Eliminate GAL commands

checkconn now works from a base set of hosts and then builds it's full
list based on our discovery APIs and the host in their discovery document.

.github/workflows/build.yml

@@ -28,6 +28,8 @@ env:
   OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
   PYTHON_INSTALL_PATH: ${{ github.workspace }}/bin/python
   PYTHON_SOURCE_PATH: ${{ github.workspace }}/src/cpython
+  CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY: 1
+  CRYPTOGRAPHY_OPENSSL_NO_LEGACY: 1
 
 jobs:
   build:
@@ -197,7 +199,7 @@ jobs:
         run: |
           echo "RUNNING: apt update..."
           sudo apt-get -qq --yes update
-          sudo apt-get -qq --yes install swig libpcsclite-dev libxslt1-dev libsqlite3-dev
+          sudo apt-get -qq --yes install swig libpcsclite-dev libxslt1-dev libsqlite3-dev libffi-dev pkg-config
 
       - name: MacOS install tools
         if: runner.os == 'macOS'
@@ -450,6 +452,9 @@ jobs:
           "$PYTHON" -m pip install --upgrade pip
           "$PYTHON" -m pip install --upgrade wheel
           "$PYTHON" -m pip install --upgrade setuptools
+          "$PYTHON" -m pip install --upgrade importlib-metadata
+          "$PYTHON" -m pip install --upgrade setuptools-scm
+          "$PYTHON" -m pip list
 
       - name: Custom wheels for Win arm64
         if: runner.os == 'Windows' && runner.arch == 'ARM64'
@@ -462,7 +467,14 @@ jobs:
           echo "Downloading ${latest_crypt_whl}..."
           curl -O -L "$latest_crypt_whl"
           "$PYTHON" -m pip install cryptography*.whl
-          
+
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+
+     # - name: Compile cryptography from source (no legacy)
+     #   if: runner.os != 'Windows' || runner.arch != 'ARM64'
+     #   run: |
+     #     pip install --no-binary ":all:" --force cryptography
+
       - name: Install pip requirements
         run: |
           echo "before anything..."

.github/workflows/pypi.yml

@@ -31,3 +31,5 @@ jobs:
 
       - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          attestation: true

pyproject.toml

@@ -7,19 +7,20 @@ authors = [
     { name="Jay Lee", email="jay0lee@gmail.com" },
     { name="Ross Scroggs", email="Ross.Scroggs@gmail.com" },
 ]
+# # The following files should be edited to match: setup.cfg, requirements.txt
 dependencies = [
-    "chardet",
-    "cryptography",
+    "chardet>=5.2.0",
+    "cryptography>=44.0.2",
     "distro; sys_platform=='linux'",
-    "filelock",
-    "google-api-python-client>=2.1",
-    "google-auth-httplib2",
-    "google-auth-oauthlib>=0.4.1",
-    "google-auth>=2.3.2",
-    "httplib2>=0.17.0",
-    "lxml",
-    "passlib>=1.7.2",
-    "pathvalidate",
+    "filelock>=3.18.0",
+    "google-api-python-client>=2.167.0",
+    "google-auth-httplib2>=0.2.0",
+    "google-auth-oauthlib>=1.2.2",
+    "google-auth>=2.39.0",
+    "httplib2>=0.22.0",
+    "lxml>=5.4.0",
+    "passlib>=1.7.4",
+    "pathvalidate>=3.2.3",
     "pyscard==2.2.1",
     "python-dateutil",
 ]
@@ -40,7 +41,7 @@ license = {text = "Apache License (2.0)"}
 license-files = ["LICEN[CS]E*"]
 
 [project.optional-dependencies]
-yubikey = ["yubikey-manager>=5.0"]
+yubikey = ["yubikey-manager>=5.6.1"]
 
 [project.scripts]
 gam = "gam.__main__:main"

src/GamCommands.txt

@@ -322,7 +322,8 @@ If an item contains spaces, it should be surrounded by ".
         wsess | workspaceesentials | gsuiteessentials | essentials | d4e | driveenterprise | drive4enterprise | 1010060001 | Google Workspace Essentials |
         wsessplus | workspaceessentialsplus | 1010060005 | Google Workspace Essentials Plus |
         wsflw | workspacefrontline | workspacefrontlineworker | 1010020030 | Google Workspace Frontline Starter |
-        wsflwstan | workspacefrontlinestan | workspacefrontlineworkerstan | 1010020031 | Google Workspace Frontline Standard
+        wsflwstan | workspacefrontlinestan | workspacefrontlineworkerstan | 1010020031 | Google Workspace Frontline Standard |
+        wsflwplus | workspacefrontlineplus | workspacefrontlineworkerplus | 1010020034 | Google Workspace Frontline Plus
 
 ## Items built from primitives
 
@@ -782,7 +783,7 @@ Items, separated by spaces, with spaces, commas or single quotes in the items th
 
 ## Collections of ChromeOS Devices
 
-Specify a collection of ChromeOS devices by directly specifying them or by specifiying items that will yield a list of ChromeOS devices.
+Specify a collection of ChromeOS devices by directly specifying them or by specifying items that will yield a list of ChromeOS devices.
 
 <CrOSTypeEntity> ::=
         (all cros)|
@@ -865,7 +866,7 @@ Specify a collection of ChromeOS devices by directly specifying them or by speci
 
 ## Collections of Users
 
-Specify a collection of Users by directly specifying them or by specifiying items that will yield a list of users.
+Specify a collection of Users by directly specifying them or by specifying items that will yield a list of users.
 
 <UserTypeEntity> ::=
         (all users|users_ns|users_susp|users_ns_susp)|
@@ -1460,16 +1461,21 @@ gam <UserTypeEntity> update serviceaccount (scope|scopes <APIScopeURLList>)*
 gam print privileges [todrive <ToDriveAttribute>*]
 gam show privileges
 
+<Privilege> ::= <String>
+<PrivilegeList> ::= "<Privilege>(,<Privilege)*"
 <RoleAssignmentID> ::= <String>
 <RoleItem> ::= id:<String>|uid:<string>|<String>
 
-gam create adminrole <String> privileges all|all_ou|<PrivilegesList> [description <String>]
-gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegesList>] [description <String>]
+gam create adminrole <String> [description <String>]
+        privileges all|all_ou|<PrivilegesList>|(select <FileSelector>|<CSVFileSelector>)
+gam update adminrole <RoleItem> [name <String>] [description <String>]
+         [privileges all|all_ou|<PrivilegesList>|(select <FileSelector>|<CSVFileSelector>)]
 gam delete adminrole <RoleItem>
 gam info adminrole <RoleItem> [privileges]
 gam print adminroles|roles [todrive <ToDriveAttribute>*]
-        [privileges] [oneitemperrow]
-gam show adminroles|roles [privileges]
+        [role <RoleItem>] [privileges] [oneitemperrow]
+gam show adminroles|roles
+        [role <RoleItem>] [privileges]
 
 gam create|add admin <EmailAddress>|<UniqueID> <RoleItem> customer|(org_unit <OrgUnitItem>)
         [condition securitygroup|nonsecuritygroup]
@@ -1522,17 +1528,6 @@ gam print alias|aliases [todrive <ToDriveAttribute>*]
 
 gam whatis <EmailItem> [noinfo] [noinivitablecheck]
 
-# Analytics UA
-
-gam <UserTypeEntity> print analyticuaproperties [todrive <ToDriveAttribute>*]
-        accountid [accounts/]<String>
-        [maxresults <Integer>]
-        [formatjson [quotechar <Character>]]
-gam <UserTypeEntity> show analyticuaproperties
-        accountid [accounts/]<String>
-        [maxresults <Integer>]
-        [formatjson]
-
 # Analytics Admin
 
 gam <UserTypeEntity> print analyticaccounts [todrive <ToDriveAttribute>*]
@@ -3550,19 +3545,6 @@ gam print contacts [todrive <ToDriveAttribute>*] <ContactSelection>
         [fields <ContactFieldNameList>]
         [formatjson [quotechar <Character>]]
 
-vgam info gal <ContactEntity>
-        [basic|full]
-        [fields <ContactFieldNameList>]
-        [formatjson]
-gam show gal <ContactSelection>
-        [basic|full] [orderby <ContactOrderByFieldName> [ascending|descending]]
-        [fields <ContactFieldNameList>]
-        [formatjson]
-gam print gal [todrive <ToDriveAttribute>*] <ContactSelection>
-        [basic|full] [orderby <ContactOrderByFieldName> [ascending|descending]]
-        [fields <ContactFieldNameList>]
-        [formatjson [quotechar <Character>]]
-
 # Domain - People Contacts and Profiles
 
