ""; fi
-- if [ "$e2e" = true ]; then $gam csv sample.csv gam user ~email add license gsuitebusiness; fi
-- if [ "$e2e" = true ]; then $gam csv sample.csv gam user $gam_user sendemail recipient ~~email~~@pdl.jaylee.us subject "test message $newbase" message "Travis test message"; fi
-- if [ "$e2e" = true ]; then $gam csv sample.csv gam update group $newgroup add member ~email; fi
-- if [ "$e2e" = true ]; then $gam info group $newgroup; fi
-- if [ "$e2e" = true ]; then $gam user $gam_user check serviceaccount; fi
-- if [ "$e2e" = true ]; then $gam user $newuser imap on; fi
-- if [ "$e2e" = true ]; then $gam user $newuser show imap; fi
-- if [ "$e2e" = true ]; then $gam csv sample.csv gam user $newuser delegate to ~email; fi
-- if [ "$e2e" = true ]; then $gam user $newuser show delegates; fi
-- if [ "$e2e" = true ]; then $gam user $newuser label "✔ unicode checkmark ✔"; fi
-- if [ "$e2e" = true ]; then $gam user $newuser show labels; fi
-- if [ "$e2e" = true ]; then $gam user $newuser show labels > labels.txt; fi
-- if [ "$e2e" = true ]; then $gam user $gam_user importemail subject "Travis import $newbase" message "This is a test import" labels IMPORTANT,UNREAD,INBOX,STARRED; fi
-- if [ "$e2e" = true ]; then $gam user $gam_user insertemail subject "Travis insert $newbase" file gam.py labels INBOX,UNREAD; fi # yep body is gam code
-- if [ "$e2e" = true ]; then $gam user $gam_user sendemail subject "Travis send $gam_user $newbase" file gam.py recipient admin@pdl.jaylee.us; fi
-- if [ "$e2e" = true ]; then $gam user $gam_user draftemail subject "Travis draft $newbase" message "Draft message test"; fi
-- if [ "$e2e" = true ]; then $gam users "$gam_user $newbase-bulkuser-01 $newbase-bulkuser-02 $newbase-bulkuser-03" delete messages query in:anywhere maxtodelete 99999 doit; fi
-- if [ "$e2e" = true ]; then $gam users "$newbase-bulkuser-04 $newbase-bulkuser-05 $newbase-bulkuser-06" trash messages query in:anywhere maxtotrash 99999 doit; fi
-- if [ "$e2e" = true ]; then $gam users "$newbase-bulkuser-07 $newbase-bulkuser-08 $newbase-bulkuser-09" modify messages query in:anywhere maxtomodify 99999 addlabel IMPORTANT addlabel STARRED doit; fi
-- if [ "$e2e" = true ]; then $gam user $newuser delete label --ALL_LABELS--; fi
-- if [ "$e2e" = true ]; then $gam create feature name Whiteboard-$newbase; fi
-- if [ "$e2e" = true ]; then $gam create feature name VC-$newbase; fi
-- if [ "$e2e" = true ]; then $gam create building "My Building - $newbase" id $newbuilding floors 1,2,3,4,5,6,7,8,9,10,11,12,14,15 description "No 13th floor here..."; fi
-- if [ "$e2e" = true ]; then $gam create resource $newresource "Resource Calendar $tstamp" capacity 25 features Whiteboard-$newbase,VC-$newbase building $newbuilding floor 15 type Room; fi
-- if [ "$e2e" = true ]; then $gam info resource $newresource; fi
-- if [ "$e2e" = true ]; then $gam user $newuser show filelist; fi
-- if [ "$e2e" = true ]; then $gam calendar $gam_user printacl | $gam csv - gam calendar $gam_user delete id ~id; fi # clear ACLs
-- if [ "$e2e" = true ]; then $gam calendar $gam_user update read domain; fi
-- if [ "$e2e" = true ]; then $gam calendar $gam_user update freebusy default; fi
-- if [ "$e2e" = true ]; then $gam calendar $gam_user add editor $newuser; fi
-- if [ "$e2e" = true ]; then $gam calendar $gam_user showacl; fi
-- if [ "$e2e" = true ]; then $gam calendar $gam_user printacl | $gam csv - gam calendar $gam_user delete id ~id; fi
-- if [ "$e2e" = true ]; then $gam calendar $gam_user addevent summary "Travis test event" start $(date '+%FT%T.%N%:z' -d "now + 1 hour") end $(date '+%FT%T.%N%:z' -d "now + 2 hours") attendee $newgroup hangoutsmeet guestscanmodify true sendupdates all; fi
-- if [ "$e2e" = true ]; then $gam calendar $gam_user printevents after -0d; fi
-- if [ "$e2e" = true ]; then matterid=uid:$($gam create vaultmatter name "Travis matter $newbase" description "test matter" collaborators $newuser | head -1 | cut -d ' ' -f 3); fi
-- if [ "$e2e" = true ]; then $gam create vaulthold matter $matterid name "Travis hold $newbase" corpus mail accounts $newuser; fi
-- if [ "$e2e" = true ]; then $gam print vaultmatters matterstate open; fi
-- if [ "$e2e" = true ]; then $gam print vaultholds matter $matterid; fi
-- if [ "$e2e" = true ]; then $gam create vaultexport matter $matterid name "Travis export $newbase" corpus mail accounts $newuser; fi
-- if [ "$e2e" = true ]; then $gam print exports matter $matterid | $gam csv - gam info export $matterid id:~~id~~; fi
-- if [ "$e2e" = true ]; then $gam csv sample.csv gam user ~email add calendar id:$newresource; fi
-- if [ "$e2e" = true ]; then $gam delete resource $newresource; fi
-- if [ "$e2e" = true ]; then $gam delete feature Whiteboard-$newbase; fi
-- if [ "$e2e" = true ]; then $gam delete feature VC-$newbase; fi
-- if [ "$e2e" = true ]; then $gam delete building $newbuilding; fi
-- if [ "$e2e" = true ]; then $gam delete group $newgroup; fi
-- if [ "$e2e" = true ]; then $gam create alias $newalias user $newuser; fi
-- if [ "$e2e" = true ]; then $gam whatis $newuser; fi
-- if [ "$e2e" = true ]; then $gam user $gam_user show tokens; fi
-- if [ "$e2e" = true ]; then $gam print exports matter $matterid | $gam csv - gam download export $matterid id:~~id~~; fi
-- if [ "$e2e" = true ]; then $gam delete hold "Travis hold $newbase" matter $matterid; fi
-- if [ "$e2e" = true ]; then $gam update matter $matterid action close; fi
-- if [ "$e2e" = true ]; then $gam update matter $matterid action delete; fi
-- if [ "$e2e" = true ]; then $gam delete user $newuser; fi
-- if [ "$e2e" = true ]; then $gam print users query "travis.jid=$jid" | $gam csv - gam delete user ~primaryEmail; fi
-- if [ "$e2e" = true ]; then $gam print mobile; fi
-- if [ "$e2e" = true ]; then $gam print cros allfields nolists; fi
-- if [ "$e2e" = true ]; then $gam report usageparameters customer; fi
-- if [ "$e2e" = true ]; then $gam report usage customer parameters gmail:num_emails_sent,accounts:num_1day_logins; fi
-- if [ "$e2e" = true ]; then $gam report customer todrive; fi
-- if [ "$e2e" = true ]; then $gam report users fields accounts:is_less_secure_apps_access_allowed,gmail:last_imap_time,gmail:last_pop_time filters "accounts:last_login_time>2019-01-01T00:00:00.000Z" todrive; fi
-- if [ "$e2e" = true ]; then $gam report admin start -3d todrive; fi
-- if ([ "$e2e" = true ] && [[ "$TRAVIS_JOB_NAME" != *"Testing" ]]); then
-    for gamfile in gam-$GAMVERSION-*; do
-      fileid=$($gam user $gam_user add drivefile localfile $gamfile drivefilename $GAMVERSION-${TRAVIS_COMMIT:0:7}-$gamfile parentid 1N2zbO33qzUQFsGM49-m9AQC1ijzd_ru1 returnidonly);
-      $gam user $gam_user add drivefileacl $fileid anyone role reader withlink;
-    done;
-  fi
-
-before_deploy:
-- export TRAVIS_TAG="preview"
-- unset LD_LIBRARY_PATH
-
-deploy:
-  provider: releases
-  token:
-    secure: bzambMcQwyv/o5c5GrKGCsZHgE5R85tg8sNFvPfpISz3+uosCjnBXas7wvCKzT75XUFi2ztfbYak6HdKf4sGnNHk0saEicB3slH+ghPyZbYzp76yvvduhFO2nWW3/F01tL+Yfqqt4/q8wFaWGjrC5km+6GLVyB4lWA/Uyu49qKnz02uSwyhBD/VFbO7DOQ65a1iWk9HngyMsu0Oi7HIbSjSLtxTHedNfOf3waW0NivTTxYXiYGX/MCu3GWhgIGj47a+H3A6FcQ/9QWvnKgnoixdgPBUz7kDb7ktsWwQsILPGStgH7iMuG49ZlXdEFmqwifBri2wvzmFEevBGZjHcupy1IGrNFRG+IUGKMotio+OkLHlLjuv7ZJtqCz/Vf5SNFgNyMSanx6jKEUJuYvndVg99IRXmYVwHFwPu5BAcJACpU6C0AfyGmmSqqwxCd46uXL62ynxNFpHuRfOqlDnmCTfZgjOciJSlDDpf+Xz9fF7+oCoeCi3mrcZVFjhd3tT6Oxw5HrsDtm0ZNld1cdLidaq8H6vOFgHMd0A9yNYZzTzXTvpmxzkXT4Zc7s+PYKN6z5fRZ+pJeckUjRXblvVEfs5HFSymavcOc5AkRwxpvOsTQMNmlnaJCBo5UNs0K/rVmRi5cFmaiwTcBCY0kTllOBJ4zWsfq8seiokWwNUNK2g=
-  file_glob: true
-  overwrite: true
-  file: gam-$GAMVERSION-*
-  skip_cleanup: true
-  draft: true
-  on:
-    repo: jay0lee/GAM
-    condition: $TRAVIS_JOB_NAME != *"Testing"

README.md

@@ -1,4 +1,6 @@
-GAM is a command line tool for Google G Suite Administrators to manage domain and user settings quickly and easily. [![Build Status](https://travis-ci.org/jay0lee/GAM.svg?branch=master)](https://travis-ci.org/jay0lee/GAM)
+GAM is a command line tool for Google Workspace (fka G Suite) Administrators to manage domain and user settings quickly and easily.
+
+![Build Status](https://github.com/jay0lee/GAM/workflows/Build%20and%20test%20GAM/badge.svg)
 # Quick Start
 ## Linux / MacOS
 Open a terminal and run:
@@ -12,8 +14,8 @@ Download the MSI Installer from the [GitHub Releases] page. Install the MSI and
 The GAM documentation is hosted in the [GitHub Wiki]
 # Mailing List / Discussion group
 The GAM mailing list / discussion group is hosted on [Google Groups].  You can join the list and interact via email, or just post from the web itself.
-# IM Room
-[![Join the chat at https://gitter.im/jay0lee-GAM/community](https://badges.gitter.im/jay0lee-GAM/community.svg)](https://gitter.im/jay0lee-GAM/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+# Chat Room
+There is a public chat room hosted in Google Chat. [Instructions to join](https://git.io/gam-chat).
 # Author
 GAM is maintained by <a href="mailto:jay0lee@gmail.com">Jay Lee</a>. Please direct "how do I?" questions to [Google Groups].
 

src/GamCommands.txt

@@ -67,21 +67,15 @@ If an item contains spaces, it should be surrounded by ".
 	gpresentation|
 	gscript|
 	gsite|
-	gsheet|gspreadsheet
+	gsheet|gspreadsheet|
+	gshortcut|
+	g3pshortcut
 <ProductID> ::=
 	Google-Apps|
 	Google-Chrome-Device-Management|
-	Google-Coordinate|
 	Google-Drive-storage|
 	Google-Vault|
-	101001|101005|101031
-<ProductID> ::=
-	Google-Apps|
-	Google-Chrome-Device-Management|
-	Google-Coordinate|
-	Google-Drive-storage|
-	Google-Vault|
-	101001|101005|101006|101031|101033|101034
+	101001|101005|101031|101033|101034|101037
 <SKUID> ::=
 	cloudidentity|identity|1010010001|
 	cloudidentitypremium|identitypremium|1010050001|
@@ -91,14 +85,25 @@ If an item contains spaces, it should be surrounded by ".
 	gams|postini|gsuitegams|gsuitepostini|gsuitemessagesecurity|Google-Apps-For-Postini|
 	gal|gsl|lite|gsuitelite|Google-Apps-Lite|
 	gau|gsb|unlimited|gsuitebusiness|Google-Apps-Unlimited|
-	gae|gse|enterprise|gsuiteenterprise|1010020020|
+	gwep|workspaceeducationplus|1010310008|
+	gwepstaff|workspaceeducationplusstaff|1010310009|
+	gwepstudent|workspaceeducationplusstudent|1010310010|
+	gwes|workspaceeducationstandard|1010310005|
+	gwesstaff|workspaceeducationstandardstaff|1010310006|
+	gwesstudent|workspaceeducationstandardstudent|1010310007|
+	gwetlu|workspaceeducationupgrade|1010370001|
+	wsentplus|workspaceenterpriseplus|gae|gse|enterprise|gsuiteenterprise|1010020020|
+	wsbizplus|workspacebusinessplus|1010020025|
+	wsentstan|workspaceenterprisestandard|'1010020026|
+	wsbizstart|workspacebusinessstarter|1010020027|
+	wsbizstan|workspacebusinessstandard|1010020028|
 	gsefe|e4e|gsuiteenterpriseeducation|1010310002|
 	gsefes|e4es|gsuiteenterpriseeducationstudent|1010310003|
 	gsbau|businessarchived|gsuitebusinessarchived|
 	gseau|enterprisearchived|gsuiteenterprisearchived|
 	chrome|cdm|googlechromedevicemanagement|Google-Chrome-Device-Management|
-	coordinate|googlecoordinate|Google-Coordinate|
-	d4e|driveenterprise|drive4enterprise|
+	wsess|workspaceesentials|gsuiteessentials|essentials|d4e|driveenterprise|drive4enterprise|1010060001|
+	wsentess|workspaceenterpriseessentials|1010060003|
 	drive20gb|20gb|googledrivestorage20gb|Google-Drive-storage-20GB|
 	drive50gb|50gb|googledrivestorage50gb|Google-Drive-storage-50GB|
 	drive200gb|200gb|googledrivestorage200gb|Google-Drive-storage-200GB|
@@ -109,7 +114,8 @@ If an item contains spaces, it should be surrounded by ".
 	drive8tb|8tb|googledrivestorage8tb|Google-Drive-storage-8TB|
 	drive16tb|16tb|googledrivestorage16tb|Google-Drive-storage-16TB|
 	vault|googlevault|Google-Vault|
-	vfe|googlevaultformeremployee|Google-Vault-Former-Employee
+	vfe|googlevaultformeremployee|Google-Vault-Former-Employee|
+	workspacefrontline|workspacefrontlineworker|1010020030
 
 ## Basic items built from primitives
 
@@ -142,7 +148,10 @@ If an item contains spaces, it should be surrounded by ".
 <AccessToken> ::= <String>
 <ACLScope> ::= [user:]<EmailAddress>|group:<EmailAddress>|domain[:<DomainName>]|default
 <APIScopeURL> ::= <String>
+<APPID> ::= <String>
 <ASPID> ::= <String>
+<AssetTag> ::= <String>
+<BrowserTokenPermanentID> ::= <String>
 <BuildingID> ::= <String>|id:<String>
 <CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer
 <CalendarACLRuleID> ::= user:<EmailAddress>|group:<EmailAddress>|domain:<DomainName>|default
@@ -158,6 +167,9 @@ If an item contains spaces, it should be surrounded by ".
 <CourseState> ::= active|archived|provisioned|declined
 <CrOSID> ::= <String>
 <CustomerID> ::= <String>
+<DeviceID> ::= devices/<String>
+<DeviceType> ::= android|chrome_os|google_sync|ios|linux|mac_os|windows
+<DeviceUserID> ::= devices/<String>/deviceUsers/<String>
 <DomainAlias> ::= <String>
 <DriveFileACLRole> ::= commenter|contentmanager|editor|fileorganizer|organizer|owner|reader|writer
 <DriveFileID> ::= <String>
@@ -200,11 +212,10 @@ If an item contains spaces, it should be surrounded by ".
 <Password> ::= <String>
 <PermissionID> ::= id:<String>|<EmailAddress>|anyone|anyonewithlink
 <PrinterID> ::= <String>
-<PrintJobAge> ::= <Number>[m|h|d]
-<PrintJobID> ::= <String>
-<PrintJobStatus> ::= done|error|held|in_progress|queued|submitted
 <PropertyKey> ::= <String>
 <PropertyValue> ::= <String>
+<QueryBrowser> ::= <String> See: https://support.google.com/chrome/a/answer/9681204#retrieve_all_chrome_devices_for_an_account
+<QueryBrowserToken> ::= <String> See: https://support.google.com/chrome/a/answer/9949706?ref_topic=9301744
 <QueryCalendar> ::= <String>
 <QueryContact> ::= <String> See: https://developers.google.com/google-apps/contacts/v3/reference#contacts-query-parameters-reference
 <QueryCrOS> ::= <String> See: https://support.google.com/chrome/a/answer/1698333?hl=en
@@ -212,8 +223,6 @@ If an item contains spaces, it should be surrounded by ".
 <QueryGmail> ::= <String> See: https://support.google.com/mail/answer/7190
 <QueryGroup> ::= <String> See: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups
 <QueryMobile> ::= <String> See: https://support.google.com/a/answer/7549103
-<QueryPrinter> ::= <String> See: https://developers.google.com/cloud-print/docs/appInterfaces#search
-<QueryPrintJob> ::= <String> See: https://developers.google.com/cloud-print/docs/appInterfaces#parameters_3
 <QueryUser> ::= <String> See: https://developers.google.com/admin-sdk/directory/v1/guides/search-users
 <QueryVaultCorpus> ::= <String> See: https://developers.google.com/vault/reference/rest/v1/matters.holds#CorpusQuery
 <RequestID> ::= <String>
@@ -305,6 +314,7 @@ If an item contains spaces, it should be surrounded by ".
 	appdatacontents|
 	cancomment|
 	canreadrevisions|
+	contentrestrictions|
 	copyable|
 	copyrequireswriterpermission|
 	createddate|createdtime|
@@ -481,9 +491,6 @@ If an item contains spaces, it should be surrounded by ".
 	description|id|inherit|name|orgunitpath|parent|parentid|inherit
 <OrgUnitFieldNameList> ::= "<OrgUnitFieldName>(,<OrgUnitFieldName>)*"
 
-<PrintJobOrderByFieldName> ::=
-	create_time|status|title
-
 <ResourceFieldName> ::=
 	buildingid|
 	capacity|
@@ -557,6 +564,7 @@ Items, separated by spaces, with spaces, commas or single quotes in the items th
 <ACLList> ::= "<ACLScope>(,<ACLScope>)*"
 <APIScopeURLList> ::= "<APIScopeURL>(,<APIScopeURL>)*"
 <ASPIDList> ::= "<ASPID>(,<ASPID>)*"
+<AssetTagList> ::= "<AssetTag>(,<AssetTa>g)*"
 <CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
 <ChatRoomList> ::= "<ChatRoom>(,<ChatRoom>)*"
 <CollaboratorItemList> ::= "<CollaboratorItem>(,<CollaboratorItem>)*"
@@ -583,12 +591,10 @@ Items, separated by spaces, with spaces, commas or single quotes in the items th
 <MembersFieldNameList> ::= "<MembersFieldName>(,<MembersFieldName>)*"
 <MobileList> ::= "<MobileId>(,<MobileId>)*"
 <OrgUnitList> ::= "<OrgUnitPath>(,<OrgUnitPath>)*"
-<PrinterIDList> ::= "<PrinterID>(,<PrinterID>)*"
+<PrinterIDList> ::= "<PrinterID>)(,<PrinterID>)*"
 <ProductIDList> ::= "(<ProductID>|SKUID>)(,<ProductID>|SKUID>)*"
-<PrintJobIDList> ::= "<PrintJobID>(,<PrintJobID>)*"
 <QueryCrOSList> ::= "<QueryCrOS>(,<QueryCrOS>)*"
 <QueryMobileList> ::= "<QueryMobile>(,<QueryMobile>)*"
-<QueryPrinterList> ::= "<QueryPrinter>(,<QueryPrinter>)*"
 <QueryUserList> ::= "<QueryUser>(,<QueryUser>)*"
 <ResourceIDList> ::= "<ResourceID>(,<ResourceID>)*"
 <SKUIDList> ="<SKUID>(,<SKUID>)*"
@@ -642,7 +648,7 @@ Specify a collection of Users by directly specifying them or by specifiying item
 
 ## Item attributes
 
-<BuildingAttributes> ::=
+<BuildingAttribute> ::=
 	(description <String>)|
 	(floors <FloorNameList>)|
 	(id <String>)|
@@ -650,7 +656,7 @@ Specify a collection of Users by directly specifying them or by specifiying item
 	(longitude <Float>)|
 	(name <String>)
 
-<CalendarAttributes> ::=
+<CalendarAttribute> ::=
 	(selected <Boolean>)|(hidden <Boolean>)|(summary <String>)|(colorindex|colorid <CalendarColorIndex>)|(backgroundcolor <ColorValue>)|(foregroundcolor <ColorValue>)|
 	(reminder clear|(email|sms|pop <Number>))|
 	(notification clear|(email|sms eventcreation|eventchange|eventcancellation|eventresponse|agenda))
@@ -658,7 +664,7 @@ Specify a collection of Users by directly specifying them or by specifiying item
 <CalendarSettings> ::=
 	(summary <String>)|(description <String>)|(location <String>)|(timezone <TimeZone>)
 
-<CourseAttributes> ::=
+<CourseAttribute> ::=
 	(description <String>)|
 	(heading <String>)|
 	(name <String>)|
@@ -667,27 +673,37 @@ Specify a collection of Users by directly specifying them or by specifiying item
 	(state|status <CourseState>)|
 	(owner|ownerid|teacher <UserItem>)
 
-<CrOSAttributes> ::=
+<CrOSAttribute> ::=
 	(asset|assetid|tag <String>)|
 	(location <String>)|
 	(notes <String>)|
 	(org|ou <OrgUnitPath>)|
 	(user <Name>)
 
-<DriveFileAddAttributes> ::=
+<CIGroupAttribute> ::=
+	(description <String>)|
+	(name <String>)
+
+<DriveFileAddAttribute> ::=
 	(localfile <FileName>)|
 	(convert)|(ocr)|(ocrlanguage <Language>)|
 	(restricted|restrict)|(starred|star)|(trashed|trash)|(viewed|view)|
+	(contentrestrictions readonly false)|
+	(contentrestrictions readonly true [reason <String>])|
 	copyrequireswriterpermission|
 	(lastviewedbyme <Time>)|(modifieddate|modifiedtime <Time>)|(description <String>)|(mimetype <MimeType>)|
-	(parentid <DriveFolderID>)|(parentname <DriveFolderName>)|(anyownerparentname <DriveFolderName>)|writerscantshare
-<DriveFileUpdateAttributes> ::=
+	(parentid <DriveFolderID>)|(parentname <DriveFolderName>)|(anyownerparentname <DriveFolderName>)|writerscantshare|writerscanshare
+	(shortcut <DriveFileID>)
+<DriveFileUpdateAttribute> ::=
 	(localfile <FileName>)|
 	(convert)|(ocr)|(ocrlanguage <Language>)|
 	(restricted|restrict <Boolean>)|(starred|star <Boolean>)|(trashed|trash <Boolean>)|(viewed|view <Boolean>)|
+	(contentrestrictions readonly false)|
+	(contentrestrictions readonly true [reason <String>])|
 	(copyrequireswriterpermission <Boolean>)|
 	(lastviewedbyme <Time>)|(modifieddate <Time>)|(description <String>)|(mimetype <MimeType>)|
-	(parentid <DriveFolderID>)|(parentname <DriveFolderName>)|(anyownerparentname <DriveFolderName>)|writerscantshare
+	(parentid <DriveFolderID>)|(parentname <DriveFolderName>)|(anyownerparentname <DriveFolderName>)|writerscantshare|writerscanshare
+	(shortcut <DriveFileID>)
 <GroupSettingsAttribute> ::=
 	(allowexternalmembers <Boolean>)|
 	(allowwebposting <Boolean>)|
@@ -756,13 +772,7 @@ Specify a collection of Users by directly specifying them or by specifiying item
 <MobileAction> ::=
 	admin_remote_wipe|wipe|admin_account_wipe|accountwipe|wipeaccount|approve|block|cancel_remote_wipe_then_activate|cancel_remote_wipe_then_block
 
-<PrinterAttributes> ::= (currentquota <Number>)|(dailyquota <Number>)|
-	(defaultdisplayname <String>)|(description <String>)|(displayname <String>)|(firmware <String>)|(gcpversion <String>)|
-	(istosaccepted <Boolean>)|(manufacturer <String>)|(model <String>)|(name <String>)|(ownerid <EmailAddress>)|(proxy <String>)|(public <Boolean>)|
-	(quotaenabled <Boolean>)|(status <Number>)|(type <String>)|(uuid <String>)|
-	(setupurl <URL>)|(supporturl <URL>)|(updateurl <URL>)
-
-<ResourceAttributes> ::=
+<ResourceAttribute> ::=
 	(buildingid <BuildingID>)|
 	(capacity <Number>)|
 	(category other|room|conference_room|category_unknown)|
@@ -796,7 +806,7 @@ Specify a collection of Users by directly specifying them or by specifiying item
 	(recoveryphone <string>)|
 	(suspended <Boolean>)|
 	(<SchemaName>.<FieldName> [multivalued|multivalue|value|multinonempty [type home|other|work|(custom <String>)]] <String>)
-<UserMultiAttributes> ::=
+<UserMultiAttribute> ::=
 	(address clear|(type home|other|work|(custom <String>) [unstructured|formatted <String>] [pobox <String>] [extendedaddress <String>] [streetaddress <String>]
 		[locality <String>] [region <String>] [postalcode <String>] [country <String>] [countrycode <String>] notprimary|primary))|
 	(otheremail clear|(home|other|work|<String> <String>))|
@@ -841,7 +851,7 @@ gam show projects [<EmailAddress>] [all|gam|<ProjectID>|(filter <String>)]
 gam print projects [<EmailAddress>] [all|gam|<ProjectID>|(filter <String>)] [todrive]
 
 gam rotate sakey|sakeys [retain_none|retain_existing|replace_current]
-         [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|(localkeysize 1024|2048|4096)]
+	[(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|(localkeysize 1024|2048|4096)]
 gam delete sakey|sakeys <ServiceAccountKeyList>+ [doit]
 gam show sakey|sakeys [all|system|user]
 
@@ -855,7 +865,7 @@ gam <UserTypeEntity> check serviceaccount [scope|scopes <APIScopeURLList>]
 
 gam whatis <EmailItem>
 
-<ResoldCustomerAttributes> ::=
+<ResoldCustomerAttribute> ::=
 	(email|alternateemail <EmailAddress>)|
 	(contact|contactname <String>)|
 	(phone|phonenumber <String>)|
@@ -868,7 +878,7 @@ gam whatis <EmailItem>
 	(zipcode|postal|postalcode <String>)|
 	(country|countrycode <String>)
 
-gam create resoldcustomer <CustomerDomain> (customer_auth_token <String>) <ResoldCustomerAttributes>+
+gam create resoldcustomer <CustomerDomain> (customer_auth_token <String>) <ResoldCustomerAttribute>+
 gam update resoldcustomer <CustomerID> [customer_auth_token <String>] <ResoldCustomerAttribues>+
 gam info resoldcustomer <CustomerID>
 
@@ -943,6 +953,9 @@ gam report <ActivityApplicationName> [todrive]
 gam create admin <UserItem> <RoleItem> customer|(org_unit <OrgUnitItem>)
 gam delete admin <RoleAssignmentId>
 gam print admins [todrive] [user <UserItem>] [role <RoleItem>]
+gam create adminrole <String> privileges all|all_ou|<PrivilegesList> [description <String>]
+gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegesList>] [description <String>]
+gam delete adminrole <RoleItem>
 gam print adminroles|roles [todrive]
 
 gam create domain <DomainName>
@@ -956,7 +969,7 @@ gam delete domainalias|aliasdomain <DomainAlias>
 gam info domainalias|aliasdomain <DomainAlias>
 gam print domainaliases|aliasdomains [todrive]
 
-<CustomerAttributes> ::=
+<CustomerAttribute> ::=
 	(primary <DomainName>)|
 	(adminsecondaryemail|alternateemail <EmailAddress>)|
 	(contact|contactname <String>)|
@@ -971,12 +984,14 @@ gam print domainaliases|aliasdomains [todrive]
 	(zipcode|postal|postalcode <String>)|
 	(country|countrycode <String>)
 
-gam update customer <CustomerAttributes>*
+gam update customer <CustomerAttribute>*
 
 gam info customer
 
 <DataTransferService> ::=
 	calendar|
+	currents|
+	datastudio|"google data studio"|
 	googledrive|gdrive|drive|"drive and docs"
 <DataTransferServiceList> ::= "<DataTransferService>(,<DataTransferService>)*"
 
@@ -993,15 +1008,15 @@ gam delete org|ou <OrgUnitPath>
 gam info org|ou <OrgUnitPath> [nousers|notsuspended|suspended] [children|child]
 gam print orgs|ous [todrive] [toplevelonly] [from_parent <OrgUnitPath>] [allfields|(fields <OrgUnitFieldNameList>)]
 
-gam create alias|nickname <EmailAddress> user|group|target <UniqueID>|<EmailAddress>
-gam update alias|nickname <EmailAddress> user|group|target <UniqueID>|<EmailAddress>
+gam create alias|nickname <EmailAddress> user|group|target <UniqueID>|<EmailAddress> [verifynotinvitable]
+gam update alias|nickname <EmailAddress> user|group|target <UniqueID>|<EmailAddress> [verifynotinvitable]
 gam delete alias|nickname [user|group|target] <UniqueID>|<EmailAddress>
 gam info alias|nickname <EmailAddress>
 gam print aliases|nicknames [todrive] [shownoneditable] [nogroups] [nousers] [(query <QueryUser>)|(queries <QueryUserList)]
 
-gam calendar <CalendarItem> add <CalendarACLRole> ([user] <EmailAddress>)|(group <EmailAddress>)|(domain [<DomainName>])|default [sendnotifications <Boolean>]
-gam calendar <CalendarItem> update <CalendarACLRole> ([user] <EmailAddress>)|(group <EmailAddress>)|(domain [<DomainName>])|default [sendnotifications <Boolean>]
-gam calendar <CalendarItem> del|delete <CalendarACLRole> <EmailAddress>|(domain [<DomainName>])|default
+gam calendar <CalendarItem> add <CalendarACLRole> ([user] <EmailAddress>)|(group <EmailAddress>)|(domain <DomainName>) [sendnotifications <Boolean>]
+gam calendar <CalendarItem> update <CalendarACLRole> ([user] <EmailAddress>)|(group <EmailAddress>)|(domain <DomainName>)|domain|default [sendnotifications <Boolean>]
+gam calendar <CalendarItem> del|delete ([user] <EmailAddress>)|(group <EmailAddress>)|(domain <DomainName>)|domainx|default
 gam calendar <CalendarItem> del|delete id <CalendarACLRuleID>
 gam calendar <CalendarItem> showacl
 gam calendar <CalendarItem> printacl [todrive]
@@ -1014,14 +1029,17 @@ The following attributes are equivalent:
 	sendnotifications false - sendupdates none
 	sendnotifications true - sendupdates all
 
-<EventAttributes> ::=
+<EventAttribute> ::=
 	anyonecanaddself|
 	(attendee <EmailAddress>)|
 	available|
 	(colorindex|colorid <EventColorIndex>)
 	(description <String>)|
 	(end (allday <Date>)|<Time>)|
+	(guestscaninviteothers <Boolean>)|
 	guestscantinviteothers|
+	(guestscanmodify <Boolean>)|
+	(guestscanseeothers <Boolean>)|
 	guestscantseeothers|
 	hangoutsmeet|
 	(location <String>)|
@@ -1037,8 +1055,8 @@ The following attributes are equivalent:
 	(timezone <Timezone>)|
 	(visibility default|public|prvate)
 
-<EventUpdateAttributes> ::=
-	<EventAttributes>|
+<EventUpdateAttribute> ::=
+	<EventAttribute>|
 	(removeattendee <EmailAddress>)|
 	(replacedescription <RegularExpression> <String>)
 
@@ -1053,10 +1071,10 @@ The following attributes are equivalent:
 <EventDisplayProperty> ::=
 	(timezone <TimeZone>)
 
-gam calendar <CalendarItem> addevent [id <String>] <EventAttributes>+ [<EventNotificationAttribute>]
+gam calendar <CalendarItem> addevent [id <String>] <EventAttribute>+ [<EventNotificationAttribute>]
 gam calendar <CalendarItem> deleteevent id|eventid <EventID> [doit] [<EventNotificationAttribute>]
 gam calendar <CalendarItem> moveevent id|eventid <EventID> [doit] [<EventNotificationAttribute>]
-gam calendar <CalendarItem> updateevent <EventID> <EventUpdateAttributes>+ [<EventNotificationAttribute>]
+gam calendar <CalendarItem> updateevent <EventID> <EventUpdateAttribute>+ [<EventNotificationAttribute>]
 gam calendar <CalendarItem> wipe
 gam calendar <CalendarItem> printevents <EventSelectProperty>* <EventDisplayProperty>* [todrive]
 
@@ -1068,7 +1086,107 @@ gam calendar <CalendarItem> printevents <EventSelectProperty>* <EventDisplayProp
 
 gam calendar <CalendarItem> modify <CalendarSettings>+
 
-gam update cros <CrOSEntity> (<CrOSAttributes>+)|(action deprovision_same_model_replace|deprovision_different_model_replace|deprovision_retiring_device|disable|reenable [acknowledge_device_touch_requirement])
+<BrowserAttribute> ::=
+	(assetid <String>)|
+	(location <String>)|
+	(notes <String>)|
+	(user <String>
+
+<BrowserFieldName> ::=
+	annotatedAssetId|
+	annotatedLocation|
+	annotatedNotes|
+	annotatedUser|
+	browsers|
+	browserVersions|
+	deviceId|
+	extensionCount|
+	installedBrowserVersion|
+	lastActivityTime|
+	lastDeviceUser|
+	lastDeviceUsers|
+	lastPolicyFetchTime|
+	lastRegistrationTime|
+	lastStatusReportTime|
+	machineName|
+	machinePolicies|
+	orgUnitPath|
+	osArchitecture|
+	osPlatform|
+	osPlatformVersion|
+	osVersion|
+	orgUnitPath|
+	policyCount|
+	safeBrowsingClickThroughCount|
+	serialNumber|
+	virtualDeviceId
+<BrowserFieldNameList> ::= "<BrowseFieldName>(,<BrowserFieldName>)*"
+
+gam move browsers ou|org|orgunit <OrgUnitPath>
+	((ids <DeviceIDList>) |
+	 (query <QueryBrowser>) |
+	 (file  <FileName>) |
+	 (csvfile <FileName>:<FieldName>))
+	[batchsize <Integer>]
+gam update browser <DeviceID> <BrowserAttibute>+
+
+gam info browser <DeviceID>
+	[basic|full]
+	[fields <BrowserFieldNameList>]
+
+gam print browsers [todrive]
+	[ou|org|orgunit <OrgUnitPath>] [query <QueryBrowser>]
+	[projection basic|full]
+	[fields <BrowserFieldNameList>]
+	[sortheaders]
+
+gam create browsertoken
+	[ou|org|orgunit <OrgUnitPath>] [expire|expires <Time>]
+gam revoke browsertoken <BrowserTokenPermanentID>
+
+<BrowserTokenFieldName> ::=
+	createTime|
+	creatorId|
+	customerId|
+	expireTime|
+	orgUnitPath|
+	revokeTime|
+	revokerId|
+	state|
+	token|
+	tokenPermanentId
+<BrowserTokenFieldNameList> ::= "<BrowseTokenFieldName>(,<BrowserTokenFieldName>)*"
+
+gam show browsertokens
+	[query <QueryBrowserToken>]
+	[fields <BrowserTokenFieldNameList>]
+
+gam print browsertokens [todrive]
+	[query <QueryBrowserToken>]
+	[fields <BrowserTokenFieldNameList>]
+	[sortheaders]
+
+<CrOSAction> ::=
+	deprovision_same_model_replace|
+	deprovision_different_model_replace|
+	deprovision_retiring_device|
+	deprovision_upgrade_transfer|
+	disable|
+	reenable
+
+gam update cros <CrOSEntity> action <CrOSAction> [acknowledge_device_touch_requirement]
+
+<CrOSCommand>
+	wipe_users|
+	remote_powerwash|
+	reboot|
+	set_volume <0-100>|
+	take_a_screenshot
+
+gam issuecommand cros <CrOSEntity> command <CrOSCommand> [times_to_check_status <0-1000+>] [doit]
+gam getcommand cros <CrOSEntity> commandid <CommandID> [times_to_check_status <0-1000+>]
+
+gam update cros <CrOSEntity> <CrOSAttribute>+
 gam info cros <CrOSEntity> [nolists] [listlimit <Number>] [start <Date>] [end <Date>]
 	[basic|full|allfields] <CrOSFieldName>* [fields <CrOSFieldNameList>] [downloadfile latest|<Time>] [targetfolder <FilePath>]
 
@@ -1116,14 +1234,151 @@ The listlimit <Number> argument limits the number of recent users, time ranges a
 The start <Date> and end <Date> arguments filter the time ranges.
 Delimiter defaults to comma.
 
