Compare commits

..

1 Commits

Author SHA1 Message Date
dependabot[bot]
5b23efd83f Bump cryptography in the pip group across 1 directory
Bumps the pip group with 1 update in the / directory: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 46.0.3 to 46.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.5)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-11 02:54:50 +00:00
58 changed files with 1269 additions and 3071 deletions

View File

@@ -23,7 +23,7 @@ defaults:
env:
SCRATCH_COUNTER: 14
OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0 no-docs no-ssl3 no-tls1 no-tls1_1 no-dtls no-comp no-srp no-psk no-engine no-dynamic-engine no-nextprotoneg no-weak-ssl-ciphers no-idea no-seed no-camellia no-sm2 no-sm3 no-sm4 no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-cast no-des no-shared no-tests -O3
OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
PYTHON_INSTALL_PATH: ${{ github.workspace }}/bin/python
@@ -86,23 +86,18 @@ jobs:
freethreaded: false
goal: build
name: Build x86_64 macOS 15
- os: macos-26-intel
- os: macos-26
jid: 11
freethreaded: false
goal: build
name: Build x86_64 macOS 26
- os: macos-26
jid: 12
freethreaded: false
goal: build
name: Build Arm MacOS 26
- os: windows-2025-vs2026
jid: 13
- os: windows-2025
jid: 12
freethreaded: false
goal: build
name: Build Intel Windows
- os: windows-11-arm
jid: 14
jid: 13
freethreaded: false
goal: build
name: Build Arm Windows
@@ -110,42 +105,36 @@ jobs:
goal: test
python: "3.10"
freethreaded: false
jid: 15
jid: 14
name: Test Python 3.10
- os: ubuntu-24.04
goal: test
python: "3.11"
freethreaded: false
jid: 16
jid: 15
name: Test Python 3.11
- os: ubuntu-24.04
goal: test
python: "3.12"
freethreaded: false
jid: 17
jid: 16
name: Test Python 3.12
- os: ubuntu-24.04
goal: test
python: "3.13"
freethreaded: false
jid: 18
name: Test Python 3.13
- os: ubuntu-24.04
goal: test
python: "3.15-dev"
freethreaded: false
jid: 19
jid: 17
name: Test Python 3.15-dev
- os: ubuntu-24.04
goal: test
python: "3.14"
freethreaded: true
jid: 20
jid: 18
name: Test Python 3.14 freethread
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
with:
persist-credentials: false
fetch-depth: 0
@@ -156,16 +145,15 @@ jobs:
with:
workload_identity_provider: projects/297925809119/locations/global/workloadIdentityPools/gha-pool/providers/gha-provider
service_account: github-actions-testing-for-gam@gam-project-wyo-lub-ivl.iam.gserviceaccount.com
access_token_scopes: https://www.googleapis.com/auth/iam
- name: Cache multiple paths
if: matrix.goal == 'build'
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
uses: actions/cache@638ed79f9dc94c1de1baef91bcab5edaa19451f4 # v4.2.4
id: cache-python-ssl
with:
path: |
cache.tar.xz
key: gam-${{ matrix.jid }}-20260323
key: gam-${{ matrix.jid }}-20260129
- name: Untar Cache archive
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -175,7 +163,7 @@ jobs:
- name: Use pre-compiled Python for testing
if: matrix.python != ''
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ matrix.python }}
allow-prereleases: true
@@ -259,7 +247,7 @@ jobs:
- name: MacOS import developer certificates for signing
if: runner.os == 'macOS'
uses: apple-actions/import-codesign-certs@b610f78488812c1e56b20e6df63ec42d833f2d14 # v6.0.0
uses: apple-actions/import-codesign-certs@11e1bb2d3771ad8ffa8459dfe527bc26b2dd4b62 # v5.0.3
with:
p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
@@ -278,8 +266,6 @@ jobs:
echo "We are running on ${RUNNER_OS}"
LD_LIBRARY_PATH="${OPENSSL_INSTALL_PATH}/lib:${PYTHON_INSTALL_PATH}/lib:/usr/local/lib"
if [[ "${RUNNER_OS}" == "macOS" ]]; then
export CFLAGS="-O3 -pipe"
export LDFLAGS="-Wl,-dead_strip"
MAKE=make
MAKEOPT="-j$(sysctl -n hw.logicalcpu)"
PERL=perl
@@ -288,8 +274,6 @@ jobs:
echo "We are running on and targetting MacOS ${MACOSX_DEPLOYMENT_TARGET}"
echo "PYTHON=${PYTHON_INSTALL_PATH}/bin/python3" >> $GITHUB_ENV
elif [[ "${RUNNER_OS}" == "Linux" ]]; then
export CFLAGS="-O3 -pipe"
export LDFLAGS="-Wl,--strip-all"
MAKE=make
MAKEOPT="-j$(nproc)"
PERL=perl
@@ -307,17 +291,14 @@ jobs:
fi
PYEXTERNALS_PATH=$(cygpath -u "${PYTHON_SOURCE_PATH}/PCbuild/${PYEXTERNALS_ARCH}")
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${PYEXTERNALS_PATH}"
echo "PYTHON=${PYTHON_INSTALL_PATH}\python.exe" >> $GITHUB_ENV
echo "PYTHON=${PYTHON_SOURCE_PATH}/PCbuild/${PYEXTERNALS_ARCH}/python.exe" >> $GITHUB_ENV
echo "WIX_ARCH=${WIX_ARCH}" >> $GITHUB_ENV
echo "PS_PYTHON_INSTALL_PATH=$(cygpath -w $PYTHON_INSTALL_PATH)" >> $GITHUB_ENV
fi
echo "We'll run make with: ${MAKEOPT}"
echo "staticx=${staticx}" >> $GITHUB_ENV
echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}" >> $GITHUB_ENV
echo "MAKE=${MAKE}" >> $GITHUB_ENV
echo "MAKEOPT=${MAKEOPT}" >> $GITHUB_ENV
echo "CFLAGS=${CFLAGS}" >> $GITHUB_ENV
echo "LDFLAGS=${LDFLAGS}" >> $GITHUB_ENV
echo "PERL=${PERL}" >> $GITHUB_ENV
echo "PYEXTERNALS_PATH=${PYEXTERNALS_PATH}" >> $GITHUB_ENV
@@ -342,6 +323,10 @@ jobs:
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
run: |
cd "${OPENSSL_SOURCE_PATH}"
#if ([ "$RUNNER_OS" == "Windows" ] && [ "$RUNNER_ARCH" == "ARM64" ]); then
# https://github.com/openssl/openssl/issues/26239
export CFLAGS=-DNO_INTERLOCKEDOR64
#fi
# --libdir=lib is needed so Python can find OpenSSL libraries
"${PERL}" ./Configure --libdir=lib --prefix="${OPENSSL_INSTALL_PATH}" $OPENSSL_CONFIG_OPTS
@@ -355,6 +340,10 @@ jobs:
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
run: |
cd "${OPENSSL_SOURCE_PATH}"