 <PeopleSourceName> ::=
@@ -4458,6 +4440,7 @@ gam report usage customer [todrive <ToDriveAttribute>*]
         domain|
         drive|doc|docs|
         gcp|
+        gemini|geminiforworkspace|
         groups|group|
         groupsenterprise|enterprisegroups|
         jamboard|

src/GamUpdate.txt

@@ -1,3 +1,59 @@
+7.07.00
+As of mid-October 2024, Google deprecated the API that retrieved the Global Address List.
+
+The following commands have been eliminated.
+```
+gam info gal
+gam print gal
+gam show gal
+```
+
+These commands are a work-around for `gam print gal`.
+```
+gam config csv_output_row_filter "includeInGlobalAddressList:boolean:true" redirect csv ./UserGAL.csv print users fields name,gal
+gam config csv_output_row_filter "includeInGlobalAddressList:boolean:true" batch_size 25 redirect csv ./GroupGAL.csv print groups fields name,gal
+```
+
+7.06.14
+
+Updated `gam create|update adminrole` to allow specifying a collection of privileges
+with `privileges select <FileSelector>|<CSVFileSelector>` which makes copying roles much simpler.
+
+Added option `role <RoleItem>` to `gam print|show adminroles` to allow display of information
+for a specific role.
+
+7.06.13
+
+Updated `gam print group-members ... recursive` and `gam print cigroup-members ... recursive`
+to expand groups representing chat spaces.
+
+7.06.12
+
+Deleted commands to display Analytic UA properties; the API has been deprecated.
+```
+gam <UserTypeEntity> print|show analyticuaproperties
+```
+
+7.06.11
+
+Improved `gam checkconn`.
+
+Updated `gam print group-members` and `gam print cigroup-members` to recognize members
+that are groups representing chat spaces. For now, these groups are not expanded when
+`recursive` is specified.
+
+7.06.10
+
+Added the following license SKU.
+```
+1010020034 - Google Workspace Frontline Plus
+```
+
+7.06.09
+
+Added `gemini` and `geminiforworkspace` to `<ActivityApplicationName>` for use in
+`gam report <ActivityApplicationName>`.
+
 7.06.08
 
 Fixed problem where Yubikeys caused a trap.

src/gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.06.08'
+__version__ = '7.07.00'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -95,6 +95,8 @@ import wsgiref.simple_server
 import wsgiref.util
 import zipfile
 
+# disable legacy stuff we don't use and isn't secure
+os.environ['CRYPTOGRAPHY_OPENSSL_NO_LEGACY'] = "1"
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
@@ -5653,8 +5655,8 @@ def getGDataUserCredentials(api, user, i, count):
     handleOAuthTokenError(e, True, True, i, count)
     return (userEmail, None)
 
-def getContactsObject(contactFeed):
-  contactsObject = initGDataObject(gdata.apps.contacts.service.ContactsService(contactFeed=contactFeed),
+def getContactsObject():
+  contactsObject = initGDataObject(gdata.apps.contacts.service.ContactsService(contactFeed=True),
                                    API.CONTACTS)
   return (GC.Values[GC.DOMAIN], contactsObject)
 
@@ -5979,7 +5981,7 @@ def getCIGroupMemberRoleFixType(member):
     else:
       member['type'] = Ent.TYPE_OTHER
   roles = {}
-  memberRoles = member.get('roles', [{'name': Ent.MEMBER}])
+  memberRoles = member.get('roles', [{'name': Ent.ROLE_MEMBER}])
   for role in memberRoles:
     roles[role['name']] = role
   for a_role in [Ent.ROLE_OWNER, Ent.ROLE_MANAGER, Ent.ROLE_MEMBER]:
@@ -6017,7 +6019,7 @@ def getCIGroupTransitiveMemberRoleFixType(groupName, tmember):
         trole['name'] = Ent.ROLE_MANAGER
       memberRoles.append(trole)
   else:
-    memberRoles = [{'name': Ent.MEMBER}]
+    memberRoles = [{'name': Ent.ROLE_MEMBER}]
   roles = {}
   for role in memberRoles:
     roles[role['name']] = role
@@ -9358,32 +9360,9 @@ def getOSPlatform():
 
 # gam checkconnection
 def doCheckConnection():
-  hosts = ['api.github.com',
-           'raw.githubusercontent.com',
-           'accounts.google.com',
-           'workspace.google.com',
-           'oauth2.googleapis.com',
-           'www.googleapis.com']
-  fix_hosts = {'calendar-json.googleapis.com': 'www.googleapis.com',
-               'storage-api.googleapis.com': 'storage.googleapis.com'}
-  api_hosts = ['apps-apis.google.com',
-               'sites.google.com',
-               'versionhistory.googleapis.com',
-               'www.google.com']
-  for host in API.PROJECT_APIS:
-    host = fix_hosts.get(host, host)
-    if host not in api_hosts and host not in hosts:
-      api_hosts.append(host)
-  hosts.extend(sorted(api_hosts))
-  host_count = len(hosts)
-  httpObj = getHttpObj(timeout=30)
-  httpObj.follow_redirects = False
-  headers = {'user-agent': GAM_USER_AGENT}
-  okay = createGreenText('OK')
-  not_okay = createRedText('ERROR')
-  try_count = 0
-  success_count = 0
-  for host in hosts:
+
+  def check_host(host):
+    nonlocal try_count, okay, not_okay, success_count
     try_count += 1
     dns_err = None
     ip = 'unknown'
@@ -9393,12 +9372,12 @@ def doCheckConnection():
       dns_err = f'{not_okay}\n   DNS failure: {str(e)}\n'
     except Exception as e:
       dns_err = f'{not_okay}\n   Unknown DNS failure: {str(e)}\n'
-    check_line = f'Checking {host} ({ip}) ({try_count}/{host_count})...'
+    check_line = f'Checking {host} ({ip}) ({try_count})...'
     writeStdout(f'{check_line:<100}')
     flushStdout()
     if dns_err:
       writeStdout(dns_err)
-      continue
+      return
     gen_firewall = 'You probably have security software or a firewall on your machine or network that is preventing GAM from making Internet connections. Check your network configuration or try running GAM on a hotspot or home network to see if the problem exists only on your organization\'s network.'
     try:
       if host.startswith('http'):
@@ -9427,7 +9406,54 @@ def doCheckConnection():
       writeStdout(f'{not_okay}\n    Timed out trying to connect to host\n')
     except Exception as e:
       writeStdout(f'{not_okay}\n    {str(e)}\n')
-  if success_count == host_count:
+
+  try_count = 0
+  httpObj = getHttpObj(timeout=30)
+  httpObj.follow_redirects = False
+  headers = {'user-agent': GAM_USER_AGENT}
+  okay = createGreenText('OK')
+  not_okay = createRedText('ERROR')
+  success_count = 0
+  initial_hosts = ['api.github.com',
+           'raw.githubusercontent.com',
+           'accounts.google.com',
+           'oauth2.googleapis.com',
+           'www.googleapis.com']
+  for host in initial_hosts:
+    check_host(host)
+  api_hosts = ['apps-apis.google.com',
+               'www.google.com']
+  for host in api_hosts:
+    check_host(host)
+  # For v2 discovery APIs, GAM gets discovery file from <api>.googleapis.com so
+  # add those domains.
+  disc_hosts = []
+  for api, config in API._INFO.items():
+    if config.get('v2discovery') and not config.get('localdiscovery'):
+      if mapped_api := config.get('mappedAPI'):
+        api = mapped_api
+      host = f'{api}.googleapis.com'
+      if host not in disc_hosts:
+        disc_hosts.append(host)
+  for host in disc_hosts:
+    check_host(host)
+  checked_hosts = initial_hosts + api_hosts + disc_hosts
+  # now we need to "build" each API and check it's base URL host
+  # if we haven't already. This may not be any hosts at all but
+  # to ensure we are checking all hosts GAM may use we should
+  # keep this.
+  for api in API._INFO:
+    if api in [API.CONTACTS, API.EMAIL_AUDIT]:
+      continue
+    svc = getService(api, httpObj)
+    base_url = svc._rootDesc.get('baseUrl')
+    parsed_base_url = urlparse(base_url)
+    base_host = parsed_base_url.netloc
+    if base_host not in checked_hosts:
+      writeStdout(f'Checking {base_host} for {api}\n')
+      check_host(base_host)
+      checked_hosts.append(base_host)
+  if success_count == try_count:
     writeStdout(createGreenText('All hosts passed!\n'))
   else:
     systemErrorExit(3, createYellowText('Some hosts failed to connect! Please follow the recommendations for those hosts to correct any issues and try again.'))
@@ -13491,6 +13517,8 @@ REPORT_CHOICE_MAP = {
   'drive': 'drive',
   'enterprisegroups': 'groups_enterprise',
   'gcp': 'gcp',
+  'gemini': 'gemini_for_workspace',
+  'geminiforworkspace': 'gemini_for_workspace',
   'gplus': 'gplus',
   'google+': 'gplus',
   'group': 'groups',
@@ -13788,6 +13816,20 @@ def doReport():
         csvPF.WriteRow(row)
     return (True, lastDate)
 
