Chat usage reports are now available.

.github/workflows/build.yml

@@ -18,7 +18,7 @@ defaults:
     working-directory: src
 
 env:
-  SCRATCH_COUNTER: 9
+  SCRATCH_COUNTER: 11
   OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
   OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
   OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
@@ -917,7 +917,7 @@ jobs:
           $gam calendar $gam_user addevent summary "GHA test event" start +1h end +2h attendee $newgroup hangoutsmeet guestscanmodify true sendupdates all
           $gam calendar $gam_user printevents after -0d
           $gam config enable_dasa false save
-          matterid=uid:$($gam create vaultmatter name "GHA matter $newbase" description "test matter" collaborators $newuser returnidonly)
+          matterid=uid:$($gam create vaultmatter name "GHA matter $newbase" description "test matter" returnidonly)
           $gam create vaulthold matter $matterid name "GHA hold $newbase" corpus mail accounts $newuser
           $gam print vaultmatters matterstate open
           $gam print vaultholds matter $matterid

src/GamCommands.txt

@@ -3846,6 +3846,7 @@ gam info group|groups <GroupEntity>
         [formatjson]
 gam print groups [todrive <ToDriveAttribute>*]
         [([domain|domains <DomainNameEntity>] ([member|showownedby <EmailItem>]|[(query <QueryGroup>)|(queries <QueryGroupList>)]))|
+         (group|group_ns|group_susp <GroupItem>)|
          (select <GroupEntity>)]
         [emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
         [descriptionmatchpattern [not] <RegularExpression>] (matchsetting [not] <GroupAttribute>)*
@@ -4072,6 +4073,7 @@ gam show cigroup-members
         releaseversion|
         securitypatchtime|
         serialnumber|
+        unifieddeviceid|
         wifimacaddresses
 <DeviceFieldNameList> ::= "<DeviceFieldName>(,<DeviceFieldName>)*"
 
@@ -4473,6 +4475,7 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
         app_maker|
         apps_scripts|
         calendar|
+        chat|
         classroom|
         cros|
         device_management|
@@ -4493,6 +4496,7 @@ gam report customers|customer|domain [todrive <ToDriveAttribute>*]
 
 <UserServiceName> ::=
         accounts|
+        chat|
         classroom|
         docs|
         drive|
@@ -4963,6 +4967,7 @@ gam create|add permissions <SharedDriveEntityAdmin> <DriveFilePermissionEntity>
         <PermissionMatch>* [<PermissionMatchAction>]
 gam delete permissions <SharedDriveEntityAdmin> <DriveFilePermissionIDEntity>
         <PermissionMatch>* [<PermissionMatchAction>]
+        [enforceexpansiveaccess [<Boolean>]]
 
 In these commands, you specify an administrator and then indicate that you want domain administrator access with the adminaccess option.
 
@@ -4976,9 +4981,11 @@ gam <UserTypeEntity> create|add drivefileacl <SharedDriveEntityAdmin>
         adminaccess
 gam <UserTypeEntity> update drivefileacl <SharedDriveEntityAdmin> <DriveFilePermissionIDorEmail>
         (role <DriveFileACLRole>) [expires|expiration <Time>] [removeexpiration [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
         [showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
         adminaccess
 gam <UserTypeEntity> delete drivefileacl <SharedDriveEntityAdmin> <DriveFilePermissionIDorEmail>
+        [enforceexpansiveaccess [<Boolean>]]
         [showtitles] adminaccess
 gam <UserTypeEntity> info drivefileacl <SharedDriveEntityAdmin> <DriveFilePermissionIDorEmail> adminaccess
         [showtitles]
@@ -5004,6 +5011,7 @@ gam <UserTypeEntity> create|add permissions <SharedDriveEntityAdmin> <DriveFileP
         <PermissionMatch>* [<PermissionMatchAction>]
 gam <UserTypeEntity> delete permissions <SharedDriveEntityAdmin> <DriveFilePermissionIDEntity> adminaccess
         <PermissionMatch>* [<PermissionMatchAction>]
+        [enforceexpansiveaccess [<Boolean>]]
 
 In these commands, the Google administrator named in oauth2.txt is used.
 
@@ -6566,6 +6574,7 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
         [sendemailifrequired [<Boolean>]]
         [suppressnotselectedmessages [<Boolean>]]
         [verifyorganizer [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
 
 gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileName>]
         [summary [<Boolean>]] [showpermissionmessages [<Boolean>]]
@@ -6589,6 +6598,7 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
         [retainsourcefolders [<Boolean>]]
         [sendemailifrequired [<Boolean>]]
         [verifyorganizer [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
 
 gam <UserTypeEntity> get document <DriveFileEntity>
         [viewmode default|suggestions_inline|preview_suggestions_accepted|preview_without_suggestions]
@@ -6694,10 +6704,10 @@ gam <UserTypeEntity> create|add drivefileacl <DriveFileEntity> [adminaccess|asad
         [showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
 gam <UserTypeEntity> update drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
         (role <DriveFileACLRole>) [expires|expiration <Time>] [removeexpiration [<Boolean>]]
-        [updatesheetprotectedranges [<Boolean>]]
+        [updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
         [showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
 gam <UserTypeEntity> delete drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
-        [updatesheetprotectedranges [<Boolean>]]
+        [updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
         [showtitles]
 gam <UserTypeEntity> info drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
         [showtitles]
@@ -6821,6 +6831,7 @@ gam <UserTypeEntity> print filerevisions <DriveFileEntity> [todrive <ToDriveAttr
 
 gam <UserTypeEntity> transfer ownership <DriveFileEntity> <UserItem>
         [<DriveFileParentAttribute>] [includetrashed] [norecursion [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
         (orderby <DriveFileOrderByFieldName> [ascending|descending])*
         [preview] [filepath] [pathdelimiter <Character>] [buildtree]
         [todrive <ToDriveAttribute>*]
@@ -6829,6 +6840,7 @@ gam <UserTypeEntity> claim ownership <DriveFileEntity>
         [skipids <DriveFileEntity>] [onlyusers|skipusers <UserTypeEntity>] [subdomains <DomainNameEntity>]
         [restricted [<Boolean>]] [writerscanshare|writerscantshare [<Boolean>]]
         [keepuser | (retainrole commenter|reader|writer|editor|fileorganizer|none)] [noretentionmessages]
+        [enforceexpansiveaccess [<Boolean>]]
         (orderby <DriveFileOrderByFieldName> [ascending|descending])*
         [preview] [filepath] [pathdelimiter <Character>] [buildtree]
         [todrive <ToDriveAttribute>*]
@@ -6836,6 +6848,7 @@ gam <UserTypeEntity> claim ownership <DriveFileEntity>
 gam <UserTypeEntity> transfer drive <UserItem> [select <DriveFileEntity>]
         [(targetfolderid <DriveFolderID>)|(targetfoldername <DriveFolderName>)]
         [targetuserfoldername <DriveFolderName>] [targetuserorphansfoldername <DriveFolderName>]
+        [enforceexpansiveaccess [<Boolean>]]
         [mergewithtarget [<Boolean>]]
         [skipids <DriveFileEntity>]
         [keepuser | (retainrole reader|commenter|writer|editor|fileorganizer|none)] [noretentionmessages]
@@ -7882,7 +7895,15 @@ gam <UserTypeEntity> show lookerstudiopermissions
 <MeetSpaceName> ::= spaces/<String> | <String>
 <MeetSpaceOptions> ::=
         accesstype open|trusted|restricted |
-        entrypointaccess all|creatorapponly
+        entrypointaccess all|creatorapponly |
+        moderation <Boolean> |
+        chatrestriction hostsonly|norestriction |
+        reactionrestriction hostsonly|norestriction |
+        presentrestriction hostsonly|norestriction |
+        defaultjoinasviewer <Boolean> |
+        recording <Boolean> |
+        transcription <Boolean> |
+        smartnotes <Boolean>
 
