Added option security to gam create cigroup

ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.

.github/workflows/build.yml

@@ -17,7 +17,7 @@ defaults:
     working-directory: src
 
 env:
-  SCRATCH_COUNTER: 3
+  SCRATCH_COUNTER: 7
   OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
   OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
   OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
@@ -41,48 +41,57 @@ jobs:
             goal: build
             arch: x86_64
             openssl_archs: linux-x86_64
-          - os: [self-hosted, linux, arm64]
+          - os: ubuntu-24.04-arm
             jid: 3
             goal: build
             arch: aarch64
             openssl_archs: linux-aarch64
-          - os: ubuntu-22.04
+          - os: ubuntu-22.04-arm
             jid: 4
             goal: build
+            arch: aarch64
+            openssl_archs: linux-aarch64
+          - os: ubuntu-22.04
+            jid: 5
+            goal: build
             arch: x86_64
             openssl_archs: linux-x86_64
             staticx: yes
-          - os: [self-hosted, linux, arm64]
-            jid: 5
+          - os: ubuntu-22.04-arm
+            jid: 6
             goal: build
             arch: aarch64
             openssl_archs: linux-aarch64
             staticx: yes
           - os: macos-13
-            jid: 6
+            jid: 7
             goal: build
             arch: x86_64
             openssl_archs: darwin64-x86_64
           - os: macos-14
-            jid: 7
-            goal: build
-            arch: aarch64
-            openssl_archs: darwin64-arm64
-          - os: macos-15
             jid: 8
             goal: build
             arch: aarch64
             openssl_archs: darwin64-arm64
-          - os: windows-2022
+          - os: macos-15
             jid: 9
             goal: build
+            arch: aarch64
+            openssl_archs: darwin64-arm64
+          - os: windows-2022
+            jid: 10
+            goal: build
             arch: Win64
             openssl_archs: VC-WIN64A
-          - os: ubuntu-24.04
-            goal: test
-            python: "3.9"
-            jid: 10
-            arch: x86_64
+          # disable 3.9 test for now since it's oldest and due
+          # for removal in Oct 2025. We only have 13 jid accounts
+          # so we need this one off but can re-enable at some point
+          # if we feel the need.
+          #- os: ubuntu-24.04
+          #  goal: test
+          #  python: "3.9"
+          #  jid: 11
+          #  arch: x86_64
           - os: ubuntu-24.04
             goal: test
             python: "3.10"
@@ -120,7 +129,7 @@ jobs:
         with:
           path: |
             cache.tar.xz
-          key: gam-${{ matrix.jid }}-20241114
+          key: gam-${{ matrix.jid }}-20250204
 
       - name: Untar Cache archive
         if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -187,7 +196,7 @@ jobs:
           echo "gampath=${gampath}" >> $GITHUB_ENV
 
       - name: Install necessary Github-hosted Linux packages
-        if: runner.os == 'Linux' && runner.arch == 'X64'
+        if: runner.os == 'Linux'
         run: |
           echo "RUNNING: apt update..."
           sudo apt-get -qq --yes update
@@ -548,7 +557,6 @@ jobs:
             # https://github.com/pyinstaller/pyinstaller/issues/7102
             export PATH="$(dirname ${PYTHON}):/usr/bin"
           fi
-          #if ([ "${staticx}" != "yes" ] && [ "$RUNNER_OS" != "Windows" ]); then
           if [[ "$staticx" != "yes" ]]; then
             export PYINSTALLER_BUILD_ONEDIR=yes
           fi
@@ -594,6 +602,9 @@ jobs:
       - name: Install StaticX
         if: matrix.staticx == 'yes'
         run: |
+          sudo apt-get -qq --yes update
+          # arm64 needs to build a wheel and needs scons to build
+          sudo apt-get -qq --yes install scons
           "${PYTHON}" -m pip install --upgrade patchelf-wrapper
           "${PYTHON}" -m pip install --upgrade staticx
 
@@ -994,7 +1005,7 @@ jobs:
 
   merge:
     if: (github.event_name == 'push' || github.event_name == 'schedule')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: build
     permissions:
       contents: write
@@ -1008,7 +1019,7 @@ jobs:
 
   publish:
     if: github.event_name == 'push'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: merge
     permissions:
       contents: write

.github/workflows/get-cacerts.yml

@@ -20,8 +20,24 @@ jobs:
           persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
           fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
 
-      - name: Check for updates
-        run: curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem
+      - name: Get Current cacerts.pem hash
+        run: |
+          export CURRENT_HASH=$(sha256sum ./cacerts.pem)
+          echo "Current hash is: ${CURRENT_HASH}"
+          echo "CURRENT_HASH=${CURRENT_HASH}" >> $GITHUB_ENV
+
+      - name: Get latest cacerts.pem file from Google
+        run: |
+          curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem
+
+      - name: Compare hashes
+        run: |
+          export NEW_HASH=$(sha256sum ./cacerts.pem)
+          if [ "$NEW_HASH" == "$CURRENT_HASH" ]; then
+            echo "Same file."
+          else
+            echo "New file content. Was ${CURRENT_HASH} and now is ${NEW_HASH}"
+          fi
 
       - name: Commit file
         run: |

src/GamCommands.txt

@@ -377,7 +377,7 @@ If an item contains spaces, it should be surrounded by ".
 <ChatThread> ::= spaces/<String>/threads/<String>
 <GIGroupAlias> ::= <EmailAddress>
 <GIGroupItem> ::= <EmailAddress>|<UniqueID>|groups/<String>
-<CIGroupType> ::= customer|group|other|serviceaccount|user
+<CIGroupMemberType> ::= cbcmbrowser|chromeosdevice|customer|group|other|serviceaccount|user
 <CIPolicyName> ::= policies/<String>|settings/<String>|<String>
 <ClassificationLabelID> ::= <String>
 <ClassificationLabelFieldID> ::= <String>
@@ -468,7 +468,7 @@ If an item contains spaces, it should be surrounded by ".
 <FloorName> ::= <String>
 <GroupItem> ::= <EmailAddress>|<UniqueID>|<String>
 <GroupRole> ::= owner|manager|member
-<GroupType> ::= customer|group|user
+<GroupMemberType> ::= customer|group|user
 <GuardianItem> ::= <EmailAddress>|<UniqueID>|<String>
 <GuardianInvitationID> ::= <String>
 <HoldItem> ::= <UniqueID>|<String>
@@ -664,7 +664,7 @@ If an item contains spaces, it should be surrounded by ".
 <CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
 <ChatSpaceList> ::= "<ChatSpace>(,<ChatSpace>)*"
 <CIGroupAliasList> ::= "<CIGroupAlias>(,<CIGroupAlias>)*"
-<CIGroupTypeList> ::= "<CIGroupType>(,<CIGroupType>)*"
+<CIGroupMemberTypeList> ::= "<CIGroupMemberType>(,<CIGroupMemberType>)*"
 <CIPolicyNameList> ::= "<CIPolicyName>(,<CIPolicyName>)*"
 <ClassroomInvitationIDList> ::= "<ClassroomInvitationID>(,<ClassroomInvitationID>)*"
 <ContactGroupList> ::= "<ContactGroupItem>(,<ContactGroupItem>)*"
@@ -707,7 +707,7 @@ If an item contains spaces, it should be surrounded by ".
 <GuardianInvitationIDList> ::= "<GuardianInvitationID>(,<GuardianInvitationID>)*"
 <GroupList> ::= "<GroupItem>(,<GroupItem>)*"
 <GroupRoleList> ::= "<GroupRole>(,<GroupRole>)*"
-<GroupTypeList> ::= "<GroupType>(,<GroupType>)*"
+<GroupMemberTypeList> ::= "<GroupMemberType>(,<GroupMemberType>)*"
 <LabelIDList> ::= "<LabelID>(,<LabelID>)*"
 <LabelNameList> ::= "'<LabelName>'(,'<LabelName>')*"
 <LanguageList> ::= "<Language>(,<Language>)*"
@@ -1059,6 +1059,7 @@ Specify a collection of items by directly specifying them; the item type is dete
         all_shortcuts |
         all_3p_shortcuts |
         all_items |
+        my_commentable_items |
         my_docs |
         my_files |
         my_folders |
@@ -1361,6 +1362,7 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
          nokey]
 gam use project [<EmailAddress>] [<ProjectID>]
 gam use project [admin <EmailAddress>] [project <ProjectID>]
+        [appname <String>] [supportemail <EmailAddress>]
         [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
         [sadescription <ServiceAccountDescription>]
         [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
@@ -1676,6 +1678,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
         (range <Date> <Date>)|
         (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)|
         (reminder <Number> email|popup))|
+	(resource <ResourceID>)|
         (selectattendees [<AttendeeAttendance>] [<AttendeeStatus>] <UserTypeEntity>)|
         (sequence <Integer>)|
         (sharedproperty <PropertyKey> <PropertyValue>)|
@@ -1706,8 +1709,10 @@ The following attributes are equivalent:
         clearattendees|
         clearhangoutsmeet|
         (clearprivateproperty <PropertyKey>)|
+        clearresources|
         (clearsharedproperty <PropertyKey>)|
         (removeattendee <EmailAddress>)|
+        (removeresource <ResourceID>)|
         (replacedescription <RegularExpression> <String>)|
         (selectremoveattendees <UserTypeEntity>)
 