+gam print chromeapps [todrive]
+	[ou|org|orgunit <OrgUnitItem>]
+	[filter <String>]
+	[orderby appname|apptype|installtype|numberofpermissions|totalinstallcount]
+
+gam print chromeappdevices [todrive]
+	appid <AppID> apptype extension|app|theme|hostedapp|androidapp
+	[ou|org|orgunit <OrgUnitItem>]
+	[start <Date>] [end <Date>]
+	[orderby deviceid|machine]
+
+gam print chromeversions [todrive]
+	[ou|org|orgunit <OrgUnitItem>]
+	[start <Date>] [end <Date>] [recentfirst]
+
+<ChromePlatformType>> ::=
+	all'|
+	android'|
+	ios'|
+	lacros'|
+	linux'|
+	mac'|
+	macarm64'|
+	sebview'|
+	win'|
+	win64'
+<ChromeChannelType> ::=
+	beta'|
+	canary'|
+	canaryasan'|
+	dev'|
+	stable'
+<ChromeVersionsOrderByFieldName> ::=
+	channel|
+	name|
+	platform|
+	version|
+<ChromeReleasesOrderByFieldName> ::= 
+	channel|
+	endtime|
+	fraction|
+	name|
+	platform|
+	starttime|
+	version
+
+gam print chromehistory platforms [todrive]
+gam print chromehistory channels [todrive]
+	[platform <ChromePlatformType>]
+gam print chromehistory versions [todrive]
+	[platform <ChromePlatformType>] [channel <ChromeChannelType>]
+	[filter <String>]
+        (orderby <ChromeVersionsOrderByFieldName> [ascending|descending])*
+gam print chromehistory releases [todrive]
+	[platform <ChromePlatformType>] [channel <ChromeChannelType>] [version <String>]
+	[filter <String>]
+        (orderby <ChromeReleasessOrderByFieldName> [ascending|descending])*
+
+gam delete chromepolicy <SchemaName>+ ou|org|orgunit <OrgUnitItem> [(printerid <PrinterID>)|(appid <AppID>)]
+gam update chromepolicy (<SchemaName> (<Field> <Value>)+)+ ou|org|orgunit <OrgUnitItem> [(printerid <PrinterID>)|(appid <AppID>)]
+gam show chromepolicy ou|org|orgunit <OrgUnitItem> [(printerid <PrinterID>)|(appid <AppID>)]
+gam show chromeschema [filter <String>]
+
+<DeviceID> ::= devices/<String>
+<DeviceType> ::= android|chrome_os|google_sync|ios|linux|mac_os|windows
+<DeviceUserID> ::= devices/<String>/deviceUsers/<String>
+<DeviceOrderbyFieldName> ::= 
+	createtime|devicetype|lastsynctime|model|osversion|serialnumber
+
+gam create device serialnumber <String> devicetype <DeviceType> [assetid <String>]
+gam info device [id] <DeviceID>
+gam delete device [id] <DeviceID>
+gam cancelwipe device [id] <DeviceID>
+gam wipe device [id] <DeviceID>
+gam print devices [todrive] [filter|query <QueryDevice>]
+	[orderby <DeviceOrderByFieldName> [ascending|descending]]
+	[company|personal|nocompanydevices|nopersonaldevices]
+	[nodeviceusers]
+gam sync devices [filter|query <QueryDevice>]
+	csvfile <FileName>
+	(devicetype_column <String>)|(static_devicetype <DeviceType>)
+	serialnumber_column <String>
+	[assettag_column <String>]
+	[unassigned_missing_action delete|wipe|donothing]
+	[assigned_missing_action delete|wipe|donothing]
+
+gam approve deviceuser [id] <DeviceUserID>
+gam block deviceuser [id] <DeviceUserID>
+gam delete deviceuser [id] <DeviceUserID>
+gam cancelwipe deviceuser [id] <DeviceUserID>
+gam wipe deviceuser [id] <DeviceUserID>
+
+gam info deviceuserstate [id] <DeviceUserID> [clientid <String>]
+gam update deviceuserstate [id] <DeviceUserID> [clientid <String>]
+	[customid <String>] [assettags clear|<AssetTagList>]
+	[compliantstate|compliancestate compliant|noncompliant] [managedstate clear|managed|unmanaged]
+	[healthscore very_poor|poor|neutral|good|very_good] [scorereason clear|<String>]
+	(customvalue (bool <Boolean>)|(number <Integer>)|(string <String>))*
+
 gam update mobile <MobileID>|query:<QueryMobile> action <MobileAction> [doit] [if_users|match_users <UserTypeEntity>]
 gam delete mobile <MobileID>
 gam info mobile <MobileID>
 gam print mobile [todrive] [(query <QueryMobile>)|(queries <QueryMobileList>)] [basic|full] [orderby <MobileOrderByFieldName> [ascending|descending]]
 	fields <MobileFieldNameList>] [delimiter <Character>] [appslimit <Number>] [listlimit <Number>]
 
-gam create group <EmailAddress> <GroupAttributes>*
-gam update group <GroupItem> [email <EmailAddress>] <GroupAttributes>*
+<PrinterAttribute> ::=
+	(description <String>)|
+	(displayname <String>)|
+	(makeandmodel <String>)|
+	(ou|org|orgunit|orgunitid <OrgUnitItem>)|
+	(ownerid <EmailAddress>)|
+	(uri <String>)|
+	(driverless|usedriverlessconfig)
+
+gam create printer <PrinterAttribute>+
+gam update printer <PrinterID> <PrinterAttribute>+
+gam delete printer <PrinterIDList>|(file <FileName>)|(csvfile <FileName>:<FieldName>)
+
+gam info printer <PrinterID>
+gam print printers [todrive] [filter <String>]
+gam print printermodels [todrive] [filter <String>]
+
+gam create cigroup <EmailAddress> <CIGroupAttribute>*
+	[makeowner] [alias|aliases <AliasList>] [dynamic <QueryDynamicGroup>]
+gam update cigroup <GroupItem> [email <EmailAddress>] <CIGroupAttribute>* [security]
+gam update cigroup <GroupItem> add [owner|manager|member] [notsuspended|suspended] [expires never|<Time>] <UserTypeEntity>
+gam update cigroup <GroupItem> delete|remove [owner|manager|member] [notsuspended|suspended] <UserTypeEntity>
+gam update cigroup <GroupItem> sync [owner|manager|member] [notsuspended|suspended] [expires never|<Time>] <UserTypeEntity>
+gam update cigroup <GroupItem> update [owner|manager|member] [notsuspended|suspended] [expires never|<Time>] <UserTypeEntity>
+gam update cigroup <GroupItem> clear [member] [manager] [owner] [notsuspended|suspended]
+gam delete cigroup <GroupItem>
+gam info cigroup <GroupItem> [nousers] [nojoindate] [showupdatedate]
+
+gam print cigroups [todrive]
+	[enterprisemember <UserItem>]
+	[members|memberscount] [managers|managerscount] [owners|ownerscount]
+	[delimiter <Character>] [sortheaders]
+
+gam info cimember <UserItem> <GroupItem>
+gam print cigroup-members|cigroups-members [todrive]
+	[(enterprisemember <UserItem>)|(cigroup <GroupItem>)]
+	[roles <GroupRoleList>]
+
+gam create group <EmailAddress> <GroupAttribute>* [verifynotinvitable]
+gam update group <GroupItem> [email <EmailAddress>] <GroupAttribute>* [verifynotinvitable]
 gam update group <GroupItem> add [owner|manager|member] [notsuspended|suspended] [allmail|daily|digest|none|nomail] <UserTypeEntity>
 gam update group <GroupItem> delete|remove [owner|manager|member] <UserTypeEntity>
 gam update group <GroupItem> sync [owner|manager|member] [notsuspended|suspended] [allmail|daily|digest|none|nomail] <UserTypeEntity>
@@ -1143,11 +1398,20 @@ gam print group-members|groups-members [todrive]
 	[roles <GroupRoleList>] [membernames] [fields <MembersFieldNameList>]
 	[includederivedmembership]
 
+gam send userinvitation <EmailAddress>
+gam cancel userinvitation <EmailAddress>
+gam check userinvitation|isinvitable <EmailAddress>
+gam info userinvitation <EmailAddress>
+gam print userinvitations [todrive]
+	[state notyetsent|invited|accepted|declined]]
+	[orderby email|updatetime [ascending|descending]]
+gam <UserTypeEntity> check isinvitable [todrive]
+
 gam print licenses [todrive] [(products|product <ProductIDList>)|(skus|sku <SKUIDList>)|allskus|gsuite] [countsonly]
 gam show license|licenses|licence|licences [(products|product <ProductIDList>)|(skus|sku <SKUIDList>)|allskus|gsuite]
 
-gam create building <Name> <BuildingAttributes>*
-gam update building <BuildIngID> <BuildingAttributes>*
+gam create building <Name> <BuildingAttribute>*
+gam update building <BuildIngID> <BuildingAttribute>*
 gam delete building <BuildingID>
 gam info building <BuildingID>
 gam print buildings [todrive]
@@ -1157,8 +1421,8 @@ gam update feature <Name> name <Name>
 gam delete feature <Name>
 gam print features [todrive]
 
-gam create resource <ResourceID> <Name> <ResourceAttributes>*
-gam update resource <ResourceID> <ResourceAttributes>*
+gam create resource <ResourceID> <Name> <ResourceAttribute>*
+gam update resource <ResourceID> <ResourceAttribute>*
 gam delete resource <ResourceID>
 gam info resource <ResourceID>
 gam print resources [todrive] [allfields] <ResourceFieldName>* [query <String>]
@@ -1170,8 +1434,8 @@ gam info schema <SchemaName>
 gam show schema|schemas
 gam print schema|schemas
 
-gam create user <EmailAddress> <UserAttributes>*
-gam update user <UserItem> <UserAttributes>* [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>]
+gam create user <EmailAddress> <UserAttribute>* [verifynotinvitable]
+gam update user <UserItem> <UserAttribute>* [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>] [verifynotinvitable]
 gam delete user <UserItem>
 gam undelete user <UserItem> [org|ou <OrgUnitPath>]
 gam info user [<UserItem>] [noaliases] [nogroups] [nolicenses|nolicences] [noschemas] [schemas|custom <SchemaNameList>] [userview] [skus|sku <SKUIDList>]
@@ -1192,8 +1456,8 @@ gam create verify|verification <DomainName>
 gam update verify|verification <DomainName> cname|txt|text|site|file
 gam info verify|verification
 
-gam create course [id|alias <CourseAlias>] <CourseAttributes>*
-gam update course <CourseID> <CourseAttributes>+
+gam create course [id|alias <CourseAlias>] <CourseAttribute>*
+gam update course <CourseID> <CourseAttribute>+
 gam delete course <CourseID>
 gam info course <CourseID>
 gam print courses [todrive] [teacher <UserItem>] [student <UserItem>] [states <CourseStateList>]
@@ -1213,32 +1477,6 @@ gam show guardian|guardians [invitedguardian <EmailAddress>] [student <StudentIt
 gam print guardian|guardians [todrive] [invitedguardian <EmailAddress>] [student <StudentItem>] [invitations [states <GuardianStateList>]] [<UserTypeEntity>]
 gam cancel guardianinvitation|guardianinvitations <GuardianInvitationID> <StudentItem>
 
-gam update printer <PrinterID> <PrinterAttributes>+
-gam delete printer <PrinterID>
-gam info printer <PrinterID> [everything]
-gam print printers [todrive] [(query <QueryPrinter>)|(queries <QueryPrinterList>)] [type <String>] [status <String>] [extrafields <String>]
-
-gam printer <PrinterID> add user|manager|owner <EmailAddress>|[domain:]<DomainName>|public [notify]
-gam printer <PrinterID> delete <EmailAddress>|[domain:]<DomainName>|public
-gam printer <PrinterID> showacl
-gam printjob <PrintJobID> cancel
-gam printjob <PrintJobID> delete
-gam printjob <PrintJobID> resubmit <PrinterID>
-
-gam printjob <PrinterID>|any fetch
-	[olderthan|newerthan <PrintJobAge>] [query <QueryPrintJob>]
-	[status <PrintJobStatus>]
-	[orderby <PrintJobOrderByFieldName> [ascending|descending]]
-	[owner|user <EmailAddress>]
-	[limit <Number>] [drivedir|(targetfolder <FilePath>)]
-gam printjob <PrinterID> submit <FileName>|<URL> [name|title <String>] (tag <String>)*
-gam print printjobs [todrive] [printer|printerid <PrinterID>]
-	[olderthan|newerthan <PrintJobAge>] [query <QueryPrintJob>]
-	[status <PrintJobStatus>]
-	[orderby <PrintJobOrderByFieldName> [ascending|descending]]
-	[owner|user <EmailAddress>]
-	[limit <Number>]
-
 gam create vaultexport|export matter <MatterItem> [name <name>] corpus <drive|mail|groups|hangouts_chat>
 	(accounts <EmailAddressList>) | (orgunit|ou <OrgUnitPath>) | (teamdrives <TeamDriveList>) | (rooms <ChatRoomList>) | everyone
 	[scope <all_data|held_data|unprocessed_data>]
@@ -1274,6 +1512,18 @@ gam undelete vaultmatter|matter <MatterItem>
 gam info vaultmatter|matter <MatterItem>
 gam print vaultmatters|matters [todrive] [basic|full] [matterstate open|closed|deleted]
 
+gam print vaultcounts [todrive]
+	matter <MatterItem> corpus mail|groups
+	(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
+	[scope <all_data|held_data|unprocessed_data>]
+	[terms <terms>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
+	[excludedrafts <Boolean>]
+	[wait <Integer>]
+
+gam print vaultcounts [todrive]
+	matter <MatterItem> operation <String>
+	[wait <Integer>]
+
 gam <UserTypeEntity> delete|del asp|asps|applicationspecificpasswords all|<ASPIDList>
 gam <UserTypeEntity> show asps|asp|applicationspecificpasswords
 
@@ -1281,8 +1531,8 @@ gam <UserTypeEntity> update backupcodes|backupcode|verificationcodes
 gam <UserTypeEntity> delete|del backupcodes|backupcode|verificationcodes
 gam <UserTypeEntity> show backupcodes|backupcode|verificationcodes
 
-gam <UserTypeEntity> add calendar <CalendarItem> <CalendarAttributes>*
-gam <UserTypeEntity> update calendar <CalendarItem>|primary <CalendarAttributes>+
+gam <UserTypeEntity> add calendar <CalendarItem> <CalendarAttribute>*
+gam <UserTypeEntity> update calendar <CalendarItem>|primary <CalendarAttribute>+
 gam <UserTypeEntity> delete|del calendar <CalendarItem>
 gam <UserTypeEntity> show calendars
 gam <UserTypeEntity> info calendar <CalendarItem>|primary
@@ -1301,8 +1551,8 @@ gam <UserTypeEntity> show fileinfo <DriveFileID> [allfields|<DriveFieldName>*]
 gam <UserTypeEntity> show filerevisions <DriveFileID>
 gam <UserTypeEntity> show filetree [anyowner] (orderby <DriveOrderByFieldName> [ascending|descending])*
 
-gam <UserTypeEntity> create|add drivefile [drivefilename <DriveFileName>] <DriveFileAddAttributes>* [csv] [todrive] [returnidonly]
-gam <UserTypeEntity> update drivefile (id <DriveFileID)|(drivefilename <DriveFileName>)|(query <QueryDriveFile) [copy] [newfilename <DriveFileName>] <DriveFileUpdateAttributes>*
+gam <UserTypeEntity> create|add drivefile [drivefilename <DriveFileName>] <DriveFileAddAttribute>* [csv] [todrive] [returnidonly]
+gam <UserTypeEntity> update drivefile (id <DriveFileID)|(drivefilename <DriveFileName>)|(query <QueryDriveFile) [copy] [newfilename <DriveFileName>] <DriveFileUpdateAttribute>*
 gam <UserTypeEntity> get drivefile (id <DriveFileID>)|(drivefilename <DriveFileName>)|(query <QueryDriveFile>)
 	[revision <Number>] [(format <FileFormatList>)|(csvsheet <String>)]
 	[targetfolder <FilePath>] [targetname -|<FileName>] [overwrite] [showprogress]
@@ -1325,6 +1575,7 @@ gam <UserTypeEntity> delete|del group|groups
 gam <UserTypeEntity> create|add license <SKUID> [product|productid <ProductID>]
 gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID>
 gam <UserTypeEntity> delete|del license <SKUID> [product|productid <ProductID>]
+gam <UserTypeEntity> sync license <SKUID> [product|productid <ProductID>]
 
 gam <UserTypeEntity> update photo <FileNamePattern>
 gam <UserTypeEntity> delete|del photo
@@ -1338,7 +1589,7 @@ gam <UserTypeEntity> show tokens|token [clientid <ClientID>]
 gam <UserTypeEntity> print tokens|token [todrive] [clientid <ClientID>]
 gam print tokens|token [todrive] [clientid <ClientID>] [<UserTypeEntity>]
 
-gam <UserTypeEntity> update user <UserAttributes>
+gam <UserTypeEntity> update user <UserAttribute>
 
 gam <UserTypeEntity> deprovision|deprov
 
@@ -1378,6 +1629,11 @@ gam <UserTypeEntity> delete|del delegate|delegates <EmailAddress>
 gam <UserTypeEntity> show delegates|delegate [csv]
 gam <UserTypeEntity> print delegates [todrive]
 
+gam <UserTypeEntity> create|add contactdelegate <EmailAddress>
+gam <UserTypeEntity> delete|del contactdelegate <EmailAddress>
+gam <UserTypeEntity> show contactdelegates [csv]
+gam <UserTypeEntity> print contactdelegates [todrive]
+
 gam <UserTypeEntity> [create|add] filter [from <EmailAddress>] [to <EmailAddress>] [subject <String>] [haswords|query <List>] [nowords|negatedquery <List>] [musthaveattachment|hasattachment] [excludechats] [size larger|smaller <ByteCount>]
 	[label <LabelID>] [important|notimportant] [star] [trash] [markread] [archive] [neverspam] [forward <EmailAddress>]
 gam <UserTypeEntity> delete filters <FilterIDEntity>
@@ -1442,3 +1698,6 @@ gam <UserTypeEntity> vacation <FalseValues>
 gam <UserTypeEntity> vacation <TrueValues> subject <String> (message <String>)|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)* [html]
 	[contactsonly] [domainonly] [startdate <Date>] [enddate <Date>]
 gam <UserTypeEntity> show vacation [format]
+
+gam <UserTypeEntity> signout
+gam <UserTypeEntity> turnoff2sv

src/cbcm-v1.1beta1.json

@@ -0,0 +1,587 @@
+{
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers": {
+          "description": "View and manage your Chrome browsers registered with Cloud Management"
+        },
+        "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly": {
+          "description": "View your Chrome browsers registered with Cloud Management"
+        }
+      }
+    }
+  },
+  "basePath": "",
+  "baseUrl": "https://www.googleapis.com/admin/directory/v1.1beta1/customer/",
+  "batchPath": "batch",
+  "canonicalName": "cbcm",
+  "discoveryVersion": "v1",
+  "documentationLink": "https://support.google.com/chrome/a/answer/9681204",
+  "fullyEncodeReservedExpansion": true,
+  "icons": {
+    "x16": "http://www.google.com/images/icons/product/search-16.gif",
+    "x32": "http://www.google.com/images/icons/product/search-32.gif"
+  },
+  "id": "cbcm:v1.1beta1",
+  "kind": "discovery#restDescription",
+  "mtlsRootUrl": "https://admin.mtls.googleapis.com/",
+  "name": "cbcm",
+  "ownerDomain": "google.com",
+  "ownerName": "Jay Lee",
+  "packagePath": "cbcm",
+  "parameters": {
+    "$.xgafv": {
+      "description": "V1 error format.",
+      "enum": [
+        "1",
+        "2"
+      ],
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query",
+      "type": "string"
+    },
+    "access_token": {
+      "description": "OAuth access token.",
+      "location": "query",
+      "type": "string"
+    },
+    "alt": {
+      "default": "json",
+      "description": "Data format for response.",
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "type": "string"
+    },
+    "callback": {
+      "description": "JSONP",
+      "location": "query",
+      "type": "string"
+    },
+    "fields": {
+      "description": "Selector specifying which fields to include in a partial response.",
+      "location": "query",
+      "type": "string"
+    },
+    "key": {
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "location": "query",
+      "type": "string"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "location": "query",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "default": "true",
+      "description": "Returns response with indentations and line breaks.",
+      "location": "query",
+      "type": "boolean"
+    },
+    "quotaUser": {
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "location": "query",
+      "type": "string"
+    },
+    "uploadType": {
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "location": "query",
+      "type": "string"
+    },
+    "upload_protocol": {
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "location": "query",
+      "type": "string"
+    }
+  },
+  "protocol": "rest",
+  "resources": {
+    "chromebrowsers": {
+      "methods": {
+        "delete": {
+          "description": "Deletes a browser.",
+          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
+          "httpMethod": "DELETE",
+          "id": "cbcm.chromebrowsers.delete",
+          "parameterOrder": [
+            "customer",
+            "deviceId"
+          ],
+          "parameters": {
+            "customer": {
+              "description": "Immutable ID of the G Suite account.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "deviceId": {
+              "description": "Immutable ID of the browser.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "{customer}/devices/chromebrowsers/{deviceId}",
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
+          ]
+        },
+        "get": {
+          "description": "Retrieves a browser.",
+          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
+          "httpMethod": "GET",
+          "id": "cbcm.chromebrowsers.get",
+          "parameterOrder": [
+            "customer",
+            "deviceId"
+          ],
+          "parameters": {
+            "customer": {
+              "description": "Immutable ID of the G Suite account.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "deviceId": {
+              "description": "Immutable ID of the browser.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "projection": {
+              "description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "{customer}/devices/chromebrowsers/{deviceId}",
+          "response": {
+            "$ref": "ChromeBrowser"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a paginated list of all the browsers in a domain.",
+          "flatPath": "{customer}/devices/chromebrowsers",
+          "httpMethod": "GET",
+          "id": "cbcm.chromebrowsers.list",
+          "parameterOrder": [
+            "customer"
+          ],
+          "parameters": {
+            "customer": {
+              "description": "Immutable ID of the G Suite account.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "maxResults": {
+              "description": "Maximum number of results to return.",
+              "format": "int32",
+              "location": "query",
+              "maximum": "100",
+              "minimum": "1",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "property to use for sorting results.",
+              "location": "query",
+              "type": "string"
+            },
+            "orgUnitPath": {
+              "description": "The full path of the organizational unit or its unique ID.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Token to specify the next page in the list.",
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
+              "location": "query",
+              "type": "string"
+            },
+            "query": {
+              "description": "Search string using the list page query language.",
+              "location": "query",
+              "type": "string"
+            },
+            "sortOrder": {
+              "description": "Whether to return results in ascending or descending order. Must be used with the orderBy parameter.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "{customer}/devices/chromebrowsers",
+          "response": {
+            "$ref": "ChromeBrowsers"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
+          ]
+        },
+        "moveChromeBrowsersToOu": {
+          "description": "Move Chrome Browsers Device between Organization Units",
+          "flatPath": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
+          "httpMethod": "POST",
+          "id": "cbcm.chromebrowsers.moveChromeBrowsersToOu",
+          "parameterOrder": [
+            "customer"
+          ],
+          "parameters": {
+            "customer": {
+              "description": "Immutable ID of the G Suite account.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
+          "request": {
+            "$ref": "MoveChromeBrowsersRequest"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
+          ]
+        },
+        "update": {
+          "description": "Updates a browser.",
+          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
+          "httpMethod": "PUT",
+          "id": "cbcm.chromebrowsers.update",
+          "parameterOrder": [
+            "customer",
+            "deviceId"
+          ],
+          "parameters": {
+            "customer": {
+              "description": "Immutable ID of the G Suite account.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "deviceId": {
+              "description": "Immutable ID of the browser.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "projection": {
+              "description": "BASIC or FULL",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "{customer}/devices/chromebrowsers/{deviceId}",
+          "request": {
+            "$ref": "ChromeBrowser"
+          },
+          "response": {
+            "$ref": "ChromeBrowser"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
+          ]
+        }
+      }
+    },
+    "enrollmentTokens": {
+      "methods": {
+        "list": {
+          "description": "Retrieves a paginated list of all the browser entollment tokens in a domain.",
+          "flatPath": "{customer}/chrome/enrollmentTokens",
+          "httpMethod": "GET",
+          "id": "cbcm.enrollmentTokens.list",
+          "parameterOrder": [
+            "customer"
+          ],
+          "parameters": {
+            "customer": {
+              "description": "Immutable ID of the G Suite account.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "pageSize": {
+              "description": "Maximum number of results to return.",
+              "format": "int32",
+              "location": "query",
+              "maximum": "100",
+              "minimum": "1",
+              "type": "integer"
+            },
+            "orgUnitPath": {
+              "description": "The full path of the organizational unit or its unique ID.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Token to specify the next page in the list.",
+              "location": "query",
+              "type": "string"
+            },
+            "query": {
+              "description": "Search string using the list page query language.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "{customer}/chrome/enrollmentTokens",
+          "response": {
+            "$ref": "EnrollmentTokens"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
+          ]
+        },
+        "create": {
+          "description": "Creates a browser enrollment token in a domain.",
+          "flatPath": "{customer}/chrome/enrollmentTokens",
+          "httpMethod": "POST",
+          "id": "cbcm.enrollmentTokens.create",
+          "parameterOrder": [
+            "customer"
+          ],
+          "parameters": {
+            "customer": {
+              "description": "Immutable ID of the G Suite account.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+	  },
+          "path": "{customer}/chrome/enrollmentTokens",
+          "request": {
+            "$ref": "CreateEnrollmentTokenRequest"
+          },
+          "response": {
+            "$ref": "EnrollmentToken"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
+          ]
+	},
+        "revoke": {
+          "description": "Revokes a browser enrollment token in a domain.",
+          "flatPath": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
+          "httpMethod": "POST",
+          "id": "cbcm.enrollmentTokens.revoke",
+          "parameterOrder": [
+            "customer",
+	    "tokenPermanentId"
+          ],
+          "parameters": {
+            "customer": {
+              "description": "Immutable ID of the G Suite account.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "tokenPermanentId": {
+              "description": "Unique identifier for an enrollment token.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+	  },
+          "path": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
+          ]
+	}
+      }
+    }
+  },
+  "revision": "20201203",
+  "rootUrl": "https://www.googleapis.com/admin/directory/v1.1beta1/customer/",
+  "schemas": {
+    "ChromeBrowser": {
+      "id": "ChromeBrowser",
+      "properties": {
+        "annotatedAssetId": {
+          "description": "Asset identifier as annotated by the administrator or specified during enrollment.",
+          "type": "string"
+        },
+        "annotatedLocation": {
+          "description": "Address or location of the device as annotated by the administrator.",
+          "type": "string"
+        },
+        "annotatedNotes": {
+          "description": "Notes about this device as annotated by the administrator",
+          "type": "string"
+        },
+        "annotatedUser": {
+          "description": "User of the device as annotated by the administrator.",
+          "type": "string"
+        },
+        "deviceId": {
+          "annotations": {
+            "required": [
+              "cbcm.chromebrowsers.update"
+            ]
+          },
+          "description": "The unique ID of the device.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ChromeBrowsers": {
+      "id": "ChromeBrowsers",
+      "properties": {
+        "browsers": {
+          "description": "List of Chrome browser objects.",
+          "items": {
+            "$ref": "ChromeBrowser"
+          },
+          "type": "array"
+        },
+        "etag": {
+          "description": "ETag of the resource.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "admin#directory#chromeosdevices",
+          "description": "Kind of resource this is.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "EnrollmentToken": {
+      "id": "EnrollmentToken",
+      "properties": {
+        "kind": {
+          "default": "admin#directory#chromeEnrollmentToken",
+          "description": "Kind of resource this is.",
+          "type": "string"
+        },
+        "tokenId": {
+          "description": "Enrollment Token ID.",
+          "type": "string"
+        },
+        "tokenPermanentId": {
+          "description": "Enrollment Token Permanent ID.",
+          "type": "string"
+        },
+        "customerId": {
+          "description": "Immutable ID of the G Suite account.",
+          "type": "string"
+        },
+	"orgUnitPath": {
+          "description": "The full path of the organizational unit or its unique ID.",
+          "type": "string"
+        },
+	"creatorId": {
+          "description": "Creator ID.",
+          "type": "string"
+        },
+	"createTime": {
+          "description": "Creation Time.",
+          "type": "string"
+        },
+	"revokerId": {
+          "description": "Revoker ID.",
+          "type": "string"
+        },
+	"revokeTime": {
+          "description": "Revoke Time",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "EnrollmentTokens": {
+      "id": "EnrollmentTokens",
+      "properties": {
+        "chrome_enrollment_tokens": {
+          "description": "List of Chrome browser enrollment token objects.",
+          "items": {
+            "$ref": "EnrollmentToken"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "admin#directory#chromeEnrollmentTokens",
+          "description": "Kind of resource this is.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CreateEnrollmentTokenRequest": {
+      "id": "CreateEnrollmentTokenRequest",
+      "properties": {
+	"org_unit_path": {
+          "description": "The full path of the organizational unit or its unique ID.",
+          "type": "string"
+        },
+	"expire_time": {
+          "description": "Expiration Time.",
+          "type": "string"
+        },
+	"token_type": {
+          "annotations": {
+            "required": [
+              "cbcm.enrollmentTokens.create"
+            ]
+          },
+          "description": "CHROME_BROWSER.",
+          "type": "string"
+        }
+      }
+    },
+    "MoveChromeBrowsersRequest": {
+      "properties": {
+        "org_unit_path": {
+          "annotations": {
+            "required": [
+              "cbcm.chromebrowsers.moveChromeBrowsersToOu"
+            ]
+          },
+          "description": "Destination organization unit to move devices to. Full path of the organizational unit or its ID prefixed with id:",
+          "type": "string"
+        },
+        "resource_ids": {
+          "annotations": {
+            "required": [
+              "cbcm.chromebrowsers.moveChromeBrowsersToOu"
+            ]
+          },
+          "description": "List of unique device IDs of Chrome Browser Devices to move. A maximum of 600 browsers may be moved per request.",
+          "type": "array"
+        }
+      }
+    }
+  },
+  "servicePath": "",
+  "title": "Admin SDK API",
+  "version": "cbcm_v1.1beta1"
+}

src/contactdelegation-v1.json

@@ -0,0 +1,249 @@
+{
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/admin.contact.delegation": {
+          "description": "View and manage your Contact Delegation"
+        }, 
+        "https://www.googleapis.com/auth/admin.contact.delegation.readonly": {
+          "description": "View your Contact Delegation"
+        }
+      }
+    }
+  }, 
+  "basePath": "",
+  "baseUrl": "https://admin.googleapis.com/admin/contacts/v1/",
+  "batchPath": "batch",
+  "canonicalName": "contactdelegation",
+  "description": "The Contact Delegation API allows Admins to delegate access of one user's, called the delegator, contacts to another user, called the delegate.",
+  "discoveryVersion": "v1",
+  "documentationLink": "https://developers.google.com/admin-sdk/contact-delegation",
+  "fullyEncodeReservedExpansion": true,
+  "icons": {
+    "x16": "http://www.google.com/images/icons/product/search-16.gif",
+    "x32": "http://www.google.com/images/icons/product/search-32.gif"
+  },
+  "id": "contactdelegation:v1",
+  "kind": "discovery#restDescription",
+  "name": "contactdelegation",
+  "ownerDomain": "google.com",
+  "ownerName": "Google",
+  "packagePath": "admin",
+  "parameters": {
+    "$.xgafv": {
+      "description": "V1 error format.",
+      "enum": [
+        "1",
+        "2"
+      ],
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query",
+      "type": "string"
+    },
+    "access_token": {
+      "description": "OAuth access token.",
+      "location": "query",
+      "type": "string"
+    },
+    "alt": {
+      "default": "json",
+      "description": "Data format for response.",
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "type": "string"
+    },
+    "callback": {
+      "description": "JSONP",
+      "location": "query",
+      "type": "string"
+    },
+    "fields": {
+      "description": "Selector specifying which fields to include in a partial response.",
+      "location": "query",
+      "type": "string"
+    },
+    "key": {
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "location": "query",
+      "type": "string"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "location": "query",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "default": "true",
+      "description": "Returns response with indentations and line breaks.",
+      "location": "query",
+      "type": "boolean"
+    },
+    "quotaUser": {
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "location": "query",
+      "type": "string"
+    },
+    "uploadType": {
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "location": "query",
+      "type": "string"
+    },
+    "upload_protocol": {
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "location": "query",
+      "type": "string"
+    }
+  },
+  "protocol": "rest",
+  "resources": {
+    "delegates": {
+      "methods": {
+        "create": {
+          "description": "Creates a contact delegations",
+          "flatPath": "users/{user}/delegates",
+          "httpMethod": "POST",
+          "id": "contactdelegations.delegates.create",
+          "parameterOrder": [
+            "user"
+          ],
+          "parameters": {
+            "user": {
+              "description": "Email address of the delegator.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "users/{user}/delegates/{delegate}",
+          "request": {
+            "$ref": "Delegate"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.contact.delegation"
+          ]
+        },
+        "delete": {
+          "description": "Deletes a contact delegation.",
+          "flatPath": "users/{user}/delegates/{delegate}",
+          "httpMethod": "DELETE",
+          "id": "contactdelegations.delegates.delete",
+          "parameterOrder": [
+            "user",
+            "delegate"
+          ],
+          "parameters": {
+            "delegate": {
+              "description": "Email address of the delegate",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "user": {
+              "description": "Email address of the delegator.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "users/{user}/delegates/{delegate}",
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.contact.delegation"
+          ]
+        },
+        "list": {
+          "description": "Lists contact delegates for a user",
+          "flatPath": "users/{user}/delegates",
+          "httpMethod": "GET",
+          "id": "contactdelegations.delegates.list",
+          "parameterOrder": [
+            "user"
+          ],
+          "parameters": {
+            "pageSize": {
+              "description": "Determines how many delegates are returned in each response. ",
+              "format": "int32",
+              "location": "query",
+              "minimum": "1",
+              "type": "integer"
+            },
+            "pageToken": {
+              "description": "Token to specify the next page in the list.",
+              "location": "query",
+              "type": "string"
+            },
+            "user": {
+              "description": "Email address of the delegator.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "users/{user}/delegates",
+          "response": {
+            "$ref": "Delegates"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/admin.contact.delegation",
+            "https://www.googleapis.com/auth/admin.contact.delegation.readonly"
+          ]
+        }
+      }
+    }
+  },
+  "rootUrl": "https://admin.googleapis.com/admin/contacts/v1/",
+  "schemas": {
+    "Delegate": {
+      "description": "JSON template for a delegate.",
+      "id": "Delegate",
+      "properties": {
+        "email": {
+          "description": "Email of the delegate.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Delegates": {
+      "id": "Delegates",
+      "properties": {
+        "delegates": {
+          "description": "List of delegates.",
+          "items": {
+            "$ref": "Delegate"
+          },
+          "type": "array"
+        },
+        "etag": {
+          "description": "ETag of the resource.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "",
+          "description": "Kind of resource this is.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    }
+  },
+  "servicePath": "",
+  "title": "Contact Delegation API",
+  "version": "v1",
+  "version_module": true
+}

src/gam-install.sh

@@ -28,8 +28,8 @@ upgrade_only=false
 gamversion="latest"
 adminuser=""
 regularuser=""
-gam_glibc_vers="2.27 2.23"
-gam_macos_vers="10.15.4 10.14.6 10.13.6"
+gam_glibc_vers="2.31 2.27 2.23"
+gam_macos_vers="10.15.6 10.14.6 10.13.6"
 
 while getopts "hd:a:o:b:lp:u:r:v:" OPTION
 do
@@ -140,7 +140,12 @@ case $gamos in
       echo_red "Sorry, you need to be running at least MacOS $gam_macos_ver to run GAM"
       exit
     fi
-    gamfile="macos-x86_64-$use_macos_ver.tar.xz"
+    gamfile="macos-x86_64.tar.xz"
+    ;;
+  MINGW64_NT*)
+    gamos="windows"
+    echo "You are running Windows"
+    gamfile="-windows-x86_64.zip"
     ;;
   *)
     echo_red "Sorry, this installer currently only supports Linux and MacOS. Looks like you're runnning on $gamos. Exiting."
@@ -154,8 +159,14 @@ else
   release_url="https://api.github.com/repos/jay0lee/GAM/releases/tags/v$gamversion"
 fi
 
-echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release..."
-release_json=$(curl -s $release_url 2>&1 /dev/null)
+if [ -z ${GHCLIENT+x} ]; then
+  check_type="unauthenticated"
+else
+  check_type="authenticated"
+fi
+
+echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
+release_json=$(curl -s $GHCLIENT $release_url 2>&1 /dev/null)
 
 echo_yellow "Getting file and download URL..."
 # Python is sadly the nearest to universal way to safely handle JSON with Bash
@@ -218,14 +229,22 @@ fi
 # Temp dir for archive
 #temp_archive_dir=$(mktemp -d)
 temp_archive_dir=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
-echo_yellow "Downloading file $name from $browser_download_url to $temp_archive_dir."
+
+# Clean up after ourselves even if we are killed with CTRL-C
+trap "rm -rf $temp_archive_dir" EXIT
+
+echo_yellow "Downloading file $name from $browser_download_url to $temp_archive_dir ($check_type)..."
 # Save archive to temp w/o losing our path
-(cd $temp_archive_dir && curl -O -L $browser_download_url)
+(cd $temp_archive_dir && curl -O -L $GHCLIENT $browser_download_url)
 
 mkdir -p "$target_dir"
 
 echo_yellow "Extracting archive to $target_dir"
-tar xf $temp_archive_dir/$name -C "$target_dir"
+if [[ "${name}" == *.tar.xz ]]; then
+  tar xf $temp_archive_dir/$name -C "$target_dir"
+else
+  unzip "${temp_archive_dir}/${name}" -d "${target_dir}"
+fi
 rc=$?
 if (( $rc != 0 )); then
   echo_red "ERROR: extracting the GAM archive with tar failed with error $rc. Exiting."
@@ -236,7 +255,7 @@ fi
 
 # Update profile to add gam command
 if [ "$update_profile" = true ]; then
-  alias_line="gam() { \"$target_dir/gam/gam\" \"\$@\" ; }"
+  alias_line="function gam() { \"$target_dir/gam/gam\" \"\$@\" ; }"
   if [ "$gamos" == "linux" ]; then
     update_profile "$HOME/.bash_aliases" 0 || update_profile "$HOME/.bash_profile" 0 || update_profile "$HOME/.bashrc" 0
     update_profile "$HOME/.zshrc" 0
@@ -284,7 +303,7 @@ while true; do
   case $yn in
     [Yy]*)
       if [ "$adminuser" == "" ]; then
-        read -p "Please enter your G Suite admin email address: " adminuser
+        read -p "Please enter your Google Workspace admin email address: " adminuser
       fi
       "$target_dir/gam/gam" create project $adminuser
       rc=$?
@@ -308,7 +327,7 @@ done
 
 admin_authorized=false
 while $project_created; do
-  read -p "Are you ready to authorize GAM to perform G Suite management operations as your admin account? (yes or no) " yn
+  read -p "Are you ready to authorize GAM to perform Google Workspace management operations as your admin account? (yes or no) " yn
   case $yn in
     [Yy]*)
       "$target_dir/gam/gam" oauth create $adminuser
@@ -333,11 +352,11 @@ done
 
 service_account_authorized=false
 while $project_created; do
-  read -p "Are you ready to authorize GAM to manage G Suite user data and settings? (yes or no) " yn
+  read -p "Are you ready to authorize GAM to manage Google Workspace user data and settings? (yes or no) " yn
   case $yn in
     [Yy]*)
       if [ "$regularuser" == "" ]; then
-        read -p "Please enter the email address of a regular G Suite user: " regularuser
+        read -p "Please enter the email address of a regular Google Workspace user: " regularuser
       fi
       echo_yellow "Great! Checking service account scopes.This will fail the first time. Follow the steps to authorize and retry. It can take a few minutes for scopes to PASS after they've been authorized in the admin console."
       "$target_dir/gam/gam" user $adminuser check serviceaccount
@@ -372,6 +391,3 @@ echo_green "GAM installation and setup complete!"
 if [ "$update_profile" = true ]; then
   echo_green "Please restart your terminal shell or to get started right away run:\n\n$alias_line"
 fi
-
-# Clean up after ourselves even if we are killed with CTRL-C
-trap "rm -rf $temp_archive_dir" EXIT

src/gam-setup.bat

@@ -27,7 +27,7 @@
 @  goto createproject
    )
 @echo(
-@set /p adminemail= "Please enter your G Suite admin email address: "
+@set /p adminemail= "Please enter your Google Workspace admin email address: "
 @gam create project %adminemail%
 @if not ERRORLEVEL 1 goto projectdone
 @echo(
@@ -37,7 +37,7 @@
 
 :adminauth
 @echo(
-@set /p yn= "Are you ready to authorize GAM to perform G Suite management operations as your admin account? [y or n] "
+@set /p yn= "Are you ready to authorize GAM to perform Google Workspace management operations as your admin account? [y or n] "
 @if /I "%yn%"=="n" (
 @  echo(
 @  echo You can authorize an admin later by running:
@@ -59,7 +59,7 @@
 
 :saauth
 @echo(
-@set /p yn= "Are you ready to authorize GAM to manage G Suite user data and settings? [y or n] "
+@set /p yn= "Are you ready to authorize GAM to manage Google Workspace user data and settings? [y or n] "
 @if /I "%yn%"=="n" (
 @  echo(
 @  echo You can authorize a service account later by running:
@@ -73,7 +73,7 @@
 @  goto saauth
    )
 @echo(
-@set /p regularuser= "Please enter the email address of a regular G Suite user: "
+@set /p regularuser= "Please enter the email address of a regular Google Workspace user: "
 @echo Great! Checking service account scopes. This will fail the first time. Follow the steps to authorize and retry. It can take a few minutes for scopes to PASS after they've been authorized in the admin console.
 @gam user %regularuser% check serviceaccount
 @if not ERRORLEVEL 1 goto sadone

src/gam-universal2.spec

@@ -0,0 +1,46 @@
+# -*- mode: python -*-
+
+import sys
+
+import importlib
+from PyInstaller.utils.hooks import copy_metadata
+
+sys.modules['FixTk'] = None
+
+# dynamically determine where httplib2/cacerts.txt lives
+proot = os.path.dirname(importlib.import_module('httplib2').__file__)
+extra_files = [(os.path.join(proot, 'cacerts.txt'), 'httplib2')]
+
+extra_files += copy_metadata('google-api-python-client')
+extra_files += [('cbcm-v1.1beta1.json', '.')]
+
+a = Analysis(['gam/__main__.py'],
+             hiddenimports=[],
+             hookspath=None,
+             excludes=['FixTk', 'tcl', 'tk', '_tkinter', 'tkinter', 'Tkinter'],
+             datas=extra_files,
+             runtime_hooks=None)
+
+for d in a.datas:
+    if 'pyconfig' in d[0]:
+        a.datas.remove(d)
+        break
+
+
+pyz = PYZ(a.pure)
+exe = EXE(pyz,
+          a.scripts,
+          a.binaries,
+          a.zipfiles,
+          a.datas,
+          name='gam',
+          debug=False,
+          strip=None,
+          upx=False,
+          console=True )
+
+app = BUNDLE(exe,
+             name='gam.app',
+             icon=None,
+             bundle_identifier=None,
+             info_plist={'LSArchitecturePriority': 'arm64,x86_64'})

src/gam.spec

@@ -12,9 +12,16 @@ proot = os.path.dirname(importlib.import_module('httplib2').__file__)
 extra_files = [(os.path.join(proot, 'cacerts.txt'), 'httplib2')]
 
 extra_files += copy_metadata('google-api-python-client')
+extra_files += [('cbcm-v1.1beta1.json', '.')]
+extra_files += [('contactdelegation-v1.json', '.')]
+extra_files += [('versionhistory-v1.json', '.')]
+
+hidden_imports = [
+     'gam.auth.yubikey',
+     ]
 
 a = Analysis(['gam/__main__.py'],
-             hiddenimports=[],
+             hiddenimports=hidden_imports,
              hookspath=None,
              excludes=['FixTk', 'tcl', 'tk', '_tkinter', 'tkinter', 'Tkinter'],
              datas=extra_files,

src/gam/__main__.py

@@ -16,7 +16,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-"""GAM is a command line tool which allows Administrators to control their G Suite domain and accounts.
+"""GAM is a command line tool which allows Administrators to control their Google Workspace domain and accounts.
 
 With GAM you can programmatically create users, turn on/off services for users like POP and Forwarding and much more.
 For more information, see https://git.io/gam

src/gam/auth/__init__.py

@@ -1,26 +1,57 @@
 """Authentication/Credentials general purpose and convenience methods."""
 
