Updated various chat space commands to handle service not available

Fixed bug in `gam calendars <CalendarEntity> print events matchfield
Added error message to gam report commands to indicate forbidden access
2026-06-04 06:11:39 +00:00 · 2025-03-18 09:26:35 -07:00 · 2025-03-17 13:12:13 -07:00 · 2025-03-05 10:49:23 -08:00 · 2025-03-03 17:42:42 -08:00 · 2025-03-04 01:05:59 +00:00
31 changed files with 4460 additions and 20246 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,6 +5,7 @@ on:
  pull_request:
  schedule:
    - cron: '37 22 * * *'
+  workflow_dispatch:

 permissions:
  contents: read
@@ -17,7 +18,7 @@ defaults:
    working-directory: src

 env:
-  SCRATCH_COUNTER: 3
+  SCRATCH_COUNTER: 11
  OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
  OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
  OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
@@ -41,48 +42,57 @@ jobs:
            goal: build
            arch: x86_64
            openssl_archs: linux-x86_64
-          - os: [self-hosted, linux, arm64]
+          - os: ubuntu-24.04-arm
            jid: 3
            goal: build
            arch: aarch64
            openssl_archs: linux-aarch64
-          - os: ubuntu-22.04
+          - os: ubuntu-22.04-arm
            jid: 4
            goal: build
+            arch: aarch64
+            openssl_archs: linux-aarch64
+          - os: ubuntu-22.04
+            jid: 5
+            goal: build
            arch: x86_64
            openssl_archs: linux-x86_64
            staticx: yes
-          - os: [self-hosted, linux, arm64]
-            jid: 5
+          - os: ubuntu-22.04-arm
+            jid: 6
            goal: build
            arch: aarch64
            openssl_archs: linux-aarch64
            staticx: yes
          - os: macos-13
-            jid: 6
+            jid: 7
            goal: build
            arch: x86_64
            openssl_archs: darwin64-x86_64
          - os: macos-14
-            jid: 7
-            goal: build
-            arch: aarch64
-            openssl_archs: darwin64-arm64
-          - os: macos-15
            jid: 8
            goal: build
            arch: aarch64
            openssl_archs: darwin64-arm64
-          - os: windows-2022
+          - os: macos-15
            jid: 9
            goal: build
+            arch: aarch64
+            openssl_archs: darwin64-arm64
+          - os: windows-2022
+            jid: 10
+            goal: build
            arch: Win64
            openssl_archs: VC-WIN64A
-          - os: ubuntu-24.04
-            goal: test
-            python: "3.9"
-            jid: 10
-            arch: x86_64
+          # disable 3.9 test for now since it's oldest and due
+          # for removal in Oct 2025. We only have 13 jid accounts
+          # so we need this one off but can re-enable at some point
+          # if we feel the need.
+          #- os: ubuntu-24.04
+          #  goal: test
+          #  python: "3.9"
+          #  jid: 11
+          #  arch: x86_64
          - os: ubuntu-24.04
            goal: test
            python: "3.10"
@@ -120,7 +130,7 @@ jobs:
        with:
          path: |
            cache.tar.xz
-          key: gam-${{ matrix.jid }}-20241114
+          key: gam-${{ matrix.jid }}-20250204

      - name: Untar Cache archive
        if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -187,7 +197,7 @@ jobs:
          echo "gampath=${gampath}" >> $GITHUB_ENV

      - name: Install necessary Github-hosted Linux packages
-        if: runner.os == 'Linux' && runner.arch == 'X64'
+        if: runner.os == 'Linux'
        run: |
          echo "RUNNING: apt update..."
          sudo apt-get -qq --yes update
@@ -548,7 +558,6 @@ jobs:
            # https://github.com/pyinstaller/pyinstaller/issues/7102
            export PATH="$(dirname ${PYTHON}):/usr/bin"
          fi
-          #if ([ "${staticx}" != "yes" ] && [ "$RUNNER_OS" != "Windows" ]); then
          if [[ "$staticx" != "yes" ]]; then
            export PYINSTALLER_BUILD_ONEDIR=yes
          fi
@@ -594,6 +603,9 @@ jobs:
      - name: Install StaticX
        if: matrix.staticx == 'yes'
        run: |
+          sudo apt-get -qq --yes update
+          # arm64 needs to build a wheel and needs scons to build
+          sudo apt-get -qq --yes install scons
          "${PYTHON}" -m pip install --upgrade patchelf-wrapper
          "${PYTHON}" -m pip install --upgrade staticx

@@ -745,7 +757,7 @@ jobs:

      - name: Attest that gam package files were generated from this Action
        uses: actions/attest-build-provenance@v1
-        if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal == 'build'
+        if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.goal == 'build'
        with:
          subject-path: |
            gam*.tar.xz
@@ -754,7 +766,7 @@ jobs:

      - name: Archive production artifacts
        uses: actions/upload-artifact@v4
-        if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal != 'test'
+        if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.goal != 'test'
        with:
          name: gam-binaries-${{ env.GAMOS }}-${{ env.arch }}-${{ matrix.jid }}
          path: |
@@ -782,8 +794,8 @@ jobs:
          fi
          echo "We successfully compiled Python ${this_python} and OpenSSL ${this_openssl}"

-      - name: Live API tests push only
-        if: (github.event_name == 'push' || github.event_name == 'schedule')
+      - name: Live API tests
+        if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
        run: |
          export gam_user="gam-gha-${JID}@pdl.jaylee.us"
          echo "gam_user=${gam_user}" >> $GITHUB_ENV
@@ -812,6 +824,7 @@ jobs:
          $gam config csv_output_row_filter "name:regex:gha_test_${JID}_" print vaultholds || if [ $? != 55 ]; then exit $?; fi | $gam csv - gam delete vaulthold "id:~~holdId~~" matter "id:~~matterId~~"
          $gam config csv_output_row_filter "name:regex:gha_test_${HID}_" print vaultmatters matterstate OPEN | $gam csv - gam update vaultmatter "id:~~matterId~~" action close
          $gam config csv_output_row_filter "name:regex:gha_test_${HID}_" print vaultmatters matterstate CLOSED | $gam csv - gam update vaultmatter "id:~~matterId~~" action delete
+          $gam config csv_output_row_filter "Emails.1.address:regex:^gha_test-${JID}_" print contacts | $gam csv - gam delete contact ~ContactID
          $gam config enable_dasa true save
          $gam config csv_output_row_filter "name:regex:gha_test_${JID}_" print features | $gam csv - gam delete feature ~name
          $gam config csv_output_row_filter "name:regex:^gha_test_${JID}_" user $gam_user print shareddrives asadmin | $gam csv - gam user $gam_user delete shareddrive ~id nukefromorbit
@@ -820,7 +833,6 @@ jobs:
          $gam config csv_output_row_filter "email:regex:^gha_test_${JID}_" print cigroups | $gam csv - gam delete cigroup ~email
          $gam config csv_output_row_filter "resourceId:regex:^gha_test_${JID}_" print resources | $gam csv - gam delete resource ~resourceId
          $gam config csv_output_row_filter "buildingId:regex:^gha_test_${JID}_" print buildings | $gam csv - gam delete building ~buildingId
-          $gam config csv_output_row_filter "Emails.1.address:regex:^gha_test-${JID}_" print contacts | $gam csv - gam delete contact ~ContactID

          echo "Creating OrgUnit ${newou}"
          $gam create ou "${newou}"
@@ -862,6 +874,8 @@ jobs:
          $gam csv sample.csv gam update user ~~email~~ recoveryphone "" recoveryemail ""
          $gam config enable_dasa false save
          $gam csv sample.csv gam user ~email add license workspaceenterpriseplus
+          #$gam user $newuser add contactdelegate "${newbase}-bulkuser-1"
+          #$gam user $newuser print contactdelegates
          $gam config enable_dasa true save
          $gam csv sample.csv gam user $gam_user sendemail recipient ~~email~~@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
          $gam csv sample.csv gam update group $newgroup add member ~email
@@ -872,8 +886,6 @@ jobs:
          $gam user $newuser imap on
          $gam user $newuser show imap
          $gam user $newuser show delegates
-          #$gam user $newuser add contactdelegate "${newbase}-bulkuser-1"
-          #$gam user $newuser print contactdelegates
          export biohazard=$(echo -e '\xe2\x98\xa3')
          $gam user $newuser label "$biohazard unicode biohazard $biohazard"
          $gam user $newuser show labels
@@ -905,7 +917,7 @@ jobs:
          $gam calendar $gam_user addevent summary "GHA test event" start +1h end +2h attendee $newgroup hangoutsmeet guestscanmodify true sendupdates all
          $gam calendar $gam_user printevents after -0d
          $gam config enable_dasa false save
-          matterid=uid:$($gam create vaultmatter name "GHA matter $newbase" description "test matter" collaborators $newuser returnidonly)
+          matterid=uid:$($gam create vaultmatter name "GHA matter $newbase" description "test matter" returnidonly)
          $gam create vaulthold matter $matterid name "GHA hold $newbase" corpus mail accounts $newuser
          $gam print vaultmatters matterstate open
          $gam print vaultholds matter $matterid
@@ -939,9 +951,9 @@ jobs:
          $gam user $newuser show holds || if [ $? != 55 ]; then exit $?; fi # expect a 55 return code
          export sn="$JID$JID$JID$JID-$(openssl rand -base64 32 | sed 's/[^a-zA-Z0-9]//g')"
          $gam create device serialnumber $sn devicetype android
+          $gam delete contacts emailmatchpattern "^${newbase}@example.com$"
          $gam config enable_dasa true save
          $gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail  || if [ $? != 50 ]; then exit $?; fi # expect a 50 return code (vault hold on user)
-          $gam delete contacts emailmatchpattern "^${newbase}@example.com$"
          $gam print mobile
          $gam print devices
          $gam print browsers
@@ -993,8 +1005,8 @@ jobs:
          tar cJvvf cache.tar.xz $tar_folders

  merge:
-    if: (github.event_name == 'push' || github.event_name == 'schedule')
-    runs-on: ubuntu-latest
+    if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
+    runs-on: ubuntu-24.04
    needs: build
    permissions:
      contents: write
@@ -1007,8 +1019,8 @@ jobs:
          pattern: gam-binaries-*

  publish:
-    if: github.event_name == 'push'
-    runs-on: ubuntu-latest
+    if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
+    runs-on: ubuntu-24.04
    needs: merge
    permissions:
      contents: write
--- a/.github/workflows/get-cacerts.yml
+++ b/.github/workflows/get-cacerts.yml
@@ -20,8 +20,24 @@ jobs:
          persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
          fetch-depth: 0 # otherwise, you will failed to push refs to dest repo

-      - name: Check for updates
-        run: curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem
+      - name: Get Current cacerts.pem hash
+        run: |
+          export CURRENT_HASH=$(sha256sum ./cacerts.pem)
+          echo "Current hash is: ${CURRENT_HASH}"
+          echo "CURRENT_HASH=${CURRENT_HASH}" >> $GITHUB_ENV
+
+      - name: Get latest cacerts.pem file from Google
+        run: |
+          curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem
+
+      - name: Compare hashes
+        run: |
+          export NEW_HASH=$(sha256sum ./cacerts.pem)
+          if [ "$NEW_HASH" == "$CURRENT_HASH" ]; then
+            echo "Same file."
+          else
+            echo "New file content. Was ${CURRENT_HASH} and now is ${NEW_HASH}"
+          fi

      - name: Commit file
        run: |
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -0,0 +1,33 @@
+name: build and publish releases to PyPi
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+  workflow_dispatch:
+
+jobs:
+  pypi:
+    name: Upload release to PyPI
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/gam7
+    permissions:
+      id-token: write
+    steps:
+
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Install required packages to publish
+        run: |
+          python3 -m pip install --upgrade build
+
+      - name: Build packages
+        run: |
+          python -m build
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -0,0 +1,63 @@
+[project]
+name = "gam7"
+dynamic = [
+    "version",
+]
+authors = [
+    { name="Jay Lee", email="jay0lee@gmail.com" },
+    { name="Ross Scroggs", email="Ross.Scroggs@gmail.com" },
+]
+dependencies = [
+    "chardet",
+    "cryptography",
+    "distro; sys_platform=='linux'",
+    "filelock",
+    "google-api-python-client>=2.1",
+    "google-auth-httplib2",
+    "google-auth-oauthlib>=0.4.1",
+    "google-auth>=2.3.2",
+    "httplib2>=0.17.0",
+    "lxml",
+    "passlib>=1.7.2",
+    "pathvalidate",
+    "python-dateutil",
+]
+description = "CLI tool to manage Google Workspace"
+readme = "README.md"
+requires-python = ">=3.9"
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3 :: Only",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Operating System :: OS Independent",
+]
+license = {text = "Apache License (2.0)"}
+license-files = ["LICEN[CS]E*"]
+
+[project.optional-dependencies]
+yubikey = ["yubikey-manager>=5.0"]
+
+[project.scripts]
+gam = "gam.__main__:main"
+
+[project.urls]
+Homepage = "https://github.com/GAM-team/GAM"
+Issues = "https://github.com/GAM-team/GAM/issues"
+Discussion = "https://groups.google.com/group/google-apps-manager"
+Chat = "https://git.io/gam-chat"
+
+[tool.hatch.version]
+path = "src/gam/__init__.py"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/gam"]
+
+[build-system]
+requires = [
+    "hatchling",
+]
+build-backend = "hatchling.build"
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -377,7 +377,7 @@ If an item contains spaces, it should be surrounded by ".
 <ChatThread> ::= spaces/<String>/threads/<String>
 <GIGroupAlias> ::= <EmailAddress>
 <GIGroupItem> ::= <EmailAddress>|<UniqueID>|groups/<String>
-<CIGroupType> ::= customer|group|other|serviceaccount|user
+<CIGroupMemberType> ::= cbcmbrowser|chromeosdevice|customer|group|other|serviceaccount|user
 <CIPolicyName> ::= policies/<String>|settings/<String>|<String>
 <ClassificationLabelID> ::= <String>
 <ClassificationLabelFieldID> ::= <String>
@@ -468,7 +468,7 @@ If an item contains spaces, it should be surrounded by ".
 <FloorName> ::= <String>
 <GroupItem> ::= <EmailAddress>|<UniqueID>|<String>
 <GroupRole> ::= owner|manager|member
-<GroupType> ::= customer|group|user
+<GroupMemberType> ::= customer|group|user
 <GuardianItem> ::= <EmailAddress>|<UniqueID>|<String>
 <GuardianInvitationID> ::= <String>
 <HoldItem> ::= <UniqueID>|<String>
@@ -664,7 +664,7 @@ If an item contains spaces, it should be surrounded by ".
 <CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
 <ChatSpaceList> ::= "<ChatSpace>(,<ChatSpace>)*"
 <CIGroupAliasList> ::= "<CIGroupAlias>(,<CIGroupAlias>)*"
-<CIGroupTypeList> ::= "<CIGroupType>(,<CIGroupType>)*"
+<CIGroupMemberTypeList> ::= "<CIGroupMemberType>(,<CIGroupMemberType>)*"
 <CIPolicyNameList> ::= "<CIPolicyName>(,<CIPolicyName>)*"
 <ClassroomInvitationIDList> ::= "<ClassroomInvitationID>(,<ClassroomInvitationID>)*"
 <ContactGroupList> ::= "<ContactGroupItem>(,<ContactGroupItem>)*"
@@ -707,7 +707,7 @@ If an item contains spaces, it should be surrounded by ".
 <GuardianInvitationIDList> ::= "<GuardianInvitationID>(,<GuardianInvitationID>)*"
 <GroupList> ::= "<GroupItem>(,<GroupItem>)*"
 <GroupRoleList> ::= "<GroupRole>(,<GroupRole>)*"
-<GroupTypeList> ::= "<GroupType>(,<GroupType>)*"
+<GroupMemberTypeList> ::= "<GroupMemberType>(,<GroupMemberType>)*"
 <LabelIDList> ::= "<LabelID>(,<LabelID>)*"
 <LabelNameList> ::= "'<LabelName>'(,'<LabelName>')*"
 <LanguageList> ::= "<Language>(,<Language>)*"
@@ -1059,6 +1059,7 @@ Specify a collection of items by directly specifying them; the item type is dete
        all_shortcuts |
        all_3p_shortcuts |
        all_items |
+        my_commentable_items |
        my_docs |
        my_files |
        my_folders |
@@ -1361,6 +1362,7 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
         nokey]
 gam use project [<EmailAddress>] [<ProjectID>]
 gam use project [admin <EmailAddress>] [project <ProjectID>]
+        [appname <String>] [supportemail <EmailAddress>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
@@ -1676,6 +1678,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
        (range <Date> <Date>)|
        (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)|
        (reminder <Number> email|popup))|
+	(resource <ResourceID>)|
        (selectattendees [<AttendeeAttendance>] [<AttendeeStatus>] <UserTypeEntity>)|
        (sequence <Integer>)|
        (sharedproperty <PropertyKey> <PropertyValue>)|
@@ -1706,8 +1709,10 @@ The following attributes are equivalent:
        clearattendees|
        clearhangoutsmeet|
        (clearprivateproperty <PropertyKey>)|
+        clearresources|
        (clearsharedproperty <PropertyKey>)|
        (removeattendee <EmailAddress>)|
+        (removeresource <ResourceID>)|
        (replacedescription <RegularExpression> <String>)|
        (selectremoveattendees <UserTypeEntity>)

@@ -1894,136 +1899,6 @@ gam calendar|calendars <CalendarEntity> print settings [todrive <ToDriveAttribut
        [formatjson [quotechar <Character>]]
 gam calendar|calendars <CalendarEntity> modify <CalendarSettings>+

-# Chrome Browser Cloud Management
-
-<QueryBrowser> ::= <String>
-        See: https://support.google.com/chrome/a/answer/9681204#retrieve_all_chrome_devices_for_an_account
-<QueryBrowserList> ::= "<QueryBrowser>(,<QueryBrowser>)*"
-
-<BrowserEntity> ::=
-        <DeviceIDList> |
-        (query:<QueryBrowser>)|(query:orgunitpath:<OrgUnitPath>)|(query <QueryBrowser>) |
-        (browserou <OrgUnitItem>) | (browserous <OrgUnitList>) |
-        <FileSelector> | <CSVFileSelector>
-
-<BrowserAttribute> ::=
-        (annotatedassetid|asset|assetid <String>)|
-        (annotatedlocation|location <String>)|
-        (annotatednotes|notes <String>)|(updatenotes <String>)|
-        (annotateduser|user <String>
-
-<BrowserFieldName> ::=
-        annotatedassetid|asset|assetid|
-        annotatedlocation|location|
-        annotatednotes|notes|
-        annotateduser|user|
-        browsers|
-        browserversions|
-        deviceid|
-        extensioncount|
-        installedbrowserversion|
-        lastactivitytime|
-        lastdeviceuser|
-        lastdeviceusers|
-        lastpolicyfetchtime|
-        lastregistrationtime|
-        laststatusreporttime|
-        machineextensionpolicies|
-        machinename|
-        machinepolicies|
-        orgunitpath|org|orgunit|
-        osarchitecture|
-        osplatform|
-        osplatformversion|
-        osversion|
-        ou|
-        policycount|
-        safebrowsingclickthroughcount|
-        serialnumber|
-        virtualdeviceid
-<BrowserFieldNameList> ::= "<BrowseFieldName>(,<BrowserFieldName>)*"
-
-<BrowserOrderByFieldName> ::=
-        annotatedassetid|assetassetid|
-        annotatedlocation|location|
-        annotatednotes|notes|
-        annotateduser|user|
-        browserversionchannel|
-        browserversionsortable|
-        deviceid|id|
-        enrollmentdate|
-        extensioncount|
-        lastactivity|
-        lastsignedinuser|
-        lastsync|
-        machinename|
-        orgunit|ou|org|
-        osversion|
-        osversionsortable|
-        platformmajorversion|
-        policycount
-
-gam delete browser <DeviceID>
-gam update browser <BrowserEntity> <BrowserAttibute>+
-gam move browsers ou|org|orgunit <OrgUnitPath>
-        ((ids <DeviceIDList>) |
-         (queries <QueryBrowserList> [querytime<String> <Time>]) |
-         (browserou <OrgUnitItem>) | (browserous <OrgUnitList>) |
-         <FileSelector> | <CSVFileSelector>)
-        [batchsize <Integer>]
-
-gam info browser <DeviceID>
-        [basic|full|annotated] <BrowserFieldName>* [fields <BrowserFieldNameList>]
-        [formatjson]
-gam show browsers
-        ([ou|org|orgunit|browserou <OrgUnitPath>] [(query <QueryBrowser>)|(queries <QueryBrowserList>))|(select <BrowserEntity>))
-        [querytime<String> <Time>]
-        [orderby <BrowserOrderByFieldName> [ascending|descending]]
-        [basic|full|allfields|annotated] <BrowserFieldName>* [fields <BrowserFieldNameList>]
-        [formatjson]
-gam print browsers [todrive <ToDriveAttribute>*]
-        ([ou|org|orgunit|browserou <OrgUnitPath>] [(query <QueryBrowser>)|(queries <QueryBrowserList>))|(select <BrowserEntity>))
-        [querytime<String> <Time>]
-        [orderby <BrowserOrderByFieldName> [ascending|descending]]
-        [basic|full|allfields|annotated] <BrowserFieldName>* [fields <BrowserFieldNameList>]
-        [sortheaders]
-        [formatjson [quotechar <Character>]]
-
-gam create browsertoken
-        [ou|org|orgunit|browserou <OrgUnitPath>] [expire|expires <Time>]
-        [formatjson]
-gam revoke browsertoken <BrowserTokenPermanentID>
-
-<BrowserTokenFieldName> ::=
-        createtime|
-        creatorid|
-        customerid|
-        expiretime|
-        org|
-        orgunit|
-        orgunitpath|
-        ou|
-        revoketime|
-        revokerid|
-        state|
-        token|
-        tokenpermanentid
-<BrowserTokenFieldNameList> ::= "<BrowserTokenFieldName>(,<BrowserTokenFieldName>)*"
-
-gam show browsertokens
-        ([ou|org|orgunit|browserou <OrgUnitPath>] [(query <QueryBrowserToken>)|(queries <QueryBrowserTokenList>)))
-        [querytime<String> <Time>]
-        [orderby <BrowserTokenFieldName> [ascending|descending]]
-        [allfields] <BrowserTokenFieldName>* [fields <BrowserTokenFieldNameList>]
-        [formatjson]
-gam print browsertokens [todrive <ToDriveAttribute>*]
-        ([ou|org|orgunit|browserou <OrgUnitPath>] [(query <QueryBrowserToken>)|(queries <QueryBrowserTokenList>)))
-        [querytime<String> <Time>]
-        [orderby <BrowserTokenFieldName> [ascending|descending]]
-        [allfields] <BrowserTokenFieldName>* [fields <BrowserTokenFieldNameList>]
-        [sortheaders]
-        [formatjson [quotechar <Character>]]
-
 # Chat Bot