@@ -3828,8 +3833,9 @@ gam info group|groups <GroupEntity>
         [basic] <GroupFieldName>* [fields <GroupFieldNameList>] [nodeprecated]
         [ciallfields|(cifields <CIGroupFieldNameList>)]
         [members] [managers] [owners]
+        [internal] [internaldomains <DomainNameList>] [external]
         [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
         [formatjson]
 gam print groups [todrive <ToDriveAttribute>*]
@@ -3844,9 +3850,10 @@ gam print groups [todrive <ToDriveAttribute>*]
         [nodeprecated]
         [roles <GroupRoleList>]
         [members|memberscount] [managers|managerscount] [owners|ownerscount] [totalcount] [countsonly]
+        [internal] [internaldomains <DomainNameList>] [external]
         [includederivedmembership]
         [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
         [convertcrnl] [delimiter <Character>] [sortheaders]
         [formatjson [quotechar <Character>]]
@@ -3879,10 +3886,11 @@ gam print group-members [todrive <ToDriveAttribute>*]
         [descriptionmatchpattern [not] <RegularExpression>]
         [admincreatedmatch <Boolean>]
         [roles <GroupRoleList>] [members] [managers] [owners]
+        [internal] [internaldomains <DomainNameList>] [external]
         [membernames] [showdeliverysettings]
         <MembersFieldName>* [fields <MembersFieldNameList>]
         [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
         [userfields <UserFieldNameList>]
         [allschemas|(schemas|custom|customschemas <SchemaNameList>)]
@@ -3890,7 +3898,7 @@ gam print group-members [todrive <ToDriveAttribute>*]
         [peoplelookup|(peoplelookupuser <EmailAddress>)]
         [unknownname <String>] [cachememberinfo [Boolean]]
         [formatjson [quotechar <Character>]]
-gam show group-members
+`gam show group-members
         [([domain|domains <DomainNameEntity>] ([member|showownedby <EmailItem>]|[(query <QueryGroup>)|(queries <QueryGroupList>)]))|
          (group|group_ns|group_susp <GroupItem>)|
          (select <GroupEntity>)]
@@ -3898,8 +3906,9 @@ gam show group-members
         [descriptionmatchpattern [not] <RegularExpression>]
         [admincreatedmatch <Boolean>]
         [roles <GroupRoleList>] [members] [managers] [owners] [depth <Number>]
+        [internal] [internaldomains <DomainNameList>] [external]
         [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
         [includederivedmembership]
 
@@ -3918,12 +3927,16 @@ gam show group-members
         updatetime
 <CIGroupFieldNameList> ::= "<CIGroupFieldName>(,<CIGroupFieldName>)*"
 
-gam create cigroup <EmailAddress> [copyfrom <GroupItem>] <GroupAttribute>*
-        [makeowner] [alias|aliases <CIGroupAliasList>] [dynamic <QueryDynamicGroup>]
+gam create cigroup <EmailAddress>
+        [copyfrom <GroupItem>] <GroupAttribute>*
+        [makeowner] [alias|aliases <CIGroupAliasList>]
+        [security|makesecuritygroup]
+        [dynamic <QueryDynamicGroup>]
 gam update cigroup <GroupEntity> [copyfrom <GroupItem>] <GroupAttribute>
         [security|makesecuritygroup|
          dynamicsecurity|makedynamicsecuritygroup|
          lockedsecurity|makelockedsecuritygroup]
+        [locked|unlocked]
         [dynamic <QueryDynamicGroup>]
         [memberrestrictions <QueryMemberRestrictions>]
 gam update cigroups <GroupEntity> create|add [<GroupRole>]
@@ -3957,7 +3970,8 @@ gam info cigroups <GroupEntity>
         [nosecurity|nosecuritysettings]
         [allfields|<CIGroupFieldName>*|(fields <CIGroupFieldNameList>)]
         [roles <GroupRoleList>] [members] [managers] [owners]
-        [types <CIGroupTypeList>]
+        [internal] [internaldomains <DomainNameList>] [external]
+        [types <CIGroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
         [formatjson]
 gam print cigroups [todrive <ToDriveAttribute>*]
@@ -3968,7 +3982,8 @@ gam print cigroups [todrive <ToDriveAttribute>*]
         [basic|allfields|(<CIGroupFieldName>* [fields <CIGroupFieldNameList>])]
         [roles <GroupRoleList>] [memberrestrictions]
         [members|memberscount] [managers|managerscount] [owners|ownerscount] [totalcount] [countsonly]
-        [types <CIGroupTypeList>]
+        [internal] [internaldomains <DomainNameList>] [external]
+        [types <CIGroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
         [convertcrnl] [delimiter <Character>]
         [formatjson [quotechar <Character>]]
@@ -3993,7 +4008,7 @@ gam print cigroup-members [todrive <ToDriveAttribute>*]
         [emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
         [descriptionmatchpattern [not] <RegularExpression>]
         [roles <GroupRoleList>] [members] [managers] [owners]
-        [types <CIGroupTypeList>]
+        [types <CIGroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
         <CIGroupMembersFieldName>* [fields <CIGroupMembersFieldNameList>]
         [(recursive [noduplicates])includederivedmembership] [nogroupeemail]
@@ -4004,7 +4019,7 @@ gam show cigroup-members
         [emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
         [descriptionmatchpattern [not] <RegularExpression>]
         [roles <GroupRoleList>] [members] [managers] [owners] [depth <Number>]
-        [types <CIGroupTypeList>]
+        [types <CIGroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
 
 # Cloud Identity Devices
@@ -4440,7 +4455,7 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
         [event|events <EventNameList>] [ip <String>]
         [groupidfilter <String>]
         [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
-        [countsonly [summary] [eventrowfilter]]
+        [countsonly [bydate|summary] [eventrowfilter]]
         (addcsvdata <FieldName> <String>)* [shownoactivities]
 
 <CustomerServiceName> ::=
@@ -4503,7 +4518,7 @@ gam report users|user [todrive <ToDriveAttribute>*]
         (country|countrycode <String>)
 
 gam create|add resoldcustomer <CustomerDomain> (customer_auth_token <String>) <ResoldCustomerAttribute>+
-gam update resoldcustomer <CustomerID> [customer_auth_token <String>] <ResoldCustomerAttribues>+
+gam update resoldcustomer <CustomerID> <ResoldCustomerAttribues>+
 gam info resoldcustomer <CustomerID> [formatjson]
 
 gam create|add resoldsubscription <CustomerID> (sku <SKUID>)
@@ -6564,6 +6579,8 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
         [copysubfolderpermissions [<Boolean>]]
         [copysubfolderinheritedpermissions [<Boolean>]]
         [copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders]
+        [copypermissionroles <DriveFileACLRoleList>]
+        [copypermissiontypes <DriveFileACLTypeList>]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
         (mappermissionsdomain <DomainName> <DomainName>)*
         [copysheetprotectedranges [<Boolean>]]
@@ -6779,12 +6796,12 @@ gam print ownership <DriveFileID>|(drivefilename <DriveFileName>) [todrive <ToDr
 gam <UserTypeEntity> show filecomments <DriveFileEntity>
         [showdeleted] [start <Date>|<Time>]
         [fields <CommentsFieldNameList>] [showphotolinks]
-        [countsonly]
+        [countsonly|positivecountsonly]
         [formatjson]
 gam <UserTypeEntity> print filecomments <DriveFileEntity> [todrive <ToDriveAttribute>*]
         [showdeleted] [start <Date>|<Time>]
         [fields <CommentsFieldNameList>] [showphotolinks]
-        [countsonly]
+        [countsonly|positivecountsonly]
         (addcsvdata <FieldName> <String>)*
         [formatjson [quotechar <Character>]]
 
@@ -7344,11 +7361,11 @@ gam <UserTypeEntity> print filters [labelidsonly] [todrive <ToDriveAttribute>*]
 # Users - Forms
 
 gam <UserTypeEntity> create form
-        title <String> [description <String>] [isquiz [<Boolean>]
+        title <String> [description <String>] [isquiz [<Boolean>]] [<JSONData>]
         [drivefilename <DriveFileName>] [<DriveFileParentAttribute>]
         [(csv [todrive <ToDriveAttribute>*]) | returnidonly]
 gam <UserTypeEntity> update form <DriveFileEntity>
-        [title <String>] [description <String>] [isquiz [<Boolean>]
+        [title <String>] [description <String>] [isquiz [<Boolean>]] [<JSONData>]
 
 gam <UserTypeEntity> print forms <DriveFileEntity> [todrive <ToDriveAttribute>*]
         (addcsvdata <FieldName> <String>)*
@@ -7813,7 +7830,8 @@ gam <UserTypeEntity> delete noteacl <NotesNameEntity>
 # Users - Licenses
 
 gam <UserTypeEntity> create|add license <SKUIDList> [product|productid <ProductID>] [preview] [actioncsv]
-gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID> [preview] [actioncsv]
+gam <UserTypeEntity> update license <NewSKUID> [product|productid <ProductID>] [from] <OldSKUID>
+        [preview|archive] [actioncsv]
 gam <UserTypeEntity> delete license <SKUIDList> [product|productid <ProductID>] [preview] [actioncsv]
 gam <UserTypeEntity> sync license <SKUIDList> [product|productid <ProductID>] [addonly|removeonly] [allskus|onesku] [preview] [actioncsv]
 