# TODO: remove this once https://github.com/openssl/openssl/issues/26239 is fixed.
if ([ "$RUNNER_OS" == "Windows" ] && [ "$RUNNER_ARCH" == "ARM64" ]); then
export CFLAGS=-DNO_INTERLOCKEDOR64
fi
$MAKE "$MAKEOPT"
- name: Install OpenSSL
@@ -363,23 +352,20 @@ jobs:
cd "${OPENSSL_SOURCE_PATH}"
# install_sw saves us ages processing man pages :-)
$MAKE install_sw
#if [[ "${RUNNER_OS}" != "Windows" ]]; then
# echo "LDFLAGS=-L${OPENSSL_INSTALL_PATH}/lib" >> $GITHUB_ENV
#fi
#echo "CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1" >> $GITHUB_ENV
#case $RUNNER_ARCH in
# X64)
# echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include ${CFLAGS}" >> $GITHUB_ENV
# echo "ARCHFLAGS=-arch x86_64" >> $GITHUB_ENV
# ;;
# ARM64)
# echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include ${CFLAGS}" >> $GITHUB_ENV
# echo "ARCHFLAGS=-arch arm64" >> $GITHUB_ENV
# ;;
#esac
if [[ "${RUNNER_OS}" != "Windows" ]]; then
strip "${OPENSSL_INSTALL_PATH}/bin/openssl"
echo "LDFLAGS=-L${OPENSSL_INSTALL_PATH}/lib" >> $GITHUB_ENV
fi
echo "CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1" >> $GITHUB_ENV
case $RUNNER_ARCH in
X64)
echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include ${CFLAGS}" >> $GITHUB_ENV
echo "ARCHFLAGS=-arch x86_64" >> $GITHUB_ENV
;;
ARM64)
echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include ${CFLAGS}" >> $GITHUB_ENV
echo "ARCHFLAGS=-arch arm64" >> $GITHUB_ENV
;;
esac
- name: Run OpenSSL
if: matrix.goal == 'build'
@@ -407,9 +393,7 @@ jobs:
--enable-shared \
--with-ensurepip=upgrade \
--enable-optimizations \
--with-lto \
--disable-test-modules \
--without-doc-strings || : # exit 0
--with-lto || : # exit 0
cat config.log
- name: Windows Get External Python deps
@@ -451,27 +435,22 @@ jobs:
pip install --upgrade sphinx
sphinx-build --version
- name: Windows Config/Build/Install Python
- name: Windows Config/Build Python
if: matrix.goal == 'build' && runner.os == 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
shell: powershell
run: |
cd "${env:PYTHON_SOURCE_PATH}"
# We need our custom openssl.props which uses OpenSSL 3 DLL names
# We need out custom openssl.props which uses OpenSSL 3 DLL names
Copy-Item -Path "${env:GITHUB_WORKSPACE}\src\tools\openssl.props" -Destination PCBuild\ -Verbose
# We need our custom _hashlib.vcxproj
Copy-Item -Path "${env:GITHUB_WORKSPACE}\src\tools\_hashlib.vcxproj" -Destination PCBuild\ -Verbose
if (${env:RUNNER_ARCH} -eq "X64") {
$env:arch = "x64"
#PCBuild\build.bat -c Release -p $env:arch --pgo
PCBuild\build.bat -c Release -p $env:arch --pgo
} elseif (${env:RUNNER_ARCH} -eq "ARM64") {
$env:arch = "ARM64"
# TODO: figure out why Windows ARM64 isn't compat with PGO optimiazation
# causes 10-20% slowdown in Python
#PCBuild\build.bat -c Release -p $env:arch
PCBuild\build.bat -c Release -p $env:arch
}
PCBuild\build.bat -c Release -p $env:arch --pgo
.\python.bat PC\layout --precompile --preset-default --copy $env:PS_PYTHON_INSTALL_PATH
Get-ChildItem -Path $env:PS_PYTHON_INSTALL_PATH -File
- name: Mac/Linux Build Python
if: matrix.goal == 'build' && runner.os != 'Windows' && steps.cache-python-ssl.outputs.cache-hit != 'true'
@@ -486,14 +465,13 @@ jobs:
cd "${PYTHON_SOURCE_PATH}"
$MAKE altinstall
$MAKE bininstall
strip "${PYTHON_INSTALL_PATH}/bin/python3"
export PATH="${PATH}:${PYTHON_INSTALL_PATH}/bin"
echo "PATH=${PATH}" >> $GITHUB_ENV
echo "PATH: ${PATH}"
- name: Run Python
run: |
"${PYTHON}" -VV
"${PYTHON}" -V
"${PYTHON}" -c "import ssl; print(f'Using {ssl.OPENSSL_VERSION}')"
- name: Create and use Python venv
@@ -529,8 +507,6 @@ jobs:
"$PYTHON" -m pip list
- name: Install pip requirements
env:
GH_TOKEN: ${{ github.token }}
run: |
echo "before anything..."
"$PYTHON" -m pip list
@@ -541,12 +517,6 @@ jobs:
echo "--pip debug verbose--"
"$PYTHON" -m pip debug --verbose
echo "--------"
if ([ "$RUNNER_OS" == "Windows" ] && [ "$RUNNER_ARCH" == "ARM64" ]); then
# custom cryptography wheel for win arm64 since the project doesn't provide one:
# https://github.com/pyca/cryptography/issues/14293
gh release download --repo "jay0lee/cryptography-wheels" --pattern "*win_arm64.whl" --clobber
"$PYTHON" -m pip install cryptography-*.whl
fi
"$PYTHON" -m pip install -vvv --upgrade ..[yubikey]
echo "after everything..."
"$PYTHON" -m pip list
@@ -554,19 +524,18 @@ jobs:
- name: Install PyInstaller
if: matrix.goal == 'build'
run: |
#git clone https://github.com/pyinstaller/pyinstaller.git
#cd pyinstaller
#export latest_release=$(git tag --list | grep -v dev | grep -v rc | sort -Vr | head -n1)
#git checkout "${latest_release}"
git clone https://github.com/pyinstaller/pyinstaller.git
cd pyinstaller
export latest_release=$(git tag --list | grep -v dev | grep -v rc | sort -Vr | head -n1)
git checkout "${latest_release}"
# git checkout "v6.9.0"
# remove pre-compiled bootloaders so we fail if bootloader compile fails
#rm -rvf PyInstaller/bootloader/*-*/*
#cd bootloader
#"${PYTHON}" ./waf all
#cd ..
#echo "---- Installing PyInstaller ----"
#"${PYTHON}" -m pip install .
"$PYTHON" -m pip install --upgrade pyinstaller
rm -rvf PyInstaller/bootloader/*-*/*
cd bootloader
"${PYTHON}" ./waf all
cd ..
echo "---- Installing PyInstaller ----"
"${PYTHON}" -m pip install .
- name: Build GAM with PyInstaller
if: matrix.goal != 'test'
@@ -656,19 +625,13 @@ jobs:
- name: MacOS send GAM binary for Apple notarization
if: runner.os == 'macOS'
env:
APPLE_KEY: ${{ secrets.APPLE_KEY }}
APPLE_KEY_ID: ${{ secrets.APPLE_KEY_ID }}
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }}
ASP_NOTARIZE: ${{ secrets.ASP_NOTARIZE }}
run: |
# Apple wants some kind of "package" submitted so just add gam to a .zip
# name it something we can track and link in Apple's notarize process
zipfilename="./gam-${RUNNER_ARCH}-${GITHUB_RUN_ID}-${GITHUB_RUN_NUMBER}.zip"
zip -r "$zipfilename" "$gampath"
export KEY_FILE="$(mktemp).p8"
trap 'rm -f "$KEY_FILE"' EXIT
echo "$APPLE_KEY" > "$KEY_FILE"
xcrun notarytool submit "$zipfilename" --key "$KEY_FILE" --key-id "$APPLE_KEY_ID" --issuer "$APPLE_ISSUER_ID"
rm -v "$KEY_FILE"
xcrun notarytool submit --apple-id "jay0lee@gmail.com" --password "$ASP_NOTARIZE" --team-id GZ85H2DRLM "$zipfilename"
rm -v "$zipfilename"
- name: Basic Tests all jobs
@@ -679,35 +642,37 @@ jobs:
echo "GAM Version ${GAMVERSION}"
echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV
- name: Initialize Windows Desktop Shell
- name: Install WinAppDriver
if: runner.os == 'Windows'
shell: pwsh
run: |
Write-Host "Checking for Windows Explorer shell..."
if (-not (Get-Process -Name explorer -ErrorAction SilentlyContinue)) {
Write-Host "Explorer not found. Booting the desktop shell..."