+import json
+import os
+
+from google.auth.jwt import Credentials as JWTCredentials
+
+import gam
+from gam import utils
+
 from gam.auth import oauth
 from gam.var import _FN_OAUTH2_TXT
+from gam.var import _FN_OAUTH2SERVICE_JSON
 from gam.var import GC_OAUTH2_TXT
+from gam.var import GC_OAUTH2SERVICE_JSON
+from gam.var import GC_ENABLE_DASA
 from gam.var import GC_Values
 
+yubikey = utils.LazyLoader('yubikey', globals(), 'gam.auth.yubikey')
 # TODO: Move logic that determines file name into this module. We should be able
 # to discover the file location without accessing a private member or waiting
 # for a global initialization.
-DEFAULT_OAUTH_STORAGE_FILE = _FN_OAUTH2_TXT
 
 
 def get_admin_credentials_filename():
     """Gets the name of the file that stores the admin account credentials."""
     # If the environment globals are loaded, use the set global value. It may have
     # some custom name in it. Otherwise, just use the default name.
-    if GC_Values[GC_OAUTH2_TXT]:
-        return GC_Values[GC_OAUTH2_TXT]
-    return DEFAULT_OAUTH_STORAGE_FILE
+    if GC_Values[GC_ENABLE_DASA]:
+        return GC_Values[GC_OAUTH2SERVICE_JSON] if GC_Values[GC_OAUTH2SERVICE_JSON] else _FN_OAUTH2SERVICE_JSON
+    else:
+        return GC_Values[GC_OAUTH2_TXT] if GC_Values[GC_OAUTH2_TXT] else _FN_OAUTH2_TXT
 
 
-def get_admin_credentials():
+def get_admin_credentials(api=None):
     """Gets oauth.Credentials that are authenticated as the domain's admin user."""
     credential_file = get_admin_credentials_filename()
-    return oauth.Credentials.from_credentials_file(credential_file)
+    if not os.path.isfile(credential_file):
+        raise oauth.InvalidCredentialsFileError
+    with open(credential_file, 'r') as f:
+        creds_data = json.load(f)
+    # Validate that enable DASA matches content of authorization file
+    if GC_Values[GC_ENABLE_DASA] and 'private_key_id' in creds_data:
+        audience = f'https://{api}.googleapis.com/'
+        key_type = creds_data.get('key_type', 'default')
+        if key_type == 'default':
+            return JWTCredentials.from_service_account_info(creds_data,
+                                                            audience=audience)
+        elif key_type == 'yubikey':
+            yksigner = yubikey.YubiKey(creds_data)
+            return JWTCredentials._from_signer_and_info(yksigner,
+                creds_data,
+                audience=audience)
+    elif not GC_Values[GC_ENABLE_DASA] and 'token' in creds_data:
+        return oauth.Credentials.from_credentials_file(credential_file)
+    else:
+        raise oauth.InvalidCredentialsFileError

src/gam/auth/yubikey.py

@@ -0,0 +1,74 @@
+from base64 import b64encode
+import sys
+from threading import Timer
+
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding
+from ykman.device import connect_to_device
+from yubikit.piv import KEY_TYPE, SLOT, InvalidPinError, PivSession
+from yubikit.core.smartcard import ApduError
+from gam import controlflow
+
+class YubiKey():
+
+    def __init__(self, service_account_info):
+        key_type = service_account_info.get('yubikey_key_type', 'RSA2048')
+        try:
+            self.key_type = getattr(KEY_TYPE, key_type.upper())
+        except AttributeError:
+            controlflow.system_error_exit(6, f'{key_type} is not a valid value for yubikey_key_type')
+        slot = service_account_info.get('yubikey_slot', 'AUTHENTICATION')
+        try:
+            self.slot = getattr(SLOT, slot.upper())
+        except AttributeError:
+            controlflow.system_error_exit(6, f'{slot} is not a valid value for yubikey_slot')
+        self.serial_number = service_account_info.get('yubikey_serial_number')
+        self.pin = service_account_info.get('yubikey_pin')
+        self.key_id = service_account_info.get('private_key_id')
+
+    def get_certificate(self):
+        try:
+            conn, _, _ = connect_to_device(self.serial_number)
+            session = PivSession(conn)
+            if self.pin:
+                try:
+                    session.verify_pin(self.pin)
+                except InvalidPinError as err:
+                    controlflow.system_error_exit(7, f'YubiKey - {err}')
+            try:
+                cert = session.get_certificate(self.slot)
+                cert_pem = cert.public_bytes(
+                     serialization.Encoding.PEM).decode()
+                publicKeyData = b64encode(cert_pem.encode())
+                if isinstance(publicKeyData, bytes):
+                    publicKeyData = publicKeyData.decode()
+                return publicKeyData
+            except ApduError as err:
+                controlflow.system_error_exit(8, f'YubiKey - {err}')
+        except ValueError as err:
+            controlflow.system_error_exit(9, f'YubiKey - {err}')
+
+    def sign(self, message):
+        if 'mplock' in globals():
+            mplock.acquire()
+        try:
+            conn, _, _ = connect_to_device(self.serial_number)
+            session = PivSession(conn)
+            if self.pin:
+                try:
+                    session.verify_pin(self.pin)
+                except InvalidPinError as err:
+                    controlflow.system_error_exit(7, f'YubiKey - {err}')
+            try:
+                signed = session.sign(slot=self.slot,
+                                      key_type=self.key_type,
+                                      message=message,
+                                      hash_algorithm=hashes.SHA256(),
+                                      padding=padding.PKCS1v15())
+            except ApduError as err:
+                controlflow.system_error_exit(8, f'YubiKey = {err}')
+        except ValueError as err:
+            controlflow.system_error_exit(9, f'YubiKey - {err}')
+        if 'mplock' in globals():
+            mplock.release()
+        return signed

src/gam/controlflow.py

@@ -66,7 +66,7 @@ def csv_field_error_exit(field_name, field_names):
 
 
 def invalid_json_exit(file_name):
-    """Raises a sysyem exit when invalid JSON content is encountered."""
+    """Raises a system exit when invalid JSON content is encountered."""
     system_error_exit(17, MESSAGE_INVALID_JSON.format(file_name))
 
 

src/gam/display.py

@@ -154,39 +154,66 @@ def write_csv_file(csvRows, titles, list_type, todrive):
                 return True
         return False
 
-    if GC_Values[GC_CSV_ROW_FILTER]:
-        for column, filterVal in iter(GC_Values[GC_CSV_ROW_FILTER].items()):
-            if column not in titles:
-                sys.stderr.write(
-                    f'WARNING: Row filter column "{column}" is not in output columns\n'
-                )
-                continue
-            if filterVal[0] == 'regex':
-                csvRows = [
-                    row for row in csvRows
-                    if filterVal[1].search(str(row.get(column, '')))
-                ]
-            elif filterVal[0] == 'notregex':
-                csvRows = [
-                    row for row in csvRows
-                    if not filterVal[1].search(str(row.get(column, '')))
-                ]
-            elif filterVal[0] in ['date', 'time']:
-                csvRows = [
-                    row for row in csvRows if rowDateTimeFilterMatch(
-                        filterVal[0] == 'date', row.get(column, ''),
-                        filterVal[1], filterVal[2])
-                ]
-            elif filterVal[0] == 'count':
-                csvRows = [
-                    row for row in csvRows if rowCountFilterMatch(
-                        row.get(column, 0), filterVal[1], filterVal[2])
-                ]
-            else:  #boolean
-                csvRows = [
-                    row for row in csvRows if rowBooleanFilterMatch(
-                        row.get(column, False), filterVal[1])
-                ]
+    def rowFilterMatch(filters, columns, row):
+        for c, filterVal in iter(filters.items()):
+            for column in columns[c]:
+                if filterVal[1] == 'regex':
+                    if filterVal[2].search(str(row.get(column, ''))):
+                        return True
+                elif filterVal[1] == 'notregex':
+                    if not filterVal[2].search(str(row.get(column, ''))):
+                        return True
+                elif filterVal[1] in ['date', 'time']:
+                    if rowDateTimeFilterMatch(
+                        filterVal[1] == 'date', row.get(column, ''),
+                        filterVal[2], filterVal[3]):
+                        return True
+                elif filterVal[1] == 'count':
+                    if rowCountFilterMatch(
+                        row.get(column, 0), filterVal[2], filterVal[3]):
+                        return True
+                else:  #boolean
+                    if rowBooleanFilterMatch(
+                        row.get(column, False), filterVal[2]):
+                        return True
+        return False
+
+    if GC_Values[GC_CSV_ROW_FILTER] or GC_Values[GC_CSV_ROW_DROP_FILTER]:
+        if GC_Values[GC_CSV_ROW_FILTER]:
+            keepColumns = {}
+            for column, filterVal in iter(GC_Values[GC_CSV_ROW_FILTER].items()):
+                columns = [t for t in titles if filterVal[0].match(t)]
+                if columns:
+                    keepColumns[column] = columns
+                else:
+                    keepColumns[column] = [None]
+                    sys.stderr.write(
+                        f'WARNING: Row filter column pattern "{column}" does not match any output columns\n'
+                        )
+        else:
+            keepColumns = None
+        if GC_Values[GC_CSV_ROW_DROP_FILTER]:
+            dropColumns = {}
+            for column, filterVal in iter(GC_Values[GC_CSV_ROW_DROP_FILTER].items()):
+                columns = [t for t in titles if filterVal[0].match(t)]
+                if columns:
+                    dropColumns[column] = columns
+                else:
+                    dropColumns[column] = [None]
+                    sys.stderr.write(
+                        f'WARNING: Row drop filter column pattern "{column}" does not match any output columns\n'
+                        )
+        else:
+            dropColumns = None
+        rows = []
+        for row in csvRows:
+            if (((keepColumns is None) or
+                 rowFilterMatch(GC_Values[GC_CSV_ROW_FILTER], keepColumns, row)) and
+                ((dropColumns is None) or
+                 not rowFilterMatch(GC_Values[GC_CSV_ROW_DROP_FILTER], dropColumns, row))):
+                rows.append(row)
+        csvRows = rows
+
     if GC_Values[GC_CSV_HEADER_FILTER] or GC_Values[GC_CSV_HEADER_DROP_FILTER]:
         if GC_Values[GC_CSV_HEADER_DROP_FILTER]:
             titles = [
@@ -220,7 +247,7 @@ def write_csv_file(csvRows, titles, list_type, todrive):
     except IOError as e:
         controlflow.system_error_exit(6, e)
     if todrive:
-        admin_email = gam._getValueFromOAuth('email')
+        admin_email = gam._get_admin_email()
         _, drive = gam.buildDrive3GAPIObject(admin_email)
         if not drive:
             print(f'''\nGAM is not authorized to create Drive files. Please run:
@@ -288,7 +315,7 @@ def print_json(object_value, spacing=''):
                 sys.stdout.write(f' {spacing}{i+1}) ')
                 print_json(a_value, f' {spacing}')
     elif isinstance(object_value, dict):
-        for key in ['kind', 'etag', 'etags']:
+        for key in ['kind', 'etag', 'etags', '@type']:
             object_value.pop(key, None)
         for another_object, another_value in object_value.items():
             sys.stdout.write(f' {spacing}{another_object}: ')

src/gam/gapi/__init__.py

@@ -218,6 +218,61 @@ def got_total_items_first_last_msg(items):
     return f'Got {TOTAL_ITEMS_MARKER} {items}: {FIRST_ITEM_MARKER} - {LAST_ITEM_MARKER}' + '\n'
 
 
+def process_page(page, items, all_items, total_items, page_message, message_attribute):
+    """Process one page of a Google service function response.
+
+  Append a list of items to the aggregate list of items
+
+  Args:
+    page: list of items
+    items: see get_all_pages
+    all_items: aggregate list of items
+    total_items: length of all_items
+    page_message: see get_all_pages
+    message_attribute: get_all_pages
+  Returns:
+    The page token and total number of items
+  """
+    if page:
+        page_token = page.get('nextPageToken')
+        page_items = page.get(items, [])
+        num_page_items = len(page_items)
+        total_items += num_page_items
+        if all_items is not None:
+            all_items.extend(page_items)
+    else:
+        page_token = None
+        num_page_items = 0
+
+    # Show a paging message to the user that indicates paging progress
+    if page_message:
+        show_message = page_message.replace(TOTAL_ITEMS_MARKER,
+                                            str(total_items))
+        if message_attribute:
+            first_item = page_items[0] if num_page_items > 0 else {}
+            last_item = page_items[-1] if num_page_items > 1 else first_item
+            if isinstance(message_attribute, str):
+                first_item = str(first_item.get(message_attribute, ''))
+                last_item = str(last_item.get(message_attribute, ''))
+            else:
+                for attr in message_attribute:
+                    first_item = first_item.get(attr, {})
+                    last_item = last_item.get(attr, {})
+                first_item = str(first_item)
+                last_item = str(last_item)
+            show_message = show_message.replace(FIRST_ITEM_MARKER, first_item)
+            show_message = show_message.replace(LAST_ITEM_MARKER, last_item)
+        sys.stderr.write('\r')
+        sys.stderr.flush()
+        sys.stderr.write(show_message)
+    return (page_token, total_items)
+
+def finalize_page_message(page_message):
+    """ Issue final page_message """
+    if page_message and (page_message[-1] != '\n'):
+        sys.stderr.write('\r\n')
+        sys.stderr.flush()
+
 def get_all_pages(service,
                   function,
                   items='items',
@@ -246,9 +301,9 @@ def get_all_pages(service,
             display a unique property of the first item in the current page.
           LAST_ITEM_MARKER   : In conjunction with `message_attribute` arg, will
             display a unique property of the last item in the current page.
-    message_attribute: String, the name of a signature field within a single
-      returned item which identifies that unique item. This field is used with
-      `page_message` to templatize a paging status message.
+    message_attribute: String or list, the name of a signature field within a
+    single returned item which identifies that unique item. This field is used
+    with `page_message` to templatize a paging status message.
     soft_errors: Bool, If True, writes non-fatal errors to stderr.
     throw_reasons: A list of Google HTTP error reason strings indicating the
       errors generated by this request should be re-thrown. All other HTTP
@@ -274,40 +329,12 @@ def get_all_pages(service,
                     soft_errors=soft_errors,
                     throw_reasons=throw_reasons,
                     retry_reasons=retry_reasons,
-                    pageToken=page_token,
                     **kwargs)
-        if page:
-            page_token = page.get('nextPageToken')
-            page_items = page.get(items, [])
-            num_page_items = len(page_items)
-            total_items += num_page_items
-            all_items.extend(page_items)
-        else:
-            page_token = None
-            num_page_items = 0
-
-        # Show a paging message to the user that indicates paging progress
-        if page_message:
-            show_message = page_message.replace(TOTAL_ITEMS_MARKER,
-                                                str(total_items))
-            if message_attribute:
-                first_item = page_items[0] if num_page_items > 0 else {}
-                last_item = page_items[-1] if num_page_items > 1 else first_item
-                show_message = show_message.replace(
-                    FIRST_ITEM_MARKER,
-                    str(first_item.get(message_attribute, '')))
-                show_message = show_message.replace(
-                    LAST_ITEM_MARKER, str(last_item.get(message_attribute, '')))
-            sys.stderr.write('\r')
-            sys.stderr.flush()
-            sys.stderr.write(show_message)
-
+        page_token, total_items = process_page(page, items, all_items, total_items, page_message, message_attribute)
         if not page_token:
-            # End the paging status message and return all items.
-            if page_message and (page_message[-1] != '\n'):
-                sys.stderr.write('\r\n')
-                sys.stderr.flush()
+            finalize_page_message(page_message)
             return all_items
+        kwargs['pageToken'] = page_token
 
 
 # TODO: Make this private once all execution related items that use this method

src/gam/gapi/calendar.py

@@ -37,7 +37,7 @@ def buildCalendarDataGAPIObject(calname):
     if not calname.endswith('.calendar.google.com'):
         cal = gam.buildGAPIServiceObject('calendar', calendarId, False)
     if cal is None:
-        _, cal = buildCalendarGAPIObject(gam._getValueFromOAuth('email'))
+        _, cal = buildCalendarGAPIObject(gam._get_admin_email())
     return (calendarId, cal)
 
 
@@ -154,7 +154,11 @@ def delACL():
         gapi.call(cal.acl(), 'delete', calendarId=calendarId, ruleId=ruleId)
     else:
         body = {'role': 'none'}
-        _getCalendarACLScope(5, body)
+        i = 4
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in CALENDAR_ACL_ROLES_MAP:
+            i += 1
+        _getCalendarACLScope(i, body)
         print(f'Calendar: {calendarId}, Delete ACL: {formatACLScope(body)}')
         gapi.call(cal.acl(),
                   'insert',
@@ -824,7 +828,7 @@ def _showCalendar(userCalendar, j, jcount):
     print(f'    Color ID: {userCalendar["colorId"]}, ' \
           f'Background Color: {userCalendar["backgroundColor"]}, ' \
           f'Foreground Color: {userCalendar["foregroundColor"]}')
-    print(f'    Default Reminders:')
+    print('    Default Reminders:')
     for reminder in userCalendar.get('defaultReminders', []):
         print(f'      Method: {reminder["method"]}, ' \
               f'Minutes: {reminder["minutes"]}')

src/gam/gapi/cbcm.py

@@ -0,0 +1,303 @@
+"""Chrome Browser Cloud Management API calls"""
+
+import csv
+import os.path
+import sys
+
+import gam
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import fileutils
+from gam import gapi
+from gam.gapi.directory import orgunits as gapi_directory_orgunits
+from gam import utils
+
+
+def _get_customerid():
+    ''' returns customer id without C prefix'''
+    customer_id = GC_Values[GC_CUSTOMER_ID]
+    if customer_id[0] == 'C':
+        customer_id = customer_id[1:]
+    return customer_id
+
+
+def build():
+    return gam.buildGAPIObject('cbcm')
+
+
+def delete():
+    cbcm = build()
+    device_id = sys.argv[3]
+    customer_id = _get_customerid()
+    gapi.call(cbcm.chromebrowsers(), 'delete', deviceId=device_id,
+              customer=customer_id)
+    print(f'Deleted browser {device_id}')
+
+
+def info():
+    cbcm = build()
+    device_id = sys.argv[3]
+    projection = 'BASIC'
+    fields = None
+    customer_id = _get_customerid()
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in ['basic', 'full']:
+            projection = myarg.upper()
+            i += 1
+        elif myarg == 'fields':
+            fields = sys.argv[i+1]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam info browser')
+    browser = gapi.call(cbcm.chromebrowsers(), 'get',
+                        customer=customer_id,
+                        fields=fields, deviceId=device_id,
+                        projection=projection)
+    display.print_json(browser)
+
+
+def move():
+    cbcm = build()
+    body = {'resource_ids': []}
+    customer_id = _get_customerid()
+    i = 3
+    resource_ids = []
+    batch_size = 600
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'ids':
+            resource_ids.extend(sys.argv[i + 1].split(','))
+            i += 2
+        elif myarg == 'query':
+            query = sys.argv[i + 1]
+            page_message = gapi.got_total_items_msg('Browsers', '...\n')
+            browsers = gapi.get_all_pages(cbcm.chromebrowsers(), 'list',
+                         'browsers', page_message=page_message,
+                         customer=customer_id,
+                         query=query, projection='BASIC',
+                         fields='browsers(deviceId),nextPageToken')
+            ids = [browser['deviceId'] for browser in browsers]
+            resource_ids.extend(ids)
+            i += 2
+        elif myarg == 'file':
+            with fileutils.open_file(sys.argv[i+1], strip_utf_bom=True) as filed:
+                for row in filed:
+                    rid = row.strip()
+                    if rid:
+                        resource_ids.append(rid)
+            i += 2
+        elif myarg == 'csvfile':
+            drive, fname_column = os.path.splitdrive(sys.argv[i+1])
+            if fname_column.find(':') == -1:
+                controlflow.system_error_exit(
+                    2, 'Expected csvfile FileName:FieldName')
+            (filename, column) = fname_column.split(':')
+            with fileutils.open_file(drive + filename) as filed:
+                input_file = csv.DictReader(filed, restval='')
+                if column not in input_file.fieldnames:
+                    controlflow.csv_field_error_exit(column,
+                                                     input_file.fieldnames)
+                for row in input_file:
+                    rid = row[column].strip()
+                    if rid:
+                        resource_ids.append(rid)
+            i += 2
+        elif myarg in ['ou', 'orgunit', 'org']:
+            org_unit = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
+            body['org_unit_path'] = org_unit
+            i += 2
+        elif myarg == 'batchsize':
+            batch_size = int(sys.argv[i+1])
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam move browsers')
+    if 'org_unit_path' not in body:
+        controlflow.missing_argument_exit('ou', 'gam move browsers')
+    elif not resource_ids:
+        controlflow.missing_argument_exit('query or ids',
+                                          'gam move browsers')
+    # split moves into max 600 devices per batch
+    for chunk in range(0, len(resource_ids), batch_size):
+        body['resource_ids'] = resource_ids[chunk:chunk + batch_size]
+        print(f' moving {len(body["resource_ids"])} browsers to ' \
+                       f'{body["org_unit_path"]}')
+        gapi.call(cbcm.chromebrowsers(), 'moveChromeBrowsersToOu',
+                  customer=customer_id, body=body)
+
+
+def print_():
+    cbcm = build()
+    customer_id = _get_customerid()
+    projection = 'BASIC'
+    orgUnitPath = query = None
+    fields = None
+    titles = []
+    csv_rows = []
+    todrive = False
+    sort_headers = False
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'query':
+            query = sys.argv[i+1]
+            i += 2
+        elif myarg in ['ou', 'org', 'orgunit']:
+            orgUnitPath = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1], pathOnly=True, absolutePath=True)
+            i += 2
+        elif myarg == 'projection':
+            projection = sys.argv[i + 1].upper()
+            i += 2
+        elif myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg == 'sortheaders':
+            sort_headers = True
+            i += 1
+        elif myarg == 'fields':
+            fields = sys.argv[i + 1].replace(',', ' ').split()
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam print browsers')
+    if fields:
+        fields.append('deviceId')
+        fields = f'browsers({",".join(set(fields))}),nextPageToken'
+    page_message = gapi.got_total_items_msg('Browsers', '...\n')
+    browsers = gapi.get_all_pages(cbcm.chromebrowsers(), 'list',
+                         'browsers', page_message=page_message,
+                         customer=customer_id,
+                         orgUnitPath=orgUnitPath, query=query, projection=projection,
+                         fields=fields)
+    for browser in browsers:
+        browser = utils.flatten_json(browser)
+        for a_key in browser:
+            if a_key not in titles:
+                titles.append(a_key)
+        csv_rows.append(browser)
+    if sort_headers:
+        display.sort_csv_titles(['deviceId',], titles)
+    display.write_csv_file(csv_rows, titles, 'Browsers', todrive)
+
+
+attributes = {
+    'assetid': 'annotatedAssetId',
+    'location': 'annotatedLocation',
+    'notes': 'annotatedNotes',
+    'user': 'annotatedUser'
+    }
+attribute_fields = ','.join(list(attributes.values()))
+
+def update():
+    cbcm = build()
+    customer_id = _get_customerid()
+    device_id = sys.argv[3]
+    body = {'deviceId': device_id}
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in attributes:
+            body[attributes[myarg]] = sys.argv[i+1]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam update browser')
+    browser = gapi.call(cbcm.chromebrowsers(), 'get', deviceId=device_id,
+                        customer=customer_id,
+                        projection='BASIC', fields=attribute_fields)
+    browser.update(body)
+    result = gapi.call(cbcm.chromebrowsers(), 'update', deviceId=device_id,
+                       customer=customer_id, body=browser,
+                       projection='BASIC', fields="deviceId")
+    print(f'Updated browser {result["deviceId"]}')
+
+
+def createtoken():
+    cbcm = build()
+    customer_id = _get_customerid()
+    body = {'token_type': 'CHROME_BROWSER'}
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in ['ou', 'orgunit', 'org']:
+            body['org_unit_path'] = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
+            i += 2
+        elif myarg in ['expire', 'expires']:
+            body['expire_time'] = utils.get_time_or_delta_from_now(sys.argv[i + 1])
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam create browsertoken')
+    browser = gapi.call(cbcm.enrollmentTokens(), 'create',
+                        customer=customer_id, body=body)
+    print(f'Created browser enrollment token {browser["token"]}')
+
+
+def revoketoken():
+    cbcm = build()
+    customer_id = _get_customerid()
+    token_permanent_id = sys.argv[3]
+    gapi.call(cbcm.enrollmentTokens(), 'revoke', tokenPermanentId=token_permanent_id,
+              customer=customer_id)
+    print(f'Deleted browser enrollment token {token_permanent_id}')
+
+
+def printshowtokens(csvFormat):
+    cbcm = build()
+    customer_id = _get_customerid()
+    query = None
+    fields = None
+    if csvFormat:
+        titles = ['token']
+        csv_rows = []
+        todrive = False
+        sort_headers = False
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'query':
+            query = sys.argv[i+1]
+            i += 2
+        elif csvFormat and myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif csvFormat and myarg == 'sortheaders':
+            sort_headers = True
+            i += 1
+        elif myarg == 'fields':
+            fields = sys.argv[i + 1].replace(',', ' ').split()
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                f"gam {['show', 'print'][csvFormat]} browsertokens")
+    if fields:
+        fields.append('token')
+        fields = f'chromeEnrollmentTokens({",".join(set(fields))}),nextPageToken'
+    page_message = gapi.got_total_items_msg('Chrome Browser Enrollment Tokens', '...\n')
+    browsers = gapi.get_all_pages(cbcm.enrollmentTokens(), 'list',
+                         'chromeEnrollmentTokens', page_message=page_message,
+                         customer=customer_id,
+                         query=query, fields=fields)
+    if not csvFormat:
+        count = len(browsers)
+        print(f'Show {count} Chrome Browser Enrollment Tokens')
+        i = 0
+        for browser in browsers:
+            i += 1
+            print(f'  Chrome Browser Enrollment Token: {browser["token"]}{gam.currentCount(i, count)}')
+            browser.pop('kind', None)
+            for field in browser:
+                print(f'    {field}: {browser[field]}')
+    else:
+        for browser in browsers:
+            browser = utils.flatten_json(browser)
+            for a_key in browser:
+                if a_key not in titles:
+                    titles.append(a_key)
+            csv_rows.append(browser)
+        if sort_headers:
+            display.sort_csv_titles(['token',], titles)
+        display.write_csv_file(csv_rows, titles, 'Chrome Browser Enrollment Tokens', todrive)

src/gam/gapi/chromehistory.py

@@ -0,0 +1,229 @@
+"""Chrome Version History API calls"""
+
+import re
+import sys
+
+import gam
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam import utils
+
+
+def build():
+    return gam.buildGAPIObjectNoAuthentication('versionhistory')
+
+
+CHROME_HISTORY_ENTITY_CHOICES = {
+  'platforms',
+  'channels',
+  'versions',
+  'releases',
+  }
+
+CHROME_VERSIONHISTORY_ORDERBY_CHOICE_MAP = {
+  'versions':  {
+    'channel': 'channel',
+    'name': 'name',
+    'platform': 'platform',
+    'version': 'version'
+    },
+  'releases': {
+    'channel': 'channel',
+    'endtime': 'endtime',
+    'fraction': 'fraction',
+    'name': 'name',
+    'platform': 'platform',
+    'starttime': 'starttime',
+    'version': 'version'
+    }
+  }
+
+CHROME_VERSIONHISTORY_TITLES = {
+  'platforms': ['platform'],
+  'channels':  ['channel', 'platform'],
+  'versions': ['version', 'channel', 'platform',
+               'major_version', 'minor_version', 'build', 'patch'],
+  'releases': ['version', 'channel', 'platform',
+               'major_version', 'minor_version', 'build', 'patch',
+               'fraction', 'serving.startTime','serving.endTime']
+  }
+
+def get_relative_milestone(channel='stable', minus=0):
+    '''
+    takes a channel and minus like stable and -1.
+    returns current given milestone number
+    '''
+    cv = build()
+    parent = f'chrome/platforms/all/channels/{channel}/versions/all'
+    releases = gapi.get_all_pages(cv.platforms().channels().versions().releases(),
+                                  'list',
+                                  'releases',
+                                  parent=parent,
+                                  fields='releases/version,nextPageToken')
+    milestones = []
+    # Note that milestones are usually sequential but some numbers
+    # may be skipped. For example, there was no Chrome 82 stable.
+    # Thus we need to do more than find the latest version and subtract.
+    for release in releases:
+        milestone = release.get('version').split('.')[0]
+        if milestone not in milestones:
+            milestones.append(milestone)
+    milestones.sort(reverse=True)
+    try:
+        return milestones[minus]
+    except IndexError:
+        return ''
+
+def get_platform_map(cv=None):
+    '''returns dict mapping of platform choices'''
+    if cv is None:
+        cv = build()
+    result = gapi.get_all_pages(cv.platforms(),
+                                'list',
+                                'platforms',
+                                parent='chrome')
+    platforms = [p.get('platformType', '').lower() for p in result]
+    platform_map = {'all': 'all'}
+    for cplatform in platforms:
+        key = cplatform.replace('_', '')
+        platform_map[key] = cplatform
+    return platform_map
+
+
+def get_channel_map(cv=None):
+    '''returns dict mapping of channel choices'''
+    if cv is None:
+        cv = build()
+    result = gapi.get_all_pages(cv.platforms().channels(),
+                                'list',
+                                'channels',
+                                parent='chrome/platforms/all')
+    channels = [c.get('channelType', '').lower() for c in result]
+    channels = list(set(channels))
+    channel_map = {'all': 'all'}
+    for channel in channels:
+        key = channel.replace('_', '')
+        channel_map[key] = channel
+    return channel_map
+
+def printHistory():
+    cv = build()
+    entityType = sys.argv[3].lower().replace('_', '')
+    if entityType not in CHROME_HISTORY_ENTITY_CHOICES:
+        msg = f'{entityType} is not a valid argument to "gam print chromehistory"'
+        controlflow.system_error_exit(3, msg)
+    todrive = False
+    csvRows = []
+    cplatform = 'all'
+    channel = 'all'
+    version = 'all'
+    kwargs = {}
+    orderByList = []
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif entityType != 'platforms' and myarg == 'platform':
+            cplatform = sys.argv[i + 1].lower().replace('_', '')
+            platform_map = get_platform_map(cv)
+            if cplatform not in platform_map:
+                controlflow.expected_argument_exit('platform',
+                                                   ', '.join(platform_map),
+                                                   cplatform)
+            cplatform = platform_map[cplatform]
+            i += 2
+        elif entityType in {'versions', 'releases'} and myarg == 'channel':
+            channel = sys.argv[i + 1].lower().replace('_', '')
+            channel_map = get_channel_map(cv)
+            if channel not in channel_map:
+                controlflow.expected_argument_exit('channel',
+                                                   ', '.join(channel_map),
+                                                   channel)
+            channel = channel_map[channel]
+            i += 2
+        elif entityType == 'releases' and myarg == 'version':
+            version = sys.argv[i + 1]
+            i += 2
+        elif entityType in {'versions', 'releases'} and myarg == 'orderby':
+            fieldName = sys.argv[i + 1].lower().replace('_', '')
+            i += 2
+            if fieldName in CHROME_VERSIONHISTORY_ORDERBY_CHOICE_MAP[entityType]:
+                fieldName = CHROME_VERSIONHISTORY_ORDERBY_CHOICE_MAP[entityType][fieldName]
+                orderBy = ''
+                if i < len(sys.argv):
+                    orderBy = sys.argv[i].lower()
+                    if orderBy in SORTORDER_CHOICES_MAP:
+                        orderBy = SORTORDER_CHOICES_MAP[orderBy]
+                        i += 1
+                if orderBy != 'DESCENDING':
+                    orderByList.append(fieldName)
+                else:
+                    orderByList.append(f'{fieldName} desc')
+            else:
+                controlflow.expected_argument_exit('orderby',
+                                                   ', '.join(CHROME_VERSIONHISTORY_ORDERBY_CHOICE_MAP[entityType]),
+                                                   fieldName)
+        elif entityType in {'versions', 'releases'} and myarg == 'filter':
+            kwargs['filter'] = sys.argv[i + 1]
+            i += 2
+        else:
+            msg = f'{myarg} is not a valid argument to "gam print chromehistory {entityType}"'
+            controlflow.system_error_exit(3, msg)
+    if orderByList:
+        kwargs['orderBy'] = ','.join(orderByList)
+    if entityType == 'platforms':
+        svc = cv.platforms()
+        parent = 'chrome'
+    elif entityType == 'channels':
+        svc = cv.platforms().channels()
+        parent = f'chrome/platforms/{cplatform}'
+    elif entityType == 'versions':
+        svc = cv.platforms().channels().versions()
+        parent = f'chrome/platforms/{cplatform}/channels/{channel}'
+    else: #elif entityType == 'releases'
+        svc = cv.platforms().channels().versions().releases()
+        parent = f'chrome/platforms/{cplatform}/channels/{channel}/versions/{version}'
+    reportTitle = f'Chrome Version History {entityType.capitalize()}'
+    page_message = gapi.got_total_items_msg(reportTitle, '...\n')
+    gam.printGettingAllItems(reportTitle, None)
+    citems = gapi.get_all_pages(svc, 'list', entityType,
+                                page_message=page_message,
+                                parent=parent,
+                                fields=f'nextPageToken,{entityType}',
+                                **kwargs)
+    for citem in citems:
+        for key in list(citem):
+            if key.endswith('Type'):
+                newkey = key[:-4]
+                citem[newkey] = citem.pop(key)
+        if 'channel' in citem:
+            citem['channel'] = citem['channel'].lower()
+        else:
+            channel_match = re.search(r"\/channels\/([^/]*)", citem['name'])
+            if channel_match:
+                try:
+                    citem['channel'] = channel_match.group(1)
+                except IndexError:
+                    pass
+        if 'platform' in citem:
+            citem['platform'] = citem['platform'].lower()
+        else:
+            platform_match = re.search(r"\/platforms\/([^/]*)", citem['name'])
+            if platform_match:
+                try:
+                    citem['platform'] = platform_match.group(1)
+                except IndexError:
+                    pass
+
+        if citem.get('version', '').count('.') == 3:
+            citem['major_version'], \
+            citem['minor_version'], \
+            citem['build'], \
+            citem['patch'] = citem['version'].split('.')
+        citem.pop('name')
+        csvRows.append(utils.flatten_json(citem))
+    display.write_csv_file(csvRows, CHROME_VERSIONHISTORY_TITLES[entityType], reportTitle, todrive)

src/gam/gapi/chromemanagement.py

@@ -0,0 +1,265 @@
+"""Chrome Management API calls"""
+
+import sys
+
+import gam
+from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER
+from gam.var import CROS_START_ARGUMENTS, CROS_END_ARGUMENTS
+from gam.var import YYYYMMDD_FORMAT
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.gapi.directory import orgunits as gapi_directory_orgunits
+from gam.gapi.directory.cros import _getFilterDate
+
+
+def _get_customerid():
+    customer = GC_Values[GC_CUSTOMER_ID]
+    if customer != MY_CUSTOMER and customer[0] != 'C':
+        customer = 'C' + customer
+    return f'customers/{customer}'
+
+
+def _get_orgunit(orgunit):
+    if orgunit.startswith('orgunits/'):
+        return orgunit
+    _, orgunitid = gapi_directory_orgunits.getOrgUnitId(orgunit)
+    return f'{orgunitid[3:]}'
+
+
+def build():
+    return gam.buildGAPIObject('chromemanagement')
+
+
+CHROME_APPS_ORDERBY_CHOICE_MAP = {
+  'appname': 'app_name',
+  'apptype': 'appType',
+  'installtype': 'install_type',
+  'numberofpermissions': 'number_of_permissions',
+  'totalinstallcount': 'total_install_count',
+  }
+CHROME_APPS_TITLES = [
+  'appId', 'displayName',
+  'browserDeviceCount', 'osUserCount',
+  'appType', 'description',
+  'appInstallType', 'appSource',
+  'disabled', 'homepageUri',
+  'permissions'
+  ]
+
+def printApps():
+    cm = build()
+    customer = _get_customerid()
+    todrive = False
+    titles = CHROME_APPS_TITLES
+    csvRows = []
+    orgunit = None
+    pfilter = None
+    orderBy = None
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg in ['ou', 'org', 'orgunit']:
+            orgunit = _get_orgunit(sys.argv[i+1])
+            i += 2
+        elif myarg == 'filter':
+            pfilter = sys.argv[i + 1]
+            i += 2
+        elif myarg == 'orderby':
+            orderBy = sys.argv[i + 1].lower().replace('_', '')
+            if orderBy not in CHROME_APPS_ORDERBY_CHOICE_MAP:
+                controlflow.expected_argument_exit('orderby',
+                                                   ', '.join(CHROME_APPS_ORDERBY_CHOICE_MAP),
+                                                   orderBy)
+            orderBy = CHROME_APPS_ORDERBY_CHOICE_MAP[orderBy]
+            i += 2
+        else:
+            msg = f'{myarg} is not a valid argument to "gam print chromeapps"'
+            controlflow.system_error_exit(3, msg)
+    if orgunit:
+        orgUnitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit, None)
+        titles.append('orgUnitPath')
+    else:
+        orgUnitPath = '/'
+    gam.printGettingAllItems('Chrome Installed Applications', pfilter)
+    page_message = gapi.got_total_items_msg('Chrome Installed Applications', '...\n')
+    apps = gapi.get_all_pages(cm.customers().reports(),
+                              'countInstalledApps',
+                              'installedApps',
+                              page_message=page_message,
+                              customer=customer, orgUnitId=orgunit,
+                              filter=pfilter, orderBy=orderBy)
+    for app in apps:
+        if orgunit:
+            app['orgUnitPath'] = orgUnitPath
+        if 'permissions'in app:
+            app['permissions'] = ' '.join(app['permissions'])
+        csvRows.append(app)
+    display.write_csv_file(csvRows, titles, 'Chrome Installed Applications', todrive)
+
+
+CHROME_APP_DEVICES_APPTYPE_CHOICE_MAP = {
+  'extension': 'EXTENSION',
+  'app': 'APP',
+  'theme': 'THEME',
+  'hostedapp': 'HOSTED_APP',
+  'androidapp': 'ANDROID_APP',
+  }
+CHROME_APP_DEVICES_ORDERBY_CHOICE_MAP = {
+  'deviceid': 'deviceId',
+  'machine': 'machine',
+  }
+CHROME_APP_DEVICES_TITLES = [
+  'appId', 'appType', 'deviceId', 'machine'
+  ]
+
+def printAppDevices():
+    cm = build()
+    customer = _get_customerid()
+    todrive = False
+    titles = CHROME_APP_DEVICES_TITLES
+    csvRows = []
+    orgunit = None
+    appId = None
+    appType = None
+    startDate = None
+    endDate = None
+    pfilter = None
+    orderBy = None
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg in ['ou', 'org', 'orgunit']:
+            orgunit = _get_orgunit(sys.argv[i+1])
+            i += 2
+        elif myarg == 'appid':
+            appId = sys.argv[i + 1]
+            i += 2
+        elif myarg == 'apptype':
+            appType = sys.argv[i + 1].lower().replace('_', '')
+            if appType not in CHROME_APP_DEVICES_APPTYPE_CHOICE_MAP:
+                controlflow.expected_argument_exit('orderby',
+                                                   ', '.join(CHROME_APP_DEVICES_APPTYPE_CHOICE_MAP),
+                                                   appType)
+            appType = CHROME_APP_DEVICES_APPTYPE_CHOICE_MAP[appType]
+            i += 2
+        elif myarg in CROS_START_ARGUMENTS:
+            startDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
+            i += 2
+        elif myarg in CROS_END_ARGUMENTS:
+            endDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
+            i += 2
+        elif myarg == 'orderby':
+            orderBy = sys.argv[i + 1].lower().replace('_', '')
+            if orderBy not in CHROME_APP_DEVICES_ORDERBY_CHOICE_MAP:
+                controlflow.expected_argument_exit('orderby',
+                                                   ', '.join(CHROME_APP_DEVICES_ORDERBY_CHOICE_MAP),
+                                                   orderBy)
+            orderBy = CHROME_APP_DEVICES_ORDERBY_CHOICE_MAP[orderBy]
+            i += 2
+        else:
+            msg = f'{myarg} is not a valid argument to "gam print chromeappdevices"'
+            controlflow.system_error_exit(3, msg)
+    if not appId:
+        controlflow.system_error_exit(3, 'You must specify an appid')
+    if not appType:
+        controlflow.system_error_exit(3, 'You must specify an apptype')
+    if endDate:
+        pfilter = f'last_active_date<={endDate}'
+    if startDate:
+        if pfilter:
+            pfilter += ' AND '
+        else:
+            pfilter = ''
+        pfilter += f'last_active_date>={startDate}'
+    if orgunit:
+        orgUnitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit, None)
+        titles.append('orgUnitPath')
+    else:
+        orgUnitPath = '/'
+    gam.printGettingAllItems('Chrome Installed Application Devices', pfilter)
+    page_message = gapi.got_total_items_msg('Chrome Installed Application Devices', '...\n')
+    devices = gapi.get_all_pages(cm.customers().reports(),
+                                 'findInstalledAppDevices',
+                                 'devices',
+                                 page_message=page_message,
+                                 appId=appId, appType=appType,
+                                 customer=customer, orgUnitId=orgunit,
+                                 filter=pfilter, orderBy=orderBy)
+    for device in devices:
+        if orgunit:
+            device['orgUnitPath'] = orgUnitPath
+        device['appId'] = appId
+        device['appType'] = appType
+        csvRows.append(device)
+    display.write_csv_file(csvRows, titles, 'Chrome Installed Application Devices', todrive)
+
+
+CHROME_VERSIONS_TITLES = [
+    'version', 'count', 'channel', 'deviceOsVersion', 'system'
+    ]
+def printVersions():
+    cm = build()
+    customer = _get_customerid()
+    todrive = False
+    titles = CHROME_VERSIONS_TITLES
+    csvRows = []
+    orgunit = None
+    startDate = None
+    endDate = None
+    pfilter = None
+    reverse = False
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg in ['ou', 'org', 'orgunit']:
+            orgunit = _get_orgunit(sys.argv[i+1])
+            i += 2
+        elif myarg in CROS_START_ARGUMENTS:
+            startDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
+            i += 2
+        elif myarg in CROS_END_ARGUMENTS:
+            endDate = _getFilterDate(sys.argv[i + 1]).strftime(YYYYMMDD_FORMAT)
+            i += 2
+        elif myarg == 'recentfirst':
+            reverse = True
+            i += 1
+        else:
+            msg = f'{myarg} is not a valid argument to "gam print chromeversions"'
+            controlflow.system_error_exit(3, msg)
+    if endDate:
+        pfilter = f'last_active_date<={endDate}'
+    if startDate:
+        if pfilter:
+            pfilter += ' AND '
+        else:
+            pfilter = ''
+        pfilter += f'last_active_date>={startDate}'
+    if orgunit:
+        orgUnitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit, None)
+        titles.append('orgUnitPath')
+    else:
+        orgUnitPath = '/'
+    gam.printGettingAllItems('Chrome Versions', pfilter)
+    page_message = gapi.got_total_items_msg('Chrome Versions', '...\n')
+    versions = gapi.get_all_pages(cm.customers().reports(),
+                                  'countChromeVersions',
+                                  'browserVersions',
+                                  page_message=page_message,
+                                  customer=customer, orgUnitId=orgunit, filter=pfilter)
+    for version in sorted(versions, key=lambda k: k.get('version', 'Unknown'), reverse=reverse):
+        if orgunit:
+            version['orgUnitPath'] = orgUnitPath
+        if 'version' not in version:
+            version['version'] = 'Unknown'
+        csvRows.append(version)
+    display.write_csv_file(csvRows, titles, 'Chrome Versions', todrive)