 <ChatContent> ::=
@@ -2136,6 +2011,142 @@ gam info chatmessage name <ChatMessage>
 gam info chatevent name <ChatEvent>
        [formatjson]

+# Chrome Browser Cloud Management
+
+<QueryBrowser> ::= <String>
+        See: https://support.google.com/chrome/a/answer/9681204#retrieve_all_chrome_devices_for_an_account
+<QueryBrowserList> ::= "<QueryBrowser>(,<QueryBrowser>)*"
+
+<BrowserEntity> ::=
+        <DeviceIDList> |
+        (query:<QueryBrowser>)|(query:orgunitpath:<OrgUnitPath>)|(query <QueryBrowser>) |
+        (browserou <OrgUnitItem>) | (browserous <OrgUnitList>) |
+        <FileSelector> | <CSVFileSelector>
+
+<BrowserAttribute> ::=
+        (annotatedassetid|asset|assetid <String>)|
+        (annotatedlocation|location <String>)|
+        (annotatednotes|notes <String>)|(updatenotes <String>)|
+        (annotateduser|user <String>
+
+<BrowserFieldName> ::=
+        annotatedassetid|asset|assetid|
+        annotatedlocation|location|
+        annotatednotes|notes|
+        annotateduser|user|
+        browsers|
+        browserversions|
+        deviceid|
+        extensioncount|
+        installedbrowserversion|
+        lastactivitytime|
+        lastdeviceuser|
+        lastdeviceusers|
+        lastpolicyfetchtime|
+        lastregistrationtime|
+        laststatusreporttime|
+        machineextensionpolicies|
+        machinename|
+        machinepolicies|
+        orgunitpath|org|orgunit|
+        osarchitecture|
+        osplatform|
+        osplatformversion|
+        osversion|
+        ou|
+        policycount|
+        safebrowsingclickthroughcount|
+        serialnumber|
+        virtualdeviceid
+<BrowserFieldNameList> ::= "<BrowserFieldName>(,<BrowserFieldName>)*"
+
+<BrowserOrderByFieldName> ::=
+        annotatedassetid|assetassetid|
+        annotatedlocation|location|
+        annotatednotes|notes|
+        annotateduser|user|
+        browserversionchannel|
+        browserversionsortable|
+        deviceid|id|
+        enrollmentdate|
+        extensioncount|
+        lastactivity|
+        lastsignedinuser|
+        lastsync|
+        machinename|
+        orgunit|ou|org|
+        osversion|
+        osversionsortable|
+        platformmajorversion|
+        policycount
+
+gam delete browser <DeviceID>
+gam update browser <BrowserEntity> <BrowserAttibute>+
+gam move browsers ou|org|orgunit <OrgUnitPath>
+        ((ids <DeviceIDList>) |
+         (queries <QueryBrowserList> [querytime<String> <Time>]) |
+         (browserou <OrgUnitItem>) | (browserous <OrgUnitList>) |
+         <FileSelector> | <CSVFileSelector>)
+        [batchsize <Integer>]
+
+gam info browser <DeviceID>
+        (basic|full|annotated | 
+         (<BrowserFieldName>* [fields <BrowserFieldNameList>]) |
+         (rawfields "<BrowserFieldNameList>"))
+        [formatjson]
+gam show browsers
+        ([ou|org|orgunit|browserou <OrgUnitPath>] [(query <QueryBrowser>)|(queries <QueryBrowserList>))|(select <BrowserEntity>))
+        [querytime<String> <Time>]
+        [orderby <BrowserOrderByFieldName> [ascending|descending]]
+        (basic|full|annotated | 
+         (<BrowserFieldName>* [fields <BrowserFieldNameList>]) |
+         (rawfields "<BrowserFieldNameList>"))
+        [formatjson]
+gam print browsers [todrive <ToDriveAttribute>*]
+        ([ou|org|orgunit|browserou <OrgUnitPath>] [(query <QueryBrowser>)|(queries <QueryBrowserList>))|(select <BrowserEntity>))
+        [querytime<String> <Time>]
+        [orderby <BrowserOrderByFieldName> [ascending|descending]]
+        (basic|full|annotated | 
+         (<BrowserFieldName>* [fields <BrowserFieldNameList>]) |
+         (rawfields "<BrowserFieldNameList>"))
+        [sortheaders]
+        [formatjson [quotechar <Character>]]
+
+gam create browsertoken
+        [ou|org|orgunit|browserou <OrgUnitPath>] [expire|expires <Time>]
+        [formatjson]
+gam revoke browsertoken <BrowserTokenPermanentID>
+
+<BrowserTokenFieldName> ::=
+        createtime|
+        creatorid|
+        customerid|
+        expiretime|
+        org|
+        orgunit|
+        orgunitpath|
+        ou|
+        revoketime|
+        revokerid|
+        state|
+        token|
+        tokenpermanentid
+<BrowserTokenFieldNameList> ::= "<BrowserTokenFieldName>(,<BrowserTokenFieldName>)*"
+
+gam show browsertokens
+        ([ou|org|orgunit|browserou <OrgUnitPath>] [(query <QueryBrowserToken>)|(queries <QueryBrowserTokenList>)))
+        [querytime<String> <Time>]
+        [orderby <BrowserTokenFieldName> [ascending|descending]]
+        [allfields] <BrowserTokenFieldName>* [fields <BrowserTokenFieldNameList>]
+        [formatjson]
+gam print browsertokens [todrive <ToDriveAttribute>*]
+        ([ou|org|orgunit|browserou <OrgUnitPath>] [(query <QueryBrowserToken>)|(queries <QueryBrowserTokenList>)))
+        [querytime<String> <Time>]
+        [orderby <BrowserTokenFieldName> [ascending|descending]]
+        [allfields] <BrowserTokenFieldName>* [fields <BrowserTokenFieldNameList>]
+        [sortheaders]
+        [formatjson [quotechar <Character>]]
+
 # Chrome Installed Apps Counts

 gam show chromeapps
@@ -2190,6 +2201,68 @@ gam show chromeneedsattn
         (ous <OrgUnitList>)|(ous_and_children <OrgUnitList>)]
        [formatjson]

+# Chrome Profile Management
+
+<ChromeProfileFieldName> ::=
+        affiliationstate|
+        annotatedlocation|
+        annotateduser|
+        attestationcredential|
+        browserchannel|
+        browserversion|
+        deviceinfo|
+        displayname|
+        extensioncount|
+        firstenrollmenttime|
+        identityprovider|
+        lastactivitytime|
+        lastpolicyfetchtime|
+        lastpolicysynctime|
+        laststatusreporttime|
+        name|
+        osplatformtype|
+        osplatformversion|
+        osversion|
+        policycount|
+        profileid|
+        profilepermanentid|
+        reportingdata|
+        useremail|
+        userid
+<ChromeProfileFieldNameList> ::= "<ChromeProfileFieldName>(,<ChromeProfileFieldName>)*"
+
+<ChromeProfileOrderByFieldName> ::=
+        affiliationstate|
+        browserchannel|
+        browserversion|
+        displayname|
+        extensioncount|
+        firstenrollmenttime|
+        identityprovider|
+        lastactivitytime|
+        lastpolicysynctime|
+        laststatusreporttime|
+        osplatformtype|
+        osversion|
+        policycount|
+        profileid|
+        useremail
+
+gam delete chromeprofile <ChromeProfileName>
+
+gam info chromeprofile <ChromeProfileName>
+        <ChromeProfileFieldName>* [fields <ChromeProfileFieldNameList>]
+gam show chromeprofiles
+        [filtertime.* <Time>] [filter <String>]
+        [orderby <ChromeProfileOrderByFieldName> [ascending|descending]]
+        <ChromeProfileFieldName>* [fields <ChromeProfileFieldNameList>]
+        [formatjson]
+gam print chromeprofiles [todrive <ToDriveAttribute>*]
+        [filtertime.* <Time>] [filter <String>]
+        [orderby <ChromeProfileOrderByFieldName> [ascending|descending]]
+        <ChromeProfileFieldName>* [fields <ChromeProfileFieldNameList>]
+        [[formatjson [quotechar <Character>]]
+
 # Chrome Versions Counts

 gam show chromeversions
@@ -3766,12 +3839,14 @@ gam info group|groups <GroupEntity>
        [basic] <GroupFieldName>* [fields <GroupFieldNameList>] [nodeprecated]
        [ciallfields|(cifields <CIGroupFieldNameList>)]
        [members] [managers] [owners]
+        [internal] [internaldomains <DomainNameList>] [external]
        [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [formatjson]
 gam print groups [todrive <ToDriveAttribute>*]
        [([domain|domains <DomainNameEntity>] ([member|showownedby <EmailItem>]|[(query <QueryGroup>)|(queries <QueryGroupList>)]))|
+         (group|group_ns|group_susp <GroupItem>)|
         (select <GroupEntity>)]
        [emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
        [descriptionmatchpattern [not] <RegularExpression>] (matchsetting [not] <GroupAttribute>)*
@@ -3782,9 +3857,10 @@ gam print groups [todrive <ToDriveAttribute>*]
        [nodeprecated]
        [roles <GroupRoleList>]
        [members|memberscount] [managers|managerscount] [owners|ownerscount] [totalcount] [countsonly]
+        [internal] [internaldomains <DomainNameList>] [external]
        [includederivedmembership]
        [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [convertcrnl] [delimiter <Character>] [sortheaders]
        [formatjson [quotechar <Character>]]
@@ -3817,10 +3893,11 @@ gam print group-members [todrive <ToDriveAttribute>*]
        [descriptionmatchpattern [not] <RegularExpression>]
        [admincreatedmatch <Boolean>]
        [roles <GroupRoleList>] [members] [managers] [owners]
+        [internal] [internaldomains <DomainNameList>] [external]
        [membernames] [showdeliverysettings]
        <MembersFieldName>* [fields <MembersFieldNameList>]
        [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [userfields <UserFieldNameList>]
        [allschemas|(schemas|custom|customschemas <SchemaNameList>)]
@@ -3828,7 +3905,7 @@ gam print group-members [todrive <ToDriveAttribute>*]
        [peoplelookup|(peoplelookupuser <EmailAddress>)]
        [unknownname <String>] [cachememberinfo [Boolean]]
        [formatjson [quotechar <Character>]]
-gam show group-members
+`gam show group-members
        [([domain|domains <DomainNameEntity>] ([member|showownedby <EmailItem>]|[(query <QueryGroup>)|(queries <QueryGroupList>)]))|
         (group|group_ns|group_susp <GroupItem>)|
         (select <GroupEntity>)]
@@ -3836,8 +3913,9 @@ gam show group-members
        [descriptionmatchpattern [not] <RegularExpression>]
        [admincreatedmatch <Boolean>]
        [roles <GroupRoleList>] [members] [managers] [owners] [depth <Number>]
+        [internal] [internaldomains <DomainNameList>] [external]
        [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [includederivedmembership]

@@ -3856,12 +3934,16 @@ gam show group-members
        updatetime
 <CIGroupFieldNameList> ::= "<CIGroupFieldName>(,<CIGroupFieldName>)*"

-gam create cigroup <EmailAddress> [copyfrom <GroupItem>] <GroupAttribute>*
-        [makeowner] [alias|aliases <CIGroupAliasList>] [dynamic <QueryDynamicGroup>]
+gam create cigroup <EmailAddress>
+        [copyfrom <GroupItem>] <GroupAttribute>*
+        [makeowner] [alias|aliases <CIGroupAliasList>]
+        [security|makesecuritygroup]
+        [dynamic <QueryDynamicGroup>]
 gam update cigroup <GroupEntity> [copyfrom <GroupItem>] <GroupAttribute>
        [security|makesecuritygroup|
         dynamicsecurity|makedynamicsecuritygroup|
         lockedsecurity|makelockedsecuritygroup]
+        [locked|unlocked]
        [dynamic <QueryDynamicGroup>]
        [memberrestrictions <QueryMemberRestrictions>]
 gam update cigroups <GroupEntity> create|add [<GroupRole>]
@@ -3895,7 +3977,8 @@ gam info cigroups <GroupEntity>
        [nosecurity|nosecuritysettings]
        [allfields|<CIGroupFieldName>*|(fields <CIGroupFieldNameList>)]
        [roles <GroupRoleList>] [members] [managers] [owners]
-        [types <CIGroupTypeList>]
+        [internal] [internaldomains <DomainNameList>] [external]
+        [types <CIGroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [formatjson]
 gam print cigroups [todrive <ToDriveAttribute>*]
@@ -3906,7 +3989,8 @@ gam print cigroups [todrive <ToDriveAttribute>*]
        [basic|allfields|(<CIGroupFieldName>* [fields <CIGroupFieldNameList>])]
        [roles <GroupRoleList>] [memberrestrictions]
        [members|memberscount] [managers|managerscount] [owners|ownerscount] [totalcount] [countsonly]
-        [types <CIGroupTypeList>]
+        [internal] [internaldomains <DomainNameList>] [external]
+        [types <CIGroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [convertcrnl] [delimiter <Character>]
        [formatjson [quotechar <Character>]]
@@ -3914,13 +3998,14 @@ gam print cigroups [todrive <ToDriveAttribute>*]

 <CIGroupMembersFieldName> ::=
        createtime
+        email|useremail|
        expiretime|
        memberkey|
        name|
        role|
        type|
-        updatetime|
-        useremail
+        updatetime
+
 <CIGroupMembersFieldNameList> ::= "<CIGroupMembersFieldName>(,<CIGroupMembersFieldName>)*"

 gam <UserTypeEntity> info cimember <GroupEntity>
@@ -3931,19 +4016,22 @@ gam print cigroup-members [todrive <ToDriveAttribute>*]
        [emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
        [descriptionmatchpattern [not] <RegularExpression>]
        [roles <GroupRoleList>] [members] [managers] [owners]
-        [types <CIGroupTypeList>]
+        [types <CIGroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        <CIGroupMembersFieldName>* [fields <CIGroupMembersFieldNameList>]
-        [(recursive [noduplicates])includederivedmembership] [nogroupeemail]
+        [minimal|basic|full]
+        [(recursive [noduplicates]) | includederivedmembership] [nogroupemail]
        [formatjson [quotechar <Character>]]
 gam show cigroup-members
        [(cimember|ciowner <UserItem>)|(cigroup <GroupItem>)|(select <GroupEntity>)]
        [showownedby <UserItem>]
        [emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
        [descriptionmatchpattern [not] <RegularExpression>]
-        [roles <GroupRoleList>] [members] [managers] [owners] [depth <Number>]
-        [types <CIGroupTypeList>]
+        [roles <GroupRoleList>] [members] [managers] [owners]
+        [types <CIGroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
+        [minimal|basic|full]
+        [(depth <Number>) | includederivedmembership]

 # Cloud Identity Devices

@@ -3985,6 +4073,7 @@ gam show cigroup-members
        releaseversion|
        securitypatchtime|
        serialnumber|
+        unifieddeviceid|
        wifimacaddresses
 <DeviceFieldNameList> ::= "<DeviceFieldName>(,<DeviceFieldName>)*"

@@ -4378,7 +4467,7 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
        [event|events <EventNameList>] [ip <String>]
        [groupidfilter <String>]
        [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
-        [countsonly [summary] [eventrowfilter]]
+        [countsonly [bydate|summary] [eventrowfilter]]
        (addcsvdata <FieldName> <String>)* [shownoactivities]

 <CustomerServiceName> ::=
@@ -4386,6 +4475,7 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
        app_maker|
        apps_scripts|
        calendar|
+        chat|
        classroom|
        cros|
        device_management|
@@ -4406,6 +4496,7 @@ gam report customers|customer|domain [todrive <ToDriveAttribute>*]

 <UserServiceName> ::=
        accounts|
+        chat|
        classroom|
        docs|
        drive|
@@ -4441,7 +4532,7 @@ gam report users|user [todrive <ToDriveAttribute>*]
        (country|countrycode <String>)

 gam create|add resoldcustomer <CustomerDomain> (customer_auth_token <String>) <ResoldCustomerAttribute>+
-gam update resoldcustomer <CustomerID> [customer_auth_token <String>] <ResoldCustomerAttribues>+
+gam update resoldcustomer <CustomerID> <ResoldCustomerAttribues>+
 gam info resoldcustomer <CustomerID> [formatjson]

 gam create|add resoldsubscription <CustomerID> (sku <SKUID>)
@@ -4659,41 +4750,6 @@ gam <UserTypeEntity> sendemail from <EmailAddress>
        [newuser <EmailAddress> firstname|givenname <String> lastname|familyname <string> password <Password>]
        (<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*

-# Sites
-
-<SiteACLRole> ::= editor|owner|reader|writer
-<SiteACLRoleList> ::= "<SiteACLRole>(,<SiteACLRole>)*"
-
-<SiteACLScope> ::=
-        <EmailAddress>|user:<EmailAddress>|group:<EmailAddress>|domain:<DomainName>|domain|default
-<SiteACLScopeList> ::= "<SiteACLScope>(,<SiteACLScope>)*"
-<SiteACLScopeEntity> ::=
-        <SiteACLScopeList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-
-<SiteAttribute> ::=
-        (categories <String>)|
-        (name <String>)|
-        (sourcelink <URI>])|
-        (summary <String>)|
-        (theme <String>)
-
-gam [<UserTypeEntity>] create|add site <SiteItem> <SiteAttribute>*
-gam [<UserTypeEntity>] update sites <SiteEntity> <SiteAttribute>+
-gam [<UserTypeEntity>] info sites <SiteEntity> [withmappings] [role|roles all|<SiteACLRoleList>]
-gam [<UserTypeEntity>] show sites [domain|domains <DomainNameEntity>] [includeallsites]
-        [withmappings] [role|roles all|<SiteACLRoleList>] [startindex <Number>] [maxresults <Number>]
-gam [<UserTypeEntity>] print sites [todrive <ToDriveAttribute>*] [domain|domains <DomainNameEntity>] [includeallsites]
-        [withmappings] [role|roles all|<SiteACLRoleList>] [startindex <Number>] [maxresults <Number>] [convertcrnl] [delimiter <Character>]
-
-gam [<UserTypeEntity>] print siteactivity <SiteEntity> [todrive <ToDriveAttribute>*] [startindex <Number>] [maxresults <Number>] [updated_min <Date>] [updated_max <Date>]
-
-gam [<UserTypeEntity>] create|add siteacls <SiteEntity> <SiteACLRole> <SiteACLScopeEntity>
-gam [<UserTypeEntity>] update siteacls <SiteEntity> <SiteACLRole> <SiteACLScopeEntity>
-gam [<UserTypeEntity>] delete siteacls <SiteEntity> <SiteACLScopeEntity>
-gam [<UserTypeEntity>] info siteacls <SiteEntity> <SiteACLScopeEntity>
-gam [<UserTypeEntity>] show siteacls <SiteEntity>
-gam [<UserTypeEntity>] print siteacls <SiteEntity> [todrive <ToDriveAttribute>*]
-
 # Shared Drives - Administrator

 <SharedDriveFieldName> ::=
@@ -4911,6 +4967,7 @@ gam create|add permissions <SharedDriveEntityAdmin> <DriveFilePermissionEntity>
        <PermissionMatch>* [<PermissionMatchAction>]
 gam delete permissions <SharedDriveEntityAdmin> <DriveFilePermissionIDEntity>
        <PermissionMatch>* [<PermissionMatchAction>]
+        [enforceexpansiveaccess [<Boolean>]]

 In these commands, you specify an administrator and then indicate that you want domain administrator access with the adminaccess option.

