actions: scratch to test win signing

We currently only have 13 JID accounts available for testing but after Linux arm64 changes needed 14 runners.

I'm disabling Python 3.9 tests for now since it's the oldest and due for deprecation in October.

If there's any concerns we can re-enable and disable something else or else Jay can rebuild the auth files to add a 14th JID Google account and credentials (not hard but cumbersome and time consuming).

.github/workflows/build.yml

@@ -17,7 +17,7 @@ defaults:
     working-directory: src
 
 env:
-  SCRATCH_COUNTER: 4
+  SCRATCH_COUNTER: 7
   OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
   OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
   OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
@@ -41,48 +41,57 @@ jobs:
             goal: build
             arch: x86_64
             openssl_archs: linux-x86_64
-          - os: [self-hosted, linux, arm64]
+          - os: ubuntu-24.04-arm
             jid: 3
             goal: build
             arch: aarch64
             openssl_archs: linux-aarch64
-          - os: ubuntu-22.04
+          - os: ubuntu-22.04-arm
             jid: 4
             goal: build
+            arch: aarch64
+            openssl_archs: linux-aarch64
+          - os: ubuntu-22.04
+            jid: 5
+            goal: build
             arch: x86_64
             openssl_archs: linux-x86_64
             staticx: yes
-          - os: [self-hosted, linux, arm64]
-            jid: 5
+          - os: ubuntu-22.04-arm
+            jid: 6
             goal: build
             arch: aarch64
             openssl_archs: linux-aarch64
             staticx: yes
           - os: macos-13
-            jid: 6
+            jid: 7
             goal: build
             arch: x86_64
             openssl_archs: darwin64-x86_64
           - os: macos-14
-            jid: 7
-            goal: build
-            arch: aarch64
-            openssl_archs: darwin64-arm64
-          - os: macos-15
             jid: 8
             goal: build
             arch: aarch64
             openssl_archs: darwin64-arm64
-          - os: windows-2022
+          - os: macos-15
             jid: 9
             goal: build
+            arch: aarch64
+            openssl_archs: darwin64-arm64
+          - os: windows-2022
+            jid: 10
+            goal: build
             arch: Win64
             openssl_archs: VC-WIN64A
-          - os: ubuntu-24.04
-            goal: test
-            python: "3.9"
-            jid: 10
-            arch: x86_64
+          # disable 3.9 test for now since it's oldest and due
+          # for removal in Oct 2025. We only have 13 jid accounts
+          # so we need this one off but can re-enable at some point
+          # if we feel the need.
+          #- os: ubuntu-24.04
+          #  goal: test
+          #  python: "3.9"
+          #  jid: 11
+          #  arch: x86_64
           - os: ubuntu-24.04
             goal: test
             python: "3.10"
@@ -120,7 +129,7 @@ jobs:
         with:
           path: |
             cache.tar.xz
-          key: gam-${{ matrix.jid }}-20241203
+          key: gam-${{ matrix.jid }}-20250116
 
       - name: Untar Cache archive
         if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -187,7 +196,7 @@ jobs:
           echo "gampath=${gampath}" >> $GITHUB_ENV
 
       - name: Install necessary Github-hosted Linux packages
-        if: runner.os == 'Linux' && runner.arch == 'X64'
+        if: runner.os == 'Linux'
         run: |
           echo "RUNNING: apt update..."
           sudo apt-get -qq --yes update
@@ -548,7 +557,6 @@ jobs:
             # https://github.com/pyinstaller/pyinstaller/issues/7102
             export PATH="$(dirname ${PYTHON}):/usr/bin"
           fi
-          #if ([ "${staticx}" != "yes" ] && [ "$RUNNER_OS" != "Windows" ]); then
           if [[ "$staticx" != "yes" ]]; then
             export PYINSTALLER_BUILD_ONEDIR=yes
           fi
@@ -594,6 +602,9 @@ jobs:
       - name: Install StaticX
         if: matrix.staticx == 'yes'
         run: |
+          sudo apt-get -qq --yes update
+          # arm64 needs to build a wheel and needs scons to build
+          sudo apt-get -qq --yes install scons
           "${PYTHON}" -m pip install --upgrade patchelf-wrapper
           "${PYTHON}" -m pip install --upgrade staticx
 