src/gam/gapi/chromepolicy.py

@@ -0,0 +1,338 @@
+"""Chrome Browser Cloud Management API calls"""
+
+import re
+import sys
+
+import googleapiclient.errors
+
+import gam
+from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER
+from gam import controlflow
+from gam import gapi
+from gam.gapi import errors as gapi_errors
+from gam.gapi import chromehistory as gapi_chromehistory
+from gam.gapi.directory import orgunits as gapi_directory_orgunits
+from gam import utils
+
+
+def _get_customerid():
+    customer = GC_Values[GC_CUSTOMER_ID]
+    if customer != MY_CUSTOMER and customer[0] != 'C':
+        customer = 'C' + customer
+    return f'customers/{customer}'
+
+
+def _get_orgunit(orgunit):
+    if orgunit.startswith('orgunits/'):
+        return orgunit
+    _, orgunitid = gapi_directory_orgunits.getOrgUnitId(orgunit)
+    return f'orgunits/{orgunitid[3:]}'
+
+
+def build():
+    return gam.buildGAPIObject('chromepolicy')
+
+
+def printshow_policies():
+    svc = build()
+    customer = _get_customerid()
+    orgunit = None
+    printer_id = None
+    app_id = None
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in ['ou', 'org', 'orgunit']:
+            orgunit = _get_orgunit(sys.argv[i+1])
+            i += 2
+        elif myarg == 'printerid':
+            printer_id = sys.argv[i+1]
+            i += 2
+        elif myarg == 'appid':
+            app_id = sys.argv[i+1]
+            i += 2
+        else:
+            msg = f'{myarg} is not a valid argument to "gam print chromepolicy"'
+            controlflow.system_error_exit(3, msg)
+    if not orgunit:
+        controlflow.system_error_exit(3, 'You must specify an orgunit')
+    body = {
+             'policyTargetKey': {
+               'targetResource': orgunit,
+             }
+           }
+    if printer_id:
+        body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
+        namespaces = ['chrome.printers']
+    elif app_id:
+        body['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
+        namespaces = ['chrome.users.apps',
+                      'chrome.devices.managedGuest.apps',
+                      'chrome.devices.kiosk.apps']
+    else:
+        namespaces = [
+            'chrome.users',
+#           Not yet implemented:
+#           'chrome.devices',
+#           'chrome.devices.managedGuest',
+#           'chrome.devices.kiosk',
+            ]
+    throw_reasons = [gapi_errors.ErrorReason.FOUR_O_O,]
+    orgunitPath = gapi_directory_orgunits.orgunit_from_orgunitid(orgunit[9:], None)
+    header = f'Organizational Unit: {orgunitPath}'
+    if printer_id:
+        header += f', printerid: {printer_id}'
+    elif app_id:
+        header += f', appid: {app_id}'
+    print(header)
+    for namespace in namespaces:
+        body['policySchemaFilter'] = f'{namespace}.*'
+        try:
+            policies = gapi.get_all_pages(svc.customers().policies(), 'resolve',
+                                          items='resolvedPolicies',
+                                          throw_reasons=throw_reasons,
+                                          customer=customer,
+                                          body=body)
+        except googleapiclient.errors.HttpError:
+            policies = []
+        for policy in sorted(policies, key=lambda k: k.get('value', {}).get('policySchema', '')):
+            print()
+            name = policy.get('value', {}).get('policySchema', '')
+            print(name)
+            values = policy.get('value', {}).get('value', {})
+            for setting, value in values.items():
+                if isinstance(value, str) and value.find('_ENUM_') != -1:
+                    value = value.split('_ENUM_')[-1]
+                print(f'  {setting}: {value}')
+
+
+def build_schemas(svc=None, sfilter=None):
+    if not svc:
+        svc = build()
+    parent = _get_customerid()
+    schemas = gapi.get_all_pages(svc.customers().policySchemas(), 'list',
+            items='policySchemas', parent=parent, filter=sfilter)
+    schema_objects = {}
+    for schema in schemas:
+        schema_name = schema.get('name', '').split('/')[-1]
+        schema_dict = {
+                'name': schema_name,
+                'description': schema.get('policyDescription', ''),
+                'settings': {},
+                }
+        field_descriptions = schema.get('fieldDescriptions', [])
+        for mtype in schema.get('definition', {}).get('messageType', {}):
+            for setting in mtype.get('field', {}):
+                setting_name = setting.get('name', '')
+                setting_dict = {
+                                 'name': setting_name,
+                                 'constraints': None,
+                                 'descriptions':  [],
+                                 'type': setting.get('type'),
+                               }
+                if setting_dict['type'] == 'TYPE_STRING' and \
+                   setting.get('label') == 'LABEL_REPEATED':
+                    setting_dict['type'] = 'TYPE_LIST'
+                if setting_dict['type'] == 'TYPE_ENUM':
+                    type_name = setting['typeName']
+                    for an_enum in schema['definition']['enumType']:
+                        if an_enum['name'] == type_name:
+                            setting_dict['enums'] = [enum['name'] for enum in an_enum['value']]
+                            setting_dict['enum_prefix'] = utils.commonprefix(setting_dict['enums'])
+                            prefix_len = len(setting_dict['enum_prefix'])
+                            setting_dict['enums'] = [enum[prefix_len:] for enum \
+                                                     in setting_dict['enums'] \
+                                                     if not enum.endswith('UNSPECIFIED')]
+                            setting_dict['descriptions'] = ['']*len(setting_dict['enums'])
+                            if field_descriptions:
+                                for i, an in enumerate(setting_dict['enums']):
+                                    for fdesc in field_descriptions:
+                                      if fdesc.get('field') == setting_name:
+                                          for d in fdesc.get('knownValueDescriptions', []):
+                                              if d['value'][prefix_len:] == an:
+                                                  setting_dict['descriptions'][i] = d['description']
+                                                  break
+                                          break
+                            break
+                elif setting_dict['type'] == 'TYPE_MESSAGE':
+                    continue
+                else:
+                    setting_dict['enums'] = None
+                    for fdesc in schema.get('fieldDescriptions', []):
+                        if fdesc.get('field') == setting_name:
+                            if 'knownValueDescriptions' in fdesc:
+                                setting_dict['descriptions'] = fdesc['knownValueDescriptions']
+                            elif 'description' in fdesc:
+                                setting_dict['descriptions'] = [fdesc['description']]
+                schema_dict['settings'][setting_name.lower()] = setting_dict
+        schema_objects[schema_name.lower()] = schema_dict
+    return schema_objects
+
+
+def printshow_schemas():
+    svc = build()
+    sfilter = None
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'filter':
+            sfilter = sys.argv[i+1]
+            i += 2
+        else:
+            msg = f'{myarg} is not a valid argument to "gam print chromeschema"'
+            controlflow.system_error_exit(3, msg)
+    schemas = build_schemas(svc, sfilter)
+    for _, value in sorted(iter(schemas.items())):
+        print(f'{value.get("name")}: {value.get("description")}')
+        for val in value['settings'].values():
+            vtype = val.get('type')
+            print(f'  {val.get("name")}: {vtype}')
+            if vtype == 'TYPE_ENUM':
+                enums = val.get('enums', [])
+                descriptions = val.get('descriptions', [])
+                for i in range(len(val.get('enums', []))):
+                    print(f'    {enums[i]}: {descriptions[i]}')
+            elif vtype == 'TYPE_BOOL':
+                pvs = val.get('descriptions')
+                for pvi in pvs:
+                    if isinstance(pvi, dict):
+                        pvalue = pvi.get('value')
+                        pdescription = pvi.get('description')
+                        print(f'    {pvalue}: {pdescription}')
+                    elif isinstance(pvi, list):
+                        print(f'    {pvi[0]}')
+            else:
+                description = val.get('descriptions')
+                if len(description) > 0:
+                    print(f'    {description[0]}')
+        print()
+
+
+def delete_policy():
+    svc = build()
+    customer = _get_customerid()
+    schemas = build_schemas(svc)
+    orgunit = None
+    printer_id = None
+    app_id = None
+    i = 3
+    body = {'requests': []}
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in ['ou', 'org', 'orgunit']:
+            orgunit = _get_orgunit(sys.argv[i+1])
+            i += 2
+        elif myarg == 'printerid':
+            printer_id = sys.argv[i+1]
+            i += 2
+        elif myarg == 'appid':
+            app_id = sys.argv[i+1]
+            i += 2
+        elif myarg in schemas:
+            body['requests'].append({'policySchema': schemas[myarg]['name']})
+            i += 1
+        else:
+            msg = f'{myarg} is not a valid argument to "gam delete chromepolicy"'
+            controlflow.system_error_exit(3, msg)
+    if not orgunit:
+        controlflow.system_error_exit(3, 'You must specify an orgunit')
+    for request in body['requests']:
+        request['policyTargetKey'] = {'targetResource': orgunit}
+        if printer_id:
+            request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
+        elif app_id:
+            request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
+    gapi.call(svc.customers().policies().orgunits(), 'batchInherit', customer=customer, body=body)
+
+
+def update_policy():
+    svc = build()
+    customer = _get_customerid()
+    schemas = build_schemas(svc)
+    orgunit = None
+    printer_id = None
+    app_id = None
+    i = 3
+    body = {'requests': []}
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in ['ou', 'org', 'orgunit']:
+            orgunit = _get_orgunit(sys.argv[i+1])
+            i += 2
+        elif myarg == 'printerid':
+            printer_id = sys.argv[i+1]
+            i += 2
+        elif myarg == 'appid':
+            app_id = sys.argv[i+1]
+            i += 2
+        elif myarg in schemas:
+            body['requests'].append({'policyValue': {'policySchema': schemas[myarg]['name'],
+                                                     'value': {}},
+                                     'updateMask': ''})
+            i += 1
+            while i < len(sys.argv):
+                field = sys.argv[i].lower()
+                if field in ['ou', 'org', 'orgunit', 'printerid', 'appid'] or '.' in field:
+                    break # field is actually a new policy, orgunit or app/printer id
+                expected_fields = ', '.join(schemas[myarg]['settings'])
+                if field not in expected_fields:
+                    msg = f'Expected {myarg} field of {expected_fields}. Got {field}.'
+                    controlflow.system_error_exit(4, msg)
+                cased_field = schemas[myarg]['settings'][field]['name']
+                value = sys.argv[i+1]
+                vtype = schemas[myarg]['settings'][field]['type']
+                if vtype in ['TYPE_INT64', 'TYPE_INT32', 'TYPE_UINT64']:
+                    if not value.isnumeric():
+                        msg = f'Value for {myarg} {field} must be a number, got {value}'
+                        controlflow.system_error_exit(7, msg)
+                    value = int(value)
+                elif vtype in ['TYPE_BOOL']:
+                    value = gam.getBoolean(value, field)
+                elif vtype in ['TYPE_ENUM']:
+                    value = value.upper()
+                    enum_values = schemas[myarg]['settings'][field]['enums']
+                    if value not in enum_values:
+                        expected_enums = ', '.join(enum_values)
+                        msg = f'Expected {myarg} {field} value to be one of ' \
+                              f'{expected_enums}, got {value}'
+                        controlflow.system_error_exit(8, msg)
+                    prefix = schemas[myarg]['settings'][field]['enum_prefix']
+                    value = f'{prefix}{value}'
+                elif vtype in ['TYPE_LIST']:
+                    value = value.split(',')
+                if myarg == 'chrome.users.chromebrowserupdates' and \
+                      cased_field == 'targetVersionPrefixSetting':
+                    mg = re.compile(r'^([a-z]+)-(\d+)$').match(value)
+                    if mg:
+                        channel = mg.group(1).lower().replace('_', '')
+                        minus = mg.group(2)
+                        channel_map = gapi_chromehistory.get_channel_map(None)
+                        if channel not in channel_map:
+                            expected_channels = ', '.join(channel_map)
+                            msg = f'Expected {myarg} {cased_field} channel to be one of ' \
+                                f'{expected_channels}, got {channel}'
+                            controlflow.system_error_exit(8, msg)
+                        milestone = gapi_chromehistory.get_relative_milestone(
+                            channel_map[channel], int(minus))
+                        if not milestone:
+                            msg = f'{myarg} {cased_field} channel {channel} offset {minus} does not exist'
+                            controlflow.system_error_exit(8, msg)
+                        value = f'{milestone}.'
+                body['requests'][-1]['policyValue']['value'][cased_field] = value
+                body['requests'][-1]['updateMask'] += f'{cased_field},'
+                i += 2
+        else:
+            msg = f'{myarg} is not a valid argument to "gam update chromepolicy"'
+            controlflow.system_error_exit(4, msg)
+    if not orgunit:
+        controlflow.system_error_exit(3, 'You must specify an orgunit')
+    for request in body['requests']:
+        request['policyTargetKey'] = {'targetResource': orgunit}
+        if printer_id:
+            request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
+        elif app_id:
+            request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
+    gapi.call(svc.customers().policies().orgunits(),
+              'batchModify',
+              customer=customer,
+              body=body)

src/gam/gapi/cloudidentity/__init__.py

@@ -0,0 +1,9 @@
+import gam
+
+
+def build(api='cloudidentity'):
+    return gam.buildGAPIObject(api)
+
+def build_dwd(api='cloudidentity'):
+    admin = gam._get_admin_email()
+    return gam.buildGAPIServiceObject(api, admin, True)

src/gam/gapi/cloudidentity/devices.py

@@ -0,0 +1,462 @@
+import csv
+import sys
+
+import googleapiclient
+
+import gam
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import fileutils
+from gam import gapi
+from gam import utils
+from gam.gapi import errors as gapi_errors
+from gam.gapi import cloudidentity as gapi_cloudidentity
+from gam.gapi.directory import customer as gapi_directory_customer
+
+def _get_device_customerid():
+  customer = GC_Values[GC_CUSTOMER_ID]
+  if customer.startswith('C'):
+    customer = customer[1:]
+  return f'customers/{customer}'
+
+def create():
+    ci = gapi_cloudidentity.build_dwd()
+    customer = _get_device_customerid()
+    device_types = gapi.get_enum_values_minus_unspecified(
+        ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1Device']['properties']['deviceType']['enum'])
+    body = {'deviceType': '', 'serialNumber': ''}
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'serialnumber':
+            body['serialNumber'] = sys.argv[i+1]
+            i += 2
+        elif myarg == 'devicetype':
+            body['deviceType'] = sys.argv[i+1].upper()
+            if body['deviceType'] not in device_types:
+                controlflow.expected_argument_exit('device_type',
+                                                   ', '.join(device_types),
+                                                   sys.argv[i+1])
+            i += 2
+        elif myarg in {'assettag', 'assetid'}:
+            body['assetTag'] = sys.argv[i+1]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam create device')
+    if not body['serialNumber'] or not body['deviceType']:
+        controlflow.system_error_exit(
+            3, 'serial_number and device_type are required arguments for "gam create device".')
+    result = gapi.call(ci.devices(), 'create', customer=customer, body=body)
+    print(f'Created device {result["response"]["name"]}')
+
+
+def _get_device_name():
+    name = sys.argv[3]
+    if name == 'id':
+        name = sys.argv[4]
+    if not name.startswith('devices/'):
+        name = f'devices/{name}'
+    return name
+
+
+def info():
+    ci = gapi_cloudidentity.build_dwd()
+    customer = _get_device_customerid()
+    name = _get_device_name()
+    device = gapi.call(ci.devices(), 'get', name=name, customer=customer)
+    device_users = gapi.get_all_pages(ci.devices().deviceUsers(), 'list',
+        'deviceUsers', parent=name, customer=customer)
+    for device_user in device_users:
+        parent = device_user['name']
+        device_user['client_states'] = gapi.get_all_pages(
+                  ci.devices().deviceUsers().clientStates(),
+                  'list', 'clientStates', parent=parent, customer=customer)
+    display.print_json(device)
+    print('Device Users:')
+    display.print_json(device_users)
+
+
+def _generic_action(action, device_user=False):
+    ci = gapi_cloudidentity.build_dwd()
+    customer = _get_device_customerid()
+    name = _get_device_name()
+
+    # bah, inconsistencies in API
+    if action == 'delete':
+        kwargs = {'customer': customer}
+    else:
+        kwargs = {'body': {'customer': customer}}
+
+    if device_user:
+        endpoint = ci.devices().deviceUsers()
+    else:
+        endpoint = ci.devices()
+    op = gapi.call(endpoint, action, name=name, **kwargs)
+    print(op)
+
+
+def delete():
+    _generic_action('delete')
+
+
+def cancel_wipe():
+    _generic_action('cancelWipe')
+
+
+def wipe():
+    _generic_action('wipe')
+
+
+def approve_user():
+    _generic_action('approve', True)
+
+
+def block_user():
+    _generic_action('block', True)
+
+
+def cancel_wipe_user():
+    _generic_action('cancelWipe', True)
+
+
+def delete_user():
+    _generic_action('delete', True)
+
+
+def wipe_user():
+    _generic_action('wipe', True)
+
+
+def _get_deviceuser_name():
+    i = 3
+    name = sys.argv[i]
+    if name == 'id':
+        i += 1
+        name = sys.argv[i]
+    if not name.startswith('devices/'):
+        name = f'devices/{name}'
+    return (i+1, name)
+
+def info_state():
+    ci = gapi_cloudidentity.build_dwd()
+    gapi_directory_customer.setTrueCustomerId()
+    customer = _get_device_customerid()
+    customer_id = customer[10:]
+    client_id = f'{customer_id}-gam'
+    i, deviceuser = _get_deviceuser_name()
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'clientid':
+            client_id = f'{customer_id}-{sys.argv[i+1]}'
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam info deviceuserstate')
+    name = f'{deviceuser}/clientStates/{client_id}'
+    result = gapi.call(ci.devices().deviceUsers().clientStates(), 'get',
+                       name=name, customer=customer)
+    display.print_json(result)
+
+
+def update_state():
+    ci = gapi_cloudidentity.build_dwd()
+    gapi_directory_customer.setTrueCustomerId()
+    customer = _get_device_customerid()
+    customer_id = customer[10:]
+    client_id = f'{customer_id}-gam'
+    body = {}
+    i, deviceuser = _get_deviceuser_name()
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'clientid':
+            client_id = f'{customer_id}-{sys.argv[i+1]}'
+            i += 2
+        elif myarg in ['assettag', 'assettags']:
+            body['assetTags'] = gam.shlexSplitList(sys.argv[i+1])
+            if body['assetTags'] == ['clear']:
+                # TODO: this doesn't work to clear
+                # existing values. Figure out why.
+                body['assetTags'] = [None]
+            i += 2
+        elif myarg in ['compliantstate', 'compliancestate']:
+            comp_states = gapi.get_enum_values_minus_unspecified(
+              ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1ClientState']['properties']['complianceState']['enum'])
+            body['complianceState'] = sys.argv[i+1].upper()
+            if body['complianceState'] not in comp_states:
+                controlflow.expected_argument_exit('compliant_state',
+                                                   ', '.join(comp_states),
+                                                   sys.argv[i+1])
+            i += 2
+        elif myarg == 'customid':
+            body['customId'] = sys.argv[i+1]
+            i += 2
+        elif myarg == 'healthscore':
+            health_scores = gapi.get_enum_values_minus_unspecified(
+            ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1ClientState']['properties']['healthScore']['enum'])
+            body['healthScore'] = sys.argv[i+1].upper()
+            if body['healthScore'] == 'CLEAR':
+                body['healthScore'] = None
+            if body['healthScore'] and body['healthScore'] not in health_scores:
+                controlflow.expected_argument_exit('health_score',
+                                                   ', '.join(health_scores),
+                                                   sys.argv[i+1])
+            i += 2
+        elif myarg == 'customvalue':
+            allowed_types = ['bool', 'number', 'string']
+            value_type = sys.argv[i+1].lower()
+            if value_type not in allowed_types:
+                controlflow.expected_argument_exit('custom_value',
+                                                   ', '.join(allowed_types),
+                                                   sys.argv[i+1])
+            key = sys.argv[i+2]
+            value = sys.argv[i+3]
+            if value_type == 'bool':
+                value = gam.getBoolean(value, key)
+            elif value_type == 'number':
+                value = int(value)
+            body.setdefault('keyValuePairs', {})
+            body['keyValuePairs'][key] = {f'{value_type}Value': value}
+            i += 4
+        elif myarg in ['managedstate']:
+            managed_states = gapi.get_enum_values_minus_unspecified(
+              ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1ClientState']['properties']['managed']['enum'])
+            body['managed'] = sys.argv[i+1].upper()
+            if body['managed'] == 'CLEAR':
+                body['managed'] = None
+            if body['managed'] and body['managed'] not in managed_states:
+                controlflow.expected_argument_exit('managed_state',
+                                                   ', '.join(managed_states),
+                                                   sys.argv[i+1])
+            i += 2
+        elif myarg in ['scorereason']:
+            body['scoreReason'] = sys.argv[i+1]
+            if body['scoreReason'] == 'clear':
+                body['scoreReason'] = None
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam update deviceuserstate')
+    name = f'{deviceuser}/clientStates/{client_id}'
+    updateMask = ','.join(body.keys())
+    result = gapi.call(ci.devices().deviceUsers().clientStates(), 'patch',
+                       name=name, customer=customer, updateMask=updateMask, body=body)
+    display.print_json(result)
+
+
+def print_():
+    ci = gapi_cloudidentity.build_dwd()
+    customer = _get_device_customerid()
+    parent = 'devices/-'
+    device_filter = None
+    get_device_users = True
+    view = None
+    orderByList = []
+    titles = []
+    csvRows = []
+    todrive = False
+    sortHeaders = False
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in ['filter', 'query']:
+            device_filter = sys.argv[i+1]
+            i += 2
+        elif myarg == 'company':
+            view = 'COMPANY_INVENTORY'
+            i += 1
+        elif myarg == 'personal':
+            view = 'USER_ASSIGNED_DEVICES'
+            i += 1
+        elif myarg == 'nocompanydevices':
+            view = 'USER_ASSIGNED_DEVICES'
+            i += 1
+        elif myarg == 'nopersonaldevices':
+            view = 'COMPANY_INVENTORY'
+            i += 1
+        elif myarg == 'nodeviceusers':
+            get_device_users = False
+            i += 1
+        elif myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg == 'orderby':
+            fieldName = sys.argv[i + 1].lower()
+            i += 2
+            if fieldName in DEVICE_ORDERBY_CHOICES_MAP:
+                fieldName = DEVICE_ORDERBY_CHOICES_MAP[fieldName]
+                orderBy = ''
+                if i < len(sys.argv):
+                    orderBy = sys.argv[i].lower()
+                    if orderBy in SORTORDER_CHOICES_MAP:
+                        orderBy = SORTORDER_CHOICES_MAP[orderBy]
+                        i += 1
+                if orderBy != 'DESCENDING':
+                    orderByList.append(fieldName)
+                else:
+                    orderByList.append(f'{fieldName} desc')
+            else:
+                controlflow.expected_argument_exit(
+                    'orderby', ', '.join(sorted(DEVICE_ORDERBY_CHOICES_MAP)),
+                    fieldName)
+        elif myarg == 'sortheaders':
+            sortHeaders = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam print devices')
+    view_name_map = {
+      None: 'Devices',
+      'COMPANY_INVENTORY': 'Company Devices',
+      'USER_ASSIGNED_DEVICES': 'Personal Devices',
+      }
+    if orderByList:
+        orderBy = ','.join(orderByList)
+    else:
+        orderBy = None
+    devices = []
+    page_message = gapi.got_total_items_msg(view_name_map[view], '...\n')
+    devices += gapi.get_all_pages(ci.devices(), 'list', 'devices',
+        customer=customer, page_message=page_message,
+        pageSize=100, filter=device_filter, view=view, orderBy=orderBy)
+    if get_device_users:
+        page_message = gapi.got_total_items_msg('Device Users', '...\n')
+        device_users = gapi.get_all_pages(ci.devices().deviceUsers(), 'list',
+            'deviceUsers', customer=customer, parent=parent,
+            page_message=page_message, pageSize=20, filter=device_filter)
+        for device_user in device_users:
+            for device in devices:
+                if device_user.get('name').startswith(device.get('name')):
+                    if 'users' not in device:
+                        device['users'] = []
+                    device['users'].append(device_user)
+                    break
+    for device in devices:
+        device = utils.flatten_json(device)
+        for a_key in device:
+            if a_key not in titles:
+                titles.append(a_key)
+        csvRows.append(device)
+    if sortHeaders:
+        display.sort_csv_titles(['name',], titles)
+    display.write_csv_file(csvRows, titles, 'Devices', todrive)
+
+
+def sync():
+    ci = gapi_cloudidentity.build_dwd()
+    device_types = gapi.get_enum_values_minus_unspecified(
+        ci._rootDesc['schemas']['GoogleAppsCloudidentityDevicesV1Device']['properties']['deviceType']['enum'])
+    customer = _get_device_customerid()
+    device_filter = None
+    csv_file = None
+    serialnumber_column = 'serialNumber'
+    devicetype_column = 'deviceType'
+    static_devicetype = None
+    assettag_column = None
+    unassigned_missing_action = 'delete'
+    assigned_missing_action = 'donothing'
+    missing_actions = ['delete', 'wipe', 'donothing']
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg in ['filter', 'query']:
+          device_filter = sys.argv[i+1]
+          i += 2
+        elif myarg == 'csvfile':
+          csv_file = sys.argv[i+1]
+          i += 2
+        elif myarg == 'serialnumbercolumn':
+          serialnumber_column = sys.argv[i+1]
+          i += 2
+        elif myarg == 'devicetypecolumn':
+          devicetype_column = sys.argv[i+1]
+          i += 2
+        elif myarg == 'staticdevicetype':
+          static_devicetype = sys.argv[i+1].upper()
+          if static_devicetype not in device_types:
+                controlflow.expected_argument_exit('device_type',
+                                                   ', '.join(device_types),
+                                                   sys.argv[i+1])
+          i += 2
+        elif myarg in {'assettagcolumn', 'assetidcolumn'}:
+          assettag_column = sys.argv[i+1]
+          i += 2
+        elif myarg == 'unassignedmissingaction':
+          unassigned_missing_action = sys.argv[i+1].lower().replace('_', '')
+          if unassigned_missing_action not in missing_actions:
+              controlflow.expected_argument_exit('unassigned_missing_action',
+                                                   ', '.join(missing_actions),
+                                                   sys.argv[i+1])
+          i += 2
+        elif myarg == 'assignedmissingaction':
+          assigned_missing_action = sys.argv[i+1].lower().replace('_', '')
+          if assigned_missing_action not in missing_actions:
+              controlflow.expected_argument_exit('assigned_missing_action',
+                                                   ', '.join(missing_actions),
+                                                   sys.argv[i+1])
+          i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam sync devices')
+    if not csv_file:
+        controlflow.system_error_exit(
+            3, 'csvfile is a required argument for "gam sync devices".')
+    f = fileutils.open_file(csv_file)
+    input_file = csv.DictReader(f, restval='')
+    if serialnumber_column not in input_file.fieldnames:
+        controlflow.csv_field_error_exit(serialnumber_column, input_file.fieldnames)
+    if not static_devicetype and devicetype_column not in input_file.fieldnames:
+        controlflow.csv_field_error_exit(devicetype_column, input_file.fieldnames)
+    if assettag_column and assettag_column not in input_file.fieldnames:
+        controlflow.csv_field_error_exit(assettag_column, input_file.fieldnames)
+    local_devices = []
+    for row in input_file:
+        # upper() is very important to comparison since Google
+        # always return uppercase serials
+        local_device = {'serialNumber': row[serialnumber_column].strip().upper()}
+        if static_devicetype:
+            local_device['deviceType'] = static_devicetype
+        else:
+            local_device['deviceType'] = row[devicetype_column].strip()
+        if assettag_column:
+            local_device['assetTag'] = row[assettag_column].strip()
+        local_devices.append(local_device)
+    fileutils.close_file(f)
+    page_message = gapi.got_total_items_msg('Company Devices', '...\n')
+    device_fields = ['serialNumber', 'deviceType', 'lastSyncTime', 'name']
+    if assettag_column:
+       device_fields.append('assetTag')
+    fields = f'nextPageToken,devices({",".join(device_fields)})'
+    remote_devices = gapi.get_all_pages(ci.devices(), 'list', 'devices',
+            customer=customer, page_message=page_message,
+            pageSize=100, filter=device_filter, view='COMPANY_INVENTORY', fields=fields)
+    remote_device_map = {}
+    for remote_device in remote_devices:
+        sn = remote_device['serialNumber']
+        last_sync = remote_device.pop('lastSyncTime', NEVER_TIME_NOMS)
+        name = remote_device.pop('name')
+        remote_device_map[sn] = {'name': name}
+        if last_sync == NEVER_TIME_NOMS:
+            remote_device_map[sn]['unassigned'] = True
+    devices_to_add = [device for device in local_devices if device not in remote_devices]
+    missing_devices = [device for device in remote_devices if device not in local_devices]
+    print(f'Need to add {len(devices_to_add)} and remove {len(missing_devices)} devices...')
+    for add_device in devices_to_add:
+        print(f'Creating {add_device["serialNumber"]}')
+        try:
+            result = gapi.call(ci.devices(), 'create', customer=customer,
+              throw_reasons=[gapi_errors.ErrorReason.FOUR_O_NINE], body=add_device)
+            print(f' created {result["response"]["deviceType"]} device {result["response"]["name"]} with serial {result["response"]["serialNumber"]}')
+        except googleapiclient.errors.HttpError:
+            print(f' {add_device["serialNumber"]} already exists')
+    for missing_device in missing_devices:
+        sn = missing_device['serialNumber']
+        name = remote_device_map[sn]['name']
+        unassigned = remote_device_map[sn].get('unassigned')
+        action = unassigned_missing_action if unassigned else assigned_missing_action
+        if action == 'donothing':
+            pass
+        else:
+            if action == 'delete':
+                kwargs = {'customer': customer}
+            else:
+                kwargs = {'body': {'customer': customer}}
+            gapi.call(ci.devices(), action,
+                name=name, **kwargs)
+            print(f'{action}d {sn}')

src/gam/gapi/cloudidentity/groups.py

@@ -0,0 +1,841 @@
+import sys
+
+import googleapiclient
+
+import gam
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam import utils
+from gam.gapi import errors as gapi_errors
+from gam.gapi import cloudidentity as gapi_cloudidentity
+from gam.gapi.directory import customer as gapi_directory_customer
+
+
+def create():
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
+    initialGroupConfig = 'EMPTY'
+    gapi_directory_customer.setTrueCustomerId()
+    parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
+    body = {
+        'groupKey': {
+            'id': gam.normalizeEmailAddressOrUID(sys.argv[3], noUid=True)
+        },
+        'parent': parent,
+        'labels': {
+            'cloudidentity.googleapis.com/groups.discussion_forum': ''
+        },
+    }
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'name':
+            body['displayName'] = sys.argv[i + 1]
+            i += 2
+        elif myarg == 'description':
+            body['description'] = sys.argv[i + 1]
+            i += 2
+        elif myarg in ['alias', 'aliases']:
+            # As of 2020/06/25 this doesn't work (yet?)
+            aliases = sys.argv[i + 1].split(' ')
+            body['additionalGroupKeys'] = []
+            for alias in aliases:
+                body['additionalGroupKeys'].append({'id': alias})
+            i += 2
+        elif myarg in ['dynamic']:
+            # As of 2020/06/25 this doesn't work (yet?)
+            body['dynamicGroupMetadata'] = {
+                'queries': [{
+                    'query': sys.argv[i + 1],
+                    'resourceType': 'USER'
+                }]
+            }
+            i += 2
+        elif myarg in ['makeowner']:
+            initialGroupConfig = 'WITH_INITIAL_OWNER'
+            i += 1
+        else:
+            print('should not get here')
+            sys.exit(5)
+    print(f'Creating group {body["groupKey"]["id"]}')
+    gapi.call(ci.groups(),
+              'create',
+              initialGroupConfig=initialGroupConfig,
+              body=body)
+
+
+def delete():
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
+    group = sys.argv[3]
+    name = group_email_to_id(ci, group)
+    print(f'Deleting group {group}')
+    gapi.call(ci.groups(), 'delete', name=name)
+
+
+def info():
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
+    group = gam.normalizeEmailAddressOrUID(sys.argv[3])
+    getUsers = True
+    showJoinDate = True
+    showUpdateDate = False
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'nousers':
+            getUsers = False
+            i += 1
+        elif myarg == 'nojoindate':
+            showJoinDate = False
+            i += 1
+        elif myarg == 'showupdatedate':
+            showUpdateDate = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(myarg, 'gam info cigroup')
+    name = group_email_to_id(ci, group)
+    basic_info = gapi.call(ci.groups(), 'get', name=name)
+    display.print_json(basic_info)
+    if getUsers:
+        if not showJoinDate and not showUpdateDate:
+            view = 'BASIC'
+            pageSize = 1000
+        else:
+            view = 'FULL'
+            pageSize = 500
+        members = gapi.get_all_pages(ci.groups().memberships(),
+                                     'list',
+                                     'memberships',
+                                     parent=name,
+                                     fields='*',
+                                     pageSize=pageSize,
+                                     view=view)
+        print('Members:')
+        for member in members:
+            role = get_single_role(member.get('roles', [])).lower()
+            email = member.get('memberKey', {}).get('id')
+            jc_string = ''
+            if showJoinDate:
+                joined = member.get('createTime', 'Unknown')
+                jc_string += f'  joined {joined}'
+            if showUpdateDate:
+                updated = member.get('updateTime', 'Unknown')
+                jc_string += f'  updated {updated}'
+            print(
+                f'{role}: {email}{jc_string}'
+                # f' {member.get("role", ROLE_MEMBER).lower()}: {member.get("email", member["id"])} ({member["type"].lower()})'
+            )
+        print(f'Total {len(members)} users in group')
+
+
+def info_member():
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
+    member = gam.normalizeEmailAddressOrUID(sys.argv[3])
+    group = gam.normalizeEmailAddressOrUID(sys.argv[4])
+    group_name = gapi.call(ci.groups(),
+                           'lookup',
+                           groupKey_id=group,
+                           fields='name').get('name')
+    member_name = gapi.call(ci.groups().memberships(),
+                            'lookup',
+                            parent=group_name,
+                            memberKey_id=member,
+                            fields='name').get('name')
+    member_details = gapi.call(ci.groups().memberships(),
+                               'get',
+                               name=member_name)
+    display.print_json(member_details)
+
+
+UPDATE_GROUP_SUBCMDS = ['add', 'clear', 'delete', 'remove', 'sync', 'update']
+GROUP_ROLES_MAP = {
+    'owner': ROLE_OWNER,
+    'owners': ROLE_OWNER,
+    'manager': ROLE_MANAGER,
+    'managers': ROLE_MANAGER,
+    'member': ROLE_MEMBER,
+    'members': ROLE_MEMBER,
+}
+
+
+def print_():
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
+    i = 3
+    members = membersCountOnly = managers = managersCountOnly = owners = ownersCountOnly = False
+    gapi_directory_customer.setTrueCustomerId()
+    parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
+    usemember = None
+    memberDelimiter = '\n'
+    todrive = False
+    titles = []
+    csvRows = []
+    roles = []
+    sortHeaders = False
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg == 'enterprisemember':
+            member = gam.convertUIDtoEmailAddress(sys.argv[i + 1], email_types=['user', 'group'])
+            usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
+            i += 2
+        elif myarg == 'delimiter':
+            memberDelimiter = sys.argv[i + 1]
+            i += 2
+        elif myarg == 'sortheaders':
+            sortHeaders = True
+            i += 1
+        elif myarg in ['members', 'memberscount']:
+            roles.append(ROLE_MEMBER)
+            members = True
+            if myarg == 'memberscount':
+                membersCountOnly = True
+            i += 1
+        elif myarg in ['owners', 'ownerscount']:
+            roles.append(ROLE_OWNER)
+            owners = True
+            if myarg == 'ownerscount':
+                ownersCountOnly = True
+            i += 1
+        elif myarg in ['managers', 'managerscount']:
+            roles.append(ROLE_MANAGER)
+            managers = True
+            if myarg == 'managerscount':
+                managersCountOnly = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam print cigroups')
+    if roles:
+        if members:
+            display.add_titles_to_csv_file([
+                'MembersCount',
+            ], titles)
+            if not membersCountOnly:
+                display.add_titles_to_csv_file([
+                    'Members',
+                ], titles)
+        if managers:
+            display.add_titles_to_csv_file([
+                'ManagersCount',
+            ], titles)
+            if not managersCountOnly:
+                display.add_titles_to_csv_file([
+                    'Managers',
+                ], titles)
+        if owners:
+            display.add_titles_to_csv_file([
+                'OwnersCount',
+            ], titles)
+            if not ownersCountOnly:
+                display.add_titles_to_csv_file([
+                    'Owners',
+                ], titles)
+    gam.printGettingAllItems('Groups', usemember)
+    page_message = gapi.got_total_items_first_last_msg('Groups')
+    if usemember:
+        try:
+            result = gapi.get_all_pages(ci.groups().memberships(),
+                                        'searchTransitiveGroups',
+                                        'memberships',
+                                        throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O],
+                                        page_message=page_message,
+                                        message_attribute=['groupKey', 'id'],
+                                        parent='groups/-', query=usemember,
+                                        fields='nextPageToken,memberships(group,groupKey(id),relationType)',
+                                        pageSize=1000)
+        except googleapiclient.errors.HttpError:
+            controlflow.system_error_exit(
+                2,
+                f'enterprisemember requires Enterprise license')
+        entityList = []
+        for entity in result:
+            if entity['relationType'] == 'DIRECT':
+                entityList.append(gapi.call(ci.groups(), 'get', name=entity['group']))
+    else:
+        entityList = gapi.get_all_pages(ci.groups(),
+                                        'list',
+                                        'groups',
+                                        page_message=page_message,
+                                        message_attribute=['groupKey', 'id'],
+                                        parent=parent,
+                                        view='FULL',
+                                        pageSize=500)
+    i = 0
+    count = len(entityList)
+    for groupEntity in entityList:
+        i += 1
+        groupEmail = groupEntity['groupKey']['id']
+        for k, v in iter(groupEntity.pop('labels', {}).items()):
+            if v == '':
+                groupEntity[f'labels.{k}'] = True
+            else:
+                groupEntity[f'labels.{k}'] = v
+        group = utils.flatten_json(groupEntity)
+        for a_key in group:
+            if a_key not in titles:
+                titles.append(a_key)
+        groupKey_id = groupEntity['name']
+        if roles:
+            sys.stderr.write(
+                f' Getting {roles} for {groupEmail}{gam.currentCountNL(i, count)}'
+            )
+            page_message = gapi.got_total_items_first_last_msg('Members')
+            validRoles, _, _ = gam._getRoleVerification(
+                '.'.join(roles), 'nextPageToken,members(email,id,role)')
+            groupMembers = gapi.get_all_pages(ci.groups().memberships(),
+                                              'list',
+                                              'memberships',
+                                              page_message=page_message,
+                                              message_attribute=['memberKey', 'id'],
+                                              soft_errors=True,
+                                              parent=groupKey_id,
+                                              view='BASIC')
+            if members:
+                membersList = []
+                membersCount = 0
+            if managers:
+                managersList = []
+                managersCount = 0
+            if owners:
+                ownersList = []
+                ownersCount = 0
+            for member in groupMembers:
+                member_email = member['memberKey']['id']
+                role = get_single_role(member.get('roles'))
+                if not validRoles or role in validRoles:
+                    if role == ROLE_MEMBER:
+                        if members:
+                            membersCount += 1
+                            if not membersCountOnly:
+                                membersList.append(member_email)
+                    elif role == ROLE_MANAGER:
+                        if managers:
+                            managersCount += 1
+                            if not managersCountOnly:
+                                managersList.append(member_email)
+                    elif role == ROLE_OWNER:
+                        if owners:
+                            ownersCount += 1
+                            if not ownersCountOnly:
+                                ownersList.append(member_email)
+                    elif members:
+                        membersCount += 1
+                        if not membersCountOnly:
+                            membersList.append(member_email)
+            if members:
+                group['MembersCount'] = membersCount
+                if not membersCountOnly:
+                    group['Members'] = memberDelimiter.join(membersList)
+            if managers:
+                group['ManagersCount'] = managersCount
+                if not managersCountOnly:
+                    group['Managers'] = memberDelimiter.join(managersList)
+            if owners:
+                group['OwnersCount'] = ownersCount
+                if not ownersCountOnly:
+                    group['Owners'] = memberDelimiter.join(ownersList)
+        csvRows.append(group)
+    if sortHeaders:
+        display.sort_csv_titles([
+            'name', 'groupKey.id'
+        ], titles)
+    display.write_csv_file(csvRows, titles, 'Groups', todrive)
+
+
+def print_members():
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
+    todrive = False
+    gapi_directory_customer.setTrueCustomerId()
+    parent = f'customers/{GC_Values[GC_CUSTOMER_ID]}'
+    usemember = None
+    roles = []
+    titles = ['group']
+    csvRows = []
+    groups_to_get = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg in ['role', 'roles']:
+            for role in sys.argv[i + 1].lower().replace(',', ' ').split():
+                if role in GROUP_ROLES_MAP:
+                    roles.append(GROUP_ROLES_MAP[role])
+                else:
+                    controlflow.system_error_exit(
+                        2,
+                        f'{role} is not a valid role for "gam print group-members {myarg}"'
+                    )
+            i += 2
+        elif myarg == 'enterprisemember':
+            member = gam.convertUIDtoEmailAddress(sys.argv[i + 1], email_types=['user', 'group'])
+            usemember = f"member_key_id == '{member}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels"
+            i += 2
+        elif myarg in ['cigroup', 'cigroups']:
+            group_email = gam.normalizeEmailAddressOrUID(sys.argv[i + 1])
+            groups_to_get = [group_email]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam print cigroup-members')
+    if not groups_to_get:
+        gam.printGettingAllItems('Groups', usemember)
+        page_message = gapi.got_total_items_first_last_msg('Groups')
+        if usemember:
+            try:
+                groups_to_get = gapi.get_all_pages(ci.groups().memberships(),
+                                                   'searchTransitiveGroups',
+                                                   'memberships',
+                                                   throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O],
+                                                   message_attribute=['groupKey', 'id'],
+                                                   page_message=page_message,
+                                                   parent='groups/-', query=usemember,
+                                                   pageSize=1000,
+                                                   fields='nextPageToken,memberships(groupKey(id),relationType)')
+            except googleapiclient.errors.HttpError:
+                controlflow.system_error_exit(
+                        2,
+                        f'enterprisemember requires Enterprise license')
+            groups_to_get = [group['groupKey']['id'] for group in groups_to_get if group['relationType'] == 'DIRECT']
+        else:
+            groups_to_get = gapi.get_all_pages(
+                ci.groups(),
+                'list',
+                'groups',
+                message_attribute=['groupKey', 'id'],
+                page_message=page_message,
+                parent=parent,
+                view='BASIC',
+                pageSize=1000,
+                fields='nextPageToken,groups(groupKey(id))')
+            groups_to_get = [group['groupKey']['id'] for group in groups_to_get]
+    i = 0
+    count = len(groups_to_get)
+    for group_email in groups_to_get:
+        i += 1
+
+        sys.stderr.write(
+            f'Getting members for {group_email}{gam.currentCountNL(i, count)}')
+        group_id = group_email_to_id(ci, group_email)
+        print(f'Getting members of cigroup {group_email}...')
+        page_message = f' {gapi.got_total_items_first_last_msg("Members")}'
+        group_members = gapi.get_all_pages(
+            ci.groups().memberships(),
+            'list',
+            'memberships',
+            soft_errors=True,
+            parent=group_id,
+            view='FULL',
+            pageSize=500,
+            page_message=page_message,
+            message_attribute=['memberKey', 'id'])
+        #fields='nextPageToken,memberships(memberKey,roles,createTime,updateTime)')
+        if roles:
+            group_members = filter_members_to_roles(group_members, roles)
+        for member in group_members:
+            # reduce role to a single value
+            member['role'] = get_single_role(member.pop('roles'))
+            member = utils.flatten_json(member)
+            for title in member:
+                if title not in titles:
+                    titles.append(title)
+            member['group'] = group_email
+            csvRows.append(member)
+    display.write_csv_file(csvRows, titles, 'Group Members', todrive)
+
+
+def update():
+
+    # Convert foo@googlemail.com to foo@gmail.com; eliminate periods in name for foo.bar@gmail.com
+    def _cleanConsumerAddress(emailAddress, mapCleanToOriginal):
+        atLoc = emailAddress.find('@')
+        if atLoc > 0:
+            if emailAddress[atLoc + 1:] in ['gmail.com', 'googlemail.com']:
+                cleanEmailAddress = emailAddress[:atLoc].replace(
+                    '.', '') + '@gmail.com'
+                if cleanEmailAddress != emailAddress:
+                    mapCleanToOriginal[cleanEmailAddress] = emailAddress
+                    return cleanEmailAddress
+        return emailAddress
+
+    def _getRoleAndUsers():
+        checkSuspended = None
+        role = ROLE_MEMBER
+        expireTime = None
+        i = 5
+        if sys.argv[i].lower() in GROUP_ROLES_MAP:
+            role = GROUP_ROLES_MAP[sys.argv[i].lower()]
+            i += 1
+        if sys.argv[i].lower() in ['suspended', 'notsuspended']:
+            checkSuspended = sys.argv[i].lower() == 'suspended'
+            i += 1
+        if sys.argv[i].lower() in ['expire', 'expires']:
+            if role != ROLE_MEMBER:
+                controlflow.invalid_argument_exit(
+                    sys.argv[i], f'role {role}')
+            expireTime = utils.get_time_or_delta_from_now(sys.argv[i+1])
+            i += 2
+        if sys.argv[i].lower() in usergroup_types:
+            users_email = gam.getUsersToModify(entity_type=sys.argv[i].lower(),
+                                               entity=sys.argv[i + 1],
+                                               checkSuspended=checkSuspended,
+                                               groupUserMembersOnly=False)
+        else:
+            users_email = [
+                gam.normalizeEmailAddressOrUID(sys.argv[i],
+                                               checkForCustomerId=True)
+            ]
+        return (role, expireTime, users_email)
+
+    ci = gapi_cloudidentity.build('cloudidentity_beta')
+    group = sys.argv[3]
+    myarg = sys.argv[4].lower()
+    items = []
+    if myarg in UPDATE_GROUP_SUBCMDS:
+        group = gam.normalizeEmailAddressOrUID(group)
+        if group.startswith('groups/'):
+            parent = group
+        else:
+            parent = group_email_to_id(ci, group)
+        if not parent:
+            return
+        if myarg == 'add':
+            role, expireTime, users_email = _getRoleAndUsers()
+            if len(users_email) > 1:
+                sys.stderr.write(
+                    f'Group: {group}, Will add {len(users_email)} {role}s.\n')
+                for user_email in users_email:
+                    item = [
+                        'gam', 'update', 'cigroup', f'id:{parent}', 'add', role,
+                    ]
+                    if expireTime:
+                        item.extend(['expires', expireTime])
+                    item.append(user_email)
+                    items.append(item)
+            elif len(users_email) > 0:
+                body = {
+                    'memberKey': {
+                        'id': users_email[0]
+                    },
+                    'roles': [{
+                        'name': ROLE_MEMBER
+                    }]
+                }
+                if role != ROLE_MEMBER:
+                    body['roles'].append({'name': role})
+                elif expireTime not in {None, NEVER_TIME}:
+                    for role in body['roles']:
+                        if role['name'] == ROLE_MEMBER:
+                            role['expiryDetail'] = {'expireTime': expireTime}
+                add_text = [f'as {role}']
+                for i in range(2):
+                    try:
+                        gapi.call(
+                            ci.groups().memberships(),
+                            'create',
+                            throw_reasons=[
+                                gapi_errors.ErrorReason.FOUR_O_NINE,
+                                gapi_errors.ErrorReason.MEMBER_NOT_FOUND,
+                                gapi_errors.ErrorReason.RESOURCE_NOT_FOUND,
+                                gapi_errors.ErrorReason.INVALID_MEMBER,
+                                gapi_errors.ErrorReason.
+                                CYCLIC_MEMBERSHIPS_NOT_ALLOWED
+                            ],
+                            parent=parent,
+                            body=body)
+                        print(
+                            f' Group: {group}, {users_email[0]} Added {" ".join(add_text)}'
+                        )
+                        break
+                    except (gapi_errors.GapiMemberNotFoundError,
+                            gapi_errors.GapiResourceNotFoundError,
+                            gapi_errors.GapiInvalidMemberError,
+                            gapi_errors.GapiCyclicMembershipsNotAllowedError
+                           ) as e:
+                        print(
+                            f' Group: {group}, {users_email[0]} Add {" ".join(add_text)} Failed: {str(e)}'
+                        )
+                        break
+        elif myarg == 'sync':
+            syncMembersSet = set()
+            syncMembersMap = {}
+            role, expireTime, users_email = _getRoleAndUsers()
+            for user_email in users_email:
+                if user_email in ('*', GC_Values[GC_CUSTOMER_ID]):
+                    syncMembersSet.add(GC_Values[GC_CUSTOMER_ID])
+                else:
+                    syncMembersSet.add(
+                        _cleanConsumerAddress(user_email.lower(),
+                                              syncMembersMap))
+            currentMembersSet = set()
+            currentMembersMap = {}
+            for current_email in gam.getUsersToModify(
+                    entity_type='cigroup',
+                    entity=group,
+                    member_type=role,
+                    groupUserMembersOnly=False):
+                if current_email == GC_Values[GC_CUSTOMER_ID]:
+                    currentMembersSet.add(current_email)
+                else:
+                    currentMembersSet.add(
+                        _cleanConsumerAddress(current_email.lower(),
+                                              currentMembersMap))
+            to_add = [
+                syncMembersMap.get(emailAddress, emailAddress)
+                for emailAddress in syncMembersSet - currentMembersSet
+            ]
+            to_remove = [
+                currentMembersMap.get(emailAddress, emailAddress)
+                for emailAddress in currentMembersSet - syncMembersSet
+            ]
+            sys.stderr.write(
+                f'Group: {group}, Will add {len(to_add)} and remove {len(to_remove)} {role}s.\n'
+            )
+            for user in to_add:
+                item = ['gam', 'update', 'cigroup', f'id:{parent}', 'add',
+                        role,]
+                if role == ROLE_MEMBER and expireTime not in {None, NEVER_TIME}:
+                    item.extend(['expires', expireTime])
+                item.append(user)
+                items.append(item)
+            for user in to_remove:
+                items.append([
+                    'gam', 'update', 'cigroup', f'id:{parent}', 'remove', user
+                ])
+        elif myarg in ['delete', 'remove']:
+            _, _, users_email = _getRoleAndUsers()
+            if len(users_email) > 1:
+                sys.stderr.write(
+                    f'Group: {group}, Will remove {len(users_email)} emails.\n')
+                for user_email in users_email:
+                    items.append([
+                        'gam', 'update', 'cigroup', f'id:{parent}', 'remove',
+                        user_email
+                    ])
+            elif len(users_email) == 1:
+                name = membership_email_to_id(ci, parent, users_email[0])
+                try:
+                    gapi.call(ci.groups().memberships(),
+                              'delete',
+                              throw_reasons=[
+                                  gapi_errors.ErrorReason.MEMBER_NOT_FOUND,
+                                  gapi_errors.ErrorReason.INVALID_MEMBER
+                              ],
+                              name=name)
+                    print(f' Group: {group}, {users_email[0]} Removed')
+                except (gapi_errors.GapiMemberNotFoundError,
+                        gapi_errors.GapiInvalidMemberError) as e:
+                    print(
+                        f' Group: {group}, {users_email[0]} Remove Failed: {str(e)}'
+                    )
+        elif myarg == 'update':
+            role, expireTime, users_email = _getRoleAndUsers()
+            if len(users_email) > 1:
+                sys.stderr.write(
+                    f'Group: {group}, Will update {len(users_email)} {role}s.\n'
+                )
+                for user_email in users_email:
+                    item = [
+                        'gam', 'update', 'cigroup', f'id:{parent}', 'update',
+                        role,]
+                    if expireTime:
+                        item.extend(['expires', expireTime])
+                    item.append(user_email)
+                    items.append(item)
+            elif len(users_email) > 0:
+                name = membership_email_to_id(ci, parent, users_email[0])
+                preUpdateRoles = []
+                addRoles = []
+                removeRoles = []
+                postUpdateRoles = []
+                member_roles = gapi.call(ci.groups().memberships(),
+                                         'get',
+                                         name=name,
+                                         fields='roles').get('roles', [{'name': ROLE_MEMBER}])
+                current_roles = [crole['name'] for crole in member_roles]
+                # When upgrading role, strip any expiryDetail from member before role changes
+                if role != ROLE_MEMBER:
+                    for crole in member_roles:
+                        if 'expiryDetail' in crole:
+                            preUpdateRoles.append(
+                                {'fieldMask': 'expiryDetail.expireTime',
+                                 'membershipRole': {'name': ROLE_MEMBER,
+                                                    'expiryDetail': {'expireTime': None}}})
+                            break
+                # When downgrading role or simply updating member expireTime, update expiryDetail after role changes
+                elif expireTime:
+                    postUpdateRoles.append(
+                        {'fieldMask': 'expiryDetail.expireTime',
+                         'membershipRole': {'name': role,
+                                            'expiryDetail': {'expireTime':  expireTime if expireTime != NEVER_TIME else None}}})
+                for crole in current_roles:
+                    if crole not in {ROLE_MEMBER, role}:
+                        removeRoles.append(crole)
+                if role not in current_roles:
+                    new_role = {'name': role}
+                    if role == ROLE_MEMBER and expireTime not in {None, NEVER_TIME}:
+                        new_role['expiryDetail'] = {'expireTime': expireTime}
+                        postUpdateRoles = []
+                    addRoles.append(new_role)
+                bodys = []
+                if preUpdateRoles:
+                    bodys.append({'updateRolesParams': preUpdateRoles})
+                if addRoles:
+                    bodys.append({'addRoles': addRoles})
+                if removeRoles:
+                    bodys.append({'removeRoles': removeRoles})
+                if postUpdateRoles:
+                    bodys.append({'updateRolesParams': postUpdateRoles})
+                for body in bodys:
+                    try:
+                        gapi.call(ci.groups().memberships(),
+                                  'modifyMembershipRoles',
+                                  throw_reasons=[
+                                      gapi_errors.ErrorReason.MEMBER_NOT_FOUND,
+                                      gapi_errors.ErrorReason.INVALID_MEMBER
+                                  ],
+                                  name=name,
+                                  body=body)
+                    except (gapi_errors.GapiMemberNotFoundError,
+                            gapi_errors.GapiInvalidMemberError) as e:
+                        print(
+                            f' Group: {group}, {users_email[0]} Update to {role} Failed: {str(e)}'
+                        )
+                        break
+                print(
+                  f' Group: {group}, {users_email[0]} Updated to {role}'
+                )
+
+        else:  # clear
+            roles = []
+            i = 5
+            while i < len(sys.argv):
+                myarg = sys.argv[i].lower()
+                if myarg.upper() in [ROLE_OWNER, ROLE_MANAGER, ROLE_MEMBER]:
+                    roles.append(myarg.upper())
+                    i += 1
+                else:
+                    controlflow.invalid_argument_exit(
+                        sys.argv[i], 'gam update cigroup clear')
+            if not roles:
+                roles = [ROLE_MEMBER]
+            group = gam.normalizeEmailAddressOrUID(group)
+            member_type_message = f'{",".join(roles).lower()}s'
+            sys.stderr.write(
+                f'Getting {member_type_message} of {group} (may take some time for large groups)...\n'
+            )
+            page_message = gapi.got_total_items_msg(f'{member_type_message}',
+                                                    '...')
+            try:
+                result = gapi.get_all_pages(
+                    ci.groups().memberships(),
+                    'list',
+                    'memberships',
+                    page_message=page_message,
+                    throw_reasons=gapi_errors.MEMBERS_THROW_REASONS,
+                    parent=parent,
+                    fields='nextPageToken,memberships(memberKey,roles)')
+                result = filter_members_to_roles(result, roles)
+                if not result:
+                    print('Group already has 0 members')
+                    return
+                users_email = [member['memberKey']['id'] for member in result]
+                sys.stderr.write(
+                    f'Group: {group}, Will remove {len(users_email)} {", ".join(roles).lower()}s.\n'
+                )
+                for user_email in users_email:
+                    items.append([
+                        'gam', 'update', 'cigroup', group, 'remove', user_email
+                    ])
+            except (gapi_errors.GapiGroupNotFoundError,
+                    gapi_errors.GapiDomainNotFoundError,
+                    gapi_errors.GapiInvalidError,
+                    gapi_errors.GapiForbiddenError):
+                gam.entityUnknownWarning('Group', group, 0, 0)
+        if items:
+            gam.run_batch(items)
+    else:
+        i = 4
+        body = {}
+        while i < len(sys.argv):
+            myarg = sys.argv[i].lower().replace('_', '')
+            if myarg == 'name':
+                body['displayName'] = sys.argv[i + 1]
+                i += 2
+            elif myarg == 'description':
+                body['description'] = sys.argv[i + 1]
+                i += 2
+            elif myarg == 'security':
+                body['labels'] = {
+                    'cloudidentity.googleapis.com/groups.security': '',
+                    'cloudidentity.googleapis.com/groups.discussion_forum': ''
+                }
+                i += 1
+            else:
+                controlflow.invalid_argument_exit(sys.argv[i],
+                                                  'gam update cigroup')
+        updateMask = ','.join(body.keys())
+        name = group_email_to_id(ci, group)
+        print(f'Updating group {group}')
+        gapi.call(ci.groups(),
+                  'patch',
+                  updateMask=updateMask,
+                  name=name,
+                  body=body)
+
+
+def group_email_to_id(ci, group, i=0, count=0):
+    group = gam.normalizeEmailAddressOrUID(group)
+    try:
+        return gapi.call(ci.groups(),
+                         'lookup',
+                         throw_reasons=gapi_errors.GROUP_GET_THROW_REASONS,
+                         retry_reasons=gapi_errors.GROUP_GET_RETRY_REASONS,
+                         groupKey_id=group,
+                         fields='name').get('name')
+    except (gapi_errors.GapiGroupNotFoundError,
+            gapi_errors.GapiDomainNotFoundError,
+            gapi_errors.GapiDomainCannotUseApisError,
+            gapi_errors.GapiForbiddenError, gapi_errors.GapiBadRequestError):
+        gam.entityUnknownWarning('Group', group, i, count)
+        return None
+
+
+def membership_email_to_id(ci, parent, membership, i=0, count=0):
+    membership = gam.normalizeEmailAddressOrUID(membership)
+    try:
+        return gapi.call(ci.groups().memberships(),
+                         'lookup',
+                         throw_reasons=gapi_errors.GROUP_GET_THROW_REASONS,
+                         retry_reasons=gapi_errors.GROUP_GET_RETRY_REASONS,
+                         parent=parent,
+                         memberKey_id=membership,
+                         fields='name').get('name')
+    except (gapi_errors.GapiGroupNotFoundError,
+            gapi_errors.GapiDomainNotFoundError,
+            gapi_errors.GapiDomainCannotUseApisError,
+            gapi_errors.GapiForbiddenError, gapi_errors.GapiBadRequestError):
+        gam.entityUnknownWarning('Membership', membership, i, count)
+        return None
+
+
+def get_single_role(roles):
+    ''' returns the highest role of member '''
+    roles = [role.get('name') for role in roles]
+    if not roles:
+        return ROLE_MEMBER
+    for a_role in [ROLE_OWNER, ROLE_MANAGER, ROLE_MEMBER]:
+        if a_role in roles:
+            return a_role
+    return roles[0]
+
+
+def filter_members_to_roles(members, roles):
+    filtered_members = []
+    for member in members:
+        role = get_single_role(member.get('roles', []))
+        if role in roles:
+            filtered_members.append(member)
+    return filtered_members