@@ -4924,9 +4981,11 @@ gam <UserTypeEntity> create|add drivefileacl <SharedDriveEntityAdmin>
        adminaccess
 gam <UserTypeEntity> update drivefileacl <SharedDriveEntityAdmin> <DriveFilePermissionIDorEmail>
        (role <DriveFileACLRole>) [expires|expiration <Time>] [removeexpiration [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
        [showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
        adminaccess
 gam <UserTypeEntity> delete drivefileacl <SharedDriveEntityAdmin> <DriveFilePermissionIDorEmail>
+        [enforceexpansiveaccess [<Boolean>]]
        [showtitles] adminaccess
 gam <UserTypeEntity> info drivefileacl <SharedDriveEntityAdmin> <DriveFilePermissionIDorEmail> adminaccess
        [showtitles]
@@ -4952,6 +5011,7 @@ gam <UserTypeEntity> create|add permissions <SharedDriveEntityAdmin> <DriveFileP
        <PermissionMatch>* [<PermissionMatchAction>]
 gam <UserTypeEntity> delete permissions <SharedDriveEntityAdmin> <DriveFilePermissionIDEntity> adminaccess
        <PermissionMatch>* [<PermissionMatchAction>]
+        [enforceexpansiveaccess [<Boolean>]]

 In these commands, the Google administrator named in oauth2.txt is used.

@@ -5187,7 +5247,7 @@ gam print vaultcounts [todrive <ToDriveAttributes>*]
 gam print vaultcounts [todrive <ToDriveAttributes>*]
        matter <MatterItem> operation <String> [wait <Integer>]

-gam create vaultexport|export matter <MatterItem> [name <String>] corpus calendar|drive|mail|groups|hangouts_chat|voice
+gam create vaultexport|export matter <MatterItem> [name <String>] corpus calendar|drive|gemini|groups|hangouts_chat|mail|voice
        (accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
        (shareddrives|teamdrives <SharedDriveIDList>) | (rooms <RoomList>) | (sitesurl <URLList>)
        [scope all_data|held_data|unprocessed_data]
@@ -5195,10 +5255,12 @@ gam create vaultexport|export matter <MatterItem> [name <String>] corpus calenda
        [locationquery <StringList>] [peoplequery <StringList>] [minuswords <StringList>]
        [responsestatuses <AttendeeStatus>(,<AttendeeStatus>)*] [calendarversiondate <Date>|<Time>]
        [includeshareddrives <Boolean>] [driveversiondate <Date>|<Time>] [includeaccessinfo <Boolean>]
+        [driveclientsideencryption any|encrypted|unencrypted]
        [includerooms <Boolean>]
-        [excludedrafts <Boolean>] [format mbox|pst]
+        [excludedrafts <Boolean>] [mailclientsideencryption any|encrypted|unencrypted]
        [showconfidentialmodecontent <Boolean>] [usenewexport <Boolean>] [exportlinkeddrivefiles <Boolean>]
        [covereddata calllogs|textmessages|voicemails]
+        [format ics|mbox|pst|xml]
        [region any|europe|us] [showdetails|returnidonly]
 gam delete vaultexport|export <ExportItem> matter <MatterItem>
 gam delete vaultexport|export <MatterItem> <ExportItem>
@@ -5404,7 +5466,10 @@ gam download storagefile <StorageBucketObjectName>
                                            (file|htmlfile <FileName> [charset <Charset>])|
                                            (gdoc|ghtml <UserGoogleDoc>)))|
        (ou|org|orgunitpath <OrgUnitPath>|<OrgUnitID>)
-        (password (random [<Integer>])|(uniquerandom [<Integer>])|blocklogin|<Password>)|
+        (password (random [<Integer>])|(uniquerandom [<Integer>])|
+                   blocklogin|
+                   prompt|uniqueprompt|
+                   <Password>)|
        (recoveryemail <EmailAddress>)|
        (recoveryphone <string>)|
        (suspend|suspended <Boolean>)|
@@ -5487,7 +5552,7 @@ gam create|add user <EmailAddress> [ignorenullpassword] <UserAttribute>*
            [replyto <EmailAaddress>]
            [<NotifyMessageContent>]
            (replace <Tag> <UserReplacement>)*]
-        [lograndompassword <FileName>]
+        [logpassword <FileName>]
        [addnumericsuffixonduplicate <Number>]

 gam <UserTypeEntity> waitformailbox [retries <Number>]
@@ -5512,7 +5577,7 @@ gam update user <UserItem> [ignorenullpassword] <UserAttribute>*
            [<NotifyMessageContent>]
            (replace <Tag> <UserReplacement>)*]
        [notifyonupdate [<Boolean>]] [setchangepasswordoncreate [<Boolean>]]
-        [lograndompassword <FileName>]
+        [logpassword <FileName>]
 gam delete user <UserItem> [noactionifalias]
 gam undelete user <UserItem> [ou|org|orgunit <OrgUnitPath>]
 gam suspend user <UserItem> [noactionifalias]
@@ -5546,7 +5611,7 @@ gam update users <UserTypeEntity> [ignorenullpassword] <UserAttribute>*
            [<NotifyMessageContent>]
            (replace <Tag> <UserReplacement>)*]
        [notifyonupdate [<Boolean>]] [setchangepasswordoncreate [<Boolean>]]
-        [lograndompassword <FileName>]
+        [logpassword <FileName>]
        [verifynotinvitable]
 gam delete users <UserTypeEntity> [noactionifalias]
 gam undelete users <UserEntity> [ou|org|orgunit <OrgUnitPath>]
@@ -5579,7 +5644,7 @@ gam <UserTypeEntity> update users [ignorenullpassword] <UserAttribute>*
            [<NotifyMessageContent>]
            (replace <Tag> <UserReplacement>)*]
        [notifyonupdate [<Boolean>]] [setchangepasswordoncreate [<Boolean>]]
-        [lograndompassword <FileName>]
+        [logpassword <FileName>]
        [verifynotinvitable]
 gam <UserTypeEntity> delete users [noactionifalias]
 gam <UserEntity> undelete users [ou|org|orgunit <OrgUnitPath>]
@@ -6502,6 +6567,8 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
        [copysubfolderpermissions [<Boolean>]]
        [copysubfolderinheritedpermissions [<Boolean>]]
        [copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders]
+        [copypermissionroles <DriveFileACLRoleList>]
+        [copypermissiontypes <DriveFileACLTypeList>]
        [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
        (mappermissionsdomain <DomainName> <DomainName>)*
        [copysheetprotectedranges [<Boolean>]]
@@ -6510,6 +6577,7 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
        [sendemailifrequired [<Boolean>]]
        [suppressnotselectedmessages [<Boolean>]]
        [verifyorganizer [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]

 gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileName>]
        [summary [<Boolean>]] [showpermissionmessages [<Boolean>]]
@@ -6533,6 +6601,7 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
        [retainsourcefolders [<Boolean>]]
        [sendemailifrequired [<Boolean>]]
        [verifyorganizer [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]

 gam <UserTypeEntity> get document <DriveFileEntity>
        [viewmode default|suggestions_inline|preview_suggestions_accepted|preview_without_suggestions]
@@ -6638,10 +6707,10 @@ gam <UserTypeEntity> create|add drivefileacl <DriveFileEntity> [adminaccess|asad
        [showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
 gam <UserTypeEntity> update drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
        (role <DriveFileACLRole>) [expires|expiration <Time>] [removeexpiration [<Boolean>]]
-        [updatesheetprotectedranges [<Boolean>]]
+        [updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
        [showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
 gam <UserTypeEntity> delete drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
-        [updatesheetprotectedranges [<Boolean>]]
+        [updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
        [showtitles]
 gam <UserTypeEntity> info drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
        [showtitles]
@@ -6717,12 +6786,12 @@ gam print ownership <DriveFileID>|(drivefilename <DriveFileName>) [todrive <ToDr
 gam <UserTypeEntity> show filecomments <DriveFileEntity>
        [showdeleted] [start <Date>|<Time>]
        [fields <CommentsFieldNameList>] [showphotolinks]
-        [countsonly]
+        [countsonly|positivecountsonly]
        [formatjson]
 gam <UserTypeEntity> print filecomments <DriveFileEntity> [todrive <ToDriveAttribute>*]
        [showdeleted] [start <Date>|<Time>]
        [fields <CommentsFieldNameList>] [showphotolinks]
-        [countsonly]
+        [countsonly|positivecountsonly]
        (addcsvdata <FieldName> <String>)*
        [formatjson [quotechar <Character>]]

@@ -6765,6 +6834,7 @@ gam <UserTypeEntity> print filerevisions <DriveFileEntity> [todrive <ToDriveAttr

 gam <UserTypeEntity> transfer ownership <DriveFileEntity> <UserItem>
        [<DriveFileParentAttribute>] [includetrashed] [norecursion [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [preview] [filepath] [pathdelimiter <Character>] [buildtree]
        [todrive <ToDriveAttribute>*]
@@ -6773,6 +6843,7 @@ gam <UserTypeEntity> claim ownership <DriveFileEntity>
        [skipids <DriveFileEntity>] [onlyusers|skipusers <UserTypeEntity>] [subdomains <DomainNameEntity>]
        [restricted [<Boolean>]] [writerscanshare|writerscantshare [<Boolean>]]
        [keepuser | (retainrole commenter|reader|writer|editor|fileorganizer|none)] [noretentionmessages]
+        [enforceexpansiveaccess [<Boolean>]]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [preview] [filepath] [pathdelimiter <Character>] [buildtree]
        [todrive <ToDriveAttribute>*]
@@ -6780,6 +6851,7 @@ gam <UserTypeEntity> claim ownership <DriveFileEntity>
 gam <UserTypeEntity> transfer drive <UserItem> [select <DriveFileEntity>]
        [(targetfolderid <DriveFolderID>)|(targetfoldername <DriveFolderName>)]
        [targetuserfoldername <DriveFolderName>] [targetuserorphansfoldername <DriveFolderName>]
+        [enforceexpansiveaccess [<Boolean>]]
        [mergewithtarget [<Boolean>]]
        [skipids <DriveFileEntity>]
        [keepuser | (retainrole reader|commenter|writer|editor|fileorganizer|none)] [noretentionmessages]
@@ -7282,11 +7354,11 @@ gam <UserTypeEntity> print filters [labelidsonly] [todrive <ToDriveAttribute>*]
 # Users - Forms

 gam <UserTypeEntity> create form
-        title <String> [description <String>] [isquiz [<Boolean>]
+        title <String> [description <String>] [isquiz [<Boolean>]] [<JSONData>]
        [drivefilename <DriveFileName>] [<DriveFileParentAttribute>]
        [(csv [todrive <ToDriveAttribute>*]) | returnidonly]
 gam <UserTypeEntity> update form <DriveFileEntity>
-        [title <String>] [description <String>] [isquiz [<Boolean>]
+        [title <String>] [description <String>] [isquiz [<Boolean>]] [<JSONData>]

 gam <UserTypeEntity> print forms <DriveFileEntity> [todrive <ToDriveAttribute>*]
        (addcsvdata <FieldName> <String>)*
@@ -7518,7 +7590,8 @@ gam <UserTypeEntity> show messages|threads
        [labelmatchpattern <RegularExpression>] [sendermatchpattern <RegularExpression>]
        [countsonly|positivecountsonly] [useronly]
        [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String>] [dateheaderconverttimezone [<Boolean>]]
-        [showlabels] [delimiter <Character>] [showbody] [showdate] [showsize] [showsnippet]
+        [showlabels] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
+        [maxmessagesperthread <Number>]
        [[attachmentnamepattern <RegularExpression>]
            [showattachments [noshowtextplain]]
            [saveattachments [targetfolder <FilePath>] [overwrite [<Boolean>]]]
@@ -7529,7 +7602,8 @@ gam <UserTypeEntity> print messages|threads [todrive <ToDriveAttribute>*]
        [labelmatchpattern <RegularExpression>] [sendermatchpattern <RegularExpression>]
        [countsonly|positivecountsonly] [useronly]
        [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String> [dateheaderconverttimezone [<Boolean>]]]
-        [showlabels] [delimiter <Character>] [showbody] [showdate] [showsize] [showsnippet]
+        [showlabels] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
+        [maxmessagesperthread <Number>]
        [convertcrnl] [delimiter <Character>]
        [[attachmentnamepattern <RegularExpression>]
            [showattachments [noshowtextplain]]]
@@ -7751,7 +7825,8 @@ gam <UserTypeEntity> delete noteacl <NotesNameEntity>
 # Users - Licenses

 gam <UserTypeEntity> create|add license <SKUIDList> [product|productid <ProductID>] [preview] [actioncsv]
-gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID> [preview] [actioncsv]
+gam <UserTypeEntity> update license <NewSKUID> [product|productid <ProductID>] [from] <OldSKUID>
+        [preview|archive] [actioncsv]
 gam <UserTypeEntity> delete license <SKUIDList> [product|productid <ProductID>] [preview] [actioncsv]
 gam <UserTypeEntity> sync license <SKUIDList> [product|productid <ProductID>] [addonly|removeonly] [allskus|onesku] [preview] [actioncsv]

@@ -7823,7 +7898,15 @@ gam <UserTypeEntity> show lookerstudiopermissions
 <MeetSpaceName> ::= spaces/<String> | <String>
 <MeetSpaceOptions> ::=
        accesstype open|trusted|restricted |
-        entrypointaccess all|creatorapponly
+        entrypointaccess all|creatorapponly |
+        moderation <Boolean> |
+        chatrestriction hostsonly|norestriction |
+        reactionrestriction hostsonly|norestriction |
+        presentrestriction hostsonly|norestriction |
+        defaultjoinasviewer <Boolean> |
+        recording <Boolean> |
+        transcription <Boolean> |
+        smartnotes <Boolean>