@@ -994,7 +1005,7 @@ jobs:
 
   merge:
     if: (github.event_name == 'push' || github.event_name == 'schedule')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: build
     permissions:
       contents: write
@@ -1008,7 +1019,7 @@ jobs:
 
   publish:
     if: github.event_name == 'push'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: merge
     permissions:
       contents: write

src/GamCommands.txt

@@ -1677,6 +1677,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
         (range <Date> <Date>)|
         (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)|
         (reminder <Number> email|popup))|
+	(resource <ResourceID>)|
         (selectattendees [<AttendeeAttendance>] [<AttendeeStatus>] <UserTypeEntity>)|
         (sequence <Integer>)|
         (sharedproperty <PropertyKey> <PropertyValue>)|
@@ -1707,8 +1708,10 @@ The following attributes are equivalent:
         clearattendees|
         clearhangoutsmeet|
         (clearprivateproperty <PropertyKey>)|
+        clearresources|
         (clearsharedproperty <PropertyKey>)|
         (removeattendee <EmailAddress>)|
+        (removeresource <ResourceID>)|
         (replacedescription <RegularExpression> <String>)|
         (selectremoveattendees <UserTypeEntity>)
 
@@ -4448,7 +4451,7 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
         [event|events <EventNameList>] [ip <String>]
         [groupidfilter <String>]
         [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
-        [countsonly [summary] [eventrowfilter]]
+        [countsonly [bydate|summary] [eventrowfilter]]
         (addcsvdata <FieldName> <String>)* [shownoactivities]
 
 <CustomerServiceName> ::=
@@ -7352,11 +7355,11 @@ gam <UserTypeEntity> print filters [labelidsonly] [todrive <ToDriveAttribute>*]
 # Users - Forms
 
 gam <UserTypeEntity> create form
-        title <String> [description <String>] [isquiz [<Boolean>]
+        title <String> [description <String>] [isquiz [<Boolean>]] [<JSONData>]
         [drivefilename <DriveFileName>] [<DriveFileParentAttribute>]
         [(csv [todrive <ToDriveAttribute>*]) | returnidonly]
 gam <UserTypeEntity> update form <DriveFileEntity>
-        [title <String>] [description <String>] [isquiz [<Boolean>]
+        [title <String>] [description <String>] [isquiz [<Boolean>]] [<JSONData>]
 
 gam <UserTypeEntity> print forms <DriveFileEntity> [todrive <ToDriveAttribute>*]
         (addcsvdata <FieldName> <String>)*

src/GamUpdate.txt

@@ -1,3 +1,41 @@
+7.02.10
+
+Added option `bydate` to `gam report <ActivityApplicationName> ... countsonly` that provides an additional display option.
+* `countsonly` - Display a row per user across all dates with all event counts on one row
+* `countsonly bydate` - Display a row per user per date for all dates with any events with all events counts on the row
+* `countsonly summary` - Display a row per event with counts for each event summarized across users and dates
+
+7.02.09
+
+Added option `clearresources` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that allows clearing all resources from a user's calendar events. For example, to clear all resources from a user's future events:
+```
+gam user user@domain.com update events primary matchfield attendeespattern @resource.calendar.google.com after now clearresources
+```
+
+Added option `resource <ResourceID>` to `<EventAttribute>` for use in `gam <UserTypeEntity> create|update events`
+that adds a resource to an event.
+
+Added option `removeresource <ResourceID>` to `<EventUpdateAttribute>` for use in `gam <UserTypeEntity> update events`
+that removes a resource from an event.
+
+7.02.08
+
+Fixed bug in `gam print|show chromepolicies` that caused a trap when neither
+`ou|orgunit <OrgUnitItem>` nor `group <GroupItem>` was specified.
+
+7.02.07
+
+Updated `gam delete|update chromepolicy` to display the `<AppID>` or `<PrinterID>` (if specified)
+in the command status messages.
+
+7.02.06
+
+Added option `<JSONData>` to `gam <UserTypeEntity> create|update form` that allows for
+creation/modification of all fields in a form. `<JSONData>` is a list of form update requests.
+
+* See: https://developers.google.com/forms/api/reference/rest/v1/forms/batchUpdate
+
 7.02.05
 
 Updated `gam [<UserTypeEntity>] show shareddriveacls ... formatjson` to not display this line

