Added option security to gam create cigroup

rebuild for Python 3.13.2
create cigroup now supports security label
2026-06-28 09:51:36 +00:00 · 2025-02-04 14:18:46 -08:00 · 2025-02-04 16:11:30 -05:00 · 2025-02-03 15:55:59 +00:00 · 2025-02-02 08:49:24 -08:00 · 2025-02-01 12:38:15 -08:00
21 changed files with 1857 additions and 18132 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,7 +17,7 @@ defaults:
    working-directory: src
 env:
-  SCRATCH_COUNTER: 3
+  SCRATCH_COUNTER: 7
  OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
  OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
  OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
@@ -41,48 +41,57 @@ jobs:
            goal: build
            arch: x86_64
            openssl_archs: linux-x86_64
-          - os: [self-hosted, linux, arm64]
+          - os: ubuntu-24.04-arm
            jid: 3
            goal: build
            arch: aarch64
            openssl_archs: linux-aarch64
-          - os: ubuntu-22.04
+          - os: ubuntu-22.04-arm
            jid: 4
            goal: build
            arch: aarch64
            openssl_archs: linux-aarch64
          - os: ubuntu-22.04
            jid: 5
            goal: build
            arch: x86_64
            openssl_archs: linux-x86_64
            staticx: yes
-          - os: [self-hosted, linux, arm64]
+          - os: ubuntu-22.04-arm
-            jid: 5
+            jid: 6
            goal: build
            arch: aarch64
            openssl_archs: linux-aarch64
            staticx: yes
          - os: macos-13
-            jid: 6
+            jid: 7
            goal: build
            arch: x86_64
            openssl_archs: darwin64-x86_64
          - os: macos-14
            jid: 7
            goal: build
            arch: aarch64
            openssl_archs: darwin64-arm64
          - os: macos-15
            jid: 8
            goal: build
            arch: aarch64
            openssl_archs: darwin64-arm64
-          - os: windows-2022
+          - os: macos-15
            jid: 9
            goal: build
            arch: aarch64
            openssl_archs: darwin64-arm64
          - os: windows-2022
            jid: 10
            goal: build
            arch: Win64
            openssl_archs: VC-WIN64A
-          - os: ubuntu-24.04
+          # disable 3.9 test for now since it's oldest and due
-            goal: test
+          # for removal in Oct 2025. We only have 13 jid accounts
-            python: "3.9"
+          # so we need this one off but can re-enable at some point
-            jid: 10
+          # if we feel the need.
-            arch: x86_64
+          #- os: ubuntu-24.04
          #  goal: test
          #  python: "3.9"
          #  jid: 11
          #  arch: x86_64
          - os: ubuntu-24.04
            goal: test
            python: "3.10"
@@ -120,7 +129,7 @@ jobs:
        with:
          path: |
            cache.tar.xz
-          key: gam-${{ matrix.jid }}-20241114
+          key: gam-${{ matrix.jid }}-20250204
      - name: Untar Cache archive
        if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -187,7 +196,7 @@ jobs:
          echo "gampath=${gampath}" >> $GITHUB_ENV
      - name: Install necessary Github-hosted Linux packages
-        if: runner.os == 'Linux' && runner.arch == 'X64'
+        if: runner.os == 'Linux'
        run: |
          echo "RUNNING: apt update..."
          sudo apt-get -qq --yes update
@@ -548,7 +557,6 @@ jobs:
            # https://github.com/pyinstaller/pyinstaller/issues/7102
            export PATH="$(dirname ${PYTHON}):/usr/bin"
          fi
          #if ([ "${staticx}" != "yes" ] && [ "$RUNNER_OS" != "Windows" ]); then
          if [[ "$staticx" != "yes" ]]; then
            export PYINSTALLER_BUILD_ONEDIR=yes
          fi
@@ -594,6 +602,9 @@ jobs:
      - name: Install StaticX
        if: matrix.staticx == 'yes'
        run: |
          sudo apt-get -qq --yes update
          # arm64 needs to build a wheel and needs scons to build
          sudo apt-get -qq --yes install scons
          "${PYTHON}" -m pip install --upgrade patchelf-wrapper
          "${PYTHON}" -m pip install --upgrade staticx
@@ -994,7 +1005,7 @@ jobs:
  merge:
    if: (github.event_name == 'push' || github.event_name == 'schedule')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    needs: build
    permissions:
      contents: write
@@ -1008,7 +1019,7 @@ jobs:
  publish:
    if: github.event_name == 'push'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    needs: merge
    permissions:
      contents: write
--- a/.github/workflows/get-cacerts.yml
+++ b/.github/workflows/get-cacerts.yml
@@ -20,8 +20,24 @@ jobs:
          persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
          fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
-      - name: Check for updates
+      - name: Get Current cacerts.pem hash
-        run: curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem
+        run: |
          export CURRENT_HASH=$(sha256sum ./cacerts.pem)
          echo "Current hash is: ${CURRENT_HASH}"
          echo "CURRENT_HASH=${CURRENT_HASH}" >> $GITHUB_ENV
      - name: Get latest cacerts.pem file from Google
        run: |
          curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem
      - name: Compare hashes
        run: |
          export NEW_HASH=$(sha256sum ./cacerts.pem)
          if [ "$NEW_HASH" == "$CURRENT_HASH" ]; then
            echo "Same file."
          else
            echo "New file content. Was ${CURRENT_HASH} and now is ${NEW_HASH}"
          fi
      - name: Commit file
        run: |
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -377,7 +377,7 @@ If an item contains spaces, it should be surrounded by ".
 <ChatThread> ::= spaces/<String>/threads/<String>
 <GIGroupAlias> ::= <EmailAddress>
 <GIGroupItem> ::= <EmailAddress>|<UniqueID>|groups/<String>
-<CIGroupType> ::= customer|group|other|serviceaccount|user
+<CIGroupMemberType> ::= cbcmbrowser|chromeosdevice|customer|group|other|serviceaccount|user
 <CIPolicyName> ::= policies/<String>|settings/<String>|<String>
 <ClassificationLabelID> ::= <String>
 <ClassificationLabelFieldID> ::= <String>
@@ -468,7 +468,7 @@ If an item contains spaces, it should be surrounded by ".
 <FloorName> ::= <String>
 <GroupItem> ::= <EmailAddress>|<UniqueID>|<String>
 <GroupRole> ::= owner|manager|member
-<GroupType> ::= customer|group|user
+<GroupMemberType> ::= customer|group|user
 <GuardianItem> ::= <EmailAddress>|<UniqueID>|<String>
 <GuardianInvitationID> ::= <String>
 <HoldItem> ::= <UniqueID>|<String>
@@ -664,7 +664,7 @@ If an item contains spaces, it should be surrounded by ".
 <CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
 <ChatSpaceList> ::= "<ChatSpace>(,<ChatSpace>)*"
 <CIGroupAliasList> ::= "<CIGroupAlias>(,<CIGroupAlias>)*"
-<CIGroupTypeList> ::= "<CIGroupType>(,<CIGroupType>)*"
+<CIGroupMemberTypeList> ::= "<CIGroupMemberType>(,<CIGroupMemberType>)*"
 <CIPolicyNameList> ::= "<CIPolicyName>(,<CIPolicyName>)*"
 <ClassroomInvitationIDList> ::= "<ClassroomInvitationID>(,<ClassroomInvitationID>)*"
 <ContactGroupList> ::= "<ContactGroupItem>(,<ContactGroupItem>)*"
@@ -707,7 +707,7 @@ If an item contains spaces, it should be surrounded by ".