 gam <UserTypeEntity> create meetspace
         <MeetSpaceOptions>*

src/GamUpdate.txt

@@ -1,3 +1,65 @@
+7.05.02
+
+Chat usage reports are now available. Added `chat` to `<CustomerServiceName>` and `<UserServiceName>`
+for use in `gam report customer|user`.
+
+* https://workspaceupdates.googleblog.com/2025/02/chat-usage-analytics-updates.html
+
+7.05.01
+
+Updated from `v1beta1` to `v1` for `Cloud Identity - Policy`.
+
+* See: https://workspaceupdates.googleblog.com/2025/02/policy-api-general-availability.html
+
+7.05.00
+
+Enabled support for Limited Access as described here:
+* https://workspaceupdates.googleblog.com/2025/02/updating-access-experience-in-google-drive.html
+
+Note that the rollout may take 15 days.
+
+Added option `inheritedpermissionsdisabled [<Boolean>]` to `<DriveFileAttribute>`; this
+attribute can be set on folders.
+
+Added `inheritedpermissionsdisabled` to `<DriveFieldName>`.
+
+Added `capabilities.candisableinheritedpermissions` and `capabilities.canenableinheritedpermissions`
+to `<DriveCapabilitiesSubfieldName>`.
+
+Added option `enforceexpansiveaccess [<Boolean>]` to all commands that delete or update
+drive file ACLs/permissions.
+```
+gam <UserTypeEntity> delete permissions
+gam <UserTypeEntity> delete drivefileacl
+gam <UserTypeEntity> update drivefileacl
+gam <UserTypeEntity> copy drivefile
+gam <UserTypeEntity> move drivefile
+gam <UserTypeEntity> transfer ownership
+gam <UserTypeEntity> claim ownership
+gam <UserTypeEntity> transfer drive
+```
+
+7.04.05
+
+Added initial support for Meet API v2beta; you must be in the Developer Preview program
+for this to be effective.
+* https://developers.google.com/meet/api/guides/beta/configuration-beta#auto-artifacts
+
+Added `meet_v2_beta` Boolean variable to `gam.cfg`. When this variable is true,
+the following options are added to `<MeetSpaceOptions>` used in `gam <UserTypeEntity> create|update meetspace`.
+```
+        moderation <Boolean> |
+        chatrestriction hostsonly|norestriction |
+        reactionrestriction hostsonly|norestriction |
+        presentrestriction hostsonly|norestriction |
+        defaultjoinasviewer <Boolean> |
+        recording <Boolean> |
+        transcription <Boolean> |
+        smartnotes <Boolean>
+```
+
+This isn't called beta for nothing, I have found problems and reported them.
+
 7.04.04
 
 Updated `gam print group-members|cigroup-members` to include the `email` column

src/gam.spec

@@ -31,6 +31,7 @@ for pkg in GAM_VER_LIBS:
 datas += [('gam/cbcm-v1.1beta1.json', '.')]
 datas += [('gam/contactdelegation-v1.json', '.')]
 datas += [('gam/datastudio-v1.json', '.')]
+datas += [('gam/meet-v2beta.json', '.')]
 datas += [('gam/serviceaccountlookup-v1.json', '.')]
 datas += [('cacerts.pem', '.')]
 hiddenimports = [

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.04.04'
+__version__ = '7.05.02'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -4710,7 +4710,7 @@ def getAPIService(api, httpObj):
 
 def getService(api, httpObj):
 ### Drive v3beta
-  mapDriveURL = api == API.DRIVE3 and GC.Values[GC.DRIVE_V3_BETA]
+#  mapDriveURL = api == API.DRIVE3 and GC.Values[GC.DRIVE_V3_BETA]
   hasLocalJSON = API.hasLocalJSON(api)
   api, version, v2discovery = API.getVersion(api)
   if api in GM.Globals[GM.CURRENT_API_SERVICES] and version in GM.Globals[GM.CURRENT_API_SERVICES][api]:
@@ -4727,8 +4727,8 @@ def getService(api, httpObj):
         GM.Globals[GM.CURRENT_API_SERVICES].setdefault(api, {})
         GM.Globals[GM.CURRENT_API_SERVICES][api][version] = service._rootDesc.copy()
 ### Drive v3beta
-        if mapDriveURL:
-          setattr(service, '_baseUrl', getattr(service, '_baseUrl').replace('/v3/', '/v3beta/'))
+#        if mapDriveURL:
+#          setattr(service, '_baseUrl', getattr(service, '_baseUrl').replace('/v3/', '/v3beta/'))
         if GM.Globals[GM.CACHE_DISCOVERY_ONLY]:
           clearServiceCache(service)
         return service
@@ -5571,6 +5571,8 @@ def buildGAPIServiceObject(api, user, i=0, count=0, displayError=True):
   userEmail = getSaUser(user)
   httpObj = getHttpObj(cache=GM.Globals[GM.CACHE_DIR])
   service = getService(api, httpObj)
+  if api == API.MEET_BETA:
+    api = API.MEET
   credentials = getSvcAcctCredentials(api, userEmail)
   request = transportCreateRequest(httpObj)
   triesLimit = 3
@@ -9840,7 +9842,7 @@ def MultiprocessGAMCommands(items, showCmds):
     if GM.Globals[GM.MULTIPROCESS_EXIT_CONDITION] is not None and checkChildProcessRC(result[1]):
       GM.Globals[GM.MULTIPROCESS_EXIT_PROCESSING] = True
 
-  def signal_handler(sig, frame):
+  def signal_handler(*_):
     nonlocal controlC
     controlC = True
 
@@ -13107,6 +13109,7 @@ CUSTOMER_REPORT_SERVICES = {
   'app_maker',
   'apps_scripts',
   'calendar',
+  'chat',
   'classroom',
   'cros',
   'device_management',
@@ -13120,6 +13123,7 @@ CUSTOMER_REPORT_SERVICES = {
 