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.02.05'
+__version__ = '7.02.10'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -13090,13 +13090,13 @@ def _checkDataRequiredServices(result, tryDate, dataRequiredServices, parameterS
 #  0: Backup to earlier date
 #  1: Data available
   oneDay = datetime.timedelta(days=1)
-  warnings = result.get('warnings', [])
+  dataWarnings = result.get('warnings', [])
   usageReports = result.get('usageReports', [])
   # move to day before if we don't have at least one usageReport with parameters
   if not usageReports or not usageReports[0].get('parameters', []):
     tryDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)-oneDay
     return (0, tryDateTime.strftime(YYYYMMDD_FORMAT), None)
-  for warning in warnings:
+  for warning in dataWarnings:
     if warning['code'] == 'PARTIAL_DATA_AVAILABLE':
       for app in warning['data']:
         if app['key'] == 'application' and app['value'] != 'docs' and app['value'] in dataRequiredServices:
@@ -13521,7 +13521,7 @@ REPORT_ACTIVITIES_TIME_OBJECTS = {'time'}
 #	[event|events <EventNameList>] [ip <String>]
 #	[groupidfilter <String>]
 #	[maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
-#	[countsonly [summary] [eventrowfilter]]
+#	[countsonly [bydate|summary] [eventrowfilter]]
 #	(addcsvdata <FieldName> <String>)* [shownoactivities]
 # gam report users|user [todrive <ToDriveAttribute>*]
 #	[(user all|<UserItem>)|(orgunit|org|ou <OrgUnitPath> [showorgunit])|(select <UserTypeEntity>)]
@@ -13794,8 +13794,8 @@ def doReport():
   filterTimes = {}
   maxActivities = maxEvents = 0
   maxResults = 1000
-  aggregateByDate = aggregateByUser = convertMbToGb = countsOnly = eventRowFilter = exitUserLoop = \
-    noAuthorizedApps = normalizeUsers = select = summary = userCustomerRange = False
+  aggregateByDate = aggregateByUser = convertMbToGb = countsOnly = countsByDate = countsSummary = \
+    eventRowFilter = exitUserLoop = noAuthorizedApps = normalizeUsers = select = userCustomerRange = False
   limitDateChanges = -1
   allVerifyUser = userKey = 'all'
   cd = orgUnit = orgUnitId = None
@@ -13893,8 +13893,10 @@ def doReport():
       actorIpAddress = getString(Cmd.OB_STRING)
     elif activityReports and myarg == 'countsonly':
       countsOnly = True
+    elif activityReports and myarg == 'bydate':
+      countsByDate = True
     elif activityReports and myarg == 'summary':
-      summary = True
+      countsSummary = True
     elif activityReports and myarg == 'eventrowfilter':
       eventRowFilter = True
     elif activityReports and myarg == 'groupidfilter':
@@ -13928,6 +13930,8 @@ def doReport():
       unknownArgumentExit()
   if aggregateByDate and aggregateByUser:
     usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('aggregateByDate', 'aggregateByUser'))
+  if countsOnly and countsByDate and countsSummary:
+    usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('bydate', 'summary'))
   parameters = ','.join(parameters) if parameters else None
   if usageReports and not includeServices:
     includeServices = set(fullDataServices)
@@ -14144,8 +14148,12 @@ def doReport():
       pageMessage = getPageMessage()
       users = [normalizeEmailAddressOrUID(userKey)]
       orgUnitId = None
+    zeroEventCounts = {}
     if not eventNames:
       eventNames.append(None)
+    else:
+      for eventName in eventNames:
+        zeroEventCounts[eventName] = 0
     i = 0
     count = len(users)
     for user in users:
@@ -14180,6 +14188,17 @@ def doReport():
           actor = activity['actor'].get('email', activity['actor'].get('key', UNKNOWN))
           if showOrgUnit:
             activity['actor']['orgUnitPath'] = userOrgUnits.get(actor, UNKNOWN)
+          if countsOnly and countsByDate:
+            eventTime = activity.get('id', {}).get('time', UNKNOWN)
+            if eventTime != UNKNOWN:
+              try:
+                eventTime, _ = iso8601.parse_date(eventTime)
+              except (iso8601.ParseError, OverflowError):
+                eventTime = UNKNOWN
+            if eventTime != UNKNOWN:
+              eventDate = eventTime.strftime(YYYYMMDD_FORMAT)
+            else:
+              eventDate = UNKNOWN
           if not countsOnly or eventRowFilter:
             activity_row = flattenJSON(activity, timeObjects=REPORT_ACTIVITIES_TIME_OBJECTS)
             purge_parameters = True
@@ -14230,18 +14249,32 @@ def doReport():
                 if numEvents >= maxEvents > 0:
                   break