Start-Process explorer.exe
# Give the desktop a few seconds to fully render the taskbar
Start-Sleep -Seconds 10
} else {
Write-Host "Explorer is already running."
}
choco install -y winappdriver
- name: Install NPM deps
- name: Enabled dev mode for WinAppDriver
if: runner.os == 'Windows'
shell: cmd
run : |
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"
- name: Install appium and totp tools
if: runner.os == 'Windows'
run: |
#echo "Installing appium..."
#npm install -g appium
echo "Installing appium..."
npm install -g appium
echo "Installing totp-generator..."
npm install totp-generator
npm install "totp-generator"
echo "Installing wdio..."
npm install @wdio/cli
echo "Installing appium win driver..."
appium driver install windows
- name: Install Certum MSI
if: runner.os == 'Windows'
shell: pwsh
run: |
#$url = "https://files.certum.eu/software/SimplySignDesktop/Windows/9.3.4.72/SimplySignDesktop-9.3.4.72-64-bit-en.msi"
$url = "https://www.files.certum.eu/software/SimplySignDesktop/Windows/9.4.0.84/SimplySignDesktop-9.4.0.84-64-bit-en.msi"
$file = "SimplySignDesktop.msi"
#$url = "https://files.certum.eu/software/SimplySignDesktop/Windows/9.3.2.67/SimplySignDesktop-9.3.2.67-64-bit-en.msi"
#$file = "SimplySignDesktop-9.3.2.67-64-bit-en.msi"
$url = "https://files.certum.eu/software/SimplySignDesktop/Windows/9.3.4.72/SimplySignDesktop-9.3.4.72-64-bit-en.msi"
$file = "SimplySignDesktop-9.3.4.72-64-bit-en.msi"
Invoke-WebRequest $url -OutFile $file
$log = "install.log"
$procMain = Start-Process "msiexec" "/i `"$file`" /qn /l*! `"$log`"" -NoNewWindow -PassThru
@@ -721,21 +686,18 @@ jobs:
env:
TOTP_SECRET: ${{ secrets.TOTP_SECRET }}
run: |
# disable win private firewall that interferes with appium server
Set-NetFirewallProfile -Profile Private -Enabled False
$appiumCmd = Get-Command appium
$appiumPath = $appiumCmd.Path
Start-Process -Filepath "powershell.exe" -ArgumentList "-File", $appiumPath, "--address", "127.0.0.1", "--log-level", "error"
Start-Sleep -Seconds 10
write-host "appium started"
write-host "running SimplySignDesktop login..."
node tools/ssd.mjs --log-level warn
write-host "sleeping during login..."
Start-Sleep 10
- name: Archive png artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # 7.0.0
if: runner.os == 'Windows'
with:
archive: true
name: images-${{ matrix.os }}
if-no-files-found: ignore
path: |
*.png
- name: Sign gam.exe
if: runner.os == 'Windows'
shell: pwsh
@@ -757,7 +719,7 @@ jobs:
$gam create signjwtserviceaccount
- name: Attest gam executable was generated from this Action
uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
uses: actions/attest-build-provenance@0b6e9809265278d02c58acf52849a95818a5a306 # v3.0.0
if: matrix.goal == 'build'
with:
subject-path: ${{ env.gam }}
@@ -778,6 +740,11 @@ jobs:
echo "GAM Archive ${GAM_ARCHIVE}"
tar -C "${gampath}/.." --create --verbose --exclude-from "${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" --file $GAM_ARCHIVE --xz gam7
- name: Install Wix on Win ARM64
if: runner.os == 'Windows' && runner.arch == 'ARM64'
run: |
choco install wixtoolset
- name: Windows package zip
if: runner.os == 'Windows' && matrix.goal != 'test'
run: |
@@ -787,52 +754,54 @@ jobs:
GAM_ARCHIVE="${GITHUB_WORKSPACE}/gam-${GAMVERSION}-windows-${arch}.zip"
/c/Program\ Files/7-Zip/7z.exe a -tzip "$GAM_ARCHIVE" gam7 "-xr@${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" -bb3
- name: Windows package exe with Inno Setup
- name: Windows package MSI
if: runner.os == 'Windows' && matrix.goal != 'test'
run: |
choco install innosetup
export signtool="C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe"
iscc \
/S"gamsigntool=$signtool sign /sha1 $WINDOWS_CODESIGN_CERT_HASH /tr http://time.certum.pl /td SHA256 /fd SHA256 /v \$f" \
/O"$GITHUB_WORKSPACE" \
gam.iss
export MSI_FILENAME="${GITHUB_WORKSPACE}/gam-${GAMVERSION}-windows-${arch}.msi"
# auto-generate a lib.wxs based on the files PyInstaller created for the lib/ directory
/c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/heat.exe dir "${gampath}/lib" -ke -srd -cg Lib -gg -dr lib -directoryid lib -out lib.wxs
$PYTHON tools/gen-wix-xml-filelist.py lib.wxs
echo "-- begin lib.wxs --"
cat lib.wxs
echo "-- end lib.wxs --"
/c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/candle.exe -arch "${WIX_ARCH}" gam.wxs lib.wxs
/c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/light.exe -ext /c/Program\ Files\ \(x86\)/WiX\ Toolset\ v3.14/bin/WixUIExtension.dll gam.wixobj lib.wixobj -b "${gampath}/lib" -o "$MSI_FILENAME" || true;
rm -v -f *.wixpdb
rm -v -f *.wixobj
echo "MSI_FILENAME=${MSI_FILENAME}" >> $GITHUB_ENV
- name: Sign GAM MSI
if: runner.os == 'Windows'
shell: pwsh
run: |
write-Host "Signing ${env:MSI_FILENAME}...."
# Always explicitely use x64 version os signtool.exe, arm64 version apparently can't
# see Certum certs since SimplySignDesktop is x64-only today.
Start-Process -Wait -NoNewWindow -ErrorAction Continue -FilePath 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe' -ArgumentList "sign", "/sha1", "$env:WINDOWS_CODESIGN_CERT_HASH", "/tr", "http://time.certum.pl", "/td", "SHA256", "/fd", "SHA256", "/v", "$env:MSI_FILENAME"
write-Host "Verifying signature of ${env:MSI_FILENAME}...."
# verify signature. If we failed to sign we should fail to verify and die.
& 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe' verify /pa /v "$env:MSI_FILENAME"
- name: Attest that gam package files were generated from this Action
uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
uses: actions/attest-build-provenance@0b6e9809265278d02c58acf52849a95818a5a306 # v3.0.0
if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.goal == 'build'
with:
subject-path: |
gam*.tar.xz
gam*.zip
gam*.exe
# gam*.msi
gam*.msi
- name: Archive tar.xz artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # 7.0.0
if: runner.os != 'Windows'
- name: Archive production artifacts
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
#if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.goal != 'test'
if: always()
with:
archive: false
if-no-files-found: ignore
name: gam-binaries-${{ env.GAMOS }}-${{ env.arch }}-${{ matrix.jid }}
path: |
gam*.tar.xz
- name: Archive zip artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # 7.0.0
if: runner.os == 'Windows'
with:
archive: false
if-no-files-found: ignore
path: |
gam*.zip
- name: Archive exe artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # 7.0.0
if: runner.os == 'Windows'
with:
archive: false
if-no-files-found: ignore
path: |
gam*.exe
gam*.msi
*.png
- name: Basic Tests build jobs only
if: matrix.goal != 'test' && steps.cache-python-ssl.outputs.cache-hit != 'true'
@@ -857,46 +826,19 @@ jobs:
- name: Live API tests
if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
run: |
run_gam() {
local allowed_codes="0"
if [[ "$1" == "-a" ]]; then
allowed_codes="$2"
shift 2
fi
echo "::group::Executing: gam $*"
local exit_code=0
$gam "$@" || exit_code=$?