+  # dynamically extend our choices with other reports Google dynamically adds
+  rep = buildGAPIObject(API.REPORTS)
+  dyn_choices = rep._rootDesc \
+          .get('resources', {}) \
+          .get('activities', {}) \
+          .get('methods', {}) \
+          .get('list', {}) \
+          .get('parameters', {}) \
+          .get('applicationName', {}) \
+          .get('enum', [])
+  for dyn_choice in dyn_choices:
+    if dyn_choice.replace('_', '') not in REPORT_CHOICE_MAP and \
+       dyn_choice not in REPORT_CHOICE_MAP.values():
+      REPORT_CHOICE_MAP[dyn_choice.replace('_', '')] = dyn_choice
   report = getChoice(REPORT_CHOICE_MAP, mapChoice=True)
   if report == 'usage':
     doReportUsage()
@@ -13795,7 +13837,6 @@ def doReport():
   if report == 'usageparameters':
     doReportUsageParameters()
     return
-  rep = buildGAPIObject(API.REPORTS)
   customerId = GC.Values[GC.CUSTOMER_ID]
   if customerId == GC.MY_CUSTOMER:
     customerId = None
@@ -15763,27 +15804,13 @@ ANALYTIC_ENTITY_MAP = {
      'pageSize': 50,
      'maxPageSize': 200,
      },
-  Ent.ANALYTIC_UA_PROPERTY:
-    {'titles': ['User', 'accountId', 'name', 'id', 'created', 'updated'],
-     'JSONtitles': ['User', 'accountId', 'name', 'id', 'JSON'],
-     'timeObjects': ['created', 'updated'],
-     'items': 'items',
-     'pageSize': 50,
-     'maxPageSize': 200,
-     },
   }
 
 def printShowAnalyticItems(users, entityType):
   analyticEntityMap = ANALYTIC_ENTITY_MAP[entityType]
   csvPF = CSVPrintFile(analyticEntityMap['titles'], 'sortall') if Act.csvFormat() else None
   FJQC = FormatJSONQuoteChar(csvPF)
-  if entityType != Ent.ANALYTIC_UA_PROPERTY:
-    kwargs = {'pageSize': analyticEntityMap['pageSize']}
-    api = API.ANALYTICS_ADMIN
-  else:
-#    kwargs = {'webPropertyId': '~all'}
-    kwargs = {}
-    api = API.ANALYTICS
+  kwargs = {'pageSize': analyticEntityMap['pageSize']}
   if entityType in {Ent.ANALYTIC_ACCOUNT, Ent.ANALYTIC_PROPERTY}:
     kwargs['showDeleted'] = False
   while Cmd.ArgumentsRemaining():
@@ -15796,16 +15823,12 @@ def printShowAnalyticItems(users, entityType):
       kwargs['showDeleted'] = getBoolean()
     elif entityType == Ent.ANALYTIC_PROPERTY and myarg == 'filter':
       kwargs['filter'] = getString(Cmd.OB_STRING)
-    elif entityType == Ent.ANALYTIC_UA_PROPERTY and myarg == 'accountid':
-      kwargs['accountId'] = getString(Cmd.OB_STRING).replace('accounts/', '')
     elif entityType == Ent.ANALYTIC_DATASTREAM and myarg == 'parent':
       kwargs['parent'] = getString(Cmd.OB_STRING)
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, True)
   if entityType == Ent.ANALYTIC_PROPERTY and 'filter' not in kwargs:
     missingArgumentExit('filter')
-  if entityType == Ent.ANALYTIC_UA_PROPERTY and 'accountId' not in kwargs:
-    missingArgumentExit('accountid')
   if entityType == Ent.ANALYTIC_DATASTREAM and 'parent' not in kwargs:
     missingArgumentExit('parent')
   if csvPF and FJQC.formatJSON:
@@ -15813,7 +15836,7 @@ def printShowAnalyticItems(users, entityType):
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
-    user, analytics = buildGAPIServiceObject(api, user, i, count)
+    user, analytics = buildGAPIServiceObject(API.ANALYTICS_ADMIN, user, i, count)
     if not analytics:
       continue
     if entityType == Ent.ANALYTIC_ACCOUNT:
@@ -15822,11 +15845,8 @@ def printShowAnalyticItems(users, entityType):
       service = analytics.accountSummaries()
     elif entityType == Ent.ANALYTIC_DATASTREAM:
       service = analytics.properties().dataStreams()
-    elif entityType == Ent.ANALYTIC_PROPERTY:
+    else: #  entityType == Ent.ANALYTIC_PROPERTY:
       service = analytics.properties()
-    else: #Ent.ANALYTIC_UA_PROPERTY:
-      service = analytics.management().webproperties()
-#      service = analytics.management().profiles()
     if csvPF:
       printGettingAllEntityItemsForWhom(entityType, user, i, count)
       pageMessage = getPageMessageForWhom()
@@ -15867,10 +15887,7 @@ def printShowAnalyticItems(users, entityType):
         if not FJQC.formatJSON:
           csvPF.WriteRowTitles(row)
         elif csvPF.CheckRowTitles(row):
-          if entityType != Ent.ANALYTIC_UA_PROPERTY:
-            row = {'User': user, 'name': item['name'], 'displayName': item['displayName']}
-          else:
-            row = {'User': user, 'accountId': item['accountId'], 'id': item['id'], 'name': item['name']}
+          row = {'User': user, 'name': item['name'], 'displayName': item['displayName']}
           for field in analyticEntityMap['JSONtitles'][2:-1]:
             row[field] = item[field]
           row['JSON'] = json.dumps(cleanJSON(item, timeObjects=analyticEntityMap['timeObjects']),
@@ -15908,17 +15925,6 @@ def printShowAnalyticAccountSummaries(users):
 def printShowAnalyticProperties(users):
   printShowAnalyticItems(users, Ent.ANALYTIC_PROPERTY)
 
-# gam <UserTypeEntity> print analyticuaproperties [todrive <ToDriveAttribute>*]
-#	accountid [accounts/]<String>
-#	[maxresults <Integer>]
-#	[formatjson [quotechar <Character>]]
-# gam <UserTypeEntity> show analyticuaproperties
-#	accountid [accounts/]<String>
-#	[maxresults <Integer>]
-#	[formatjson]
-def printShowAnalyticUAProperties(users):
-  printShowAnalyticItems(users, Ent.ANALYTIC_UA_PROPERTY)
-
 # gam <UserTypeEntity> print analyticdatastreams [todrive <ToDriveAttribute>*]
 #	parent <String>
 #	[maxresults <Integer>]
@@ -16491,8 +16497,10 @@ def getRoleId():
       invalidChoiceExit(role, GM.Globals[GM.MAP_ROLE_NAME_TO_ID], True)
   return (role, roleId)
 
-# gam create adminrole <String> privileges all|all_ou|<PrivilegesList> [description <String>]
-# gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegesList>] [description <String>]
+# gam create adminrole <String> [description <String>]
+#	privileges all|all_ou|<PrivilegesList>|(select <FileSelector>|<CSVFileSelector>)
+# gam update adminrole <RoleItem> [name <String>] [description <String>]
+#	[privileges all|all_ou|<PrivilegesList>|(select <FileSelector>|<CSVFileSelector>)]
 def doCreateUpdateAdminRoles():
   def expandChildPrivileges(privilege):
     for childPrivilege in privilege.get('childPrivileges', []):
@@ -16523,8 +16531,12 @@ def doCreateUpdateAdminRoles():
       elif privs == 'ALL_OU':
         body['rolePrivileges'] = [{'privilegeName': p, 'serviceId': v} for p, v in ouPrivileges.items()]
       else:
+        if privs == 'SELECT':
+          privsList = [p.upper() for p in getEntityList(Cmd.OB_PRIVILEGE_LIST)]
+        else:
+          privsList = privs.replace(',', ' ').split()
         body.setdefault('rolePrivileges', [])
-        for p in privs.split(','):
+        for p in privsList:
           if p in allPrivileges:
             body['rolePrivileges'].append({'privilegeName': p, 'serviceId': allPrivileges[p]})
           elif p in ouPrivileges:
@@ -16534,6 +16546,8 @@ def doCreateUpdateAdminRoles():
           elif ':' in p:
             priv, serv = p.split(':')
             body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': serv.lower()})
+          elif p == 'SUPPORT':
+            pass
           else:
             invalidChoiceExit(p, list(allPrivileges.keys())+list(ouPrivileges.keys())+list(childPrivileges.keys()), True)
     elif myarg == 'description':
@@ -16551,12 +16565,12 @@ def doCreateUpdateAdminRoles():
                         customer=GC.Values[GC.CUSTOMER_ID], body=body, fields='roleId,roleName')
     else:
       result = callGAPI(cd.roles(), 'patch',
-                        throwReasons=[GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND, GAPI.FORBIDDEN]+[GAPI.NOT_FOUND, GAPI.FAILED_PRECONDITION],
+                        throwReasons=[GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND, GAPI.FORBIDDEN]+[GAPI.NOT_FOUND, GAPI.FAILED_PRECONDITION, GAPI.CONFLICT],
                         customer=GC.Values[GC.CUSTOMER_ID], roleId=roleId, body=body, fields='roleId,roleName')
     entityActionPerformed([Ent.ADMIN_ROLE, f"{result['roleName']}({result['roleId']})"])
   except GAPI.duplicate as e:
     entityActionFailedWarning([Ent.ADMIN_ROLE, f"{body['roleName']}"], str(e))
-  except (GAPI.notFound, GAPI.forbidden, GAPI.failedPrecondition) as e:
+  except (GAPI.notFound, GAPI.forbidden, GAPI.failedPrecondition, GAPI.conflict) as e:
     entityActionFailedWarning([Ent.ADMIN_ROLE, roleId], str(e))
   except (GAPI.badRequest, GAPI.customerNotFound):
     accessErrorExit(cd)
@@ -16599,61 +16613,53 @@ def _showAdminRole(role, i=0, count=0):
   Ind.Decrement()
 