               elif csvPF.CheckRowTitles(row):
-                if not summary:
+                eventName = event['name']
+                if not countsSummary:
                   eventCounts.setdefault(actor, {})
-                  eventCounts[actor].setdefault(event['name'], 0)
-                  eventCounts[actor][event['name']] += 1
+                  if not countsByDate:
+                    eventCounts[actor].setdefault(eventName, 0)
+                    eventCounts[actor][eventName] += 1
+                  else:
+                    eventCounts[actor].setdefault(eventDate, {})
+                    eventCounts[actor][eventDate].setdefault(eventName, 0)
+                    eventCounts[actor][eventDate][eventName] += 1
                 else:
-                  eventCounts.setdefault(event['name'], 0)
-                  eventCounts[event['name']] += 1
-          elif not summary:
+                  eventCounts.setdefault(eventName, 0)
+                  eventCounts[eventName] += 1
+          elif not countsSummary:
             eventCounts.setdefault(actor, {})
-            for event in events:
-              eventCounts[actor].setdefault(event['name'], 0)
-              eventCounts[actor][event['name']] += 1
+            if not countsByDate:
+              for event in events:
+                eventName = event['name']
+                eventCounts[actor].setdefault(eventName, 0)
+                eventCounts[actor][eventName] += 1
+            else:
+              for event in events:
+                eventName = event['name']
+                eventCounts[actor].setdefault(eventDate, {})
+                eventCounts[actor][eventDate].setdefault(eventName, 0)
+                eventCounts[actor][eventDate][eventName] += 1
           else:
             for event in events:
               eventCounts.setdefault(event['name'], 0)
@@ -14256,31 +14289,46 @@ def doReport():
     else:
       if eventRowFilter:
         csvPF.SetRowFilter([], GC.Values[GC.CSV_OUTPUT_ROW_FILTER_MODE])
-      if not summary:
-        csvPF.SetTitles('emailAddress')
+      if not countsSummary:
+        titles = ['emailAddress']
+        if countsOnly and countsByDate:
+          titles.append('date')
+        csvPF.SetTitles(titles)
+        csvPF.SetSortTitles(titles)
         if addCSVData:
           csvPF.AddTitles(sorted(addCSVData.keys()))
         if eventCounts:
-          for actor, events in iter(eventCounts.items()):
-            row = {'emailAddress': actor}
-            for event, count in iter(events.items()):
-              row[event] = count
-            if addCSVData:
-              row.update(addCSVData)
-            csvPF.WriteRowTitles(row)
+          if not countsByDate:
+            for actor, events in iter(eventCounts.items()):
+              row = {'emailAddress': actor}
+              row.update(zeroEventCounts)
+              for event, count in iter(events.items()):
+                row[event] = count
+              if addCSVData:
+                row.update(addCSVData)
+              csvPF.WriteRowTitles(row)
+          else:
+            for actor, eventDates in iter(eventCounts.items()):
+              for eventDate, events in iter(eventDates.items()):
+                row = {'emailAddress': actor, 'date': eventDate}
+                row.update(zeroEventCounts)
+                for event, count in iter(events.items()):
+                  row[event] = count
+                if addCSVData:
+                  row.update(addCSVData)
+                csvPF.WriteRowTitles(row)
         elif showNoActivities:
           row = {'emailAddress': 'NoActivities'}
           if addCSVData:
             row.update(addCSVData)
             csvPF.WriteRow(row)
-        csvPF.SetSortTitles(['emailAddress'])
       else:
         csvPF.SetTitles(['event', 'count'])
         if addCSVData:
           csvPF.AddTitles(sorted(addCSVData.keys()))
         if eventCounts:
-          for event in sorted(eventCounts):
-            row = {'event': event, 'count': eventCounts[event]}
+          for event, count in sorted(iter(eventCounts.items())):
+            row = {'event': event, 'count': count}
             if addCSVData:
               row.update(addCSVData)
             csvPF.WriteRow(row)
@@ -27894,14 +27942,28 @@ def _getPolicyGroupTarget(cd, cp, myarg, orgUnit):
   targetResource = f"groups/{convertEmailAddressToUID(targetName, cd, emailType='group')}"
   return (targetName, targetName, targetResource, Ent.GROUP, cp.customers().policies().groups())
 