echo "::endgroup::"
allowed_codes="${allowed_codes//,/ }"
local passed=false
for code in $allowed_codes; do
if [ "$exit_code" -eq "$code" ]; then
passed=true
break
fi
done
if [ "$passed" = true ]; then
echo "| \`gam $*\` | 🟢 Pass | $exit_code |" >> $GITHUB_STEP_SUMMARY
return 0 # Mask the allowed non-zero exit code so GHA continues
else
echo "| \`gam $*\` | 🔴 Fail | $exit_code |" >> $GITHUB_STEP_SUMMARY
exit $exit_code # Hard fail the step for unapproved errors
fi
}
export gam_user="gam-gha-${JID}@pdl.jaylee.us"
echo "gam_user=${gam_user}" >> $GITHUB_ENV
run_gam config customer_id "C03uzfv2s" save
run_gam config domain "pdl.jaylee.us" save
run_gam config admin_email "${gam_user}" save
run_gam config enable_dasa false save
run_gam oauth info
run_gam oauth refresh
run_gam config enable_dasa true save
run_gam checkconn
run_gam user "$gam_user" check serviceaccount
run_gam info domain
run_gam info user
$gam config customer_id "C03uzfv2s" save
$gam config domain "pdl.jaylee.us" save
$gam config admin_email "${gam_user}" save
$gam config enable_dasa false save
$gam oauth info
$gam oauth refresh
$gam config enable_dasa true save
$gam checkconn
$gam user "$gam_user" check serviceaccount
$gam info domain
$gam info user
export tstamp=$($PYTHON -c "import time; print(time.time_ns())")
export newbase="gha_test_${JID}_${tstamp}"
export newuser="${newbase}@pdl.jaylee.us"
@@ -906,38 +848,23 @@ jobs:
export newresource="${newbase}-resource"
export newou="aaaGithub Actions/${newbase}"
echo "### GAM Execution Report" >> $GITHUB_STEP_SUMMARY
echo "| Command | Status |" >> $GITHUB_STEP_SUMMARY
echo "| :--- | :---: |" >> $GITHUB_STEP_SUMMARY
# cleanup old runs
run_gam config enable_dasa false save
run_gam config csv_output_row_filter "name:regex:gha_test_${JID}_" redirect csv ./vh.csv print vaultholds
run_gam -a "0 55" csv ./vh.csv gam delete vaulthold "id:~~holdId~~" matter "id:~~matterId~~"
run_gam config csv_output_row_filter "name:regex:gha_test_${JID}_" redirect csv ./vm-open.csv print vaultmatters matterstate OPEN
run_gam csv ./vm-open.csv gam update vaultmatter "id:~~matterId~~" action close
run_gam config csv_output_row_filter "name:regex:gha_test_${JID}_" redirect csv ./vm-closed.csv print vaultmatters matterstate CLOSED
run_gam csv ./vm-closed.csv gam update vaultmatter "id:~~matterId~~" action delete
run_gam config csv_output_row_filter "Emails.1.address:regex:^gha_test-${JID}_" redirect csv ./contacts.csv print contacts
run_gam csv ./contacts.csv gam delete contact ~ContactID
run_gam config enable_dasa true save
run_gam config csv_output_row_filter "name:regex:gha_test_${JID}_" redirect csv ./features.csv print features
run_gam csv ./features.csv gam delete feature ~name
run_gam config csv_output_row_filter "name:regex:^gha_test_${JID}_" redirect csv ./sd.csv user $gam_user print shareddrives asadmin
run_gam csv ./sd.csv gam user $gam_user delete shareddrive ~id nukefromorbit
run_gam redirect csv ./users.csv print users query "gha.jid=$JID"
run_gam csv ./users.csv gam delete user ~primaryEmail
run_gam config csv_output_row_filter "name:regex:^gha_test_${JID}_" redirect csv ./ous.csv print ous fromparent "aaaGithub Actions"
run_gam csv ./ous.csv gam delete ou ~orgUnitId
run_gam config csv_output_row_filter "email:regex:^gha_test_${JID}_" redirect csv ./cigroups.csv print cigroups
run_gam csv ./cigroups.csv gam delete cigroup ~email
run_gam config csv_output_row_filter "resourceId:regex:^gha_test_${JID}_" redirect csv ./resources.csv print resources
run_gam csv ./resources.csv gam delete resource ~resourceId
run_gam config csv_output_row_filter "buildingId:regex:^gha_test_${JID}_" redirect csv ./buildings.csv print buildings
run_gam csv ./buildings.csv gam delete building ~buildingId
$gam config enable_dasa false save
$gam config csv_output_row_filter "name:regex:gha_test_${JID}_" print vaultholds | $gam csv - gam delete vaulthold "id:~~holdId~~" matter "id:~~matterId~~" || if [ $? != 55 ]; then exit $?; fi
$gam config csv_output_row_filter "name:regex:gha_test_${JID}_" print vaultmatters matterstate OPEN | $gam csv - gam update vaultmatter "id:~~matterId~~" action close
$gam config csv_output_row_filter "name:regex:gha_test_${JID}_" print vaultmatters matterstate CLOSED | $gam csv - gam update vaultmatter "id:~~matterId~~" action delete
$gam config csv_output_row_filter "Emails.1.address:regex:^gha_test-${JID}_" print contacts | $gam csv - gam delete contact ~ContactID
$gam config enable_dasa true save
$gam config csv_output_row_filter "name:regex:gha_test_${JID}_" print features | $gam csv - gam delete feature ~name
$gam config csv_output_row_filter "name:regex:^gha_test_${JID}_" user $gam_user print shareddrives asadmin | $gam csv - gam user $gam_user delete shareddrive ~id nukefromorbit
$gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail
$gam config csv_output_row_filter "name:regex:^gha_test_${JID}_" print ous fromparent "aaaGithub Actions" | $gam csv - gam delete ou ~orgUnitId
$gam config csv_output_row_filter "email:regex:^gha_test_${JID}_" print cigroups | $gam csv - gam delete cigroup ~email
$gam config csv_output_row_filter "resourceId:regex:^gha_test_${JID}_" print resources | $gam csv - gam delete resource ~resourceId
$gam config csv_output_row_filter "buildingId:regex:^gha_test_${JID}_" print buildings | $gam csv - gam delete building ~buildingId
echo "Creating OrgUnit ${newou}"
run_gam create ou "${newou}"
$gam create ou "${newou}"
export GAM_THREADS=5
echo email > sample.csv;
for i in {1..10}; do
@@ -945,185 +872,187 @@ jobs:
done
driveid=$($gam user $gam_user add shareddrive "${newbase}" returnidonly)
echo "Created shared drive ${driveid}"
run_gam create user $newuser firstname GHA lastname $JID displayname "Github Actions ${JID}" password uniquerandom recoveryphone 12125121110 recoveryemail jay0lee@gmail.com gha.jid $JID languages en+,en-GB- ou "$newou"
run_gam user $newuser update photo https://dummyimage.com/98x98/000/fff.jpg
run_gam user $newuser get photo
run_gam user $newuser delete photo
run_gam create alias $newalias user $newuser
run_gam create group $newgroup name "GHA $JID group" description "This is a description" isarchived true
run_gam user $gam_user sendemail recipient dev-null@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
run_gam user $newuser add license workspaceenterpriseplus
run_gam update user $newuser ou root # GAM synonym for / root OU
run_gam update user $newuser ou "$newou"
run_gam config enable_dasa false save