 # gam info adminrole <RoleItem> [privileges]
-def doInfoAdminRole():
-  cd = buildGAPIObject(API.DIRECTORY)
-  fieldsList = PRINT_ADMIN_ROLES_FIELDS[:]
-  _, roleId = getRoleId()
-  while Cmd.ArgumentsRemaining():
-    myarg = getArgument()
-    if myarg == 'privileges':
-      fieldsList.append('rolePrivileges')
-    else:
-      unknownArgumentExit()
-  fields = getFieldsFromFieldsList(fieldsList)
-  try:
-    role = callGAPI(cd.roles(), 'get',
-                    throwReasons=[GAPI.NOT_FOUND, GAPI.FORBIDDEN, GAPI.FAILED_PRECONDITION,
-                                  GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND],
-                    customer=GC.Values[GC.CUSTOMER_ID], roleId=roleId, fields=fields)
-    role.setdefault('isSuperAdminRole', False)
-    role.setdefault('isSystemRole', False)
-    _showAdminRole(role)
-  except (GAPI.notFound, GAPI.forbidden, GAPI.failedPrecondition) as e:
-    entityActionFailedWarning([Ent.ADMIN_ROLE, roleId], str(e))
-  except (GAPI.badRequest, GAPI.customerNotFound):
-    accessErrorExit(cd)
-
 # gam print adminroles|roles [todrive <ToDriveAttribute>*]
-#	[privileges] [oneitemperrow]
-# gam show adminroles|roles [privileges]
-def doPrintShowAdminRoles():
+#	[role <RoleItem>] [privileges] [oneitemperrow]
+# gam show adminroles|roles
+#	[role <RoleItem>] [privileges]
+def doInfoPrintShowAdminRoles():
   cd = buildGAPIObject(API.DIRECTORY)
   fieldsList = PRINT_ADMIN_ROLES_FIELDS[:]
   csvPF = CSVPrintFile(fieldsList, PRINT_ADMIN_ROLES_FIELDS) if Act.csvFormat() else None
   oneItemPerRow = False
+  if Act.Get() != Act.INFO:
+    roleId = None
+  else:
+    _, roleId = getRoleId()
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if csvPF and myarg == 'todrive':
       csvPF.GetTodriveParameters()
+    elif roleId is None and myarg == 'role':
+      _, roleId = getRoleId()
     elif myarg == 'privileges':
       fieldsList.append('rolePrivileges')
     elif myarg == 'oneitemperrow':
       oneItemPerRow = True
     else:
       unknownArgumentExit()
-  if csvPF:
+  if csvPF and 'rolePrivileges' in fieldsList:
     if not oneItemPerRow:
       csvPF.AddTitles(['rolePrivileges'])
     else:
       csvPF.AddTitles(['privilegeName', 'serviceId'])
-  fields = getItemFieldsFromFieldsList('items', fieldsList)
-  printGettingAllAccountEntities(Ent.ADMIN_ROLE)
   try:
-    roles = callGAPIpages(cd.roles(), 'list', 'items',
-                          pageMessage=getPageMessage(),
-                          throwReasons=[GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND, GAPI.FORBIDDEN],
-                          customer=GC.Values[GC.CUSTOMER_ID], fields=fields)
-  except (GAPI.badRequest, GAPI.customerNotFound, GAPI.forbidden):
+    if roleId is None:
+      fields = getItemFieldsFromFieldsList('items', fieldsList)
+      printGettingAllAccountEntities(Ent.ADMIN_ROLE)
+      roles = callGAPIpages(cd.roles(), 'list', 'items',
+                            pageMessage=getPageMessage(),
+                            throwReasons=[GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND, GAPI.FORBIDDEN],
+                            customer=GC.Values[GC.CUSTOMER_ID], fields=fields)
+    else:
+      fields = getFieldsFromFieldsList(fieldsList)
+      roles = [callGAPI(cd.roles(), 'get',
+                        throwReasons=[GAPI.NOT_FOUND, GAPI.FORBIDDEN, GAPI.FAILED_PRECONDITION,
+                                      GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND],
+                        customer=GC.Values[GC.CUSTOMER_ID], roleId=roleId, fields=fields)]
+  except (GAPI.notFound, GAPI.forbidden, GAPI.failedPrecondition) as e:
+    entityActionFailedWarning([Ent.ADMIN_ROLE, roleId], str(e))
+  except (GAPI.badRequest, GAPI.customerNotFound):
     accessErrorExit(cd)
   for role in roles:
     role.setdefault('isSuperAdminRole', False)
@@ -19990,7 +19996,9 @@ def dedupEmailAddressMatches(contactsManager, emailMatchType, fields):
     fields[CONTACT_EMAILS] = savedAddresses
   return updateRequired
 
-def _createContact():
+# gam create contact <ContactAttribute>+
+#	[(csv [todrive <ToDriveAttribute>*] (addcsvdata <FieldName> <String>)*))| returnidonly]
+def doCreateDomainContact():
   entityType = Ent.DOMAIN
   contactsManager = ContactsManager()
   parameters = {'csvPF': None, 'titles': ['Domain', CONTACT_ID], 'addCSVData': {}, 'returnIdOnly': False}
@@ -20001,7 +20009,7 @@ def _createContact():
     csvPF.AddTitles(sorted(addCSVData.keys()))
   returnIdOnly = parameters['returnIdOnly']
   contactEntry = contactsManager.FieldsToContact(fields)
-  user, contactsObject = getContactsObject(True)
+  user, contactsObject = getContactsObject()
   try:
     contact = callGData(contactsObject, 'CreateContact',
                         throwErrors=[GDATA.BAD_REQUEST, GDATA.SERVICE_NOT_APPLICABLE, GDATA.FORBIDDEN],
@@ -20026,11 +20034,6 @@ def _createContact():
   if csvPF:
     csvPF.writeCSVfile('Contacts')
 
-# gam create contact <ContactAttribute>+
-#	[(csv [todrive <ToDriveAttribute>*] (addcsvdata <FieldName> <String>)*))| returnidonly]
-def doCreateDomainContact():
-  _createContact()
-
 def _clearUpdateContacts(updateContacts):
   entityType = Ent.DOMAIN
   contactsManager = ContactsManager()
@@ -20052,7 +20055,7 @@ def _clearUpdateContacts(updateContacts):
         unknownArgumentExit()
     if not contactClear['emailClearPattern']:
       missingArgumentExit('emailclearpattern')
-  user, contactsObject = getContactsObject(True)
+  user, contactsObject = getContactsObject()
   if queriedContacts:
     entityList = queryContacts(contactsObject, contactQuery)
     if entityList is None:
@@ -20123,7 +20126,8 @@ def doClearDomainContacts():
 def doUpdateDomainContacts():
   _clearUpdateContacts(True)
 
-def _dedupContacts():
+# gam dedup contacts <ContactEntity>|<ContactSelection> [matchType [<Boolean>]]
+def doDedupDomainContacts():
   entityType = Ent.DOMAIN
   contactsManager = ContactsManager()
   contactQuery = _initContactQueryAttributes()
@@ -20134,7 +20138,7 @@ def _dedupContacts():
       emailMatchType = getBoolean()
     else:
       _getContactQueryAttributes(contactQuery, myarg, -1, False)
-  user, contactsObject = getContactsObject(True)
+  user, contactsObject = getContactsObject()
   contacts = queryContacts(contactsObject, contactQuery)
   if contacts is None:
     return
@@ -20174,15 +20178,12 @@ def _dedupContacts():
       break
   Ind.Decrement()
 
-# gam dedup contacts <ContactEntity>|<ContactSelection> [matchType [<Boolean>]]
-def doDedupDomainContacts():
-  _dedupContacts()
-
-def _deleteContacts():
+# gam delete contacts <ContactEntity>|<ContactSelection>
+def doDeleteDomainContacts():
   entityType = Ent.DOMAIN
   contactsManager = ContactsManager()
   entityList, contactQuery, queriedContacts = _getContactEntityList(-1, False)
-  user, contactsObject = getContactsObject(True)
+  user, contactsObject = getContactsObject()
   if queriedContacts:
     entityList = queryContacts(contactsObject, contactQuery)
     if entityList is None:
@@ -20222,10 +20223,6 @@ def _deleteContacts():
       break
   Ind.Decrement()
 
-# gam delete contacts <ContactEntity>|<ContactSelection>
-def doDeleteDomainContacts():
-  _deleteContacts()
-
 CONTACT_TIME_OBJECTS = {CONTACT_UPDATED}
 CONTACT_FIELDS_WITH_CRS_NLS = {CONTACT_NOTES, CONTACT_BILLING_INFORMATION}
 
@@ -20293,7 +20290,10 @@ def _getContactFieldsList(contactsManager, displayFieldsList):
     else:
       invalidChoiceExit(field, contactsManager.CONTACT_ARGUMENT_TO_PROPERTY_MAP, True)
 
-def _infoContacts(contactFeed):
+# gam info contacts <ContactEntity>
+#	[basic|full]
+#	[fields <ContactFieldNameList>] [formatjson]
+def doInfoDomainContacts():
   entityType = Ent.DOMAIN
   contactsManager = ContactsManager()
   entityList = getEntityList(Cmd.OB_CONTACT_ENTITY)
@@ -20308,7 +20308,7 @@ def _infoContacts(contactFeed):
       _getContactFieldsList(contactsManager, displayFieldsList)
     else:
       FJQC.GetFormatJSON(myarg)
-  user, contactsObject = getContactsObject(contactFeed)
+  user, contactsObject = getContactsObject()
   j = 0
   jcount = len(entityList)
   if not FJQC.formatJSON:
@@ -20336,19 +20336,13 @@ def _infoContacts(contactFeed):
       break
   Ind.Decrement()
 