+def checkPolicyArgs(targetResource, printer_id, app_id):
+  if not targetResource:
+    missingArgumentExit('ou|org|orgunit|group')
+  if printer_id and app_id:
+    usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format('printerid', 'appid'))
+
+def setPolicyKVList(baseList, printer_id, app_id):
+  kvList = baseList[:]
+  if app_id:
+    kvList.extend([Ent.APP_ID, app_id])
+  elif printer_id:
+    kvList.extend([Ent.PRINTER_ID, printer_id])
+  return kvList
+
 def updatePolicyRequests(body, targetResource, printer_id, app_id):
   for request in body['requests']:
     request.setdefault('policyTargetKey', {})
     request['policyTargetKey']['targetResource'] = targetResource
-    if printer_id:
-      request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
-    elif app_id:
+    if app_id:
       request['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
+    elif printer_id:
+      request['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
 
 # gam delete chromepolicy
 #	(<SchemaName> [<JSONData>])+
@@ -27937,15 +27999,14 @@ def doDeleteChromePolicy():
           body['requests'][-1].setdefault('policyTargetKey', {})
           for atk in jsonData['additionalTargetKeys']:
             body['requests'][-1]['policyTargetKey']['additionalTargetKeys'] = {atk['name']: atk['value']}
-  if not targetResource:
-    missingArgumentExit('ou|org|orgunit|group')
+  checkPolicyArgs(targetResource, printer_id, app_id)
   count = len(body['requests'])
   if count != 1:
     entityPerformActionNumItems([entityType, targetName], count, Ent.CHROME_POLICY)
     if count == 0:
       return
+  kvList = setPolicyKVList([entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)], printer_id, app_id)
   updatePolicyRequests(body, targetResource, printer_id, app_id)
-  kvList = [entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)]
   try:
     callGAPI(service, function,
              throwReasons=[GAPI.NOT_FOUND, GAPI.PERMISSION_DENIED,
@@ -28191,12 +28252,11 @@ def doUpdateChromePolicy():
             invalidArgumentExit(Msg.CHROME_TARGET_VERSION_FORMAT)
         body['requests'][-1]['policyValue']['value'][casedField] = value
         body['requests'][-1]['updateMask'] += f'{casedField},'
-  if not targetResource:
-    missingArgumentExit('ou|org|orgunit|group')
+  checkPolicyArgs(targetResource, printer_id, app_id)
   count = len(body['requests'])
   if count > 0 and not body['requests'][-1]['updateMask']:
     body['requests'].pop()
-  kvList = [entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)]
+  kvList = setPolicyKVList([entityType, targetName, Ent.CHROME_POLICY, ','.join(schemaNameList)], printer_id, app_id)
   if count != 1:
     entityPerformActionNumItems(kvList, count, Ent.CHROME_POLICY)
     if count == 0:
@@ -28238,10 +28298,10 @@ CHROME_POLICY_SHOW_CHOICE_MAP = {
 def doPrintShowChromePolicies():
   def normalizedPolicy(policy):
     norm = {'name': policy['value']['policySchema']}
-    if printerId:
-      norm['printerId'] = printerId
-    elif appId:
-      norm['appId'] = appId
+    if app_id:
+      norm['appId'] = app_id
+    elif printer_id:
+      norm['printerId'] = printer_id
     if entityType == Ent.ORGANIZATIONAL_UNIT:
       orgUnitId = policy.get('targetKey', {}).get('targetResource')
       norm['orgUnitPath'] = convertOrgUnitIDtoPath(cd, orgUnitId) if orgUnitId else UNKNOWN
@@ -28337,7 +28397,7 @@ def doPrintShowChromePolicies():
   if csvPF:
     csvPF.SetNoEscapeChar(True)
   FJQC = FormatJSONQuoteChar(csvPF)
-  appId = groupEmail = orgUnit = printerId = None
+  app_id = groupEmail = orgUnit = printer_id = targetResource = None
   showPolicies = CHROME_POLICY_SHOW_ALL
   psFilters = []
   while Cmd.ArgumentsRemaining():
@@ -28348,10 +28408,10 @@ def doPrintShowChromePolicies():
       orgUnit, targetName, targetResource, entityType, _ = _getPolicyOrgUnitTarget(cd, cp, myarg, groupEmail)
     elif myarg == 'group':
       groupEmail, targetName, targetResource, entityType, _ = _getPolicyGroupTarget(cd, cp, myarg, orgUnit)
-    elif (not printerId and not appId) and myarg == 'printerid':
-      printerId = getString(Cmd.OB_PRINTER_ID)
-    elif (not printerId and not appId) and myarg == 'appid':
-      appId = getString(Cmd.OB_APP_ID)
+    elif myarg == 'printerid':
+      printer_id = getString(Cmd.OB_PRINTER_ID)
+    elif myarg == 'appid':
+      app_id = getString(Cmd.OB_APP_ID)
     elif myarg == 'filter':
       for psFilter in getString(Cmd.OB_STRING).replace(',', ' ').split():
         psFilters.append(psFilter)
@@ -28365,20 +28425,19 @@ def doPrintShowChromePolicies():
       showPolicies = getChoice(CHROME_POLICY_SHOW_CHOICE_MAP, mapChoice=True)
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, False)
-  if not targetResource:
-    missingArgumentExit('ou|org|orgunit|group')
+  checkPolicyArgs(targetResource, printer_id, app_id)
   body = {'policyTargetKey': {'targetResource': targetResource}}
-  if printerId:
-    body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printerId}
-    if not psFilters:
-      psFilters = ['chrome.printers.*']
-  elif appId:
-    body['policyTargetKey']['additionalTargetKeys'] = {'app_id': appId}
+  if app_id:
+    body['policyTargetKey']['additionalTargetKeys'] = {'app_id': app_id}
     if not psFilters:
       psFilters = ['chrome.users.apps.*',
                    'chrome.devices.kiosk.apps.*',
                    'chrome.devices.managedguest.apps.*',
                     ]
+  elif printer_id:
+    body['policyTargetKey']['additionalTargetKeys'] = {'printer_id': printer_id}
+    if not psFilters:
+      psFilters = ['chrome.printers.*']
   elif not psFilters:
     if entityType == Ent.ORGANIZATIONAL_UNIT:
       psFilters = ['chrome.users.*',
@@ -28412,10 +28471,10 @@ def doPrintShowChromePolicies():
       csvPF.AddTitles(['group'])
     csvPF.SetSortAllTitles()
     if not FJQC.formatJSON:
-      if printerId:
-        csvPF.AddSortTitles(['printerId'])
-      elif appId:
+      if app_id:
         csvPF.AddSortTitles(['appId'])
+      elif printer_id:
+        csvPF.AddSortTitles(['printerId'])
     else:
       csvPF.SetJSONTitles(csvPF.titlesList+['JSON'])
   policies = []
@@ -28442,11 +28501,7 @@ def doPrintShowChromePolicies():
   if not csvPF:
     jcount = len(policies)
     if not FJQC.formatJSON:
-      kvList = [entityType, targetName]
-      if printerId:
-        kvList.extend([Ent.PRINTER_ID, printerId])
-      elif appId:
-        kvList.extend([Ent.APP_ID, appId])
+      kvList = setPolicyKVList([entityType, targetName], printer_id, app_id)
       entityPerformActionModifierNumItems(kvList, Msg.MAXIMUM_OF, jcount, Ent.CHROME_POLICY)
     Ind.Increment()
     j = 0
@@ -38320,6 +38375,7 @@ def _getCalendarEventAttribute(myarg, body, parameters, function):
           for subfield in subfields:
             body.pop(subfield, None)
 