 USER_REPORT_SERVICES = {
   'accounts',
+  'chat',
   'classroom',
   'docs',
   'drive',
@@ -17254,7 +17258,7 @@ def checkOrgUnitPathExists(cd, orgUnitPath, i=0, count=0, showError=False):
   return (False, orgUnitPath, orgUnitPath)
 
 def _batchMoveCrOSesToOrgUnit(cd, orgUnitPath, orgUnitId, i, count, items, quickCrOSMove, fromOrgUnitPath=None):
-  def _callbackMoveCrOSesToOrgUnit(request_id, response, exception):
+  def _callbackMoveCrOSesToOrgUnit(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       if not fromOrgUnitPath:
@@ -17335,7 +17339,7 @@ def _batchMoveCrOSesToOrgUnit(cd, orgUnitPath, orgUnitId, i, count, items, quick
 
 def _batchMoveUsersToOrgUnit(cd, orgUnitPath, i, count, items, fromOrgUnitPath=None):
   _MOVE_USER_REASON_TO_MESSAGE_MAP = {GAPI.USER_NOT_FOUND: Msg.DOES_NOT_EXIST, GAPI.DOMAIN_NOT_FOUND: Msg.SERVICE_NOT_APPLICABLE, GAPI.FORBIDDEN: Msg.SERVICE_NOT_APPLICABLE}
-  def _callbackMoveUsersToOrgUnit(request_id, response, exception):
+  def _callbackMoveUsersToOrgUnit(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       if not fromOrgUnitPath:
@@ -27488,6 +27492,8 @@ def printShowChatEvents(users):
     csvPF.writeCSVfile('Chat Events')
 
 def buildMeetServiceObject(api=API.MEET, user=None, i=0, count=0, entityTypeList=None):
+  if GC.Values[GC.MEET_V2_BETA]:
+    api = API.MEET_BETA
   user, meet = buildGAPIServiceObject(api, user, i, count)
   kvList = [Ent.USER, user]
   if entityTypeList is not None:
@@ -27511,7 +27517,10 @@ MEET_SPACE_OPTIONS_MAP = {
   'reactionrestriction': 'reactionRestriction',
   'presentrestriction': 'presentRestriction',
   'defaultjoinasviewer': 'defaultJoinAsViewerType',
-  'firstjoiner': 'firstJoinerType'
+  'firstjoiner': 'firstJoinerType',
+  'autorecording': 'recordingConfig',
+  'autosmartnotes': 'smartNotesConfig',
+  'autotranscription': 'transcriptionConfig',
   }
 
 MEET_SPACE_ACCESSTYPE_CHOICES = {'open', 'trusted', 'restricted'}
@@ -27525,9 +27534,15 @@ MEET_SPACE_RESTRICTIONS_CHOICES_MAP = {
   'norestriction': 'NO_RESTRICTION'
   }
 
-MEET_SPACE_FIRSTJOINERTYPE_CHOICES_MAP = {
-  'hostsonly': 'HOSTS_ONLY',
-  'anyone': 'ANYONE'
+#MEET_SPACE_FIRSTJOINERTYPE_CHOICES_MAP = {
+#  'hostsonly': 'HOSTS_ONLY',
+#  'anyone': 'ANYONE'
+#  }
+
+MEET_SPACE_ARTIFACT_SUB_OPTIONS = {
+  'recordingConfig': 'autoRecordingGeneration',
+  'smartNotesConfig': 'autoSmartNotesGeneration',
+  'transcriptionConfig': 'autoTranscriptionGeneration'
   }
 
 #	[accesstype open|trusted|restricted]
@@ -27538,7 +27553,10 @@ MEET_SPACE_FIRSTJOINERTYPE_CHOICES_MAP = {
 #	[presentrestriction hostsonly|norestriction]
 #	[defaultjoinasviewer <Boolean>]
 #	[firstjoiner hostsonly|anyone]
-def _getMeetSpaceParameters(myarg, body, updateMask):
+#	[autorecording <Boolean>]
+#	[autosmartnotes <Boolean>]
+#	[autotranscription <Boolean>]
+def _getMeetSpaceParameters(myarg, body):
   option = MEET_SPACE_OPTIONS_MAP.get(myarg, None)
   if option is None:
     return False
@@ -27548,15 +27566,17 @@ def _getMeetSpaceParameters(myarg, body, updateMask):
     body['config'][option] = getChoice(MEET_SPACE_ENTRYPOINTACCESS_CHOICES_MAP, mapChoice=True)
   elif option == 'moderation':
     body['config'][option] = 'ON' if getBoolean() else 'OFF'
-  elif option in {'chatrestriction', 'reactionrestriction', 'presentrestriction'}:
-    body['config'].setdefault('moderationRestictions', {})
+  elif option in {'chatRestriction', 'reactionRestriction', 'presentRestriction'}:
+    body['config'].setdefault('moderationRestrictions', {})
     body['config']['moderationRestrictions'][option] = getChoice(MEET_SPACE_RESTRICTIONS_CHOICES_MAP, mapChoice=True)
-    option = f'moderationRestrictions.{option}'
   elif option == 'defaultJoinAsViewerType':
     body['config'][option] = 'ON' if getBoolean() else 'OFF'
-  elif option == 'firstJoinerType':
-    body['config'][option] = getChoice(MEET_SPACE_FIRSTJOINERTYPE_CHOICES_MAP, mapChoice=True)
-  updateMask.append(f'config.{option}')
+#  elif option == 'firstJoinerType':
+#    body['config'][option] = getChoice(MEET_SPACE_FIRSTJOINERTYPE_CHOICES_MAP, mapChoice=True)
+  elif option in {'recordingConfig', 'transcriptionConfig', 'smartNotesConfig'}:
+    body['config'].setdefault('artifactConfig', {})
+    body['config']['artifactConfig'].setdefault(option, {})
+    body['config']['artifactConfig'][option][MEET_SPACE_ARTIFACT_SUB_OPTIONS[option]] = 'ON' if getBoolean() else 'OFF'
   return True
 