-# gam info contacts <ContactEntity>
-#	[basic|full]
+# gam print contacts [todrive <ToDriveAttribute>*] <ContactSelection>
+#	[basic|full|countsonly] [showdeleted] [orderby <ContactOrderByFieldName> [ascending|descending]]
+#	[fields <ContactFieldNameList>] [formatjson [quotechar <Character>]]
+# gam show contacts <ContactSelection>
+#	[basic|full|countsonly] [showdeleted] [orderby <ContactOrderByFieldName> [ascending|descending]]
 #	[fields <ContactFieldNameList>] [formatjson]
-def doInfoDomainContacts():
-  _infoContacts(True)
-
-# gam info gal <ContactEntity>
-#	[basic|full]
-#	[fields <ContactFieldNameList>] [formatjson]
-def doInfoGAL():
-  _infoContacts(False)
-
-def _printShowContacts(contactFeed):
+def doPrintShowDomainContacts():
   entityType = Ent.DOMAIN
   entityTypeName = Ent.Singular(entityType)
   contactsManager = ContactsManager()
@@ -20374,7 +20368,7 @@ def _printShowContacts(contactFeed):
       pass
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, True)
-  user, contactsObject = getContactsObject(contactFeed)
+  user, contactsObject = getContactsObject()
   contacts = queryContacts(contactsObject, contactQuery)
   if countsOnly:
     jcount = countLocalContactSelects(contactsManager, contacts, contactQuery)
@@ -20460,24 +20454,6 @@ def _printShowContacts(contactFeed):
   if csvPF:
     csvPF.writeCSVfile(CSVTitle)
 
-# gam print contacts [todrive <ToDriveAttribute>*] <ContactSelection>
-#	[basic|full|countsonly] [showdeleted] [orderby <ContactOrderByFieldName> [ascending|descending]]
-#	[fields <ContactFieldNameList>] [formatjson [quotechar <Character>]]
-# gam show contacts <ContactSelection>
-#	[basic|full|countsonly] [showdeleted] [orderby <ContactOrderByFieldName> [ascending|descending]]
-#	[fields <ContactFieldNameList>] [formatjson]
-def doPrintShowDomainContacts():
-  _printShowContacts(True)
-
-# gam print gal [todrive <ToDriveAttribute>*] <ContactSelection>
-#	[basic|full] [orderby <ContactOrderByFieldName> [ascending|descending]]
-#	[fields <ContactFieldNameList>] [formatjson [quotechar <Character>]]
-# gam show gal <ContactSelection>
-#	[basic|full|countsonly] [orderby <ContactOrderByFieldName> [ascending|descending]]
-#	[fields <ContactFieldNameList>] [formatjson]
-def doPrintShowGAL():
-  _printShowContacts(False)
-
 # Prople commands utilities
 #
 def normalizePeopleResourceName(resourceName):
@@ -26472,6 +26448,64 @@ def _getChatMemberEmail(cd, member):
     _, memberUid = member['groupMember']['name'].split('/')
     member['groupMember']['email'], _ = convertUIDtoEmailAddressWithType(f'uid:{memberUid}', cd, None, emailTypes=['group'])
 
+def _getChatSpaceMembers(cd, chatSpace, ciGroupName):
+  if chatSpace.startswith('space/'):
+    _, chatSpace = chatSpace.split('/', 1)
+    chatSpace = 'spaces/'+chatSpace
+  kwargsUAA = {'useAdminAccess': True, 'filter': 'member.type != "BOT"'}
+  user, chat, kvList = buildChatServiceObject(API.CHAT_MEMBERSHIPS_ADMIN, _getAdminEmail(), 0, 0, [Ent.CHAT_SPACE, chatSpace], True)
+  memberList = []
+  if not chat:
+    return memberList
+  fields = getItemFieldsFromFieldsList('memberships', [])
+  qfilter = f'{Ent.Singular(Ent.CHAT_SPACE)}: {chatSpace}, {kwargsUAA["filter"]}'
+  try:
+    members = callGAPIpages(chat.spaces().members(), 'list', 'memberships',
+                            pageMessage=_getChatPageMessage(Ent.CHAT_MEMBER, user, 0, 0, qfilter),
+                            throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
+                            retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                            parent=chatSpace, fields=fields, pageSize=CHAT_PAGE_SIZE, **kwargsUAA)
+    for member in members:
+      _getChatMemberEmail(cd, member)
+      gmember = {}
+      if 'member' in member:
+        if member['member']['type'] == 'HUMAN':
+          _, memberUid = member['member']['name'].split('/')
+          gmember['type'] = Ent.TYPE_USER
+          email, _ = convertUIDtoEmailAddressWithType(f'uid:{memberUid}', cd, None, emailTypes=['user'])
+          role = Ent.ROLE_MANAGER if member['role'] == 'ROLE_MANAGER' else Ent.ROLE_MEMBER
+          if not ciGroupName:
+            gmember['id'] = memberUid
+            gmember['email'] = email
+            gmember['role'] = role
+            gmember['status'] = member['state']
+          else:
+            gmember['name'] = f'{ciGroupName}/memberships/{memberUid}'
+            gmember['preferredMemberKey'] = {'id': email}
+            gmember['roles'] = [{'name': role}]
+            gmember['createTime'] = member['createTime']
+          memberList.append(gmember)
+      elif 'groupMember' in member:
+        _, memberUid = member['groupMember']['name'].split('/')
+        gmember['type'] = Ent.TYPE_GROUP
+        role = Ent.ROLE_MANAGER if member['role'] == 'ROLE_MANAGER' else Ent.ROLE_MEMBER
+        email, _ = convertUIDtoEmailAddressWithType(f'uid:{memberUid}', cd, None, emailTypes=['group'])
+        if not ciGroupName:
+          gmember['id'] = memberUid
+          gmember['email'] = email
+          gmember['role'] = role
+          gmember['status'] = member['state']
+        else:
+          gmember['name'] = f'{ciGroupName}/memberships/{memberUid}'
+          gmember['preferredMemberKey'] = {'id': email}
+          gmember['roles'] = [{'name': role}]
+          gmember['createTime'] = member['createTime']
+        memberList.append(gmember)
+    return memberList
+  except (GAPI.notFound, GAPI.invalidArgument, GAPI.permissionDenied) as e:
+    exitIfChatNotConfigured(chat, kvList, str(e), 0, 0)
+    return memberList
+
 def normalizeUserMember(user, userList):
   userList.append(normalizeEmailAddressOrUID(user))
 
@@ -34132,15 +34166,18 @@ def getGroupMembers(cd, groupEmail, memberRoles, membersList, membersSet, i, cou
 
   printGettingAllEntityItemsForWhom(memberRoles if memberRoles else Ent.ROLE_MANAGER_MEMBER_OWNER, groupEmail, i, count)
   validRoles, listRoles, listFields = _getRoleVerification(memberRoles, 'nextPageToken,members(email,id,role,status,type,delivery_settings)')
-  try:
-    groupMembers = callGAPIpages(cd.members(), 'list', 'members',
-                                 pageMessage=getPageMessageForWhom(),
-                                 throwReasons=GAPI.MEMBERS_THROW_REASONS, retryReasons=GAPI.MEMBERS_RETRY_REASONS,
-                                 includeDerivedMembership=memberOptions[MEMBEROPTION_INCLUDEDERIVEDMEMBERSHIP],
-                                 groupKey=groupEmail, roles=listRoles, fields=listFields, maxResults=GC.Values[GC.MEMBER_MAX_RESULTS])
-  except (GAPI.groupNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.invalid, GAPI.forbidden, GAPI.serviceNotAvailable):
-    entityUnknownWarning(Ent.GROUP, groupEmail, i, count)
-    return
+  if not groupEmail.startswith('space/'):
+    try:
+      groupMembers = callGAPIpages(cd.members(), 'list', 'members',
+                                   pageMessage=getPageMessageForWhom(),
+                                   throwReasons=GAPI.MEMBERS_THROW_REASONS, retryReasons=GAPI.MEMBERS_RETRY_REASONS,
+                                   includeDerivedMembership=memberOptions[MEMBEROPTION_INCLUDEDERIVEDMEMBERSHIP],
+                                   groupKey=groupEmail, roles=listRoles, fields=listFields, maxResults=GC.Values[GC.MEMBER_MAX_RESULTS])
+    except (GAPI.groupNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis, GAPI.invalid, GAPI.forbidden, GAPI.serviceNotAvailable):
+      entityUnknownWarning(Ent.GROUP, groupEmail, i, count)
+      return
+  else:
+    groupMembers =  _getChatSpaceMembers(cd, groupEmail, '')
   checkCategory = memberDisplayOptions['showCategory']
   if not memberOptions[MEMBEROPTION_RECURSIVE]:
     if memberOptions[MEMBEROPTION_NODUPLICATES]:
@@ -36245,7 +36282,7 @@ def getCIGroupTransitiveMembers(ci, groupName, membersList, i, count):
   return True
 