 <GuardianInvitationIDList> ::= "<GuardianInvitationID>(,<GuardianInvitationID>)*"
 <GroupList> ::= "<GroupItem>(,<GroupItem>)*"
 <GroupRoleList> ::= "<GroupRole>(,<GroupRole>)*"
-<GroupTypeList> ::= "<GroupType>(,<GroupType>)*"
+<GroupMemberTypeList> ::= "<GroupMemberType>(,<GroupMemberType>)*"
 <LabelIDList> ::= "<LabelID>(,<LabelID>)*"
 <LabelNameList> ::= "'<LabelName>'(,'<LabelName>')*"
 <LanguageList> ::= "<Language>(,<Language>)*"
@@ -1059,6 +1059,7 @@ Specify a collection of items by directly specifying them; the item type is dete
        all_shortcuts |
        all_3p_shortcuts |
        all_items |
        my_commentable_items |
        my_docs |
        my_files |
        my_folders |
@@ -1361,6 +1362,7 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
         nokey]
 gam use project [<EmailAddress>] [<ProjectID>]
 gam use project [admin <EmailAddress>] [project <ProjectID>]
        [appname <String>] [supportemail <EmailAddress>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
@@ -1676,6 +1678,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
        (range <Date> <Date>)|
        (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)|
        (reminder <Number> email|popup))|
 	(resource <ResourceID>)|
        (selectattendees [<AttendeeAttendance>] [<AttendeeStatus>] <UserTypeEntity>)|
        (sequence <Integer>)|
        (sharedproperty <PropertyKey> <PropertyValue>)|
@@ -1706,8 +1709,10 @@ The following attributes are equivalent:
        clearattendees|
        clearhangoutsmeet|
        (clearprivateproperty <PropertyKey>)|
        clearresources|
        (clearsharedproperty <PropertyKey>)|
        (removeattendee <EmailAddress>)|
        (removeresource <ResourceID>)|
        (replacedescription <RegularExpression> <String>)|
        (selectremoveattendees <UserTypeEntity>)
@@ -3828,8 +3833,9 @@ gam info group|groups <GroupEntity>
        [basic] <GroupFieldName>* [fields <GroupFieldNameList>] [nodeprecated]
        [ciallfields|(cifields <CIGroupFieldNameList>)]
        [members] [managers] [owners]
        [internal] [internaldomains <DomainNameList>] [external]
        [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [formatjson]
 gam print groups [todrive <ToDriveAttribute>*]
@@ -3844,9 +3850,10 @@ gam print groups [todrive <ToDriveAttribute>*]
        [nodeprecated]
        [roles <GroupRoleList>]
        [members|memberscount] [managers|managerscount] [owners|ownerscount] [totalcount] [countsonly]
        [internal] [internaldomains <DomainNameList>] [external]
        [includederivedmembership]
        [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [convertcrnl] [delimiter <Character>] [sortheaders]
        [formatjson [quotechar <Character>]]
@@ -3879,10 +3886,11 @@ gam print group-members [todrive <ToDriveAttribute>*]
        [descriptionmatchpattern [not] <RegularExpression>]
        [admincreatedmatch <Boolean>]
        [roles <GroupRoleList>] [members] [managers] [owners]
        [internal] [internaldomains <DomainNameList>] [external]
        [membernames] [showdeliverysettings]
        <MembersFieldName>* [fields <MembersFieldNameList>]
        [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [userfields <UserFieldNameList>]
        [allschemas|(schemas|custom|customschemas <SchemaNameList>)]
@@ -3890,7 +3898,7 @@ gam print group-members [todrive <ToDriveAttribute>*]
        [peoplelookup|(peoplelookupuser <EmailAddress>)]
        [unknownname <String>] [cachememberinfo [Boolean]]
        [formatjson [quotechar <Character>]]
-gam show group-members
+`gam show group-members
        [([domain|domains <DomainNameEntity>] ([member|showownedby <EmailItem>]|[(query <QueryGroup>)|(queries <QueryGroupList>)]))|
         (group|group_ns|group_susp <GroupItem>)|
         (select <GroupEntity>)]
@@ -3898,8 +3906,9 @@ gam show group-members
        [descriptionmatchpattern [not] <RegularExpression>]
        [admincreatedmatch <Boolean>]
        [roles <GroupRoleList>] [members] [managers] [owners] [depth <Number>]
        [internal] [internaldomains <DomainNameList>] [external]
        [notsuspended|suspended] [notarchived|archived]
-        [types <GroupTypeList>]
+        [types <GroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [includederivedmembership]
@@ -3918,12 +3927,16 @@ gam show group-members
        updatetime
 <CIGroupFieldNameList> ::= "<CIGroupFieldName>(,<CIGroupFieldName>)*"
-gam create cigroup <EmailAddress> [copyfrom <GroupItem>] <GroupAttribute>*
+gam create cigroup <EmailAddress>
-        [makeowner] [alias|aliases <CIGroupAliasList>] [dynamic <QueryDynamicGroup>]
+        [copyfrom <GroupItem>] <GroupAttribute>*
        [makeowner] [alias|aliases <CIGroupAliasList>]
        [security|makesecuritygroup]
        [dynamic <QueryDynamicGroup>]
 gam update cigroup <GroupEntity> [copyfrom <GroupItem>] <GroupAttribute>
        [security|makesecuritygroup|
         dynamicsecurity|makedynamicsecuritygroup|
         lockedsecurity|makelockedsecuritygroup]
        [locked|unlocked]
        [dynamic <QueryDynamicGroup>]
        [memberrestrictions <QueryMemberRestrictions>]
 gam update cigroups <GroupEntity> create|add [<GroupRole>]
@@ -3957,7 +3970,8 @@ gam info cigroups <GroupEntity>
        [nosecurity|nosecuritysettings]
        [allfields|<CIGroupFieldName>*|(fields <CIGroupFieldNameList>)]
        [roles <GroupRoleList>] [members] [managers] [owners]
-        [types <CIGroupTypeList>]
+        [internal] [internaldomains <DomainNameList>] [external]
        [types <CIGroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [formatjson]
 gam print cigroups [todrive <ToDriveAttribute>*]
@@ -3968,7 +3982,8 @@ gam print cigroups [todrive <ToDriveAttribute>*]
        [basic|allfields|(<CIGroupFieldName>* [fields <CIGroupFieldNameList>])]
        [roles <GroupRoleList>] [memberrestrictions]
        [members|memberscount] [managers|managerscount] [owners|ownerscount] [totalcount] [countsonly]
-        [types <CIGroupTypeList>]
+        [internal] [internaldomains <DomainNameList>] [external]
        [types <CIGroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        [convertcrnl] [delimiter <Character>]
        [formatjson [quotechar <Character>]]
@@ -3993,7 +4008,7 @@ gam print cigroup-members [todrive <ToDriveAttribute>*]
        [emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
        [descriptionmatchpattern [not] <RegularExpression>]
        [roles <GroupRoleList>] [members] [managers] [owners]
-        [types <CIGroupTypeList>]
+        [types <CIGroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
        <CIGroupMembersFieldName>* [fields <CIGroupMembersFieldNameList>]
        [(recursive [noduplicates])includederivedmembership] [nogroupeemail]
@@ -4004,7 +4019,7 @@ gam show cigroup-members
        [emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
        [descriptionmatchpattern [not] <RegularExpression>]
        [roles <GroupRoleList>] [members] [managers] [owners] [depth <Number>]
-        [types <CIGroupTypeList>]
+        [types <CIGroupMemberTypeList>]
        [memberemaildisplaypattern|memberemailskippattern <RegularExpression>]
 # Cloud Identity Devices
@@ -4440,7 +4455,7 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
        [event|events <EventNameList>] [ip <String>]
        [groupidfilter <String>]
        [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
-        [countsonly [summary] [eventrowfilter]]
+        [countsonly [bydate|summary] [eventrowfilter]]
        (addcsvdata <FieldName> <String>)* [shownoactivities]
 <CustomerServiceName> ::=
@@ -4503,7 +4518,7 @@ gam report users|user [todrive <ToDriveAttribute>*]
        (country|countrycode <String>)
 gam create|add resoldcustomer <CustomerDomain> (customer_auth_token <String>) <ResoldCustomerAttribute>+
-gam update resoldcustomer <CustomerID> [customer_auth_token <String>] <ResoldCustomerAttribues>+
+gam update resoldcustomer <CustomerID> <ResoldCustomerAttribues>+
 gam info resoldcustomer <CustomerID> [formatjson]
 gam create|add resoldsubscription <CustomerID> (sku <SKUID>)
@@ -6564,6 +6579,8 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
        [copysubfolderpermissions [<Boolean>]]
        [copysubfolderinheritedpermissions [<Boolean>]]
        [copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders]
        [copypermissionroles <DriveFileACLRoleList>]
        [copypermissiontypes <DriveFileACLTypeList>]
        [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
        (mappermissionsdomain <DomainName> <DomainName>)*
        [copysheetprotectedranges [<Boolean>]]
@@ -6779,12 +6796,12 @@ gam print ownership <DriveFileID>|(drivefilename <DriveFileName>) [todrive <ToDr
 gam <UserTypeEntity> show filecomments <DriveFileEntity>
        [showdeleted] [start <Date>|<Time>]
        [fields <CommentsFieldNameList>] [showphotolinks]
-        [countsonly]
+        [countsonly|positivecountsonly]
        [formatjson]
 gam <UserTypeEntity> print filecomments <DriveFileEntity> [todrive <ToDriveAttribute>*]
        [showdeleted] [start <Date>|<Time>]
        [fields <CommentsFieldNameList>] [showphotolinks]
-        [countsonly]
+        [countsonly|positivecountsonly]
        (addcsvdata <FieldName> <String>)*
        [formatjson [quotechar <Character>]]
@@ -7344,11 +7361,11 @@ gam <UserTypeEntity> print filters [labelidsonly] [todrive <ToDriveAttribute>*]
 # Users - Forms
 gam <UserTypeEntity> create form
-        title <String> [description <String>] [isquiz [<Boolean>]
+        title <String> [description <String>] [isquiz [<Boolean>]] [<JSONData>]
        [drivefilename <DriveFileName>] [<DriveFileParentAttribute>]
        [(csv [todrive <ToDriveAttribute>*]) | returnidonly]
 gam <UserTypeEntity> update form <DriveFileEntity>
-        [title <String>] [description <String>] [isquiz [<Boolean>]
+        [title <String>] [description <String>] [isquiz [<Boolean>]] [<JSONData>]
 gam <UserTypeEntity> print forms <DriveFileEntity> [todrive <ToDriveAttribute>*]
        (addcsvdata <FieldName> <String>)*
@@ -7813,7 +7830,8 @@ gam <UserTypeEntity> delete noteacl <NotesNameEntity>
 # Users - Licenses
 gam <UserTypeEntity> create|add license <SKUIDList> [product|productid <ProductID>] [preview] [actioncsv]
-gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID> [preview] [actioncsv]
+gam <UserTypeEntity> update license <NewSKUID> [product|productid <ProductID>] [from] <OldSKUID>
        [preview|archive] [actioncsv]
 gam <UserTypeEntity> delete license <SKUIDList> [product|productid <ProductID>] [preview] [actioncsv]
 gam <UserTypeEntity> sync license <SKUIDList> [product|productid <ProductID>] [addonly|removeonly] [allskus|onesku] [preview] [actioncsv]
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -1,3 +1,191 @@
 7.03.04
 Added option `security` to `gam create cigroup` that allows creation of a security group
 in a single command.
 Updated to Python 3.13.2 where possible.
 7.03.03
 Fixed bug in `gam update resoldcustomer` that caused the following error:
 ```
 ERROR: Got an unexpected keyword argument customerAuthToken
 ```
 7.03.02
 Updated `gam <UserTypeEntity> show labels nested` to properly display label nesting
 when labels have embedded `/` characters in their names.
 7.03.01
 Updated `gam create project` to retry the following unexpected error:
 ```
 ERROR: 400 - invalidArgument - Service account gam-project-a1b2c@gam-project-a1b2c.iam.gserviceaccount.com does not exist.
 ```
 7.03.00
 Updated `gam create|use project` to discontinue use of the `Identity-Aware Proxy (IAP) OAuth Admin APIs`
 that are being deprecated by Google. You will see a set of instructions detailing how to
 configure the Oauth Consent screen and create the Oauth client.
 Added options `copypermissionroles <DriveFileACLRoleList>` and `copypermissiontypes <DriveFileACLTypeList>`
 to `gam <UserTypeEntity> copy drivefile` that provide more control over what permissions are copied
 from the source files/folders to the destination files/folders.
 7.02.11
 Updated `gam report <ActivityApplicationName>` to display `id:<actor.profileId>` in the `emailAddress` column
 when `actor.email` is empty. This typically occurs when the actor is not in your workspace.
 Updated `gam <UserTypeEntity> copy drivefile` to ignore ACLs referencing deleted user/groups.
 7.02.10
 Added option `bydate` to `gam report <ActivityApplicationName> ... countsonly` that provides an additional display option.