src/gam/gapi/cloudidentity/userinvitations.py

@@ -0,0 +1,207 @@
+"""Methods related to Cloud Identity User Invitation API"""
+import sys
+from urllib.parse import quote_plus
+
+import googleapiclient
+
+import gam
+from gam.var import GC_CUSTOMER_ID, GC_Values, MY_CUSTOMER, SORTORDER_CHOICES_MAP
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.gapi import errors as gapi_errors
+from gam.gapi import cloudidentity as gapi_cloudidentity
+
+def _get_customerid():
+    ''' returns customer in "customers/(C){customer_id}' format needed for this API'''
+    customer = GC_Values[GC_CUSTOMER_ID]
+    if customer != MY_CUSTOMER and customer[0] != 'C':
+        customer = 'C' + customer
+    return f'customers/{customer}'
+
+def _reduce_name(name):
+    ''' converts long name into email address'''
+    return name.split('/')[-1]
+
+def is_invitable_user(email):
+    '''return email isInvitableUser'''
+    svc = gapi_cloudidentity.build_dwd('cloudidentity_beta')
+    customer = _get_customerid()
+    encoded_email = quote_plus(email)
+    name = f'{customer}/userinvitations/{encoded_email}'
+    return gapi.call(svc.customers().userinvitations(), 'isInvitableUser',
+                     name=name)['isInvitableUser']
+
+
+def _generic_action(action):
+    '''generic function to call actionable APIs'''
+    svc = gapi_cloudidentity.build_dwd('cloudidentity_beta')
+    customer = _get_customerid()
+    email = sys.argv[3].lower()
+    encoded_email = quote_plus(email)
+    name = f'{customer}/userinvitations/{encoded_email}'
+    action_map = {
+            'cancel': 'Cancelling',
+            'send': 'Sending'
+            }
+    print_action = action_map[action]
+    print(f'{print_action} user invitation...')
+    result = gapi.call(svc.customers().userinvitations(), action,
+            name=name)
+    name = result.get('response', {}).get('name')
+    if name:
+        result['response']['name'] = _reduce_name(name)
+    display.print_json(result)
+
+def _generic_get(get_type):
+    '''generic function to call read data APIs'''
+    svc = gapi_cloudidentity.build_dwd('cloudidentity_beta')
+    customer = _get_customerid()
+    email = sys.argv[3].lower()
+    encoded_email = quote_plus(email)
+    name = f'{customer}/userinvitations/{encoded_email}'
+    result = gapi.call(svc.customers().userinvitations(), get_type,
+            name=name)
+    if 'name' in result:
+        result['name'] = _reduce_name(result['name'])
+    display.print_json(result)
+
+
+# /batch is broken for Cloud Identity. Once fixed move this to using batch.
+# Current serial implementation will be SLOW...
+def bulk_is_invitable(emails):
+    '''gam <users> check isinvitable'''
+    def _invitation_result(request_id, response, _):
+        if response.get('isInvitableUser'):
+            rows.append({'invitableUsers': request_id})
+
+    svc = gapi_cloudidentity.build_dwd('cloudidentity_beta')
+    customer = _get_customerid()
+    todrive = False
+    #batch_size = 1000
+    #ebatch = svc.new_batch_http_request(callback=_invitation_result)
+    rows = []
+    throw_reasons = [gapi_errors.ErrorReason.FOUR_O_THREE]
+    for email in emails:
+        encoded_email = quote_plus(email)
+        name = f'{customer}/userinvitations/{encoded_email}'
+        endpoint = svc.customers().userinvitations()
+        #if len(ebatch._order) == batch_size:
+        #    ebatch.execute()
+        #    ebatch = svc.new_batch_http_request(callback=_invitation_result)
+        #req = endpoint.isInvitableUser(name=name)
+        #ebatch.add(req, request_id=email)
+        try:
+            result = gapi.call(endpoint,
+                               'isInvitableUser',
+                               throw_reasons=throw_reasons,
+                               name=name)
+        except googleapiclient.errors.HttpError:
+            continue
+        if result.get('isInvitableUser'):
+            rows.append({'invitableUsers': email})
+    #ebatch.execute()
+    titles = ['invitableUsers']
+    display.write_csv_file(rows, titles, 'Invitable Users', todrive)
+
+
+def cancel():
+    '''gam cancel userinvitation <email>'''
+    _generic_action('cancel')
+
+
+def get():
+    '''gam info userinvitation <email>'''
+    _generic_get('get')
+
+
+def check():
+    '''gam check userinvitation <email>'''
+    _generic_get('isInvitableUser')
+
+
+def send():
+    '''gam send userinvitation <email>'''
+    _generic_action('send')
+
+
+USERINVITATION_ORDERBY_CHOICES_MAP = {
+    'email': 'email',
+    'updatetime': 'update_time',
+    }
+
+USERINVITATION_STATE_CHOICES_MAP = {
+    'accepted': 'ACCEPTED',
+    'declined': 'DECLINED',
+    'invited': 'INVITED',
+    'notyetsent': 'NOT_YET_SENT',
+    }
+
+def print_():
+    '''gam print userinvitations'''
+    svc = gapi_cloudidentity.build_dwd('cloudidentity_beta')
+    customer = _get_customerid()
+    todrive = False
+    titles = ['name', 'state', 'updateTime']
+    rows = []
+    filter_ = None
+    orderByList = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'state':
+            state = sys.argv[i + 1].lower().replace('_', '')
+            if state in USERINVITATION_STATE_CHOICES_MAP:
+                filter_ = f"state=='{USERINVITATION_STATE_CHOICES_MAP[state]}'"
+            else:
+                controlflow.expected_argument_exit('state',
+                                                   ', '.join(USERINVITATION_STATE_CHOICES_MAP),
+                                                   state)
+            i += 2
+        elif myarg == 'orderby':
+            fieldName = sys.argv[i + 1].lower()
+            i += 2
+            if fieldName in USERINVITATION_ORDERBY_CHOICES_MAP:
+                fieldName = USERINVITATION_ORDERBY_CHOICES_MAP[fieldName]
+                orderBy = ''
+                if i < len(sys.argv):
+                    orderBy = sys.argv[i].lower()
+                    if orderBy in SORTORDER_CHOICES_MAP:
+                        orderBy = SORTORDER_CHOICES_MAP[orderBy]
+                        i += 1
+                if orderBy != 'DESCENDING':
+                    orderByList.append(fieldName)
+                else:
+                    orderByList.append(f'{fieldName} desc')
+            else:
+                controlflow.expected_argument_exit(
+                    'orderby', ', '.join(sorted(USERINVITATION_ORDERBY_CHOICES_MAP)),
+                    fieldName)
+        elif myarg == 'todrive':
+            todrive = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam print userinvitations')
+    if orderByList:
+        orderBy = ' '.join(orderByList)
+    else:
+        orderBy = None
+    gam.printGettingAllItems('User Invitations', filter_)
+    page_message = gapi.got_total_items_msg('User Invitations', '...\n')
+    invitations = gapi.get_all_pages(svc.customers().userinvitations(),
+                                'list',
+                                'userInvitations',
+                                page_message=page_message,
+                                parent=customer,
+                                filter=filter_,
+                                orderBy=orderBy)
+    for invitation in invitations:
+        invitation['name'] = _reduce_name(invitation['name'])
+        row = {}
+        for key, val in invitation.items():
+            if key not in titles:
+                titles.append(key)
+            row[key] = val
+        rows.append(row)
+    display.write_csv_file(rows, titles, 'User Invitations', todrive)

src/gam/gapi/contactdelegation.py

@@ -0,0 +1,96 @@
+"""Contact Delegation API calls"""
+
+import sys
+
+import gam
+from gam.gapi.directory import users as gapi_directory_users
+from gam import controlflow
+from gam import display
+from gam import gapi
+
+
+def build():
+    return gam.buildGAPIObject('contactdelegation')
+
+
+def create(users):
+    condel = build()
+    delegate = gam.normalizeEmailAddressOrUID(sys.argv[5])
+    delegate = gapi_directory_users.get_primary(delegate)
+    if not delegate:
+        controlflow.system_error_exit(5,
+                                      f'{sys.argv[5]} is not the primary address of a user.')
+    body = {'email': delegate}
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        print(
+            f'Granting {delegate} contact delegate access to {user}{gam.currentCount(i, count)}'
+        )
+        gapi.call(condel.delegates(),
+                  'create',
+                  soft_errors=True,
+                  user=user,
+                  body=body)
+
+
+def delete(users):
+    condel = build()
+    delegate = gam.normalizeEmailAddressOrUID(sys.argv[5])
+    delegate = gapi_directory_users.get_primary(delegate)
+    if not delegate:
+        controlflow.system_error_exit(5,
+                                      f'{sys.argv[5]} is not the primary address of a user.')
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        print(
+            f'Deleting {delegate} contact delegate access to {user}{gam.currentCount(i, count)}'
+        )
+        gapi.call(condel.delegates(),
+                  'delete',
+                  soft_errors=True,
+                  user=user,
+                  delegate=delegate)
+
+
+def print_(users, csvFormat):
+    condel = build()
+    if csvFormat:
+        todrive = False
+        csv_rows = []
+        titles = ['User', 'delegateAddress']
+    else:
+        csvStyle = False
+    i = 5
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if not csvFormat and myarg == 'csv':
+            csvStyle = True
+            i += 1
+        elif csvFormat and myarg == 'todrive':
+            todrive = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam print contactdelegation')
+    page_message = gapi.got_total_items_msg('Contact Delegates', '...\n')
+    for user in users:
+        delegates = gapi.get_all_pages(condel.delegates(), 'list',
+                                       'delegates',
+                                       page_message=page_message,
+                                       user=user)
+        for delegate in delegates:
+            if csvFormat:
+                csv_rows.append({'User': user, 'delegateAddress': delegate['email']})
+            else:
+                if csvStyle:
+                    print(f'{user},{delegate["email"]}')
+                else:
+                    print(
+                        f'Delegator: {user}\n  Delegate Email: {delegate["email"]}\n'
+                    )
+    if csvFormat:
+        display.write_csv_file(csv_rows, titles, 'Contact Delegates', todrive)

src/gam/gapi/directory/__init__.py

@@ -1,5 +1,5 @@
 import gam
 
 
-def buildGAPIObject():
+def build():
     return gam.buildGAPIObject('directory')

src/gam/gapi/directory/asps.py

@@ -0,0 +1,57 @@
+import sys
+
+from gam.var import *
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+from gam import utils
+
+
+def info(users):
+    cd = gapi_directory.build()
+    for user in users:
+        asps = gapi.get_items(cd.asps(), 'list', 'items', userKey=user)
+        if asps:
+            print(f'Application-Specific Passwords for {user}')
+            for asp in asps:
+                if asp['creationTime'] == '0':
+                    created_date = 'Unknown'
+                else:
+                    created_date = utils.formatTimestampYMDHMS(
+                        asp['creationTime'])
+                if asp['lastTimeUsed'] == '0':
+                    used_date = 'Never'
+                else:
+                    last_used = asp['lastTimeUsed']
+                    used_date = utils.formatTimestampYMDHMS(last_used)
+                print(f' ID: {asp["codeId"]}\n' \
+                      f'  Name: {asp["name"]}\n' \
+                      f'  Created: {created_date}\n' \
+                      f'  Last Used: {used_date}\n')
+        else:
+            print(f' no ASPs for {user}\n')
+
+
+def delete(users, cd=None, codeIdList=None):
+    if not cd:
+        cd = gapi_directory.build()
+    if not codeIdList:
+        codeIdList = sys.argv[5].lower()
+    if codeIdList == 'all':
+        allCodeIds = True
+    else:
+        allCodeIds = False
+        codeIds = codeIdList.replace(',', ' ').split()
+    for user in users:
+        if allCodeIds:
+            print(f'Getting Application Specific Passwords for {user}')
+            asps = gapi.get_items(cd.asps(),
+                                  'list',
+                                  'items',
+                                  userKey=user,
+                                  fields='items/codeId')
+            codeIds = [asp['codeId'] for asp in asps]
+        if not codeIds:
+            print('No ASPs')
+        for codeId in codeIds:
+            gapi.call(cd.asps(), 'delete', userKey=user, codeId=codeId)
+            print(f'deleted ASP {codeId} for {user}')

src/gam/gapi/directory/cros.py

@@ -1,4 +1,10 @@
 import datetime
+import json
+import os
+import sys
+import time
+
+import googleapiclient
 
 from gam.var import *
 import gam
@@ -7,11 +13,101 @@ from gam import display
 from gam import fileutils
 from gam import gapi
 from gam.gapi import directory as gapi_directory
+from gam.gapi import errors as gapi_errors
+from gam.gapi.directory import orgunits as gapi_directory_orgunits
 from gam import utils
 
 
+def _display_cros_command_result(cd, device_id, command_id, times_to_check_status):
+    print(f'deviceId: {device_id}, commandId: {command_id}')
+    final_states = {'EXPIRED', 'CANCELLED', 'EXECUTED_BY_CLIENT'}
+    for _ in range(0, times_to_check_status):
+        time.sleep(2)
+        result = gapi.call(cd.customer().devices().chromeos().commands(), 'get',
+            customerId=GC_Values[GC_CUSTOMER_ID], deviceId=device_id,
+            commandId=command_id)
+        display.print_json(result)
+        if result.get('state') in final_states:
+            return
+
+def issue_command():
+    cd = gapi_directory.build()
+    i, devices = getCrOSDeviceEntity(3, cd)
+    body = {}
+    valid_commands = gapi.get_enum_values_minus_unspecified(
+            cd._rootDesc['schemas']
+            ['DirectoryChromeosdevicesIssueCommandRequest']
+            ['properties']['commandType']['enum'])
+    command_map = {}
+    for valid_command in valid_commands:
+        v = valid_command.lower().replace('_', '')
+        command_map[v] = valid_command
+    times_to_check_status = 1
+    doit = False
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'command':
+             command = sys.argv[i+1].lower().replace('_', '')
+             if command not in command_map:
+                 controlflow.system_error_exit(2, f'expected command of ' \
+                     f'{", ".join(valid_commands)} got {command}')
+             body['commandType'] = command_map[command]
+             i += 2
+             if command == 'setvolume':
+                 body['payload'] = json.dumps({'volume': sys.argv[i]})
+                 i += 1
+        elif myarg == 'timestocheckstatus':
+            times_to_check_status = int(sys.argv[i+1])
+            i += 2
+        elif myarg == 'doit':
+            doit = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam issuecommand cros')
+    if 'commandType' not in body:
+        controlflow.missing_argument_exit('command <CrOSCommand>', 'gam issuecommand cros')
+    if body['commandType'] == 'WIPE_USERS' and not doit:
+        controlflow.system_error_exit(2, 'wipe_users command requires admin ' \
+            'acknowledge user data will be destroyed with the ' \
+            'doit argument')
+    if body['commandType'] == 'REMOTE_POWERWASH' and not doit:
+        controlflow.system_error_exit(2, 'remote_powerwash command requires ' \
+            'admin acknowledge user data will be destroyed, device will need' \
+            ' to be reconnected to WiFi and re-enrolled with the doit argument')
+    for device_id in devices:
+        try:
+            result = gapi.call(cd.customer().devices().chromeos(), 'issueCommand',
+                  customerId=GC_Values[GC_CUSTOMER_ID], deviceId=device_id,
+                  throw_reasons=[gapi_errors.ErrorReason.FOUR_O_O],
+                  body=body)
+        except googleapiclient.errors.HttpError:
+            controlflow.system_error_exit(4, '400 response from Google. This ' \
+              'usually indicates the devices was not in a state where it will' \
+              ' accept the command. For example, reboot, set_volume and take_a_screenshot' \
+              ' require the device to be in auto-start kiosk app mode.')
+        command_id = result.get('commandId')
+        _display_cros_command_result(cd, device_id, command_id, times_to_check_status)
+
+def get_command():
+    cd = gapi_directory.build()
+    i, devices = getCrOSDeviceEntity(3, cd)
+    command_id = None
+    times_to_check_status = 1
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'commandid':
+            command_id = sys.argv[i+1]
+            i += 2
+        elif myarg == 'timestocheckstatus':
+            times_to_check_status = int(sys.argv[i+1])
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam getcommand cros')
+    for device_id in devices:
+        _display_cros_command_result(cd, device_id, command_id, times_to_check_status)
+
 def doUpdateCros():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     i, devices = getCrOSDeviceEntity(3, cd)
     update_body = {}
     action_body = {}
@@ -32,7 +128,7 @@ def doUpdateCros():
             update_body['annotatedAssetId'] = sys.argv[i + 1]
             i += 2
         elif myarg in ['ou', 'org']:
-            orgUnitPath = gam.getOrgUnitItem(sys.argv[i + 1])
+            orgUnitPath = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
             i += 2
         elif myarg == 'action':
             action = sys.argv[i + 1].lower().replace('_', '').replace('-', '')
@@ -52,11 +148,15 @@ def doUpdateCros():
             elif action in ['deprovisionretiringdevice']:
                 action = 'deprovision'
                 deprovisionReason = 'retiring_device'
+            elif action == 'deprovisionupgradetransfer':
+                action = 'deprovision'
+                deprovisionReason = 'upgrade_transfer'
             elif action not in ['disable', 'reenable']:
                 controlflow.system_error_exit(2, f'expected action of ' \
                     f'deprovision_same_model_replace, ' \
                     f'deprovision_different_model_replace, ' \
-                    f'deprovision_retiring_device, disable or reenable,'
+                    f'deprovision_retiring_device, ' \
+                    f'deprovision_upgrade_transfer, disable or reenable,'
                     f' got {action}')
             action_body = {'action': action}
             if deprovisionReason:
@@ -120,7 +220,7 @@ def doUpdateCros():
 
 
 def doGetCrosInfo():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     i, devices = getCrOSDeviceEntity(3, cd)
     downloadfile = None
     targetFolder = GC_Values[GC_DRIVE_DIR]
@@ -296,9 +396,10 @@ def doGetCrosInfo():
                         temp_label = tempInfo['label'].strip()
                         temperature = tempInfo['temperature']
                         print(f'        {temp_label}: {temperature}')
-                    pct_info = cpuStatusReport['cpuUtilizationPercentageInfo']
-                    util = ','.join([str(x) for x in pct_info])
-                    print(f'      cpuUtilizationPercentageInfo: {util}')
+                    if 'cpuUtilizationPercentageInfo' in cpuStatusReport:
+                        pct_info = cpuStatusReport['cpuUtilizationPercentageInfo']
+                        util = ','.join([str(x) for x in pct_info])
+                        print(f'      cpuUtilizationPercentageInfo: {util}')
             diskVolumeReports = cros.get('diskVolumeReports', [])
             lenDVR = len(diskVolumeReports)
             if lenDVR:
@@ -330,7 +431,7 @@ def doGetCrosInfo():
 
 
 def doPrintCrosActivity():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     todrive = False
     titles = [
         'deviceId', 'annotatedAssetId', 'annotatedLocation', 'serialNumber',
@@ -354,7 +455,7 @@ def doPrintCrosActivity():
             queries = gam.getQueries(myarg, sys.argv[i + 1])
             i += 2
         elif myarg == 'limittoou':
-            orgUnitPath = gam.getOrgUnitItem(sys.argv[i + 1])
+            orgUnitPath = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
             i += 2
         elif myarg == 'todrive':
             todrive = True
@@ -501,7 +602,7 @@ def doPrintCrosDevices():
         elif myarg in CROS_SYSTEM_RAM_FREE_REPORTS_ARGUMENTS:
             selectedLists['systemRamFreeReports'] = True
 
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     todrive = False
     fieldsList = []
     fieldsTitles = {}
@@ -522,7 +623,7 @@ def doPrintCrosDevices():
             queries = gam.getQueries(myarg, sys.argv[i + 1])
             i += 2
         elif myarg == 'limittoou':
-            orgUnitPath = gam.getOrgUnitItem(sys.argv[i + 1])
+            orgUnitPath = gapi_directory_orgunits.getOrgUnitItem(sys.argv[i + 1])
             i += 2
         elif myarg == 'todrive':
             todrive = True
@@ -733,16 +834,16 @@ def doPrintCrosDevices():
                 if i < lenCSR:
                     nrow['cpuStatusReports.reportTime'] = \
                         cpuStatusReports[i]['reportTime']
-                    tempInfos = cpuStatusReports[i].get('cpuTemperatureInfo',
-                                                        [])
+                    tempInfos = cpuStatusReports[i].get('cpuTemperatureInfo', [])
                     for tempInfo in tempInfos:
                         label = tempInfo['label'].strip()
                         base = 'cpuStatusReports.cpuTemperatureInfo.'
                         nrow[f'{base}{label}'] = tempInfo['temperature']
                     cpu_field = 'cpuUtilizationPercentageInfo'
-                    cpu_reports = cpuStatusReports[i][cpu_field]
-                    cpu_pcts = [str(x) for x in cpu_reports]
-                    nrow[f'cpuStatusReports.{cpu_field}'] = ','.join(cpu_pcts)
+                    if cpu_field in cpuStatusReports[i]:
+                        cpu_reports = cpuStatusReports[i][cpu_field]
+                        cpu_pcts = [str(x) for x in cpu_reports]
+                        nrow[f'cpuStatusReports.{cpu_field}'] = ','.join(cpu_pcts)
                 if i < lenDVR:
                     volumeInfo = diskVolumeReports[i]['volumeInfo']
                     j = 0

src/gam/gapi/directory/customer.py

@@ -1,5 +1,6 @@
 import datetime
 
+import gam
 from gam.var import *
 from gam import controlflow
 from gam import gapi
@@ -7,18 +8,25 @@ from gam.gapi import directory as gapi_directory
 from gam.gapi import reports as gapi_reports
 
 
+def _get_customerid():
+    customer = GC_Values[GC_CUSTOMER_ID]
+    if customer != MY_CUSTOMER and customer[0] != 'C':
+        customer = 'C' + customer
+    return customer
+
 def doGetCustomerInfo():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
+    customer_id = _get_customerid()
     customer_info = gapi.call(cd.customers(),
                               'get',
-                              customerKey=GC_Values[GC_CUSTOMER_ID])
+                              customerKey=customer_id)
     print(f'Customer ID: {customer_info["id"]}')
     print(f'Primary Domain: {customer_info["customerDomain"]}')
     try:
         result = gapi.call(
             cd.domains(),
             'get',
-            customer=customer_info['id'],
+            customer=customer_id,
             domainName=customer_info['customerDomain'],
             fields='verified',
             throw_reasons=[gapi.errors.ErrorReason.DOMAIN_NOT_FOUND])
@@ -34,7 +42,7 @@ def doGetCustomerInfo():
     domains = gapi.get_items(cd.domains(),
                              'list',
                              'domains',
-                             customer=GC_Values[GC_CUSTOMER_ID],
+                             customer=customer_id,
                              fields='domains(creationTime)')
     for domain in domains:
         creation_timestamp = int(domain['creationTime']) / 1000
@@ -56,9 +64,9 @@ def doGetCustomerInfo():
         'accounts:num_users': 'Total Users',
         'accounts:gsuite_basic_total_licenses': 'G Suite Basic Licenses',
         'accounts:gsuite_basic_used_licenses': 'G Suite Basic Users',
-        'accounts:gsuite_enterprise_total_licenses': 'G Suite Enterprise ' \
+        'accounts:gsuite_enterprise_total_licenses': 'Workspace Enterprise Plus ' \
         'Licenses',
-        'accounts:gsuite_enterprise_used_licenses': 'G Suite Enterprise ' \
+        'accounts:gsuite_enterprise_used_licenses': 'Workspace Enterprise Plus ' \
         'Users',
         'accounts:gsuite_unlimited_total_licenses': 'G Suite Business ' \
         'Licenses',
@@ -66,10 +74,10 @@ def doGetCustomerInfo():
     }
     parameters = ','.join(list(user_counts_map))
     tryDate = datetime.date.today().strftime(YYYYMMDD_FORMAT)
-    customerId = GC_Values[GC_CUSTOMER_ID]
-    if customerId == MY_CUSTOMER:
-        customerId = None
-    rep = gapi_reports.buildGAPIObject()
+    reports_customer_id = customer_id
+    if reports_customer_id == MY_CUSTOMER:
+        reports_customer_id = None
+    rep = gapi_reports.build()
     usage = None
     throw_reasons = [
         gapi.errors.ErrorReason.INVALID, gapi.errors.ErrorReason.FORBIDDEN
@@ -79,7 +87,7 @@ def doGetCustomerInfo():
             result = gapi.call(rep.customerUsageReports(),
                                'get',
                                throw_reasons=throw_reasons,
-                               customerId=customerId,
+                               customerId=reports_customer_id,
                                date=tryDate,
                                parameters=parameters)
         except gapi.errors.GapiInvalidError as e:
@@ -108,8 +116,9 @@ def doGetCustomerInfo():
 
 
 def doUpdateCustomer():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     body = {}
+    customer_id = _get_customerid()
     i = 3
     while i < len(sys.argv):
         myarg = sys.argv[i].lower().replace('_', '')
@@ -135,6 +144,19 @@ def doUpdateCustomer():
             'update customer"')
     gapi.call(cd.customers(),
               'patch',
-              customerKey=GC_Values[GC_CUSTOMER_ID],
+              customerKey=customer_id,
               body=body)
     print('Updated customer')
+
+
+def setTrueCustomerId(cd=None):
+    customer_id = GC_Values[GC_CUSTOMER_ID]
+    if customer_id == MY_CUSTOMER:
+        if not cd:
+            cd = gapi_directory.build()
+        result = gapi.call(cd.customers(),
+                           'get',
+                            customerKey=customer_id,
+                            fields='id')
+        GC_Values[GC_CUSTOMER_ID] = result.get('id',
+                                               customer_id)

src/gam/gapi/directory/domainaliases.py

@@ -0,0 +1,76 @@
+import sys
+
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+from gam import utils
+
+
+def create():
+    cd = gapi_directory.build()
+    body = {'domainAliasName': sys.argv[3], 'parentDomainName': sys.argv[4]}
+    print(f'Adding {body["domainAliasName"]} alias for ' \
+       f'{body["parentDomainName"]}')
+    gapi.call(cd.domainAliases(),
+              'insert',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              body=body)
+
+
+def delete():
+    cd = gapi_directory.build()
+    domainAliasName = sys.argv[3]
+    print(f'Deleting domain alias {domainAliasName}')
+    gapi.call(cd.domainAliases(),
+              'delete',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              domainAliasName=domainAliasName)
+
+
+def info():
+    cd = gapi_directory.build()
+    alias = sys.argv[3]
+    result = gapi.call(cd.domainAliases(),
+                       'get',
+                       customer=GC_Values[GC_CUSTOMER_ID],
+                       domainAliasName=alias)
+    if 'creationTime' in result:
+        result['creationTime'] = utils.formatTimestampYMDHMSF(
+            result['creationTime'])
+    display.print_json(result)
+
+
+def print_():
+    cd = gapi_directory.build()
+    todrive = False
+    titles = [
+        'domainAliasName',
+    ]
+    csvRows = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam print domainaliases')
+    results = gapi.call(cd.domainAliases(),
+                        'list',
+                        customer=GC_Values[GC_CUSTOMER_ID])
+    for domainAlias in results['domainAliases']:
+        domainAlias_attributes = {}
+        for attr in domainAlias:
+            if attr in ['kind', 'etag']:
+                continue
+            if attr == 'creationTime':
+                domainAlias[attr] = utils.formatTimestampYMDHMSF(
+                    domainAlias[attr])
+            if attr not in titles:
+                titles.append(attr)
+            domainAlias_attributes[attr] = domainAlias[attr]
+        csvRows.append(domainAlias_attributes)
+    display.write_csv_file(csvRows, titles, 'Domains', todrive)

src/gam/gapi/directory/domains.py

@@ -0,0 +1,124 @@
+import sys
+
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+from gam.gapi.directory import customer as gapi_directory_customer
+from gam import utils
+
+
+def create():
+    cd = gapi_directory.build()
+    domain_name = sys.argv[3]
+    body = {'domainName': domain_name}
+    gapi.call(cd.domains(),
+              'insert',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              body=body)
+    print(f'Added domain {domain_name}')
+
+
+def info():
+    if (len(sys.argv) < 4) or (sys.argv[3] == 'logo'):
+        gapi_directory_customer.doGetCustomerInfo()
+        return
+    cd = gapi_directory.build()
+    domainName = sys.argv[3]
+    result = gapi.call(cd.domains(),
+                       'get',
+                       customer=GC_Values[GC_CUSTOMER_ID],
+                       domainName=domainName)
+    if 'creationTime' in result:
+        result['creationTime'] = utils.formatTimestampYMDHMSF(
+            result['creationTime'])
+    if 'domainAliases' in result:
+        for i in range(0, len(result['domainAliases'])):
+            if 'creationTime' in result['domainAliases'][i]:
+                result['domainAliases'][i][
+                    'creationTime'] = utils.formatTimestampYMDHMSF(
+                        result['domainAliases'][i]['creationTime'])
+    display.print_json(result)
+
+
+def update():
+    cd = gapi_directory.build()
+    domain_name = sys.argv[3]
+    i = 4
+    body = {}
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'primary':
+            body['customerDomain'] = domain_name
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam update domain')
+    gapi.call(cd.customers(),
+              'update',
+              customerKey=GC_Values[GC_CUSTOMER_ID],
+              body=body)
+    print(f'{domain_name} is now the primary domain.')
+
+
+def delete():
+    cd = gapi_directory.build()
+    domainName = sys.argv[3]
+    print(f'Deleting domain {domainName}')
+    gapi.call(cd.domains(),
+              'delete',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              domainName=domainName)
+
+
+def print_():
+    cd = gapi_directory.build()
+    todrive = False
+    titles = [
+        'domainName',
+    ]
+    csvRows = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam print domains')
+    results = gapi.call(cd.domains(),
+                        'list',
+                        customer=GC_Values[GC_CUSTOMER_ID])
+    for domain in results.get('domains', []):
+        domain_attributes = {}
+        domain['type'] = ['secondary', 'primary'][domain['isPrimary']]
+        for attr in domain:
+            if attr in ['kind', 'etag', 'domainAliases', 'isPrimary']:
+                continue
+            if attr in [
+                    'creationTime',
+            ]:
+                domain[attr] = utils.formatTimestampYMDHMSF(domain[attr])
+            if attr not in titles:
+                titles.append(attr)
+            domain_attributes[attr] = domain[attr]
+        csvRows.append(domain_attributes)
+        if 'domainAliases' in domain:
+            for aliasdomain in domain['domainAliases']:
+                aliasdomain['domainName'] = aliasdomain['domainAliasName']
+                del aliasdomain['domainAliasName']
+                aliasdomain['type'] = 'alias'
+                aliasdomain_attributes = {}
+                for attr in aliasdomain:
+                    if attr in ['kind', 'etag']:
+                        continue
+                    if attr in [
+                            'creationTime',
+                    ]:
+                        aliasdomain[attr] = utils.formatTimestampYMDHMSF(
+                            aliasdomain[attr])
+                    if attr not in titles:
+                        titles.append(attr)
+                    aliasdomain_attributes[attr] = aliasdomain[attr]
+                csvRows.append(aliasdomain_attributes)
+    display.write_csv_file(csvRows, titles, 'Domains', todrive)