 def getCIGroupMembers(ci, groupName, memberRoles, membersList, membersSet, i, count,
-                      memberOptions, memberDisplayOptions, level, typesSet, groupEmail, kwargs):
+                      memberOptions, memberDisplayOptions, level, typesSet, groupEmail, kwargs, cd):
   nameToPrint = groupEmail if groupEmail else groupName
   printGettingAllEntityItemsForWhom(memberRoles if memberRoles else Ent.ROLE_MANAGER_MEMBER_OWNER, nameToPrint, i, count)
   validRoles = _getCIRoleVerification(memberRoles)
@@ -36258,16 +36295,21 @@ def getCIGroupMembers(ci, groupName, memberRoles, membersList, membersSet, i, co
         if member['type'] in typesSet and checkCIMemberMatch(member, memberOptions):
           membersList.append(member)
     return
-  try:
-    groupMembers = callGAPIpages(ci.groups().memberships(), 'list', 'memberships',
-                                 pageMessage=getPageMessageForWhom(),
-                                 throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
-                                 parent=groupName, **kwargs)
-  except (GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
-          GAPI.forbidden, GAPI.badRequest, GAPI.invalid, GAPI.invalidArgument, GAPI.systemError,
-          GAPI.permissionDenied, GAPI.serviceNotAvailable):
-    entityUnknownWarning(Ent.CLOUD_IDENTITY_GROUP, nameToPrint, i, count)
-    return
+  if not groupEmail.startswith('space/'):
+    try:
+      groupMembers = callGAPIpages(ci.groups().memberships(), 'list', 'memberships',
+                                   pageMessage=getPageMessageForWhom(),
+                                   throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
+                                   parent=groupName, **kwargs)
+    except (GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.domainCannotUseApis,
+            GAPI.forbidden, GAPI.badRequest, GAPI.invalid, GAPI.invalidArgument, GAPI.systemError,
+            GAPI.permissionDenied, GAPI.serviceNotAvailable):
+      entityUnknownWarning(Ent.CLOUD_IDENTITY_GROUP, nameToPrint, i, count)
+      return
+  else:
+    if cd is None:
+      cd = buildGAPIObject(API.DIRECTORY)
+    groupMembers = _getChatSpaceMembers(cd, groupEmail, groupName)
   checkCategory = memberDisplayOptions['showCategory']
   if not memberOptions[MEMBEROPTION_RECURSIVE]:
     if memberOptions[MEMBEROPTION_NODUPLICATES]:
@@ -36315,7 +36357,7 @@ def getCIGroupMembers(ci, groupName, memberRoles, membersList, membersSet, i, co
           groupMemberList.append((f'groups/{gname}', memberName))
     for member in groupMemberList:
       getCIGroupMembers(ci, member[0], memberRoles, membersList, membersSet, i, count,
-                        memberOptions, memberDisplayOptions, level+1, typesSet, member[1], kwargs)
+                        memberOptions, memberDisplayOptions, level+1, typesSet, member[1], kwargs, cd)
   else:
     for member in groupMembers:
       getCIGroupMemberRoleFixType(member)
@@ -36337,7 +36379,7 @@ def getCIGroupMembers(ci, groupName, memberRoles, membersList, membersSet, i, co
           membersList.append(member)
         _, gname = member['name'].rsplit('/', 1)
         getCIGroupMembers(ci, f'groups/{gname}', memberRoles, membersList, membersSet, i, count,
-                          memberOptions, memberDisplayOptions, level+1, typesSet, memberName, kwargs)
+                          memberOptions, memberDisplayOptions, level+1, typesSet, memberName, kwargs, cd)
 
 CIGROUPMEMBERS_FIELDS_CHOICE_MAP = {
   'createtime': 'createTime',
@@ -36501,7 +36543,7 @@ def doPrintCIGroupMembers():
     membersList = []
     membersSet = set()
     getCIGroupMembers(ci, groupEntity['name'], getRoles, membersList, membersSet, i, count,
-                      memberOptions, memberDisplayOptions, level, typesSet, groupEmail, kwargs)
+                      memberOptions, memberDisplayOptions, level, typesSet, groupEmail, kwargs, None)
     if showOwnedBy and not checkCIGroupShowOwnedBy(showOwnedBy, membersList):
       continue
     for member in membersList:
@@ -75541,7 +75583,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
     ),
   'info':
     (Act.INFO,
-     {Cmd.ARG_ADMINROLE:	doInfoAdminRole,
+     {Cmd.ARG_ADMINROLE:	doInfoPrintShowAdminRoles,
       Cmd.ARG_ALERT:		doInfoAlert,
       Cmd.ARG_ALIAS:		doInfoAliases,
       Cmd.ARG_BUILDING:		doInfoBuilding,
@@ -75573,7 +75615,6 @@ MAIN_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_DRIVEFILEACL:	doInfoDriveFileACLs,
       Cmd.ARG_DRIVELABEL:	doInfoDriveLabels,
       Cmd.ARG_INSTANCE:		doInfoInstance,
-      Cmd.ARG_GAL:		doInfoGAL,
       Cmd.ARG_GROUP:		doInfoGroups,
       Cmd.ARG_GROUPMEMBERS:	doInfoGroupMembers,
       Cmd.ARG_INBOUNDSSOASSIGNMENT:	doInfoInboundSSOAssignment,
@@ -75616,7 +75657,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
   'print':
     (Act.PRINT,
      {Cmd.ARG_ADDRESSES:	doPrintAddresses,
-      Cmd.ARG_ADMINROLE:	doPrintShowAdminRoles,
+      Cmd.ARG_ADMINROLE:	doInfoPrintShowAdminRoles,
       Cmd.ARG_ADMIN:		doPrintShowAdmins,
       Cmd.ARG_ALERT:		doPrintShowAlerts,
       Cmd.ARG_ALERTFEEDBACK:	doPrintShowAlertFeedback,
@@ -75668,7 +75709,6 @@ MAIN_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_DRIVELABEL:	doPrintShowDriveLabels,
       Cmd.ARG_DRIVELABELPERMISSION:	doPrintShowDriveLabelPermissions,
       Cmd.ARG_FEATURE:		doPrintShowFeatures,
-      Cmd.ARG_GAL:		doPrintShowGAL,
       Cmd.ARG_GROUP:		doPrintGroups,
       Cmd.ARG_GROUPMEMBERS:	doPrintGroupMembers,
       Cmd.ARG_GROUPTREE:	doPrintShowGroupTree,
@@ -75749,7 +75789,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
     ),
   'show':
     (Act.SHOW,
-     {Cmd.ARG_ADMINROLE:	doPrintShowAdminRoles,
+     {Cmd.ARG_ADMINROLE:	doInfoPrintShowAdminRoles,
       Cmd.ARG_ADMIN:		doPrintShowAdmins,
       Cmd.ARG_ALERT:		doPrintShowAlerts,
       Cmd.ARG_ALERTFEEDBACK:	doPrintShowAlertFeedback,
@@ -75786,7 +75826,6 @@ MAIN_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_DRIVELABEL:	doPrintShowDriveLabels,
       Cmd.ARG_DRIVELABELPERMISSION:	doPrintShowDriveLabelPermissions,
       Cmd.ARG_FEATURE:		doPrintShowFeatures,
-      Cmd.ARG_GAL:		doPrintShowGAL,
       Cmd.ARG_GROUPMEMBERS:	doShowGroupMembers,
       Cmd.ARG_GROUPTREE:	doPrintShowGroupTree,
       Cmd.ARG_GUARDIAN:		doPrintShowGuardians,
@@ -76671,7 +76710,6 @@ USER_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_ANALYTICACCOUNTSUMMARY:	printShowAnalyticAccountSummaries,
       Cmd.ARG_ANALYTICDATASTREAM:	printShowAnalyticDatastreams,
       Cmd.ARG_ANALYTICPROPERTY:	printShowAnalyticProperties,
-      Cmd.ARG_ANALYTICUAPROPERTY:	printShowAnalyticUAProperties,
       Cmd.ARG_ASP:		printShowASPs,
       Cmd.ARG_BACKUPCODE:	printShowBackupCodes,
       Cmd.ARG_CALENDAR:		printShowCalendars,
@@ -76778,7 +76816,6 @@ USER_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_ANALYTICACCOUNTSUMMARY:	printShowAnalyticAccountSummaries,
       Cmd.ARG_ANALYTICDATASTREAM:	printShowAnalyticDatastreams,
       Cmd.ARG_ANALYTICPROPERTY:	printShowAnalyticProperties,
-      Cmd.ARG_ANALYTICUAPROPERTY:	printShowAnalyticUAProperties,
       Cmd.ARG_ASP:		printShowASPs,
       Cmd.ARG_BACKUPCODE:	printShowBackupCodes,
       Cmd.ARG_CALENDAR:		printShowCalendars,
@@ -76991,7 +77028,6 @@ USER_COMMANDS_OBJ_ALIASES = {
   Cmd.ARG_ANALYTICACCOUNTSUMMARIES:	Cmd.ARG_ANALYTICACCOUNTSUMMARY,
   Cmd.ARG_ANALYTICDATASTREAMS:	Cmd.ARG_ANALYTICDATASTREAM,
   Cmd.ARG_ANALYTICPROPERTIES:	Cmd.ARG_ANALYTICPROPERTY,
-  Cmd.ARG_ANALYTICUAPROPERTIES:	Cmd.ARG_ANALYTICUAPROPERTY,
   Cmd.ARG_ASPS:			Cmd.ARG_ASP,
   Cmd.ARG_BACKUPCODES:		Cmd.ARG_BACKUPCODE,
   Cmd.ARG_CALENDARS:		Cmd.ARG_CALENDAR,