 # gam <UserTypeEntity> create meetspace
@@ -27571,10 +27591,9 @@ def createMeetSpace(users):
 #                     'firstJoinerType': 'ANYONE',
                      }}
   returnIdOnly = False
-  updateMask = []
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
-    if _getMeetSpaceParameters(myarg, body, updateMask):
+    if _getMeetSpaceParameters(myarg, body):
       pass
     elif myarg == 'returnidonly':
       returnIdOnly = True
@@ -27609,12 +27628,11 @@ def updateMeetSpace(users):
   FJQC = FormatJSONQuoteChar()
   name = None
   body = {'config': {}}
-  updateMask = []
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if (myarg == 'space' or myarg.startswith('spaces/') or myarg.startswith('space/')):
       name = getSpaceName(myarg)
-    elif _getMeetSpaceParameters(myarg, body, updateMask):
+    elif _getMeetSpaceParameters(myarg, body):
       pass
     else:
       FJQC.GetFormatJSON(myarg)
@@ -27629,7 +27647,7 @@ def updateMeetSpace(users):
     try:
       space = callGAPI(meet.spaces(), 'patch',
                        throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
-                       name=name, updateMask=','.join(updateMask), body=body)
+                       name=name, updateMask='', body=body)
       if not FJQC.formatJSON:
         entityActionPerformed(kvList, i, count)
       Ind.Increment()
@@ -29235,6 +29253,7 @@ DEVICE_FIELDS_CHOICE_MAP = {
   'releaseversion': 'releaseVersion',
   'securitypatchtime': 'securityPatchTime',
   'serialnumber': 'serialNumber',
+  'unifieddeviceid': 'unifiedDeviceId',
   'wifimacaddresses': 'wifiMacAddresses'
   }
 
@@ -32007,7 +32026,7 @@ def doUpdateGroups():
                                        GAPI.INVALID_MEMBER: Msg.INVALID_MEMBER,
                                        GAPI.CYCLIC_MEMBERSHIPS_NOT_ALLOWED: Msg.WOULD_MAKE_MEMBERSHIP_CYCLE}
 
-  def _callbackAddGroupMembers(request_id, response, exception):
+  def _callbackAddGroupMembers(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       _showSuccess(ri[RI_ENTITY], ri[RI_ITEM], ri[RI_ROLE], ri[RI_OPTION], int(ri[RI_J]), int(ri[RI_JCOUNT]))
@@ -32096,7 +32115,7 @@ def doUpdateGroups():
                                           GAPI.CONDITION_NOT_MET: f'{Msg.NOT_A} {Ent.Singular(Ent.MEMBER)}',
                                           GAPI.INVALID_MEMBER: Msg.DOES_NOT_EXIST}
 
-  def _callbackRemoveGroupMembers(request_id, response, exception):
+  def _callbackRemoveGroupMembers(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       _showSuccess(ri[RI_ENTITY], ri[RI_ITEM], ri[RI_ROLE], DELIVERY_SETTINGS_UNDEFINED, int(ri[RI_J]), int(ri[RI_JCOUNT]))
@@ -32195,7 +32214,7 @@ def doUpdateGroups():
     except (GAPI.invalidMember, GAPI.resourceNotFound, GAPI.serviceNotAvailable) as e:
       _showFailure(group, member, role, str(e), j, jcount)
 
-  def _callbackUpdateGroupMembers(request_id, response, exception):
+  def _callbackUpdateGroupMembers(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       _showSuccess(ri[RI_ENTITY], ri[RI_ITEM], ri[RI_ROLE], ri[RI_OPTION], int(ri[RI_J]), int(ri[RI_JCOUNT]))
@@ -33432,6 +33451,7 @@ PRINT_GROUPS_JSON_TITLES = ['email', 'JSON']
 
 # gam print groups [todrive <ToDriveAttribute>*]
 #	[([domain|domains <DomainNameEntity>] ([member|showownedby <EmailItem>]|[(query <QueryGroup>)|(queries <QueryUserList>)]))|
+#	 (group|group_ns|group_susp <GroupItem>)|
 #	 (select <GroupEntity>)]
 #	[emailmatchpattern [not] <RegularExpression>] [namematchpattern [not] <RegularExpression>]
 #	[descriptionmatchpattern [not] <RegularExpression>] (matchsetting [not] <GroupAttribute>)*
@@ -33644,6 +33664,12 @@ def doPrintGroups():
       pass
     elif getGroupMatchPatterns(myarg, matchPatterns, False):
       pass
+    elif myarg in {'group', 'groupns', 'groupsusp'}:
+      entitySelection = [getString(Cmd.OB_EMAIL_ADDRESS)]
+      if myarg == 'groupns':
+        isSuspended = False
+      elif myarg == 'groupsusp':
+        isSuspended = True
     elif myarg == 'select':
       entitySelection = getEntityList(Cmd.OB_GROUP_ENTITY)
     elif myarg in SUSPENDED_ARGUMENTS:
@@ -42331,7 +42357,7 @@ def doPrintVaultCounts():
 # gam [<UserTypeEntity>] print siteacls <SiteEntity> [todrive <ToDriveAttribute>*]
 # gam [<UserTypeEntity>] print siteactivity <SiteEntity> [todrive <ToDriveAttribute>*]
 #	[startindex <Number>] [maxresults <Number>] [updated_min <Date>] [updated_max <Date>]
-def deprecatedUserSites(users):
+def deprecatedUserSites(_):
   deprecatedCommandExit()
 
 def deprecatedDomainSites():
@@ -43653,7 +43679,7 @@ def waitForMailbox(entityList):
     Ind.Decrement()
 
 def getUserLicenses(lic, user, skus):
-  def _callbackGetLicense(request_id, response, exception):
+  def _callbackGetLicense(_, response, exception):
     if exception is None:
       if response and 'skuId' in response:
         licenses.append(response['skuId'])
@@ -48159,7 +48185,7 @@ def _batchAddItemsToCourse(croom, courseId, i, count, addParticipants, role):
   _ADD_PART_REASON_TO_MESSAGE_MAP = {GAPI.NOT_FOUND: Msg.DOES_NOT_EXIST,
                                      GAPI.ALREADY_EXISTS: Msg.DUPLICATE,
                                      GAPI.FAILED_PRECONDITION: Msg.NOT_ALLOWED}
-  def _callbackAddItemsToCourse(request_id, response, exception):
+  def _callbackAddItemsToCourse(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       entityActionPerformed([Ent.COURSE, ri[RI_ENTITY], ri[RI_ROLE], ri[RI_ITEM]], int(ri[RI_J]), int(ri[RI_JCOUNT]))
@@ -48239,7 +48265,7 @@ def _batchRemoveItemsFromCourse(croom, courseId, i, count, removeParticipants, r
   _REMOVE_PART_REASON_TO_MESSAGE_MAP = {GAPI.NOT_FOUND: Msg.DOES_NOT_EXIST,
                                         GAPI.FORBIDDEN: Msg.FORBIDDEN,
                                         GAPI.PERMISSION_DENIED: Msg.PERMISSION_DENIED}
-  def _callbackRemoveItemsFromCourse(request_id, response, exception):
+  def _callbackRemoveItemsFromCourse(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       entityActionPerformed([Ent.COURSE, ri[RI_ENTITY], ri[RI_ROLE], ri[RI_ITEM]], int(ri[RI_J]), int(ri[RI_JCOUNT]))
@@ -48451,7 +48477,7 @@ def doCourseRemoveItems(courseIdList, getEntityListArg):
 