 gam <UserTypeEntity> create meetspace
        <MeetSpaceOptions>*
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -1,3 +1,418 @@
+7.05.10
+
+Updated various chat space commands to handle the following error:
+```
+ERROR: 503: serviceNotAvailable - The service is currently unavailable
+```
+
+7.05.09
+
+Fixed bug in `gam calendars <CalendarEntity> print events matchfield attendeesstatus required accepted resource_calendar@resource.calendar.google.com`
+that caused a trap.
+
+7.05.08
+
+Added error message to `gam report` commands to indicate forbidden access;
+previously, no error message was displayed.
+```
+ERROR: Customer ID: C012abc34, Caller does not have access to the customers reporting data.
+```
+
+7.05.07
+
+Fixed bug in `gam calendars <CalendarEntity> info events` and `gam <UserTypeEntity> info events`
+where option `showdayofweek` was not recognized.
+
+7.05.06
+
+Improve message displayed when a command is issued that requires Google Chat Bot setup;
+display a link to the Wiki `Set up a Chat Bot` instructions.
+
+7.05.05
+
+Added options `password prompt` and `password uniqueprompt` to `gam create user <EmailAddress>`
+and `gam update users <UserTypeEntity>` that prompt you to enter a password from stdin.
+
+See [User Passwords](https://github.com/GAM-team/GAM/wiki/Users#passwords)
+
+7.05.04
+
+Updated `gam calendars <CalendarEntity> update events` and `gam <UserTypeEntity> update events`
+to handle the following error:
+```
+ERROR 400: malformedWorkingLocationEvent - A working location event must have a visibility setting of public.
+```
+
+7.05.03
+
+Fixed bug in `gam all users print users issuspended false allfields` that caused a trap.
+
+7.05.02
+
+Chat usage reports are now available. Added `chat` to `<CustomerServiceName>` and `<UserServiceName>`
+for use in `gam report customer|user`.
+
+* https://workspaceupdates.googleblog.com/2025/02/chat-usage-analytics-updates.html
+
+7.05.01
+
+Updated from `v1beta1` to `v1` for `Cloud Identity - Policy`.
+
+* See: https://workspaceupdates.googleblog.com/2025/02/policy-api-general-availability.html
+
+7.05.00
+
+Enabled support for Limited Access as described here:
+* https://workspaceupdates.googleblog.com/2025/02/updating-access-experience-in-google-drive.html
+
+Note that the rollout may take 15 days.
+
+Added option `inheritedpermissionsdisabled [<Boolean>]` to `<DriveFileAttribute>`; this
+attribute can be set on folders.
+
+Added `inheritedpermissionsdisabled` to `<DriveFieldName>`.
+
+Added `capabilities.candisableinheritedpermissions` and `capabilities.canenableinheritedpermissions`
+to `<DriveCapabilitiesSubfieldName>`.
+
+Added option `enforceexpansiveaccess [<Boolean>]` to all commands that delete or update
+drive file ACLs/permissions.
+```
+gam <UserTypeEntity> delete permissions
+gam <UserTypeEntity> delete drivefileacl
+gam <UserTypeEntity> update drivefileacl
+gam <UserTypeEntity> copy drivefile
+gam <UserTypeEntity> move drivefile
+gam <UserTypeEntity> transfer ownership
+gam <UserTypeEntity> claim ownership
+gam <UserTypeEntity> transfer drive
+```
+
+7.04.05
+
+Added initial support for Meet API v2beta; you must be in the Developer Preview program
+for this to be effective.
+* https://developers.google.com/meet/api/guides/beta/configuration-beta#auto-artifacts
+
+Added `meet_v2_beta` Boolean variable to `gam.cfg`. When this variable is true,
+the following options are added to `<MeetSpaceOptions>` used in `gam <UserTypeEntity> create|update meetspace`.
+```
+        moderation <Boolean> |
+        chatrestriction hostsonly|norestriction |
+        reactionrestriction hostsonly|norestriction |
+        presentrestriction hostsonly|norestriction |
+        defaultjoinasviewer <Boolean> |
+        recording <Boolean> |
+        transcription <Boolean> |
+        smartnotes <Boolean>
+```
+
+This isn't called beta for nothing, I have found problems and reported them.
+
+7.04.04
+
+Updated `gam print group-members|cigroup-members` to include the `email` column
+when `fields <MembersFieldNameList>` did not include `email`.
+
+7.04.03
+
+Added option `minimal|basic|full` to `gam print cigroup-members`:
+* `minimal` - Fields displayed: group, id, role, email
+* `basic` - Fields displayed: group, type, id, role, email
+* `full` - Fields displayed: group, type, id, role, email, createTime, updateTime; this is the default
+
+Added option `minimal|basic|full` to `gam show cigroup-members`:
+* `minimal` - Fields displayed: role, email
+* `basic` - Fields displayed: type, role, email
+* `full` - Fields displayed: type, role, email, createTime, updateTime; this is the default
+
+Upgraded `gam print cigroup-members ... recursive` to display sub-group email addresses rather than IDs.
+
+7.04.02
+
+Improved output formatting for the following commands:
+```
+gam info peoplecontact
+gam show peoplecontacts
+gam info peopleprofile
+gam show peopleprofile
+gam <UserTypeEntity> info contacts
+gam <UserTypeEntity> show contacts
+gam <UserTypeEntity> show peopleprofile
+```
+
+7.04.01
+
+Fixed bug where multiple `querytime<String>` values in a query were not properly processed;
+only the last `querytime<String>` was processed.
+```
+Command line: query "sync:#querytime1#..#querytime2# status:provisioned" querytime1 -2y querytime2 -40w
+Query: (sync:#querytime1#..2024-05-09T00:00:00 status:provisioned) Invalid
+```
+
+7.04.00
+
+The Classic Sites API no longer functions, the following commands are deprecated:
+```
+gam [<UserTypeEntity>] create site
+gam [<UserTypeEntity>] update site
+gam [<UserTypeEntity>] info site
+gam [<UserTypeEntity>] print sites
+gam [<UserTypeEntity>] show sites
+gam [<UserTypeEntity>] create siteacls
+gam [<UserTypeEntity>] update siteacls
+gam [<UserTypeEntity>] delete siteacls
+gam [<UserTypeEntity>] info siteacls
+gam [<UserTypeEntity>] show siteacls
+gam [<UserTypeEntity>] print siteacls
+gam [<UserTypeEntity>] print siteactivity
+```
+
+7.03.09
+
+Added option `maxmessagesperthread <Number>` to `gam <UserTypeEntity> print|show threads`
+that limits the number of messages displayed per thread. The default is 0, there is no limit.
+For example, this can be used if you only want to see the first message of each thread.
+```
+gam user user@domain.com print|show threads maxmessagesperthread 1
+```
+
+Fixed bug in `gam <UserTypeEntity> print filelist countsonly` where extraneous columns
+were displayed.
+
+Fixed bug in `gam <UserTypeEntity> print filelist countsonly showsize` where sizes were
+all shown as 0 unless`sizefield size` was specified.
+
+7.03.08
+
+Improved pip install.
+
+Yubikey as optional should now be working also. So:
+
+pip install --upgrade gam7
+
+skips Yubikey.
+
+To install with yubikey support (assuming you have installed the necessary swig and libpcsclite-dev packages already) run:
+
+pip install --upgrade gam7[yubikey]
+
+7.03.07
+
+Updated `gam create vaultexport` to include `corpus gemini`.
+
+* See: https://workspaceupdates.googleblog.com/2025/02/google-vault-now-supports-gemini.html
+
+7.03.06
+
+Added option `rawfields "<BrowserFieldNameList>"` to `gam info|print|show browsers` that allows
+specification of complex field lists with selected subfields.
+
+* See: https://github.com/GAM-team/GAM/wiki/Chrome-Browser-Cloud-Management#raw-fields
+
+7.03.05
+
+Make GAM pip-installable: "pip install gam7"
+
+7.03.04
+
+Added option `security` to `gam create cigroup` that allows creation of a security group
+in a single command.
+
+Updated to Python 3.13.2.
+
+7.03.03
+
+Fixed bug in `gam update resoldcustomer` that caused the following error:
+```
+ERROR: Got an unexpected keyword argument customerAuthToken
+```
+
+7.03.02
+
+Updated `gam <UserTypeEntity> show labels nested` to properly display label nesting
+when labels have embedded `/` characters in their names.
+
+7.03.01
+
+Updated `gam create project` to retry the following unexpected error:
+```
+ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.
+```
+
+7.03.00
+
+Updated `gam create|use project` to discontinue use of the `Identity-Aware Proxy (IAP) OAuth Admin APIs`
+that are being deprecated by Google. You will see a set of instructions detailing how to
+configure the Oauth Consent screen and create the Oauth client.
+
+Added options `copypermissionroles <DriveFileACLRoleList>` and `copypermissiontypes <DriveFileACLTypeList>`
+to `gam <UserTypeEntity> copy drivefile` that provide more control over what permissions are copied
+from the source files/folders to the destination files/folders.
+
+7.02.11
+
+Updated `gam report <ActivityApplicationName>` to display `id:<actor.profileId>` in the `emailAddress` column
+when `actor.email` is empty. This typically occurs when the actor is not in your workspace.
+
+Updated `gam <UserTypeEntity> copy drivefile` to ignore ACLs referencing deleted user/groups.
+
+7.02.10
+
+Added option `bydate` to `gam report <ActivityApplicationName> ... countsonly` that provides an additional display option.
+* `countsonly` - Display a row per user across all dates with all event counts on one row
+* `countsonly bydate` - Display a row per user per date for all dates with any events with all events counts on the row
+* `countsonly summary` - Display a row per event with counts for each event summarized across users and dates
+
+7.02.09
+
+Added option `clearresources` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that allows clearing all resources from a user's calendar events. For example, to clear all resources from a user's future events:
+```
+gam user user@domain.com update events primary matchfield attendeespattern @resource.calendar.google.com after now clearresources
+```
+
+Added option `resource <ResourceID>` to `<EventAttribute>` for use in `gam <UserTypeEntity> create|update events`
+that adds a resource to an event.
+
+Added option `removeresource <ResourceID>` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that removes a resource from an event.
+
+7.02.08
+
+Fixed bug in `gam print|show chromepolicies` that caused a trap when neither
+`ou|orgunit <OrgUnitItem>` nor `group <GroupItem>` was specified.
+
+7.02.07
+
+Updated `gam delete|update chromepolicy` to display the `<AppID>` or `<PrinterID>` (if specified)
+in the command status messages.
+
+7.02.06
+
+Added option `<JSONData>` to `gam <UserTypeEntity> create|update form` that allows for
+creation/modification of all fields in a form. `<JSONData>` is a list of form update requests.
+
+* See: https://developers.google.com/forms/api/reference/rest/v1/forms/batchUpdate
+
+7.02.05
+
+Updated `gam [<UserTypeEntity>] show shareddriveacls ... formatjson` to not display this line
+which interferes with the JSON output.
+```
+User: user@domain.com, Show N Shared Drives
+```
+
+7.02.04
+
+Updated code to eliminate trap caused by bug introduced in 7.02.00 that occurs when an invalid domain or OU is specified.
+
+7.02.03
+
+Added option `archive` to `gam <UserTypeEntity> update license <NewSKUID> from <OldSKUID>` that causes GAM
+to archive `<UserTypeEntity>` after updating their license to `<NewSKUID>`. This will be used when you want to
+archive a user with a non-archivable license. The `<NewSKUID>` license is assigned to the user and it then converts
+to the equivalent Archived User license when the user is archived.
+
+`<NewSKUID>` must be one of the following SKUs:
+```
+Google-Apps-Unlimited - G Suite Business
+1010020020 - Google Workspace Enterprise Plus
+1010020025 - Google Workspace Business Plus
+1010020026 - Google Workspace Enterprise Standard
+1010020027 - Google Workspace Business Starter
+1010020028 - Google Workspace Business Standard
+```
+
+7.02.02
+
+Updated `gam <UserTypeEntity> archive messages <GroupItem>` to retry the following unexpected error
+that occurs after many messages have been successfully archived.
+`ERROR: 404: notFound - Unable to lookup group`
+
+7.02.01
+
+Added options `locked` and `unlocked` to `gam update cigroups` that allow locking/unlocking groups.
+
+* See: https://workspaceupdates.googleblog.com/2024/12/locked-groups-open-beta.html
+
+You'll have to do a `gam oauth create` and enable the following scope to use these options:
+```
+[*] 22)  Cloud Identity Groups API Beta (Enables group locking/unlocking)
+```
+
+7.02.00
+
+Improved the error message displayed for user service account access commands when:
+* The API is not enabled
+* The user does not exist
+* The user exists but is in a OU where the service is disabled
+
+7.01.04
+
+Admin role assignments are now in the v1 stable API, use that and remove custom local workaround for the beta. #1724
+
+Remove duplicate local JSON discovery files. #1724
+
+Suppress "UserWarning: Attribute's length must be..." messages on service accounts with long emails. #1725
+
+Added options `internal`, `internaldomains <DomainNameList>` and `external` to these commands
+that expand the options for viewing group members:
+```
+gam info group
+gam print groups
+gam print|show group-members
+gam info cigroup
+gam print cigroups
+gam print|show cigroup-members
+```
+By default, when listing group members, GAM does not take the domain of the member into account.
+* `internal internaldomains <DomainNameList>` - Display members whose domain is in `<DomainNameList>`
+* `external internaldomains <DomainNameList>` - Display members whose domain is not in `<DomainNameList>`
+* `internal external internaldomains <DomainNameList>` - Display all members, indicate their category: internal or external
+* `internaldomains <DomainNameList>` - Defaults to value of `domain` in `gam.cfg`
+
+Members without an email address, e.g. `customer`, `chromeosdevice` and `cbcmbrowser` are considered internal.
+
+Updated to Python 3.13.1.
+
+7.01.03
+
+Fixed bug in `gam update cigroups <GroupEntity> delete|sync|update` where `cbcmbrowser` and `chromeosdevice`
+addresses were not properly handled.
+
+7.01.02
+
+Added option `positivecountsonly` to `gam <UserTypeEntity> print|show filecomments` that causes
+GAM to display the number of comments and replies only for files that have comments.
+
+Added `my_commentable_items` to `<DriveFileQueryShortcut>` that can be used with
+`gam <UserTypeEntity> print|show filecomments my_commentable_items` to speed up processing.
+
+Updated code that uses the Domain Shared Contacts API with an HTTPS proxy to avoid a trap:
+```
+Traceback (most recent call last):
+...
+File "atom/http.py", line 250, in _prepare_connection
+AttributeError: module 'ssl' has no attribute 'wrap_socket'
+```
+
+7.01.01
+
+Fixed bug in `gam <UserTypeEntity> print|show filetree` where no error message was generated
+if a user had Drive disabled.
+
+7.01.00
+
+Fixed bug in `gam update chromepolicy` that caused some policy updates to fail.
+
+Added option `showhtml` to `gam <UserTypeEntity> print|show messages` that, when used with `showbody`,
+will display message body content of type HTML.
+
+Added support for managing/displaying Chrome profiles.
+
+* See: https://github.com/GAM-team/GAM/wiki/Chrome-Profile-Management
+
 7.00.40

 Updated `gam <UserTypeEntity> update serviceaccount` to properly set the readonly scope
@@ -7,6 +422,8 @@ for `[R] 35)  Meet API (supports readonly)` as it is a special case.

 Supported MacOS versions are now in the download filename.

+Minor code fixes.
+
 7.00.38

 Fixed logic flaw in `gam print|show policies` where non-matching policies were displayed.
--- a/src/admin-directory_v1.1beta1.json
+++ b/src/admin-directory_v1.1beta1.json
--- a/src/cacerts.pem
+++ b/src/cacerts.pem
@@ -273,257 +273,6 @@ r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
 gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
 -----END CERTIFICATE-----