src/gam/gamlib/glapi.py

@@ -22,7 +22,6 @@
 # APIs
 ACCESSCONTEXTMANAGER = 'accesscontextmanager'
 ALERTCENTER = 'alertcenter'
-ANALYTICS = 'analytics'
 ANALYTICS_ADMIN = 'analyticsadmin'
 CALENDAR = 'calendar'
 CBCM = 'cbcm'
@@ -162,7 +161,6 @@ PROJECT_APIS = [
   'accesscontextmanager.googleapis.com',
   'admin.googleapis.com',
   'alertcenter.googleapis.com',
-  'analytics.googleapis.com',
   'analyticsadmin.googleapis.com',
 #  'audit.googleapis.com',
   'calendar-json.googleapis.com',
@@ -201,7 +199,6 @@ PROJECT_APIS = [
 _INFO = {
   ACCESSCONTEXTMANAGER: {'name': 'Access Context Manager API', 'version': 'v1', 'v2discovery': True},
   ALERTCENTER: {'name': 'AlertCenter API', 'version': 'v1beta1', 'v2discovery': True},
-  ANALYTICS: {'name': 'Analytics API', 'version': 'v3', 'v2discovery': False},
   ANALYTICS_ADMIN: {'name': 'Analytics Admin API', 'version': 'v1beta', 'v2discovery': True},
   CALENDAR: {'name': 'Calendar API', 'version': 'v3', 'v2discovery': True, 'mappedAPI': 'calendar-json'},
   CBCM: {'name': 'Chrome Browser Cloud Management API', 'version': 'v1.1beta1', 'v2discovery': True, 'localjson': True},
@@ -244,7 +241,7 @@ _INFO = {
   EMAIL_AUDIT: {'name': 'Email Audit API', 'version': 'v1', 'v2discovery': False},
   FORMS: {'name': 'Forms API', 'version': 'v1', 'v2discovery': True},
   GMAIL: {'name': 'Gmail API', 'version': 'v1', 'v2discovery': True},
-  GROUPSMIGRATION: {'name': 'Groups Migration API', 'version': 'v1', 'v2discovery': False},
+  GROUPSMIGRATION: {'name': 'Groups Migration API', 'version': 'v1', 'v2discovery': True},
   GROUPSSETTINGS: {'name': 'Groups Settings API', 'version': 'v1', 'v2discovery': True},
   IAM: {'name': 'Identity and Access Management API', 'version': 'v1', 'v2discovery': True},
   IAM_CREDENTIALS: {'name': 'Identity and Access Management Credentials API', 'version': 'v1', 'v2discovery': True},
@@ -532,10 +529,6 @@ _SVCACCT_SCOPES = [
    'api': ALERTCENTER,
    'subscopes': [],
    'scope': 'https://www.googleapis.com/auth/apps.alerts'},
-  {'name': 'Analytics API - read only',
-   'api': ANALYTICS,
-   'subscopes': [],
-   'scope': 'https://www.googleapis.com/auth/analytics.readonly'},
   {'name': 'Analytics Admin API - read only',
    'api': ANALYTICS_ADMIN,
    'subscopes': [],

src/gam/gamlib/glclargs.py

@@ -423,8 +423,6 @@ class GamCLArgs():
   ARG_ANALYTICDATASTREAMS = 'analyticdatastreams'
   ARG_ANALYTICPROPERTY = 'analyticproperty'
   ARG_ANALYTICPROPERTIES = 'analyticproperties'
-  ARG_ANALYTICUAPROPERTY = 'analyticuaproperty'
-  ARG_ANALYTICUAPROPERTIES = 'analyticuaproperties'
   ARG_API = 'api'
   ARG_APIS = 'apis'
   ARG_APIPROJECT = 'apiproject'
@@ -618,7 +616,6 @@ class GamCLArgs():
   ARG_FORWARDS = 'forwards'
   ARG_FORWARDINGADDRESS = 'forwardingaddress'
   ARG_FORWARDINGADDRESSES = 'forwardingaddresses'
-  ARG_GAL = 'gal'
   ARG_GCPFOLDER = 'gcpfolder'
   ARG_GCPSERVICEACCOUNT = 'gcpserviceaccount'
   ARG_GMAIL = 'gmail'

src/gam/gamlib/glentity.py

@@ -61,7 +61,6 @@ class GamEntity():
   ANALYTIC_ACCOUNT_SUMMARY = 'anas'
   ANALYTIC_DATASTREAM = 'anad'
   ANALYTIC_PROPERTY = 'anap'
-  ANALYTIC_UA_PROPERTY = 'anau'
   API = 'api '
   APP_ACCESS_SETTINGS = 'apps'
   APP_ID = 'appi'
@@ -412,7 +411,6 @@ class GamEntity():
     ANALYTIC_ACCOUNT_SUMMARY: ['Analytic Account Summaries', 'Analytic Account Summary'],
     ANALYTIC_DATASTREAM: ['Analytic Datastreams', 'Analytic Datastream'],
     ANALYTIC_PROPERTY: ['Analytic GA4 Properties', 'Analytic GA4 Property'],
-    ANALYTIC_UA_PROPERTY: ['Analytic UA Properties', 'Analytic UA Property'],
     API: ['APIs', 'API'],
     APP_ACCESS_SETTINGS: ['Application Access Settings', 'Application Access Settings'],
     APP_ID: ['Application IDs', 'Application ID'],

src/gam/gamlib/glskus.py

@@ -144,6 +144,8 @@ _SKUS = {
     'product': 'Google-Apps', 'aliases': ['wsflw', 'workspacefrontline', 'workspacefrontlineworker'], 'displayName': 'Google Workspace Frontline Starter'},
   '1010020031': {
     'product': 'Google-Apps', 'aliases': ['wsflwstan', 'workspacefrontlinestan', 'workspacefrontlineworkerstan'], 'displayName': 'Google Workspace Frontline Standard'},
+  '1010020034': {
+    'product': 'Google-Apps', 'aliases': ['wsflwplus', 'workspacefrontlineplus', 'workspacefrontlineworkerplus'], 'displayName': 'Google Workspace Frontline Plus'},
   '1010340001': {
     'product': '101034', 'aliases': ['gseau', 'enterprisearchived', 'gsuiteenterprisearchived'], 'displayName': 'Google Workspace Enterprise Plus - Archived User'},
   '1010340002': {

src/gam/gamlib/glverlibs.py

@@ -20,14 +20,19 @@
 
 """
 
-GAM_VER_LIBS = ['cryptography',
-                'filelock',
-                'google-api-python-client',
-                'google-auth-httplib2',
-                'google-auth-oauthlib',
-                'google-auth',
-                'httplib2',
-                'passlib',
-                'python-dateutil',
-                'yubikey-manager',
-                ]
+GAM_VER_LIBS = [
+  'chardet',
+  'cryptography',
+  'filelock',
+  'google-api-python-client',
+  'google-auth-httplib2',
+  'google-auth-oauthlib',
+  'google-auth',
+  'lxml',
+  'httplib2',
+  'passlib',
+  'pathvalidate',
+  'pyscard',
+  'python-dateutil',
+  'yubikey-manager',
+]

src/requirements.txt

@@ -1,15 +1,15 @@
-chardet
-cryptography
+chardet>=5.2.0
+cryptography>=44.0.2
 distro; sys_platform=='linux'
-filelock
-google-api-python-client>=2.166.0
+filelock>=3.18.0
+google-api-python-client>=2.167.0
 google-auth-httplib2>=0.2.0
-google-auth-oauthlib>=1.2.1
-google-auth>=2.38.0
+google-auth-oauthlib>=1.2.2
+google-auth>=2.39.0
 httplib2>=0.22.0
-lxml
+lxml>=5.4.0
 passlib>=1.7.4
-pathvalidate
+pathvalidate>=3.2.3
 pyscard==2.2.1
 python-dateutil
-yubikey-manager[yubikey]>=5.6.1
+yubikey-manager>=5.6.1

src/setup.cfg

@@ -17,27 +17,29 @@ classifiers =
     Programming Language :: Python :: 3.10
     Programming Language :: Python :: 3.11
     Programming Language :: Python :: 3.12
+    Programming Language :: Python :: 3.13
     License :: OSI Approved :: Apache License
 
 [options]
 packages = find:
-python_requires = >= 3.8
+python_requires = >= 3.9
+# The following files should be edited to match: pyproject.toml, requirements.txt
 install_requires =
-    chardet
-    cryptography
+    chardet >= 5.2.0
+    cryptography >= 44.0.2
     distro; sys_platform == 'linux'
-    filelock
-    google-api-python-client >= 2.36
-    google-auth-httplib2
-    google-auth-oauthlib >= 0.4.6
-    google-auth >= 2.3.3
-    httplib2 >= 0.20.2
-    lxml
+    filelock >= 3.18.0
+    google-api-python-client >= 2.167.0
+    google-auth-httplib2 >= 0.2.0
+    google-auth-oauthlib >= 1.2.2
+    google-auth >= 2.39.0
+    httplib2 >= 0.22.0
+    lxml >= 5.4.0
     passlib >= 1.7.4
-    pathvalidate
-    pyscard==2.2.1
+    pathvalidate >= 3.2.3
+    pyscard == 2.2.1
     python-dateutil
-    yubikey-manager >= 5.0
+    yubikey-manager >= 5.6.1
 
 [options.package_data]
 * = *.pem

wiki/GamUpdates.md

@@ -10,6 +10,46 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
 
 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
 
+### 7.06.14
+
+Updated `create|update adminrole` to allow specifying a collection of privileges
+with `privileges select <FileSelector>|<CSVFileSelector>` which makes copying roles much simpler.
+
+Added option `role <RoleItem>` to `gam print|show adminroles` to allow display of information
+for a specific role.
+
+### 7.06.13
+
+Updated `gam print group-members ... recursive` and `gam print cigroup-members ... recursive`
+to expand groups representing chat spaces.
+
+### 7.06.12
+
+Deleted commands to display Analytic UA properties; the API has been deprecated.
+```
+gam <UserTypeEntity> print|show analyticuaproperties
+```
+
+### 7.06.11
+
+Improved `gam checkconn`.
+
+Updated `gam print group-members` and `gam print cigroup-members` to recognize members
+that are groups representing chat spaces. For now, these groups are not expanded when
+`recursive` is specified.
+
+### 7.06.10
+
+Added the following license SKU.
+```
+1010020034 - Google Workspace Frontline Plus
+```
+
+### 7.06.09
+
+Added `gemini` and `geminiforworkspace` to `<ActivityApplicationName>` for use in
+`gam report <ActivityApplicationName>`.
+
 ### 7.06.08
 