 * `countsonly` - Display a row per user across all dates with all event counts on one row
 * `countsonly bydate` - Display a row per user per date for all dates with any events with all events counts on the row
 * `countsonly summary` - Display a row per event with counts for each event summarized across users and dates
 7.02.09
 Added option `clearresources` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
 that allows clearing all resources from a user's calendar events. For example, to clear all resources from a user's future events:
 ```
 gam user user@domain.com update events primary matchfield attendeespattern @resource.calendar.google.com after now clearresources
 ```
 Added option `resource <ResourceID>` to `<EventAttribute>` for use in `gam <UserTypeEntity> create|update events`
 that adds a resource to an event.
 Added option `removeresource <ResourceID>` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
 that removes a resource from an event.
 7.02.08
 Fixed bug in `gam print|show chromepolicies` that caused a trap when neither
 `ou|orgunit <OrgUnitItem>` nor `group <GroupItem>` was specified.
 7.02.07
 Updated `gam delete|update chromepolicy` to display the `<AppID>` or `<PrinterID>` (if specified)
 in the command status messages.
 7.02.06
 Added option `<JSONData>` to `gam <UserTypeEntity> create|update form` that allows for
 creation/modification of all fields in a form. `<JSONData>` is a list of form update requests.
 * See: https://developers.google.com/forms/api/reference/rest/v1/forms/batchUpdate
 7.02.05
 Updated `gam [<UserTypeEntity>] show shareddriveacls ... formatjson` to not display this line
 which interferes with the JSON output.
 ```
 User: user@domain.com, Show N Shared Drives
 ```
 7.02.04
 Updated code to eliminate trap caused by bug introduced in 7.02.00 that occurs when an invalid domain or OU is specified.
 7.02.03
 Added option `archive` to `gam <UserTypeEntity> update license <NewSKUID> from <OldSKUID>` that causes GAM
 to archive `<UserTypeEntity>` after updating their license to `<NewSKUID>`. This will be used when you want to
 archive a user with a non-archivable license. The `<NewSKUID>` license is assigned to the user and it then converts
 to the equivalent Archived User license when the user is archived.
 `<NewSKUID>` must be one of the following SKUs:
 ```
 Google-Apps-Unlimited - G Suite Business
 1010020020 - Google Workspace Enterprise Plus
 1010020025 - Google Workspace Business Plus
 1010020026 - Google Workspace Enterprise Standard
 1010020027 - Google Workspace Business Starter
 1010020028 - Google Workspace Business Standard
 ```
 7.02.02
 Updated `gam <UserTypeEntity> archive messages <GroupItem>` to retry the following unexpected error
 that occurs after many messages have been successfully archived.
 `ERROR: 404: notFound - Unable to lookup group`
 7.02.01
 Added options `locked` and `unlocked` to `gam update cigroups` that allow locking/unlocking groups.
 * See: https://workspaceupdates.googleblog.com/2024/12/locked-groups-open-beta.html
 You'll have to do a `gam oauth create` and enable the following scope to use these options:
 ```
 [*] 22)  Cloud Identity Groups API Beta (Enables group locking/unlocking)
 ```
 7.02.00
 Improved the error message displayed for user service account access commands when:
 * The API is not enabled
 * The user does not exist
 * The user exists but is in a OU where the service is disabled
 7.01.04
 Admin role assignments are now in the v1 stable API, use that and remove custom local workaround for the beta. #1724
 Remove duplicate local JSON discovery files. #1724
 Suppress "UserWarning: Attribute's length must be..." messages on service accounts with long emails. #1725
 Added options `internal`, `internaldomains <DomainNameList>` and `external` to these commands
 that expand the options for viewing group members:
 ```
 gam info group
 gam print groups
 gam print|show group-members
 gam info cigroup
 gam print cigroups
 gam print|show cigroup-members
 ```
 By default, when listing group members, GAM does not take the domain of the member into account.
 * `internal internaldomains <DomainNameList>` - Display members whose domain is in `<DomainNameList>`
 * `external internaldomains <DomainNameList>` - Display members whose domain is not in `<DomainNameList>`
 * `internal external internaldomains <DomainNameList>` - Display all members, indicate their category: internal or external
 * `internaldomains <DomainNameList>` - Defaults to value of `domain` in `gam.cfg`
 Members without an email address, e.g. `customer`, `chromeosdevice` and `cbcmbrowser` are considered internal.
 Updated to Python 3.13.1.
 7.01.03
 Fixed bug in `gam update cigroups <GroupEntity> delete|sync|update` where `cbcmbrowser` and `chromeosdevice`
 addresses were not properly handled.
 7.01.02
 Added option `positivecountsonly` to `gam <UserTypeEntity> print|show filecomments` that causes
 GAM to display the number of comments and replies only for files that have comments.
 Added `my_commentable_items` to `<DriveFileQueryShortcut>` that can be used with
 `gam <UserTypeEntity> print|show filecomments my_commentable_items` to speed up processing.
 Updated code that uses the Domain Shared Contacts API with an HTTPS proxy to avoid a trap:
 ```
 Traceback (most recent call last):
 ...
 File "atom/http.py", line 250, in _prepare_connection
 AttributeError: module 'ssl' has no attribute 'wrap_socket'
 ```
 7.01.01
 Fixed bug in `gam <UserTypeEntity> print|show filetree` where no error message was generated
 if a user had Drive disabled.
 7.01.00
 Fixed bug in `gam update chromepolicy` that caused some policy updates to fail.
@@ -5,7 +193,7 @@ Fixed bug in `gam update chromepolicy` that caused some policy updates to fail.
 Added option `showhtml` to `gam <UserTypeEntity> print|show messages` that, when used with `showbody`,
 will display message body content of type HTML.
-Added support for manageing/displaying Chrome profiles.
+Added support for managing/displaying Chrome profiles.
 * See: https://github.com/GAM-team/GAM/wiki/Chrome-Profile-Management
--- a/src/admin-directory_v1.1beta1.json
+++ b/src/admin-directory_v1.1beta1.json
--- a/src/cbcm-v1.1beta1.json
+++ b/src/cbcm-v1.1beta1.json
@@ -1,594 +0,0 @@
 {
  "auth": {
    "oauth2": {
      "scopes": {
        "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers": {
          "description": "View and manage your Chrome browsers registered with Cloud Management"
        },
        "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly": {
          "description": "View your Chrome browsers registered with Cloud Management"
        }
      }
    }
  },
  "basePath": "",
  "baseUrl": "https://admin.googleapis.com/admin/directory/v1.1beta1/customer/",
  "batchPath": "batch",
  "canonicalName": "cbcm",
  "discoveryVersion": "v1",
  "documentationLink": "https://support.google.com/chrome/a/answer/9681204",
  "fullyEncodeReservedExpansion": true,
  "icons": {
    "x16": "http://www.google.com/images/icons/product/search-16.gif",
    "x32": "http://www.google.com/images/icons/product/search-32.gif"
  },
  "id": "cbcm:v1.1beta1",
  "kind": "discovery#restDescription",
  "mtlsRootUrl": "https://admin.mtls.googleapis.com/",
  "name": "cbcm",
  "ownerDomain": "google.com",
  "ownerName": "Jay Lee",
  "packagePath": "cbcm",
  "parameters": {
    "$.xgafv": {
      "description": "V1 error format.",
      "enum": [
        "1",
        "2"
      ],
      "enumDescriptions": [
        "v1 error format",
        "v2 error format"
      ],
      "location": "query",
      "type": "string"
    },
    "access_token": {
      "description": "OAuth access token.",
      "location": "query",
      "type": "string"
    },
    "alt": {
      "default": "json",
      "description": "Data format for response.",
      "enum": [
        "json",
        "media",
        "proto"
      ],
      "enumDescriptions": [
        "Responses with Content-Type of application/json",
        "Media download with context-dependent Content-Type",
        "Responses with Content-Type of application/x-protobuf"
      ],
      "location": "query",
      "type": "string"
    },
    "callback": {
      "description": "JSONP",
      "location": "query",
      "type": "string"
    },
    "fields": {
      "description": "Selector specifying which fields to include in a partial response.",
      "location": "query",
      "type": "string"
    },
    "key": {
      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
      "location": "query",
      "type": "string"
    },
    "oauth_token": {
      "description": "OAuth 2.0 token for the current user.",
      "location": "query",
      "type": "string"
    },
    "prettyPrint": {
      "default": "true",
      "description": "Returns response with indentations and line breaks.",
      "location": "query",
      "type": "boolean"
    },
    "quotaUser": {
      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
      "location": "query",
      "type": "string"
    },
    "uploadType": {
      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
      "location": "query",
      "type": "string"
    },
    "upload_protocol": {
      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
      "location": "query",
      "type": "string"
    }
  },
  "protocol": "rest",
  "resources": {
    "chromebrowsers": {
      "methods": {
        "delete": {
          "description": "Deletes a browser.",
          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
          "httpMethod": "DELETE",
          "id": "cbcm.chromebrowsers.delete",
          "parameterOrder": [
            "customer",
            "deviceId"
          ],
          "parameters": {
            "customer": {
              "description": "Immutable ID of the G Suite account.",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "deviceId": {
              "description": "Immutable ID of the browser.",
              "location": "path",
              "required": true,
              "type": "string"
            }
          },
          "path": "{customer}/devices/chromebrowsers/{deviceId}",
          "scopes": [
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
          ]
        },
        "get": {
          "description": "Retrieves a browser.",
          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
          "httpMethod": "GET",
          "id": "cbcm.chromebrowsers.get",
          "parameterOrder": [
            "customer",
            "deviceId"
          ],
          "parameters": {
            "customer": {
              "description": "Immutable ID of the G Suite account.",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "deviceId": {
              "description": "Immutable ID of the browser.",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "projection": {
              "description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
              "location": "query",
              "type": "string"
            }
          },
          "path": "{customer}/devices/chromebrowsers/{deviceId}",
          "response": {
            "$ref": "ChromeBrowser"
          },
          "scopes": [
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
          ]
        },
        "list": {
          "description": "Retrieves a paginated list of all the browsers in a domain.",
          "flatPath": "{customer}/devices/chromebrowsers",
          "httpMethod": "GET",
          "id": "cbcm.chromebrowsers.list",
          "parameterOrder": [
            "customer"
          ],
          "parameters": {
            "customer": {
              "description": "Immutable ID of the G Suite account.",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "maxResults": {
              "description": "Maximum number of results to return.",
              "format": "int32",
              "location": "query",
              "maximum": "100",
              "minimum": "1",
              "type": "integer"
            },
            "orderBy": {
              "description": "property to use for sorting results.",
              "location": "query",
              "type": "string"
            },
            "orgUnitPath": {
              "description": "The full path of the organizational unit or its unique ID.",
              "location": "query",
              "type": "string"
            },
            "pageToken": {
              "description": "Token to specify the next page in the list.",
              "location": "query",
              "type": "string"
            },
            "projection": {
              "description": "Restrict information returned to a set of selected fields. FULL or BASIC.",
              "location": "query",
              "type": "string"
            },
            "query": {