src/GamUpdate.txt

@@ -1,3 +1,191 @@
+7.03.04
+
+Added option `security` to `gam create cigroup` that allows creation of a security group
+in a single command.
+
+Updated to Python 3.13.2 where possible.
+
+7.03.03
+
+Fixed bug in `gam update resoldcustomer` that caused the following error:
+```
+ERROR: Got an unexpected keyword argument customerAuthToken
+```
+
+7.03.02
+
+Updated `gam <UserTypeEntity> show labels nested` to properly display label nesting
+when labels have embedded `/` characters in their names.
+
+7.03.01
+
+Updated `gam create project` to retry the following unexpected error:
+```
+ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.
+```
+
+7.03.00
+
+Updated `gam create|use project` to discontinue use of the `Identity-Aware Proxy (IAP) OAuth Admin APIs`
+that are being deprecated by Google. You will see a set of instructions detailing how to
+configure the Oauth Consent screen and create the Oauth client.
+
+Added options `copypermissionroles <DriveFileACLRoleList>` and `copypermissiontypes <DriveFileACLTypeList>`
+to `gam <UserTypeEntity> copy drivefile` that provide more control over what permissions are copied
+from the source files/folders to the destination files/folders.
+
+7.02.11
+
+Updated `gam report <ActivityApplicationName>` to display `id:<actor.profileId>` in the `emailAddress` column
+when `actor.email` is empty. This typically occurs when the actor is not in your workspace.
+
+Updated `gam <UserTypeEntity> copy drivefile` to ignore ACLs referencing deleted user/groups.
+
+7.02.10
+
+Added option `bydate` to `gam report <ActivityApplicationName> ... countsonly` that provides an additional display option.
+* `countsonly` - Display a row per user across all dates with all event counts on one row
+* `countsonly bydate` - Display a row per user per date for all dates with any events with all events counts on the row
+* `countsonly summary` - Display a row per event with counts for each event summarized across users and dates
+
+7.02.09
+
+Added option `clearresources` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that allows clearing all resources from a user's calendar events. For example, to clear all resources from a user's future events:
+```
+gam user user@domain.com update events primary matchfield attendeespattern @resource.calendar.google.com after now clearresources
+```
+
+Added option `resource <ResourceID>` to `<EventAttribute>` for use in `gam <UserTypeEntity> create|update events`
+that adds a resource to an event.
+
+Added option `removeresource <ResourceID>` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that removes a resource from an event.
+
+7.02.08
+
+Fixed bug in `gam print|show chromepolicies` that caused a trap when neither
+`ou|orgunit <OrgUnitItem>` nor `group <GroupItem>` was specified.
+
+7.02.07
+
+Updated `gam delete|update chromepolicy` to display the `<AppID>` or `<PrinterID>` (if specified)
+in the command status messages.
+
+7.02.06
+
+Added option `<JSONData>` to `gam <UserTypeEntity> create|update form` that allows for
+creation/modification of all fields in a form. `<JSONData>` is a list of form update requests.
+
+* See: https://developers.google.com/forms/api/reference/rest/v1/forms/batchUpdate
+
+7.02.05
+
+Updated `gam [<UserTypeEntity>] show shareddriveacls ... formatjson` to not display this line
+which interferes with the JSON output.
+```
+User: user@domain.com, Show N Shared Drives
+```
+
+7.02.04
+
+Updated code to eliminate trap caused by bug introduced in 7.02.00 that occurs when an invalid domain or OU is specified.
+
+7.02.03
+
+Added option `archive` to `gam <UserTypeEntity> update license <NewSKUID> from <OldSKUID>` that causes GAM
+to archive `<UserTypeEntity>` after updating their license to `<NewSKUID>`. This will be used when you want to
+archive a user with a non-archivable license. The `<NewSKUID>` license is assigned to the user and it then converts
+to the equivalent Archived User license when the user is archived.
+
+`<NewSKUID>` must be one of the following SKUs:
+```
+Google-Apps-Unlimited - G Suite Business
+1010020020 - Google Workspace Enterprise Plus
+1010020025 - Google Workspace Business Plus
+1010020026 - Google Workspace Enterprise Standard
+1010020027 - Google Workspace Business Starter
+1010020028 - Google Workspace Business Standard
+```
+
+7.02.02
+
+Updated `gam <UserTypeEntity> archive messages <GroupItem>` to retry the following unexpected error
+that occurs after many messages have been successfully archived.
+`ERROR: 404: notFound - Unable to lookup group`
+
+7.02.01
+
+Added options `locked` and `unlocked` to `gam update cigroups` that allow locking/unlocking groups.
+
+* See: https://workspaceupdates.googleblog.com/2024/12/locked-groups-open-beta.html
+
+You'll have to do a `gam oauth create` and enable the following scope to use these options:
+```
+[*] 22)  Cloud Identity Groups API Beta (Enables group locking/unlocking)
+```
+
+7.02.00
+
+Improved the error message displayed for user service account access commands when:
+* The API is not enabled
+* The user does not exist
+* The user exists but is in a OU where the service is disabled
+
+7.01.04
+
+Admin role assignments are now in the v1 stable API, use that and remove custom local workaround for the beta. #1724
+
+Remove duplicate local JSON discovery files. #1724
+
+Suppress "UserWarning: Attribute's length must be..." messages on service accounts with long emails. #1725
+
+Added options `internal`, `internaldomains <DomainNameList>` and `external` to these commands
+that expand the options for viewing group members:
+```
+gam info group
+gam print groups
+gam print|show group-members
+gam info cigroup
+gam print cigroups
+gam print|show cigroup-members
+```
+By default, when listing group members, GAM does not take the domain of the member into account.
+* `internal internaldomains <DomainNameList>` - Display members whose domain is in `<DomainNameList>`
+* `external internaldomains <DomainNameList>` - Display members whose domain is not in `<DomainNameList>`
+* `internal external internaldomains <DomainNameList>` - Display all members, indicate their category: internal or external
+* `internaldomains <DomainNameList>` - Defaults to value of `domain` in `gam.cfg`
+
+Members without an email address, e.g. `customer`, `chromeosdevice` and `cbcmbrowser` are considered internal.
+
+Updated to Python 3.13.1.
+
+7.01.03
+
+Fixed bug in `gam update cigroups <GroupEntity> delete|sync|update` where `cbcmbrowser` and `chromeosdevice`
+addresses were not properly handled.
+
+7.01.02
+
+Added option `positivecountsonly` to `gam <UserTypeEntity> print|show filecomments` that causes
+GAM to display the number of comments and replies only for files that have comments.
+
+Added `my_commentable_items` to `<DriveFileQueryShortcut>` that can be used with
+`gam <UserTypeEntity> print|show filecomments my_commentable_items` to speed up processing.
+
+Updated code that uses the Domain Shared Contacts API with an HTTPS proxy to avoid a trap:
+```
+Traceback (most recent call last):
+...
+File "atom/http.py", line 250, in _prepare_connection
+AttributeError: module 'ssl' has no attribute 'wrap_socket'
+```
+
+7.01.01
+
+Fixed bug in `gam <UserTypeEntity> print|show filetree` where no error message was generated
+if a user had Drive disabled.
+
 7.01.00
 
 Fixed bug in `gam update chromepolicy` that caused some policy updates to fail.
@@ -5,7 +193,7 @@ Fixed bug in `gam update chromepolicy` that caused some policy updates to fail.
 Added option `showhtml` to `gam <UserTypeEntity> print|show messages` that, when used with `showbody`,
 will display message body content of type HTML.
 
-Added support for manageing/displaying Chrome profiles.
+Added support for managing/displaying Chrome profiles.
 