-# Operating CA: Entrust Datacard
-# Issuer: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc.
-# Subject: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc.
-# Label: "Entrust Root Certification Authority"
-# Serial: 1164660820
-# MD5 Fingerprint: d6:a5:c3:ed:5d:dd:3e:00:c1:3d:87:92:1f:1d:3f:e4
-# SHA1 Fingerprint: b3:1e:b1:b7:40:e3:6c:84:02:da:dc:37:d4:4d:f5:d4:67:49:52:f9
-# SHA256 Fingerprint: 73:c1:76:43:4f:1b:c6:d5:ad:f4:5b:0e:76:e7:27:28:7c:8d:e5:76:16:c1:e6:e6:14:1a:2b:2c:bc:7d:8e:4c
-----BEGIN CERTIFICATE-----
-MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
-VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
-Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
-KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
-NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
-NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
-ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
-BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
-Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
-4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
-KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
-rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
-94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
-sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
-gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
-kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
-vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
-A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
-O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
-AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
-9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
-eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
-0vdXcDazv/wor3ElhVsT/h5/WrQ8
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=Entrust Root Certification Authority - EC1 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2012 Entrust, Inc. - for authorized use only
-# Subject: CN=Entrust Root Certification Authority - EC1 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2012 Entrust, Inc. - for authorized use only
-# Label: "Entrust Root Certification Authority - EC1"
-# Serial: 51543124481930649114116133369
-# MD5 Fingerprint: b6:7e:1d:f0:58:c5:49:6c:24:3b:3d:ed:98:18:ed:bc
-# SHA1 Fingerprint: 20:d8:06:40:df:9b:25:f5:12:25:3a:11:ea:f7:59:8a:eb:14:b5:47
-# SHA256 Fingerprint: 02:ed:0e:b2:8c:14:da:45:16:5c:56:67:91:70:0d:64:51:d7:fb:56:f0:b2:ab:1d:3b:8e:b0:70:e5:6e:df:f5
-----BEGIN CERTIFICATE-----
-MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG
-A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3
-d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu
-dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq
-RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy
-MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD
-VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
-L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g
-Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi
-A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt
-ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH
-Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
-BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
-R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
-hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=Entrust Root Certification Authority - G2 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2009 Entrust, Inc. - for authorized use only
-# Subject: CN=Entrust Root Certification Authority - G2 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2009 Entrust, Inc. - for authorized use only
-# Label: "Entrust Root Certification Authority - G2"
-# Serial: 1246989352
-# MD5 Fingerprint: 4b:e2:c9:91:96:65:0c:f4:0e:5a:93:92:a0:0a:fe:b2
-# SHA1 Fingerprint: 8c:f4:27:fd:79:0c:3a:d1:66:06:8d:e8:1e:57:ef:bb:93:22:72:d4
-# SHA256 Fingerprint: 43:df:57:74:b0:3e:7f:ef:5f:e4:0d:93:1a:7b:ed:f1:bb:2e:6b:42:73:8c:4e:6d:38:41:10:3d:3a:a7:f3:39
-----BEGIN CERTIFICATE-----
-MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
-VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
-cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
-IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
-dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
-NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
-dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
-dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
-aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
-RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
-cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
-wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
-U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
-jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
-BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
-jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
-Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
-1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
-nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
-VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited
-# Subject: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited
-# Label: "Entrust.net Premium 2048 Secure Server CA"
-# Serial: 946069240
-# MD5 Fingerprint: ee:29:31:bc:32:7e:9a:e6:e8:b5:f7:51:b4:34:71:90
-# SHA1 Fingerprint: 50:30:06:09:1d:97:d4:f5:ae:39:f7:cb:e7:92:7d:7d:65:2d:34:31
-# SHA256 Fingerprint: 6d:c4:71:72:e0:1c:bc:b0:bf:62:58:0d:89:5f:e2:b8:ac:9a:d4:f8:73:80:1e:0c:10:b9:c8:37:d2:1e:b1:77
-----BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
-RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
-bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
-IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3
-MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
-LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
-YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
-A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
-K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
-sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
-MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
-XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
-HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
-4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
-HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub
-j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo
-U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
-zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
-u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
-bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
-fF6adulZkMV8gzURZVE=
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=AffirmTrust Commercial O=AffirmTrust
-# Subject: CN=AffirmTrust Commercial O=AffirmTrust
-# Label: "AffirmTrust Commercial"
-# Serial: 8608355977964138876
-# MD5 Fingerprint: 82:92:ba:5b:ef:cd:8a:6f:a6:3d:55:f9:84:f6:d6:b7
-# SHA1 Fingerprint: f9:b5:b6:32:45:5f:9c:be:ec:57:5f:80:dc:e9:6e:2c:c7:b2:78:b7
-# SHA256 Fingerprint: 03:76:ab:1d:54:c5:f9:80:3c:e4:b2:e2:01:a0:ee:7e:ef:7b:57:b6:36:e8:a9:3c:9b:8d:48:60:c9:6f:5f:a7
-----BEGIN CERTIFICATE-----
-MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
-BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
-dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL
-MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
-cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP
-Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr
-ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL
-MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1
-yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr
-VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/
-nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG
-XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj
-vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt
-Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g
-N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC
-nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=AffirmTrust Networking O=AffirmTrust
-# Subject: CN=AffirmTrust Networking O=AffirmTrust
-# Label: "AffirmTrust Networking"
-# Serial: 8957382827206547757
-# MD5 Fingerprint: 42:65:ca:be:01:9a:9a:4c:a9:8c:41:49:cd:c0:d5:7f
-# SHA1 Fingerprint: 29:36:21:02:8b:20:ed:02:f5:66:c5:32:d1:d6:ed:90:9f:45:00:2f
-# SHA256 Fingerprint: 0a:81:ec:5a:92:97:77:f1:45:90:4a:f3:8d:5d:50:9f:66:b5:e2:c5:8f:cd:b5:31:05:8b:0e:17:f3:f0:b4:1b
-----BEGIN CERTIFICATE-----
-MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE
-BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
-dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL
-MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
-cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y
-YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua
-kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL
-QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp
-6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG
-yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i
-QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
-KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO
-tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu
-QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ
-Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u
-olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48
-x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=AffirmTrust Premium O=AffirmTrust
-# Subject: CN=AffirmTrust Premium O=AffirmTrust
-# Label: "AffirmTrust Premium"
-# Serial: 7893706540734352110
-# MD5 Fingerprint: c4:5d:0e:48:b6:ac:28:30:4e:0a:bc:f9:38:16:87:57
-# SHA1 Fingerprint: d8:a6:33:2c:e0:03:6f:b1:85:f6:63:4f:7d:6a:06:65:26:32:28:27
-# SHA256 Fingerprint: 70:a7:3f:7f:37:6b:60:07:42:48:90:45:34:b1:14:82:d5:bf:0e:69:8e:cc:49:8d:f5:25:77:eb:f2:e9:3b:9a
-----BEGIN CERTIFICATE-----
-MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE
-BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz
-dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG
-A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U
-cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf
-qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ
-JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ
-+jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS
-s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5
-HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7
-70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG
-V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S
-qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S
-5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia
-C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX
-OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE
-FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
-BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2
-KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
-Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B
-8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ
-MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc
-0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ
-u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF
-u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH
-YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8
-GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO
-RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e
-KeC2uAloGRwYQw==
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=AffirmTrust Premium ECC O=AffirmTrust
-# Subject: CN=AffirmTrust Premium ECC O=AffirmTrust
-# Label: "AffirmTrust Premium ECC"
-# Serial: 8401224907861490260
-# MD5 Fingerprint: 64:b0:09:55:cf:b1:d5:99:e2:be:13:ab:a6:5d:ea:4d
-# SHA1 Fingerprint: b8:23:6b:00:2f:1d:16:86:53:01:55:6c:11:a4:37:ca:eb:ff:c3:bb
-# SHA256 Fingerprint: bd:71:fd:f6:da:97:e4:cf:62:d1:64:7a:dd:25:81:b0:7d:79:ad:f8:39:7e:b4:ec:ba:9c:5e:84:88:82:14:23
-----BEGIN CERTIFICATE-----
-MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC
-VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ
-cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ
-BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt
-VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D
-0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9
-ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G
-A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G
-A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs
-aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I
-flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ==
-----END CERTIFICATE-----
-
 # Operating CA: GlobalSign
 # Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA
 # Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA
--- a/src/cbcm-v1.1beta1.json
+++ b/src/cbcm-v1.1beta1.json
@@ -1,594 +0,0 @@
-{
-  "auth": {
-    "oauth2": {
-      "scopes": {
-        "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers": {
-          "description": "View and manage your Chrome browsers registered with Cloud Management"
-        },
-        "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly": {
-          "description": "View your Chrome browsers registered with Cloud Management"
-        }
-      }
-    }
-  },
-  "basePath": "",
-  "baseUrl": "https://admin.googleapis.com/admin/directory/v1.1beta1/customer/",
-  "batchPath": "batch",
-  "canonicalName": "cbcm",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://support.google.com/chrome/a/answer/9681204",
-  "fullyEncodeReservedExpansion": true,
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "id": "cbcm:v1.1beta1",
-  "kind": "discovery#restDescription",
-  "mtlsRootUrl": "https://admin.mtls.googleapis.com/",
-  "name": "cbcm",
-  "ownerDomain": "google.com",
-  "ownerName": "Jay Lee",
-  "packagePath": "cbcm",
-  "parameters": {
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "enum": [
-        "1",
-        "2"
-      ],
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "access_token": {
-      "description": "OAuth access token.",
-      "location": "query",
-      "type": "string"
-    },
-    "alt": {
-      "default": "json",
-      "description": "Data format for response.",
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "callback": {
-      "description": "JSONP",
-      "location": "query",
-      "type": "string"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "location": "query",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "location": "query",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "default": "true",
-      "description": "Returns response with indentations and line breaks.",
-      "location": "query",
-      "type": "boolean"
-    },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "location": "query",
-      "type": "string"
-    },
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    },
-    "upload_protocol": {
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    }
-  },
-  "protocol": "rest",
-  "resources": {
-    "chromebrowsers": {
-      "methods": {
-        "delete": {
-          "description": "Deletes a browser.",
-          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
-          "httpMethod": "DELETE",
-          "id": "cbcm.chromebrowsers.delete",
-          "parameterOrder": [
-            "customer",
-            "deviceId"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "deviceId": {
-              "description": "Immutable ID of the browser.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers/{deviceId}",
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        },
-        "get": {
-          "description": "Retrieves a browser.",
-          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
-          "httpMethod": "GET",
-          "id": "cbcm.chromebrowsers.get",
-          "parameterOrder": [
-            "customer",
-            "deviceId"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "deviceId": {
-              "description": "Immutable ID of the browser.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "projection": {
-              "description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers/{deviceId}",
-          "response": {
-            "$ref": "ChromeBrowser"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
-          ]
-        },
-        "list": {
-          "description": "Retrieves a paginated list of all the browsers in a domain.",
-          "flatPath": "{customer}/devices/chromebrowsers",
-          "httpMethod": "GET",
-          "id": "cbcm.chromebrowsers.list",
-          "parameterOrder": [
-            "customer"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "maxResults": {
-              "description": "Maximum number of results to return.",
-              "format": "int32",
-              "location": "query",
-              "maximum": "100",
-              "minimum": "1",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "property to use for sorting results.",
-              "location": "query",
-              "type": "string"
-            },
-            "orgUnitPath": {
-              "description": "The full path of the organizational unit or its unique ID.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Token to specify the next page in the list.",
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
-              "location": "query",
-              "type": "string"
-            },
-            "query": {
-              "description": "Search string using the list page query language.",
-              "location": "query",
-              "type": "string"
-            },
-            "sortOrder": {
-              "description": "Whether to return results in ascending or descending order. Must be used with the orderBy parameter.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers",
-          "response": {
-            "$ref": "ChromeBrowsers"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
-          ]
-        },
-        "moveChromeBrowsersToOu": {
-          "description": "Move Chrome Browsers Device between Organization Units",
-          "flatPath": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
-          "httpMethod": "POST",
-          "id": "cbcm.chromebrowsers.moveChromeBrowsersToOu",
-          "parameterOrder": [
-            "customer"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
-          "request": {
-            "$ref": "MoveChromeBrowsersRequest"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        },
-        "update": {
-          "description": "Updates a browser.",
-          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
-          "httpMethod": "PUT",
-          "id": "cbcm.chromebrowsers.update",
-          "parameterOrder": [
-            "customer",
-            "deviceId"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "deviceId": {
-              "description": "Immutable ID of the browser.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "projection": {
-              "description": "BASIC or FULL",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers/{deviceId}",
-          "request": {
-            "$ref": "ChromeBrowser"
-          },
-          "response": {
-            "$ref": "ChromeBrowser"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        }
-      }
-    },
-    "enrollmentTokens": {
-      "methods": {
-        "list": {
-          "description": "Retrieves a paginated list of all the browser entollment tokens in a domain.",
-          "flatPath": "{customer}/chrome/enrollmentTokens",
-          "httpMethod": "GET",
-          "id": "cbcm.enrollmentTokens.list",
-          "parameterOrder": [
-            "customer"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "pageSize": {
-              "description": "Maximum number of results to return.",
-              "format": "int32",
-              "location": "query",
-              "maximum": "100",
-              "minimum": "1",
-              "type": "integer"
-            },
-            "orgUnitPath": {
-              "description": "The full path of the organizational unit or its unique ID.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Token to specify the next page in the list.",
-              "location": "query",
-              "type": "string"
-            },
-            "query": {
-              "description": "Search string using the list page query language.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "{customer}/chrome/enrollmentTokens",
-          "response": {
-            "$ref": "EnrollmentTokens"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
-          ]
-        },
-        "create": {
-          "description": "Creates a browser enrollment token in a domain.",
-          "flatPath": "{customer}/chrome/enrollmentTokens",
-          "httpMethod": "POST",
-          "id": "cbcm.enrollmentTokens.create",
-          "parameterOrder": [
-            "customer"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "{customer}/chrome/enrollmentTokens",
-          "request": {
-            "$ref": "CreateEnrollmentTokenRequest"
-          },
-          "response": {
-            "$ref": "EnrollmentToken"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        },
-        "revoke": {
-          "description": "Revokes a browser enrollment token in a domain.",
-          "flatPath": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
-          "httpMethod": "POST",
-          "id": "cbcm.enrollmentTokens.revoke",
-          "parameterOrder": [
-            "customer",
-            "tokenPermanentId"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "tokenPermanentId": {
-              "description": "Unique identifier for an enrollment token.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        }
-      }
-    }
-  },
-  "revision": "20201203",
-  "rootUrl": "https://admin.googleapis.com/admin/directory/v1.1beta1/customer/",
-  "schemas": {
-    "ChromeBrowser": {
-      "id": "ChromeBrowser",
-      "properties": {
-        "annotatedAssetId": {
-          "description": "Asset identifier as annotated by the administrator or specified during enrollment.",
-          "type": "string"
-        },
-        "annotatedLocation": {
-          "description": "Address or location of the device as annotated by the administrator.",
-          "type": "string"
-        },
-        "annotatedNotes": {
-          "description": "Notes about this device as annotated by the administrator",
-          "type": "string"
-        },
-        "annotatedUser": {
-          "description": "User of the device as annotated by the administrator.",
-          "type": "string"
-        },
-        "deviceId": {
-          "annotations": {
-            "required": [
-              "cbcm.chromebrowsers.update"
-            ]
-          },
-          "description": "The unique ID of the device.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ChromeBrowsers": {
-      "id": "ChromeBrowsers",
-      "properties": {
-        "browsers": {
-          "description": "List of Chrome browser objects.",
-          "items": {
-            "$ref": "ChromeBrowser"
-          },
-          "type": "array"
-        },
-        "etag": {
-          "description": "ETag of the resource.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "admin#directory#chromeosdevices",
-          "description": "Kind of resource this is.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "EnrollmentToken": {
-      "id": "EnrollmentToken",
-      "properties": {
-        "kind": {
-          "default": "admin#directory#chromeEnrollmentToken",
-          "description": "Kind of resource this is.",
-          "type": "string"
-        },
-        "tokenId": {
-          "description": "Enrollment Token ID.",
-          "type": "string"
-        },
-        "tokenPermanentId": {
-          "description": "Enrollment Token Permanent ID.",
-          "type": "string"
-        },
-        "customerId": {
-          "description": "Immutable ID of the G Suite account.",
-          "type": "string"
-        },
-        "orgUnitPath": {
-          "description": "The full path of the organizational unit or its unique ID.",
-          "type": "string"
-        },
-        "creatorId": {
-          "description": "Creator ID.",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Creation Time.",
-          "type": "string"
-        },
-        "revokerId": {
-          "description": "Revoker ID.",
-          "type": "string"
-        },
-        "revokeTime": {
-          "description": "Revoke Time",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "EnrollmentTokens": {
-      "id": "EnrollmentTokens",
-      "properties": {
-        "chrome_enrollment_tokens": {
-          "description": "List of Chrome browser enrollment token objects.",
-          "items": {
-            "$ref": "EnrollmentToken"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "admin#directory#chromeEnrollmentTokens",
-          "description": "Kind of resource this is.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "CreateEnrollmentTokenRequest": {
-      "id": "CreateEnrollmentTokenRequest",
-      "type": "object",
-      "properties": {
-        "org_unit_path": {
-          "description": "The full path of the organizational unit or its unique ID.",
-          "type": "string"
-        },
-        "expire_time": {
-          "description": "Expiration Time.",
-          "type": "string"
-        },
-        "token_type": {
-          "id": "token_type",
-          "annotations": {
-            "required": [
-              "cbcm.enrollmentTokens.create"
-            ]
-          },
-          "description": "CHROME_BROWSER.",
-          "type": "string"
-        }
-      }
-    },
-    "MoveChromeBrowsersRequest": {
-      "id": "MoveChromeBrowsersRequest",
-      "type": "object",
-      "properties": {
-        "org_unit_path": {
-          "annotations": {
-            "required": [
-              "cbcm.chromebrowsers.moveChromeBrowsersToOu"
-            ]
-          },
-          "description": "Destination organization unit to move devices to. Full path of the organizational unit or its ID prefixed with id:",
-          "type": "string"
-        },
-        "resource_ids": {
-          "annotations": {
-            "required": [
-              "cbcm.chromebrowsers.moveChromeBrowsersToOu"
-            ]
-          },
-          "description": "List of unique device IDs of Chrome Browser Devices to move. A maximum of 600 browsers may be moved per request.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      }
-    }
-  },
-  "servicePath": "",
-  "title": "Admin SDK API",
-  "version": "cbcm_v1.1beta1"
-}
--- a/src/contactdelegation-v1.json
+++ b/src/contactdelegation-v1.json
@@ -1,249 +0,0 @@
-{
-  "auth": {
-    "oauth2": {
-      "scopes": {
-        "https://www.googleapis.com/auth/admin.contact.delegation": {
-          "description": "View and manage your Contact Delegation"
-        },
-        "https://www.googleapis.com/auth/admin.contact.delegation.readonly": {
-          "description": "View your Contact Delegation"
-        }
-      }
-    }
-  },
-  "basePath": "",
-  "baseUrl": "https://admin.googleapis.com/admin/contacts/v1/",
-  "batchPath": "batch",
-  "canonicalName": "contactdelegation",
-  "description": "The Contact Delegation API allows Admins to delegate access of one user's, called the delegator, contacts to another user, called the delegate.",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://developers.google.com/admin-sdk/contact-delegation",
-  "fullyEncodeReservedExpansion": true,
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "id": "contactdelegation:v1",
-  "kind": "discovery#restDescription",
-  "name": "contactdelegation",
-  "ownerDomain": "google.com",
-  "ownerName": "Google",
-  "packagePath": "admin",
-  "parameters": {
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "enum": [
-        "1",
-        "2"
-      ],
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "access_token": {
-      "description": "OAuth access token.",
-      "location": "query",
-      "type": "string"
-    },
-    "alt": {
-      "default": "json",
-      "description": "Data format for response.",
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "callback": {
-      "description": "JSONP",
-      "location": "query",
-      "type": "string"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "location": "query",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "location": "query",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "default": "true",
-      "description": "Returns response with indentations and line breaks.",
-      "location": "query",
-      "type": "boolean"
-    },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "location": "query",
-      "type": "string"
-    },
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    },
-    "upload_protocol": {
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    }
-  },
-  "protocol": "rest",
-  "resources": {
-    "delegates": {
-      "methods": {
-        "create": {
-          "description": "Creates a contact delegations",
-          "flatPath": "users/{user}/delegates",
-          "httpMethod": "POST",
-          "id": "contactdelegations.delegates.create",
-          "parameterOrder": [
-            "user"
-          ],
-          "parameters": {
-            "user": {
-              "description": "Email address of the delegator.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "users/{user}/delegates/{delegate}",
-          "request": {
-            "$ref": "Delegate"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.contact.delegation"
-          ]
-        },
-        "delete": {
-          "description": "Deletes a contact delegation.",
-          "flatPath": "users/{user}/delegates/{delegate}",
-          "httpMethod": "DELETE",
-          "id": "contactdelegations.delegates.delete",
-          "parameterOrder": [
-            "user",
-            "delegate"
-          ],
-          "parameters": {
-            "delegate": {
-              "description": "Email address of the delegate",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "user": {
-              "description": "Email address of the delegator.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "users/{user}/delegates/{delegate}",
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.contact.delegation"
-          ]
-        },
-        "list": {
-          "description": "Lists contact delegates for a user",
-          "flatPath": "users/{user}/delegates",
-          "httpMethod": "GET",
-          "id": "contactdelegations.delegates.list",
-          "parameterOrder": [
-            "user"
-          ],
-          "parameters": {
-            "pageSize": {
-              "description": "Determines how many delegates are returned in each response. ",
-              "format": "int32",
-              "location": "query",
-              "minimum": "1",
-              "type": "integer"
-            },
-            "pageToken": {
-              "description": "Token to specify the next page in the list.",
-              "location": "query",
-              "type": "string"
-            },
-            "user": {
-              "description": "Email address of the delegator.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "users/{user}/delegates",
-          "response": {
-            "$ref": "Delegates"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.contact.delegation",
-            "https://www.googleapis.com/auth/admin.contact.delegation.readonly"
-          ]
-        }
-      }
-    }
-  },
-  "rootUrl": "https://admin.googleapis.com/admin/contacts/v1/",
-  "schemas": {
-    "Delegate": {
-      "description": "JSON template for a delegate.",
-      "id": "Delegate",
-      "properties": {
-        "email": {
-          "description": "Email of the delegate.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Delegates": {
-      "id": "Delegates",
-      "properties": {
-        "delegates": {
-          "description": "List of delegates.",
-          "items": {
-            "$ref": "Delegate"
-          },
-          "type": "array"
-        },
-        "etag": {
-          "description": "ETag of the resource.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "",
-          "description": "Kind of resource this is.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    }
-  },
-  "servicePath": "",
-  "title": "Contact Delegation API",
-  "version": "v1",
-  "version_module": true
-}
--- a/src/datastudio-v1.json
+++ b/src/datastudio-v1.json
@@ -1,486 +0,0 @@
-{
-  "basePath": "",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://support.google.com/datastudio",
-  "canonicalName": "Data Studio",
-  "id": "datastudio:v1",
-  "ownerName": "Google",
-  "description": "Allows programmatic viewing and editing of Data Studio assets.",
-  "rootUrl": "https://datastudio.googleapis.com/",
-  "ownerDomain": "google.com",
-  "mtlsRootUrl": "https://datastudio.mtls.googleapis.com/",
-  "batchPath": "batch",
-  "version_module": true,
-  "version": "v1",
-  "schemas": {
-    "Asset": {
-      "id": "Asset",
-      "properties": {
-        "title": {
-          "description": "The title of the asset.",
-          "type": "string"
-        },
-        "createTime": {
-          "format": "google-datetime",
-          "description": "Date the asset was created.",
-          "type": "string"
-        },
-        "lastViewByMeTime": {
-          "type": "string",
-          "description": "Date the asset was last viewed by me.",
-          "format": "google-datetime"
-        },
-        "owner": {
-          "type": "string",
-          "description": "The owner of the asset."
-        },
-        "name": {
-          "type": "string",
-          "description": "The name of the asset."
-        },
-        "trashed": {
-          "type": "boolean",
-          "description": "Value indicating if the asset is in the trash."
-        },
-        "updateTime": {
-          "format": "google-datetime",
-          "description": "Date the asset was last modified.",
-          "type": "string"
-        },
-        "updateByMeTime": {
-          "description": "Date the asset was last modified by me.",
-          "type": "string",
-          "format": "google-datetime"
-        },
-        "assetType": {
-          "enumDescriptions": [
-            "Asset type not specified.",
-            "A report asset.",
-            "A data Source asset."
-          ],
-          "enum": [
-            "ASSET_TYPE_UNSPECIFIED",
-            "REPORT",
-            "DATA_SOURCE"
-          ],
-          "description": "The type of the asset.",
-          "type": "string"
-        }
-      },
-      "description": "A Data Studio asset.",
-      "type": "object"
-    },
-    "SearchAssetsResponse": {
-      "id": "SearchAssetsResponse",
-      "properties": {
-        "assets": {
-          "items": {
-            "$ref": "Asset"
-          },
-          "type": "array",
-          "description": "The list of assets."
-        },
-        "nextPageToken": {
-          "type": "string",
-          "description": "A token to retrieve next page of results. Pass this value in the SearchAssetsRequest.page_token field in the subsequent call to `SearchAssets` method to retrieve the next page of results."
-        }
-      },
-      "description": "Response message for DataStudioService.SearchAssets",
-      "type": "object"
-    },
-    "UpdatePermissionsRequest": {
-      "description": "Request message for DataStudioService.UpdatePermissions",
-      "properties": {
-        "updateMask": {
-          "description": "The list of fields to be updated. Currently not supported.",
-          "type": "string",
-          "format": "google-fieldmask"
-        },
-        "permissions": {
-          "description": "The permissions object to update.",
-          "$ref": "Permissions"
-        }
-      },
-      "id": "UpdatePermissionsRequest",
-      "type": "object"
-    },
-    "AddMembersRequest": {
-      "properties": {
-        "members": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "description": "Required. The members to add to the role. The format of a member is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com"
-        },
-        "role": {
-          "type": "string",
-          "enumDescriptions": [
-            "Role not specified.",
-            "A viewer.",
-            "An editor.",
-            "An owner.",
-            "Link shared viewer.",
-            "Link shared editor."
-          ],
-          "enum": [
-            "ROLE_UNSPECIFIED",
-            "VIEWER",
-            "EDITOR",
-            "OWNER",
-            "LINK_VIEWER",
-            "LINK_EDITOR"
-          ],
-          "description": "Required. The role to add members to."
-        }
-      },
-      "type": "object",
-      "id": "AddMembersRequest",
-      "description": "Request message for DataStudioService.AddMembers"
-    },
-    "Permissions": {
-      "type": "object",
-      "id": "Permissions",
-      "description": "A Data Studio asset's Permissions.",
-      "properties": {
-        "permissions": {
-          "description": "A map from a Role to a list of members. Role is a string representation of the Role enum. One of: - OWNER - EDITOR - VIEWER",
-          "additionalProperties": {
-            "$ref": "Members"
-          },
-          "type": "object"
-        },
-        "etag": {
-          "format": "byte",
-          "description": "etag to detect and fail concurrent modifications",
-          "type": "string"
-        }
-      }
-    },
-    "RevokeAllPermissionsRequest": {
-      "description": "Request message for DataStudioService.RevokeAllPermissions",
-      "id": "RevokeAllPermissionsRequest",
-      "type": "object",
-      "properties": {
-        "members": {
-          "description": "Required. The members that are having their access revoked. The format of a member is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      }
-    },
-    "Members": {
-      "description": "A wrapper message for a list of members.",
-      "properties": {
-        "members": {
-          "description": "Format of string is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object",
-      "id": "Members"
-    }
-  },
-  "name": "datastudio",
-  "protocol": "rest",
-  "baseUrl": "https://datastudio.googleapis.com/",
-  "title": "Data Studio API",
-  "revision": "20210412",
-  "fullyEncodeReservedExpansion": true,
-  "icons": {
-    "x32": "http://www.google.com/images/icons/product/search-32.gif",
-    "x16": "http://www.google.com/images/icons/product/search-16.gif"
-  },
-  "parameters": {
-    "quotaUser": {
-      "location": "query",
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "location": "query",
-      "type": "boolean",
-      "description": "Returns response with indentations and line breaks.",
-      "default": "true"
-    },
-    "callback": {
-      "location": "query",
-      "type": "string",
-      "description": "JSONP"
-    },
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "type": "string",
-      "location": "query"
-    },
-    "upload_protocol": {
-      "type": "string",
-      "location": "query",
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\")."
-    },
-    "$.xgafv": {
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "description": "V1 error format.",
-      "location": "query",
-      "type": "string",
-      "enum": [
-        "1",
-        "2"
-      ]
-    },
-    "oauth_token": {
-      "type": "string",
-      "location": "query",
-      "description": "OAuth 2.0 token for the current user."
-    },
-    "alt": {
-      "type": "string",
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "location": "query",
-      "description": "Data format for response.",
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "default": "json"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "access_token": {
-      "type": "string",
-      "description": "OAuth access token.",
-      "location": "query"
-    },
-    "key": {
-      "type": "string",
-      "location": "query",
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token."
-    }
-  },
-  "servicePath": "",
-  "kind": "discovery#restDescription",
-  "resources": {
-    "assets": {
-      "methods": {
-        "getPermissions": {
-          "parameters": {
-            "name": {
-              "type": "string",
-              "location": "path",
-              "description": "Required. The name of the asset.",
-              "required": true
-            },
-            "role": {
-              "enumDescriptions": [
-                "Role not specified.",
-                "A viewer.",
-                "An editor.",
-                "An owner.",
-                "Link shared viewer.",
-                "Link shared editor."
-              ],
-              "type": "string",
-              "location": "query",
-              "description": "The role of the permssion.",
-              "enum": [
-                "ROLE_UNSPECIFIED",
-                "VIEWER",
-                "EDITOR",
-                "OWNER",
-                "LINK_VIEWER",
-                "LINK_EDITOR"
-              ]
-            }
-          },
-          "id": "datastudio.assets.getPermissions",
-          "response": {
-            "$ref": "Permissions"
-          },
-          "flatPath": "v1/assets/{name}/permissions",
-          "path": "v1/assets/{name}/permissions",
-          "description": "Gets the asset's permission for a given role.",
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "GET"
-        },
-        "updatePermissions": {
-          "id": "datastudio.assets.updatePermissions",
-          "parameterOrder": [
-            "name"
-          ],
-          "flatPath": "v1/assets/{name}/permissions",
-          "description": "Updates a permission.",
-          "request": {
-            "$ref": "UpdatePermissionsRequest"
-          },
-          "path": "v1/assets/{name}/permissions",
-          "parameters": {
-            "name": {
-              "description": "Required. The name of the asset.",
-              "location": "path",
-              "type": "string",
-              "required": true
-            }
-          },
-          "response": {
-            "$ref": "Permissions"
-          },
-          "httpMethod": "PATCH"
-        },
-        "get": {
-          "path": "v1/{+name}",
-          "id": "datastudio.assets.get",
-          "parameterOrder": [
-            "name"
-          ],
-          "description": "Gets the asset by name.",
-          "parameters": {
-            "name": {
-              "description": "Required. The name of the asset. Format: assets/{asset}",
-              "location": "path",
-              "required": true,
-              "pattern": "^assets/[^/]+$",
-              "type": "string"
-            }
-          },
-          "flatPath": "v1/assets/{assetsId}",
-          "response": {
-            "$ref": "Asset"
-          },
-          "httpMethod": "GET"
-        },
-        "search": {
-          "response": {
-            "$ref": "SearchAssetsResponse"
-          },
-          "path": "v1/assets:search",
-          "parameters": {
-            "pageToken": {
-              "type": "string",
-              "location": "query",
-              "description": "A token identifying a page of results the server should return. Use the value of SearchAssetsResponse.next_page_token returned from the previous call to `SearchAssets` method."
-            },
-            "assetTypes": {
-              "type": "string",
-              "repeated": true,
-              "description": "Exactly one AssetType must be specified.",
-              "enumDescriptions": [
-                "Asset type not specified.",
-                "A report asset.",
-                "A data Source asset."
-              ],
-              "location": "query",
-              "enum": [
-                "ASSET_TYPE_UNSPECIFIED",
-                "REPORT",
-                "DATA_SOURCE"
-              ]
-            },
-            "title": {
-              "description": "The title of assets to include. Not an exact match, works the same as search from the UI.",
-              "location": "query",
-              "type": "string"
-            },
-            "owner": {
-              "type": "string",
-              "location": "query",
-              "description": "The email of the owner of the asset."
-            },
-            "pageSize": {
-              "description": "Requested page size. If unspecified, server will pick an appropriate default.",
-              "location": "query",
-              "type": "integer",
-              "format": "int32"
-            },
-            "orderBy": {
-              "location": "query",
-              "description": "How the results should be ordered. Valid options are: - title",
-              "type": "string"
-            },
-            "includeTrashed": {
-              "location": "query",
-              "type": "boolean",
-              "description": "Value indicating if assets in trash should be included."
-            }
-          },
-          "flatPath": "v1/assets:search",
-          "httpMethod": "GET",
-          "description": "Searches assets.",
-          "id": "datastudio.assets.search",
-          "parameterOrder": []
-        }
-      },
-      "resources": {
-        "permissions": {
-          "methods": {
-            "revokeAllPermissions": {
-              "path": "v1/assets/{name}/permissions:revokeAllPermissions",
-              "response": {
-                "$ref": "Permissions"
-              },
-              "flatPath": "v1/assets/{name}/permissions:revokeAllPermissions",
-              "id": "datastudio.assets.permissions.revokeAllPermissions",
-              "description": "Revokes one or more members' access to an asset.",
-              "parameters": {
-                "name": {
-                  "required": true,
-                  "type": "string",
-                  "location": "path",
-                  "description": "Required. The name of the asset."
-                }
-              },
-              "parameterOrder": [
-                "name"
-              ],
-              "httpMethod": "POST",
-              "request": {
-                "$ref": "RevokeAllPermissionsRequest"
-              }
-            },
-            "addMembers": {
-              "path": "v1/assets/{name}/permissions:addMembers",
-              "parameters": {
-                "name": {
-                  "required": true,
-                  "location": "path",
-                  "type": "string",
-                  "description": "Required. The name of the asset."
-                }
-              },
-              "httpMethod": "POST",
-              "parameterOrder": [
-                "name"
-              ],
-              "response": {
-                "$ref": "Permissions"
-              },
-              "id": "datastudio.assets.permissions.addMembers",
-              "request": {
-                "$ref": "AddMembersRequest"
-              },
-              "description": "Adds one or more members to a role.",
-              "flatPath": "v1/assets/{name}/permissions:addMembers"
-            }
-          }
-        }
-      }
-    }
-  }
-}
--- a/src/gam-install.sh
+++ b/src/gam-install.sh
@@ -97,13 +97,6 @@ else
 fi
 }