              "description": "Search string using the list page query language.",
              "location": "query",
              "type": "string"
            },
            "sortOrder": {
              "description": "Whether to return results in ascending or descending order. Must be used with the orderBy parameter.",
              "location": "query",
              "type": "string"
            }
          },
          "path": "{customer}/devices/chromebrowsers",
          "response": {
            "$ref": "ChromeBrowsers"
          },
          "scopes": [
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
          ]
        },
        "moveChromeBrowsersToOu": {
          "description": "Move Chrome Browsers Device between Organization Units",
          "flatPath": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
          "httpMethod": "POST",
          "id": "cbcm.chromebrowsers.moveChromeBrowsersToOu",
          "parameterOrder": [
            "customer"
          ],
          "parameters": {
            "customer": {
              "description": "Immutable ID of the G Suite account.",
              "location": "path",
              "required": true,
              "type": "string"
            }
          },
          "path": "{customer}/devices/chromebrowsers/moveChromeBrowsersToOu",
          "request": {
            "$ref": "MoveChromeBrowsersRequest"
          },
          "scopes": [
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
          ]
        },
        "update": {
          "description": "Updates a browser.",
          "flatPath": "{customer}/devices/chromebrowsers/{deviceId}",
          "httpMethod": "PUT",
          "id": "cbcm.chromebrowsers.update",
          "parameterOrder": [
            "customer",
            "deviceId"
          ],
          "parameters": {
            "customer": {
              "description": "Immutable ID of the G Suite account.",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "deviceId": {
              "description": "Immutable ID of the browser.",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "projection": {
              "description": "BASIC or FULL",
              "location": "query",
              "type": "string"
            }
          },
          "path": "{customer}/devices/chromebrowsers/{deviceId}",
          "request": {
            "$ref": "ChromeBrowser"
          },
          "response": {
            "$ref": "ChromeBrowser"
          },
          "scopes": [
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
          ]
        }
      }
    },
    "enrollmentTokens": {
      "methods": {
        "list": {
          "description": "Retrieves a paginated list of all the browser entollment tokens in a domain.",
          "flatPath": "{customer}/chrome/enrollmentTokens",
          "httpMethod": "GET",
          "id": "cbcm.enrollmentTokens.list",
          "parameterOrder": [
            "customer"
          ],
          "parameters": {
            "customer": {
              "description": "Immutable ID of the G Suite account.",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "pageSize": {
              "description": "Maximum number of results to return.",
              "format": "int32",
              "location": "query",
              "maximum": "100",
              "minimum": "1",
              "type": "integer"
            },
            "orgUnitPath": {
              "description": "The full path of the organizational unit or its unique ID.",
              "location": "query",
              "type": "string"
            },
            "pageToken": {
              "description": "Token to specify the next page in the list.",
              "location": "query",
              "type": "string"
            },
            "query": {
              "description": "Search string using the list page query language.",
              "location": "query",
              "type": "string"
            }
          },
          "path": "{customer}/chrome/enrollmentTokens",
          "response": {
            "$ref": "EnrollmentTokens"
          },
          "scopes": [
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly"
          ]
        },
        "create": {
          "description": "Creates a browser enrollment token in a domain.",
          "flatPath": "{customer}/chrome/enrollmentTokens",
          "httpMethod": "POST",
          "id": "cbcm.enrollmentTokens.create",
          "parameterOrder": [
            "customer"
          ],
          "parameters": {
            "customer": {
              "description": "Immutable ID of the G Suite account.",
              "location": "path",
              "required": true,
              "type": "string"
            }
          },
          "path": "{customer}/chrome/enrollmentTokens",
          "request": {
            "$ref": "CreateEnrollmentTokenRequest"
          },
          "response": {
            "$ref": "EnrollmentToken"
          },
          "scopes": [
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
          ]
        },
        "revoke": {
          "description": "Revokes a browser enrollment token in a domain.",
          "flatPath": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
          "httpMethod": "POST",
          "id": "cbcm.enrollmentTokens.revoke",
          "parameterOrder": [
            "customer",
            "tokenPermanentId"
          ],
          "parameters": {
            "customer": {
              "description": "Immutable ID of the G Suite account.",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "tokenPermanentId": {
              "description": "Unique identifier for an enrollment token.",
              "location": "path",
              "required": true,
              "type": "string"
            }
          },
          "path": "{customer}/chrome/enrollmentTokens/{tokenPermanentId}:revoke",
          "scopes": [
            "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers"
          ]
        }
      }
    }
  },
  "revision": "20201203",
  "rootUrl": "https://admin.googleapis.com/admin/directory/v1.1beta1/customer/",
  "schemas": {
    "ChromeBrowser": {
      "id": "ChromeBrowser",
      "properties": {
        "annotatedAssetId": {
          "description": "Asset identifier as annotated by the administrator or specified during enrollment.",
          "type": "string"
        },
        "annotatedLocation": {
          "description": "Address or location of the device as annotated by the administrator.",
          "type": "string"
        },
        "annotatedNotes": {
          "description": "Notes about this device as annotated by the administrator",
          "type": "string"
        },
        "annotatedUser": {
          "description": "User of the device as annotated by the administrator.",
          "type": "string"
        },
        "deviceId": {
          "annotations": {
            "required": [
              "cbcm.chromebrowsers.update"
            ]
          },
          "description": "The unique ID of the device.",
          "type": "string"
        }
      },
      "type": "object"
    },
    "ChromeBrowsers": {
      "id": "ChromeBrowsers",
      "properties": {
        "browsers": {
          "description": "List of Chrome browser objects.",
          "items": {
            "$ref": "ChromeBrowser"
          },
          "type": "array"
        },
        "etag": {
          "description": "ETag of the resource.",
          "type": "string"
        },
        "kind": {
          "default": "admin#directory#chromeosdevices",
          "description": "Kind of resource this is.",
          "type": "string"
        },
        "nextPageToken": {
          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
          "type": "string"
        }
      },
      "type": "object"
    },
    "EnrollmentToken": {
      "id": "EnrollmentToken",
      "properties": {
        "kind": {
          "default": "admin#directory#chromeEnrollmentToken",
          "description": "Kind of resource this is.",
          "type": "string"
        },
        "tokenId": {
          "description": "Enrollment Token ID.",
          "type": "string"
        },
        "tokenPermanentId": {
          "description": "Enrollment Token Permanent ID.",
          "type": "string"
        },
        "customerId": {
          "description": "Immutable ID of the G Suite account.",
          "type": "string"
        },
        "orgUnitPath": {
          "description": "The full path of the organizational unit or its unique ID.",
          "type": "string"
        },
        "creatorId": {
          "description": "Creator ID.",
          "type": "string"
        },
        "createTime": {
          "description": "Creation Time.",
          "type": "string"
        },
        "revokerId": {
          "description": "Revoker ID.",
          "type": "string"
        },
        "revokeTime": {
          "description": "Revoke Time",
          "type": "string"
        }
      },
      "type": "object"
    },
    "EnrollmentTokens": {
      "id": "EnrollmentTokens",
      "properties": {
        "chrome_enrollment_tokens": {
          "description": "List of Chrome browser enrollment token objects.",
          "items": {
            "$ref": "EnrollmentToken"
          },
          "type": "array"
        },
        "kind": {
          "default": "admin#directory#chromeEnrollmentTokens",
          "description": "Kind of resource this is.",
          "type": "string"
        },
        "nextPageToken": {
          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
          "type": "string"
        }
      },
      "type": "object"
    },
    "CreateEnrollmentTokenRequest": {
      "id": "CreateEnrollmentTokenRequest",
      "type": "object",
      "properties": {
        "org_unit_path": {
          "description": "The full path of the organizational unit or its unique ID.",
          "type": "string"
        },
        "expire_time": {
          "description": "Expiration Time.",
          "type": "string"
        },
        "token_type": {
          "id": "token_type",
          "annotations": {
            "required": [
              "cbcm.enrollmentTokens.create"
            ]
          },
          "description": "CHROME_BROWSER.",
          "type": "string"
        }
      }
    },
    "MoveChromeBrowsersRequest": {
      "id": "MoveChromeBrowsersRequest",
      "type": "object",
      "properties": {
        "org_unit_path": {
          "annotations": {
            "required": [
              "cbcm.chromebrowsers.moveChromeBrowsersToOu"
            ]
          },
          "description": "Destination organization unit to move devices to. Full path of the organizational unit or its ID prefixed with id:",
          "type": "string"
        },
        "resource_ids": {
          "annotations": {
            "required": [
              "cbcm.chromebrowsers.moveChromeBrowsersToOu"
            ]
          },
          "description": "List of unique device IDs of Chrome Browser Devices to move. A maximum of 600 browsers may be moved per request.",
          "type": "array",
          "items": {
            "type": "string"
          }
        }
      }
    }
  },
  "servicePath": "",
  "title": "Admin SDK API",
  "version": "cbcm_v1.1beta1"
 }
--- a/src/contactdelegation-v1.json
+++ b/src/contactdelegation-v1.json
@@ -1,249 +0,0 @@
 {
  "auth": {
    "oauth2": {
      "scopes": {
        "https://www.googleapis.com/auth/admin.contact.delegation": {
          "description": "View and manage your Contact Delegation"
        },
        "https://www.googleapis.com/auth/admin.contact.delegation.readonly": {
          "description": "View your Contact Delegation"
        }
      }
    }
  },
  "basePath": "",
  "baseUrl": "https://admin.googleapis.com/admin/contacts/v1/",
  "batchPath": "batch",
  "canonicalName": "contactdelegation",
  "description": "The Contact Delegation API allows Admins to delegate access of one user's, called the delegator, contacts to another user, called the delegate.",
  "discoveryVersion": "v1",
  "documentationLink": "https://developers.google.com/admin-sdk/contact-delegation",
  "fullyEncodeReservedExpansion": true,
  "icons": {
    "x16": "http://www.google.com/images/icons/product/search-16.gif",
    "x32": "http://www.google.com/images/icons/product/search-32.gif"
  },
  "id": "contactdelegation:v1",
  "kind": "discovery#restDescription",
  "name": "contactdelegation",
  "ownerDomain": "google.com",
  "ownerName": "Google",
  "packagePath": "admin",
  "parameters": {
    "$.xgafv": {
      "description": "V1 error format.",
      "enum": [
        "1",
        "2"
      ],
      "enumDescriptions": [
        "v1 error format",
        "v2 error format"
      ],
      "location": "query",