$gam create user $newuser firstname GHA lastname $JID displayname "Github Actions ${JID}" password random recoveryphone 12125121110 recoveryemail jay0lee@gmail.com gha.jid $JID languages en+,en-GB- ou "${newou}"
$gam user $newuser add license workspaceenterpriseplus
$gam user $newuser update photo https://dummyimage.com/98x98/000/fff.jpg
$gam user $newuser get photo
$gam user $newuser delete photo
$gam create alias $newalias user $newuser
$gam create group $newgroup name "GHA $JID group" description "This is a description" isarchived true
$gam user $gam_user sendemail recipient dev-null@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
$gam config enable_dasa false save
# don't expose policy output
run_gam show policies > policies.csv
run_gam create contact firstname GHA lastname "$JID" email work "${newbase}@example.com" primary
run_gam print contacts
run_gam print privileges
run_gam config enable_dasa true save
run_gam update cigroup $newgroup security memberrestriction 'member.type == 1 || member.customer_id == groupCustomerId()'
run_gam info cigroup $newgroup
run_gam update group $newgroup add owner $gam_user
run_gam update group $newgroup add member $newuser
run_gam config enable_dasa false save
$gam show policies > policies.csv
$gam create contact firstname GHA lastname "$JID" email work "${newbase}@example.com" primary
$gam print contacts
$gam print privileges
$gam config enable_dasa true save
$gam update cigroup $newgroup security memberrestriction 'member.type == 1 || member.customer_id == groupCustomerId()'
$gam info cigroup $newgroup
$gam update group $newgroup add owner $gam_user
$gam update group $newgroup add member $newuser
$gam config enable_dasa false save
# 9/17/24 temp disable due to Google API sluggishness to see new users for admin commands
# run_gam create admin $newuser _GROUPS_EDITOR_ROLE CUSTOMER # condition nonsecuritygroup
# $gam create admin $newuser _GROUPS_EDITOR_ROLE CUSTOMER # condition nonsecuritygroup
# 9/13/25 temp disable due to hangs
# run_gam create admin $newgroup _HELP_DESK_ADMIN_ROLE org_unit "${newou}"
# run_gam config csv_output_row_filter "assignedToUser:regex:${newuser}" print admins | run_gam csv - gam delete admin "~roleAssignmentId"
# run_gam config csv_output_row_filter "assignedToGroup:regex:${newgroup}" print admins | run_gam csv - gam delete admin "~roleAssignmentId"
run_gam config enable_dasa false save
run_gam csv sample.csv gam create user ~~email~~ firstname "GHA Bulk" lastname ~~email~~ gha.jid $JID ou "${newou}"
run_gam csv sample.csv gam update user ~~email~~ recoveryphone 12125121110 recoveryemail jay0lee@gmail.com password random displayname "GitHub Actions Bulk ${JID}"
run_gam csv sample.csv gam update user ~~email~~ recoveryphone "" recoveryemail ""
run_gam config enable_dasa false save
run_gam csv sample.csv gam user ~email add license workspaceenterpriseplus
#run_gam user $newuser add contactdelegate "${newbase}-bulkuser-1"
#run_gam user $newuser print contactdelegates
run_gam config enable_dasa true save
run_gam csv sample.csv gam user $gam_user sendemail recipient ~~email~~@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
run_gam csv sample.csv gam update group $newgroup add member ~email
run_gam info group $newgroup
run_gam info cigroup $newgroup membertree
# $gam create admin $newgroup _HELP_DESK_ADMIN_ROLE org_unit "${newou}"
# $gam config csv_output_row_filter "assignedToUser:regex:${newuser}" print admins | $gam csv - gam delete admin "~roleAssignmentId"
# $gam config csv_output_row_filter "assignedToGroup:regex:${newgroup}" print admins | $gam csv - gam delete admin "~roleAssignmentId"
$gam config enable_dasa false save
$gam csv sample.csv gam create user ~~email~~ firstname "GHA Bulk" lastname ~~email~~ gha.jid $JID ou "${newou}"
$gam csv sample.csv gam update user ~~email~~ recoveryphone 12125121110 recoveryemail jay0lee@gmail.com password random displayname "GitHub Actions Bulk ${JID}"
$gam csv sample.csv gam update user ~~email~~ recoveryphone "" recoveryemail ""
$gam config enable_dasa false save
$gam csv sample.csv gam user ~email add license workspaceenterpriseplus
#$gam user $newuser add contactdelegate "${newbase}-bulkuser-1"
#$gam user $newuser print contactdelegates
$gam config enable_dasa true save
$gam csv sample.csv gam user $gam_user sendemail recipient ~~email~~@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
$gam csv sample.csv gam update group $newgroup add member ~email
$gam info group $newgroup
$gam info cigroup $newgroup membertree
# confirm mailbox is provisoned before continuing
run_gam user $newuser waitformailbox retries 50
run_gam user $newuser imap on
run_gam user $newuser show imap
run_gam user $newuser show delegates
$gam user $newuser waitformailbox retries 50
$gam user $newuser imap on
$gam user $newuser show imap
$gam user $newuser show delegates
export biohazard=$(echo -e '\xe2\x98\xa3')
run_gam user $newuser label "$biohazard unicode biohazard $biohazard"
run_gam user $newuser show labels
run_gam user $newuser show labels > labels.txt
run_gam user $gam_user importemail subject "GHA import $newbase" message "This is a test import" labels IMPORTANT,UNREAD,INBOX,STARRED
run_gam user $gam_user insertemail subject "GHA insert $newbase" file gam.py labels INBOX,UNREAD # yep body is gam code
run_gam user $gam_user sendemail recipient admin@pdl.jaylee.us subject "GHA send $gam_user $newbase" file gam.py
run_gam user $gam_user draftemail subject "GHA draft $newbase" message "Draft message test"
run_gam csvfile sample.csv:email waitformailbox retries 20
run_gam user $newuser delegate to "${newbase}-bulkuser-1" || if [ $? != 50 ]; then exit $?; fi # expect a 50 return code (delegation failed)
run_gam -a "0 60" users "$gam_user $newbase-bulkuser-1 $newbase-bulkuser-2 $newbase-bulkuser-3" delete messages query in:anywhere maxtodelete 99999 doit
run_gam -a "0 60" users "$newbase-bulkuser-4 $newbase-bulkuser-5 $newbase-bulkuser-6" trash messages query in:anywhere maxtotrash 99999 doit
run_gam -a "0 60" users "$newbase-bulkuser-7 $newbase-bulkuser-8 $newbase-bulkuser-9" modify messages query in:anywhere maxtomodify 99999 addlabel IMPORTANT addlabel STARRED doit
run_gam user $newuser delete label --ALL_LABELS--
run_gam config csv_output_row_filter "name:regex:gha-test-${JID}" redirect csv ./features.csv print features
run_gam csv ./features.csv gam delete feature ~name
run_gam create feature name VC-$newbase
run_gam create feature name Whiteboard-$newbase
run_gam create building "My Building - $newbase" id $newbuilding floors 1,2,3,4,5,6,7,8,9,10,11,12,14,15 description "No 13th floor here..."