 # gam courses <CourseEntity> clear teachers|students
 # gam course <CourseID> clear teacher|student
-def doCourseClearParticipants(courseIdList, getEntityListArg):
+def doCourseClearParticipants(courseIdList, _):
   croom = buildGAPIObject(API.CLASSROOM)
   role = getChoice(CLEAR_SYNC_PARTICIPANT_TYPES_MAP, mapChoice=True)
   checkForExtraneousArguments()
@@ -48467,7 +48493,7 @@ def doCourseClearParticipants(courseIdList, getEntityListArg):
 # gam course <CourseID> sync students [addonly|removeonly] <UserTypeEntity>
 # gam courses <CourseEntity> sync teachers [addonly|removeonly] [makefirstteacherowner] <UserTypeEntity>
 # gam course <CourseID> sync teachers [addonly|removeonly] [makefirstteacherowner] <UserTypeEntity>
-def doCourseSyncParticipants(courseIdList, getEntityListArg):
+def doCourseSyncParticipants(courseIdList, _):
   croom = buildGAPIObject(API.CLASSROOM)
   role = getChoice(CLEAR_SYNC_PARTICIPANT_TYPES_MAP, mapChoice=True)
   if role == Ent.TEACHER:
@@ -58203,6 +58229,7 @@ def initCopyMoveOptions(copyCmd):
     'showPermissionMessages': False,
     'sendEmailIfRequired': False,
     'useDomainAdminAccess': False,
+    'enforceExpansiveAccess': False,
     'copiedShortcutsPointToCopiedFiles': True,
     'createShortcutsForNonmovableFiles': False,
     'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
@@ -58301,6 +58328,8 @@ def getCopyMoveOptions(myarg, copyMoveOptions):
   elif myarg == 'mappermissionsdomain':
     oldDomain = getString(Cmd.OB_DOMAIN_NAME).lower()
     copyMoveOptions['mapPermissionsDomains'][oldDomain] = getString(Cmd.OB_DOMAIN_NAME).lower()
+  elif myarg == 'enforceexpansiveaccess':
+    copyMoveOptions['enforceExpansiveAccess'] = getBoolean()
   else:
 # Move arguments
     if not copyMoveOptions['copyCmd']:
@@ -58572,6 +58601,9 @@ def _copyPermissions(drive, user, i, count, j, jcount,
         updateTargetPerms[permissionId].update(updatePerm)
         updateTargetPerms[permissionId]['updates'] = updatePerm
       copySourcePerms.pop(permissionId)
+  deleteUpdateKwargs = {'useDomainAdminAccess': copyMoveOptions['useDomainAdminAccess']}
+  if entityType != Ent.SHAREDDRIVE:
+    deleteUpdateKwargs['enforceExpansiveAccess'] = copyMoveOptions['enforceExpansiveAccess']
   Ind.Increment()
   action = Act.Get()
   Act.Set(Act.COPY)
@@ -58590,8 +58622,9 @@ def _copyPermissions(drive, user, i, count, j, jcount,
         callGAPI(drive.permissions(), 'create',
                  throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_CREATE_ACL_THROW_REASONS,
 #                 retryReasons=[GAPI.INVALID_SHARING_REQUEST],
+                 useDomainAdminAccess=copyMoveOptions['useDomainAdminAccess'],
                  fileId=newFileId, sendNotificationEmail=sendNotificationEmail, emailMessage=None,
-                 body=permission, fields='', useDomainAdminAccess=copyMoveOptions['useDomainAdminAccess'], supportsAllDrives=True)
+                 body=permission, fields='', supportsAllDrives=True)
         if copyMoveOptions['showPermissionMessages']:
           entityActionPerformed(kvList, k, kcount)
         break
@@ -58629,7 +58662,8 @@ def _copyPermissions(drive, user, i, count, j, jcount,
     try:
       callGAPI(drive.permissions(), 'delete',
                throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
-               fileId=newFileId, permissionId=permissionId, useDomainAdminAccess=copyMoveOptions['useDomainAdminAccess'], supportsAllDrives=True)
+               **deleteUpdateKwargs,
+               fileId=newFileId, permissionId=permissionId,  supportsAllDrives=True)
       if copyMoveOptions['showPermissionMessages']:
         entityActionPerformed(kvList, k, kcount)
     except (GAPI.notFound, GAPI.permissionNotFound,
@@ -58654,8 +58688,9 @@ def _copyPermissions(drive, user, i, count, j, jcount,
       callGAPI(drive.permissions(), 'update',
                bailOnInternalError=True,
                throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
-               fileId=newFileId, permissionId=permissionId, removeExpiration=removeExpiration,
-               body=permission['updates'], useDomainAdminAccess=copyMoveOptions['useDomainAdminAccess'], supportsAllDrives=True)
+               removeExpiration=removeExpiration,
+               **deleteUpdateKwargs,
+               fileId=newFileId, permissionId=permissionId, body=permission['updates'], supportsAllDrives=True)
       if copyMoveOptions['showPermissionMessages']:
         entityActionPerformed(kvList, k, kcount)
     except (GAPI.notFound, GAPI.permissionNotFound,
@@ -58929,6 +58964,7 @@ copyReturnItemMap = {
 #	[sendemailifrequired [<Boolean>]]
 #	[suppressnotselectedmessages [<Boolean>]]
 #	[verifyorganizer [<Boolean>]]
+#	[enforceexpansiveaccess [<Boolean>]]
 def copyDriveFile(users):
   def _writeCSVData(user, oldName, oldId, newName, newId, mimeType):
     row = {'User': user, fileNameTitle: oldName, 'id': oldId,
@@ -59656,7 +59692,9 @@ def _updateMoveFilePermissions(drive, user, i, count,
       try:
         callGAPI(drive.permissions(), 'delete',
                  throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
-                 fileId=fileId, permissionId=permissionId, useDomainAdminAccess=copyMoveOptions['useDomainAdminAccess'], supportsAllDrives=True)
+                 useDomainAdminAccess=copyMoveOptions['useDomainAdminAccess'],
+                 enforceExpansiveAccess=copyMoveOptions['enforceExpansiveAccess'],
+                 fileId=fileId, permissionId=permissionId,  supportsAllDrives=True)
         if copyMoveOptions['showPermissionMessages']:
           entityActionPerformed(kvList, k, kcount)
       except (GAPI.notFound, GAPI.permissionNotFound,
@@ -59744,6 +59782,7 @@ def _updateMoveFilePermissions(drive, user, i, count,
 #	[retainsourcefolders [<Boolean>]]
 #	[sendemailifrequired [<Boolean>]]
 #	[verifyorganizer [<Boolean>]]
+#	[enforceexpansiveaccess [<Boolean>]]
 def moveDriveFile(users):
   def _cloneFolderMove(drive, user, i, count, j, jcount,
                        source, targetChildren, newFolderName, newParentId, newParentName, mergeParentModifiedTime,
@@ -60087,9 +60126,8 @@ def moveDriveFile(users):
   parentBody = {}
   parentParms = initDriveFileAttributes()
   copyMoveOptions = initCopyMoveOptions(False)
-  newParentsSpecified = False
+  newParentsSpecified = updateFilePermissions = False
   movedFiles = {}
-  updateFilePermissions = False
   verifyOrganizer = True
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
@@ -60978,6 +61016,7 @@ TRANSFER_DRIVEFILE_ACL_ROLES_MAP = {
 #	[nonowner_retainrole reader|commenter|writer|editor|fileorganizer|current|none]
 #	[nonowner_targetrole reader|commenter|writer|editor|fileorganizer|current|none|source]
 #	(orderby <DriveFileOrderByFieldName> [ascending|descending])*
+#	[enforceexpansiveaccess [<Boolean>]]
 #	[preview] [todrive <ToDriveAttribute>*]
 def transferDrive(users):
 