      "type": "string"
    },
    "access_token": {
      "description": "OAuth access token.",
      "location": "query",
      "type": "string"
    },
    "alt": {
      "default": "json",
      "description": "Data format for response.",
      "enum": [
        "json",
        "media",
        "proto"
      ],
      "enumDescriptions": [
        "Responses with Content-Type of application/json",
        "Media download with context-dependent Content-Type",
        "Responses with Content-Type of application/x-protobuf"
      ],
      "location": "query",
      "type": "string"
    },
    "callback": {
      "description": "JSONP",
      "location": "query",
      "type": "string"
    },
    "fields": {
      "description": "Selector specifying which fields to include in a partial response.",
      "location": "query",
      "type": "string"
    },
    "key": {
      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
      "location": "query",
      "type": "string"
    },
    "oauth_token": {
      "description": "OAuth 2.0 token for the current user.",
      "location": "query",
      "type": "string"
    },
    "prettyPrint": {
      "default": "true",
      "description": "Returns response with indentations and line breaks.",
      "location": "query",
      "type": "boolean"
    },
    "quotaUser": {
      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
      "location": "query",
      "type": "string"
    },
    "uploadType": {
      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
      "location": "query",
      "type": "string"
    },
    "upload_protocol": {
      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
      "location": "query",
      "type": "string"
    }
  },
  "protocol": "rest",
  "resources": {
    "delegates": {
      "methods": {
        "create": {
          "description": "Creates a contact delegations",
          "flatPath": "users/{user}/delegates",
          "httpMethod": "POST",
          "id": "contactdelegations.delegates.create",
          "parameterOrder": [
            "user"
          ],
          "parameters": {
            "user": {
              "description": "Email address of the delegator.",
              "location": "path",
              "required": true,
              "type": "string"
            }
          },
          "path": "users/{user}/delegates/{delegate}",
          "request": {
            "$ref": "Delegate"
          },
          "scopes": [
            "https://www.googleapis.com/auth/admin.contact.delegation"
          ]
        },
        "delete": {
          "description": "Deletes a contact delegation.",
          "flatPath": "users/{user}/delegates/{delegate}",
          "httpMethod": "DELETE",
          "id": "contactdelegations.delegates.delete",
          "parameterOrder": [
            "user",
            "delegate"
          ],
          "parameters": {
            "delegate": {
              "description": "Email address of the delegate",
              "location": "path",
              "required": true,
              "type": "string"
            },
            "user": {
              "description": "Email address of the delegator.",
              "location": "path",
              "required": true,
              "type": "string"
            }
          },
          "path": "users/{user}/delegates/{delegate}",
          "scopes": [
            "https://www.googleapis.com/auth/admin.contact.delegation"
          ]
        },
        "list": {
          "description": "Lists contact delegates for a user",
          "flatPath": "users/{user}/delegates",
          "httpMethod": "GET",
          "id": "contactdelegations.delegates.list",
          "parameterOrder": [
            "user"
          ],
          "parameters": {
            "pageSize": {
              "description": "Determines how many delegates are returned in each response. ",
              "format": "int32",
              "location": "query",
              "minimum": "1",
              "type": "integer"
            },
            "pageToken": {
              "description": "Token to specify the next page in the list.",
              "location": "query",
              "type": "string"
            },
            "user": {
              "description": "Email address of the delegator.",
              "location": "path",
              "required": true,
              "type": "string"
            }
          },
          "path": "users/{user}/delegates",
          "response": {
            "$ref": "Delegates"
          },
          "scopes": [
            "https://www.googleapis.com/auth/admin.contact.delegation",
            "https://www.googleapis.com/auth/admin.contact.delegation.readonly"
          ]
        }
      }
    }
  },
  "rootUrl": "https://admin.googleapis.com/admin/contacts/v1/",
  "schemas": {
    "Delegate": {
      "description": "JSON template for a delegate.",
      "id": "Delegate",
      "properties": {
        "email": {
          "description": "Email of the delegate.",
          "type": "string"
        }
      },
      "type": "object"
    },
    "Delegates": {
      "id": "Delegates",
      "properties": {
        "delegates": {
          "description": "List of delegates.",
          "items": {
            "$ref": "Delegate"
          },
          "type": "array"
        },
        "etag": {
          "description": "ETag of the resource.",
          "type": "string"
        },
        "kind": {
          "default": "",
          "description": "Kind of resource this is.",
          "type": "string"
        },
        "nextPageToken": {
          "description": "Token used to access the next page of this result. To access the next page, use this token's value in the `pageToken` query string of this request.",
          "type": "string"
        }
      },
      "type": "object"
    }
  },
  "servicePath": "",
  "title": "Contact Delegation API",
  "version": "v1",
  "version_module": true
 }
--- a/src/datastudio-v1.json
+++ b/src/datastudio-v1.json
@@ -1,486 +0,0 @@
 {
  "basePath": "",
  "discoveryVersion": "v1",
  "documentationLink": "https://support.google.com/datastudio",
  "canonicalName": "Data Studio",
  "id": "datastudio:v1",
  "ownerName": "Google",
  "description": "Allows programmatic viewing and editing of Data Studio assets.",
  "rootUrl": "https://datastudio.googleapis.com/",
  "ownerDomain": "google.com",
  "mtlsRootUrl": "https://datastudio.mtls.googleapis.com/",
  "batchPath": "batch",
  "version_module": true,
  "version": "v1",
  "schemas": {
    "Asset": {
      "id": "Asset",
      "properties": {
        "title": {
          "description": "The title of the asset.",
          "type": "string"
        },
        "createTime": {
          "format": "google-datetime",
          "description": "Date the asset was created.",
          "type": "string"
        },
        "lastViewByMeTime": {
          "type": "string",
          "description": "Date the asset was last viewed by me.",
          "format": "google-datetime"
        },
        "owner": {
          "type": "string",
          "description": "The owner of the asset."
        },
        "name": {
          "type": "string",
          "description": "The name of the asset."
        },
        "trashed": {
          "type": "boolean",
          "description": "Value indicating if the asset is in the trash."
        },
        "updateTime": {
          "format": "google-datetime",
          "description": "Date the asset was last modified.",
          "type": "string"
        },
        "updateByMeTime": {
          "description": "Date the asset was last modified by me.",
          "type": "string",
          "format": "google-datetime"
        },
        "assetType": {
          "enumDescriptions": [
            "Asset type not specified.",
            "A report asset.",
            "A data Source asset."
          ],
          "enum": [
            "ASSET_TYPE_UNSPECIFIED",
            "REPORT",
            "DATA_SOURCE"
          ],
          "description": "The type of the asset.",
          "type": "string"
        }
      },
      "description": "A Data Studio asset.",
      "type": "object"
    },
    "SearchAssetsResponse": {
      "id": "SearchAssetsResponse",
      "properties": {
        "assets": {
          "items": {
            "$ref": "Asset"
          },
          "type": "array",
          "description": "The list of assets."
        },
        "nextPageToken": {
          "type": "string",
          "description": "A token to retrieve next page of results. Pass this value in the SearchAssetsRequest.page_token field in the subsequent call to `SearchAssets` method to retrieve the next page of results."
        }
      },
      "description": "Response message for DataStudioService.SearchAssets",
      "type": "object"
    },
    "UpdatePermissionsRequest": {
      "description": "Request message for DataStudioService.UpdatePermissions",
      "properties": {
        "updateMask": {
          "description": "The list of fields to be updated. Currently not supported.",
          "type": "string",
          "format": "google-fieldmask"
        },
        "permissions": {
          "description": "The permissions object to update.",
          "$ref": "Permissions"
        }
      },
      "id": "UpdatePermissionsRequest",
      "type": "object"
    },
    "AddMembersRequest": {
      "properties": {
        "members": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Required. The members to add to the role. The format of a member is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com"
        },
        "role": {
          "type": "string",
          "enumDescriptions": [
            "Role not specified.",
            "A viewer.",
            "An editor.",
            "An owner.",
            "Link shared viewer.",
            "Link shared editor."
          ],
          "enum": [
            "ROLE_UNSPECIFIED",
            "VIEWER",
            "EDITOR",
            "OWNER",
            "LINK_VIEWER",
            "LINK_EDITOR"
          ],
          "description": "Required. The role to add members to."
        }
      },
      "type": "object",
      "id": "AddMembersRequest",
      "description": "Request message for DataStudioService.AddMembers"
    },
    "Permissions": {
      "type": "object",
      "id": "Permissions",
      "description": "A Data Studio asset's Permissions.",
      "properties": {
        "permissions": {
          "description": "A map from a Role to a list of members. Role is a string representation of the Role enum. One of: - OWNER - EDITOR - VIEWER",
          "additionalProperties": {
            "$ref": "Members"
          },
          "type": "object"
        },
        "etag": {
          "format": "byte",
          "description": "etag to detect and fail concurrent modifications",
          "type": "string"
        }
      }
    },
    "RevokeAllPermissionsRequest": {
      "description": "Request message for DataStudioService.RevokeAllPermissions",
      "id": "RevokeAllPermissionsRequest",
      "type": "object",
      "properties": {
        "members": {
          "description": "Required. The members that are having their access revoked. The format of a member is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      }
    },
    "Members": {
      "description": "A wrapper message for a list of members.",
      "properties": {
        "members": {
          "description": "Format of string is one of - user:alice@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-app@appspot.gserviceaccount.com",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      },
      "type": "object",
      "id": "Members"
    }
  },
  "name": "datastudio",
  "protocol": "rest",
  "baseUrl": "https://datastudio.googleapis.com/",
  "title": "Data Studio API",
  "revision": "20210412",
  "fullyEncodeReservedExpansion": true,
  "icons": {
    "x32": "http://www.google.com/images/icons/product/search-32.gif",
    "x16": "http://www.google.com/images/icons/product/search-16.gif"
  },
  "parameters": {
    "quotaUser": {
      "location": "query",
      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
      "type": "string"
    },
    "prettyPrint": {
      "location": "query",
      "type": "boolean",
      "description": "Returns response with indentations and line breaks.",
      "default": "true"
    },
    "callback": {
      "location": "query",
      "type": "string",
      "description": "JSONP"
    },
    "uploadType": {
      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
      "type": "string",
      "location": "query"
    },
    "upload_protocol": {
      "type": "string",
      "location": "query",
      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\")."