 Fixed problem where Yubikeys caused a trap.

wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md

@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin$ gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAM 7.06.08 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@@ -989,7 +989,7 @@ writes the credentials into the file oauth2.txt.
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAM 7.06.08 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 Windows-10-10.0.17134 AMD64

wiki/Licenses.md

@@ -110,6 +110,7 @@
 | Google Workspace for Education: Teaching and Learning Upgrade | 1010370001 | gwetlu |
 | Google Workspace Frontline Starter | 1010020030 | wsflw |
 | Google Workspace Frontline Standard | 1010020031 | wsflwstan |
+| Google Workspace Frontline Plus | 1010020034 | wsflwplus |
 | Google Workspace Government | Google-Apps-For-Government | gsuitegov |
 | Google Workspace Labs | 1010470002 | gwlabs | workspacelabs |
 

wiki/Reports.md

@@ -51,6 +51,7 @@ config csv_output_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
         domain|
         drive|doc|docs|
         gcp|
+        gemini|geminiforworkspace|
         groups|group|
         groupsenterprise|enterprisegroups|
         jamboard|

wiki/Users-Analytics-Admin.md

@@ -6,14 +6,13 @@
 - [Display Analytic Account Summaries](#display-analytic-account-summaries)
 - [Display Analytic Properties](#display-analytic-properties)
 - [Display Analytic Datastreams](#display-analytic-datastreams)
-- [Display Analytic UA Properties](#display-analytic-ua-properties)
 - [Examples](#examples)
 
 ## API documentation
 * [Analytics Admin API](https://developers.google.com/analytics/devguides/config/admin/v1/rest)
 
 ## Notes
-To use these commands you must add 'Analytics API' and 'Analytics Admin API' to your project and update your service account authorization.
+To use these commands you must add 'Analytics Admin API' to your project and update your service account authorization.
 ```
 gam update project
 gam user user@domain.com update serviceaccount
@@ -142,37 +141,6 @@ When using the `formatjson` option, double quotes are used extensively in the da
 The `quotechar <Character>` option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
 `quotechar` defaults to `gam.cfg/csv_output_quote_char`. When uploading CSV files to Google, double quote `"` should be used.
 
-## Display Analytic UA Properties
-```
-gam <UserTypeEntity> show analyticuaproperties
-        accountid [accounts/]<String>
-        [maxresults <Integer>]
-        [formatjson]
-```
-The required `accountid <String>` can be in the format: 'accounts/123' or '123'.
-
-By default, GAM asks the API for 50 properties per page of results,
-* `maxresults` - Maximum number of results per page; range is 1-200; the default is 50.
-
-By default, Gam displays the information as an indented list of keys and values.
-* `formatjson` - Display the fields in JSON format.
-```
-gam <UserTypeEntity> print analyticuaproperties [todrive <ToDriveAttribute>*]
-        accountid [accounts/]<String>
-        [maxresults <Integer>]
-        [formatjson [quotechar <Character>]]
-```
-The required `accountid <String>` can be in the format: 'accounts/123' or '123'.
-
-By default, GAM asks the API for 50 properties per page of results,
-* `maxresults` - Maximum number of results per page; range is 1-200; the default is 50.
-
-By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
-the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
-When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
-The `quotechar <Character>` option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
-`quotechar` defaults to `gam.cfg/csv_output_quote_char`. When uploading CSV files to Google, double quote `"` should be used.
-
 
 ## Examples
 Get all analytic accounts
@@ -189,8 +157,3 @@ Get all analytic account properties (GA4)
 ```
 gam redirect stdout - multiprocess redirect stderr stdout redirect csv ./GA4AnalyticAccountProperties.csv multiprocess csv AnalyticAccounts.csv gam user "~User" print analyticproperties filter "parent:~~name~~"
 ```
-
-Get all analytic account properties (UA)
-```
-gam redirect stdout - multiprocess redirect stderr stdout redirect csv ./UAAnalyticAccountProperties.csv multiprocess csv AnalyticAccounts.csv gam user "~User" print analyticuaproperties accountid "~~name~~"
-```

wiki/Users-Chat.md

@@ -42,12 +42,12 @@ Google requires that you have a Chat Bot configured in order to use the Chat API
 
 ## Set up a Chat Bot
 
-* Run the command `gam setup chat`; it will point you to a URL to configure your Chat Bot; this is required to use the Chat API.
+* Run the command `gam setup chat`; it will point you to a URL to configure your Chat Bot.
 * Enter an App name and Description of your choosing.
 * For the Avatar URL you can use `https://dummyimage.com/384x256/4d4d4d/0011ff.png&text=+GAM` or a public URL to an image of your own choosing.
 * In Functionality, uncheck both "Receive 1:1 messages" and "Join spaces and group conversations"
-* In Connection settings, choose "Cloud Pub/Sub" and enter "no-topic" for the topic name. GAM doesn't yet listen to pub/sub so this option is not used.
-* In Visibility, uncheck "Make this Chat app available to specific people and groups in Domain Workspace".
+* In Connection settings, choose "Cloud Pub/Sub" and enter `projects/<ProjectID>/topics/no-topic` for the topic name. Replace `<ProjectID>` with your GAM project ID. GAM doesn't yet listen to pub/sub so this option is not used.
+* In Visibility, uncheck "Make this Chat app available to specific people and groups in  Domain Workspace".
 * Click Save.
 
 ## API documentation

wiki/Users-Drive-Copy-Move.md

@@ -8,6 +8,7 @@
   - [Copy content of My Drive to a Shared Drive](#copy-content-of-my-drive-to-a-shared-drive)
   - [Copy content of a Shared Drive to another Shared Drive](#copy-content-of-a-shared-drive-to-another-shared-drive)
 - [Move files and folders](#move-files-and-folders)
+  - [Move My Drive folder to Shared Drive](#move-my-drive-folder-to-shared-drive)
   - [Simple moves by changing parents](#simple-moves-by-changing-parents)
   - [Move with ownership change](#move-with-ownership-change)
   - [Complex moves](#complex-moves)
@@ -428,6 +429,18 @@ gam user user@domain.com copy drivefile teamdriveid 0AC_1AB teamdriveparentid 0A
 ```
 
 ## Move files and folders
+## Move My Drive folder to Shared Drive
+There are two methods for moving a folder from a My Drive to a Shared Drive:
+* Drive UI - You can simple drag and drop the folder from the My Drive to the Shared Drive
+  * Google inspects the content of the folder and may not perform the move if:
+    * Files and folders within the selected folder are owned by users outside of your domain
+    * Files and folders within the selected folder are owned by other users inside of your domain but the owner of the original folder has only read access
+  * All folder and files IDs are preserved
+* GAM
+  * The Drive API doesn't allow moving a folder from a My Drive to a Shared Drive; GAM has to recreate the folders on the Shared Drive, thus changing their IDs
+  * Files are  simply moved from their existing My Drive folder to the recreated Shared Drive folder; their IDs do not change
+  * Files owmed by users outside of your domain can't be moved
+
 ## Simple moves by changing parents
 Use this command in the following cases:
 * Move a file or folder from one location to another on My Drive

wiki/Users-Drive-Files-Display.md

@@ -628,10 +628,15 @@ querytime5years -5y query "modifiedTime<'#querytime5years#'"
 
 ## File selection of Shared Drive
 You can limit the selection for files on a specific Shared drive.
-Any query will be applied to the Shared drive.
 ```
 select <SharedDriveEntity>
 ```
+
+To apply a query to that Shared Drive.
+```
+select <SharedDriveEntity> shareddrivequery "xxx"
+```
+
 ## File selection by corpora
 Select files by corpora.
 

wiki/Using-GAM7-with-a-delegated-admin-service-account.md

@@ -23,7 +23,7 @@ GAM7 version 6.50.00 or higher is required.
 
 ## Disadvantages
 * DASA accounts can only be delegated admins. [If a task requires super admin rights to perform](https://support.google.com/a/answer/2405986#:~:text=Only%20super%20administrators%20can...), DASA accounts won’t be able to do it.
-Not all Google Admin APIs work with DASA right now. For example, Google Vault API calls will fail with a DASA account.
+Not all Google Admin APIs work with DASA right now. For example, Google Vault API calls will fail with a DASA account; Classroom API calls do not return data.
 * DASA is a delegated admin and can make Workspace / Cloud Identity admin API calls, it does not replace domain-wide delegation (DwD) when using GAM7 commands that interact with Gmail, Drive and Calendar user data.
 * GAM7 support for DASA is still experimental and some things may fail. Please report your findings to the [GAM group](https://groups.google.com/g/google-apps-manager).
 

wiki/Version-and-Help.md

@@ -4,7 +4,7 @@ k
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.06.08 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@@ -16,7 +16,7 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.06.08 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@@ -28,7 +28,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.06.08 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@@ -65,7 +65,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gam7
 Version Check:
   Current: 5.35.08
-   Latest: 7.06.08
+   Latest: 7.06.14
 echo $?
 1
 ```
@@ -73,7 +73,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.06.08
+7.06.14
 ```
 In Linux/MacOS you can do:
 ```
@@ -83,7 +83,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.06.08 - https://github.com/GAM-team/GAM
+GAM 7.06.14 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64