run_gam create resource $newresource "Resource Calendar $tstamp" capacity 25 features Whiteboard-$newbase,VC-$newbase building $newbuilding floor 15 type Room
run_gam info resource $newresource
run_gam user $newuser add drivefile drivefilename "TPS Reports" mimetype gfolder
run_gam user $newuser show filelist
run_gam redirect csv ./cal-acl.csv calendar $gam_user printacl
run_gam csv ./cal-acl.csv gam calendar $gam_user delete ~id # clear ACLs
run_gam calendar $gam_user add read domain
run_gam calendar $gam_user add freebusy default
run_gam calendar $gam_user add editor $newuser
run_gam calendar $gam_user showacl
run_gam redirect csv ./cal-acl.csv calendar $gam_user printacl
run_gam csv ./cal-acl.csv gam calendar $gam_user delete ~id
run_gam calendar $gam_user addevent summary "GHA test event" start +1h end +2h attendee $newgroup hangoutsmeet guestscanmodify true sendupdates all
run_gam calendar $gam_user printevents after -0d
run_gam config enable_dasa false save
$gam user $newuser label "$biohazard unicode biohazard $biohazard"
$gam user $newuser show labels
$gam user $newuser show labels > labels.txt
$gam user $gam_user importemail subject "GHA import $newbase" message "This is a test import" labels IMPORTANT,UNREAD,INBOX,STARRED
$gam user $gam_user insertemail subject "GHA insert $newbase" file gam.py labels INBOX,UNREAD # yep body is gam code
$gam user $gam_user sendemail recipient admin@pdl.jaylee.us subject "GHA send $gam_user $newbase" file gam.py
$gam user $gam_user draftemail subject "GHA draft $newbase" message "Draft message test"
$gam csvfile sample.csv:email waitformailbox retries 20
$gam user $newuser delegate to "${newbase}-bulkuser-1" || if [ $? != 50 ]; then exit $?; fi # expect a 50 return code (delegation failed)
$gam users "$gam_user $newbase-bulkuser-1 $newbase-bulkuser-2 $newbase-bulkuser-3" delete messages query in:anywhere maxtodelete 99999 doit || if [ $? != 60 ]; then exit $?; fi # expect a 60 return code (no messages)
$gam users "$newbase-bulkuser-4 $newbase-bulkuser-5 $newbase-bulkuser-6" trash messages query in:anywhere maxtotrash 99999 doit || if [ $? != 60 ]; then exit $?; fi # expect a 60 return code (no messages)
$gam users "$newbase-bulkuser-7 $newbase-bulkuser-8 $newbase-bulkuser-9" modify messages query in:anywhere maxtomodify 99999 addlabel IMPORTANT addlabel STARRED doit || if [ $? != 60 ]; then exit $?; fi # expect a 60 return code (no messages)
$gam user $newuser delete label --ALL_LABELS--
$gam config csv_output_row_filter "name:regex:gha-test-${JID}" print features | $gam csv - gam delete feature ~name
$gam create feature name VC-$newbase
$gam create feature name Whiteboard-$newbase
$gam create building "My Building - $newbase" id $newbuilding floors 1,2,3,4,5,6,7,8,9,10,11,12,14,15 description "No 13th floor here..."
$gam create resource $newresource "Resource Calendar $tstamp" capacity 25 features Whiteboard-$newbase,VC-$newbase building $newbuilding floor 15 type Room
$gam info resource $newresource
$gam user $newuser add drivefile drivefilename "TPS Reports" mimetype gfolder
$gam user $newuser show filelist
$gam calendar $gam_user printacl | $gam csv - gam calendar $gam_user delete ~id # clear ACLs
$gam calendar $gam_user add read domain
$gam calendar $gam_user add freebusy default
$gam calendar $gam_user add editor $newuser
$gam calendar $gam_user showacl
$gam calendar $gam_user printacl | $gam csv - gam calendar $gam_user delete ~id
$gam calendar $gam_user addevent summary "GHA test event" start +1h end +2h attendee $newgroup hangoutsmeet guestscanmodify true sendupdates all
$gam calendar $gam_user printevents after -0d
$gam config enable_dasa false save
matterid=uid:$($gam create vaultmatter name "GHA matter $newbase" description "test matter" returnidonly)
run_gam create vaulthold matter "$matterid" name "GHA hold ${newbase}" corpus mail ou "$newou"
run_gam print vaultmatters matterstate open
run_gam print vaultholds matter $matterid
run_gam print vaultcount matter $matterid corpus mail everyone todrive tdnobrowser
run_gam create vaultexport matter $matterid name "GHA export $newbase" corpus mail ou "$newou"
run_gam redirect csv ./exports.csv print exports matter $matterid
run_gam csv ./exports.csv gam info export $matterid id:~~id~~
run_gam config enable_dasa true save
run_gam csv sample.csv gam user ~email add calendar id:$newresource
run_gam delete resource $newresource
run_gam delete feature Whiteboard-$newbase
run_gam delete feature VC-$newbase
run_gam delete building $newbuilding
run_gam delete group $newgroup
run_gam config enable_dasa false save
$gam create vaulthold matter $matterid name "GHA hold ${newbase}" corpus mail ou "$newou"
$gam print vaultmatters matterstate open
$gam print vaultholds matter $matterid
$gam print vaultcount matter $matterid corpus mail everyone todrive tdnobrowser
$gam create vaultexport matter $matterid name "GHA export $newbase" corpus mail ou "$newou"
$gam print exports matter $matterid | $gam csv - gam info export $matterid id:~~id~~
$gam config enable_dasa true save
$gam csv sample.csv gam user ~email add calendar id:$newresource
$gam delete resource $newresource
$gam delete feature Whiteboard-$newbase
$gam delete feature VC-$newbase
$gam delete building $newbuilding
$gam delete group $newgroup
$gam config enable_dasa false save
echo start
run_gam user $newuser delete license workspaceenterpriseplus
$gam user $newuser delete license workspaceenterpriseplus
echo finish
run_gam config enable_dasa true save
run_gam -a "0 20" whatis $newuser
run_gam user $gam_user show tokens
run_gam config enable_dasa false save
$gam config enable_dasa true save
$gam whatis $newuser || if [ $? != 20 ]; then exit $?; fi # expect a 20 return code (is a user)
$gam user $gam_user show tokens
$gam config enable_dasa false save
download_dir="${RUNNER_TEMP}/TEMP_DELETE_ME"
mkdir -v "$download_dir"
run_gam redirect csv ./exports.csv print exports matter $matterid
run_gam csv ./exports.csv gam download export $matterid id:~~id~~ targetfolder "$download_dir"
$gam print exports matter $matterid | $gam csv - gam download export $matterid id:~~id~~ targetfolder "$download_dir"
rm -rvf "$download_dir"
run_gam delete hold "GHA hold $newbase" matter $matterid
run_gam update matter $matterid action close
run_gam update matter $matterid action delete
$gam delete hold "GHA hold $newbase" matter $matterid
$gam update matter $matterid action close
$gam update matter $matterid action delete
# shakes off vault hold on user so we can delete
run_gam redirect csv ./users.csv print users query "email:${newuser}" orgunitpath
run_gam csv ./users.csv gam update user ~primaryEmail ou ~orgUnitPath
run_gam user $newuser show holds || if [ $? != 55 ]; then exit $?; fi # expect a 55 return code
$gam print users query "email:${newuser}" orgunitpath | $gam csv - gam update user ~primaryEmail ou ~orgUnitPath
$gam user $newuser show holds || if [ $? != 55 ]; then exit $?; fi # expect a 55 return code
export sn="$JID$JID$JID$JID-$(openssl rand -base64 32 | sed 's/[^a-zA-Z0-9]//g')"
run_gam create device serialnumber $sn devicetype android
run_gam delete contacts emailmatchpattern "^${newbase}@example.com$"
run_gam config enable_dasa true save
run_gam redirect csv ./users.csv print users query "gha.jid=$JID"
run_gam -a "0 50" csv ./users.csv gam delete user ~primaryEmail
run_gam print mobile
run_gam print devices clientstates
run_gam print browsers
run_gam print cros allfields orderby serialnumber
run_gam show crostelemetry storagepercentonly
run_gam report usageparameters customer
run_gam report usage customer parameters gmail:num_emails_sent,accounts:num_1day_logins
run_gam report customer todrive tdnobrowser
#run_gam report users fields accounts:is_less_secure_apps_access_allowed,gmail:last_imap_time,gmail:last_pop_time filters "accounts:last_login_time>2025-01-01T00:00:00.000Z" todrive tdnobrowser
run_gam report users todrive tdnobrowser
run_gam report admin start -3d todrive tdnobrowser
run_gam redirect csv ./devices.csv print devices nopersonaldevices nodeviceusers filter "serial:$JID$JID$JID$JID-"
run_gam csv ./devices.csv gam delete device id ~name
run_gam config enable_dasa false save
run_gam print userinvitations
run_gam redirect csv ./invitations.csv print userinvitations
run_gam csv ./invitations.csv gam send userinvitation ~name
run_gam config enable_dasa false save
run_gam create caalevel "zzz_${newbase}" basic condition ipsubnetworks 1.1.1.1/32,2.2.2.2/32 endcondition
run_gam print caalevels
run_gam delete caalevel "zzz_${newbase}"
run_gam user $gam_user add drivefile localfile gam.py parentid "${driveid}"
run_gam user $gam_user update shareddrive "${driveid}" ou "${newou}"
run_gam user $gam_user show shareddrives asadmin
run_gam user $gam_user update shareddrive "${driveid}" ou "aaaGithub Actions" # so we can delete our OU...