@@ -61164,6 +61203,7 @@ def transferDrive(users):
           callGAPI(sourceDrive.permissions(), 'update',
                    throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.BAD_REQUEST, GAPI.INVALID_OWNERSHIP_TRANSFER,
                                                                  GAPI.PERMISSION_NOT_FOUND, GAPI.SHARING_RATE_LIMIT_EXCEEDED],
+                   enforceExpansiveAccess=enforceExpansiveAccess,
                    fileId=childFileId, permissionId=targetPermissionId,
                    transferOwnership=True, body={'role': 'owner'}, fields='')
           if removeSourceParents:
@@ -61352,6 +61392,7 @@ def transferDrive(users):
           if ownerRetainRoleBody['role'] != 'writer':
             callGAPI(targetDrive.permissions(), 'update',
                      throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.PERMISSION_NOT_FOUND, GAPI.BAD_REQUEST, GAPI.SHARING_RATE_LIMIT_EXCEEDED],
+                     enforceExpansiveAccess=enforceExpansiveAccess,
                      fileId=childFileId, permissionId=sourcePermissionId, body=ownerRetainRoleBody, fields='')
         else:
           callGAPI(targetDrive.permissions(), 'delete',
@@ -61401,6 +61442,7 @@ def transferDrive(users):
           if nonOwnerRetainRoleBody['role'] != 'current':
             callGAPI(ownerDrive.permissions(), 'update',
                      throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.PERMISSION_NOT_FOUND, GAPI.BAD_REQUEST, GAPI.SHARING_RATE_LIMIT_EXCEEDED],
+                     enforceExpansiveAccess=enforceExpansiveAccess,
                      fileId=childFileId, permissionId=sourcePermissionId, body=sourceUpdateRole, fields='')
         else:
           try:
@@ -61561,7 +61603,7 @@ def transferDrive(users):
   targetUserFolderPattern = '#user# old files'
   targetUserOrphansFolderPattern = '#user# orphaned files'
   targetIds = [None, None]
-  createShortcutsForNonmovableFiles = False
+  createShortcutsForNonmovableFiles = enforceExpansiveAccess = False
   mergeWithTarget = False
   thirdPartyOwners = {}
   skipFileIdEntity = initDriveFileEntity()
@@ -61579,6 +61621,8 @@ def transferDrive(users):
         nonOwnerRetainRoleBody['role'] = 'current'
     elif myarg == 'nonownertargetrole':
       nonOwnerTargetRoleBody['role'] = getChoice(TRANSFER_DRIVEFILE_ACL_ROLES_MAP, mapChoice=True)
+    elif myarg == 'enforceexpansiveaccess':
+      enforceExpansiveAccess = getBoolean()
     elif myarg == 'noretentionmessages':
       showRetentionMessages = False
     elif myarg == 'orderby':
@@ -61816,6 +61860,7 @@ def getPermissionIdForEmail(user, i, count, email):
 #	[<DriveFileParentAttribute>] [includetrashed] [norecursion [<Boolean>]]
 #	(orderby <DriveFileOrderByFieldName> [ascending|descending])*
 #	[preview] [filepath] [pathdelimiter <Character>] [buildtree]
+#	[enforceexpansiveaccess [<Boolean>]]
 #	[todrive <ToDriveAttribute>*]
 def transferOwnership(users):
   def _identifyFilesToTransfer(fileEntry):
@@ -61864,7 +61909,7 @@ def transferOwnership(users):
   body = {}
   newOwner = getEmailAddress()
   OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
-  changeParents = filepath = includeTrashed = noRecursion = False
+  changeParents = enforceExpansiveAccess = filepath = includeTrashed = noRecursion = False
   pathDelimiter = '/'
   csvPF = fileTree = None
   addParents = ''
@@ -61891,6 +61936,8 @@ def transferOwnership(users):
       csvPF.GetTodriveParameters()
     elif getDriveFileParentAttribute(myarg, parentParms):
       changeParents = True
+    elif myarg == 'enforceexpansiveaccess':
+      enforceExpansiveAccess = getBoolean()
     else:
       unknownArgumentExit()
   Act.Set(Act.TRANSFER_OWNERSHIP)
@@ -62008,6 +62055,7 @@ def transferOwnership(users):
                 Act.Set(action)
             callGAPI(drive.permissions(), 'update',
                      throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.PERMISSION_NOT_FOUND],
+                     enforceExpansiveAccess=enforceExpansiveAccess,
                      fileId=xferFileId, permissionId=permissionId, transferOwnership=True, body=body, fields='')
             entityModifierNewValueItemValueListActionPerformed(kvList, Act.MODIFIER_TO, None, [Ent.USER, newOwner], k, kcount)
           else:
@@ -62029,6 +62077,7 @@ def transferOwnership(users):
                      fileId=xferFileId, sendNotificationEmail=False, body=bodyAdd, fields='')
             callGAPI(drive.permissions(), 'update',
                      throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.PERMISSION_NOT_FOUND],
+                     enforceExpansiveAccess=enforceExpansiveAccess,
                      fileId=xferFileId, permissionId=permissionId, transferOwnership=True, body=body, fields='')
             entityModifierNewValueItemValueListActionPerformed(kvList, Act.MODIFIER_TO, None, [Ent.USER, newOwner], k, kcount)
           except GAPI.invalidSharingRequest as e:
@@ -62101,6 +62150,7 @@ def transferOwnership(users):
 #	[keepuser | (retainrole reader|commenter|writer|editor|none)] [noretentionmessages]
 #	(orderby <DriveFileOrderByFieldName> [ascending|descending])*
 #	[preview] [filepath] [pathdelimiter <Character>] [buildtree]
+#	[enforceexpansiveaccess [<Boolean>]]
 #	[todrive <ToDriveAttribute>*]
 def claimOwnership(users):
   def _identifyFilesToClaim(fileEntry):
@@ -62161,6 +62211,7 @@ def claimOwnership(users):
         if sourceRetainRoleBody['role'] != 'writer':
           callGAPI(sourceDrive.permissions(), 'update',
                    throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.PERMISSION_NOT_FOUND, GAPI.BAD_REQUEST],
+                   enforceExpansiveAccess=enforceExpansiveAccess,
                    fileId=ofileId, permissionId=oldOwnerPermissionId, body=sourceRetainRoleBody, fields='')
       else:
         callGAPI(sourceDrive.permissions(), 'delete',
@@ -62184,7 +62235,7 @@ def claimOwnership(users):
   onlyOwners = set()
   skipOwners = set()
   subdomains = []
-  filepath = includeTrashed = False
+  enforceExpansiveAccess = filepath = includeTrashed = False
   pathDelimiter = '/'
   addParents = ''
   parentBody = {}
@@ -62219,6 +62270,8 @@ def claimOwnership(users):
       includeTrashed = True
     elif myarg == 'orderby':
       OBY.GetChoice()
+    elif myarg == 'enforceexpansiveaccess':
+      enforceExpansiveAccess = getBoolean()
     elif myarg == 'restricted':
       bodyShare['copyRequiresWriterPermission'] = getBoolean()
     elif myarg == 'writerscanshare':
@@ -62389,6 +62442,7 @@ def claimOwnership(users):
                     Act.Set(action)
                 callGAPI(sourceDrive.permissions(), 'update',
                          throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.PERMISSION_NOT_FOUND],
+                         enforceExpansiveAccess=enforceExpansiveAccess,
                          fileId=xferFileId, permissionId=permissionId, transferOwnership=True, body=body, fields='')
                 kvList = [Ent.USER, user, entityType, fileDesc]
                 entityModifierNewValueItemValueListActionPerformed(kvList, Act.MODIFIER_FROM, None, [Ent.USER, oldOwner], l, lcount)
@@ -62413,6 +62467,7 @@ def claimOwnership(users):
                          fileId=xferFileId, sendNotificationEmail=False, body=bodyAdd, fields='')
                 callGAPI(sourceDrive.permissions(), 'update',
                          throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+[GAPI.PERMISSION_NOT_FOUND],
+                         enforceExpansiveAccess=enforceExpansiveAccess,
                          fileId=xferFileId, permissionId=permissionId, transferOwnership=True, body=body, fields='')
                 entityModifierNewValueItemValueListActionPerformed(kvList, Act.MODIFIER_FROM, None, [Ent.USER, oldOwner], l, lcount)
                 _processRetainedRole(user, i, count, oldOwner, entityType, xferFileId, fileDesc, l, lcount)
@@ -62949,11 +63004,12 @@ def doCreateDriveFileACL():
 