    },
    "$.xgafv": {
      "enumDescriptions": [
        "v1 error format",
        "v2 error format"
      ],
      "description": "V1 error format.",
      "location": "query",
      "type": "string",
      "enum": [
        "1",
        "2"
      ]
    },
    "oauth_token": {
      "type": "string",
      "location": "query",
      "description": "OAuth 2.0 token for the current user."
    },
    "alt": {
      "type": "string",
      "enum": [
        "json",
        "media",
        "proto"
      ],
      "location": "query",
      "description": "Data format for response.",
      "enumDescriptions": [
        "Responses with Content-Type of application/json",
        "Media download with context-dependent Content-Type",
        "Responses with Content-Type of application/x-protobuf"
      ],
      "default": "json"
    },
    "fields": {
      "description": "Selector specifying which fields to include in a partial response.",
      "location": "query",
      "type": "string"
    },
    "access_token": {
      "type": "string",
      "description": "OAuth access token.",
      "location": "query"
    },
    "key": {
      "type": "string",
      "location": "query",
      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token."
    }
  },
  "servicePath": "",
  "kind": "discovery#restDescription",
  "resources": {
    "assets": {
      "methods": {
        "getPermissions": {
          "parameters": {
            "name": {
              "type": "string",
              "location": "path",
              "description": "Required. The name of the asset.",
              "required": true
            },
            "role": {
              "enumDescriptions": [
                "Role not specified.",
                "A viewer.",
                "An editor.",
                "An owner.",
                "Link shared viewer.",
                "Link shared editor."
              ],
              "type": "string",
              "location": "query",
              "description": "The role of the permssion.",
              "enum": [
                "ROLE_UNSPECIFIED",
                "VIEWER",
                "EDITOR",
                "OWNER",
                "LINK_VIEWER",
                "LINK_EDITOR"
              ]
            }
          },
          "id": "datastudio.assets.getPermissions",
          "response": {
            "$ref": "Permissions"
          },
          "flatPath": "v1/assets/{name}/permissions",
          "path": "v1/assets/{name}/permissions",
          "description": "Gets the asset's permission for a given role.",
          "parameterOrder": [
            "name"
          ],
          "httpMethod": "GET"
        },
        "updatePermissions": {
          "id": "datastudio.assets.updatePermissions",
          "parameterOrder": [
            "name"
          ],
          "flatPath": "v1/assets/{name}/permissions",
          "description": "Updates a permission.",
          "request": {
            "$ref": "UpdatePermissionsRequest"
          },
          "path": "v1/assets/{name}/permissions",
          "parameters": {
            "name": {
              "description": "Required. The name of the asset.",
              "location": "path",
              "type": "string",
              "required": true
            }
          },
          "response": {
            "$ref": "Permissions"
          },
          "httpMethod": "PATCH"
        },
        "get": {
          "path": "v1/{+name}",
          "id": "datastudio.assets.get",
          "parameterOrder": [
            "name"
          ],
          "description": "Gets the asset by name.",
          "parameters": {
            "name": {
              "description": "Required. The name of the asset. Format: assets/{asset}",
              "location": "path",
              "required": true,
              "pattern": "^assets/[^/]+$",
              "type": "string"
            }
          },
          "flatPath": "v1/assets/{assetsId}",
          "response": {
            "$ref": "Asset"
          },
          "httpMethod": "GET"
        },
        "search": {
          "response": {
            "$ref": "SearchAssetsResponse"
          },
          "path": "v1/assets:search",
          "parameters": {
            "pageToken": {
              "type": "string",
              "location": "query",
              "description": "A token identifying a page of results the server should return. Use the value of SearchAssetsResponse.next_page_token returned from the previous call to `SearchAssets` method."
            },
            "assetTypes": {
              "type": "string",
              "repeated": true,
              "description": "Exactly one AssetType must be specified.",
              "enumDescriptions": [
                "Asset type not specified.",
                "A report asset.",
                "A data Source asset."
              ],
              "location": "query",
              "enum": [
                "ASSET_TYPE_UNSPECIFIED",
                "REPORT",
                "DATA_SOURCE"
              ]
            },
            "title": {
              "description": "The title of assets to include. Not an exact match, works the same as search from the UI.",
              "location": "query",
              "type": "string"
            },
            "owner": {
              "type": "string",
              "location": "query",
              "description": "The email of the owner of the asset."
            },
            "pageSize": {
              "description": "Requested page size. If unspecified, server will pick an appropriate default.",
              "location": "query",
              "type": "integer",
              "format": "int32"
            },
            "orderBy": {
              "location": "query",
              "description": "How the results should be ordered. Valid options are: - title",
              "type": "string"
            },
            "includeTrashed": {
              "location": "query",
              "type": "boolean",
              "description": "Value indicating if assets in trash should be included."
            }
          },
          "flatPath": "v1/assets:search",
          "httpMethod": "GET",
          "description": "Searches assets.",
          "id": "datastudio.assets.search",
          "parameterOrder": []
        }
      },
      "resources": {
        "permissions": {
          "methods": {
            "revokeAllPermissions": {
              "path": "v1/assets/{name}/permissions:revokeAllPermissions",
              "response": {
                "$ref": "Permissions"
              },
              "flatPath": "v1/assets/{name}/permissions:revokeAllPermissions",
              "id": "datastudio.assets.permissions.revokeAllPermissions",
              "description": "Revokes one or more members' access to an asset.",
              "parameters": {
                "name": {
                  "required": true,
                  "type": "string",
                  "location": "path",
                  "description": "Required. The name of the asset."
                }
              },
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "POST",
              "request": {
                "$ref": "RevokeAllPermissionsRequest"
              }
            },
            "addMembers": {
              "path": "v1/assets/{name}/permissions:addMembers",
              "parameters": {
                "name": {
                  "required": true,
                  "location": "path",
                  "type": "string",
                  "description": "Required. The name of the asset."
                }
              },
              "httpMethod": "POST",
              "parameterOrder": [
                "name"
              ],
              "response": {
                "$ref": "Permissions"
              },
              "id": "datastudio.assets.permissions.addMembers",
              "request": {
                "$ref": "AddMembersRequest"
              },
              "description": "Adds one or more members to a role.",
              "flatPath": "v1/assets/{name}/permissions:addMembers"
            }
          }
        }
      }
    }
  }
 }
--- a/src/gam-install.sh
+++ b/src/gam-install.sh
@@ -97,13 +97,6 @@ else
 fi
 }
 reverse() {
    for (( i = ${#*}; i > 0; i-- ))
    {
        echo ${!i}
    }
 }
 if [ "$gamversion" == "latest" ]; then
  release_url="https://api.github.com/repos/GAM-team/GAM/releases/latest"
 elif [ "$gamversion" == "prerelease" -o "$gamversion" == "draft" ]; then
@@ -119,6 +112,12 @@ else
  check_type="authenticated"
  curl_opts=( "$GHCLIENT" )
 fi
 curl_ver=$(curl --version|head -1|cut -d " " -f 2)
 if [[ "${curl_ver:0:4}" < "7.76" ]]; then
  curl_fail=( )
 else
  curl_fail=( "--fail-with-body" )
 fi
 echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
 release_json=$(curl \
 	--silent \
@@ -126,9 +125,16 @@ release_json=$(curl \
 	-H "Accept: application/vnd.github+json" \
 	-H "X-GitHub-Api-Version: 2022-11-28" \
 	"$release_url" \
-	2>&1 /dev/null)
+	"${curl_fail[@]}")
 curl_exit_code=$?
 if [ $curl_exit_code -ne 0 ]; then
  echo_red "ERROR retrieving URL: ${release_json}"
  exit
 else
  echo_green "done"
 fi
-echo_yellow "Getting file and download URL..."
+echo_yellow "Calculating download URL for this device..."
 # Python is sadly the nearest to universal way to safely handle JSON with Bash
 # At least this code should be compatible with just about any Python version ever
 # unlike GAM itself. If some users don't have Python we can try grep / sed / etc
@@ -323,6 +329,8 @@ echo_yellow "Downloading ${download_url} to $temp_archive_dir ($check_type)..."
 (cd "$temp_archive_dir" && curl -O -L -s "${curl_opts[@]}" "$download_url")
 mkdir -p "$target_dir"
 echo_yellow "Deleting contents of $target_dir/gam7/lib"
 rm -frv "$target_dir/gam7/lib"
 echo_yellow "Extracting archive to $target_dir"
 if [[ "$name" =~ tar.xz|tar.gz|tar ]]; then
@@ -379,7 +387,7 @@ while true; do
      ;;
    [Nn]*)
 #      config_cmd="config no_browser true"
-      touch "$target_dir/gam/nobrowser.txt" > /dev/null 2>&1
+      touch "$target_dir/gam7/nobrowser.txt" > /dev/null 2>&1
      break
      ;;
    *)
@@ -487,4 +495,3 @@ echo_green "GAM installation and setup complete!"
 if [ "$update_profile" = true ]; then
  echo_green "Please restart your terminal shell or to get started right away run:\n\n$alias_line"
 fi
--- a/src/gam.spec
+++ b/src/gam.spec
@@ -28,11 +28,10 @@ print(version_info)
 datas = []
 for pkg in GAM_VER_LIBS:
    datas += copy_metadata(pkg, recursive=True)
-datas += [('admin-directory_v1.1beta1.json', '.')]
+datas += [('gam/cbcm-v1.1beta1.json', '.')]
-datas += [('cbcm-v1.1beta1.json', '.')]
+datas += [('gam/contactdelegation-v1.json', '.')]
-datas += [('contactdelegation-v1.json', '.')]
+datas += [('gam/datastudio-v1.json', '.')]
-datas += [('datastudio-v1.json', '.')]