 * See: https://github.com/GAM-team/GAM/wiki/Chrome-Profile-Management
 

src/cbcm-v1.1beta1.json

@@ -1,594 +0,0 @@
-{
-  "auth": {
-    "oauth2": {
-      "scopes": {
-        "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers": {
-          "description": "View and manage your Chrome browsers registered with Cloud Management"
-        },
-        "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly": {
-          "description": "View your Chrome browsers registered with Cloud Management"
-        }
-      }
-    }
-  },
-  "basePath": "",
-  "baseUrl": "https://admin.googleapis.com/admin/directory/v1.1beta1/customer/",
-  "batchPath": "batch",
-  "canonicalName": "cbcm",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://support.google.com/chrome/a/answer/9681204",
-  "fullyEncodeReservedExpansion": true,
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "id": "cbcm:v1.1beta1",
-  "kind": "discovery#restDescription",
-  "mtlsRootUrl": "https://admin.mtls.googleapis.com/",
-  "name": "cbcm",
-  "ownerDomain": "google.com",
-  "ownerName": "Jay Lee",
-  "packagePath": "cbcm",
-  "parameters": {
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "enum": [
-        "1",
-        "2"
-      ],
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "access_token": {
-      "description": "OAuth access token.",
-      "location": "query",
-      "type": "string"
-    },
-    "alt": {
-      "default": "json",
-      "description": "Data format for response.",
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "callback": {
-      "description": "JSONP",
-      "location": "query",
-      "type": "string"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "location": "query",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "location": "query",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "default": "true",
-      "description": "Returns response with indentations and line breaks.",
-      "location": "query",
-      "type": "boolean"
-    },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "location": "query",
-      "type": "string"
-    },
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    },
-    "upload_protocol": {
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    }
-  },
-  "protocol": "rest",
-  "resources": {
-    "chromebrowsers": {
-      "methods": {
-        "delete": {
-          "description": "Deletes a browser.",
-          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
-          "httpMethod": "DELETE",
-          "id": "cbcm.chromebrowsers.delete",
-          "parameterOrder": [
-            "customer",
-            "deviceId"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "deviceId": {
-              "description": "Immutable ID of the browser.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers/{deviceId}",
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        },
-        "get": {
-          "description": "Retrieves a browser.",
-          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
-          "httpMethod": "GET",
-          "id": "cbcm.chromebrowsers.get",
-          "parameterOrder": [
-            "customer",
-            "deviceId"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "deviceId": {
-              "description": "Immutable ID of the browser.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "projection": {
-              "description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers/{deviceId}",
-          "response": {
-            "$ref": "ChromeBrowser"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
-          ]
-        },
-        "list": {
-          "description": "Retrieves a paginated list of all the browsers in a domain.",
-          "flatPath": "{customer}/devices/chromebrowsers",
-          "httpMethod": "GET",
-          "id": "cbcm.chromebrowsers.list",
-          "parameterOrder": [
-            "customer"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "maxResults": {
-              "description": "Maximum number of results to return.",
-              "format": "int32",
-              "location": "query",
-              "maximum": "100",
-              "minimum": "1",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "property to use for sorting results.",
-              "location": "query",
-              "type": "string"
-            },
-            "orgUnitPath": {
-              "description": "The full path of the organizational unit or its unique ID.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Token to specify the next page in the list.",
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
-              "location": "query",
-              "type": "string"
-            },
-            "query": {
-              "description": "Search string using the list page query language.",
-              "location": "query",
-              "type": "string"
-            },
-            "sortOrder": {
-              "description": "Whether to return results in ascending or descending order. Must be used with the orderBy parameter.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers",
-          "response": {
-            "$ref": "ChromeBrowsers"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
-          ]
-        },
-        "moveChromeBrowsersToOu": {
-          "description": "Move Chrome Browsers Device between Organization Units",
-          "flatPath": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
-          "httpMethod": "POST",
-          "id": "cbcm.chromebrowsers.moveChromeBrowsersToOu",
-          "parameterOrder": [
-            "customer"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
-          "request": {
-            "$ref": "MoveChromeBrowsersRequest"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        },
-        "update": {
-          "description": "Updates a browser.",
-          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
-          "httpMethod": "PUT",
-          "id": "cbcm.chromebrowsers.update",
-          "parameterOrder": [
-            "customer",
-            "deviceId"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "deviceId": {
-              "description": "Immutable ID of the browser.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "projection": {
-              "description": "BASIC or FULL",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "{customer}/devices/chromebrowsers/{deviceId}",
-          "request": {
-            "$ref": "ChromeBrowser"
-          },
-          "response": {
-            "$ref": "ChromeBrowser"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        }
-      }
-    },
-    "enrollmentTokens": {
-      "methods": {
-        "list": {
-          "description": "Retrieves a paginated list of all the browser entollment tokens in a domain.",
-          "flatPath": "{customer}/chrome/enrollmentTokens",
-          "httpMethod": "GET",
-          "id": "cbcm.enrollmentTokens.list",
-          "parameterOrder": [
-            "customer"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "pageSize": {
-              "description": "Maximum number of results to return.",
-              "format": "int32",
-              "location": "query",
-              "maximum": "100",
-              "minimum": "1",
-              "type": "integer"
-            },
-            "orgUnitPath": {
-              "description": "The full path of the organizational unit or its unique ID.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Token to specify the next page in the list.",
-              "location": "query",
-              "type": "string"
-            },
-            "query": {
-              "description": "Search string using the list page query language.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "{customer}/chrome/enrollmentTokens",
-          "response": {
-            "$ref": "EnrollmentTokens"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
-          ]
-        },
-        "create": {
-          "description": "Creates a browser enrollment token in a domain.",
-          "flatPath": "{customer}/chrome/enrollmentTokens",
-          "httpMethod": "POST",
-          "id": "cbcm.enrollmentTokens.create",
-          "parameterOrder": [
-            "customer"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "{customer}/chrome/enrollmentTokens",
-          "request": {
-            "$ref": "CreateEnrollmentTokenRequest"
-          },
-          "response": {
-            "$ref": "EnrollmentToken"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        },
-        "revoke": {
-          "description": "Revokes a browser enrollment token in a domain.",
-          "flatPath": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
-          "httpMethod": "POST",
-          "id": "cbcm.enrollmentTokens.revoke",
-          "parameterOrder": [
-            "customer",
-            "tokenPermanentId"
-          ],
-          "parameters": {
-            "customer": {
-              "description": "Immutable ID of the G Suite account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "tokenPermanentId": {
-              "description": "Unique identifier for an enrollment token.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
-          ]
-        }
-      }
-    }
-  },
-  "revision": "20201203",
-  "rootUrl": "https://admin.googleapis.com/admin/directory/v1.1beta1/customer/",
-  "schemas": {
-    "ChromeBrowser": {
-      "id": "ChromeBrowser",
-      "properties": {
-        "annotatedAssetId": {
-          "description": "Asset identifier as annotated by the administrator or specified during enrollment.",
-          "type": "string"
-        },
-        "annotatedLocation": {
-          "description": "Address or location of the device as annotated by the administrator.",
-          "type": "string"
-        },
-        "annotatedNotes": {
-          "description": "Notes about this device as annotated by the administrator",
-          "type": "string"
-        },
-        "annotatedUser": {
-          "description": "User of the device as annotated by the administrator.",
-          "type": "string"
-        },
-        "deviceId": {
-          "annotations": {
-            "required": [
-              "cbcm.chromebrowsers.update"
-            ]
-          },
-          "description": "The unique ID of the device.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ChromeBrowsers": {
-      "id": "ChromeBrowsers",
-      "properties": {
-        "browsers": {
-          "description": "List of Chrome browser objects.",
-          "items": {
-            "$ref": "ChromeBrowser"
-          },
-          "type": "array"
-        },
-        "etag": {
-          "description": "ETag of the resource.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "admin#directory#chromeosdevices",
-          "description": "Kind of resource this is.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "EnrollmentToken": {
-      "id": "EnrollmentToken",
-      "properties": {
-        "kind": {
-          "default": "admin#directory#chromeEnrollmentToken",
-          "description": "Kind of resource this is.",
-          "type": "string"
-        },
-        "tokenId": {
-          "description": "Enrollment Token ID.",
-          "type": "string"
-        },
-        "tokenPermanentId": {
-          "description": "Enrollment Token Permanent ID.",
-          "type": "string"
-        },
-        "customerId": {
-          "description": "Immutable ID of the G Suite account.",
-          "type": "string"
-        },
-        "orgUnitPath": {
-          "description": "The full path of the organizational unit or its unique ID.",
-          "type": "string"
-        },
-        "creatorId": {
-          "description": "Creator ID.",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Creation Time.",
-          "type": "string"
-        },
-        "revokerId": {
-          "description": "Revoker ID.",
-          "type": "string"
-        },
-        "revokeTime": {
-          "description": "Revoke Time",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "EnrollmentTokens": {
-      "id": "EnrollmentTokens",
-      "properties": {
-        "chrome_enrollment_tokens": {
-          "description": "List of Chrome browser enrollment token objects.",
-          "items": {
-            "$ref": "EnrollmentToken"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "admin#directory#chromeEnrollmentTokens",
-          "description": "Kind of resource this is.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "CreateEnrollmentTokenRequest": {
-      "id": "CreateEnrollmentTokenRequest",
-      "type": "object",
-      "properties": {
-        "org_unit_path": {
-          "description": "The full path of the organizational unit or its unique ID.",
-          "type": "string"
-        },
-        "expire_time": {
-          "description": "Expiration Time.",
-          "type": "string"
-        },
-        "token_type": {
-          "id": "token_type",
-          "annotations": {
-            "required": [
-              "cbcm.enrollmentTokens.create"
-            ]
-          },
-          "description": "CHROME_BROWSER.",
-          "type": "string"
-        }
-      }
-    },
-    "MoveChromeBrowsersRequest": {
-      "id": "MoveChromeBrowsersRequest",
-      "type": "object",
-      "properties": {
-        "org_unit_path": {
-          "annotations": {
-            "required": [
-              "cbcm.chromebrowsers.moveChromeBrowsersToOu"
-            ]
-          },
-          "description": "Destination organization unit to move devices to. Full path of the organizational unit or its ID prefixed with id:",
-          "type": "string"
-        },
-        "resource_ids": {
-          "annotations": {
-            "required": [
-              "cbcm.chromebrowsers.moveChromeBrowsersToOu"
-            ]
-          },
-          "description": "List of unique device IDs of Chrome Browser Devices to move. A maximum of 600 browsers may be moved per request.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      }
-    }
-  },
-  "servicePath": "",
-  "title": "Admin SDK API",
-  "version": "cbcm_v1.1beta1"
-}