+  cd = None
   if function == 'insert' and myarg in {'id', 'eventid'}:
     body['id'] = getEventID()
   elif function == 'import' and myarg == 'icaluid':
@@ -38400,6 +38456,17 @@ def _getCalendarEventAttribute(myarg, body, parameters, function):
       if responseStatus is not None:
         addAttendee['responseStatus'] = responseStatus
       parameters['attendees'].append(addAttendee)
+  elif function == 'update' and myarg == 'clearresources':
+    parameters['clearResources'] = True
+  elif myarg == 'resource':
+    if cd is None:
+      cd = buildGAPIObject(API.DIRECTORY)
+    parameters['attendees'].append({'email': _validateResourceId(cd, getString(Cmd.OB_RESOURCE_ID), 0, 0, True),
+                                    'responseStatus': 'accepted', 'resource': True})
+  elif myarg == 'removeresource':
+    if cd is None:
+      cd = buildGAPIObject(API.DIRECTORY)
+    parameters['removeAttendees'].add(_validateResourceId(cd, getString(Cmd.OB_RESOURCE_ID), 0, 0, True))
   elif myarg == 'json':
     jsonData = getJSON(EVENT_JSON_CLEAR_FIELDS)
     if function == 'insert':
@@ -38709,7 +38776,7 @@ def _validateCalendarGetEvents(origUser, user, origCal, calId, j, jcount, calend
 