src/gam/gapi/directory/mobiledevices.py

@@ -0,0 +1,237 @@
+import sys
+import uuid
+
+import gam
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+from gam import utils
+
+
+def delete():
+    cd = gapi_directory.build()
+    resourceId = sys.argv[3]
+    gapi.call(cd.mobiledevices(),
+              'delete',
+              resourceId=resourceId,
+              customerId=GC_Values[GC_CUSTOMER_ID])
+
+
+
+def info():
+    cd = gapi_directory.build()
+    resourceId = sys.argv[3]
+    device_info = gapi.call(cd.mobiledevices(),
+                            'get',
+                            customerId=GC_Values[GC_CUSTOMER_ID],
+                            resourceId=resourceId)
+    if 'deviceId' in device_info:
+        device_info['deviceId'] = device_info['deviceId'].encode('unicode-escape').decode(
+            UTF8)
+    attrib = 'securityPatchLevel'
+    if attrib in device_info and int(device_info[attrib]):
+        device_info[attrib] = utils.formatTimestampYMDHMS(device_info[attrib])
+    display.print_json(device_info)
+
+
+
+def print_():
+    cd = gapi_directory.build()
+    todrive = False
+    titles = []
+    csvRows = []
+    fields = None
+    projection = orderBy = sortOrder = None
+    queries = [None]
+    delimiter = ' '
+    listLimit = 1
+    appsLimit = -1
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg in ['query', 'queries']:
+            queries = gam.getQueries(myarg, sys.argv[i + 1])
+            i += 2
+        elif myarg == 'delimiter':
+            delimiter = sys.argv[i + 1]
+            i += 2
+        elif myarg == 'listlimit':
+            listLimit = gam.getInteger(sys.argv[i + 1], myarg, minVal=-1)
+            i += 2
+        elif myarg == 'appslimit':
+            appsLimit = gam.getInteger(sys.argv[i + 1], myarg, minVal=-1)
+            i += 2
+        elif myarg == 'fields':
+            fields = f'nextPageToken,mobiledevices({sys.argv[i+1]})'
+            i += 2
+        elif myarg == 'orderby':
+            orderBy = sys.argv[i + 1].lower()
+            validOrderBy = [
+                'deviceid', 'email', 'lastsync', 'model', 'name', 'os',
+                'status', 'type'
+            ]
+            if orderBy not in validOrderBy:
+                controlflow.expected_argument_exit('orderby',
+                                                   ', '.join(validOrderBy),
+                                                   orderBy)
+            if orderBy == 'lastsync':
+                orderBy = 'lastSync'
+            elif orderBy == 'deviceid':
+                orderBy = 'deviceId'
+            i += 2
+        elif myarg in SORTORDER_CHOICES_MAP:
+            sortOrder = SORTORDER_CHOICES_MAP[myarg]
+            i += 1
+        elif myarg in PROJECTION_CHOICES_MAP:
+            projection = PROJECTION_CHOICES_MAP[myarg]
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam print mobile')
+    for query in queries:
+        gam.printGettingAllItems('Mobile Devices', query)
+        page_message = gapi.got_total_items_msg('Mobile Devices', '...\n')
+        all_mobile = gapi.get_all_pages(cd.mobiledevices(),
+                                        'list',
+                                        'mobiledevices',
+                                        page_message=page_message,
+                                        customerId=GC_Values[GC_CUSTOMER_ID],
+                                        query=query,
+                                        projection=projection,
+                                        fields=fields,
+                                        orderBy=orderBy,
+                                        sortOrder=sortOrder)
+        for mobile in all_mobile:
+            row = {}
+            for attrib in mobile:
+                if attrib in ['kind', 'etag']:
+                    continue
+                if attrib in ['name', 'email', 'otherAccountsInfo']:
+                    if attrib not in titles:
+                        titles.append(attrib)
+                    if listLimit > 0:
+                        row[attrib] = delimiter.join(
+                            mobile[attrib][0:listLimit])
+                    elif listLimit == 0:
+                        row[attrib] = delimiter.join(mobile[attrib])
+                elif attrib == 'applications':
+                    if appsLimit >= 0:
+                        if attrib not in titles:
+                            titles.append(attrib)
+                        applications = []
+                        j = 0
+                        for app in mobile[attrib]:
+                            j += 1
+                            if appsLimit and (j > appsLimit):
+                                break
+                            appDetails = []
+                            for field in [
+                                    'displayName', 'packageName', 'versionName'
+                            ]:
+                                appDetails.append(app.get(field, '<None>'))
+                            appDetails.append(
+                                str(app.get('versionCode', '<None>')))
+                            permissions = app.get('permission', [])
+                            if permissions:
+                                appDetails.append('/'.join(permissions))
+                            else:
+                                appDetails.append('<None>')
+                            applications.append('-'.join(appDetails))
+                        row[attrib] = delimiter.join(applications)
+                else:
+                    if attrib not in titles:
+                        titles.append(attrib)
+                    if attrib == 'deviceId':
+                        row[attrib] = mobile[attrib].encode(
+                            'unicode-escape').decode(UTF8)
+                    elif attrib == 'securityPatchLevel' and int(mobile[attrib]):
+                        row[attrib] = utils.formatTimestampYMDHMS(
+                            mobile[attrib])
+                    else:
+                        row[attrib] = mobile[attrib]
+            csvRows.append(row)
+    display.sort_csv_titles(
+        ['resourceId', 'deviceId', 'serialNumber', 'name', 'email', 'status'],
+        titles)
+    display.write_csv_file(csvRows, titles, 'Mobile', todrive)
+
+
+def update():
+    cd = gapi_directory.build()
+    resourceIds = sys.argv[3]
+    match_users = None
+    doit = False
+    if resourceIds[:6] == 'query:':
+        query = resourceIds[6:]
+        fields = 'nextPageToken,mobiledevices(resourceId,email)'
+        page_message = gapi.got_total_items_msg('Mobile Devices', '...\n')
+        devices = gapi.get_all_pages(cd.mobiledevices(),
+                                     'list',
+                                     page_message=page_message,
+                                     customerId=GC_Values[GC_CUSTOMER_ID],
+                                     items='mobiledevices',
+                                     query=query,
+                                     fields=fields)
+    else:
+        devices = [{'resourceId': resourceIds, 'email': ['not set']}]
+        doit = True
+    i = 4
+    body = {}
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'action':
+            body['action'] = sys.argv[i + 1].lower()
+            validActions = [
+                'wipe', 'wipeaccount', 'accountwipe', 'wipe_account',
+                'account_wipe', 'approve', 'block',
+                'cancel_remote_wipe_then_activate',
+                'cancel_remote_wipe_then_block'
+            ]
+            if body['action'] not in validActions:
+                controlflow.expected_argument_exit('action',
+                                                   ', '.join(validActions),
+                                                   body['action'])
+            if body['action'] == 'wipe':
+                body['action'] = 'admin_remote_wipe'
+            elif body['action'].replace('_',
+                                        '') in ['accountwipe', 'wipeaccount']:
+                body['action'] = 'admin_account_wipe'
+            i += 2
+        elif myarg in ['ifusers', 'matchusers']:
+            match_users = gam.getUsersToModify(entity_type=sys.argv[i + 1].lower(),
+                                           entity=sys.argv[i + 2])
+            i += 3
+        elif myarg == 'doit':
+            doit = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam update mobile')
+    if body:
+        if doit:
+            print(f'Updating {len(devices)} devices')
+            describe_as = 'Performing'
+        else:
+            print(
+                f'Showing {len(devices)} changes that would be made, not actually making changes because doit argument not specified'
+            )
+            describe_as = 'Would perform'
+        for device in devices:
+            device_user = device.get('email', [''])[0]
+            if match_users and device_user not in match_users:
+                print(
+                    f'Skipping device for user {device_user} that did not match match_users argument'
+                )
+            else:
+                print(
+                    f'{describe_as} {body["action"]} on user {device_user} device {device["resourceId"]}'
+                )
+                if doit:
+                    gapi.call(cd.mobiledevices(),
+                              'action',
+                              resourceId=device['resourceId'],
+                              body=body,
+                              customerId=GC_Values[GC_CUSTOMER_ID])

src/gam/gapi/directory/orgunits.py

@@ -0,0 +1,419 @@
+import sys
+
+import gam
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+from gam.gapi import errors as gapi_errors
+
+
+def create():
+    cd = gapi_directory.build()
+    name = getOrgUnitItem(sys.argv[3], pathOnly=True, absolutePath=False)
+    parent = ''
+    body = {}
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'description':
+            body['description'] = sys.argv[i + 1].replace('\\n', '\n')
+            i += 2
+        elif myarg == 'parent':
+            parent = getOrgUnitItem(sys.argv[i + 1])
+            i += 2
+        elif myarg == 'noinherit':
+            body['blockInheritance'] = True
+            i += 1
+        elif myarg == 'inherit':
+            body['blockInheritance'] = False
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam create org')
+    if parent.startswith('id:'):
+        parent = gapi.call(cd.orgunits(),
+                           'get',
+                           customerId=GC_Values[GC_CUSTOMER_ID],
+                           orgUnitPath=parent,
+                           fields='orgUnitPath')['orgUnitPath']
+    if parent == '/':
+        orgUnitPath = parent + name
+    else:
+        orgUnitPath = parent + '/' + name
+    if orgUnitPath.count('/') > 1:
+        body['parentOrgUnitPath'], body['name'] = orgUnitPath.rsplit('/', 1)
+    else:
+        body['parentOrgUnitPath'] = '/'
+        body['name'] = orgUnitPath[1:]
+    parent = body['parentOrgUnitPath']
+    gapi.call(cd.orgunits(),
+              'insert',
+              customerId=GC_Values[GC_CUSTOMER_ID],
+              body=body,
+              retry_reasons=[gapi_errors.ErrorReason.DAILY_LIMIT_EXCEEDED])
+    print(f'Created OrgUnit {body["name"]}')
+
+
+def delete():
+    cd = gapi_directory.build()
+    name = getOrgUnitItem(sys.argv[3])
+    print(f'Deleting organization {name}')
+    gapi.call(cd.orgunits(),
+              'delete',
+              customerId=GC_Values[GC_CUSTOMER_ID],
+              orgUnitPath=encodeOrgUnitPath(makeOrgUnitPathRelative(name)))
+
+
+def info(name=None, return_attrib=None):
+    cd = gapi_directory.build()
+    checkSuspended = None
+    if not name:
+        name = getOrgUnitItem(sys.argv[3])
+        get_users = True
+        show_children = False
+        i = 4
+        while i < len(sys.argv):
+            myarg = sys.argv[i].lower()
+            if myarg == 'nousers':
+                get_users = False
+                i += 1
+            elif myarg in ['children', 'child']:
+                show_children = True
+                i += 1
+            elif myarg in ['suspended', 'notsuspended']:
+                checkSuspended = myarg == 'suspended'
+                i += 1
+            else:
+                controlflow.invalid_argument_exit(sys.argv[i], 'gam info org')
+    if name == '/':
+        orgs = gapi.call(cd.orgunits(),
+                         'list',
+                         customerId=GC_Values[GC_CUSTOMER_ID],
+                         type='children',
+                         fields='organizationUnits/parentOrgUnitId')
+        if 'organizationUnits' in orgs and orgs['organizationUnits']:
+            name = orgs['organizationUnits'][0]['parentOrgUnitId']
+        else:
+            topLevelOrgId = getTopLevelOrgId(cd, '/')
+            if topLevelOrgId:
+                name = topLevelOrgId
+    else:
+        name = makeOrgUnitPathRelative(name)
+    result = gapi.call(cd.orgunits(),
+                       'get',
+                       customerId=GC_Values[GC_CUSTOMER_ID],
+                       orgUnitPath=encodeOrgUnitPath(name))
+    if return_attrib:
+        return result[return_attrib]
+    display.print_json(result)
+    if get_users:
+        name = result['orgUnitPath']
+        page_message = gapi.got_total_items_first_last_msg('Users')
+        users = gapi.get_all_pages(
+            cd.users(),
+            'list',
+            'users',
+            page_message=page_message,
+            message_attribute='primaryEmail',
+            customer=GC_Values[GC_CUSTOMER_ID],
+            query=orgUnitPathQuery(name, checkSuspended),
+            fields='users(primaryEmail,orgUnitPath),nextPageToken')
+        if checkSuspended is None:
+            print('Users:')
+        elif not checkSuspended:
+            print('Users (Not suspended):')
+        else:
+            print('Users (Suspended):')
+        for user in users:
+            if show_children or (name.lower() == user['orgUnitPath'].lower()):
+                sys.stdout.write(f' {user["primaryEmail"]}')
+                if name.lower() != user['orgUnitPath'].lower():
+                    print(' (child)')
+                else:
+                    print('')
+
+
+def print_():
+    print_order = [
+        'orgUnitPath', 'orgUnitId', 'name', 'description', 'parentOrgUnitPath',
+        'parentOrgUnitId', 'blockInheritance'
+    ]
+    cd = gapi_directory.build()
+    listType = 'all'
+    orgUnitPath = '/'
+    todrive = False
+    fields = ['orgUnitPath', 'name', 'orgUnitId', 'parentOrgUnitId']
+    titles = []
+    csvRows = []
+    parentOrgIds = []
+    retrievedOrgIds = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg == 'toplevelonly':
+            listType = 'children'
+            i += 1
+        elif myarg == 'fromparent':
+            orgUnitPath = getOrgUnitItem(sys.argv[i + 1])
+            i += 2
+        elif myarg == 'allfields':
+            fields = None
+            i += 1
+        elif myarg == 'fields':
+            fields += sys.argv[i + 1].split(',')
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam print orgs')
+    gam.printGettingAllItems('Organizational Units', None)
+    if fields:
+        get_fields = ','.join(fields)
+        list_fields = f'organizationUnits({get_fields})'
+    else:
+        list_fields = None
+        get_fields = None
+    orgs = gapi.call(cd.orgunits(),
+                     'list',
+                     customerId=GC_Values[GC_CUSTOMER_ID],
+                     type=listType,
+                     orgUnitPath=orgUnitPath,
+                     fields=list_fields)
+    if not 'organizationUnits' in orgs:
+        topLevelOrgId = getTopLevelOrgId(cd, orgUnitPath)
+        if topLevelOrgId:
+            parentOrgIds.append(topLevelOrgId)
+        orgunits = []
+    else:
+        orgunits = orgs['organizationUnits']
+    for row in orgunits:
+        retrievedOrgIds.append(row['orgUnitId'])
+        if row['parentOrgUnitId'] not in parentOrgIds:
+            parentOrgIds.append(row['parentOrgUnitId'])
+    missing_parents = set(parentOrgIds) - set(retrievedOrgIds)
+    for missing_parent in missing_parents:
+        try:
+            result = gapi.call(cd.orgunits(),
+                               'get',
+                               throw_reasons=['required'],
+                               customerId=GC_Values[GC_CUSTOMER_ID],
+                               orgUnitPath=missing_parent,
+                               fields=get_fields)
+            orgunits.append(result)
+        except:
+            pass
+    for row in orgunits:
+        orgEntity = {}
+        for key, value in list(row.items()):
+            if key in ['kind', 'etag', 'etags']:
+                continue
+            if key not in titles:
+                titles.append(key)
+            orgEntity[key] = value
+        csvRows.append(orgEntity)
+    for title in titles:
+        if title not in print_order:
+            print_order.append(title)
+    titles = sorted(titles, key=print_order.index)
+    # sort results similar to how they list in admin console
+    csvRows.sort(key=lambda x: x['orgUnitPath'].lower(), reverse=False)
+    display.write_csv_file(csvRows, titles, 'Orgs', todrive)
+
+
+def update():
+    cd = gapi_directory.build()
+    orgUnitPath = getOrgUnitItem(sys.argv[3])
+    if sys.argv[4].lower() in ['move', 'add']:
+        entity_type = sys.argv[5].lower()
+        if entity_type in usergroup_types:
+            users = gam.getUsersToModify(entity_type=entity_type,
+                                         entity=sys.argv[6])
+        else:
+            entity_type = 'users'
+            users = gam.getUsersToModify(entity_type=entity_type,
+                                         entity=sys.argv[5])
+        if (entity_type.startswith('cros')) or (
+            (entity_type == 'all') and (sys.argv[6].lower() == 'cros')):
+            for l in range(0, len(users), 50):
+                move_body = {'deviceIds': users[l:l + 50]}
+                print(
+                    f' moving {len(move_body["deviceIds"])} devices to {orgUnitPath}'
+                )
+                gapi.call(cd.chromeosdevices(),
+                          'moveDevicesToOu',
+                          customerId=GC_Values[GC_CUSTOMER_ID],
+                          orgUnitPath=orgUnitPath,
+                          body=move_body)
+        else:
+            i = 0
+            count = len(users)
+            for user in users:
+                i += 1
+                sys.stderr.write(
+                    f' moving {user} to {orgUnitPath}{gam.currentCountNL(i, count)}'
+                )
+                try:
+                    gapi.call(cd.users(),
+                              'update',
+                              throw_reasons=[
+                                  gapi_errors.ErrorReason.CONDITION_NOT_MET
+                              ],
+                              userKey=user,
+                              body={'orgUnitPath': orgUnitPath})
+                except gapi_errors.GapiConditionNotMetError:
+                    pass
+    else:
+        body = {}
+        i = 4
+        while i < len(sys.argv):
+            myarg = sys.argv[i].lower()
+            if myarg == 'name':
+                body['name'] = sys.argv[i + 1]
+                i += 2
+            elif myarg == 'description':
+                body['description'] = sys.argv[i + 1].replace('\\n', '\n')
+                i += 2
+            elif myarg == 'parent':
+                parent = getOrgUnitItem(sys.argv[i + 1])
+                if parent.startswith('id:'):
+                    body['parentOrgUnitId'] = parent
+                else:
+                    body['parentOrgUnitPath'] = parent
+                i += 2
+            elif myarg == 'noinherit':
+                body['blockInheritance'] = True
+                i += 1
+            elif myarg == 'inherit':
+                body['blockInheritance'] = False
+                i += 1
+            else:
+                controlflow.invalid_argument_exit(sys.argv[i], 'gam update org')
+        gapi.call(cd.orgunits(),
+                  'update',
+                  customerId=GC_Values[GC_CUSTOMER_ID],
+                  orgUnitPath=encodeOrgUnitPath(
+                      makeOrgUnitPathRelative(orgUnitPath)),
+                  body=body)
+
+
+def orgUnitPathQuery(path, checkSuspended):
+    query = "orgUnitPath='{0}'".format(path.replace(
+        "'", "\\'")) if path != '/' else ''
+    if checkSuspended is not None:
+        query += f' isSuspended={checkSuspended}'
+    return query
+
+
+def makeOrgUnitPathAbsolute(path):
+    if path == '/':
+        return path
+    if path.startswith('/'):
+        return path.rstrip('/')
+    if path.startswith('id:'):
+        return path
+    if path.startswith('uid:'):
+        return path[1:]
+    return '/' + path.rstrip('/')
+
+
+def makeOrgUnitPathRelative(path):
+    if path == '/':
+        return path
+    if path.startswith('/'):
+        return path[1:].rstrip('/')
+    if path.startswith('id:'):
+        return path
+    if path.startswith('uid:'):
+        return path[1:]
+    return path.rstrip('/')
+
+
+def encodeOrgUnitPath(path):
+    if path.find('+') == -1 and path.find('%') == -1:
+        return path
+    encpath = ''
+    for c in path:
+        if c == '+':
+            encpath += '%2B'
+        elif c == '%':
+            encpath += '%25'
+        else:
+            encpath += c
+    return encpath
+
+
+def getOrgUnitItem(orgUnit, pathOnly=False, absolutePath=True):
+    if pathOnly and (orgUnit.startswith('id:') or orgUnit.startswith('uid:')):
+        controlflow.system_error_exit(
+            2, f'{orgUnit} is not valid in this context')
+    if absolutePath:
+        return makeOrgUnitPathAbsolute(orgUnit)
+    return makeOrgUnitPathRelative(orgUnit)
+
+
+def getTopLevelOrgId(cd, orgUnitPath):
+    try:
+        # create a temp org so we can learn what the top level org ID is (sigh)
+        temp_org = gapi.call(cd.orgunits(),
+                             'insert',
+                             customerId=GC_Values[GC_CUSTOMER_ID],
+                             body={
+                                 'name': 'temp-delete-me',
+                                 'parentOrgUnitPath': orgUnitPath
+                             },
+                             fields='parentOrgUnitId,orgUnitId')
+        gapi.call(cd.orgunits(),
+                  'delete',
+                  customerId=GC_Values[GC_CUSTOMER_ID],
+                  orgUnitPath=temp_org['orgUnitId'])
+        return temp_org['parentOrgUnitId']
+    except:
+        pass
+    return None
+
+
+def getOrgUnitId(orgUnit, cd=None):
+    if cd is None:
+        cd = gapi_directory.build()
+    orgUnit = getOrgUnitItem(orgUnit)
+    if orgUnit[:3] == 'id:':
+        return (orgUnit, orgUnit)
+    if orgUnit == '/':
+        result = gapi.call(cd.orgunits(),
+                           'list',
+                           customerId=GC_Values[GC_CUSTOMER_ID],
+                           orgUnitPath='/',
+                           type='children',
+                           fields='organizationUnits(parentOrgUnitId)')
+        if result.get('organizationUnits', []):
+            return (orgUnit, result['organizationUnits'][0]['parentOrgUnitId'])
+        topLevelOrgId = getTopLevelOrgId(cd, '/')
+        if topLevelOrgId:
+            return (orgUnit, topLevelOrgId)
+        return (orgUnit, '/')  #Bogus but should never happen
+    result = gapi.call(cd.orgunits(),
+                       'get',
+                       customerId=GC_Values[GC_CUSTOMER_ID],
+                       orgUnitPath=encodeOrgUnitPath(
+                           makeOrgUnitPathRelative(orgUnit)),
+                       fields='orgUnitId')
+    return (orgUnit, result['orgUnitId'])
+
+
+def orgunit_from_orgunitid(orgunitid, cd=None):
+    if cd is None:
+        cd = gapi_directory.build()
+    orgunitpath = GM_Globals[GM_MAP_ORGUNIT_ID_TO_NAME].get(orgunitid)
+    if not orgunitpath:
+        try:
+            orgunitpath = gapi.call(cd.orgunits(),
+                                    'get',
+                                    customerId=GC_Values[GC_CUSTOMER_ID],
+                                    orgUnitPath=f'id:{orgunitid}' if not orgunitid.startswith('id:') else orgunitid,
+                                    fields='orgUnitPath')['orgUnitPath']
+        except:
+            orgunitpath = orgunitid
+        GM_Globals[GM_MAP_ORGUNIT_ID_TO_NAME][orgunitid] = orgunitpath
+    return orgunitpath

src/gam/gapi/directory/printers.py

@@ -0,0 +1,187 @@
+'''Commands to manage directory printers.'''
+# pylint: disable=unused-wildcard-import wildcard-import
+
+import sys
+
+import gam
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.var import *
+from gam.gapi import directory as gapi_directory
+from gam.gapi.directory import orgunits as gapi_directory_orgunits
+
+
+def _get_customerid():
+    ''' returns customer in "customers/C{customer}" format needed for this API'''
+    customer = GC_Values[GC_CUSTOMER_ID]
+    if customer != MY_CUSTOMER and customer[0] != 'C':
+        customer = 'C' + customer
+    return f'customers/{customer}'
+
+def _get_printer_attributes(i, cdapi=None):
+    '''get printer attributes for create/update commands'''
+    body = {}
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'description':
+            body['description'] = sys.argv[i+1]
+            i += 2
+        elif myarg == 'displayname':
+            body['displayName'] = sys.argv[i+1]
+            i += 2
+        elif myarg == 'makeandmodel':
+            body['makeAndModel'] = sys.argv[i+1]
+            i += 2
+        elif myarg in ['ou', 'org', 'orgunit', 'orgunitid']:
+            _, body['orgUnitId'] = gapi_directory_orgunits.getOrgUnitId(sys.argv[i+1], cdapi)
+            body['orgUnitId'] = body['orgUnitId'][3:]
+            i += 2
+        elif myarg == 'uri':
+            body['uri'] = sys.argv[i+1]
+            i += 2
+        elif myarg in {'driverless', 'usedriverlessconfig'}:
+            body['useDriverlessConfig'] = True
+            i += 1
+    return body
+
+
+def create():
+    '''gam create printer'''
+    cdapi = gapi_directory.build()
+    parent = _get_customerid()
+    body = _get_printer_attributes(3, cdapi)
+    result = gapi.call(cdapi.customers().chrome().printers(),
+                        'create',
+                        parent=parent,
+                        body=body)
+    display.print_json(result)
+
+
+def delete():
+    '''gam delete printer <PrinterIDList>|(file <FileName>)|(csvfile <FileName>:<FieldName>)'''
+    cdapi = gapi_directory.build()
+    customer_id = _get_customerid()
+    printer_id = sys.argv[3]
+    if printer_id.lower() not in {'file', 'csvfile'}:
+        printer_ids = printer_id.replace(',', ' ').split()
+    else:
+        printer_ids = gam.getUsersToModify(f'cros{printer_id.lower()}', sys.argv[4])
+    # max 50 per API call
+    batch_size = 50
+    for chunk in range(0, len(printer_ids), batch_size):
+        body = {
+                 'printerIds': printer_ids[chunk:chunk + batch_size]
+               }
+        result = gapi.call(cdapi.customers().chrome().printers(),
+                           'batchDeletePrinters',
+                           parent=customer_id,
+                           body=body)
+        for printer_id in result.get('printerIds', []):
+            print(f'Deleted printer {printer_id}')
+        for printer_id in result.get('failedPrinters', []):
+            print(f'ERROR: failed to delete {printer_id.get("printerIds")}')
+
+
+def info():
+    '''gam info printer'''
+    cdapi = gapi_directory.build()
+    customer = _get_customerid()
+    printer_id = sys.argv[3]
+    name = f'{customer}/chrome/printers/{printer_id}'
+    printer = gapi.call(cdapi.customers().chrome().printers(),
+                       'get',
+                       name=name)
+    if 'orgUnitId' in printer:
+        printer['orgUnitPath'] = gapi_directory_orgunits.orgunit_from_orgunitid(
+            printer['orgUnitId'], cdapi)
+    display.print_json(printer)
+
+
+def print_():
+    '''gam print printers'''
+    cdapi = gapi_directory.build()
+    parent = _get_customerid()
+    filter_ = None
+    todrive = False
+    titles = []
+    rows = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'filter':
+            filter_ = sys.argv[i+1]
+            i += 2
+        elif myarg == 'todrive':
+            todrive = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam print printermodels')
+    printers = gapi.get_all_pages(cdapi.customers().chrome().printers(),
+                                  'list',
+                                  items='printers',
+                                  parent=parent,
+                                  filter=filter_)
+    for printer in printers:
+        if 'orgUnitId' in printer:
+            printer['orgUnitPath'] = gapi_directory_orgunits.orgunit_from_orgunitid(
+                printer['orgUnitId'], cdapi)
+        row = {}
+        for key, val in printer.items():
+            if key not in titles:
+                titles.append(key)
+            row[key] = val
+        rows.append(row)
+    display.write_csv_file(rows, titles, 'Printers', todrive)
+
+
+def print_models():
+    '''gam print printermodels'''
+    cdapi = gapi_directory.build()
+    parent = _get_customerid()
+    filter_ = None
+    todrive = False
+    titles = []
+    rows = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'filter':
+            filter_ = sys.argv[i+1]
+            i += 2
+        elif myarg == 'todrive':
+            todrive = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam print printermodels')
+    models = gapi.get_all_pages(cdapi.customers().chrome().printers(),
+                                  'listPrinterModels',
+                                  items='printerModels',
+                                  parent=parent,
+                                  pageSize=10000,
+                                  filter=filter_)
+    for model in models:
+        row = {}
+        for key, val in model.items():
+            if key not in titles:
+                titles.append(key)
+            row[key] = val
+        rows.append(row)
+    display.write_csv_file(rows, titles, 'Printer Models', todrive)
+
+
+def update():
+    '''gam update printer'''
+    cdapi = gapi_directory.build()
+    customer = _get_customerid()
+    printer_id = sys.argv[3]
+    name = f'{customer}/chrome/printers/{printer_id}'
+    body = _get_printer_attributes(4, cdapi)
+    update_mask = ','.join(body)
+    # note clearMask seems unnecessary. Updating field to '' clears it.
+    result = gapi.call(cdapi.customers().chrome().printers(),
+                       'patch',
+                       name=name,
+                       updateMask=update_mask,
+                       body=body)
+    display.print_json(result)

src/gam/gapi/directory/privileges.py

@@ -0,0 +1,32 @@
+from gam.var import GC_Values, GC_CUSTOMER_ID
+from gam import display
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+
+
+def flatten_privilege_list(privs, parent=None):
+    flat_privs = []
+    for priv in privs:
+        children = []
+        if parent:
+            priv['parent'] = parent
+        if priv.get('childPrivileges'):
+            children = flatten_privilege_list(priv['childPrivileges'],
+                                              parent=priv['privilegeName'])
+            priv['children'] = ' '.join(
+                [child['privilegeName'] for child in children])
+            del priv['childPrivileges']
+        flat_privs = flat_privs + children
+        flat_privs.append(priv)
+    return flat_privs
+
+
+def print_(return_only=False):
+    cd = gapi_directory.build()
+    privs = gapi.call(cd.privileges(),
+                      'list',
+                      customer=GC_Values[GC_CUSTOMER_ID])
+    privs = flatten_privilege_list(privs.get('items', []))
+    if return_only:
+        return privs
+    display.print_json(privs)

src/gam/gapi/directory/resource.py

@@ -12,7 +12,7 @@ from gam import utils
 
 def printBuildings():
     to_drive = False
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     titles = []
     csvRows = []
     fieldsList = ['buildingId']
@@ -67,7 +67,7 @@ def printBuildings():
 
 
 def printResourceCalendars():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     todrive = False
     fieldsList = []
     fieldsTitles = {}
@@ -182,7 +182,7 @@ RESCAL_ARGUMENT_TO_PROPERTY_MAP = {
 
 def printFeatures():
     to_drive = False
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     titles = []
     csvRows = []
     fieldsList = ['name']
@@ -260,7 +260,7 @@ def _getBuildingAttributes(args, body={}):
 
 
 def createBuilding():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     body = {
         'floorNames': ['1'],
         'buildingId': str(uuid.uuid4()),
@@ -346,7 +346,7 @@ def getBuildingNameById(cd, buildingId):
 
 
 def updateBuilding():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     buildingId = getBuildingByNameOrId(cd, sys.argv[3])
     body = _getBuildingAttributes(sys.argv[4:])
     print(f'Updating building {buildingId}...')
@@ -358,7 +358,7 @@ def updateBuilding():
 
 
 def getBuildingInfo():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     buildingId = getBuildingByNameOrId(cd, sys.argv[3])
     building = gapi.call(cd.resources().buildings(),
                          'get',
@@ -374,7 +374,7 @@ def getBuildingInfo():
 
 
 def deleteBuilding():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     buildingId = getBuildingByNameOrId(cd, sys.argv[3])
     print(f'Deleting building {buildingId}...')
     gapi.call(cd.resources().buildings(),
@@ -397,7 +397,7 @@ def _getFeatureAttributes(args, body={}):
 
 
 def createFeature():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     body = _getFeatureAttributes(sys.argv[3:])
     print(f'Creating feature {body["name"]}...')
     gapi.call(cd.resources().features(),
@@ -410,7 +410,7 @@ def updateFeature():
     # update does not work for name and name is only field to be updated
     # if additional writable fields are added to feature in the future
     # we'll add support for update as well as rename
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     oldName = sys.argv[3]
     body = {'newName': sys.argv[5:]}
     print(f'Updating feature {oldName}...')
@@ -422,7 +422,7 @@ def updateFeature():
 
 
 def deleteFeature():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     featureKey = sys.argv[3]
     print(f'Deleting feature {featureKey}...')
     gapi.call(cd.resources().features(),
@@ -480,7 +480,7 @@ def _getResourceCalendarAttributes(cd, args, body={}):
 
 
 def createResourceCalendar():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     body = {'resourceId': sys.argv[3], 'resourceName': sys.argv[4]}
     body = _getResourceCalendarAttributes(cd, sys.argv[5:], body)
     print(f'Creating resource {body["resourceId"]}...')
@@ -491,7 +491,7 @@ def createResourceCalendar():
 
 
 def updateResourceCalendar():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     resId = sys.argv[3]
     body = _getResourceCalendarAttributes(cd, sys.argv[4:])
     # Use patch since it seems to work better.
@@ -506,7 +506,7 @@ def updateResourceCalendar():
 
 
 def getResourceCalendarInfo():
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     resId = sys.argv[3]
     resource = gapi.call(cd.resources().calendars(),
                          'get',
@@ -526,7 +526,7 @@ def getResourceCalendarInfo():
 
 def deleteResourceCalendar():
     resId = sys.argv[3]
-    cd = gapi_directory.buildGAPIObject()
+    cd = gapi_directory.build()
     print(f'Deleting resource calendar {resId}')
     gapi.call(cd.resources().calendars(),
               'delete',

src/gam/gapi/directory/roles.py

@@ -0,0 +1,124 @@
+import sys
+
+from gam.var import GC_Values, GC_CUSTOMER_ID
+import gam
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+from gam.gapi.directory import privileges as gapi_directory_privileges
+
+
+def getPrivileges(body, privs, action):
+    all_privileges = gapi_directory_privileges.print_(return_only=True)
+    if privs == 'ALL':
+        body['rolePrivileges'] = [
+            {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges
+            ]
+    elif privs == 'ALL_OU':
+        body['rolePrivileges'] = [
+            {'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges if p.get('isOuScopable')
+            ]
+    else:
+      body.setdefault('rolePrivileges', [])
+      for priv in privs.split(','):
+          for p in all_privileges:
+              if priv == p['privilegeName']:
+                body['rolePrivileges'].append({'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']})
+                break
+          else:
+              controlflow.invalid_argument_exit(priv,
+                                                f'gam {action} adminrole privileges')
+
+def create():
+    cd = gapi_directory.build()
+    body = {'roleName': sys.argv[3]}
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'privileges':
+            getPrivileges(body, sys.argv[i + 1].upper(), 'create')
+            i += 2
+        elif myarg == 'description':
+            body['roleDescription'] = sys.argv[i + 1]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam create adminrole')
+
+    if not body.get('rolePrivileges'):
+        controlflow.missing_argument_exit('privileges',
+                                          'gam create adminrole')
+    print(f'Creating role {body["roleName"]}')
+    gapi.call(cd.roles(),
+              'insert',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              body=body)
+
+def update():
+    cd = gapi_directory.build()
+    body = {}
+    roleId = gam.getRoleId(sys.argv[3])
+    i = 4
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'privileges':
+            getPrivileges(body, sys.argv[i + 1].upper(), 'update')
+            i += 2
+        elif myarg == 'description':
+            body['roleDescription'] = sys.argv[i + 1]
+            i += 2
+        elif myarg == 'name':
+            body['roleName'] = sys.argv[i + 1]
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam update adminrole')
+
+    print(f'Updating role {roleId}')
+    gapi.call(cd.roles(),
+              'patch',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              roleId=roleId,
+              body=body)
+
+
+def delete():
+    cd = gapi_directory.build()
+    roleId = gam.getRoleId(sys.argv[3])
+    print(f'Deleting role {roleId}')
+    gapi.call(cd.roles(),
+              'delete',
+              customer=GC_Values[GC_CUSTOMER_ID],
+              roleId=roleId)
+
+
+def print_():
+    cd = gapi_directory.build()
+    todrive = False
+    titles = [
+        'roleId', 'roleName', 'roleDescription', 'isSuperAdminRole',
+        'isSystemRole'
+    ]
+    fields = f'nextPageToken,items({",".join(titles)})'
+    csvRows = []
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower()
+        if myarg == 'todrive':
+            todrive = True
+            i += 1
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i],
+                                              'gam print adminroles')
+    roles = gapi.get_all_pages(cd.roles(),
+                               'list',
+                               'items',
+                               customer=GC_Values[GC_CUSTOMER_ID],
+                               fields=fields)
+    for role in roles:
+        role_attrib = {}
+        for key, value in list(role.items()):
+            role_attrib[key] = value
+        csvRows.append(role_attrib)
+    display.write_csv_file(csvRows, titles, 'Admin Roles', todrive)

src/gam/gapi/directory/users.py

@@ -0,0 +1,64 @@
+from time import sleep
+
+import gam
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+
+
+def get_primary(email):
+    '''returns primary email of user or empty if email is not a user primary or
+    alias address.'''
+    cd = gapi_directory.build()
+    result = gapi.call(cd.users(), 'get', userKey=email,
+            projection='basic', fields='primaryEmail',
+            soft_errors=True)
+    if not result:
+        return ''
+    return result.get('primaryEmail', '').lower()
+
+
+def signout(users):
+    cd = gapi_directory.build()
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        user = gam.normalizeEmailAddressOrUID(user)
+        print(f'Signing Out {user}{gam.currentCount(i, count)}')
+        gapi.call(cd.users(),
+                  'signOut',
+                  soft_errors=True,
+                  userKey=user)
+
+
+def turn_off_2sv(users):
+    cd = gapi_directory.build()
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        user = gam.normalizeEmailAddressOrUID(user)
+        print(f'Turning Off 2-Step Verification for {user}{gam.currentCount(i, count)}')
+        gapi.call(cd.twoStepVerification(),
+                  'turnOff',
+                  soft_errors=True,
+                  userKey=user)
+
+def wait_for_mailbox(users):
+    '''Wait until users mailbox is provisioned.'''
+    cd = gapi_directory.build()
+    i = 0
+    count = len(users)
+    for user in users:
+        i += 1
+        user = gam.normalizeEmailAddressOrUID(user)
+        while True:
+            result = gapi.call(cd.users(),
+                               'get',
+                               'fields=isMailboxSetup',
+                               userKey=user)
+            mailbox_is_setup = result.get('isMailboxSetup')
+            print(f'{user} mailboxIsSetup: {mailbox_is_setup}')
+            if mailbox_is_setup:
+                break
+            sleep(3)

src/gam/gapi/errors.py

@@ -116,7 +116,9 @@ class ErrorReason(Enum):
     DUPLICATE = 'duplicate'
     FAILED_PRECONDITION = 'failedPrecondition'
     FORBIDDEN = 'forbidden'
+    FIVE_O_THREE = '503'
     FOUR_O_NINE = '409'
+    FOUR_O_O = '400'
     FOUR_O_THREE = '403'
     FOUR_TWO_NINE = '429'
     GATEWAY_TIMEOUT = 'gatewayTimeout'
@@ -152,6 +154,7 @@ DEFAULT_RETRY_REASONS = [
     ErrorReason.GATEWAY_TIMEOUT,
     ErrorReason.INTERNAL_ERROR,
     ErrorReason.FOUR_TWO_NINE,
+    ErrorReason.FIVE_O_THREE,
 ]
 GMAIL_THROW_REASONS = [ErrorReason.SERVICE_NOT_AVAILABLE]
 GROUP_GET_THROW_REASONS = [