-reverse() {
-    for (( i = ${#*}; i > 0; i-- ))
-    {
-        echo ${!i}
-    }
-}
-
 if [ "$gamversion" == "latest" ]; then
  release_url="https://api.github.com/repos/GAM-team/GAM/releases/latest"
 elif [ "$gamversion" == "prerelease" -o "$gamversion" == "draft" ]; then
@@ -119,6 +112,12 @@ else
  check_type="authenticated"
  curl_opts=( "$GHCLIENT" )
 fi
+curl_ver=$(curl --version|head -1|cut -d " " -f 2)
+if [[ "${curl_ver:0:4}" < "7.76" ]]; then
+  curl_fail=( )
+else
+  curl_fail=( "--fail-with-body" )
+fi
 echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
 release_json=$(curl \
 	--silent \
@@ -126,9 +125,16 @@ release_json=$(curl \
 	-H "Accept: application/vnd.github+json" \
 	-H "X-GitHub-Api-Version: 2022-11-28" \
 	"$release_url" \
-	2>&1 /dev/null)
+	"${curl_fail[@]}")
+curl_exit_code=$?
+if [ $curl_exit_code -ne 0 ]; then
+  echo_red "ERROR retrieving URL: ${release_json}"
+  exit
+else
+  echo_green "done"
+fi

-echo_yellow "Getting file and download URL..."
+echo_yellow "Calculating download URL for this device..."
 # Python is sadly the nearest to universal way to safely handle JSON with Bash
 # At least this code should be compatible with just about any Python version ever
 # unlike GAM itself. If some users don't have Python we can try grep / sed / etc
@@ -323,6 +329,8 @@ echo_yellow "Downloading ${download_url} to $temp_archive_dir ($check_type)..."
 (cd "$temp_archive_dir" && curl -O -L -s "${curl_opts[@]}" "$download_url")

 mkdir -p "$target_dir"
+echo_yellow "Deleting contents of $target_dir/gam7/lib"
+rm -frv "$target_dir/gam7/lib"

 echo_yellow "Extracting archive to $target_dir"
 if [[ "$name" =~ tar.xz|tar.gz|tar ]]; then
@@ -379,7 +387,7 @@ while true; do
      ;;
    [Nn]*)
 #      config_cmd="config no_browser true"
-      touch "$target_dir/gam/nobrowser.txt" > /dev/null 2>&1
+      touch "$target_dir/gam7/nobrowser.txt" > /dev/null 2>&1
      break
      ;;
    *)
@@ -487,4 +495,3 @@ echo_green "GAM installation and setup complete!"
 if [ "$update_profile" = true ]; then
  echo_green "Please restart your terminal shell or to get started right away run:\n\n$alias_line"
 fi
-
--- a/src/gam.spec
+++ b/src/gam.spec
@@ -11,12 +11,15 @@ from gam.gamlib.glverlibs import GAM_VER_LIBS
 with open("gam/__init__.py") as f:
    version_file = f.read()
 version = re.search(r"^__version__ = ['\"]([^'\"]*)['\"]", version_file, re.M).group(1)
-version_tuple = "(" + version.split("-")[0].replace(".", ", ") + ", 0)"
-
+version_list = [int(i) for i in version.split('.')]
+while len(version_list) < 4:
+  version_list.append(0)
+version_tuple = tuple(version_list)
+version_str = str(version_tuple)
 with open("version_info.txt.in") as f:
    version_info = f.read()
 version_info = version_info.replace("{VERSION}", version).replace(
-    "{VERSION_TUPLE}", version_tuple
+    "{VERSION_TUPLE}", version_str
 )
 with open("version_info.txt", "w") as f:
    f.write(version_info)
@@ -25,11 +28,11 @@ print(version_info)
 datas = []
 for pkg in GAM_VER_LIBS:
    datas += copy_metadata(pkg, recursive=True)
-datas += [('admin-directory_v1.1beta1.json', '.')]
-datas += [('cbcm-v1.1beta1.json', '.')]
-datas += [('contactdelegation-v1.json', '.')]
-datas += [('datastudio-v1.json', '.')]
-datas += [('serviceaccountlookup-v1.json', '.')]
+datas += [('gam/cbcm-v1.1beta1.json', '.')]
+datas += [('gam/contactdelegation-v1.json', '.')]
+datas += [('gam/datastudio-v1.json', '.')]
+datas += [('gam/meet-v2beta.json', '.')]
+datas += [('gam/serviceaccountlookup-v1.json', '.')]
 datas += [('cacerts.pem', '.')]
 hiddenimports = [
     'gam.gamlib.yubikey',
--- a/src/gam/init.py
+++ b/src/gam/init.py
--- a/src/gam/admin-directory_v1.1beta1.json
+++ b/src/gam/admin-directory_v1.1beta1.json
--- a/src/gam/atom/http.py
+++ b/src/gam/atom/http.py
@@ -247,7 +247,9 @@ class ProxiedHttpClient(HttpClient):
                # Trivial setup for ssl socket.
                sslobj = None
                if ssl_imported:
-                    sslobj = ssl.wrap_socket(p_sock, None, None)
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+                    context.minimum_version = ssl.TLSVersion.TLSv1_2
+                    sslobj = context.wrap_socket(p_sock, server_hostname=url.host)
                else:
                    sock_ssl = socket.ssl(p_sock, None, None)
                    sslobj = http.client.FakeSocket(p_sock, sock_ssl)
--- a/src/gam/atom/http_core.py
+++ b/src/gam/atom/http_core.py
@@ -568,7 +568,7 @@ class ProxiedHttpClient(HttpClient):
                context.minimum_version = ssl.TLSVersion.TLSv1_2
                sslobj = context.wrap_socket(p_sock, server_hostname=uri.host)
            else:
-                sock_ssl = socket.ssl(p_sock, None, Nonesock_)
+                sock_ssl = socket.ssl(p_sock, None, None)
                sslobj = http.client.FakeSocket(p_sock, sock_ssl)
            # Initalize httplib and replace with the proxy socket.
            connection = http.client.HTTPConnection(proxy_uri.host)
--- a/src/gam/gamlib/glapi.py
+++ b/src/gam/gamlib/glapi.py
@@ -37,6 +37,7 @@ CHAT_SPACES_DELETE = 'chatspacesdelete'
 CHAT_SPACES_DELETE_ADMIN = 'chatspacesdeleteadmin'
 CHROMEMANAGEMENT = 'chromemanagement'
 CHROMEMANAGEMENT_APPDETAILS = 'chromemanagementappdetails'
+CHROMEMANAGEMENT_CHROMEPROFILES = 'chromemanagementchromeprofiles'
 CHROMEMANAGEMENT_TELEMETRY = 'chromemanagementtelemetry'
 CHROMEPOLICY = 'chromepolicy'
 CHROMEVERSIONHISTORY = 'versionhistory'
@@ -44,17 +45,17 @@ CLASSROOM = 'classroom'
 CLOUDCHANNEL = 'cloudchannel'
 CLOUDIDENTITY_DEVICES = 'cloudidentitydevices'
 CLOUDIDENTITY_GROUPS = 'cloudidentitygroups'
+CLOUDIDENTITY_GROUPS_BETA = 'cloudidentitygroupsbeta'
 CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso'
 CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits'
-CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
 CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta'
+CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
 CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations'
 CLOUDRESOURCEMANAGER = 'cloudresourcemanager'
 CONTACTS = 'contacts'
 CONTACTDELEGATION = 'contactdelegation'
 DATATRANSFER = 'datatransfer'
 DIRECTORY = 'directory'
-DIRECTORY_BETA = 'directory_beta'
 DOCS = 'docs'
 DRIVE2 = 'drive2'
 DRIVE3 = 'drive3'
@@ -70,11 +71,11 @@ GROUPSMIGRATION = 'groupsmigration'
 GROUPSSETTINGS = 'groupssettings'
 IAM = 'iam'
 IAM_CREDENTIALS = 'iamcredentials'
-IAP = 'iap'
 KEEP = 'keep'
 LICENSING = 'licensing'
 LOOKERSTUDIO = 'datastudio'
 MEET = 'meet'
+MEET_BETA = 'meetbeta'
 OAUTH2 = 'oauth2'
 ORGPOLICY = 'orgpolicy'
 PEOPLE = 'people'
@@ -89,7 +90,6 @@ SERVICEMANAGEMENT = 'servicemanagement'
 SERVICEUSAGE = 'serviceusage'
 SHEETS = 'sheets'
 SHEETSTD = 'sheetstd'
-SITES = 'sites'
 SITEVERIFICATION = 'siteVerification'
 STORAGE = 'storage'
 STORAGEREAD = 'storageread'
@@ -184,7 +184,6 @@ PROJECT_APIS = [
  'groupsmigration.googleapis.com',
  'groupssettings.googleapis.com',
  'iam.googleapis.com',
-  'iap.googleapis.com',
  'keep.googleapis.com',
  'licensing.googleapis.com',
  'meet.googleapis.com',
@@ -224,17 +223,17 @@ _INFO = {
  CLOUDCHANNEL: {'name': 'Channel Channel API', 'version': 'v1', 'v2discovery': True},
  CLOUDIDENTITY_DEVICES: {'name': 'Cloud Identity Devices API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_GROUPS: {'name': 'Cloud Identity Groups API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_GROUPS_BETA: {'name': 'Cloud Identity Groups API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity Inbound SSO API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
-  CLOUDIDENTITY_POLICY: {'name': 'Cloud Identity Policy API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_POLICY: {'name': 'Cloud Identity Policy API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_USERINVITATIONS: {'name': 'Cloud Identity User Invitations API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDRESOURCEMANAGER: {'name': 'Cloud Resource Manager API v3', 'version': 'v3', 'v2discovery': True},
  CONTACTS: {'name': 'Contacts API', 'version': 'v3', 'v2discovery': False},
  CONTACTDELEGATION: {'name': 'Contact Delegation API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
  DATATRANSFER: {'name': 'Data Transfer API', 'version': 'datatransfer_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
  DIRECTORY: {'name': 'Directory API', 'version': 'directory_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
-  DIRECTORY_BETA: {'name': 'Directory API', 'version': 'directory_v1.1beta1', 'v2discovery': True, 'mappedAPI': 'admin', 'localjson': True},
  DOCS: {'name': 'Docs API', 'version': 'v1', 'v2discovery': True},
  DRIVE2: {'name': 'Drive API v2', 'version': 'v2', 'v2discovery': False, 'mappedAPI': 'drive'},
  DRIVE3: {'name': 'Drive API v3', 'version': 'v3', 'v2discovery': False, 'mappedAPI': 'drive'},
@@ -249,11 +248,11 @@ _INFO = {
  GROUPSSETTINGS: {'name': 'Groups Settings API', 'version': 'v1', 'v2discovery': True},
  IAM: {'name': 'Identity and Access Management API', 'version': 'v1', 'v2discovery': True},
  IAM_CREDENTIALS: {'name': 'Identity and Access Management Credentials API', 'version': 'v1', 'v2discovery': True},
-  IAP: {'name': 'Cloud Identity-Aware Proxy API', 'version': 'v1', 'v2discovery': True},
  KEEP: {'name': 'Keep API', 'version': 'v1', 'v2discovery': True},
  LICENSING: {'name': 'License Manager API', 'version': 'v1', 'v2discovery': True},
  LOOKERSTUDIO: {'name': 'Looker Studio API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
  MEET: {'name': 'Meet API', 'version': 'v2', 'v2discovery': True},
+  MEET_BETA: {'name': 'Meet API', 'version': 'v2beta', 'v2discovery': True, 'localjson': True, 'mappedAPI': MEET},
  OAUTH2: {'name': 'OAuth2 API', 'version': 'v2', 'v2discovery': False},
  ORGPOLICY: {'name': 'Organization Policy API', 'version': 'v2', 'v2discovery': True},
  PEOPLE: {'name': 'People API', 'version': 'v1', 'v2discovery': True},
@@ -268,7 +267,6 @@ _INFO = {
  SERVICEUSAGE: {'name': 'Service Usage API', 'version': 'v1', 'v2discovery': True},
  SHEETS: {'name': 'Sheets API', 'version': 'v4', 'v2discovery': True},
  SHEETSTD: {'name': 'Sheets API - todrive', 'version': 'v4', 'v2discovery': True, 'mappedAPI': SHEETS},
-  SITES: {'name': 'Sites API', 'version': 'v1', 'v2discovery': False},
  SITEVERIFICATION: {'name': 'Site Verification API', 'version': 'v1', 'v2discovery': True},
  STORAGE: {'name': 'Cloud Storage API', 'version': 'v1', 'v2discovery': True},
  STORAGEREAD: {'name': 'Cloud Storage API - Read', 'version': 'v1', 'v2discovery': True, 'mappedAPI': STORAGE},
@@ -297,6 +295,10 @@ _CLIENT_SCOPES = [
   'api': CHROMEMANAGEMENT_APPDETAILS,
   'subscopes': [],
   'scope': 'https://www.googleapis.com/auth/chrome.management.appdetails.readonly'},
+  {'name': 'Chrome Management API - Profiles',
+   'api': CHROMEMANAGEMENT_CHROMEPROFILES,
+   'subscopes': READONLY,
+   'scope': 'https://www.googleapis.com/auth/chrome.management.profiles'},
  {'name': 'Chrome Management API - Telemetry read only',
   'api': CHROMEMANAGEMENT_TELEMETRY,
   'subscopes': [],
@@ -358,6 +360,10 @@ _CLIENT_SCOPES = [
   'api': CLOUDIDENTITY_GROUPS,
   'subscopes': READONLY,
   'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
+  {'name': 'Cloud Identity Groups API Beta (Enables group locking/unlocking)',
+   'api': CLOUDIDENTITY_GROUPS_BETA,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
  {'name': 'Cloud Identity - Inbound SSO Settings',
   'api': CLOUDIDENTITY_INBOUND_SSO,
   'subscopes': READONLY,
@@ -494,11 +500,6 @@ _CLIENT_SCOPES = [
   'subscopes': [],
   'offByDefault': True,
   'scope': 'https://www.googleapis.com/auth/siteverification'},
-  {'name': 'Sites API',
-   'api': SITES,
-   'subscopes': [],
-   'offByDefault': True,
-   'scope': 'https://sites.google.com/feeds'},
  {'name': 'Vault API',
   'api': VAULT,
   'subscopes': READONLY,
@@ -688,10 +689,6 @@ _SVCACCT_SCOPES = [
   'api': SHEETS,
   'subscopes': READONLY,
   'scope': 'https://www.googleapis.com/auth/spreadsheets'},
-  {'name': 'Sites API',
-   'api': SITES,
-   'subscopes': [],
-   'scope': 'https://sites.google.com/feeds'},
  {'name': 'Tasks API',
   'api': TASKS,
   'subscopes': READONLY,
--- a/src/gam/gamlib/glcfg.py
+++ b/src/gam/gamlib/glcfg.py
@@ -177,8 +177,14 @@ INTER_BATCH_WAIT = 'inter_batch_wait'
 LICENSE_MAX_RESULTS = 'license_max_results'
 # License SKUs to process
 LICENSE_SKUS = 'license_skus'
+# Use Meet V2 beta
+MEET_V2_BETA = 'meet_v2_beta'
 # When retrieving lists of Google Group members from API, how many should be retrieved in each chunk
 MEMBER_MAX_RESULTS = 'member_max_results'
+# CI API Group members max page size when view=BASIC
+MEMBER_MAX_RESULTS_CI_BASIC = 'member_max_results_ci_basic'
+# CI API Group members max page size when view=FULL
+MEMBER_MAX_RESULTS_CI_FULL = 'member_max_results_ci_full'
 # When deleting or modifying Gmail messages, how many should be processed in each batch
 MESSAGE_BATCH_SIZE = 'message_batch_size'
 # When retrieving lists of Gmail messages from API, how many should be retrieved in each chunk
@@ -384,7 +390,10 @@ Defaults = {
  INTER_BATCH_WAIT: '0',
  LICENSE_MAX_RESULTS: '100',
  LICENSE_SKUS: '',
+  MEET_V2_BETA: FALSE,
  MEMBER_MAX_RESULTS: '200',
+  MEMBER_MAX_RESULTS_CI_BASIC: '1000',
+  MEMBER_MAX_RESULTS_CI_FULL: '500',
  MESSAGE_BATCH_SIZE: '50',
  MESSAGE_MAX_RESULTS: '500',
  MOBILE_MAX_RESULTS: '100',
@@ -549,7 +558,10 @@ VAR_INFO = {
  INTER_BATCH_WAIT: {VAR_TYPE: TYPE_FLOAT, VAR_LIMITS: (0.0, 60.0)},
  LICENSE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (10, 1000)},
  LICENSE_SKUS: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  MEET_V2_BETA: {VAR_TYPE: TYPE_BOOLEAN},
  MEMBER_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
+  MEMBER_MAX_RESULTS_CI_BASIC: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
+  MEMBER_MAX_RESULTS_CI_FULL: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 500)},
  MESSAGE_BATCH_SIZE: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
  MESSAGE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 10000)},
  MOBILE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 100)},
--- a/src/gam/gamlib/glclargs.py
+++ b/src/gam/gamlib/glclargs.py
@@ -483,6 +483,8 @@ class GamCLArgs():
  ARG_CHROMEPOLICYIMAGE = 'chromepolicyimage'
  ARG_CHROMEPOLICY = 'chromepolicy'
  ARG_CHROMEPOLICIES = 'chromepolicies'
+  ARG_CHROMEPROFILE = 'chromeprofile'
+  ARG_CHROMEPROFILES = 'chromeprofiles'
  ARG_CHROMESCHEMA = 'chromeschema'
  ARG_CHROMESCHEMAS = 'chromeschemas'
  ARG_CHROMESNVALIDITY = 'chromesnvalidity'
@@ -846,6 +848,7 @@ class GamCLArgs():
  OB_CHAT_MESSAGE_ID = 'ChatMessageID'
  OB_CHAT_SPACE = 'ChatSpace'
  OB_CHAT_THREAD = 'ChatThread'
+  OB_CHROMEPROFILE_ID = 'ChromeProfileId'
  OB_CHROME_VERSION = 'ChromeVersion'
  OB_CIDR_NETMASK = 'CIDRnetmask'
  OB_CIGROUP_ALIAS_LIST = "CIGroupAliasList"
@@ -921,6 +924,7 @@ class GamCLArgs():
  OB_EXPORT_ITEM = 'ExportItem'
  OB_FIELD_NAME = 'FieldName'
  OB_FIELD_NAME_LIST = "FieldNameList"
+  OB_FIELDS = 'Fields'
  OB_FILE_NAME = 'FileName'
  OB_FILE_NAME_FIELD_NAME = OB_FILE_NAME+'(:'+OB_FIELD_NAME+')+'
  OB_FILE_NAME_OR_URL = 'FileName|URL'
@@ -1146,6 +1150,10 @@ class GamCLArgs():
      return f'Command: {self.QuotedArgumentList(self.argv[:self.argvI])} >>>{self.QuotedArgumentList([self.argv[self.argvI]])}<<< {self.QuotedArgumentList(self.argv[self.argvI+1:])}\n'
    return f'Command: {self.QuotedArgumentList(self.argv)} >>><<<\n'