 def _getCalendarCreateImportUpdateEventOptions(function, entityType):
   body = {}
-  parameters = {'clearAttendees': False, 'replaceMode': False,
+  parameters = {'clearAttendees': False, 'replaceMode': False, 'clearResources': False,
                 'attendees': [], 'removeAttendees': set(),
                 'replaceDescription': [], 'sendUpdates': 'none',
                 'csvPF': None, 'FJQC': FormatJSONQuoteChar(None), 'showDayOfWeek': False}
@@ -38820,7 +38887,7 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
   updateFieldList = []
   if parameters['replaceDescription']:
     updateFieldList.append('description')
-  if not parameters['replaceMode'] and (parameters['attendees'] or parameters['removeAttendees']):
+  if not parameters['replaceMode'] and (parameters['attendees'] or parameters['removeAttendees'] or parameters['clearResources']):
     updateFieldList.append('attendees')
   updateFields = ','.join(updateFieldList)
   if 'attendees' not in updateFieldList:
@@ -38871,6 +38938,8 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
               body['attendees'] = []
             if parameters['removeAttendees']:
               body['attendees'] = [attendee for attendee in body['attendees'] if attendee['email'].lower() not in parameters['removeAttendees']]
+            if parameters['clearResources']:
+              body['attendees'] = [attendee for attendee in body['attendees'] if not attendee['email'].lower().endswith('@resource.calendar.google.com')]
         event = callGAPI(cal.events(), 'patch',
                          throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.DELETED, GAPI.FORBIDDEN,
                                                                    GAPI.INVALID, GAPI.REQUIRED, GAPI.TIME_RANGE_EMPTY, GAPI.EVENT_DURATION_EXCEEDS_LIMIT,
@@ -39620,18 +39689,19 @@ def doCalendarsPrintShowSettings(calIds):
   if csvPF:
     csvPF.writeCSVfile('Calendar Settings')
 
-def _validateResourceId(resourceId, i, count):
-  cd = buildGAPIObject(API.DIRECTORY)
+def _validateResourceId(cd, resourceId, i, count, exitOnNotFound):
   try:
     return callGAPI(cd.resources().calendars(), 'get',
                     throwReasons=[GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
                     customer=GC.Values[GC.CUSTOMER_ID], calendarResourceId=resourceId, fields='resourceEmail')['resourceEmail']
   except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden):
+    if exitOnNotFound:
+      entityDoesNotExistExit(Ent.RESOURCE_CALENDAR, resourceId, i, count)
     checkEntityAFDNEorAccessErrorExit(cd, Ent.RESOURCE_CALENDAR, resourceId, i, count)
     return None
 
-def _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAction=True):
-  calId = _validateResourceId(resourceId, i, count)
+def _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity, showAction=True):
+  calId = _validateResourceId(cd, resourceId, i, count, False)
   if not calId:
     return (None, None, 0)
   if ACLScopeEntity['dict']:
@@ -39649,23 +39719,25 @@ def _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAct
 # gam resources <ResourceEntity> create calendaracls <CalendarACLRole> <CalendarACLScopeEntity> [sendnotifications <Boolean>]
 def doResourceCreateCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   role, ACLScopeEntity, sendNotifications = getCalendarCreateUpdateACLsOptions(True)
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity)
     if jcount == 0:
       continue
     _createCalendarACLs(cal, Ent.RESOURCE_CALENDAR, calId, i, count, role, ruleIds, jcount, sendNotifications)
 