+datas += [('gam/serviceaccountlookup-v1.json', '.')]
 datas += [('serviceaccountlookup-v1.json', '.')]
 datas += [('cacerts.pem', '.')]
 hiddenimports = [
     'gam.gamlib.yubikey',
--- a/src/gam/init.py
+++ b/src/gam/init.py
--- a/src/gam/admin-directory_v1.1beta1.json
+++ b/src/gam/admin-directory_v1.1beta1.json
--- a/src/gam/atom/http.py
+++ b/src/gam/atom/http.py
@@ -247,7 +247,9 @@ class ProxiedHttpClient(HttpClient):
                # Trivial setup for ssl socket.
                sslobj = None
                if ssl_imported:
-                    sslobj = ssl.wrap_socket(p_sock, None, None)
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS)
                    context.minimum_version = ssl.TLSVersion.TLSv1_2
                    sslobj = context.wrap_socket(p_sock, server_hostname=url.host)
                else:
                    sock_ssl = socket.ssl(p_sock, None, None)
                    sslobj = http.client.FakeSocket(p_sock, sock_ssl)
--- a/src/gam/atom/http_core.py
+++ b/src/gam/atom/http_core.py
@@ -568,7 +568,7 @@ class ProxiedHttpClient(HttpClient):
                context.minimum_version = ssl.TLSVersion.TLSv1_2
                sslobj = context.wrap_socket(p_sock, server_hostname=uri.host)
            else:
-                sock_ssl = socket.ssl(p_sock, None, Nonesock_)
+                sock_ssl = socket.ssl(p_sock, None, None)
                sslobj = http.client.FakeSocket(p_sock, sock_ssl)
            # Initalize httplib and replace with the proxy socket.
            connection = http.client.HTTPConnection(proxy_uri.host)
--- a/src/gam/gamlib/glapi.py
+++ b/src/gam/gamlib/glapi.py
@@ -45,17 +45,17 @@ CLASSROOM = 'classroom'
 CLOUDCHANNEL = 'cloudchannel'
 CLOUDIDENTITY_DEVICES = 'cloudidentitydevices'
 CLOUDIDENTITY_GROUPS = 'cloudidentitygroups'
 CLOUDIDENTITY_GROUPS_BETA = 'cloudidentitygroupsbeta'
 CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso'
 CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits'
 CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
 CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta'
 CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
 CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations'
 CLOUDRESOURCEMANAGER = 'cloudresourcemanager'
 CONTACTS = 'contacts'
 CONTACTDELEGATION = 'contactdelegation'
 DATATRANSFER = 'datatransfer'
 DIRECTORY = 'directory'
 DIRECTORY_BETA = 'directory_beta'
 DOCS = 'docs'
 DRIVE2 = 'drive2'
 DRIVE3 = 'drive3'
@@ -71,7 +71,6 @@ GROUPSMIGRATION = 'groupsmigration'
 GROUPSSETTINGS = 'groupssettings'
 IAM = 'iam'
 IAM_CREDENTIALS = 'iamcredentials'
 IAP = 'iap'
 KEEP = 'keep'
 LICENSING = 'licensing'
 LOOKERSTUDIO = 'datastudio'
@@ -185,7 +184,6 @@ PROJECT_APIS = [
  'groupsmigration.googleapis.com',
  'groupssettings.googleapis.com',
  'iam.googleapis.com',
  'iap.googleapis.com',
  'keep.googleapis.com',
  'licensing.googleapis.com',
  'meet.googleapis.com',
@@ -225,6 +223,7 @@ _INFO = {
  CLOUDCHANNEL: {'name': 'Channel Channel API', 'version': 'v1', 'v2discovery': True},
  CLOUDIDENTITY_DEVICES: {'name': 'Cloud Identity Devices API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_GROUPS: {'name': 'Cloud Identity Groups API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_GROUPS_BETA: {'name': 'Cloud Identity Groups API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity Inbound SSO API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
  CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
@@ -235,7 +234,6 @@ _INFO = {
  CONTACTDELEGATION: {'name': 'Contact Delegation API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
  DATATRANSFER: {'name': 'Data Transfer API', 'version': 'datatransfer_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
  DIRECTORY: {'name': 'Directory API', 'version': 'directory_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
  DIRECTORY_BETA: {'name': 'Directory API', 'version': 'directory_v1.1beta1', 'v2discovery': True, 'mappedAPI': 'admin', 'localjson': True},
  DOCS: {'name': 'Docs API', 'version': 'v1', 'v2discovery': True},
  DRIVE2: {'name': 'Drive API v2', 'version': 'v2', 'v2discovery': False, 'mappedAPI': 'drive'},
  DRIVE3: {'name': 'Drive API v3', 'version': 'v3', 'v2discovery': False, 'mappedAPI': 'drive'},
@@ -250,7 +248,6 @@ _INFO = {
  GROUPSSETTINGS: {'name': 'Groups Settings API', 'version': 'v1', 'v2discovery': True},
  IAM: {'name': 'Identity and Access Management API', 'version': 'v1', 'v2discovery': True},
  IAM_CREDENTIALS: {'name': 'Identity and Access Management Credentials API', 'version': 'v1', 'v2discovery': True},
  IAP: {'name': 'Cloud Identity-Aware Proxy API', 'version': 'v1', 'v2discovery': True},
  KEEP: {'name': 'Keep API', 'version': 'v1', 'v2discovery': True},
  LICENSING: {'name': 'License Manager API', 'version': 'v1', 'v2discovery': True},
  LOOKERSTUDIO: {'name': 'Looker Studio API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
@@ -363,6 +360,10 @@ _CLIENT_SCOPES = [
   'api': CLOUDIDENTITY_GROUPS,
   'subscopes': READONLY,
   'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
  {'name': 'Cloud Identity Groups API Beta (Enables group locking/unlocking)',
   'api': CLOUDIDENTITY_GROUPS_BETA,
   'subscopes': [],
   'scope': 'https://www.googleapis.com/auth/cloud-identity.groups'},
  {'name': 'Cloud Identity - Inbound SSO Settings',
   'api': CLOUDIDENTITY_INBOUND_SSO,
   'subscopes': READONLY,
--- a/src/gam/gamlib/glentity.py
+++ b/src/gam/gamlib/glentity.py
@@ -25,14 +25,16 @@ class GamEntity():
  ROLE_MANAGER = 'MANAGER'
  ROLE_MEMBER = 'MEMBER'
  ROLE_OWNER = 'OWNER'
  ROLE_LIST = [ROLE_MANAGER, ROLE_MEMBER, ROLE_OWNER]
  ROLE_USER = 'USER'
  ROLE_MANAGER_MEMBER = ','.join([ROLE_MANAGER, ROLE_MEMBER])
  ROLE_MANAGER_OWNER = ','.join([ROLE_MANAGER, ROLE_OWNER])
  ROLE_MEMBER_OWNER = ','.join([ROLE_MEMBER, ROLE_OWNER])
-  ROLE_MANAGER_MEMBER_OWNER = ','.join([ROLE_MANAGER, ROLE_MEMBER, ROLE_OWNER])
+  ROLE_MANAGER_MEMBER_OWNER = ','.join(ROLE_LIST)
  ROLE_PUBLIC = 'PUBLIC'
  ROLE_ALL = ROLE_MANAGER_MEMBER_OWNER
  TYPE_CBCM_BROWSER = 'CBCM_BROWSER'
  TYPE_CUSTOMER = 'CUSTOMER'
  TYPE_EXTERNAL = 'EXTERNAL'
  TYPE_OTHER = 'OTHER'
--- a/src/gam/gamlib/glgapi.py
+++ b/src/gam/gamlib/glgapi.py
@@ -184,7 +184,7 @@ DEFAULT_RETRY_REASONS = [QUOTA_EXCEEDED, RATE_LIMIT_EXCEEDED, SHARING_RATE_LIMIT
                         BACKEND_ERROR, BAD_GATEWAY, GATEWAY_TIMEOUT, INTERNAL_ERROR, TRANSIENT_ERROR]
 SERVICE_NOT_AVAILABLE_RETRY_REASONS = [SERVICE_NOT_AVAILABLE]
 ACTIVITY_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST]
-ALERT_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR]
+ALERT_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, PERMISSION_DENIED]
 CALENDAR_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, NOT_A_CALENDAR_USER]
 CIGROUP_CREATE_THROW_REASONS = [SERVICE_NOT_AVAILABLE, ALREADY_EXISTS, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_ARGUMENT, PERMISSION_DENIED, FAILED_PRECONDITION]
 CIGROUP_GET_THROW_REASONS = [SERVICE_NOT_AVAILABLE, NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, INVALID, SYSTEM_ERROR, PERMISSION_DENIED]
@@ -268,7 +268,7 @@ GROUP_SETTINGS_THROW_REASONS = [NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DO
 GROUP_SETTINGS_RETRY_REASONS = [INVALID, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE]
 GROUP_LIST_THROW_REASONS = [RESOURCE_NOT_FOUND, DOMAIN_NOT_FOUND, FORBIDDEN, BAD_REQUEST]
 GROUP_LIST_USERKEY_THROW_REASONS = GROUP_LIST_THROW_REASONS+[INVALID_MEMBER, INVALID_INPUT]
-KEEP_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID_ARGUMENT, NOT_FOUND]
+KEEP_THROW_REASONS = [AUTH_ERROR, BAD_REQUEST, PERMISSION_DENIED, INVALID_ARGUMENT, NOT_FOUND]
 LOOKERSTUDIO_THROW_REASONS = [INVALID_ARGUMENT, SERVICE_NOT_AVAILABLE, BAD_REQUEST, NOT_FOUND, PERMISSION_DENIED, INTERNAL_ERROR]
 MEMBERS_THROW_REASONS = [GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, INVALID, FORBIDDEN, SERVICE_NOT_AVAILABLE]
 MEMBERS_RETRY_REASONS = [SYSTEM_ERROR, SERVICE_NOT_AVAILABLE]
@@ -277,8 +277,8 @@ PEOPLE_ACCESS_THROW_REASONS = [SERVICE_NOT_AVAILABLE, FORBIDDEN, PERMISSION_DENI
 RESELLER_THROW_REASONS = [BAD_REQUEST, RESOURCE_NOT_FOUND, FORBIDDEN, INVALID]
 SHEETS_ACCESS_THROW_REASONS = DRIVE_USER_THROW_REASONS+[NOT_FOUND, PERMISSION_DENIED, FORBIDDEN, INTERNAL_ERROR, INSUFFICIENT_FILE_PERMISSIONS,
                                                        BAD_REQUEST, INVALID, INVALID_ARGUMENT, FAILED_PRECONDITION]
-TASK_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
+TASK_THROW_REASONS = [BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
-TASKLIST_THROW_REASONS = [SERVICE_NOT_AVAILABLE, BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
+TASKLIST_THROW_REASONS = [BAD_REQUEST, PERMISSION_DENIED, INVALID, NOT_FOUND, ACCESS_NOT_CONFIGURED]
 USER_GET_THROW_REASONS = [USER_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, BAD_REQUEST, SYSTEM_ERROR]
 YOUTUBE_THROW_REASONS = [SERVICE_NOT_AVAILABLE, AUTH_ERROR, UNSUPPORTED_SUPERVISED_ACCOUNT, UNSUPPORTED_LANGUAGE_CODE, CONTENT_OWNER_ACCOUNT_NOT_FOUND]
--- a/src/gam/gamlib/glmsgs.py
+++ b/src/gam/gamlib/glmsgs.py
@@ -40,21 +40,43 @@ sign in as {0} and accept the Terms of Service (ToS). As soon as you've accepted
 PROJECT_STILL_BEING_CREATED_SLEEPING = 'Project still being created. Sleeping {0} seconds\n'
 FAILED_TO_CREATE_PROJECT = 'Failed to create project: {0}\n'
-SETTING_GAM_PROJECT_CONSENT_SCREEN = 'Setting GAM project consent screen...\n'
+SETTING_GAM_PROJECT_CONSENT_SCREEN_CREATING_CLIENT = 'Setting GAM project consent screen, creating client...\n'
-CREATE_PROJECT_INSTRUCTIONS = '''
+CREATE_CLIENT_INSTRUCTIONS = '''
 Please go to:
  {0}
-1. Choose "Desktop App" or "Other" for "Application type".