+# Deprecated command
+  def CommandDeprecated(self):
+    return f'{self.QuotedArgumentList(self.argv)}\n'
+
 # Peek to see if next argument is in choices
  def PeekArgumentPresent(self, choices):
    if self.ArgumentsRemaining():
--- a/src/gam/gamlib/glentity.py
+++ b/src/gam/gamlib/glentity.py
@@ -25,14 +25,16 @@ class GamEntity():
  ROLE_MANAGER = 'MANAGER'
  ROLE_MEMBER = 'MEMBER'
  ROLE_OWNER = 'OWNER'
+  ROLE_LIST = [ROLE_MANAGER, ROLE_MEMBER, ROLE_OWNER]
  ROLE_USER = 'USER'
  ROLE_MANAGER_MEMBER = ','.join([ROLE_MANAGER, ROLE_MEMBER])
  ROLE_MANAGER_OWNER = ','.join([ROLE_MANAGER, ROLE_OWNER])
  ROLE_MEMBER_OWNER = ','.join([ROLE_MEMBER, ROLE_OWNER])
-  ROLE_MANAGER_MEMBER_OWNER = ','.join([ROLE_MANAGER, ROLE_MEMBER, ROLE_OWNER])
+  ROLE_MANAGER_MEMBER_OWNER = ','.join(ROLE_LIST)
  ROLE_PUBLIC = 'PUBLIC'
  ROLE_ALL = ROLE_MANAGER_MEMBER_OWNER

+  TYPE_CBCM_BROWSER = 'CBCM_BROWSER'
  TYPE_CUSTOMER = 'CUSTOMER'
  TYPE_EXTERNAL = 'EXTERNAL'
  TYPE_OTHER = 'OTHER'
@@ -108,6 +110,7 @@ class GamEntity():
  CHROME_POLICY = 'cpol'
  CHROME_POLICY_IMAGE = 'cpim'
  CHROME_POLICY_SCHEMA = 'cpsc'
+  CHROME_PROFILE = 'cpro'
  CHROME_RELEASE = 'crel'
  CHROME_VERSION = 'cver'
  CLASSIFICATION_LABEL = 'dlab'
@@ -339,8 +342,6 @@ class GamEntity():
  SHEET = 'shet'
  SHEET_ID = 'shti'
  SIGNATURE = 'sign'
-  SITE = 'site'
-  SITE_ACL = 'sacl'
  SIZE = 'size'
  SKU = 'sku '
  SMIME_ID = 'smid'
@@ -460,6 +461,7 @@ class GamEntity():
    CHROME_POLICY: ['Chrome Policies', 'Chrome Policy'],
    CHROME_POLICY_IMAGE: ['Chrome Policy Images', 'Chrome Policy Image'],
    CHROME_POLICY_SCHEMA: ['Chrome Policy Schemas', 'Chrome Policy Schema'],
+    CHROME_PROFILE: ['Chrome Profiles', 'Chrome Profile'],
    CHROME_RELEASE: ['Chrome Releases', 'Chrome Release'],
    CHROME_VERSION: ['Chrome Versions', 'Chrome Version'],
    CLASSIFICATION_LABEL: ['Classification Labels', 'Classification Label'],
@@ -691,8 +693,6 @@ class GamEntity():
    SHEET: ['Sheets', 'Sheet'],
    SHEET_ID: ['Sheet IDs', 'Sheet ID'],
    SIGNATURE: ['Signatures', 'Signature'],
-    SITE: ['Sites', 'Site'],
-    SITE_ACL: ['Site ACLs', 'Site ACL'],
    SIZE: ['Sizes', 'Size'],
    SKU: ['SKUs', 'SKU'],
    SMIME_ID: ['S/MIME Certificate IDs', 'S/MIME Certificate ID'],
--- a/src/gam/gamlib/glgapi.py
+++ b/src/gam/gamlib/glgapi.py
@@ -184,7 +184,7 @@ DEFAULT_RETRY_REASONS = [QUOTA_EXCEEDED, RATE_LIMIT_EXCEEDED, SHARING_RATE_LIMIT
                         BACKEND_ERROR, BAD_GATEWAY, GATEWAY_TIMEOUT, INTERNAL_ERROR, TRANSIENT_ERROR]
 SERVICE_NOT_AVAILABLE_RETRY_REASONS = [SERVICE_NOT_AVAILABLE]
 ACTIVITY_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST]
-ALERT_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR]
+ALERT_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, PERMISSION_DENIED]
 CALENDAR_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, NOT_A_CALENDAR_USER]
 CIGROUP_CREATE_THROW_REASONS = [SERVICE_NOT_AVAILABLE, ALREADY_EXISTS, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_ARGUMENT, PERMISSION_DENIED, FAILED_PRECONDITION]
 CIGROUP_GET_THROW_REASONS = [SERVICE_NOT_AVAILABLE, NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, INVALID, SYSTEM_ERROR, PERMISSION_DENIED]
@@ -268,17 +268,17 @@ GROUP_SETTINGS_THROW_REASONS = [NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DO
 GROUP_SETTINGS_RETRY_REASONS = [INVALID, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE]
 GROUP_LIST_THROW_REASONS = [RESOURCE_NOT_FOUND, DOMAIN_NOT_FOUND, FORBIDDEN, BAD_REQUEST]
 GROUP_LIST_USERKEY_THROW_REASONS = GROUP_LIST_THROW_REASONS+[INVALID_MEMBER, INVALID_INPUT]
-KEEP_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID_ARGUMENT, NOT_FOUND]
+KEEP_THROW_REASONS = [AUTH_ERROR, BAD_REQUEST, PERMISSION_DENIED, INVALID_ARGUMENT, NOT_FOUND]
 LOOKERSTUDIO_THROW_REASONS = [INVALID_ARGUMENT, SERVICE_NOT_AVAILABLE, BAD_REQUEST, NOT_FOUND, PERMISSION_DENIED, INTERNAL_ERROR]
 MEMBERS_THROW_REASONS = [GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, INVALID, FORBIDDEN, SERVICE_NOT_AVAILABLE]
 MEMBERS_RETRY_REASONS = [SYSTEM_ERROR, SERVICE_NOT_AVAILABLE]
 ORGUNIT_GET_THROW_REASONS = [INVALID_ORGUNIT, ORGUNIT_NOT_FOUND, BACKEND_ERROR, BAD_REQUEST, INVALID_CUSTOMER_ID, LOGIN_REQUIRED]
-PEOPLE_ACCESS_THROW_REASONS = [SERVICE_NOT_AVAILABLE, FORBIDDEN, PERMISSION_DENIED]
+PEOPLE_ACCESS_THROW_REASONS = [SERVICE_NOT_AVAILABLE, FORBIDDEN, PERMISSION_DENIED, FAILED_PRECONDITION]
 RESELLER_THROW_REASONS = [BAD_REQUEST, RESOURCE_NOT_FOUND, FORBIDDEN, INVALID]
 SHEETS_ACCESS_THROW_REASONS = DRIVE_USER_THROW_REASONS+[NOT_FOUND, PERMISSION_DENIED, FORBIDDEN, INTERNAL_ERROR, INSUFFICIENT_FILE_PERMISSIONS,
                                                        BAD_REQUEST, INVALID, INVALID_ARGUMENT, FAILED_PRECONDITION]
-TASK_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
-TASKLIST_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
+TASK_THROW_REASONS = [BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
+TASKLIST_THROW_REASONS = [BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
 USER_GET_THROW_REASONS = [USER_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, SYSTEM_ERROR]
 YOUTUBE_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, UNSUPPORTED_SUPERVISED_ACCOUNT, UNSUPPORTED_LANGUAGE_CODE, CONTENT_OWNER_ACCOUNT_NOT_FOUND]

--- a/src/gam/gamlib/glglobals.py
+++ b/src/gam/gamlib/glglobals.py
@@ -23,8 +23,10 @@
 # The following GM_XXX constants are arbitrary but must be unique
 # Most errors print a message and bail out with a return code
 # Some commands want to set a non-zero return code but not bail
-# GAM admin user
-ADMIN = 'admin'
+# GAM admin user from oauth2.txt or oauth2service.json
+ADMIN = 'admn'
+# Drive service for admin; used to look up Shared Drive Names
+ADMIN_DRIVE = 'addr'
 # Number/length of API call retries
 API_CALLS_RETRY_DATA = 'rtry'
 # GAM cache directory. If no_cache is True, this variable will be set to None
@@ -215,6 +217,7 @@ REDIRECT_QUEUE_EOF = 'eof'
 #
 Globals = {
  ADMIN: None,
+  ADMIN_DRIVE: None,
  API_CALLS_RETRY_DATA: {},
  CACHE_DIR: None,
  CACHE_DISCOVERY_ONLY: True,
--- a/src/gam/gamlib/glmsgs.py
+++ b/src/gam/gamlib/glmsgs.py
@@ -40,21 +40,43 @@ sign in as {0} and accept the Terms of Service (ToS). As soon as you've accepted

 PROJECT_STILL_BEING_CREATED_SLEEPING = 'Project still being created. Sleeping {0} seconds\n'
 FAILED_TO_CREATE_PROJECT = 'Failed to create project: {0}\n'
-SETTING_GAM_PROJECT_CONSENT_SCREEN = 'Setting GAM project consent screen...\n'
-CREATE_PROJECT_INSTRUCTIONS = '''
+SETTING_GAM_PROJECT_CONSENT_SCREEN_CREATING_CLIENT = 'Setting GAM project consent screen, creating client...\n'
+CREATE_CLIENT_INSTRUCTIONS = '''
 Please go to:

  {0}

-1. Choose "Desktop App" or "Other" for "Application type".
-2. Enter "GAM" or another desired value for "Name".
-3. Click the blue "Create" button.
-4. Copy your "Client ID" value that shows on the next page.
+ 1. If "+ CREATE CLIENT" is on the screen, skip to step 14
+ 2. Click "GET STARTED"
+ 3. Under "App Information", enter {1} or another value in "App name *"
+ 4. Under "App Information", enter {2} in "User support email *"
+ 5. Click "NEXT"
+ 6. Under "Audience", choose INTERNAL
+ 7. Click "NEXT"
+ 8. Under, "Contact Information", enter an email address in "Email addresses *"
+ 9. Click "NEXT"
+10. Under "Finish", click "I agree to the Google API Services: User Data Policy."
+11. Click "CONTINUE"
+12. Click "CREATE"
+13. Click "Clients" in the left-hand column
+14. Click "+ CREATE CLIENT"
+15. Choose "Desktop App" for "Application type"
+16. Enter {1} or another value in "Name *"
+17. Click "Create"
+18. Under "Name", click your client name
+19. Copy the "Client ID" value under "Additional information"
+20. Paste it at the "Enter your Client ID: " prompt in your terminal
+21. Press return/enter in your terminal
+22. Switch back to the browser
+23. Copy the "Client secret" value under "Client Secrets"
+24. Paste it at the "Enter your Client Secret: " prompt in your terminal
+25. Press return/enter in your terminal
+26. Switch back to the browser
+27. Click "CANCEL"
+28. These steps are complete
 '''
 ENTER_YOUR_CLIENT_ID = '\nEnter your Client ID: '
-GO_BACK_TO_YOUR_BROWSER_AND_COPY_YOUR_CLIENT_SECRET_VALUE = '\n5. Go back to your browser and copy your "Client Secret" value.\n'
 ENTER_YOUR_CLIENT_SECRET = '\nEnter your Client Secret: '
-GO_BACK_TO_YOUR_BROWSER_AND_CLICK_OK_TO_CLOSE_THE_OAUTH_CLIENT_POPUP = '\n6. Go back to your browser and click OK to close the "OAuth client" popup if it\'s still open.\n'
 IS_NOT_A_VALID_CLIENT_ID = '''

 {0}
@@ -78,12 +100,12 @@ Please go to:

  https://admin.google.com/ac/owl/list?tab=configuredApps

-1. Click on: Configure new app > OAuth App Name Or Client ID.
-2. Enter the following Client ID value:
+1. Click on: Configure new app
+2. Enter the following Client ID value in Search for app:

  {1}

-3. Press Search, select the {0} app, press Select, check the box and press Select.
+3. Press Search, select the {0} app, click
 4. Keep the default scope or select a preferred scope that includes your GAM admin.
 5. Press Continue
 6. Select Trusted radio button, press Continue and Finish.
@@ -162,7 +184,7 @@ ALREADY_EXISTS_USE_MERGE_ARGUMENT = 'Already exists; use the "merge" argument to
 API_ACCESS_DENIED = 'API access Denied'
 API_CALLS_RETRY_DATA = 'API calls retry data\n'
 API_CHECK_CLIENT_AUTHORIZATION = 'Please make sure the Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam oauth create\n'
-API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
+API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
 API_ERROR_SETTINGS = 'API error, some settings not set'
 ARE_BOTH_REQUIRED = 'Arguments {0} and {1} are both required'
 ARE_MUTUALLY_EXCLUSIVE = 'Arguments {0} and {1} are mutually exclusive'
@@ -457,7 +479,10 @@ SCHEMA_WOULD_HAVE_NO_FIELDS = '{0} would have no {1}'
 SELECTED = 'Selected'
 SERVICE_NOT_APPLICABLE = 'Service not applicable/Does not exist'
 SERVICE_NOT_APPLICABLE_THIS_ADDRESS = 'Service not applicable for this address: {0}'
+SERVICE_NOT_ENABLED = '{0} Service/App not enabled'
 SHORTCUT_TARGET_CAPABILITY_IS_FALSE = '{0} capability {1} is False'
+SITES_COMMAND_DEPRECATED = 'The Classic Sites API is deprecated, this command will not work:\n{0}'
+SKU_HAS_NO_MATCHING_ARCHIVED_USER_SKU = 'SKU {0} has no matching Archived User SKU'
 STARTING_THREAD = 'Starting thread'
 STATISTICS_COPY_FILE = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Copy Failed: {5}, Not copyable: {6}, In skipids: {7}, Permissions Failed: {8}, Protected Ranges Failed: {9}'
 STATISTICS_COPY_FOLDER = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Merged: {5}, Copy Failed: {6}, Not writable: {7}, Permissions Failed: {8}'
@@ -479,7 +504,9 @@ To set up Google Chat for your API project, please go to:

    {0}

-and complete all fields.
+and follow the instructions at:
+
+    https://github.com/GAM-team/GAM/wiki/Chat-Bot#set-up-a-chat-bot
 """
 TOTAL_ITEMS_IN_ENTITY = 'Total {0} in {1}'
 TRIMMED_MESSAGE_FROM_LENGTH_TO_MAXIMUM = 'Trimmed message of length {0} to maximum length {1}'
--- a/src/gam/gamlib/glskus.py
+++ b/src/gam/gamlib/glskus.py
@@ -24,6 +24,7 @@
 _PRODUCTS = {
  '101001': 'Cloud Identity Free',
  '101005': 'Cloud Identity Premium',
+  '101007': 'Google Workspace for Education',
  '101031': 'Google Workspace for Education',
  '101033': 'Google Voice',
  '101034': 'Google Workspace Archived User',
@@ -47,6 +48,10 @@ _SKUS = {
    'product': '101001', 'aliases': ['identity', 'cloudidentity'], 'displayName': 'Cloud Identity'},
  '1010050001': {
    'product': '101005', 'aliases': ['identitypremium', 'cloudidentitypremium'], 'displayName': 'Cloud Identity Premium'},
+  '1010070001': {
+    'product': '101007', 'aliases': ['gwef', 'workspaceeducationfundamentals'], 'displayName': 'Google Workspace for Education Fundamentals'},
+  '1010070004': {
+    'product': '101007', 'aliases': ['gwegmo', 'workspaceeducationgmailonly'], 'displayName': 'Google Workspace for Education Gmail Only'},
  '1010310002': {
    'product': '101031', 'aliases': ['gsefe', 'e4e', 'gsuiteenterpriseeducation'], 'displayName': 'Google Workspace for Education Plus - Legacy'},
  '1010310003': {
@@ -111,6 +116,8 @@ _SKUS = {
    'product': 'Google-Apps', 'aliases': ['standard', 'free'], 'displayName': 'G Suite Legacy'},
  'Google-Apps-For-Business': {
    'product': 'Google-Apps', 'aliases': ['gafb', 'gafw', 'basic', 'gsuitebasic'], 'displayName': 'G Suite Basic'},
+  'Google-Apps-For-Education': {
+    'product': 'Google-Apps', 'aliases': ['gafe', 'gsuiteeducation', 'gsuiteedu'], 'displayName': 'Google Workspace for Education - Fundamentals'},
  'Google-Apps-For-Government': {
    'product': 'Google-Apps', 'aliases': ['gafg', 'gsuitegovernment', 'gsuitegov'], 'displayName': 'Google Workspace Government'},
  'Google-Apps-For-Postini': {
@@ -148,6 +155,8 @@ _SKUS = {
    'product': '101034', 'aliases': ['wsbizstarterarchived', 'workspacebusinessstarterarchived'], 'displayName': 'Google Workspace Business Starter - Archived User'},
  '1010340006': {
    'product': '101034', 'aliases': ['wsbizstanarchived', 'workspacebusinessstanarchived'], 'displayName': 'Google Workspace Business Standard - Archived User'},
+  '1010340007': {
+    'product': '101034', 'aliases': ['gwefau', 'gwefarchived', 'workspaceeducationfundamentalsarchived'], 'displayName': 'Google Workspace for Education Fundamentals - Archived User'},
  '1010060001': {
    'product': '101006', 'aliases': ['gsuiteessentials', 'essentials',
                                     'd4e', 'driveenterprise', 'drive4enterprise',
@@ -182,6 +191,8 @@ _SKUS = {
    'product': 'Google-Chrome-Device-Management', 'aliases': ['chrome', 'cdm', 'googlechromedevicemanagement'], 'displayName': 'Google Chrome Device Management'}
  }