 def _resourceUpdateDeleteCalendarACLs(entityList, function, ACLScopeEntity, role, sendNotifications):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity)
     if jcount == 0:
       continue
     _updateDeleteCalendarACLs(cal, function, Ent.RESOURCE_CALENDAR, calId, i, count, role, ruleIds, jcount, sendNotifications)
@@ -39688,13 +39760,14 @@ def doResourceDeleteCalendarACLs(entityList):
 #	[formatjson]
 def doResourceInfoCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   ACLScopeEntity = getCalendarSiteACLScopeEntity()
   FJQC = _getCalendarInfoACLOptions()
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(resourceId, i, count, ACLScopeEntity, showAction=not FJQC.formatJSON)
+    calId, ruleIds, jcount = _normalizeResourceIdGetRuleIds(cd, resourceId, i, count, ACLScopeEntity, showAction=not FJQC.formatJSON)
     if jcount == 0:
       continue
     _infoCalendarACLs(cal, resourceId, Ent.RESOURCE_CALENDAR, calId, i, count, ruleIds, jcount, FJQC)
@@ -39713,12 +39786,13 @@ def doResourceInfoCalendarACLs(entityList):
 #	[formatjson]
 def doResourcePrintShowCalendarACLs(entityList):
   cal = buildGAPIObject(API.CALENDAR)
+  cd = buildGAPIObject(API.DIRECTORY)
   csvPF, FJQC, noSelfOwner, addCSVData = _getCalendarPrintShowACLOptions(['resourceId', 'resourceEmail'])
   i = 0
   count = len(entityList)
   for resourceId in entityList:
     i += 1
-    calId = _validateResourceId(resourceId, i, count)
+    calId = _validateResourceId(cd, resourceId, i, count, False)
     if not calId:
       continue
     _printShowCalendarACLs(cal, resourceId, Ent.RESOURCE_CALENDAR, calId, i, count, csvPF, FJQC, noSelfOwner, addCSVData)
@@ -67547,10 +67621,10 @@ def updatePhoto(users):
     body = {'photoData': base64.urlsafe_b64encode(image_data).decode(UTF8)}
     try:
       callGAPI(cd.users().photos(), 'update',
-               throwReasons=[GAPI.USER_NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID_INPUT],
+               throwReasons=[GAPI.USER_NOT_FOUND, GAPI.FORBIDDEN, GAPI.INVALID_INPUT, GAPI.CONDITION_NOT_MET],
                userKey=user, body=body, fields='')
       entityActionPerformed([Ent.USER, user, Ent.PHOTO, filename], i, count)
-    except GAPI.invalidInput as e:
+    except (GAPI.invalidInput, GAPI.conditionNotMet) as e:
       entityActionFailedWarning([Ent.USER, user, Ent.PHOTO, filename], str(e), i, count)
     except (GAPI.userNotFound, GAPI.forbidden):
       entityUnknownWarning(Ent.USER, user, i, count)
@@ -71984,7 +72058,8 @@ def updateFormRequestUpdateMasks(ubody):
         v['updateMask'] = ','.join(v['updateMask'])
         break
 
-# gam <UserTypeEntity> create form title <String> [description <String>] [isquiz [<Boolean>]]
+# gam <UserTypeEntity> create form
+#	title <String> [description <String>] [isquiz [<Boolean>]] [<JSONData>]
 #	[drivefilename <DriveFileName>] [<DriveFileParentAttribute>]
 #	[(csv [todrive <ToDriveAttribute>*]) | returnidonly]
 def createForm(users):
@@ -72003,6 +72078,9 @@ def createForm(users):
       updateFormInfoRequest(myarg, getString(Cmd.OB_STRING, minLen=0), ubody)
     elif myarg == 'isquiz':
       updateFormSettingsRequest('isQuiz', getBoolean(), ubody)
+    elif myarg == 'json':
+      jsonData = getJSON([])
+      ubody['requests'].extend(jsonData.get('requests', []))
     elif myarg == 'drivefilename':
       body['name'] = getString(Cmd.OB_DRIVE_FILE_NAME)
     elif getDriveFileParentAttribute(myarg, parentParms):
@@ -72065,7 +72143,8 @@ def createForm(users):
   if csvPF:
     csvPF.writeCSVfile('Forms')
 
-# gam <UserTypeEntity> update form <DriveFileEntity> [title <String>] [description <String>] [isquiz [Boolean>]
+# gam <UserTypeEntity> update form <DriveFileEntity>
+#	[title <String>] [description <String>] [isquiz [Boolean>]] [<JSONData>]
 def updateForm(users):
   ubody = {'includeFormInResponse': False, 'requests': []}
   fileIdEntity = getDriveFileEntity()
@@ -72077,6 +72156,9 @@ def updateForm(users):
       updateFormInfoRequest(myarg, getString(Cmd.OB_STRING, minLen=0), ubody)
     elif myarg == 'isquiz':
       updateFormSettingsRequest('isQuiz', getBoolean(), ubody)
+    elif myarg == 'json':
+      jsonData = getJSON([])
+      ubody['requests'].extend(jsonData.get('requests', []))
     else:
       unknownArgumentExit()
   updateFormRequestUpdateMasks(ubody)