 # gam [<UserTypeEntity>] update drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail> [asadmin]
 #	(role <DriveFileACLRole>) [expiration <Time>] [removeexpiration [<Boolean>]]
-#	[updatesheetprotectedranges  [<Boolean>]]
+#	[updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
 #	[showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
 def updateDriveFileACLs(users, useDomainAdminAccess=False):
   fileIdEntity = getDriveFileEntity()
   isEmail, permissionId = getPermissionId()
+  enforceExpansiveAccess = None
   removeExpiration = showTitles = updateSheetProtectedRanges = False
   showDetails = True
   csvPF = None
@@ -62972,6 +63028,8 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
       showTitles = True
     elif myarg == 'updatesheetprotectedranges':
       updateSheetProtectedRanges = getBoolean()
+    elif myarg == 'enforceexpansiveaccess':
+      enforceExpansiveAccess = getBoolean()
     elif myarg == 'nodetails':
       showDetails = False
     elif myarg == 'csv':
@@ -62989,6 +63047,9 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
   _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
   if 'role' not in body:
     missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
+  updateKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
+  if enforceExpansiveAccess is not None:
+    updateKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
   printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
   if csvPF and showTitles:
     csvPF.AddTitles(fileNameTitle)
@@ -63026,7 +63087,7 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
         permission = callGAPI(drive.permissions(), 'update',
                               bailOnInternalError=True,
                               throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
-                              useDomainAdminAccess=useDomainAdminAccess,
+                              **updateKwargs,
                               fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
                               transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
         if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
@@ -63122,7 +63183,7 @@ def createDriveFilePermissions(users, useDomainAdminAccess=False):
     except ValueError:
       return None
 
-  def _callbackCreatePermission(request_id, response, exception):
+  def _callbackCreatePermission(request_id, _, exception):
     ri = request_id.splitlines()
     if int(ri[RI_J]) == 1:
       entityPerformActionNumItems([Ent.DRIVE_FILE_OR_FOLDER_ID, ri[RI_ENTITY]], int(ri[RI_JCOUNT]), Ent.PERMITTEE, int(ri[RI_I]), int(ri[RI_COUNT]))
@@ -63270,11 +63331,12 @@ def doCreatePermissions():
   createDriveFilePermissions([_getAdminEmail()], True)
 
 # gam [<UserTypeEntity>] delete drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail> [asadmin]
-#	[updatesheetprotectedranges  [<Boolean>]]
+#	[updatesheetprotectedranges  [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
 #	[showtitles]
 def deleteDriveFileACLs(users, useDomainAdminAccess=False):
   fileIdEntity = getDriveFileEntity()
   isEmail, permissionId = getPermissionId()
+  enforceExpansiveAccess = None
   showTitles = updateSheetProtectedRanges = False
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
@@ -63282,11 +63344,16 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
       showTitles = getBoolean()
     elif myarg == 'updatesheetprotectedranges':
       updateSheetProtectedRanges = getBoolean()
+    elif myarg == 'enforceexpansiveaccess':
+      enforceExpansiveAccess = getBoolean()
     elif myarg in ADMIN_ACCESS_OPTIONS:
       useDomainAdminAccess = True
     else:
       unknownArgumentExit()
   _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
+  deleteKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
+  if enforceExpansiveAccess is not None:
+    deleteKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
@@ -63319,7 +63386,8 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
                 break
         callGAPI(drive.permissions(), 'delete',
                  throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
-                 useDomainAdminAccess=useDomainAdminAccess, fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
+                 **deleteKwargs,
+                 fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
         entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
         if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
           _updateSheetProtectedRangesACLchange(sheet, user, i, count, j, jcount, fileId, fileName, False, permission)
@@ -63341,6 +63409,7 @@ def doDeleteDriveFileACLs():
 
 # gam [<UserTypeEntity>] delete permissions <DriveFileEntity> <DriveFilePermissionIDEntity> [asadmin]
 #	<PermissionMatch>* [<PermissionMatchAction>]
+#	[enforceexpansiveaccess [<Boolean>]]
 def deletePermissions(users, useDomainAdminAccess=False):
   def convertJSONPermissions(jsonPermissions):
     permissionIds = []
@@ -63350,7 +63419,7 @@ def deletePermissions(users, useDomainAdminAccess=False):
       permissionIds.append(permission['id'])
     return permissionIds
 