run_gam user $gam_user delete shareddrive "${driveid}" nukefromorbit
ssoprofile=$(run_gam config debug_level 1 create inboundssoprofile name "El Goog ${newbase}" loginurl https://www.google.com logouturl https://www.google.com changepasswordurl https://www.google.com entityid ElGoog return_name_only)
$gam create device serialnumber $sn devicetype android
$gam delete contacts emailmatchpattern "^${newbase}@example.com$"
$gam config enable_dasa true save
$gam print users query "gha.jid=$JID" | $gam csv - gam delete user ~primaryEmail || if [ $? != 50 ]; then exit $?; fi # expect a 50 return code (vault hold on user)
$gam print mobile
$gam print devices clientstates
$gam print browsers
$gam print cros allfields orderby serialnumber
$gam show crostelemetry storagepercentonly
$gam report usageparameters customer
$gam report usage customer parameters gmail:num_emails_sent,accounts:num_1day_logins
$gam report customer todrive tdnobrowser
#$gam report users fields accounts:is_less_secure_apps_access_allowed,gmail:last_imap_time,gmail:last_pop_time filters "accounts:last_login_time>2025-01-01T00:00:00.000Z" todrive tdnobrowser
$gam report users todrive tdnobrowser
$gam report admin start -3d todrive tdnobrowser
$gam print devices nopersonaldevices nodeviceusers filter "serial:$JID$JID$JID$JID-" | $gam csv - gam delete device id ~name
$gam config enable_dasa false save
$gam print userinvitations
$gam print userinvitations | $gam csv - gam send userinvitation ~name
$gam config enable_dasa false save
$gam create caalevel "zzz_${newbase}" basic condition ipsubnetworks 1.1.1.1/32,2.2.2.2/32 endcondition
$gam print caalevels
$gam delete caalevel "zzz_${newbase}"
$gam user $gam_user add drivefile localfile gam.py parentid "${driveid}"
$gam user $gam_user update shareddrive "${driveid}" ou "${newou}"
$gam user $gam_user show shareddrives asadmin
$gam user $gam_user update shareddrive "${driveid}" ou "aaaGithub Actions" # so we can delete our OU...
$gam user $gam_user delete shareddrive "${driveid}" nukefromorbit
ssoprofile=$($gam config debug_level 1 create inboundssoprofile name "El Goog ${newbase}" loginurl https://www.google.com logouturl https://www.google.com changepasswordurl https://www.google.com entityid ElGoog return_name_only)
if [ ${ssoprofile} != 'inProgress' ]; then
run_gam create inboundssocredential profile "id:${ssoprofile}" generate_key
#run_gam create inboundssoassignment profile "id:${ssoprofile}" orgunit "${newou}" mode SAML_SSO
#run_gam delete inboundssoassignment "orgunit:${newou}"
run_gam delete inboundssoprofile "id:${ssoprofile}"
$gam create inboundssocredential profile "id:${ssoprofile}" generate_key
#$gam create inboundssoassignment profile "id:${ssoprofile}" orgunit "${newou}" mode SAML_SSO
#$gam delete inboundssoassignment "orgunit:${newou}"
$gam delete inboundssoprofile "id:${ssoprofile}"
fi
echo "printer model count:"
run_gam print printermodels | wc -l
run_gam print printers
printerid=$($gam create printer displayname "${newbase}" uri ipp://localhost:631 driverless description "made by ${gam_user}" ou "${newou}" returnIdOnly)
run_gam info printer "$printerid"
run_gam delete printer "$printerid"
run_gam delete ou "${newou}"
$gam print printermodels | wc -l
$gam print printers
printerid=$($gam create printer displayname "${newbase}" uri ipp://localhost:631 driverless description "made by ${gam_user}" ou "${newou}" nodetails | awk '{print substr($2, 1, length($2)-1)}')
$gam info printer "$printerid"
$gam delete printer "$printerid"
$gam delete ou "${newou}"
- name: Tar Cache archive
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
working-directory: ${{ github.workspace }}
run: |
#if [[ "${RUNNER_OS}" == "Windows" ]]; then
# tar_folders="src/cpython/ bin/ssl"
#else
# tar_folders="bin/"
#fi
if [[ "${RUNNER_OS}" == "Windows" ]]; then
tar_folders="src/cpython/ bin/ssl"
else
tar_folders="bin/"
fi
echo '.git*' > ./excludes.txt
tar cJvvf cache.tar.xz --exclude-from=excludes.txt $tar_folders
merge:
if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
runs-on: ubuntu-24.04
needs: build
permissions:
contents: write
packages: write
steps:
- name: Merge Artifacts
uses: actions/upload-artifact/merge@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: gam-binaries
pattern: gam-binaries-*
publish:
if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
runs-on: ubuntu-24.04
needs: build
needs: merge
permissions:
contents: write
packages: write
@@ -1131,17 +1060,13 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
with:
persist-credentials: false
fetch-depth: 0
- name: Download artifacts
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
with:
path: gam-binaries/
merge-multiple: true
skip-decompress: true
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # 5.0.0
- name: VirusTotal Scan
uses: crazy-max/ghaction-virustotal@d34968c958ae283fe976efed637081b9f9dcf74f # 4.2.0
@@ -1158,7 +1083,7 @@ jobs:
echo "dateversion=${dateversion}" >> $GITHUB_OUTPUT
- name: Publish draft release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
with:
draft: true
prerelease: false

View File

@@ -1,9 +1,14 @@
name: Check for Google Root CA Updates
on:
push:
paths-ignore:
- 'wiki/**'
pull_request:
paths-ignore:
- 'wiki/**'
schedule:
- cron: '23 23 * * *'
workflow_dispatch:
defaults:
run:
@@ -12,9 +17,9 @@ defaults:
jobs:
check-certs:
runs-on: ubuntu-slim
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
with:
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
@@ -25,51 +30,9 @@ jobs:
echo "Current hash is: ${CURRENT_HASH}"
echo "CURRENT_HASH=${CURRENT_HASH}" >> $GITHUB_ENV
- name: Generate GAM-specific bundle with LE + Google roots
- name: Get latest cacerts.pem file from Google
run: |
OUTPUT_FILE="cacerts.pem"
> "$OUTPUT_FILE"
process_cert() {
local url="$1"
local op_ca="$2"
local label="$3"
local tmp_cert=$(mktemp)
curl "$url" > "$tmp_cert"
local issuer=$(openssl x509 -noout -issuer -in "$tmp_cert" | sed -e 's/^issuer= *//')
local subject=$(openssl x509 -noout -subject -in "$tmp_cert" | sed -e 's/^subject= *//')
local serial_hex=$(openssl x509 -noout -serial -in "$tmp_cert" | sed -e 's/^serial=//')
local serial_dec=$(python3 -c "print(int('$serial_hex', 16))")
local md5=$(openssl x509 -noout -fingerprint -md5 -in "$tmp_cert" | sed -e 's/.*=//' | tr '[:upper:]' '[:lower:]')
local sha1=$(openssl x509 -noout -fingerprint -sha1 -in "$tmp_cert" | sed -e 's/.*=//' | tr '[:upper:]' '[:lower:]')
local sha256=$(openssl x509 -noout -fingerprint -sha256 -in "$tmp_cert" | sed -e 's/.*=//' | tr '[:upper:]' '[:lower:]')
echo "# Operating CA: $op_ca" >> "$OUTPUT_FILE"
echo "# Issuer: $issuer" >> "$OUTPUT_FILE"
echo "# Subject: $subject" >> "$OUTPUT_FILE"
echo "# Label: \"$label\"" >> "$OUTPUT_FILE"
echo "# Serial: $serial_dec" >> "$OUTPUT_FILE"
echo "# MD5 Fingerprint: $md5" >> "$OUTPUT_FILE"
echo "# SHA1 Fingerprint: $sha1" >> "$OUTPUT_FILE"
echo "# SHA256 Fingerprint: $sha256" >> "$OUTPUT_FILE"
cat "$tmp_cert" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
rm "$tmp_cert"
}
echo "#" >> "$OUTPUT_FILE"
echo "# This is a custom certificate authority bundle for GAM" >> "$OUTPUT_FILE"
echo "# It's composed of Let's Encrypt Root CAs and Google's" >> "$OUTPUT_FILE"
echo "# certificate bundle. This should be the minimal list of" >> "$OUTPUT_FILE"
echo "# CAs required to talk to Google and Github." >> "$OUTPUT_FILE"
echo"" >> "$OUTPUT_FILE"
echo "Processing Let's Encrypt ISRG Root X1..."