src/contactdelegation-v1.json

@@ -1,249 +0,0 @@
-{
-  "auth": {
-    "oauth2": {
-      "scopes": {
-        "https://www.googleapis.com/auth/admin.contact.delegation": {
-          "description": "View and manage your Contact Delegation"
-        },
-        "https://www.googleapis.com/auth/admin.contact.delegation.readonly": {
-          "description": "View your Contact Delegation"
-        }
-      }
-    }
-  },
-  "basePath": "",
-  "baseUrl": "https://admin.googleapis.com/admin/contacts/v1/",
-  "batchPath": "batch",
-  "canonicalName": "contactdelegation",
-  "description": "The Contact Delegation API allows Admins to delegate access of one user's, called the delegator, contacts to another user, called the delegate.",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://developers.google.com/admin-sdk/contact-delegation",
-  "fullyEncodeReservedExpansion": true,
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "id": "contactdelegation:v1",
-  "kind": "discovery#restDescription",
-  "name": "contactdelegation",
-  "ownerDomain": "google.com",
-  "ownerName": "Google",
-  "packagePath": "admin",
-  "parameters": {
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "enum": [
-        "1",
-        "2"
-      ],
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "access_token": {
-      "description": "OAuth access token.",
-      "location": "query",
-      "type": "string"
-    },
-    "alt": {
-      "default": "json",
-      "description": "Data format for response.",
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "callback": {
-      "description": "JSONP",
-      "location": "query",
-      "type": "string"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "location": "query",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "location": "query",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "default": "true",
-      "description": "Returns response with indentations and line breaks.",
-      "location": "query",
-      "type": "boolean"
-    },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "location": "query",
-      "type": "string"
-    },
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    },
-    "upload_protocol": {
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    }
-  },
-  "protocol": "rest",
-  "resources": {
-    "delegates": {
-      "methods": {
-        "create": {
-          "description": "Creates a contact delegations",
-          "flatPath": "users/{user}/delegates",
-          "httpMethod": "POST",
-          "id": "contactdelegations.delegates.create",
-          "parameterOrder": [
-            "user"
-          ],
-          "parameters": {
-            "user": {
-              "description": "Email address of the delegator.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "users/{user}/delegates/{delegate}",
-          "request": {
-            "$ref": "Delegate"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.contact.delegation"
-          ]
-        },
-        "delete": {
-          "description": "Deletes a contact delegation.",
-          "flatPath": "users/{user}/delegates/{delegate}",
-          "httpMethod": "DELETE",
-          "id": "contactdelegations.delegates.delete",
-          "parameterOrder": [
-            "user",
-            "delegate"
-          ],
-          "parameters": {
-            "delegate": {
-              "description": "Email address of the delegate",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "user": {
-              "description": "Email address of the delegator.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "users/{user}/delegates/{delegate}",
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.contact.delegation"
-          ]
-        },
-        "list": {
-          "description": "Lists contact delegates for a user",
-          "flatPath": "users/{user}/delegates",
-          "httpMethod": "GET",
-          "id": "contactdelegations.delegates.list",
-          "parameterOrder": [
-            "user"
-          ],
-          "parameters": {
-            "pageSize": {
-              "description": "Determines how many delegates are returned in each response. ",
-              "format": "int32",
-              "location": "query",
-              "minimum": "1",
-              "type": "integer"
-            },
-            "pageToken": {
-              "description": "Token to specify the next page in the list.",
-              "location": "query",
-              "type": "string"
-            },
-            "user": {
-              "description": "Email address of the delegator.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "users/{user}/delegates",
-          "response": {
-            "$ref": "Delegates"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/admin.contact.delegation",
-            "https://www.googleapis.com/auth/admin.contact.delegation.readonly"
-          ]
-        }
-      }
-    }
-  },
-  "rootUrl": "https://admin.googleapis.com/admin/contacts/v1/",
-  "schemas": {
-    "Delegate": {
-      "description": "JSON template for a delegate.",
-      "id": "Delegate",
-      "properties": {
-        "email": {
-          "description": "Email of the delegate.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Delegates": {
-      "id": "Delegates",
-      "properties": {
-        "delegates": {
-          "description": "List of delegates.",
-          "items": {
-            "$ref": "Delegate"
-          },
-          "type": "array"
-        },
-        "etag": {
-          "description": "ETag of the resource.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "",
-          "description": "Kind of resource this is.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    }
-  },
-  "servicePath": "",
-  "title": "Contact Delegation API",
-  "version": "v1",
-  "version_module": true
-}

src/datastudio-v1.json

@@ -1,486 +0,0 @@
-{
-  "basePath": "",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://support.google.com/datastudio",
-  "canonicalName": "Data Studio",
-  "id": "datastudio:v1",
-  "ownerName": "Google",
-  "description": "Allows programmatic viewing and editing of Data Studio assets.",
-  "rootUrl": "https://datastudio.googleapis.com/",
-  "ownerDomain": "google.com",
-  "mtlsRootUrl": "https://datastudio.mtls.googleapis.com/",
-  "batchPath": "batch",
-  "version_module": true,
-  "version": "v1",
-  "schemas": {
-    "Asset": {
-      "id": "Asset",
-      "properties": {
-        "title": {
-          "description": "The title of the asset.",
-          "type": "string"
-        },
-        "createTime": {
-          "format": "google-datetime",
-          "description": "Date the asset was created.",
-          "type": "string"
-        },
-        "lastViewByMeTime": {
-          "type": "string",
-          "description": "Date the asset was last viewed by me.",
-          "format": "google-datetime"
-        },
-        "owner": {
-          "type": "string",
-          "description": "The owner of the asset."
-        },
-        "name": {
-          "type": "string",
-          "description": "The name of the asset."
-        },
-        "trashed": {
-          "type": "boolean",
-          "description": "Value indicating if the asset is in the trash."
-        },
-        "updateTime": {
-          "format": "google-datetime",
-          "description": "Date the asset was last modified.",
-          "type": "string"
-        },
-        "updateByMeTime": {
-          "description": "Date the asset was last modified by me.",
-          "type": "string",
-          "format": "google-datetime"
-        },
-        "assetType": {
-          "enumDescriptions": [
-            "Asset type not specified.",
-            "A report asset.",
-            "A data Source asset."
-          ],
-          "enum": [
-            "ASSET_TYPE_UNSPECIFIED",
-            "REPORT",
-            "DATA_SOURCE"
-          ],
-          "description": "The type of the asset.",
-          "type": "string"
-        }
-      },
-      "description": "A Data Studio asset.",
-      "type": "object"
-    },
-    "SearchAssetsResponse": {
-      "id": "SearchAssetsResponse",
-      "properties": {
-        "assets": {
-          "items": {
-            "$ref": "Asset"
-          },
-          "type": "array",
-          "description": "The list of assets."
-        },
-        "nextPageToken": {
-          "type": "string",
-          "description": "A token to retrieve next page of results. Pass this value in the SearchAssetsRequest.page_token field in the subsequent call to `SearchAssets` method to retrieve the next page of results."
-        }
-      },
-      "description": "Response message for DataStudioService.SearchAssets",
-      "type": "object"
-    },
-    "UpdatePermissionsRequest": {
-      "description": "Request message for DataStudioService.UpdatePermissions",
-      "properties": {
-        "updateMask": {
-          "description": "The list of fields to be updated. Currently not supported.",
-          "type": "string",
-          "format": "google-fieldmask"
-        },
-        "permissions": {
-          "description": "The permissions object to update.",
-          "$ref": "Permissions"
-        }
-      },
-      "id": "UpdatePermissionsRequest",
-      "type": "object"
-    },
-    "AddMembersRequest": {
-      "properties": {
-        "members": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "description": "Required. The members to add to the role. The format of a member is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com"
-        },
-        "role": {
-          "type": "string",
-          "enumDescriptions": [
-            "Role not specified.",
-            "A viewer.",
-            "An editor.",
-            "An owner.",
-            "Link shared viewer.",
-            "Link shared editor."
-          ],
-          "enum": [
-            "ROLE_UNSPECIFIED",
-            "VIEWER",
-            "EDITOR",
-            "OWNER",
-            "LINK_VIEWER",
-            "LINK_EDITOR"
-          ],
-          "description": "Required. The role to add members to."
-        }
-      },
-      "type": "object",
-      "id": "AddMembersRequest",
-      "description": "Request message for DataStudioService.AddMembers"
-    },
-    "Permissions": {
-      "type": "object",
-      "id": "Permissions",
-      "description": "A Data Studio asset's Permissions.",
-      "properties": {
-        "permissions": {
-          "description": "A map from a Role to a list of members. Role is a string representation of the Role enum. One of: - OWNER - EDITOR - VIEWER",
-          "additionalProperties": {
-            "$ref": "Members"
-          },
-          "type": "object"
-        },
-        "etag": {
-          "format": "byte",
-          "description": "etag to detect and fail concurrent modifications",
-          "type": "string"
-        }
-      }
-    },
-    "RevokeAllPermissionsRequest": {
-      "description": "Request message for DataStudioService.RevokeAllPermissions",
-      "id": "RevokeAllPermissionsRequest",
-      "type": "object",
-      "properties": {
-        "members": {
-          "description": "Required. The members that are having their access revoked. The format of a member is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      }
-    },
-    "Members": {
-      "description": "A wrapper message for a list of members.",
-      "properties": {
-        "members": {
-          "description": "Format of string is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object",
-      "id": "Members"
-    }
-  },
-  "name": "datastudio",
-  "protocol": "rest",
-  "baseUrl": "https://datastudio.googleapis.com/",
-  "title": "Data Studio API",
-  "revision": "20210412",
-  "fullyEncodeReservedExpansion": true,
-  "icons": {
-    "x32": "http://www.google.com/images/icons/product/search-32.gif",
-    "x16": "http://www.google.com/images/icons/product/search-16.gif"
-  },
-  "parameters": {
-    "quotaUser": {
-      "location": "query",
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "location": "query",
-      "type": "boolean",
-      "description": "Returns response with indentations and line breaks.",
-      "default": "true"
-    },
-    "callback": {
-      "location": "query",
-      "type": "string",
-      "description": "JSONP"
-    },
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "type": "string",
-      "location": "query"
-    },
-    "upload_protocol": {
-      "type": "string",
-      "location": "query",
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\")."
-    },
-    "$.xgafv": {
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "description": "V1 error format.",
-      "location": "query",
-      "type": "string",
-      "enum": [
-        "1",
-        "2"
-      ]
-    },
-    "oauth_token": {
-      "type": "string",
-      "location": "query",
-      "description": "OAuth 2.0 token for the current user."
-    },
-    "alt": {
-      "type": "string",
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "location": "query",
-      "description": "Data format for response.",
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "default": "json"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "access_token": {
-      "type": "string",
-      "description": "OAuth access token.",
-      "location": "query"
-    },
-    "key": {
-      "type": "string",
-      "location": "query",
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token."
-    }
-  },
-  "servicePath": "",
-  "kind": "discovery#restDescription",
-  "resources": {
-    "assets": {
-      "methods": {
-        "getPermissions": {
-          "parameters": {
-            "name": {
-              "type": "string",
-              "location": "path",
-              "description": "Required. The name of the asset.",
-              "required": true
-            },
-            "role": {
-              "enumDescriptions": [
-                "Role not specified.",
-                "A viewer.",
-                "An editor.",
-                "An owner.",
-                "Link shared viewer.",
-                "Link shared editor."
-              ],
-              "type": "string",
-              "location": "query",
-              "description": "The role of the permssion.",
-              "enum": [
-                "ROLE_UNSPECIFIED",
-                "VIEWER",
-                "EDITOR",
-                "OWNER",
-                "LINK_VIEWER",
-                "LINK_EDITOR"
-              ]
-            }
-          },
-          "id": "datastudio.assets.getPermissions",
-          "response": {
-            "$ref": "Permissions"
-          },
-          "flatPath": "v1/assets/{name}/permissions",
-          "path": "v1/assets/{name}/permissions",
-          "description": "Gets the asset's permission for a given role.",
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "GET"
-        },
-        "updatePermissions": {
-          "id": "datastudio.assets.updatePermissions",
-          "parameterOrder": [
-            "name"
-          ],
-          "flatPath": "v1/assets/{name}/permissions",
-          "description": "Updates a permission.",
-          "request": {
-            "$ref": "UpdatePermissionsRequest"
-          },
-          "path": "v1/assets/{name}/permissions",
-          "parameters": {
-            "name": {
-              "description": "Required. The name of the asset.",
-              "location": "path",
-              "type": "string",
-              "required": true
-            }
-          },
-          "response": {
-            "$ref": "Permissions"
-          },
-          "httpMethod": "PATCH"
-        },
-        "get": {
-          "path": "v1/{+name}",
-          "id": "datastudio.assets.get",
-          "parameterOrder": [
-            "name"
-          ],
-          "description": "Gets the asset by name.",
-          "parameters": {
-            "name": {
-              "description": "Required. The name of the asset. Format: assets/{asset}",
-              "location": "path",
-              "required": true,
-              "pattern": "^assets/[^/]+$",
-              "type": "string"
-            }
-          },
-          "flatPath": "v1/assets/{assetsId}",
-          "response": {
-            "$ref": "Asset"
-          },
-          "httpMethod": "GET"
-        },
-        "search": {
-          "response": {
-            "$ref": "SearchAssetsResponse"
-          },
-          "path": "v1/assets:search",
-          "parameters": {
-            "pageToken": {
-              "type": "string",
-              "location": "query",
-              "description": "A token identifying a page of results the server should return. Use the value of SearchAssetsResponse.next_page_token returned from the previous call to `SearchAssets` method."
-            },
-            "assetTypes": {
-              "type": "string",
-              "repeated": true,
-              "description": "Exactly one AssetType must be specified.",
-              "enumDescriptions": [
-                "Asset type not specified.",
-                "A report asset.",
-                "A data Source asset."
-              ],
-              "location": "query",
-              "enum": [
-                "ASSET_TYPE_UNSPECIFIED",
-                "REPORT",
-                "DATA_SOURCE"
-              ]
-            },
-            "title": {
-              "description": "The title of assets to include. Not an exact match, works the same as search from the UI.",
-              "location": "query",
-              "type": "string"
-            },
-            "owner": {
-              "type": "string",
-              "location": "query",
-              "description": "The email of the owner of the asset."
-            },
-            "pageSize": {
-              "description": "Requested page size. If unspecified, server will pick an appropriate default.",
-              "location": "query",
-              "type": "integer",
-              "format": "int32"
-            },
-            "orderBy": {
-              "location": "query",
-              "description": "How the results should be ordered. Valid options are: - title",
-              "type": "string"
-            },
-            "includeTrashed": {
-              "location": "query",
-              "type": "boolean",
-              "description": "Value indicating if assets in trash should be included."
-            }
-          },
-          "flatPath": "v1/assets:search",
-          "httpMethod": "GET",
-          "description": "Searches assets.",
-          "id": "datastudio.assets.search",
-          "parameterOrder": []
-        }
-      },
-      "resources": {
-        "permissions": {
-          "methods": {
-            "revokeAllPermissions": {
-              "path": "v1/assets/{name}/permissions:revokeAllPermissions",
-              "response": {
-                "$ref": "Permissions"
-              },
-              "flatPath": "v1/assets/{name}/permissions:revokeAllPermissions",
-              "id": "datastudio.assets.permissions.revokeAllPermissions",
-              "description": "Revokes one or more members' access to an asset.",
-              "parameters": {
-                "name": {
-                  "required": true,
-                  "type": "string",
-                  "location": "path",
-                  "description": "Required. The name of the asset."
-                }
-              },
-              "parameterOrder": [
-                "name"
-              ],
-              "httpMethod": "POST",
-              "request": {
-                "$ref": "RevokeAllPermissionsRequest"
-              }
-            },
-            "addMembers": {
-              "path": "v1/assets/{name}/permissions:addMembers",
-              "parameters": {
-                "name": {
-                  "required": true,
-                  "location": "path",
-                  "type": "string",
-                  "description": "Required. The name of the asset."
-                }
-              },
-              "httpMethod": "POST",
-              "parameterOrder": [
-                "name"
-              ],
-              "response": {
-                "$ref": "Permissions"
-              },
-              "id": "datastudio.assets.permissions.addMembers",
-              "request": {
-                "$ref": "AddMembersRequest"
-              },
-              "description": "Adds one or more members to a role.",
-              "flatPath": "v1/assets/{name}/permissions:addMembers"
-            }
-          }
-        }
-      }
-    }
-  }
-}