+ARCHIVABLE_SKUS = {'1010020020', '1010020025', '1010020026', '1010020027', '1010020028', 'Google-Apps-Unlimited'}
+
 def getProductAndSKU(sku):
  l_sku = sku.lower().replace('-', '').replace(' ', '').replace('"', '').replace("'", '').strip()
  if l_sku.startswith('nv:'):
--- a/src/gam/gdata/apps/sites/init.py
+++ b/src/gam/gdata/apps/sites/init.py
@@ -1,283 +0,0 @@
-#!/usr/bin/env python
-#
-# Copyright 2009 Google Inc. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""Data model classes for parsing and generating XML for the Sites Data API."""
-
-import atom
-import gdata
-
-# XML Namespaces used in Google Sites entities.
-SITES_NAMESPACE = 'http://schemas.google.com/sites/2008'
-SITES_TEMPLATE = '{http://schemas.google.com/sites/2008}%s'
-SPREADSHEETS_NAMESPACE = 'http://schemas.google.com/spreadsheets/2006'
-SPREADSHEETS_TEMPLATE = '{http://schemas.google.com/spreadsheets/2006}%s'
-GACL_NAMESPACE = 'http://schemas.google.com/acl/2007'
-GACL_TEMPLATE = '{http://schemas.google.com/acl/2007}%s'
-DC_TERMS_TEMPLATE = '{http://purl.org/dc/terms}%s'
-THR_TERMS_TEMPLATE = '{http://purl.org/syndication/thread/1.0}%s'
-XHTML_NAMESPACE = 'http://www.w3.org/1999/xhtml'
-XHTML_TEMPLATE = '{http://www.w3.org/1999/xhtml}%s'
-
-SITES_INVITE_LINK_REL = SITES_NAMESPACE + '#invite'
-SITES_PARENT_LINK_REL = SITES_NAMESPACE + '#parent'
-SITES_REVISION_LINK_REL = SITES_NAMESPACE + '#revision'
-SITES_SOURCE_LINK_REL = SITES_NAMESPACE + '#source'
-SITES_TEMPLATE_LINK_REL = SITES_NAMESPACE + '#template'
-
-ALTERNATE_REL = 'alternate'
-WEB_ADDRESS_MAPPING_REL = 'webAddressMapping'
-
-SITES_KIND_SCHEME = 'http://schemas.google.com/g/2005#kind'
-ANNOUNCEMENT_KIND_TERM = SITES_NAMESPACE + '#announcement'
-ANNOUNCEMENT_PAGE_KIND_TERM = SITES_NAMESPACE + '#announcementspage'
-ATTACHMENT_KIND_TERM = SITES_NAMESPACE + '#attachment'
-COMMENT_KIND_TERM = SITES_NAMESPACE + '#comment'
-FILECABINET_KIND_TERM = SITES_NAMESPACE + '#filecabinet'
-LISTITEM_KIND_TERM = SITES_NAMESPACE + '#listitem'
-LISTPAGE_KIND_TERM = SITES_NAMESPACE + '#listpage'
-WEBPAGE_KIND_TERM = SITES_NAMESPACE + '#webpage'
-WEBATTACHMENT_KIND_TERM = SITES_NAMESPACE + '#webattachment'
-FOLDER_KIND_TERM = SITES_NAMESPACE + '#folder'
-TAG_KIND_TERM = SITES_NAMESPACE + '#tag'
-
-SUPPORT_KINDS = [
-  'announcement', 'announcementspage', 'attachment', 'comment', 'filecabinet',
-  'listitem', 'listpage', 'webpage', 'webattachment', 'tag'
-  ]
-
-
-class GDataBase(atom.AtomBase):
-  """The Google Sites intermediate class from atom.AtomBase."""
-  _namespace = gdata.GDATA_NAMESPACE
-  _children = atom.AtomBase._children.copy()
-  _attributes = atom.AtomBase._attributes.copy()
-
-  def __init__(self, text=None):
-    atom.AtomBase.__init__(self, text=text)
-
-class SitesBase(GDataBase):
-  _namespace = SITES_NAMESPACE
-
-class SiteName(SitesBase):
-  """Google Sites <sites:siteName>."""
-  _tag = 'siteName'
-
-class Theme(SitesBase):
-  """Google Sites <sites:theme>."""
-  _tag = 'theme'
-
-class SiteEntry(gdata.BatchEntry):
-  """Google Sites Site Feed Entry."""
-  _tag = 'entry'
-  _namespace = atom.ATOM_NAMESPACE
-  _children = gdata.BatchEntry._children.copy()
-
-  _children['{%s}siteName' % SITES_NAMESPACE] = ('siteName', SiteName)
-  _children['{%s}theme' % SITES_NAMESPACE] = ('theme', Theme)
-  _attributes = gdata.BatchEntry._attributes.copy()
-  _attributes['{%s}etag' % gdata.GDATA_NAMESPACE] = 'etag'
-
-  def __init__(self, siteName=None, title=None, summary=None, theme=None, sourceSite=None, category=None, etag=None):
-    gdata.BatchEntry.__init__(self, category=category)
-    self.siteName = siteName
-    self.title = title
-    self.summary = summary
-    self.theme = theme
-    if sourceSite is not None:
-      sourceLink = atom.Link(href=sourceSite, rel=SITES_SOURCE_LINK_REL, link_type='application/atom+xml')
-      self.link.append(sourceLink)
-    self.etag = etag
-
-  def find_alternate_link(self):
-    for link in self.link:
-      if link.rel == ALTERNATE_REL and link.href:
-        return link.href
-    return None
-
-  FindAlternateLink = find_alternate_link
-
-  def find_source_link(self):
-    for link in self.link:
-      if link.rel == SITES_SOURCE_LINK_REL and link.href:
-        return link.href
-    return None
-
-  FindSourceLink = find_source_link
-
-  def find_webaddress_mappings(self):
-    mappingLinks = []
-    for link in self.link:
-      if link.rel == WEB_ADDRESS_MAPPING_REL and link.href:
-        mappingLinks.append(link.href)
-    return mappingLinks
-
-  FindWebAddressMappings = find_webaddress_mappings
-
-def SiteEntryFromString(xml_string):
-  return atom.CreateClassFromXMLString(SiteEntry, xml_string)
-
-class SiteFeed(gdata.BatchFeed, gdata.LinkFinder):
-  """A Google Sites feed flavor of an Atom Feed."""
-  _tag = 'feed'
-  _namespace = atom.ATOM_NAMESPACE
-  _children = gdata.BatchFeed._children.copy()
-  _children['{%s}entry' % atom.ATOM_NAMESPACE] = ('entry', [SiteEntry])
-
-  def __init__(self):
-    gdata.BatchFeed.__init__(self)
-
-def SiteFeedFromString(xml_string):
-  return atom.CreateClassFromXMLString(SiteFeed, xml_string)
-
-class AclBase(GDataBase):
-  _namespace = GACL_NAMESPACE
-
-class AclRole(AclBase):
-  """Describes the role of an entry in an access control list."""
-  _tag = 'role'
-  _children = AclBase._children.copy()
-  _attributes = AclBase._attributes.copy()
-  _attributes['value'] = 'value'
-
-  def __init__(self, value=None):
-    AclBase.__init__(self)
-    self.value = value
-
-class AclAdditionalRole(AclBase):
-  """Describes an additionalRole element."""
-  _tag = 'additionalRole'
-  _children = AclBase._children.copy()
-  _attributes = AclBase._attributes.copy()
-  _attributes['value'] = 'value'
-
-  def __init__(self, value=None):
-    AclBase.__init__(self)
-    self.value = value
-
-class AclScope(AclBase):
-  """Describes the scope of an entry in an access control list."""
-  _tag = 'scope'
-  _children = AclBase._children.copy()
-  _attributes = AclBase._attributes.copy()
-  _attributes['type'] = 'type'
-  _attributes['value'] = 'value'
-
-  def __init__(self, stype=None, value=None):
-    AclBase.__init__(self)
-    self.type = stype
-    self.value = value
-
-
-class AclWithKey(AclBase):
-  """Describes a key that can be used to access a document."""
-  _tag = 'withKey'
-  _children = AclBase._children.copy()
-  _children['{%s}role' % GACL_NAMESPACE] = ('role', AclRole)
-  _children['{%s}additionalRole' % GACL_NAMESPACE] = ('additionalRole', AclAdditionalRole)
-  _attributes = AclBase._attributes.copy()
-  _attributes['key'] = 'key'
-
-  def __init__(self, key=None, role=None, additionalRole=None):
-    AclBase.__init__(self)
-    self.key = key
-    self.role = role
-    self.additionalRole = additionalRole
-
-class AclEntry(gdata.BatchEntry):
-  """Describes an entry in a feed of an access control list (ACL)."""
-  _tag = 'entry'
-  _namespace = atom.ATOM_NAMESPACE
-  _children = gdata.BatchEntry._children.copy()
-
-  _children['{%s}role' % GACL_NAMESPACE] = ('role', AclRole)
-  _children['{%s}additionalRole' % GACL_NAMESPACE] = ('additionalRole', AclAdditionalRole)
-  _children['{%s}scope' % GACL_NAMESPACE] = ('scope', AclScope)
-  _children['{%s}withKey' % GACL_NAMESPACE] = ('withKey', AclWithKey)
-  _attributes = gdata.BatchEntry._attributes.copy()
-  _attributes['{%s}etag' % gdata.GDATA_NAMESPACE] = 'etag'
-
-  def __init__(self, role=None, additionalRole=None, scope=None, withKey=None, etag=None):
-    gdata.BatchEntry.__init__(self)
-    self.role = role
-    self.additionalRole = additionalRole
-    self.scope = scope
-    self.withKey = withKey
-    self.etag = etag
-
-  def find_invite_link(self):
-    for link in self.link:
-      if link.rel == SITES_INVITE_LINK_REL and link.href:
-        return link.href
-    return None
-
-  FindInviteLink = find_invite_link
-
-def AclEntryFromString(xml_string):
-  return atom.CreateClassFromXMLString(AclEntry, xml_string)
-
-class AclFeed(gdata.BatchFeed, gdata.LinkFinder):
-  """Describes a feed of an access control list (ACL)."""
-  _tag = 'feed'
-  _namespace = atom.ATOM_NAMESPACE
-  _children = gdata.BatchFeed._children.copy()
-  _children['{%s}entry' % atom.ATOM_NAMESPACE] = ('entry', [AclEntry])
-
-  def __init__(self):
-    gdata.BatchFeed.__init__(self)
-
-def AclFeedFromString(xml_string):
-  return atom.CreateClassFromXMLString(AclFeed, xml_string)
-
-class ActivityEntry(gdata.BatchEntry):
-  """Describes an entry in a feed of site activity (changes)."""
-  _tag = 'entry'
-  _namespace = atom.ATOM_NAMESPACE
-  _children = gdata.BatchEntry._children.copy()
-  _attributes = gdata.BatchEntry._attributes.copy()
-
-  def __init__(self):
-    gdata.BatchEntry.__init__(self)
-
-  def __find_category_scheme(self, scheme):
-    for category in self.category:
-      if category.scheme == scheme:
-        return category
-    return None
-
-  def kind(self):
-    kind = self.__find_category_scheme(SITES_KIND_SCHEME)
-    if kind is not None:
-      return kind.term[len(SITES_NAMESPACE) + 1:]
-    else:
-      return None
-
-  Kind = kind
-
-def ActivityEntryFromString(xml_string):
-  return atom.CreateClassFromXMLString(ActivityEntry, xml_string)
-
-class ActivityFeed(gdata.BatchFeed, gdata.LinkFinder):
-  """Describes a feed of site activity (changes)."""
-  _tag = 'feed'
-  _namespace = atom.ATOM_NAMESPACE
-  _children = gdata.BatchFeed._children.copy()
-  _children['{%s}entry' % atom.ATOM_NAMESPACE] = ('entry', [ActivityEntry])
-
-  def __init__(self):
-    gdata.BatchFeed.__init__(self)
-
-def ActivityFeedFromString(xml_string):
-  return atom.CreateClassFromXMLString(ActivityFeed, xml_string)
--- a/src/gam/gdata/apps/sites/service.py
+++ b/src/gam/gdata/apps/sites/service.py
@@ -1,246 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright 2009 Google Inc. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""SitesService extends the GDataService for Google Sites API calls."""
-
-import gdata.apps
-import gdata.apps.service
-import gdata.service
-
-
-# Feed URI templates
-CONTENT_FEED_TEMPLATE = '/feeds/content/%s/%s/'
-REVISION_FEED_TEMPLATE = '/feeds/revision/%s/%s/'
-ACTIVITY_FEED_TEMPLATE = '/feeds/activity/%s/%s/'
-ACTIVITY_ENTRY_TEMPLATE = '/feeds/activity/%s/%s/%s'
-SITE_FEED_TEMPLATE = '/feeds/site/%s/'
-ACL_FEED_TEMPLATE = '/feeds/acl/site/%s/%s'
-ACL_ENTRY_TEMPLATE = '/feeds/acl/site/%s/%s/%s'
-
-
-class SitesService(gdata.service.GDataService):
-  """Client extension for the Google Sites API service."""
-
-  def __init__(self,
-               source=None, server='sites.google.com', additional_headers=None,
-               **kwargs):
-    """Constructs a new client for the Sites API.
-
-    Args:
-      site: string (optional) Name (webspace) of the Google Site
-      domain: string (optional) Domain of the (Google Apps hosted) Site.
-          If no domain is given, the Site is assumed to be a consumer Google
-          Site, in which case the value 'site' is used.
-      source: string (optional) The name of the user's application.
-      server: string (optional) The name of the server to which a connection
-          will be opened. Default value: 'sites..google.com'.
-      **kwargs: The other parameters to pass to gdata.service.GDataService
-          constructor.
-    """
-    if additional_headers == None:
-      additional_headers = {}
-    additional_headers['GData-Version'] = '1.4'
-    gdata.service.GDataService.__init__(self,
-                                        source=source, server=server, additional_headers=additional_headers,
-                                        **kwargs)
-    self.ssl = True
-    self.port = 443
-
-  def make_site_feed_uri(self, domain=None, site=None):
-    if not domain:
-      domain = 'site'
-    if not site:
-      return SITE_FEED_TEMPLATE % domain
-    return (SITE_FEED_TEMPLATE % domain) + site
-
-  MakeSiteFeedUri = make_site_feed_uri
-
-  def get_site_feed(self, uri=None, domain=None, site=None,
-                    extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_site_feed_uri(domain=domain, site=site)
-    try:
-      return self.Get(uri,
-                      url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                      converter=gdata.apps.sites.SiteFeedFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  GetSiteFeed = get_site_feed
-
-  def create_site(self, siteentry=None, uri=None, domain=None, site=None,
-                  extra_headers=None, url_params=None, escape_params=True):
-
-    if uri is None:
-      uri = self.make_site_feed_uri(domain=domain, site=site)
-    try:
-      return self.Post(siteentry, uri,
-                       url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                       converter=gdata.apps.sites.SiteEntryFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  CreateSite = create_site
-
-  def get_site(self, uri=None, domain=None, site=None,
-               extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_site_feed_uri(domain=domain, site=site)
-    try:
-      return self.Get(uri,
-                      url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                      converter=gdata.apps.sites.SiteEntryFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  GetSite = get_site
-
-  def update_site(self, siteentry=None, uri=None, domain=None, site=None,
-                  extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_site_feed_uri(domain=domain, site=site)
-    try:
-      return self.Put(siteentry, uri,
-                      url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                      converter=gdata.apps.sites.SiteEntryFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  UpdateSite = update_site
-
-  def make_acl_feed_uri(self, domain=None, site=None):
-    return ACL_FEED_TEMPLATE % (domain, site)
-
-  MakeAclFeedUri = make_acl_feed_uri
-
-  def get_acl_feed(self, uri=None, domain=None, site=None,
-                   extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_acl_feed_uri(domain=domain, site=site)
-    try:
-      return self.Get(uri,
-                      url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                      converter=gdata.apps.sites.AclFeedFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  GetAclFeed = get_acl_feed
-
-  def make_acl_entry_uri(self, domain=None, site=None, ruleId=None):
-    return ACL_ENTRY_TEMPLATE % (domain, site, ruleId)
-
-  MakeAclEntryUri = make_acl_entry_uri
-
-  def create_acl_entry(self, aclentry=None, uri=None, domain=None, site=None,
-                       extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_acl_feed_uri(domain=domain, site=site)
-    try:
-      return self.Post(aclentry, uri,
-                       url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                       converter=gdata.apps.sites.AclEntryFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  CreateAclEntry = create_acl_entry
-
-  def get_acl_entry(self, uri=None, domain=None, site=None, ruleId=None,
-                    extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_acl_entry_uri(domain=domain, site=site, ruleId=ruleId)
-    try:
-      return self.Get(uri,
-                      url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                      converter=gdata.apps.sites.AclEntryFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  GetAclEntry = get_acl_entry
-
-  def update_acl_entry(self, aclentry=None, uri=None, domain=None, site=None, ruleId=None,
-                       extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_acl_entry_uri(domain=domain, site=site, ruleId=ruleId)
-    try:
-      return self.Put(aclentry, uri,
-                      url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                      converter=gdata.apps.sites.AclEntryFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  UpdateAclEntry = update_acl_entry
-
-  def delete_acl_entry(self, uri=None, domain=None, site=None, ruleId=None,
-                       extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_acl_entry_uri(domain=domain, site=site, ruleId=ruleId)
-    try:
-      return self.Delete(uri,
-                         url_params=url_params, escape_params=escape_params, extra_headers=extra_headers)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  DeleteAclEntry = delete_acl_entry
-
-  def make_activity_feed_uri(self, domain=None, site=None):
-    return ACTIVITY_FEED_TEMPLATE % (domain, site)
-
-  MakeActivityFeedUri = make_activity_feed_uri
-
-  def get_activity_feed(self, uri=None, domain=None, site=None,
-                        extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_activity_feed_uri(domain=domain, site=site)
-    try:
-      return self.Get(uri,
-                      url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                      converter=gdata.apps.sites.ActivityFeedFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  GetActivityFeed = get_activity_feed
-
-  def make_activity_entry_uri(self, domain=None, site=None, activityId=None):
-    return ACTIVITY_ENTRY_TEMPLATE % (domain, site, activityId)
-
-  MakeActivityEntryUri = make_activity_entry_uri
-
-  def get_activity_entry(self, uri=None, domain=None, site=None, activityId=None,
-                         extra_headers=None, url_params=None, escape_params=True):
-
-    uri = uri or self.make_activity_entry_uri(domain=domain, site=site, activityId=activityId)
-    try:
-      return self.Get(uri,
-                      url_params=url_params, extra_headers=extra_headers, escape_params=escape_params,
-                      converter=gdata.apps.sites.ActivityEntryFromString)
-    except gdata.service.RequestError as e:
-      raise gdata.apps.service.AppsForYourDomainException(e.args[0])
-
-  GetActivityEntry = get_activity_entry
-
-class SitesQuery(gdata.service.Query):
-
-  def make_site_feed_uri(self, domain=None, site=None):
-    if not domain:
-      domain = 'site'
-    if not site:
-      return SITE_FEED_TEMPLATE % domain
-    return (SITE_FEED_TEMPLATE % domain) + site
-
-  def __init__(self, feed=None, domain=None, site=None, params=None):
-    self.feed = feed or self.make_site_feed_uri(domain=domain, site=site)
-    gdata.service.Query.__init__(self, feed=self.feed, params=params)
-
--- a/src/gam/googleapiclient/version.py
+++ b/src/gam/googleapiclient/version.py
@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-__version__ = "2.146.0"
+__version__ = "2.164.0"
--- a/src/gam/meet-v2beta.json
+++ b/src/gam/meet-v2beta.json
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -11,4 +11,4 @@ lxml
 passlib>=1.7.2
 pathvalidate
 python-dateutil
-yubikey-manager>=5.0
+yubikey-manager[yubikey]>=5.0
--- a/src/serviceaccountlookup-v1.json
+++ b/src/serviceaccountlookup-v1.json
@@ -1,141 +0,0 @@
-{
-  "basePath": "",
-  "baseUrl": "https://www.googleapis.com/service_accounts/v1",
-  "canonicalName": "serviceaccountlookup",
-  "description": "Pseudo-API to lookup public certificates for a service account anonymously",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://example.com/",
-  "fullyEncodeReservedExpansion": true,
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "id": "serviceaccountlookup:v1",
-  "kind": "discovery#restDescription",
-  "name": "serviceaccountlookup",
-  "ownerDomain": "google.com",
-  "ownerName": "Google",
-  "packagePath": "admin",
-  "parameters": {
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "enum": [
-        "1",
-        "2"
-      ],
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "access_token": {
-      "description": "OAuth access token.",
-      "location": "query",
-      "type": "string"
-    },
-    "alt": {
-      "default": "json",
-      "description": "Data format for response.",
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "callback": {
-      "description": "JSONP",
-      "location": "query",
-      "type": "string"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "location": "query",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "location": "query",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "default": "true",
-      "description": "Returns response with indentations and line breaks.",
-      "location": "query",
-      "type": "boolean"
-    },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "location": "query",
-      "type": "string"
-    },
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    },
-    "upload_protocol": {
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    }
-  },
-  "protocol": "rest",
-  "resources": {
-    "serviceaccounts": {
-      "methods": {
-        "lookup": {
-          "description": "Lookup",
-          "flatPath": "metadata/x509/{account}",
-          "httpMethod": "GET",
-          "id": "serviceaccountslookup.lookup",
-          "parameterOrder": [
-            "account"
-          ],
-          "parameters": {
-            "account": {
-              "description": "Email or ID of the service account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "metadata/x509/{account}",
-	  "response": {
-            "$ref": "Certificates"
-          }
-        }
-      }
-    }
-  },
-  "rootUrl": "https://www.googleapis.com/service_accounts/v1",
-  "schemas": {
-    "Certificates": { 
-      "description": "JSON template for certificates.",
-      "id": "Certificates",
-      "properties": {
-        "email": {          "description": "Email of the delegate.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    }
-  },
-  "servicePath": "",
-  "title": "Service Account Lookup Pseudo-API",
-  "version": "v1",
-  "version_module": true
-}