src/gam/gapi/licensing.py

@@ -0,0 +1,309 @@
+import re
+import sys
+
+import gam
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import gapi
+from gam.gapi import errors as gapi_errors
+from gam.gapi.directory import customer as gapi_directory_customer
+
+
+def _get_customerid():
+    ''' returns customerId with format C{customer_id}'''
+    gapi_directory_customer.setTrueCustomerId()
+    customer_id = GC_Values[GC_CUSTOMER_ID]
+    if customer_id[0] != 'C':
+        customer_id = 'C' + customer_id
+    return customer_id
+
+def build():
+    return gam.buildGAPIObject('licensing')
+
+
+def getProductAndSKU(sku):
+    l_sku = sku.lower().replace('-', '').replace(' ', '')
+    for a_sku, sku_values in list(SKUS.items()):
+        if l_sku == a_sku.lower().replace(
+                '-',
+                '') or l_sku in sku_values['aliases'] or l_sku == sku_values[
+                    'displayName'].lower().replace(' ', ''):
+            return (sku_values['product'], a_sku)
+    try:
+        product = re.search('^([A-Z,a-z]*-[A-Z,a-z]*)', sku).group(1)
+    except AttributeError:
+        product = sku
+    return (product, sku)
+
+
+def user_lic_result(request_id, response, exception):
+    if exception:
+        http_status, reason, message = gapi_errors.get_gapi_error_detail(
+                exception,
+                soft_errors=True)
+        print(f'ERROR: {request_id}: {http_status} - {reason} {message}')
+
+
+def create(users, sku=None):
+    lic = build()
+    if not sku:
+        sku = sys.argv[5]
+    productId, skuId = getProductAndSKU(sku)
+    sku_name = _formatSKUIdDisplayName(skuId)
+    i = 6
+    if len(sys.argv) > 6 and sys.argv[i].lower() in ['product', 'productid']:
+        productId = sys.argv[i+1]
+        i += 2
+    for user in users:
+        print(f'Adding license {sku_name} from to {user}')
+        gapi.call(lic.licenseAssignments(),
+                  'insert',
+                  soft_errors=True,
+                  productId=productId,
+                  skuId=skuId,
+                  body={'userId': user})
+
+
+def delete(users, sku=None):
+    lic = build()
+    if not sku:
+        sku = sys.argv[5]
+    productId, skuId = getProductAndSKU(sku)
+    sku_name = _formatSKUIdDisplayName(skuId)
+    i = 6
+    if len(sys.argv) > 6 and sys.argv[i].lower() in ['product', 'productid']:
+        productId = sys.argv[i+1]
+        i += 2
+    for user in users:
+         print(f'Removing license {sku_name} from user {user}')
+         gapi.call(lic.licenseAssignments(),
+                   'delete',
+                   soft_errors=True,
+                   productId=productId,
+                   skuId=skuId,
+                   userId=user)
+
+
+def sync(users):
+    sku = sys.argv[5]
+    current_licenses = gam.getUsersToModify(entity_type='license',
+        entity=sku)
+    users_to_license = [user for user in users if user not in current_licenses]
+    users_to_unlicense = [user for user in current_licenses if user not in users]
+    print(f'Need to remove license from {len(users_to_unlicense)} and add to ' \
+          f'{len(users_to_license)} users...')
+    # do the remove first to free up seats
+    delete(users_to_unlicense, sku)
+    create(users_to_license, sku)
+
+
+def update(users, sku=None, old_sku=None):
+    lic = build()
+    if not sku:
+        sku = sys.argv[5]
+    productId, skuId = getProductAndSKU(sku)
+    sku_name = _formatSKUIdDisplayName(skuId)
+    i = 6
+    if len(sys.argv) > 6 and sys.argv[i].lower() in ['product', 'productid']:
+        productId = sys.argv[i+1]
+        i += 2
+    if not old_sku:
+        try:
+            old_sku = sys.argv[i]
+            if old_sku.lower() == 'from':
+                old_sku = sys.argv[i + 1]
+        except KeyError:
+            controlflow.system_error_exit(
+                2,
+                'You need to specify the user\'s old SKU as the last argument'
+            )
+        _, old_sku = getProductAndSKU(old_sku)
+    old_sku_name = _formatSKUIdDisplayName(old_sku)
+    for user in users:
+        print(f'Changing user {user} from license {old_sku_name} to {sku_name}')
+        gapi.call(lic.licenseAssignments(),
+                  'patch',
+                  soft_errors=True,
+                  productId=productId,
+                  skuId=old_sku,
+                  userId=user,
+                  body={'skuId': skuId})
+
+
+def print_(returnFields=None,
+                    skus=None,
+                    countsOnly=False,
+                    returnCounts=False):
+    lic = build()
+    customer_id = _get_customerid()
+    products = []
+    licenses = []
+    licenseCounts = []
+    if not returnFields:
+        csvRows = []
+        todrive = False
+        i = 3
+        while i < len(sys.argv):
+            myarg = sys.argv[i].lower()
+            if not returnCounts and myarg == 'todrive':
+                todrive = True
+                i += 1
+            elif myarg in ['products', 'product']:
+                products = sys.argv[i + 1].split(',')
+                i += 2
+            elif myarg in ['sku', 'skus']:
+                skus = sys.argv[i + 1].split(',')
+                i += 2
+            elif myarg == 'allskus':
+                skus = sorted(SKUS)
+                products = []
+                i += 1
+            elif myarg == 'gsuite':
+                skus = [
+                    skuId for skuId in SKUS
+                    if SKUS[skuId]['product'] in ['Google-Apps', '101031']
+                ]
+                products = []
+                i += 1
+            elif myarg == 'countsonly':
+                countsOnly = True
+                i += 1
+            else:
+                controlflow.invalid_argument_exit(sys.argv[i],
+                                                  'gam print licenses')
+        if not countsOnly:
+            fields = 'nextPageToken,items(productId,skuId,userId)'
+            titles = ['userId', 'productId', 'skuId']
+        else:
+            fields = 'nextPageToken,items(userId)'
+            if not returnCounts:
+                if skus:
+                    titles = ['productId', 'skuId', 'licenses']
+                else:
+                    titles = ['productId', 'licenses']
+    else:
+        fields = f'nextPageToken,items({returnFields})'
+    if skus:
+        for sku in skus:
+            if not products:
+                product, sku = getProductAndSKU(sku)
+            else:
+                product = products[0]
+            page_message = gapi.got_total_items_msg(
+                f'Licenses for {SKUS.get(sku, {"displayName": sku})["displayName"]}',
+                '...\n')
+            try:
+                licenses += gapi.get_all_pages(
+                    lic.licenseAssignments(),
+                    'listForProductAndSku',
+                    'items',
+                    throw_reasons=[
+                        gapi_errors.ErrorReason.INVALID,
+                        gapi_errors.ErrorReason.FORBIDDEN
+                    ],
+                    page_message=page_message,
+                    customerId=customer_id,
+                    productId=product,
+                    skuId=sku,
+                    fields=fields)
+                if countsOnly:
+                    licenseCounts.append([
+                        'Product', product, 'SKU', sku, 'Licenses',
+                        len(licenses)
+                    ])
+                    licenses = []
+            except (gapi_errors.GapiInvalidError,
+                    gapi_errors.GapiForbiddenError):
+                pass
+    else:
+        if not products:
+            products = sorted(PRODUCTID_NAME_MAPPINGS)
+        for productId in products:
+            page_message = gapi.got_total_items_msg(
+                f'Licenses for {PRODUCTID_NAME_MAPPINGS.get(productId, productId)}',
+                '...\n')
+            try:
+                licenses += gapi.get_all_pages(
+                    lic.licenseAssignments(),
+                    'listForProduct',
+                    'items',
+                    throw_reasons=[
+                        gapi_errors.ErrorReason.INVALID,
+                        gapi_errors.ErrorReason.FORBIDDEN
+                    ],
+                    page_message=page_message,
+                    customerId=customer_id,
+                    productId=productId,
+                    fields=fields)
+                if countsOnly:
+                    licenseCounts.append(
+                        ['Product', productId, 'Licenses',
+                         len(licenses)])
+                    licenses = []
+            except (gapi_errors.GapiInvalidError,
+                    gapi_errors.GapiForbiddenError):
+                pass
+    if countsOnly:
+        if returnCounts:
+            return licenseCounts
+        if skus:
+            for u_license in licenseCounts:
+                csvRows.append({
+                    'productId': u_license[1],
+                    'skuId': u_license[3],
+                    'licenses': u_license[5]
+                })
+        else:
+            for u_license in licenseCounts:
+                csvRows.append({
+                    'productId': u_license[1],
+                    'licenses': u_license[3]
+                })
+        display.write_csv_file(csvRows, titles, 'Licenses', todrive)
+        return
+    if returnFields:
+        if returnFields == 'userId':
+            userIds = []
+            for u_license in licenses:
+                userId = u_license.get('userId', '').lower()
+                if userId:
+                    userIds.append(userId)
+            return userIds
+        userSkuIds = {}
+        for u_license in licenses:
+            userId = u_license.get('userId', '').lower()
+            skuId = u_license.get('skuId')
+            if userId and skuId:
+                userSkuIds.setdefault(userId, [])
+                userSkuIds[userId].append(skuId)
+        return userSkuIds
+    for u_license in licenses:
+        userId = u_license.get('userId', '').lower()
+        skuId = u_license.get('skuId', '')
+        csvRows.append({
+            'userId': userId,
+            'productId': u_license.get('productId', ''),
+            'skuId': _skuIdToDisplayName(skuId)
+        })
+    display.write_csv_file(csvRows, titles, 'Licenses', todrive)
+
+
+def show():
+    licenseCounts = print_(countsOnly=True, returnCounts=True)
+    for u_license in licenseCounts:
+        line = ''
+        for i in range(0, len(u_license), 2):
+            line += f'{u_license[i]}: {u_license[i+1]}, '
+        print(line[:-2])
+
+
+def _skuIdToDisplayName(skuId):
+    return SKUS[skuId]['displayName'] if skuId in SKUS else skuId
+
+
+def _formatSKUIdDisplayName(skuId):
+    skuIdDisplay = _skuIdToDisplayName(skuId)
+    if skuId == skuIdDisplay:
+        return skuId
+    return f'{skuId} ({skuIdDisplay})'

src/gam/gapi/reports.py

@@ -11,9 +11,10 @@ from gam import controlflow
 from gam import display
 from gam import gapi
 from gam import utils
+from gam.gapi.directory import orgunits as gapi_directory_orgunits
 
 
-def buildGAPIObject():
+def build():
     return gam.buildGAPIObject('reports')
 
 
@@ -41,7 +42,7 @@ REPORT_CHOICE_MAP = {
 
 
 def showUsageParameters():
-    rep = buildGAPIObject()
+    rep = build()
     throw_reasons = [
         gapi.errors.ErrorReason.INVALID, gapi.errors.ErrorReason.BAD_REQUEST
     ]
@@ -56,7 +57,7 @@ def showUsageParameters():
         kwargs = {}
     elif report == 'user':
         endpoint = rep.userUsageReport()
-        kwargs = {'userKey': gam._getValueFromOAuth('email')}
+        kwargs = {'userKey': gam._get_admin_email()}
     else:
         controlflow.expected_argument_exit('usageparameters',
                                            ['user', 'customer'], report)
@@ -115,7 +116,7 @@ REPORTS_PARAMETERS_SIMPLE_TYPES = [
 
 
 def showUsage():
-    rep = buildGAPIObject()
+    rep = build()
     throw_reasons = [
         gapi.errors.ErrorReason.INVALID, gapi.errors.ErrorReason.BAD_REQUEST
     ]
@@ -178,7 +179,7 @@ def showUsage():
             skip_day_numbers = [dow.index(d) for d in skipdaynames if d in dow]
             i += 2
         elif report == 'user' and myarg in ['orgunit', 'org', 'ou']:
-            _, orgUnitId = gam.getOrgUnitId(sys.argv[i + 1])
+            _, orgUnitId = gapi_directory_orgunits.getOrgUnitId(sys.argv[i + 1])
             i += 2
         elif report == 'user' and myarg in usergroup_types:
             users = gam.getUsersToModify(myarg, sys.argv[i + 1])
@@ -264,7 +265,7 @@ def showUsage():
 
 
 def showReport():
-    rep = buildGAPIObject()
+    rep = build()
     throw_reasons = [gapi.errors.ErrorReason.INVALID]
     report = sys.argv[2].lower()
     report = REPORT_CHOICE_MAP.get(report.replace('_', ''), report)
@@ -296,7 +297,7 @@ def showReport():
             tryDate = utils.get_yyyymmdd(sys.argv[i + 1])
             i += 2
         elif myarg in ['orgunit', 'org', 'ou']:
-            _, orgUnitId = gam.getOrgUnitId(sys.argv[i + 1])
+            _, orgUnitId = gapi_directory_orgunits.getOrgUnitId(sys.argv[i + 1])
             i += 2
         elif myarg == 'fulldatarequired':
             fullDataRequired = []

src/gam/gapi/siteverification.py

@@ -0,0 +1,188 @@
+import json
+import sys
+from urllib.parse import urlencode
+
+import gam
+from gam.var import *
+from gam import controlflow
+from gam import display
+from gam import fileutils
+from gam import gapi
+from gam.gapi import directory as gapi_directory
+from gam.gapi import errors as gapi_errors
+from gam.gapi.directory import customer as gapi_directory_customer
+from gam import transport
+from gam import utils
+
+import gam
+
+
+def build():
+    return gam.buildGAPIObject('siteVerification')
+
+
+def create():
+    verif = build()
+    a_domain = sys.argv[3]
+    txt_record = gapi.call(verif.webResource(),
+                           'getToken',
+                           body={
+                               'site': {
+                                   'type': 'INET_DOMAIN',
+                                   'identifier': a_domain
+                               },
+                               'verificationMethod': 'DNS_TXT'
+                           })
+    print(f'TXT Record Name:   {a_domain}')
+    print(f'TXT Record Value:  {txt_record["token"]}')
+    print()
+    cname_record = gapi.call(verif.webResource(),
+                             'getToken',
+                             body={
+                                 'site': {
+                                     'type': 'INET_DOMAIN',
+                                     'identifier': a_domain
+                                 },
+                                 'verificationMethod': 'DNS_CNAME'
+                             })
+    cname_token = cname_record['token']
+    cname_list = cname_token.split(' ')
+    cname_subdomain = cname_list[0]
+    cname_value = cname_list[1]
+    print(f'CNAME Record Name:   {cname_subdomain}.{a_domain}')
+    print(f'CNAME Record Value:  {cname_value}')
+    print('')
+    webserver_file_record = gapi.call(
+        verif.webResource(),
+        'getToken',
+        body={
+            'site': {
+                'type': 'SITE',
+                'identifier': f'http://{a_domain}/'
+            },
+            'verificationMethod': 'FILE'
+        })
+    webserver_file_token = webserver_file_record['token']
+    print(f'Saving web server verification file to: {webserver_file_token}')
+    fileutils.write_file(webserver_file_token,
+                         f'google-site-verification: {webserver_file_token}',
+                         continue_on_error=True)
+    print(f'Verification File URL: http://{a_domain}/{webserver_file_token}')
+    print()
+    webserver_meta_record = gapi.call(
+        verif.webResource(),
+        'getToken',
+        body={
+            'site': {
+                'type': 'SITE',
+                'identifier': f'http://{a_domain}/'
+            },
+            'verificationMethod': 'META'
+        })
+    print(f'Meta URL:               http://{a_domain}/')
+    print(f'Meta HTML Header Data:  {webserver_meta_record["token"]}')
+    print()
+
+
+def info():
+    verif = build()
+    sites = gapi.get_items(verif.webResource(), 'list', 'items')
+    if sites:
+        for site in sites:
+            print(f'Site: {site["site"]["identifier"]}')
+            print(f'Type: {site["site"]["type"]}')
+            print('Owners:')
+            for owner in site['owners']:
+                print(f' {owner}')
+            print()
+    else:
+        print('No Sites Verified.')
+
+
+def update():
+    verif = build()
+    a_domain = sys.argv[3]
+    verificationMethod = sys.argv[4].upper()
+    if verificationMethod == 'CNAME':
+        verificationMethod = 'DNS_CNAME'
+    elif verificationMethod in ['TXT', 'TEXT']:
+        verificationMethod = 'DNS_TXT'
+    if verificationMethod in ['DNS_TXT', 'DNS_CNAME']:
+        verify_type = 'INET_DOMAIN'
+        identifier = a_domain
+    else:
+        verify_type = 'SITE'
+        identifier = f'http://{a_domain}/'
+    body = {
+        'site': {
+            'type': verify_type,
+            'identifier': identifier
+        },
+        'verificationMethod': verificationMethod
+    }
+    try:
+        verify_result = gapi.call(
+            verif.webResource(),
+            'insert',
+            throw_reasons=[gapi_errors.ErrorReason.BAD_REQUEST],
+            verificationMethod=verificationMethod,
+            body=body)
+    except gapi_errors.GapiBadRequestError as e:
+        print(f'ERROR: {str(e)}')
+        verify_data = gapi.call(verif.webResource(), 'getToken', body=body)
+        print(f'Method:  {verify_data["method"]}')
+        print(f'Expected Token:      {verify_data["token"]}')
+        if verify_data['method'] in ['DNS_CNAME', 'DNS_TXT']:
+            simplehttp = transport.create_http()
+            base_url = 'https://dns.google/resolve?'
+            query_params = {}
+            if verify_data['method'] == 'DNS_CNAME':
+                cname_token = verify_data['token']
+                cname_list = cname_token.split(' ')
+                cname_subdomain = cname_list[0]
+                query_params['name'] = f'{cname_subdomain}.{a_domain}'
+                query_params['type'] = 'cname'
+            else:
+                query_params['name'] = a_domain
+                query_params['type'] = 'txt'
+            full_url = base_url + urlencode(query_params)
+            (_, c) = simplehttp.request(full_url, 'GET')
+            result = json.loads(c)
+            status = result['Status']
+            if status == 0 and 'Answer' in result:
+                answers = result['Answer']
+                if verify_data['method'] == 'DNS_CNAME':
+                    answer = answers[0]['data']
+                else:
+                    answer = 'no matching record found'
+                    for possible_answer in answers:
+                        possible_answer['data'] = possible_answer['data'].strip(
+                            '"')
+                        if possible_answer['data'].startswith(
+                                'google-site-verification'):
+                            answer = possible_answer['data']
+                            break
+                        print(
+                            f'Unrelated TXT record: {possible_answer["data"]}')
+                print(f'Found DNS Record: {answer}')
+            elif status == 0:
+                controlflow.system_error_exit(1, 'DNS record not found')
+            else:
+                controlflow.system_error_exit(
+                    status,
+                    DNS_ERROR_CODES_MAP.get(status, f'Unknown error {status}'))
+        return
+    print('SUCCESS!')
+    print(f'Verified:  {verify_result["site"]["identifier"]}')
+    print(f'ID:  {verify_result["id"]}')
+    print(f'Type: {verify_result["site"]["type"]}')
+    print('All Owners:')
+    try:
+        for owner in verify_result['owners']:
+            print(f' {owner}')
+    except KeyError:
+        pass
+    print()
+    print(
+        f'You can now add {a_domain} or it\'s subdomains as secondary or domain aliases of the {GC_Values[GC_DOMAIN]} Google Workspace Account.'
+    )

src/gam/gapi/vault.py

@@ -1,6 +1,7 @@
 import datetime
 import json
 import sys
+from time import sleep
 
 import googleapiclient.http
 
@@ -11,6 +12,7 @@ from gam import display
 from gam import fileutils
 from gam import gapi
 from gam.gapi import storage as gapi_storage
+from gam.gapi.directory import orgunits as gapi_directory_orgunits
 from gam import utils
 
 
@@ -84,21 +86,120 @@ VAULT_SEARCH_METHODS_MAP = {
 VAULT_SEARCH_METHODS_LIST = [
     'accounts', 'orgunit', 'shareddrives', 'rooms', 'everyone'
 ]
+QUERY_ARGS = ['corpus', 'scope', 'terms', 'start', 'starttime',
+              'end', 'endtime', 'timezone', 'excludedrafts',
+              'driveversiondate', 'includeshareddrives', 'includeteamdrives',
+              'includerooms'] + list(VAULT_SEARCH_METHODS_MAP.keys())
+
+def _build_query(query, myarg, i, query_discovery):
+    if not query:
+        query = {'dataScope': 'ALL_DATA'}
+    if myarg == 'corpus':
+        query['corpus'] = sys.argv[i + 1].upper()
+        allowed_corpuses = gapi.get_enum_values_minus_unspecified(
+                  query_discovery['properties']['corpus']['enum'])
+        if query['corpus'] not in allowed_corpuses:
+            controlflow.expected_argument_exit('corpus',
+                                               ', '.join(allowed_corpuses),
+                                               sys.argv[i + 1])
+        i += 2
+    elif myarg in VAULT_SEARCH_METHODS_MAP:
+        if query.get('searchMethod'):
+            message = f'Multiple search methods ' \
+                      f'({", ".join(VAULT_SEARCH_METHODS_LIST)})' \
+                      f'specified, only one is allowed'
+            controlflow.system_error_exit(3, message)
+        searchMethod = VAULT_SEARCH_METHODS_MAP[myarg]
+        query['searchMethod'] = searchMethod
+        if searchMethod == 'ACCOUNT':
+            query['accountInfo'] = {
+                'emails': sys.argv[i + 1].split(',')
+            }
+            i += 2
+        elif searchMethod == 'ORG_UNIT':
+            query['orgUnitInfo'] = {
+                'orgUnitId': gapi_directory_orgunits.getOrgUnitId(sys.argv[i + 1])[1]
+            }
+            i += 2
+        elif searchMethod == 'SHARED_DRIVE':
+            query['sharedDriveInfo'] = {
+                'sharedDriveIds': sys.argv[i + 1].split(',')
+            }
+            i += 2
+        elif searchMethod == 'ROOM':
+            query['hangoutsChatInfo'] = {
+                'roomId': sys.argv[i + 1].split(',')
+            }
+            i += 2
+        else:
+            i += 1
+    elif myarg == 'scope':
+        query['dataScope'] = sys.argv[i + 1].upper()
+        allowed_scopes = gapi.get_enum_values_minus_unspecified(
+              query_discovery['properties']['dataScope']['enum'])
+        if query['dataScope'] not in allowed_scopes:
+            controlflow.expected_argument_exit('scope',
+                                               ', '.join(allowed_scopes),
+                                               sys.argv[i + 1])
+        i += 2
+    elif myarg in ['terms']:
+        query['terms'] = sys.argv[i + 1]
+        i += 2
+    elif myarg in ['start', 'starttime']:
+        query['startTime'] = utils.get_date_zero_time_or_full_time(
+            sys.argv[i + 1])
+        i += 2
+    elif myarg in ['end', 'endtime']:
+        query['endTime'] = utils.get_date_zero_time_or_full_time(
+            sys.argv[i + 1])
+        i += 2
+    elif myarg in ['timezone']:
+        query['timeZone'] = sys.argv[i + 1]
+        i += 2
+    elif myarg in ['excludedrafts']:
+        query['mailOptions'] = {
+           'excludeDrafts': gam.getBoolean(sys.argv[i + 1], myarg)
+        }
+        i += 2
+    elif myarg in ['driveversiondate']:
+        query.setdefault('driveOptions', {})['versionDate'] = \
+            utils.get_date_zero_time_or_full_time(sys.argv[i+1])
+        i += 2
+    elif myarg in ['includeshareddrives', 'includeteamdrives']:
+        query.setdefault(
+            'driveOptions', {})['includeSharedDrives'] = gam.getBoolean(
+                sys.argv[i + 1], myarg)
+        i += 2
+    elif myarg in ['includerooms']:
+        query['hangoutsChatOptions'] = {
+            'includeRooms': gam.getBoolean(sys.argv[i + 1], myarg)
+        }
+        i += 2
+    return (query, i)
+
+def _validate_query(query, query_discovery):
+    if 'corpus' not in query:
+        allowed_corpuses = gapi.get_enum_values_minus_unspecified(
+            query_discovery['properties']['corpus']['enum'])
+        controlflow.system_error_exit(3, 'you must specify a corpus. ' \
+          f'Choose one of {", ".join(allowed_corpuses)}')
+    if 'searchMethod' not in query:
+        controlflow.system_error_exit(3, f'you must specify a search method. ' \
+          'Choose one of ' \
+          f'{", ".join(VAULT_SEARCH_METHODS_LIST)}')
 
 
 def createExport():
     v = buildGAPIObject()
-    allowed_corpuses = gapi.get_enum_values_minus_unspecified(
-        v._rootDesc['schemas']['Query']['properties']['corpus']['enum'])
-    allowed_scopes = gapi.get_enum_values_minus_unspecified(
-        v._rootDesc['schemas']['Query']['properties']['dataScope']['enum'])
+    query_discovery = v._rootDesc['schemas']['Query']
     allowed_formats = gapi.get_enum_values_minus_unspecified(
         v._rootDesc['schemas']['MailExportOptions']['properties']
         ['exportFormat']['enum'])
     export_format = 'MBOX'
     showConfidentialModeContent = None  # default to not even set
     matterId = None
-    body = {'query': {'dataScope': 'ALL_DATA'}, 'exportOptions': {}}
+    query = None
+    body = {'exportOptions': {}}
     i = 3
     while i < len(sys.argv):
         myarg = sys.argv[i].lower().replace('_', '')
@@ -109,83 +210,8 @@ def createExport():
         elif myarg == 'name':
             body['name'] = sys.argv[i + 1]
             i += 2
-        elif myarg == 'corpus':
-            body['query']['corpus'] = sys.argv[i + 1].upper()
-            if body['query']['corpus'] not in allowed_corpuses:
-                controlflow.expected_argument_exit('corpus',
-                                                   ', '.join(allowed_corpuses),
-                                                   sys.argv[i + 1])
-            i += 2
-        elif myarg in VAULT_SEARCH_METHODS_MAP:
-            if body['query'].get('searchMethod'):
-                message = f'Multiple search methods ' \
-                          f'({", ".join(VAULT_SEARCH_METHODS_LIST)})' \
-                          f'specified, only one is allowed'
-                controlflow.system_error_exit(3, message)
-            searchMethod = VAULT_SEARCH_METHODS_MAP[myarg]
-            body['query']['searchMethod'] = searchMethod
-            if searchMethod == 'ACCOUNT':
-                body['query']['accountInfo'] = {
-                    'emails': sys.argv[i + 1].split(',')
-                }
-                i += 2
-            elif searchMethod == 'ORG_UNIT':
-                body['query']['orgUnitInfo'] = {
-                    'orgUnitId': gam.getOrgUnitId(sys.argv[i + 1])[1]
-                }
-                i += 2
-            elif searchMethod == 'SHARED_DRIVE':
-                body['query']['sharedDriveInfo'] = {
-                    'sharedDriveIds': sys.argv[i + 1].split(',')
-                }
-                i += 2
-            elif searchMethod == 'ROOM':
-                body['query']['hangoutsChatInfo'] = {
-                    'roomId': sys.argv[i + 1].split(',')
-                }
-                i += 2
-            else:
-                i += 1
-        elif myarg == 'scope':
-            body['query']['dataScope'] = sys.argv[i + 1].upper()
-            if body['query']['dataScope'] not in allowed_scopes:
-                controlflow.expected_argument_exit('scope',
-                                                   ', '.join(allowed_scopes),
-                                                   sys.argv[i + 1])
-            i += 2
-        elif myarg in ['terms']:
-            body['query']['terms'] = sys.argv[i + 1]
-            i += 2
-        elif myarg in ['start', 'starttime']:
-            body['query']['startTime'] = utils.get_date_zero_time_or_full_time(
-                sys.argv[i + 1])
-            i += 2
-        elif myarg in ['end', 'endtime']:
-            body['query']['endTime'] = utils.get_date_zero_time_or_full_time(
-                sys.argv[i + 1])
-            i += 2
-        elif myarg in ['timezone']:
-            body['query']['timeZone'] = sys.argv[i + 1]
-            i += 2
-        elif myarg in ['excludedrafts']:
-            body['query']['mailOptions'] = {
-                'excludeDrafts': gam.getBoolean(sys.argv[i + 1], myarg)
-            }
-            i += 2
-        elif myarg in ['driveversiondate']:
-            body['query'].setdefault('driveOptions', {})['versionDate'] = \
-                utils.get_date_zero_time_or_full_time(sys.argv[i+1])
-            i += 2
-        elif myarg in ['includeshareddrives', 'includeteamdrives']:
-            body['query'].setdefault(
-                'driveOptions', {})['includeSharedDrives'] = gam.getBoolean(
-                    sys.argv[i + 1], myarg)
-            i += 2
-        elif myarg in ['includerooms']:
-            body['query']['hangoutsChatOptions'] = {
-                'includeRooms': gam.getBoolean(sys.argv[i + 1], myarg)
-            }
-            i += 2
+        elif myarg in QUERY_ARGS:
+            query, i = _build_query(query, myarg, i, query_discovery)
         elif myarg in ['format']:
             export_format = sys.argv[i + 1].upper()
             if export_format not in allowed_formats:
@@ -216,13 +242,8 @@ def createExport():
     if not matterId:
         controlflow.system_error_exit(
             3, 'you must specify a matter for the new export.')
-    if 'corpus' not in body['query']:
-        controlflow.system_error_exit(3, f'you must specify a corpus for the ' \
-          f'new export. Choose one of {", ".join(allowed_corpuses)}')
-    if 'searchMethod' not in body['query']:
-        controlflow.system_error_exit(3, f'you must specify a search method ' \
-          'for the new export. Choose one of ' \
-          f'{", ".join(VAULT_SEARCH_METHODS_LIST)}')
+    _validate_query(query, query_discovery)
+    body['query'] = query
     if 'name' not in body:
         corpus_name = body['query']['corpus']
         corpus_date = datetime.datetime.now()
@@ -270,6 +291,81 @@ def getExportInfo():
     display.print_json(export)
 
 
+def print_count():
+    v = buildGAPIObject()
+    query_discovery = v._rootDesc['schemas']['Query']
+    matterId = None
+    operation_wait = 15
+    query = None
+    body = {'view': 'ALL'}
+    name = None
+    todrive = False
+    i = 3
+    while i < len(sys.argv):
+        myarg = sys.argv[i].lower().replace('_', '')
+        if myarg == 'matter':
+            matterId = getMatterItem(v, sys.argv[i + 1])
+            i += 2
+        elif myarg == 'operation':
+            name = sys.argv[i+1]
+            i += 2
+        elif myarg == 'todrive':
+            todrive = True
+            i += 1
+        elif myarg in QUERY_ARGS:
+            query, i = _build_query(query, myarg, i, query_discovery)
+        elif myarg == 'wait':
+            operation_wait = int(sys.argv[i + 1])
+            i += 2
+        else:
+            controlflow.invalid_argument_exit(sys.argv[i], 'gam create export')
+    if not matterId:
+        controlflow.system_error_exit(
+            3, 'you must specify a matter for the count.')
+    if name:
+        operation = {'name': name}
+    else:
+        _validate_query(query, query_discovery)
+        body['query'] = query
+        operation = gapi.call(v.matters(), 'count', matterId=matterId, body=body)
+    print(f'Watching operation {operation["name"]}...')
+    while not operation.get('done'):
+        print(f' operation {operation["name"]} is not done yet. Checking again in {operation_wait} seconds')
+        sleep(operation_wait)
+        operation = gapi.call(v.operations(), 'get', name=operation['name'])
+    response = operation.get('response', {})
+    query = operation['metadata']['query']
+    search_method = query.get('searchMethod')
+    # ARGH count results don't include accounts with zero items.
+    # so we keep track of which accounts we searched and can report
+    # zero data for them.
+    if search_method == 'ACCOUNT':
+      query_accounts = query.get('accountInfo', [])
+    elif search_method == 'ENTIRE_ORG':
+      query_accounts = gam.getUsersToModify('all', 'users')
+    elif search_method == 'ORG_UNIT':
+      org_unit = query['orgUnitInfo']['orgUnitId']
+      query_accounts = gam.getUsersToModify('ou', org_unit)
+    mailcounts = response.get('mailCountResult', {})
+    groupcounts = response.get('groupsCountResult', {})
+    csv_rows = []
+    for a_count in [mailcounts, groupcounts]:
+        for errored_account in a_count.get('accountCountErrors', []):
+            account = errored_account.get('account')
+            csv_rows.append({'account': account, 'error': errored_account.get('errorType')})
+            if account in query_accounts: query_accounts.remove(account)
+        for account in a_count.get('nonQueryableAccounts', []):
+            csv_rows.append({'account': account, 'error': 'Not queried because not on hold'})
+            if account in query_accounts: query_accounts.remove(account)
+        for account in a_count.get('accountCounts', []):
+            email = account.get('account', {}).get('email', '')
+            csv_rows.append({'account': email, 'count': account.get('count')})
+            if email in query_accounts: query_accounts.remove(email)
+    for account in query_accounts:
+        csv_rows.append({'account': account, 'count': 0})
+    titles = ['account', 'count', 'error']
+    display.write_csv_file(csv_rows, titles, 'Vault Counts', todrive)
+
 def createHold():
     v = buildGAPIObject()
     allowed_corpuses = gapi.get_enum_values_minus_unspecified(
@@ -301,7 +397,7 @@ def createHold():
             i += 2
         elif myarg in ['orgunit', 'ou']:
             body['orgUnit'] = {
-                'orgUnitId': gam.getOrgUnitId(sys.argv[i + 1])[1]
+                'orgUnitId': gapi_directory_orgunits.getOrgUnitId(sys.argv[i + 1])[1]
             }
             i += 2
         elif myarg in ['start', 'starttime']:
@@ -407,7 +503,7 @@ def getHoldInfo():
             acct_email = gam.convertUIDtoEmailAddress(uid, cd, [account_type])
             results['accounts'][i]['email'] = acct_email
     if 'orgUnit' in results:
-        results['orgUnit']['orgUnitPath'] = gam.doGetOrgInfo(
+        results['orgUnit']['orgUnitPath'] = gapi_directory_orgunits.info(
             results['orgUnit']['orgUnitId'], return_attrib='orgUnitPath')
     display.print_json(results)
 
@@ -496,7 +592,7 @@ def updateHold():
             i += 2
         elif myarg in ['orgunit', 'ou']:
             body['orgUnit'] = {
-                'orgUnitId': gam.getOrgUnitId(sys.argv[i + 1])[1]
+                'orgUnitId': gapi_directory_orgunits.getOrgUnitId(sys.argv[i + 1])[1]
             }
             i += 2
         elif myarg in ['start', 'starttime']:

src/gam/transport.py

@@ -40,19 +40,19 @@ def create_http(cache=None,
     return httpObj
 
 
-def create_request(http=None):
+def create_request(httpObj=None):
     """Creates a uniform Request object with a default http, if not provided.
 
   Args:
-    http: Optional httplib2.Http compatible object to be used with the request.
+    httpObj: Optional httplib2.Http compatible object to be used with the request.
       If not provided, a default HTTP will be used.
 
   Returns:
     Request: A google_auth_httplib2.Request compatible Request.
   """
-    if not http:
-        http = create_http()
-    return Request(http)
+    if not httpObj:
+        httpObj = create_http()
+    return Request(httpObj)
 
 
 GAM_USER_AGENT = GAM_INFO

src/gam/transport_test.py

@@ -64,7 +64,7 @@ class TransportTest(unittest.TestCase):
         self.assertEqual(request.http, mock_create_http.return_value)
 
     def test_create_request_uses_provided_http(self):
-        request = transport.create_request(http=self.mock_http)
+        request = transport.create_request(httpObj=self.mock_http)
         self.assertEqual(request.http, self.mock_http)
 
     def test_create_request_returns_request_with_forced_user_agent(self):

src/gam/utils.py

@@ -1,3 +1,7 @@
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
 import datetime
 import re
 import sys
@@ -5,8 +9,10 @@ import time
 from hashlib import md5
 from html.entities import name2codepoint
 from html.parser import HTMLParser
+import importlib
 import json
 import dateutil.parser
+import types
 
 from gam import controlflow
 from gam import fileutils
@@ -14,6 +20,41 @@ from gam import transport
 from gam.var import *
 
 
+class LazyLoader(types.ModuleType):
+  """Lazily import a module, mainly to avoid pulling in large dependencies.
+
+  `contrib`, and `ffmpeg` are examples of modules that are large and not always
+  needed, and this allows them to only be loaded when they are used.
+  """
+
+  # The lint error here is incorrect.
+  def __init__(self, local_name, parent_module_globals, name):  # pylint: disable=super-on-old-class
+    self._local_name = local_name
+    self._parent_module_globals = parent_module_globals
+
+    super(LazyLoader, self).__init__(name)
+
+  def _load(self):
+    # Import the target module and insert it into the parent's namespace
+    module = importlib.import_module(self.__name__)
+    self._parent_module_globals[self._local_name] = module
+
+    # Update this object's dict so that if someone keeps a reference to the
+    #   LazyLoader, lookups are efficient (__getattr__ is only called on lookups
+    #   that fail).
+    self.__dict__.update(module.__dict__)
+
+    return module
+
+  def __getattr__(self, item):
+    module = self._load()
+    return getattr(module, item)
+
+  def __dir__(self):
+    module = self._load()
+    return dir(module)
+
+
 class _DeHTMLParser(HTMLParser):
 
     def __init__(self):
@@ -59,6 +100,16 @@ class _DeHTMLParser(HTMLParser):
                       re.sub(r'\n +', '\n', ''.join(self.__text))).strip()
 
 
+def commonprefix(m):
+    '''Given a list of strings m, return string which is prefix common to all'''
+    s1 = min(m)
+    s2 = max(m)
+    for i, c in enumerate(s1):
+        if c != s2[i]:
+            return s1[:i]
+    return s1
+
+
 def dehtml(text):
     try:
         parser = _DeHTMLParser()
@@ -228,12 +279,14 @@ def get_yyyymmdd(argstr, minLen=1, returnTimeStamp=False, returnDateTime=False):
 def get_time_or_delta_from_now(time_string):
     """Get an ISO 8601 time or a positive/negative delta applied to now.
   Args:
-    time_string (string): The time or delta (e.g. '2017-09-01T12:34:56Z' or '-4h')
+    time_string (string): The time or delta (e.g. '2017-09-01T12:34:56Z' or '-4h') or never
   Returns:
     string: iso8601 formatted datetime in UTC.
   """
     time_string = time_string.strip().upper()
     if time_string:
+        if time_string == 'NEVER':
+            return NEVER_TIME
         if time_string[0] not in ['+', '-']:
             return time_string
         return (datetime.datetime.utcnow() +

src/gam/var.py

@@ -8,7 +8,7 @@ import platform
 import re
 
 GAM_AUTHOR = 'Jay Lee <jay0lee@gmail.com>'
-GAM_VERSION = '5.11'
+GAM_VERSION = '6.01'
 GAM_LICENSE = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 GAM_URL = 'https://git.io/gam'
@@ -37,6 +37,7 @@ ERROR_PREFIX = 'ERROR: '
 WARNING_PREFIX = 'WARNING: '
 UTF8 = 'utf-8'
 UTF8_SIG = 'utf-8-sig'
+FN_ENABLEDASA_TXT = 'enabledasa.txt'
 FN_EXTRA_ARGS_TXT = 'extra-args.txt'
 FN_LAST_UPDATE_CHECK_TXT = 'lastupdatecheck.txt'
 MY_CUSTOMER = 'my_customer'
@@ -58,12 +59,42 @@ SKUS = {
     '1010310002': {
         'product': '101031',
         'aliases': ['gsefe', 'e4e', 'gsuiteenterpriseeducation'],
-        'displayName': 'G Suite Enterprise for Education'
+        'displayName': 'Google Workspace for Education Plus - Legacy'
     },
     '1010310003': {
         'product': '101031',
         'aliases': ['gsefes', 'e4es', 'gsuiteenterpriseeducationstudent'],
-        'displayName': 'G Suite Enterprise for Education (Student)'
+        'displayName': 'Google Workspace for Education Plus - Legacy (Student)'
+    },
+    '1010310005': {
+            'product': '101031',
+            'aliases': ['gwes', 'workspaceeducationstandard'],
+            'displayName': 'Google Workspace for Education Standard'
+    },
+    '1010310006': {
+        'product': '101031',
+        'aliases': ['gwesstaff', 'workspaceeducationstandardstaff'],
+        'displayName': 'Google Workspace for Education Standard (Staff)'
+    },
+    '1010310007': {
+        'product': '101031',
+        'aliases': ['gwesstudent', 'workspaceeducationstandardstudent'],
+        'displayName': 'Google Workspace for Education Standard (Extra Student)'
+    },
+    '1010310008': {
+        'product': '101031',
+        'aliases': ['gwep', 'workspaceeducationplus'],
+        'displayName': 'Google Workspace for Education Plus'
+    },
+    '1010310009': {
+        'product': '101031',
+        'aliases': ['gwepstaff', 'workspaceeducationplusstaff'],
+        'displayName': 'Google Workspace for Education Plus (Staff)'
+    },
+    '1010310010': {
+        'product': '101031',
+        'aliases': ['gwepstudent', 'workspaceeducationplusstudent'],
+        'displayName': 'Google Workspace for Education Plus (Extra Student)'
     },
     '1010330003': {
         'product': '101033',
@@ -80,6 +111,11 @@ SKUS = {
         'aliases': ['gvpremier', 'voicepremier', 'googlevoicepremier'],
         'displayName': 'Google Voice Premier'
     },
+    '1010370001': {
+        'product': '101037',
+        'aliases': ['gwetlu', 'workspaceeducationupgrade'],
+        'displayName': 'Google Workspace for Education: Teaching and Learning Upgrade'
+    },
     'Google-Apps': {
         'product': 'Google-Apps',
         'aliases': ['standard', 'free'],
@@ -113,10 +149,49 @@ SKUS = {
         'aliases': ['gau', 'gsb', 'unlimited', 'gsuitebusiness'],
         'displayName': 'G Suite Business'
     },
+    '1010020027': {
+         'product': 'Google-Apps',
+         'aliases': ['wsbizstart', 'workspacebusinessstarter'],
+         'displayName': 'Workspace Business Starter'
+    },
+    '1010020028': {
+         'product': 'Google-Apps',
+         'aliases': ['wsbizstan', 'workspacebusinessstandard'],
+         'displayName': 'Workspace Business Standard'
+    },
+    '1010020025': {
+         'product': 'Google-Apps',
+         'aliases': ['wsbizplus', 'workspacebusinessplus'],
+         'displayName': 'Workspace Business Plus'
+    },
+    '1010060001': {
+        'product': 'Google-Apps',
+        'aliases': [
+            'gsuiteessentials', 'essentials', 'd4e', 'driveenterprise',
+            'drive4enterprise', 'wsess', 'workspaceesentials'
+        ],
+        'displayName': 'Google Workspace Essentials'
+    },
+    '1010060003': {
+         'product': 'Google-Apps',
+         'aliases': ['wsentess', 'workspaceenterpriseessentials'],
+         'displayName': 'Workspace Enterprise Essentials'
+    },
+    '1010020026': {
+         'product': 'Google-Apps',
+         'aliases': ['wsentstan', 'workspaceenterprisestandard'],
+         'displayName': 'Workspace Enterprise Standard'
+    },
     '1010020020': {
         'product': 'Google-Apps',
-        'aliases': ['gae', 'gse', 'enterprise', 'gsuiteenterprise'],
-        'displayName': 'G Suite Enterprise'
+        'aliases': ['gae', 'gse', 'enterprise', 'gsuiteenterprise',
+                    'wsentplus', 'workspaceenterpriseplus'],
+        'displayName': 'Workspace Enterprise Plus'
+    },
+    '1010020030': {
+        'product': 'Google-Apps',
+        'aliases': ['workspacefrontline', 'workspacefrontlineworker'],
+        'displayName': 'Workspace Frontline'
     },
     '1010340002': {
         'product': '101034',
@@ -126,15 +201,7 @@ SKUS = {
     '1010340001': {
         'product': '101034',
         'aliases': ['gseau', 'enterprisearchived', 'gsuiteenterprisearchived'],
-        'displayName': 'G Suite Enterprise Archived'
-    },
-    '1010060001': {
-        'product': '101006',
-        'aliases': [
-            'gsuiteessentials', 'essentials', 'd4e', 'driveenterprise',
-            'drive4enterprise'
-        ],
-        'displayName': 'G Suite Essentials'
+        'displayName': 'Google Workspace Enterprise Plus Archived'
     },
     'Google-Drive-storage-20GB': {
         'product': 'Google-Drive-storage',
@@ -191,11 +258,6 @@ SKUS = {
         'aliases': ['vfe', 'googlevaultformeremployee'],
         'displayName': 'Google Vault Former Employee'
     },
-    'Google-Coordinate': {
-        'product': 'Google-Coordinate',
-        'aliases': ['coordinate', 'googlecoordinate'],
-        'displayName': 'Google Coordinate'
-    },
     'Google-Chrome-Device-Management': {
         'product': 'Google-Chrome-Device-Management',
         'aliases': ['chrome', 'cdm', 'googlechromedevicemanagement'],
@@ -206,12 +268,12 @@ SKUS = {
 PRODUCTID_NAME_MAPPINGS = {
     '101001': 'Cloud Identity Free',
     '101005': 'Cloud Identity Premium',
-    '101031': 'G Suite Enterprise for Education',
+    '101031': 'G Suite Workspace for Education',
     '101033': 'Google Voice',
     '101034': 'G Suite Archived',
-    'Google-Apps': 'G Suite',
+    '101037': 'G Suite Workspace for Education',
+    'Google-Apps': 'Google Workspace',
     'Google-Chrome-Device-Management': 'Google Chrome Device Management',
-    'Google-Coordinate': 'Google Coordinate',
     'Google-Drive-storage': 'Google Drive Storage',
     'Google-Vault': 'Google Vault',
 }
@@ -219,25 +281,35 @@ PRODUCTID_NAME_MAPPINGS = {
 # Legacy APIs that use v1 discovery. Newer APIs should all use v2.
 V1_DISCOVERY_APIS = {
     'admin',
-    'appsactivity',
     'calendar',
     'drive',
-    'gmail',
-    'groupssettings',
-    'licensing',
     'oauth2',
     'reseller',
     'siteVerification',
-    'storage',
+}
+
+API_NAME_MAPPING = {
+    'directory': 'admin',
+    'reports': 'admin',
+    'datatransfer': 'admin',
+    'drive3': 'drive',
+    'cloudresourcemanagerv1': 'cloudresourcemanager',
+    'cloudidentity_beta': 'cloudidentity',
 }
 