src/gam-install.sh

@@ -97,13 +97,6 @@ else
 fi
 }
 
-reverse() {
-    for (( i = ${#*}; i > 0; i-- ))
-    {
-        echo ${!i}
-    }
-}
-
 if [ "$gamversion" == "latest" ]; then
   release_url="https://api.github.com/repos/GAM-team/GAM/releases/latest"
 elif [ "$gamversion" == "prerelease" -o "$gamversion" == "draft" ]; then
@@ -119,6 +112,12 @@ else
   check_type="authenticated"
   curl_opts=( "$GHCLIENT" )
 fi
+curl_ver=$(curl --version|head -1|cut -d " " -f 2)
+if [[ "${curl_ver:0:4}" < "7.76" ]]; then
+  curl_fail=( )
+else
+  curl_fail=( "--fail-with-body" )
+fi
 echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
 release_json=$(curl \
 	--silent \
@@ -126,9 +125,16 @@ release_json=$(curl \
 	-H "Accept: application/vnd.github+json" \
 	-H "X-GitHub-Api-Version: 2022-11-28" \
 	"$release_url" \
-	2>&1 /dev/null)
+	"${curl_fail[@]}")
+curl_exit_code=$?
+if [ $curl_exit_code -ne 0 ]; then
+  echo_red "ERROR retrieving URL: ${release_json}"
+  exit
+else
+  echo_green "done"
+fi
 
-echo_yellow "Getting file and download URL..."
+echo_yellow "Calculating download URL for this device..."
 # Python is sadly the nearest to universal way to safely handle JSON with Bash
 # At least this code should be compatible with just about any Python version ever
 # unlike GAM itself. If some users don't have Python we can try grep / sed / etc
@@ -323,6 +329,8 @@ echo_yellow "Downloading ${download_url} to $temp_archive_dir ($check_type)..."
 (cd "$temp_archive_dir" && curl -O -L -s "${curl_opts[@]}" "$download_url")
 
 mkdir -p "$target_dir"
+echo_yellow "Deleting contents of $target_dir/gam7/lib"
+rm -frv "$target_dir/gam7/lib"
 
 echo_yellow "Extracting archive to $target_dir"
 if [[ "$name" =~ tar.xz|tar.gz|tar ]]; then
@@ -379,7 +387,7 @@ while true; do
       ;;
     [Nn]*)
 #      config_cmd="config no_browser true"
-      touch "$target_dir/gam/nobrowser.txt" > /dev/null 2>&1
+      touch "$target_dir/gam7/nobrowser.txt" > /dev/null 2>&1
       break
       ;;
     *)
@@ -487,4 +495,3 @@ echo_green "GAM installation and setup complete!"
 if [ "$update_profile" = true ]; then
   echo_green "Please restart your terminal shell or to get started right away run:\n\n$alias_line"
 fi
-

src/gam.spec

@@ -28,11 +28,10 @@ print(version_info)
 datas = []
 for pkg in GAM_VER_LIBS:
     datas += copy_metadata(pkg, recursive=True)
-datas += [('admin-directory_v1.1beta1.json', '.')]
-datas += [('cbcm-v1.1beta1.json', '.')]
-datas += [('contactdelegation-v1.json', '.')]
-datas += [('datastudio-v1.json', '.')]
-datas += [('serviceaccountlookup-v1.json', '.')]
+datas += [('gam/cbcm-v1.1beta1.json', '.')]
+datas += [('gam/contactdelegation-v1.json', '.')]
+datas += [('gam/datastudio-v1.json', '.')]
+datas += [('gam/serviceaccountlookup-v1.json', '.')]
 datas += [('cacerts.pem', '.')]
 hiddenimports = [
      'gam.gamlib.yubikey',