+ 1. If "+ CREATE CLIENT" is on the screen, skip to step 14
-2. Enter "GAM" or another desired value for "Name".
+ 2. Click "GET STARTED"
-3. Click the blue "Create" button.
+ 3. Under "App Information", enter {1} or another value in "App name *"
-4. Copy your "Client ID" value that shows on the next page.
+ 4. Under "App Information", enter {2} in "User support email *"
 5. Click "NEXT"
 6. Under "Audience", choose INTERNAL
 7. Click "NEXT"
 8. Under, "Contact Information", enter an email address in "Email addresses *"
 9. Click "NEXT"
 10. Under "Finish", click "I agree to the Google API Services: User Data Policy."
 11. Click "CONTINUE"
 12. Click "CREATE"
 13. Click "Clients" in the left-hand column
 14. Click "+ CREATE CLIENT"
 15. Choose "Desktop App" for "Application type"
 16. Enter {1} or another value in "Name *"
 17. Click "Create"
 18. Under "Name", click your client name
 19. Copy the "Client ID" value under "Additional information"
 20. Paste it at the "Enter your Client ID: " prompt in your terminal
 21. Press return/enter in your terminal
 22. Switch back to the browser
 23. Copy the "Client secret" value under "Client Secrets"
 24. Paste it at the "Enter your Client Secret: " prompt in your terminal
 25. Press return/enter in your terminal
 26. Switch back to the browser
 27. Click "CANCEL"
 28. These steps are complete
 '''
 ENTER_YOUR_CLIENT_ID = '\nEnter your Client ID: '
 GO_BACK_TO_YOUR_BROWSER_AND_COPY_YOUR_CLIENT_SECRET_VALUE = '\n5. Go back to your browser and copy your "Client Secret" value.\n'
 ENTER_YOUR_CLIENT_SECRET = '\nEnter your Client Secret: '
 GO_BACK_TO_YOUR_BROWSER_AND_CLICK_OK_TO_CLOSE_THE_OAUTH_CLIENT_POPUP = '\n6. Go back to your browser and click OK to close the "OAuth client" popup if it\'s still open.\n'
 IS_NOT_A_VALID_CLIENT_ID = '''
 {0}
@@ -78,12 +100,12 @@ Please go to:
  https://admin.google.com/ac/owl/list?tab=configuredApps
-1. Click on: Configure new app > OAuth App Name Or Client ID.
+1. Click on: Configure new app
-2. Enter the following Client ID value:
+2. Enter the following Client ID value in Search for app:
  {1}
-3. Press Search, select the {0} app, press Select, check the box and press Select.
+3. Press Search, select the {0} app, click
 4. Keep the default scope or select a preferred scope that includes your GAM admin.
 5. Press Continue
 6. Select Trusted radio button, press Continue and Finish.
@@ -162,7 +184,7 @@ ALREADY_EXISTS_USE_MERGE_ARGUMENT = 'Already exists; use the "merge" argument to
 API_ACCESS_DENIED = 'API access Denied'
 API_CALLS_RETRY_DATA = 'API calls retry data\n'
 API_CHECK_CLIENT_AUTHORIZATION = 'Please make sure the Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam oauth create\n'
-API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
+API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
 API_ERROR_SETTINGS = 'API error, some settings not set'
 ARE_BOTH_REQUIRED = 'Arguments {0} and {1} are both required'
 ARE_MUTUALLY_EXCLUSIVE = 'Arguments {0} and {1} are mutually exclusive'
@@ -457,7 +479,9 @@ SCHEMA_WOULD_HAVE_NO_FIELDS = '{0} would have no {1}'
 SELECTED = 'Selected'
 SERVICE_NOT_APPLICABLE = 'Service not applicable/Does not exist'
 SERVICE_NOT_APPLICABLE_THIS_ADDRESS = 'Service not applicable for this address: {0}'
 SERVICE_NOT_ENABLED = '{0} Service/App not enabled'
 SHORTCUT_TARGET_CAPABILITY_IS_FALSE = '{0} capability {1} is False'
 SKU_HAS_NO_MATCHING_ARCHIVED_USER_SKU = 'SKU {0} has no matching Archived User SKU'
 STARTING_THREAD = 'Starting thread'
 STATISTICS_COPY_FILE = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Copy Failed: {5}, Not copyable: {6}, In skipids: {7}, Permissions Failed: {8}, Protected Ranges Failed: {9}'
 STATISTICS_COPY_FOLDER = 'Total: {0}, Copied: {1}, Shortcut created {2}, Shortcut exists {3}, Duplicate: {4}, Merged: {5}, Copy Failed: {6}, Not writable: {7}, Permissions Failed: {8}'
--- a/src/gam/gamlib/glskus.py
+++ b/src/gam/gamlib/glskus.py
@@ -182,6 +182,8 @@ _SKUS = {
    'product': 'Google-Chrome-Device-Management', 'aliases': ['chrome', 'cdm', 'googlechromedevicemanagement'], 'displayName': 'Google Chrome Device Management'}
  }
 ARCHIVABLE_SKUS = {'1010020020', '1010020025', '1010020026', '1010020027', '1010020028', 'Google-Apps-Unlimited'}
 def getProductAndSKU(sku):
  l_sku = sku.lower().replace('-', '').replace(' ', '').replace('"', '').replace("'", '').strip()
  if l_sku.startswith('nv:'):
--- a/src/gam/googleapiclient/version.py
+++ b/src/gam/googleapiclient/version.py
@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-__version__ = "2.146.0"
+__version__ = "2.156.0"
--- a/src/serviceaccountlookup-v1.json
+++ b/src/serviceaccountlookup-v1.json
@@ -1,141 +0,0 @@
 {
  "basePath": "",
  "baseUrl": "https://www.googleapis.com/service_accounts/v1",
  "canonicalName": "serviceaccountlookup",
  "description": "Pseudo-API to lookup public certificates for a service account anonymously",
  "discoveryVersion": "v1",
  "documentationLink": "https://example.com/",
  "fullyEncodeReservedExpansion": true,
  "icons": {
    "x16": "http://www.google.com/images/icons/product/search-16.gif",
    "x32": "http://www.google.com/images/icons/product/search-32.gif"
  },
  "id": "serviceaccountlookup:v1",
  "kind": "discovery#restDescription",
  "name": "serviceaccountlookup",
  "ownerDomain": "google.com",
  "ownerName": "Google",
  "packagePath": "admin",
  "parameters": {
    "$.xgafv": {
      "description": "V1 error format.",
      "enum": [
        "1",
        "2"
      ],
      "enumDescriptions": [
        "v1 error format",
        "v2 error format"
      ],
      "location": "query",
      "type": "string"
    },
    "access_token": {
      "description": "OAuth access token.",
      "location": "query",
      "type": "string"
    },
    "alt": {
      "default": "json",
      "description": "Data format for response.",
      "enum": [
        "json",
        "media",
        "proto"
      ],
      "enumDescriptions": [
        "Responses with Content-Type of application/json",
        "Media download with context-dependent Content-Type",
        "Responses with Content-Type of application/x-protobuf"
      ],
      "location": "query",
      "type": "string"
    },
    "callback": {
      "description": "JSONP",
      "location": "query",
      "type": "string"
    },
    "fields": {
      "description": "Selector specifying which fields to include in a partial response.",
      "location": "query",
      "type": "string"
    },
    "key": {
      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
      "location": "query",
      "type": "string"
    },
    "oauth_token": {
      "description": "OAuth 2.0 token for the current user.",
      "location": "query",
      "type": "string"
    },
    "prettyPrint": {
      "default": "true",
      "description": "Returns response with indentations and line breaks.",
      "location": "query",
      "type": "boolean"
    },
    "quotaUser": {
      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
      "location": "query",
      "type": "string"
    },
    "uploadType": {
      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
      "location": "query",
      "type": "string"
    },
    "upload_protocol": {
      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
      "location": "query",
      "type": "string"
    }
  },
  "protocol": "rest",
  "resources": {
    "serviceaccounts": {
      "methods": {
        "lookup": {
          "description": "Lookup",
          "flatPath": "metadata/x509/{account}",
          "httpMethod": "GET",
          "id": "serviceaccountslookup.lookup",
          "parameterOrder": [
            "account"
          ],
          "parameters": {
            "account": {
              "description": "Email or ID of the service account.",
              "location": "path",
              "required": true,
              "type": "string"
            }
          },
          "path": "metadata/x509/{account}",
 	  "response": {
            "$ref": "Certificates"
          }
        }
      }
    }
  },
  "rootUrl": "https://www.googleapis.com/service_accounts/v1",
  "schemas": {
    "Certificates": { 
      "description": "JSON template for certificates.",
      "id": "Certificates",
      "properties": {
        "email": {          "description": "Email of the delegate.",
          "type": "string"
        }
      },
      "type": "object"
    }
  },
  "servicePath": "",
  "title": "Service Account Lookup Pseudo-API",
  "version": "v1",
  "version_module": true
 }