-  def _callbackDeletePermissionId(request_id, response, exception):
+  def _callbackDeletePermissionId(request_id, _, exception):
     ri = request_id.splitlines()
     if int(ri[RI_J]) == 1:
       entityPerformActionNumItems([Ent.DRIVE_FILE_OR_FOLDER_ID, ri[RI_ENTITY]], int(ri[RI_JCOUNT]), Ent.PERMISSION_ID, int(ri[RI_I]), int(ri[RI_COUNT]))
@@ -63375,7 +63444,8 @@ def deletePermissions(users, useDomainAdminAccess=False):
         callGAPI(drive.permissions(), 'delete',
                  throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS,
                  retryReasons=[GAPI.SERVICE_LIMIT],
-                 useDomainAdminAccess=useDomainAdminAccess, fileId=ri[RI_ENTITY], permissionId=ri[RI_ITEM], supportsAllDrives=True)
+                 useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
+                 fileId=ri[RI_ENTITY], permissionId=ri[RI_ITEM], supportsAllDrives=True)
         entityActionPerformed([Ent.DRIVE_FILE_OR_FOLDER_ID, ri[RI_ENTITY], Ent.PERMISSION_ID, ri[RI_ITEM]], int(ri[RI_J]), int(ri[RI_JCOUNT]))
       except (GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.insufficientFilePermissions, GAPI.unknownError,
               GAPI.badRequest, GAPI.cannotRemoveOwner, GAPI.cannotModifyInheritedTeamDrivePermission,
@@ -63395,12 +63465,15 @@ def deletePermissions(users, useDomainAdminAccess=False):
     jsonData = getJSON([])
     PM = PermissionMatch()
     PM.SetDefaultMatch(False, {'role': 'owner'})
+  enforceExpansiveAccess = False
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg in ADMIN_ACCESS_OPTIONS:
       useDomainAdminAccess = True
     elif PM and PM.ProcessArgument(myarg):
       pass
+    elif myarg == 'enforceexpansiveaccess':
+      enforceExpansiveAccess = getBoolean()
     else:
       unknownArgumentExit()
   _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
@@ -68631,7 +68704,7 @@ def deleteLabels(users, labelEntity):
     http_status, reason, message = checkGAPIError(exception)
     entityActionFailedWarning([Ent.USER, ri[RI_ENTITY], Ent.LABEL, labelIdToNameMap[ri[RI_ITEM]]], formatHTTPError(http_status, reason, message), int(ri[RI_J]), int(ri[RI_JCOUNT]))
 
-  def _callbackDeleteLabel(request_id, response, exception):
+  def _callbackDeleteLabel(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       entityActionPerformed([Ent.USER, ri[RI_ENTITY], Ent.LABEL, labelIdToNameMap[ri[RI_ITEM]]], int(ri[RI_J]), int(ri[RI_JCOUNT]))
@@ -69232,7 +69305,7 @@ def _processMessagesThreads(users, entityType):
                                         GAPI.INVALID_MESSAGE_ID: Msg.INVALID_MESSAGE_ID,
                                         GAPI.FAILED_PRECONDITION: Msg.FAILED_PRECONDITION}
 
-  def _callbackProcessMessage(request_id, response, exception):
+  def _callbackProcessMessage(request_id, _, exception):
     ri = request_id.splitlines()
     if exception is None:
       if not csvPF:

src/gam/gamlib/glapi.py

@@ -75,6 +75,7 @@ KEEP = 'keep'
 LICENSING = 'licensing'
 LOOKERSTUDIO = 'datastudio'
 MEET = 'meet'
+MEET_BETA = 'meetbeta'
 OAUTH2 = 'oauth2'
 ORGPOLICY = 'orgpolicy'
 PEOPLE = 'people'
@@ -226,7 +227,7 @@ _INFO = {
   CLOUDIDENTITY_INBOUND_SSO: {'name': 'Cloud Identity Inbound SSO API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity OrgUnits API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
-  CLOUDIDENTITY_POLICY: {'name': 'Cloud Identity Policy API', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_POLICY: {'name': 'Cloud Identity Policy API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_USERINVITATIONS: {'name': 'Cloud Identity User Invitations API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDRESOURCEMANAGER: {'name': 'Cloud Resource Manager API v3', 'version': 'v3', 'v2discovery': True},
   CONTACTS: {'name': 'Contacts API', 'version': 'v3', 'v2discovery': False},
@@ -251,6 +252,7 @@ _INFO = {
   LICENSING: {'name': 'License Manager API', 'version': 'v1', 'v2discovery': True},
   LOOKERSTUDIO: {'name': 'Looker Studio API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
   MEET: {'name': 'Meet API', 'version': 'v2', 'v2discovery': True},
+  MEET_BETA: {'name': 'Meet API', 'version': 'v2beta', 'v2discovery': True, 'localjson': True, 'mappedAPI': MEET},
   OAUTH2: {'name': 'OAuth2 API', 'version': 'v2', 'v2discovery': False},
   ORGPOLICY: {'name': 'Organization Policy API', 'version': 'v2', 'v2discovery': True},
   PEOPLE: {'name': 'People API', 'version': 'v1', 'v2discovery': True},

src/gam/gamlib/glcfg.py

@@ -177,6 +177,8 @@ INTER_BATCH_WAIT = 'inter_batch_wait'
 LICENSE_MAX_RESULTS = 'license_max_results'
 # License SKUs to process
 LICENSE_SKUS = 'license_skus'
+# Use Meet V2 beta
+MEET_V2_BETA = 'meet_v2_beta'
 # When retrieving lists of Google Group members from API, how many should be retrieved in each chunk
 MEMBER_MAX_RESULTS = 'member_max_results'
 # CI API Group members max page size when view=BASIC
@@ -388,6 +390,7 @@ Defaults = {
   INTER_BATCH_WAIT: '0',
   LICENSE_MAX_RESULTS: '100',
   LICENSE_SKUS: '',
+  MEET_V2_BETA: FALSE,
   MEMBER_MAX_RESULTS: '200',
   MEMBER_MAX_RESULTS_CI_BASIC: '1000',
   MEMBER_MAX_RESULTS_CI_FULL: '500',
@@ -555,6 +558,7 @@ VAR_INFO = {
   INTER_BATCH_WAIT: {VAR_TYPE: TYPE_FLOAT, VAR_LIMITS: (0.0, 60.0)},
   LICENSE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (10, 1000)},
   LICENSE_SKUS: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
+  MEET_V2_BETA: {VAR_TYPE: TYPE_BOOLEAN},
   MEMBER_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
   MEMBER_MAX_RESULTS_CI_BASIC: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
   MEMBER_MAX_RESULTS_CI_FULL: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 500)},