src/gam/atom/http.py

@@ -247,7 +247,9 @@ class ProxiedHttpClient(HttpClient):
                 # Trivial setup for ssl socket.
                 sslobj = None
                 if ssl_imported:
-                    sslobj = ssl.wrap_socket(p_sock, None, None)
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+                    context.minimum_version = ssl.TLSVersion.TLSv1_2
+                    sslobj = context.wrap_socket(p_sock, server_hostname=url.host)
                 else:
                     sock_ssl = socket.ssl(p_sock, None, None)
                     sslobj = http.client.FakeSocket(p_sock, sock_ssl)

src/gam/atom/http_core.py

@@ -568,7 +568,7 @@ class ProxiedHttpClient(HttpClient):
                 context.minimum_version = ssl.TLSVersion.TLSv1_2
                 sslobj = context.wrap_socket(p_sock, server_hostname=uri.host)
             else:
-                sock_ssl = socket.ssl(p_sock, None, Nonesock_)
+                sock_ssl = socket.ssl(p_sock, None, None)
                 sslobj = http.client.FakeSocket(p_sock, sock_ssl)
             # Initalize httplib and replace with the proxy socket.
             connection = http.client.HTTPConnection(proxy_uri.host)

src/gam/gamlib/glapi.py

@@ -45,17 +45,17 @@ CLASSROOM = 'classroom'
 CLOUDCHANNEL = 'cloudchannel'
 CLOUDIDENTITY_DEVICES = 'cloudidentitydevices'
 CLOUDIDENTITY_GROUPS = 'cloudidentitygroups'
+CLOUDIDENTITY_GROUPS_BETA = 'cloudidentitygroupsbeta'
 CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso'
 CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits'
-CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
 CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta'
+CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
 CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations'
 CLOUDRESOURCEMANAGER = 'cloudresourcemanager'
 CONTACTS = 'contacts'
 CONTACTDELEGATION = 'contactdelegation'
 DATATRANSFER = 'datatransfer'
 DIRECTORY = 'directory'
-DIRECTORY_BETA = 'directory_beta'
 DOCS = 'docs'
 DRIVE2 = 'drive2'
 DRIVE3 = 'drive3'
@@ -71,7 +71,6 @@ GROUPSMIGRATION = 'groupsmigration'
 GROUPSSETTINGS = 'groupssettings'
 IAM = 'iam'
 IAM_CREDENTIALS = 'iamcredentials'
-IAP = 'iap'
 KEEP = 'keep'
 LICENSING = 'licensing'
 LOOKERSTUDIO = 'datastudio'
@@ -185,7 +184,6 @@ PROJECT_APIS = [
   'groupsmigration.googleapis.com',
   'groupssettings.googleapis.com',
   'iam.googleapis.com',
-  'iap.googleapis.com',
   'keep.googleapis.com',
   'licensing.googleapis.com',
   'meet.googleapis.com',
@@ -225,6 +223,7 @@ _INFO = {
   CLOUDCHANNEL: {'name': 'Channel Channel API', 'version': 'v1', 'v2discovery': True},
   CLOUDIDENTITY_DEVICES: {'name': 'Cloud Identity Devices API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_GROUPS: {'name': 'Cloud Identity Groups API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_GROUPS_BETA: {'name': 'Cloud Identity Groups API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity Inbound SSO API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
@@ -235,7 +234,6 @@ _INFO = {
   CONTACTDELEGATION: {'name': 'Contact Delegation API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
   DATATRANSFER: {'name': 'Data Transfer API', 'version': 'datatransfer_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
   DIRECTORY: {'name': 'Directory API', 'version': 'directory_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
-  DIRECTORY_BETA: {'name': 'Directory API', 'version': 'directory_v1.1beta1', 'v2discovery': True, 'mappedAPI': 'admin', 'localjson': True},
   DOCS: {'name': 'Docs API', 'version': 'v1', 'v2discovery': True},
   DRIVE2: {'name': 'Drive API v2', 'version': 'v2', 'v2discovery': False, 'mappedAPI': 'drive'},
   DRIVE3: {'name': 'Drive API v3', 'version': 'v3', 'v2discovery': False, 'mappedAPI': 'drive'},
@@ -250,7 +248,6 @@ _INFO = {
   GROUPSSETTINGS: {'name': 'Groups Settings API', 'version': 'v1', 'v2discovery': True},
   IAM: {'name': 'Identity and Access Management API', 'version': 'v1', 'v2discovery': True},
   IAM_CREDENTIALS: {'name': 'Identity and Access Management Credentials API', 'version': 'v1', 'v2discovery': True},
-  IAP: {'name': 'Cloud Identity-Aware Proxy API', 'version': 'v1', 'v2discovery': True},
   KEEP: {'name': 'Keep API', 'version': 'v1', 'v2discovery': True},
   LICENSING: {'name': 'License Manager API', 'version': 'v1', 'v2discovery': True},
   LOOKERSTUDIO: {'name': 'Looker Studio API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
@@ -363,6 +360,10 @@ _CLIENT_SCOPES = [
    'api': CLOUDIDENTITY_GROUPS,
    'subscopes': READONLY,
    'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
+  {'name': 'Cloud Identity Groups API Beta (Enables group locking/unlocking)',
+   'api': CLOUDIDENTITY_GROUPS_BETA,
+   'subscopes': [],
+   'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
   {'name': 'Cloud Identity - Inbound SSO Settings',
    'api': CLOUDIDENTITY_INBOUND_SSO,
    'subscopes': READONLY,

src/gam/gamlib/glentity.py

@@ -25,14 +25,16 @@ class GamEntity():
   ROLE_MANAGER = 'MANAGER'
   ROLE_MEMBER = 'MEMBER'
   ROLE_OWNER = 'OWNER'
+  ROLE_LIST = [ROLE_MANAGER, ROLE_MEMBER, ROLE_OWNER]
   ROLE_USER = 'USER'
   ROLE_MANAGER_MEMBER = ','.join([ROLE_MANAGER, ROLE_MEMBER])
   ROLE_MANAGER_OWNER = ','.join([ROLE_MANAGER, ROLE_OWNER])
   ROLE_MEMBER_OWNER = ','.join([ROLE_MEMBER, ROLE_OWNER])
-  ROLE_MANAGER_MEMBER_OWNER = ','.join([ROLE_MANAGER, ROLE_MEMBER, ROLE_OWNER])
+  ROLE_MANAGER_MEMBER_OWNER = ','.join(ROLE_LIST)
   ROLE_PUBLIC = 'PUBLIC'
   ROLE_ALL = ROLE_MANAGER_MEMBER_OWNER
 
+  TYPE_CBCM_BROWSER = 'CBCM_BROWSER'
   TYPE_CUSTOMER = 'CUSTOMER'
   TYPE_EXTERNAL = 'EXTERNAL'
   TYPE_OTHER = 'OTHER'

src/gam/gamlib/glgapi.py

@@ -184,7 +184,7 @@ DEFAULT_RETRY_REASONS = [QUOTA_EXCEEDED, RATE_LIMIT_EXCEEDED, SHARING_RATE_LIMIT
                          BACKEND_ERROR, BAD_GATEWAY, GATEWAY_TIMEOUT, INTERNAL_ERROR, TRANSIENT_ERROR]
 SERVICE_NOT_AVAILABLE_RETRY_REASONS = [SERVICE_NOT_AVAILABLE]
 ACTIVITY_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST]
-ALERT_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR]
+ALERT_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, PERMISSION_DENIED]
 CALENDAR_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, NOT_A_CALENDAR_USER]
 CIGROUP_CREATE_THROW_REASONS = [SERVICE_NOT_AVAILABLE, ALREADY_EXISTS, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_ARGUMENT, PERMISSION_DENIED, FAILED_PRECONDITION]
 CIGROUP_GET_THROW_REASONS = [SERVICE_NOT_AVAILABLE, NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, INVALID, SYSTEM_ERROR, PERMISSION_DENIED]
@@ -268,7 +268,7 @@ GROUP_SETTINGS_THROW_REASONS = [NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DO
 GROUP_SETTINGS_RETRY_REASONS = [INVALID, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE]
 GROUP_LIST_THROW_REASONS = [RESOURCE_NOT_FOUND, DOMAIN_NOT_FOUND, FORBIDDEN, BAD_REQUEST]
 GROUP_LIST_USERKEY_THROW_REASONS = GROUP_LIST_THROW_REASONS+[INVALID_MEMBER, INVALID_INPUT]
-KEEP_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID_ARGUMENT, NOT_FOUND]
+KEEP_THROW_REASONS = [AUTH_ERROR, BAD_REQUEST, PERMISSION_DENIED, INVALID_ARGUMENT, NOT_FOUND]
 LOOKERSTUDIO_THROW_REASONS = [INVALID_ARGUMENT, SERVICE_NOT_AVAILABLE, BAD_REQUEST, NOT_FOUND, PERMISSION_DENIED, INTERNAL_ERROR]
 MEMBERS_THROW_REASONS = [GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, INVALID, FORBIDDEN, SERVICE_NOT_AVAILABLE]
 MEMBERS_RETRY_REASONS = [SYSTEM_ERROR, SERVICE_NOT_AVAILABLE]
@@ -277,8 +277,8 @@ PEOPLE_ACCESS_THROW_REASONS = [SERVICE_NOT_AVAILABLE, FORBIDDEN, PERMISSION_DENI
 RESELLER_THROW_REASONS = [BAD_REQUEST, RESOURCE_NOT_FOUND, FORBIDDEN, INVALID]
 SHEETS_ACCESS_THROW_REASONS = DRIVE_USER_THROW_REASONS+[NOT_FOUND, PERMISSION_DENIED, FORBIDDEN, INTERNAL_ERROR, INSUFFICIENT_FILE_PERMISSIONS,
                                                         BAD_REQUEST, INVALID, INVALID_ARGUMENT, FAILED_PRECONDITION]
-TASK_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
-TASKLIST_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
+TASK_THROW_REASONS = [BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
+TASKLIST_THROW_REASONS = [BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
 USER_GET_THROW_REASONS = [USER_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, SYSTEM_ERROR]
 YOUTUBE_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, UNSUPPORTED_SUPERVISED_ACCOUNT, UNSUPPORTED_LANGUAGE_CODE, CONTENT_OWNER_ACCOUNT_NOT_FOUND]
 

src/gam/gamlib/glmsgs.py

@@ -40,21 +40,43 @@ sign in as {0} and accept the Terms of Service (ToS). As soon as you've accepted
 