 API_VER_MAPPING = {
     'alertcenter': 'v1beta1',
-    'appsactivity': 'v1',
+    'driveactivity': 'v2',
     'calendar': 'v3',
+    'cbcm': 'v1.1beta1',
+    'chromemanagement': 'v1',
+    'chromepolicy': 'v1',
     'classroom': 'v1',
+    'cloudidentity': 'v1',
+    'cloudidentity_beta': 'v1beta1',
     'cloudresourcemanager': 'v2',
     'cloudresourcemanagerv1': 'v1',
+    'contactdelegation': 'v1',
     'datatransfer': 'datatransfer_v1',
     'directory': 'directory_v1',
     'drive': 'v2',
@@ -257,17 +329,20 @@ API_VER_MAPPING = {
     'siteVerification': 'v1',
     'storage': 'v1',
     'vault': 'v1',
+    'versionhistory': 'v1',
 }
 
 USERINFO_EMAIL_SCOPE = 'https://www.googleapis.com/auth/userinfo.email'
 
 API_SCOPE_MAPPING = {
     'alertcenter': ['https://www.googleapis.com/auth/apps.alerts',],
-    'appsactivity': [
-        'https://www.googleapis.com/auth/activity',
+    'driveactivity': [
+        'https://www.googleapis.com/auth/drive.activity',
         'https://www.googleapis.com/auth/drive',
     ],
     'calendar': ['https://www.googleapis.com/auth/calendar',],
+    'cloudidentity': ['https://www.googleapis.com/auth/cloud-identity'],
+    'cloudidentity_beta': ['https://www.googleapis.com/auth/cloud-identity'],
     'drive': ['https://www.googleapis.com/auth/drive',],
     'drive3': ['https://www.googleapis.com/auth/drive',],
     'gmail': [
@@ -314,16 +389,21 @@ ADDRESS_FIELDS_ARGUMENT_MAP = {
 }
 
 SERVICE_NAME_TO_ID_MAP = {
+    'Calendar': '435070579839',
+    'Currents': '553547912911',
     'Drive and Docs': '55656082996',
-    'Calendar': '435070579839'
+    'Google Data Studio': '810260081642',
 }
 
 SERVICE_NAME_CHOICES_MAP = {
+    'calendar': 'Calendar',
+    'currents': 'Currents',
+    'datastudio': 'Google Data Studio',
+    'google data studio': 'Google Data Studio',
     'drive': 'Drive and Docs',
     'drive and docs': 'Drive and Docs',
     'googledrive': 'Drive and Docs',
     'gdrive': 'Drive and Docs',
-    'calendar': 'Calendar',
 }
 
 PRINTJOB_ASCENDINGORDER_MAP = {
@@ -357,11 +437,21 @@ CALENDAR_NOTIFICATION_TYPES_MAP = {
     'agenda': 'agenda',
 }
 
+DEVICE_ORDERBY_CHOICES_MAP = {
+  'createtime': 'create_time',
+  'devicetype': 'device_type',
+  'lastsynctime': 'last_sync_time',
+  'model': 'model',
+  'osversion': 'os_version',
+  'serialnumber': 'serial_number'
+  }
+
 DRIVEFILE_FIELDS_CHOICES_MAP = {
     'alternatelink': 'alternateLink',
     'appdatacontents': 'appDataContents',
     'cancomment': 'canComment',
     'canreadrevisions': 'canReadRevisions',
+    'contentrestrictions': 'contentRestrictions',
     'copyable': 'copyable',
     'copyrequireswriterpermission': 'copyRequiresWriterPermission',
     'createddate': 'createdDate',
@@ -470,16 +560,18 @@ DRIVEFILE_LABEL_CHOICES_MAP = {
 }
 
 APPLICATION_VND_GOOGLE_APPS = 'application/vnd.google-apps.'
-MIMETYPE_GA_DOCUMENT = APPLICATION_VND_GOOGLE_APPS + 'document'
-MIMETYPE_GA_DRAWING = APPLICATION_VND_GOOGLE_APPS + 'drawing'
-MIMETYPE_GA_FOLDER = APPLICATION_VND_GOOGLE_APPS + 'folder'
-MIMETYPE_GA_FORM = APPLICATION_VND_GOOGLE_APPS + 'form'
-MIMETYPE_GA_FUSIONTABLE = APPLICATION_VND_GOOGLE_APPS + 'fusiontable'
-MIMETYPE_GA_MAP = APPLICATION_VND_GOOGLE_APPS + 'map'
-MIMETYPE_GA_PRESENTATION = APPLICATION_VND_GOOGLE_APPS + 'presentation'
-MIMETYPE_GA_SCRIPT = APPLICATION_VND_GOOGLE_APPS + 'script'
-MIMETYPE_GA_SITES = APPLICATION_VND_GOOGLE_APPS + 'sites'
-MIMETYPE_GA_SPREADSHEET = APPLICATION_VND_GOOGLE_APPS + 'spreadsheet'
+MIMETYPE_GA_DOCUMENT = f'{APPLICATION_VND_GOOGLE_APPS}document'
+MIMETYPE_GA_DRAWING = f'{APPLICATION_VND_GOOGLE_APPS}drawing'
+MIMETYPE_GA_FOLDER = f'{APPLICATION_VND_GOOGLE_APPS}folder'
+MIMETYPE_GA_FORM = f'{APPLICATION_VND_GOOGLE_APPS}form'
+MIMETYPE_GA_FUSIONTABLE = f'{APPLICATION_VND_GOOGLE_APPS}fusiontable'
+MIMETYPE_GA_MAP = f'{APPLICATION_VND_GOOGLE_APPS}map'
+MIMETYPE_GA_PRESENTATION = f'{APPLICATION_VND_GOOGLE_APPS}presentation'
+MIMETYPE_GA_SCRIPT = f'{APPLICATION_VND_GOOGLE_APPS}script'
+MIMETYPE_GA_SITES = f'{APPLICATION_VND_GOOGLE_APPS}sites'
+MIMETYPE_GA_SPREADSHEET = f'{APPLICATION_VND_GOOGLE_APPS}spreadsheet'
+MIMETYPE_GA_SHORTCUT = f'{APPLICATION_VND_GOOGLE_APPS}shortcut'
+MIMETYPE_GA_3P_SHORTCUT = f'{APPLICATION_VND_GOOGLE_APPS}drive-sdk'
 
 MIMETYPE_CHOICES_MAP = {
     'gdoc': MIMETYPE_GA_DOCUMENT,
@@ -491,9 +583,12 @@ MIMETYPE_CHOICES_MAP = {
     'gfusion': MIMETYPE_GA_FUSIONTABLE,
     'gpresentation': MIMETYPE_GA_PRESENTATION,
     'gscript': MIMETYPE_GA_SCRIPT,
+    'gshortcut': MIMETYPE_GA_SHORTCUT,
+    'g3pshortcut': MIMETYPE_GA_3P_SHORTCUT,
     'gsite': MIMETYPE_GA_SITES,
     'gsheet': MIMETYPE_GA_SPREADSHEET,
     'gspreadsheet': MIMETYPE_GA_SPREADSHEET,
+    'shortcut': MIMETYPE_GA_SHORTCUT,
 }
 
 DFA_CONVERT = 'convert'
@@ -861,6 +956,7 @@ CROS_ARGUMENT_TO_PROPERTY_MAP = {
     'ethernetmacaddress0': ['ethernetMacAddress0',],
     'firmwareversion': ['firmwareVersion',],
     'lastenrollmenttime': ['lastEnrollmentTime',],
+    'lastknownnetwork': ['lastKnownNetwork'],
     'lastsync': ['lastSync',],
     'location': ['annotatedLocation',],
     'macaddress': ['macAddress',],
@@ -1054,6 +1150,8 @@ GM_CURRENT_API_SCOPES = 'scoc'
 # Values retrieved from oauth2service.json
 GM_OAUTH2SERVICE_JSON_DATA = 'oajd'
 GM_OAUTH2SERVICE_ACCOUNT_CLIENT_ID = 'oaci'
+# Full path to enabledasa.txt
+GM_ENABLEDASA_TXT = 'enda'
 # File containing time of last GAM update check
 GM_LAST_UPDATE_CHECK_TXT = 'lupc'
 # Dictionary mapping OrgUnit ID to Name
@@ -1093,8 +1191,9 @@ GM_Globals = {
     GM_CURRENT_API_SCOPES: [],
     GM_OAUTH2SERVICE_JSON_DATA: None,
     GM_OAUTH2SERVICE_ACCOUNT_CLIENT_ID: None,
+    GM_ENABLEDASA_TXT: '',
     GM_LAST_UPDATE_CHECK_TXT: '',
-    GM_MAP_ORGUNIT_ID_TO_NAME: None,
+    GM_MAP_ORGUNIT_ID_TO_NAME: {},
     GM_MAP_ROLE_ID_TO_NAME: None,
     GM_MAP_ROLE_NAME_TO_ID: None,
     GM_MAP_USER_ID_TO_NAME: None,
@@ -1126,6 +1225,8 @@ GC_CLIENT_SECRETS_JSON = 'client_secrets_json'
 GC_CONFIG_DIR = 'config_dir'
 # custmerId from gam.cfg or retrieved from Google
 GC_CUSTOMER_ID = 'customer_id'
+# Admin email address, required when enable_dasa is true, overrides oauth2.txt value otherwise
+GC_ADMIN_EMAIL = 'admin_email'
 # If debug_level > 0: extra_args[u'prettyPrint'] = True,
 # httplib2.debuglevel = gam_debug_level, appsObj.debug = True
 GC_DEBUG_LEVEL = 'debug_level'
@@ -1136,6 +1237,8 @@ GC_DECODED_ID_TOKEN = 'decoded_id_token'
 GC_DOMAIN = 'domain'
 # Google Drive download directory
 GC_DRIVE_DIR = 'drive_dir'
+# Enable Delegated Admin Service Accounts
+GC_ENABLE_DASA = 'enabledasa'
 # If no_browser is False, writeCSVfile won't open a browser when todrive is set
 # and doRequestOAuth prints a link and waits for the verification code when
 # oauth2.txt is being created
@@ -1168,6 +1271,8 @@ GC_CSV_HEADER_FILTER = 'csv_header_filter'
 GC_CSV_HEADER_DROP_FILTER = 'csv_header_drop_filter'
 # CSV Rows GAM should filter
 GC_CSV_ROW_FILTER = 'csv_row_filter'
+# CSV Rows GAM should filter/drop
+GC_CSV_ROW_DROP_FILTER = 'csv_row_drop_filter'
 # Minimum TLS Version required for HTTPS connections
 GC_TLS_MIN_VERSION = 'tls_min_ver'
 # Maximum TLS Version used for HTTPS connections
@@ -1177,6 +1282,7 @@ GC_CA_FILE = 'ca_file'
 
 TLS_MIN = 'TLSv1_2' if hasattr(ssl.SSLContext(), 'minimum_version') else None
 GC_Defaults = {
+    GC_ADMIN_EMAIL: '',
     GC_AUTO_BATCH_MIN: 0,
     GC_BATCH_SIZE: 50,
     GC_CACHE_DIR: '',
@@ -1189,6 +1295,7 @@ GC_Defaults = {
     GC_DECODED_ID_TOKEN: '',
     GC_DOMAIN: '',
     GC_DRIVE_DIR: '',
+    GC_ENABLE_DASA: False,
     GC_NO_BROWSER: False,
     GC_NO_CACHE: False,
     GC_NO_SHORT_URLS: False,
@@ -1204,6 +1311,7 @@ GC_Defaults = {
     GC_CSV_HEADER_FILTER: '',
     GC_CSV_HEADER_DROP_FILTER: '',
     GC_CSV_ROW_FILTER: '',
+    GC_CSV_ROW_DROP_FILTER: '',
     GC_TLS_MIN_VERSION: TLS_MIN,
     GC_TLS_MAX_VERSION: None,
     GC_CA_FILE: None,
@@ -1226,6 +1334,9 @@ GC_VAR_TYPE = 'type'
 GC_VAR_LIMITS = 'lmit'
 
 GC_VAR_INFO = {
+    GC_ADMIN_EMAIL: {
+        GC_VAR_TYPE: GC_TYPE_STRING
+    },
     GC_AUTO_BATCH_MIN: {
         GC_VAR_TYPE: GC_TYPE_INTEGER,
         GC_VAR_LIMITS: (0, None)
@@ -1265,6 +1376,9 @@ GC_VAR_INFO = {
     GC_DRIVE_DIR: {
         GC_VAR_TYPE: GC_TYPE_DIRECTORY
     },
+    GC_ENABLE_DASA: {
+        GC_VAR_TYPE: GC_TYPE_BOOLEAN
+    },
     GC_NO_BROWSER: {
         GC_VAR_TYPE: GC_TYPE_BOOLEAN
     },
@@ -1312,6 +1426,9 @@ GC_VAR_INFO = {
     GC_CSV_ROW_FILTER: {
         GC_VAR_TYPE: GC_TYPE_ROWFILTER
     },
+    GC_CSV_ROW_DROP_FILTER: {
+        GC_VAR_TYPE: GC_TYPE_ROWFILTER
+    },
     GC_TLS_MIN_VERSION: {
         GC_VAR_TYPE: GC_TYPE_STRING
     },
@@ -1325,6 +1442,7 @@ GC_VAR_INFO = {
 # Google API constants
 
 NEVER_TIME = '1970-01-01T00:00:00.000Z'
+NEVER_TIME_NOMS = '1970-01-01T00:00:00Z'
 ROLE_MANAGER = 'MANAGER'
 ROLE_MEMBER = 'MEMBER'
 ROLE_OWNER = 'OWNER'

src/project-apis.txt

@@ -1,12 +1,14 @@
 admin.googleapis.com
 alertcenter.googleapis.com
-appsactivity.googleapis.com
 calendar-json.googleapis.com
 chat.googleapis.com
+chromemanagement.googleapis.com
+chromepolicy.googleapis.com
 classroom.googleapis.com
 cloudidentity.googleapis.com
 contacts.googleapis.com
 drive.googleapis.com
+driveactivity.googleapis.com
 iap.googleapis.com
 gmail.googleapis.com
 groupssettings.googleapis.com

src/requirements.txt

@@ -1,10 +1,11 @@
 cryptography
 distro; sys_platform == 'linux'
 filelock
-google-api-python-client>=1.7.10
+google-api-python-client==2.0.2
 google-auth-httplib2
 google-auth-oauthlib>=0.4.1
 google-auth>=1.11.2
 httplib2>=0.17.0
-passlib>=1.7.2; sys_platform == 'win32'
+passlib>=1.7.2
 python-dateutil
+yubikey-manager>=4.0.0

src/travis/cfg_template.json

@@ -1,12 +0,0 @@
-{
-    "_class": "OAuth2Credentials",
-    "_module": "oauth2client.client",
-    "access_token": "",
-    "client_id": "118850122376-72t6r2666n5rbjlfebftqat5qjai2def.apps.googleusercontent.com",
-    "client_secret": "",
-    "invalid": false,
-    "refresh_token": "",
-    "token_expiry": "2010-04-17T15:18:45Z",
-    "token_uri": "https://accounts.google.com/o/oauth2/token",
-    "user_agent": ""
-}

src/travis/linux-install.sh

@@ -1,38 +0,0 @@
-cd src
-if [[ "$TRAVIS_JOB_NAME" == *"Testing" ]]; then
-  export gam="$python -m gam"
-  export gampath=$(readlink -e .)
-else
-  export gampath="dist/gam"
-  rm -rf $gampath
-  mkdir -p $gampath
-  export gampath=$(readlink -e $gampath)
-  $python -OO -m PyInstaller --clean --noupx --strip -F --distpath $gampath gam.spec
-  export gam="${gampath}/gam"
-  export GAMVERSION=`$gam version simple`
-  cp LICENSE $gampath
-  cp GamCommands.txt $gampath
-  this_glibc_ver=$(ldd --version | awk '/ldd/{print $NF}')
-  GAM_ARCHIVE=gam-$GAMVERSION-$GAMOS-$PLATFORM-glibc$this_glibc_ver.tar.xz
-  rm $gampath/lastupdatecheck.txt
-  # tar will cd to dist and tar up gam/
-  tar -C dist/ --create --file $GAM_ARCHIVE --xz gam
-  echo "PyInstaller GAM info:"
-  du -h $gam
-  time $gam version extended
-  if [ "${TRAVIS_DIST}" == "xenial" ] && [ "${PLATFORM}" == "x86_64" ]; then
-    GAM_LEGACY_ARCHIVE=gam-${GAMVERSION}-${GAMOS}-${PLATFORM}-legacy.tar.xz
-    $python -OO -m staticx -l /lib/x86_64-linux-gnu/libresolv.so.2 -l /lib/x86_64-linux-gnu/libnss_dns.so.2 $gam $gam-staticx
-    strip $gam-staticx
-    rm $gampath/gam
-    mv $gam-staticx $gam
-    chmod 755 $gam
-    rm $gampath/lastupdatecheck.txt
-    tar -C dist/ --create --file $GAM_LEGACY_ARCHIVE --xz gam
-    echo "Legacy StaticX GAM info:"
-    du -h $gam
-    time $gam version extended
-  fi
-  echo "GAM packages:"
-  ls -l gam-*.tar.xz
-fi

src/travis/osx-before-install.sh

@@ -1,111 +0,0 @@
-mypath=$HOME
-whereibelong=$(pwd)
-cpucount=$(sysctl -n hw.ncpu)
-echo "This device has $cpucount CPUs for compiling..."
-
-#echo "Brew installing xz..."
-#brew install xz > /dev/null
-
-#brew upgrade
-
-# prefer standard GNU tools like date over MacOS defaults
-export PATH="/usr/local/opt/coreutils/libexec/gnubin:$(brew --prefix)/opt/gnu-tar/libexec/gnubin:$PATH"
-
-cd ~
-
-#if [ ! -f python-$MIN_PYTHON_VERSION-macosx10.9.pkg ]; then
-#  wget --quiet https://www.python.org/ftp/python/$MIN_PYTHON_VERSION/python-$MIN_PYTHON_VERSION-macosx10.9.pkg
-#fi
-#sudo installer -pkg python-$MIN_PYTHON_VERSION-macosx10.9.pkg -target /
-
-#brew install openssl@1.1
-#brew upgrade python
-
-#export python=python3
-#export pip=pip3
-
-#echo "Python location:"
-#which $python
-
-cd ~
-
-export LD_LIBRARY_PATH=~/ssl/lib:~/python/lib
-export openssl=~/ssl/bin/openssl
-export python=~/python/bin/python3
-export pip=~/python/bin/pip3
-SSLVER=$($openssl version)
-SSLRESULT=$?
-PYVER=$($python -V)
-PYRESULT=$?
-if [ $SSLRESULT -ne 0 ] || [[ "$SSLVER" != "OpenSSL $BUILD_OPENSSL_VERSION "* ]] || [ $PYRESULT -ne 0 ] || [[ "$PYVER" != "Python $BUILD_PYTHON_VERSION"* ]]; then
-  echo "SSL Result: $SSLRESULT - SSL Ver: $SSLVER - Py Result: $PYRESULT - Py Ver: $PYVER"
-  if [ $SSLRESULT -ne 0 ]; then
-    echo "sslresult -ne 0"
-  fi
-  if [[ "$SSLVER" != "OpenSSL $BUILD_OPENSSL_VERSION "* ]]; then
-    echo "sslver not equal to..."
-  fi
-  if [ $PYRESULT -ne 0 ]; then
-    echo "pyresult -ne 0"
-  fi
-  if [[ "$PYVER" != "Python $BUILD_PYTHON_VERSION" ]]; then
-    echo "pyver not equal to..."
-  fi
-
-  # Start clean
-  rm -rf python
-  rm -rf ssl
-  mkdir python
-  mkdir ssl
-
-  # Compile latest OpenSSL
-  wget --quiet https://www.openssl.org/source/openssl-$BUILD_OPENSSL_VERSION.tar.gz
-  echo "Extracting OpenSSL..."
-  tar xf openssl-$BUILD_OPENSSL_VERSION.tar.gz
-  cd openssl-$BUILD_OPENSSL_VERSION
-  echo "Compiling OpenSSL $BUILD_OPENSSL_VERSION..."
-  ./config shared --prefix=$HOME/ssl
-  echo "Running make for OpenSSL..."
-  make -j$cpucount -s
-  echo "Running make install for OpenSSL..."
-  make install > /dev/null
-  cd ~
-
-  # Compile latest Python
-  echo "Downloading Python $BUILD_PYTHON_VERSION..."
-  curl -O https://www.python.org/ftp/python/$BUILD_PYTHON_VERSION/Python-$BUILD_PYTHON_VERSION.tar.xz
-  echo "Extracting Python..."
-  tar xf Python-$BUILD_PYTHON_VERSION.tar.xz
-  cd Python-$BUILD_PYTHON_VERSION
-  echo "Compiling Python $BUILD_PYTHON_VERSION..."
-  safe_flags="--with-openssl=$HOME/ssl --enable-shared --prefix=$HOME/python --with-ensurepip=upgrade"
-  unsafe_flags="--enable-optimizations --with-lto"
-  if [ ! -e Makefile ]; then
-    echo "running configure with safe and unsafe"
-    ./configure $safe_flags $unsafe_flags > /dev/null
-  fi
-  make -j$cpucount PROFILE_TASK="-m test.regrtest --pgo -j$(( $cpucount * 2 ))" -s
-  RESULT=$?
-  echo "First make exited with $RESULT"
-  if [ $RESULT != 0 ]; then
-    echo "Trying Python compile again without unsafe flags..."
-    make clean
-    ./configure $safe_flags > /dev/null
-    make -j$cpucount -s
-    echo "Sticking with safe Python for now..."
-  fi
-  echo "Installing Python..."
-  make install > /dev/null
-  cd ~
-fi
-
-$python -V
-
-cd $whereibelong
-
-#export PATH=/usr/local/opt/python/libexec/bin:$PATH
-$pip install --upgrade pip
-$pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 $pip install -U
-$pip install --upgrade -r src/requirements.txt
-$pip install --upgrade git+git://github.com/pyinstaller/pyinstaller.git@$PYINSTALLER_COMMIT
- 

src/travis/svars-write.py

@@ -1,12 +0,0 @@
-import sys
-import json
-import os
-
-cfg = json.load(sys.stdin)
-cfg['client_secret'] = os.getenv('client_secret')
-jid = os.getenv('jid')
-cfg['refresh_token'] = os.getenv('refresh_%s' % jid)
-gampath = os.getenv('gampath')
-out_file = os.path.join(gampath, 'oauth2.txt')
-with open(out_file, 'w') as f:
-    json.dump(cfg, f)

src/travis/windows-before-install.sh

@@ -1,82 +0,0 @@
-if [[ "$PLATFORM" == "x86_64" ]]; then
-  export BITS="64"
-  export PYTHONFILE_BITS="-amd64"
-  export OPENSSL_BITS="-x64"
-  export WIX_BITS="x64"
-elif [[ "$PLATFORM" == "x86" ]]; then
-  export BITS="32"
-  export PYTHONFILE_BITS=""
-  export OPENSSL_BITS=""
-  export WIX_BITS="x86"
-fi
-echo "This is a ${BITS}-bit build for ${PLATFORM}"
-
-export mypath=$(pwd)
-cd ~
-
-# .NET Core
-echo "Installing Net-Framework-Core..."
-until powershell Install-WindowsFeature Net-Framework-Core; do echo "trying .net again..."; done
-
-# VS 2015
-echo "Installing Visual Studio 2015.."
-until choco install vcbuildtools; do echo "Trying Visual Studio again..."; done
-
-# Python
-echo "Installing Python..."
-export python_file=python-${BUILD_PYTHON_VERSION}${PYTHONFILE_BITS}.exe
-if [ ! -e $python_file ]; then
-  echo "Downloading $python_file..."
-  wget --quiet https://www.python.org/ftp/python/$BUILD_PYTHON_VERSION/$python_file
-fi
-until powershell ".\\${python_file} /quiet InstallAllUsers=1 TargetDir=c:\\python"; do echo "trying python again..."; done
-export python=/c/python/python.exe
-export pip=/c/python/scripts/pip.exe
-until [ -f $python ]; do sleep 1; done
-export PATH=$PATH:/c/python/scripts
-
-# OpenSSL
-echo "Installing OpenSSL..."
-export exefile=Win${BITS}OpenSSL_Light-${BUILD_OPENSSL_VERSION//./_}.exe
-if [ ! -e $exefile ]; then
-  echo "Downloading $exefile..."
-  wget --quiet https://slproweb.com/download/$exefile
-fi
-until powershell ".\\${exefile} /silent /sp- /suppressmsgboxes /DIR=C:\\ssl"; do echo "trying openssl again..."; done
-until cp -v /c/ssl/libcrypto-1_1${OPENSSL_BITS}.dll /c/python/DLLs/; do echo "trying libcrypto copy again..."; sleep 3; done
-until cp -v /c/ssl/libssl-1_1${OPENSSL_BITS}.dll /c/python/DLLs/; do echo "trying libssl copy again..."; done
-if [[ "$PLATFORM" == "x86_64" ]]; then
-  cp -v /c/python/DLLs/libssl-1_1-x64.dll /c/python/DLLs/libssl-1_1.dll
-  cp -v /c/python/DLLs/libcrypto-1_1-x64.dll /c/python/DLLs/libcrypto-1_1.dll
-fi
-
-# WIX Toolset
-until cinst -y wixtoolset; do echo "trying wix install again..."; done
-
-cd $mypath
-
-$pip install --upgrade pip
-$pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 $pip install -U
-$pip install --upgrade -r src/requirements.txt
-#$pip install --upgrade pyinstaller
-# Install PyInstaller from source and build bootloader
-# to try and avoid getting flagged as malware since
-# lots of malware uses PyInstaller default bootloader
-# https://stackoverflow.com/questions/53584395/how-to-recompile-the-bootloader-of-pyinstaller
-echo "Downloading PyInstaller..."
-wget --quiet https://github.com/pyinstaller/pyinstaller/archive/$PYINSTALLER_COMMIT.tar.gz
-tar xf $PYINSTALLER_COMMIT.tar.gz
-mv pyinstaller-$PYINSTALLER_COMMIT pyinstaller
-cd pyinstaller/bootloader
-echo "bootloader before:"
-md5sum ../PyInstaller/bootloader/Windows-${BITS}bit/*
-
-$python ./waf all --target-arch=${BITS}bit --msvc_version "msvc 14.0"
-
-echo "bootloader after:"
-md5sum ../PyInstaller/bootloader/Windows-${BITS}bit/*
-echo "PATH: $PATH"
-cd ..
-$python setup.py install
-echo "cd to $mypath"
-cd $mypath

src/versionhistory-v1.json

@@ -0,0 +1,486 @@
+{
+  "revision": "20210322",
+  "name": "versionhistory",
+  "mtlsRootUrl": "https://versionhistory.mtls.googleapis.com/",
+  "version_module": true,
+  "basePath": "",
+  "title": "Version History API",
+  "kind": "discovery#restDescription",
+  "servicePath": "",
+  "ownerDomain": "google.com",
+  "parameters": {
+    "access_token": {
+      "location": "query",
+      "description": "OAuth access token.",
+      "type": "string"
+    },
+    "alt": {
+      "default": "json",
+      "location": "query",
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "type": "string",
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "description": "Data format for response."
+    },
+    "quotaUser": {
+      "type": "string",
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "location": "query"
+    },
+    "$.xgafv": {
+      "location": "query",
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "enum": [
+        "1",
+        "2"
+      ],
+      "description": "V1 error format.",
+      "type": "string"
+    },
+    "fields": {
+      "type": "string",
+      "description": "Selector specifying which fields to include in a partial response.",
+      "location": "query"
+    },
+    "key": {
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "location": "query",
+      "type": "string"
+    },
+    "callback": {
+      "location": "query",
+      "description": "JSONP",
+      "type": "string"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "location": "query",
+      "type": "string"
+    },
+    "upload_protocol": {
+      "location": "query",
+      "type": "string",
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\")."
+    },
+    "prettyPrint": {
+      "description": "Returns response with indentations and line breaks.",
+      "default": "true",
+      "location": "query",
+      "type": "boolean"
+    },
+    "uploadType": {
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "type": "string",
+      "location": "query"
+    }
+  },
+  "ownerName": "Google",
+  "protocol": "rest",
+  "resources": {
+    "platforms": {
+      "methods": {
+        "list": {
+          "httpMethod": "GET",
+          "parameterOrder": [
+            "parent"
+          ],
+          "response": {
+            "$ref": "ListPlatformsResponse"
+          },
+          "path": "v1/{+parent}/platforms",
+          "description": "Returns list of platforms that are avaialble for a given product. The resource \"product\" has no resource name in its name.",
+          "flatPath": "v1/{v1Id}/platforms",
+          "id": "versionhistory.platforms.list",
+          "parameters": {
+            "parent": {
+              "location": "path",
+              "pattern": "^[^/]+$",
+              "type": "string",
+              "required": true,
+              "description": "Required. The product, which owns this collection of platforms. Format: {product}"
+            },
+            "pageSize": {
+              "format": "int32",
+              "description": "Optional. Optional limit on the number of channels to include in the response. If unspecified, the server will pick an appropriate default.",
+              "type": "integer",
+              "location": "query"
+            },
+            "pageToken": {
+              "location": "query",
+              "description": "Optional. A page token, received from a previous `ListChannels` call. Provide this to retrieve the subsequent page.",
+              "type": "string"
+            }
+          }
+        }
+      },
+      "resources": {
+        "channels": {
+          "resources": {
+            "versions": {
+              "resources": {
+                "releases": {
+                  "methods": {
+                    "list": {
+                      "id": "versionhistory.platforms.channels.versions.releases.list",
+                      "path": "v1/{+parent}/releases",
+                      "httpMethod": "GET",
+                      "parameterOrder": [
+                        "parent"
+                      ],
+                      "response": {
+                        "$ref": "ListReleasesResponse"
+                      },
+                      "flatPath": "v1/{v1Id}/platforms/{platformsId}/channels/{channelsId}/versions/{versionsId}/releases",
+                      "parameters": {
+                        "parent": {
+                          "type": "string",
+                          "required": true,
+                          "description": "Required. The version, which owns this collection of releases. Format: {product}/platforms/{platform}/channels/{channel}/versions/{version}",
+                          "pattern": "^[^/]+/platforms/[^/]+/channels/[^/]+/versions/[^/]+$",
+                          "location": "path"
+                        },
+                        "filter": {
+                          "type": "string",
+                          "location": "query",
+                          "description": "Optional. Filter string. Format is a comma separated list of All comma separated filter clauses are conjoined with a logical \"and\". Valid field_names are \"version\", \"name\", \"platform\", \"channel\", \"fraction\" \"starttime\", and \"endtime\". Valid operators are \"\u003c\", \"\u003c=\", \"=\", \"\u003e=\", and \"\u003e\". Channel comparison is done by distance from stable. must be a valid channel when filtering by channel. Ex) stable \u003c beta, beta \u003c dev, canary \u003c canary_asan. Version comparison is done numerically. Ex) 1.0.0.8 \u003c 1.0.0.10. If version is not entirely written, the version will be appended with 0 for the missing fields. Ex) version \u003e 80 becoms version \u003e 80.0.0.0 When filtering by starttime or endtime, string must be in RFC 3339 date string format. Name and platform are filtered by string comparison. Ex) \"...?filter=channel\u003c=beta, version \u003e= 80 Ex) \"...?filter=version \u003e 80, version \u003c 81 Ex) \"...?filter=starttime\u003e2020-01-01T00:00:00Z"
+                        },
+                        "orderBy": {
+                          "location": "query",
+                          "description": "Optional. Ordering string. Valid order_by strings are \"version\", \"name\", \"starttime\", \"endtime\", \"platform\", \"channel\", and \"fraction\". Optionally, you can append \"desc\" or \"asc\" to specify the sorting order. Multiple order_by strings can be used in a comma separated list. Ordering by channel will sort by distance from the stable channel (not alphabetically). A list of channels sorted in this order is: stable, beta, dev, canary, and canary_asan. Sorting by name may cause unexpected behaviour as it is a naive string sort. For example, 1.0.0.8 will be before 1.0.0.10 in descending order. If order_by is not specified the response will be sorted by starttime in descending order. Ex) \"...?order_by=starttime asc\" Ex) \"...?order_by=platform desc, channel, startime desc\"",
+                          "type": "string"
+                        },
+                        "pageSize": {
+                          "location": "query",
+                          "format": "int32",
+                          "description": "Optional. Optional limit on the number of releases to include in the response. If unspecified, the server will pick an appropriate default.",
+                          "type": "integer"
+                        },
+                        "pageToken": {
+                          "description": "Optional. A page token, received from a previous `ListReleases` call. Provide this to retrieve the subsequent page.",
+                          "location": "query",
+                          "type": "string"
+                        }
+                      },
+                      "description": "Returns list of releases of the given version."
+                    }
+                  }
+                }
+              },
+              "methods": {
+                "list": {
+                  "response": {
+                    "$ref": "ListVersionsResponse"
+                  },
+                  "path": "v1/{+parent}/versions",
+                  "parameters": {
+                    "pageSize": {
+                      "location": "query",
+                      "format": "int32",
+                      "description": "Optional. Optional limit on the number of versions to include in the response. If unspecified, the server will pick an appropriate default.",
+                      "type": "integer"
+                    },
+                    "pageToken": {
+                      "description": "Optional. A page token, received from a previous `ListVersions` call. Provide this to retrieve the subsequent page.",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "parent": {
+                      "required": true,
+                      "location": "path",
+                      "description": "Required. The channel, which owns this collection of versions. Format: {product}/platforms/{platform}/channels/{channel}",
+                      "pattern": "^[^/]+/platforms/[^/]+/channels/[^/]+$",
+                      "type": "string"
+                    },
+                    "orderBy": {
+                      "type": "string",
+                      "location": "query",
+                      "description": "Optional. Ordering string. Valid order_by strings are \"version\", \"name\", \"platform\", and \"channel\". Optionally, you can append \" desc\" or \" asc\" to specify the sorting order. Multiple order_by strings can be used in a comma separated list. Ordering by channel will sort by distance from the stable channel (not alphabetically). A list of channels sorted in this order is: stable, beta, dev, canary, and canary_asan. Sorting by name may cause unexpected behaviour as it is a naive string sort. For example, 1.0.0.8 will be before 1.0.0.10 in descending order. If order_by is not specified the response will be sorted by version in descending order. Ex) \"...?order_by=version asc\" Ex) \"...?order_by=platform desc, channel, version\""
+                    },
+                    "filter": {
+                      "description": "Optional. Filter string. Format is a comma separated list of All comma separated filter clauses are conjoined with a logical \"and\". Valid field_names are \"version\", \"name\", \"platform\", and \"channel\". Valid operators are \"\u003c\", \"\u003c=\", \"=\", \"\u003e=\", and \"\u003e\". Channel comparison is done by distance from stable. Ex) stable \u003c beta, beta \u003c dev, canary \u003c canary_asan. Version comparison is done numerically. If version is not entirely written, the version will be appended with 0 in missing fields. Ex) version \u003e 80 becoms version \u003e 80.0.0.0 Name and platform are filtered by string comparison. Ex) \"...?filter=channel\u003c=beta, version \u003e= 80 Ex) \"...?filter=version \u003e 80, version \u003c 81",
+                      "location": "query",
+                      "type": "string"
+                    }
+                  },
+                  "id": "versionhistory.platforms.channels.versions.list",
+                  "parameterOrder": [
+                    "parent"
+                  ],
+                  "description": "Returns list of version for the given platform/channel.",
+                  "flatPath": "v1/{v1Id}/platforms/{platformsId}/channels/{channelsId}/versions",
+                  "httpMethod": "GET"
+                }
+              }
+            }
+          },
+          "methods": {
+            "list": {
+              "response": {
+                "$ref": "ListChannelsResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "pageToken": {
+                  "type": "string",
+                  "location": "query",
+                  "description": "Optional. A page token, received from a previous `ListChannels` call. Provide this to retrieve the subsequent page."
+                },
+                "parent": {
+                  "location": "path",
+                  "type": "string",
+                  "required": true,
+                  "pattern": "^[^/]+/platforms/[^/]+$",
+                  "description": "Required. The platform, which owns this collection of channels. Format: {product}/platforms/{platform}"
+                },
+                "pageSize": {
+                  "format": "int32",
+                  "type": "integer",
+                  "description": "Optional. Optional limit on the number of channels to include in the response. If unspecified, the server will pick an appropriate default.",
+                  "location": "query"
+                }
+              },
+              "path": "v1/{+parent}/channels",
+              "httpMethod": "GET",
+              "flatPath": "v1/{v1Id}/platforms/{platformsId}/channels",
+              "id": "versionhistory.platforms.channels.list",
+              "description": "Returns list of channels that are available for a given platform."
+            }
+          }
+        }
+      }
+    }
+  },
+  "description": "Version History API - Prod",
+  "discoveryVersion": "v1",
+  "schemas": {
+    "Channel": {
+      "id": "Channel",
+      "type": "object",
+      "description": "Each Channel is owned by a Platform and owns a collection of versions. Possible Channels are listed in the Channel enum below. Not all Channels are available for every Platform (e.g. CANARY does not exist for LINUX).",
+      "properties": {
+        "name": {
+          "description": "Channel name. Format is \"{product}/platforms/{platform}/channels/{channel}\"",
+          "type": "string"
+        },
+        "channelType": {
+          "description": "Type of channel.",
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string",
+          "enum": [
+            "CHANNEL_TYPE_UNSPECIFIED",
+            "STABLE",
+            "BETA",
+            "DEV",
+            "CANARY",
+            "CANARY_ASAN",
+            "ALL",
+            "EXTENDED"
+          ]
+        }
+      }
+    },
+    "Interval": {
+      "description": "Represents a time interval, encoded as a Timestamp start (inclusive) and a Timestamp end (exclusive). The start must be less than or equal to the end. When the start equals the end, the interval is empty (matches no time). When both start and end are unspecified, the interval matches any time.",
+      "type": "object",
+      "id": "Interval",
+      "properties": {
+        "endTime": {
+          "type": "string",
+          "format": "google-datetime",
+          "description": "Optional. Exclusive end of the interval. If specified, a Timestamp matching this interval will have to be before the end."
+        },
+        "startTime": {
+          "format": "google-datetime",
+          "type": "string",
+          "description": "Optional. Inclusive start of the interval. If specified, a Timestamp matching this interval will have to be the same or after the start."
+        }
+      }
+    },
+    "ListVersionsResponse": {
+      "description": "Response message for ListVersions.",
+      "type": "object",
+      "properties": {
+        "versions": {
+          "type": "array",
+          "description": "The list of versions.",
+          "items": {
+            "$ref": "Version"
+          }
+        },
+        "nextPageToken": {
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+          "type": "string"
+        }
+      },
+      "id": "ListVersionsResponse"
+    },
+    "ListChannelsResponse": {
+      "description": "Response message for ListChannels.",
+      "id": "ListChannelsResponse",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+          "type": "string"
+        },
+        "channels": {
+          "description": "The list of channels.",
+          "type": "array",
+          "items": {
+            "$ref": "Channel"
+          }
+        }
+      }
+    },
+    "Platform": {
+      "properties": {
+        "platformType": {
+          "enum": [
+            "PLATFORM_TYPE_UNSPECIFIED",
+            "WIN",
+            "WIN64",
+            "MAC",
+            "LINUX",
+            "ANDROID",
+            "WEBVIEW",
+            "IOS",
+            "ALL",
+            "MAC_ARM64",
+            "LACROS"
+          ],
+          "description": "Type of platform.",
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "name": {
+          "description": "Platform name. Format is \"{product}/platforms/{platform}\"",
+          "type": "string"
+        }
+      },
+      "id": "Platform",
+      "type": "object",
+      "description": "Each Platform is owned by a Product and owns a collection of channels. Available platforms are listed in Platform enum below. Not all Channels are available for every Platform (e.g. CANARY does not exist for LINUX)."
+    },
+    "Version": {
+      "properties": {
+        "version": {
+          "description": "String containing just the version number. e.g. \"84.0.4147.38\"",
+          "type": "string"
+        },
+        "name": {
+          "description": "Version name. Format is \"{product}/platforms/{platform}/channels/{channel}/versions/{version}\" e.g. \"chrome/platforms/win/channels/beta/versions/84.0.4147.38\"",
+          "type": "string"
+        }
+      },
+      "id": "Version",
+      "type": "object",
+      "description": "Each Version is owned by a Channel. A Version only displays the Version number (e.g. 84.0.4147.38). A Version owns a collection of releases."
+    },
+    "ListPlatformsResponse": {
+      "description": "Response message for ListPlatforms.",
+      "id": "ListPlatformsResponse",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "type": "string",
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages."
+        },
+        "platforms": {
+          "type": "array",
+          "items": {
+            "$ref": "Platform"
+          },
+          "description": "The list of platforms."
+        }
+      }
+    },
+    "ListReleasesResponse": {
+      "type": "object",
+      "id": "ListReleasesResponse",
+      "description": "Response message for ListReleases.",
+      "properties": {
+        "nextPageToken": {
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+          "type": "string"
+        },
+        "releases": {
+          "description": "The list of releases.",
+          "items": {
+            "$ref": "Release"
+          },
+          "type": "array"
+        }
+      }
+    },
+    "Release": {
+      "properties": {
+        "fraction": {
+          "format": "double",
+          "type": "number",
+          "description": "Rollout fraction. This fraction indicates the fraction of people that should receive this version in this release. If the fraction is not specified in ReleaseManager, the API will assume fraction is 1."
+        },
+        "version": {
+          "type": "string",
+          "description": "String containing just the version number. e.g. \"84.0.4147.38\""
+        },
+        "name": {
+          "type": "string",
+          "description": "Release name. Format is \"{product}/platforms/{platform}/channels/{channel}/versions/{version}/releases/{release}\""
+        },
+        "serving": {
+          "description": "Timestamp interval of when the release was live. If end_time is unspecified, the release is currently live.",
+          "$ref": "Interval"
+        }
+      },
+      "type": "object",
+      "description": "A Release is owned by a Version. A Release contains information about the release(s) of its parent version. This includes when the release began and ended, as well as what percentage it was released at. If the version is released again, or if the serving percentage changes, it will create another release under the version.",
+      "id": "Release"
+    }
+  },
+  "fullyEncodeReservedExpansion": true,
+  "documentationLink": "https://developers.chrome.com/",
+  "icons": {
+    "x16": "http://www.google.com/images/icons/product/search-16.gif",
+    "x32": "http://www.google.com/images/icons/product/search-32.gif"
+  },
+  "baseUrl": "https://versionhistory.googleapis.com/",
+  "batchPath": "batch",
+  "version": "v1",
+  "canonicalName": "Version History",
+  "id": "versionhistory:v1",
+  "rootUrl": "https://versionhistory.googleapis.com/"
+}