 PROJECT_STILL_BEING_CREATED_SLEEPING = 'Project still being created. Sleeping {0} seconds\n'
 FAILED_TO_CREATE_PROJECT = 'Failed to create project: {0}\n'
-SETTING_GAM_PROJECT_CONSENT_SCREEN = 'Setting GAM project consent screen...\n'
-CREATE_PROJECT_INSTRUCTIONS = '''
+SETTING_GAM_PROJECT_CONSENT_SCREEN_CREATING_CLIENT = 'Setting GAM project consent screen, creating client...\n'
+CREATE_CLIENT_INSTRUCTIONS = '''
 Please go to:
 
   {0}
 
-1. Choose "Desktop App" or "Other" for "Application type".
-2. Enter "GAM" or another desired value for "Name".
-3. Click the blue "Create" button.
-4. Copy your "Client ID" value that shows on the next page.
+ 1. If "+ CREATE CLIENT" is on the screen, skip to step 14
+ 2. Click "GET STARTED"
+ 3. Under "App Information", enter {1} or another value in "App name *"
+ 4. Under "App Information", enter {2} in "User support email *"
+ 5. Click "NEXT"
+ 6. Under "Audience", choose INTERNAL
+ 7. Click "NEXT"
+ 8. Under, "Contact Information", enter an email address in "Email addresses *"
+ 9. Click "NEXT"
+10. Under "Finish", click "I agree to the Google API Services: User Data Policy."
+11. Click "CONTINUE"
+12. Click "CREATE"
+13. Click "Clients" in the left-hand column
+14. Click "+ CREATE CLIENT"
+15. Choose "Desktop App" for "Application type"
+16. Enter {1} or another value in "Name *"
+17. Click "Create"
+18. Under "Name", click your client name
+19. Copy the "Client ID" value under "Additional information"
+20. Paste it at the "Enter your Client ID: " prompt in your terminal
+21. Press return/enter in your terminal
+22. Switch back to the browser
+23. Copy the "Client secret" value under "Client Secrets"
+24. Paste it at the "Enter your Client Secret: " prompt in your terminal
+25. Press return/enter in your terminal
+26. Switch back to the browser
+27. Click "CANCEL"
+28. These steps are complete
 '''
 ENTER_YOUR_CLIENT_ID = '\nEnter your Client ID: '
-GO_BACK_TO_YOUR_BROWSER_AND_COPY_YOUR_CLIENT_SECRET_VALUE = '\n5. Go back to your browser and copy your "Client Secret" value.\n'
 ENTER_YOUR_CLIENT_SECRET = '\nEnter your Client Secret: '
-GO_BACK_TO_YOUR_BROWSER_AND_CLICK_OK_TO_CLOSE_THE_OAUTH_CLIENT_POPUP = '\n6. Go back to your browser and click OK to close the "OAuth client" popup if it\'s still open.\n'
 IS_NOT_A_VALID_CLIENT_ID = '''
 
 {0}
@@ -78,12 +100,12 @@ Please go to:
 
   https://admin.google.com/ac/owl/list?tab=configuredApps
 
-1. Click on: Configure new app > OAuth App Name Or Client ID.
-2. Enter the following Client ID value:
+1. Click on: Configure new app
+2. Enter the following Client ID value in Search for app:
 
   {1}
 
-3. Press Search, select the {0} app, press Select, check the box and press Select.
+3. Press Search, select the {0} app, click
 4. Keep the default scope or select a preferred scope that includes your GAM admin.
 5. Press Continue
 6. Select Trusted radio button, press Continue and Finish.
@@ -162,7 +184,7 @@ ALREADY_EXISTS_USE_MERGE_ARGUMENT = 'Already exists; use the "merge" argument to
 API_ACCESS_DENIED = 'API access Denied'
 API_CALLS_RETRY_DATA = 'API calls retry data\n'
 API_CHECK_CLIENT_AUTHORIZATION = 'Please make sure the Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam oauth create\n'
-API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
+API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
 API_ERROR_SETTINGS = 'API error, some settings not set'
 ARE_BOTH_REQUIRED = 'Arguments {0} and {1} are both required'
 ARE_MUTUALLY_EXCLUSIVE = 'Arguments {0} and {1} are mutually exclusive'
@@ -457,7 +479,9 @@ SCHEMA_WOULD_HAVE_NO_FIELDS = '{0} would have no {1}'
 SELECTED = 'Selected'
 SERVICE_NOT_APPLICABLE = 'Service not applicable/Does not exist'
 SERVICE_NOT_APPLICABLE_THIS_ADDRESS = 'Service not applicable for this address: {0}'
+SERVICE_NOT_ENABLED = '{0} Service/App not enabled'
 SHORTCUT_TARGET_CAPABILITY_IS_FALSE = '{0} capability {1} is False'
+SKU_HAS_NO_MATCHING_ARCHIVED_USER_SKU = 'SKU {0} has no matching Archived User SKU'
 STARTING_THREAD = 'Starting thread'
 STATISTICS_COPY_FILE = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Copy Failed: {5}, Not copyable: {6}, In skipids: {7}, Permissions Failed: {8}, Protected Ranges Failed: {9}'
 STATISTICS_COPY_FOLDER = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Merged: {5}, Copy Failed: {6}, Not writable: {7}, Permissions Failed: {8}'

src/gam/gamlib/glskus.py

@@ -182,6 +182,8 @@ _SKUS = {
     'product': 'Google-Chrome-Device-Management', 'aliases': ['chrome', 'cdm', 'googlechromedevicemanagement'], 'displayName': 'Google Chrome Device Management'}
   }
 
+ARCHIVABLE_SKUS = {'1010020020', '1010020025', '1010020026', '1010020027', '1010020028', 'Google-Apps-Unlimited'}
+
 def getProductAndSKU(sku):
   l_sku = sku.lower().replace('-', '').replace(' ', '').replace('"', '').replace("'", '').strip()
   if l_sku.startswith('nv:'):

src/gam/googleapiclient/version.py

@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-__version__ = "2.146.0"
+__version__ = "2.156.0"

src/serviceaccountlookup-v1.json

@@ -1,141 +0,0 @@
-{
-  "basePath": "",
-  "baseUrl": "https://www.googleapis.com/service_accounts/v1",
-  "canonicalName": "serviceaccountlookup",
-  "description": "Pseudo-API to lookup public certificates for a service account anonymously",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://example.com/",
-  "fullyEncodeReservedExpansion": true,
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "id": "serviceaccountlookup:v1",
-  "kind": "discovery#restDescription",
-  "name": "serviceaccountlookup",
-  "ownerDomain": "google.com",
-  "ownerName": "Google",
-  "packagePath": "admin",
-  "parameters": {
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "enum": [
-        "1",
-        "2"
-      ],
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "access_token": {
-      "description": "OAuth access token.",
-      "location": "query",
-      "type": "string"
-    },
-    "alt": {
-      "default": "json",
-      "description": "Data format for response.",
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "callback": {
-      "description": "JSONP",
-      "location": "query",
-      "type": "string"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "location": "query",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "location": "query",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "default": "true",
-      "description": "Returns response with indentations and line breaks.",
-      "location": "query",
-      "type": "boolean"
-    },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "location": "query",
-      "type": "string"
-    },
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    },
-    "upload_protocol": {
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "location": "query",
-      "type": "string"
-    }
-  },
-  "protocol": "rest",
-  "resources": {
-    "serviceaccounts": {
-      "methods": {
-        "lookup": {
-          "description": "Lookup",
-          "flatPath": "metadata/x509/{account}",
-          "httpMethod": "GET",
-          "id": "serviceaccountslookup.lookup",
-          "parameterOrder": [
-            "account"
-          ],
-          "parameters": {
-            "account": {
-              "description": "Email or ID of the service account.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "metadata/x509/{account}",
-	  "response": {
-            "$ref": "Certificates"
-          }
-        }
-      }
-    }
-  },
-  "rootUrl": "https://www.googleapis.com/service_accounts/v1",
-  "schemas": {
-    "Certificates": { 
-      "description": "JSON template for certificates.",
-      "id": "Certificates",
-      "properties": {
-        "email": {          "description": "Email of the delegate.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    }
-  },
-  "servicePath": "",
-  "title": "Service Account Lookup Pseudo-API",
-  "version": "v1",
-  "version_module": true
-}