process_cert "https://letsencrypt.org/certs/isrgrootx1.pem" "Let's Encrypt" "ISRG Root X1"
echo "Processing Let's Encrypt ISRG Root X2..."
process_cert "https://letsencrypt.org/certs/isrg-root-x2.pem" "Let's Encrypt" "ISRG Root X2"
echo "Appending Google's roots.pem..."
curl -s https://pki.goog/roots.pem >> "$OUTPUT_FILE"
echo "Done! The new bundle has been saved to $OUTPUT_FILE."
curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem
- name: Compare hashes
run: |
@@ -88,6 +51,6 @@ jobs:
git diff --quiet && git diff --staged --quiet || git commit -am '[ci skip] Updated cacerts.pem'
- name: Push changes
uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}

View File

@@ -11,8 +11,8 @@ authors = [
#significant compile dependencies.
dependencies = [
"arrow>=1.3.0",
"chardet==5.2.0",
"cryptography>=46.0.5",
"chardet>=5.2.0",
"cryptography==46.0.5",
"distro; sys_platform=='linux'",
"filelock>=3.18.0",
"google-api-python-client>=2.167.0",
@@ -31,11 +31,11 @@ requires-python = ">=3.10"
classifiers = [
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
"Programming Language :: Python :: 3.14",
"Operating System :: OS Independent",
]
license = {text = "Apache License (2.0)"}

View File

@@ -260,7 +260,6 @@ If an item contains spaces, it should be surrounded by ".
4tb | drive4tb | googledrivestorage4tb | Google-Drive-storage-4TB |
8tb | drive8tb | googledrivestorage8tb | Google-Drive-storage-8TB |
16tb | drive16tb | googledrivestorage16tb | Google-Drive-storage-16TB |
aiexpandedaccess | 1010470009 | AI Expanded Access |
aimeetingsandmessaging | 1010470007 | AI Meetings and Messaging |
aisecurity | 1010470006 | AI Security |
appsheetcore | 1010380001 | AppSheet Core |
@@ -279,7 +278,7 @@ If an item contains spaces, it should be surrounded by ".
gaiproedu | geminiedu | 1010470004 | Google AI Pro for Education |
geminibiz | 1010470003 | Gemini Business |
geminiedupremium| 1010470005 | Gemini Education Premium |
geminient| duetai | 1010470001 | Gemini Enterprise - Legacy |
geminient| duetai | 1010470001 | Gemini Enterprise |
geminiultra | 1010470008 | Google AI Ultra for Business |
gsuitebasic | gafb | gafw | basic | Google-Apps-For-Business |
gsuitebusiness | gau | gsb | unlimited | Google-Apps-Unlimited |
@@ -1430,8 +1429,6 @@ gam print addresses [todrive <ToDriveAttribute>*]
# Authorization
gam info gcporgid
gam create gcpfolder <String>
gam create gcpfolder [admin <EmailAddress>] folder <String>
@@ -2993,8 +2990,6 @@ gam [<UserTypeEntity>] show classificationlabelpermissions <ClassificationLabelN
(combiningfunction <CAACombiningFunction>) |
(condition <CAAConditionAttribute>+ endcondition)
gam info gcporgid
gam create caalevel <String> [description <String>] (basic <CAABasicAttribute>+)|(custom <QueryCEL>)|<JSONData>
gam update caalevel <CAALevelName> [description <String>] (basic <CAABasicAttribute>+)|(custom <QueryCEL>)|<JSONData>
gam delete caalevel <CAALevelName>
@@ -3549,10 +3544,6 @@ gam info customer [formatjson]
gam info instance [formatjson]
gam info customerid
gam info gcporgid
# Data Transfers
gam print|show transferapps
@@ -4344,14 +4335,14 @@ gam update deviceuserstate <DeviceUserEntity> [clientid <String>]
# Cloud Identity Policies
gam info policies <CIPolicyNameEntity>
[nowarnings] [noappnames] [noidmappimg]
[nowarnings] [noappnames]
[formatjson]
gam print policies [todrive <ToDriveAttribute>*]
[filter <String>] [nowarnings] [noappnames] [noidmappimg]
[filter <String>] [nowarnings] [noappnames]
[group <REMatchPattern>] [ou|org|orgunit <REMatchPattern>]
[formatjson [quotechar <Character>]]
gam show policies
[filter <String>] [nowarnings] [noappnames] [noidmappimg]
[filter <String>] [nowarnings] [noappnames]
[group <REMatchPattern>] [ou|org|orgunit <REMatchPattern>]
[formatjson]
@@ -4577,8 +4568,8 @@ gam check ou|org <OrgUnitItem> [todrive <ToDriveAttribute>*]
usedriverlessconfig|
<PrinterFieldNameList> ::= "<PrinterFieldName>(,<PrinterFieldName>)*"
gam create printer <PrinterAttribute>+ [nodetails|returnidonly]
gam update printer <PrinterID> <PrinterAttribute>+ [nodetails|returnidonly]
gam create printer <PrinterAttribute>+
gam update printer <PrinterID> <PrinterAttribute>+
gam delete printer
<PrinterIDList>|
<FileSelector>|
@@ -4671,9 +4662,6 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
[event|events <EventNameList>] [ip <String>]
[gmaileventtypes <NumberRangeList>]
[groupidfilter <String>] [resourcedetailsfilter <String>]
[networkinfofilter <String>] [statusfilter <String>]
[applicationinfofilter <String>] [includesensitivedata]
[notimesort]
[maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
[countsonly [bydate|summary] [eventrowfilter]]
(addcsvdata <FieldName> <String>)* [shownoactivities]
@@ -4937,43 +4925,36 @@ gam print schema|schemas [todrive <ToDriveAttribute>*]
gam sendemail [recipient|to] <RecipientEntity>
[from <EmailAddress>] [mailbox <EmailAddress>] [replyto <EmailAddress>]
[cc <RecipientEntity>] [bcc <RecipientEntity>] [singlemessage]
[subject <String>] [<MessageContent>] [html [<Boolean>]]
[subject <String>]
[<MessageContent>]
(replace <Tag> <String>)*
(replaceregex <RESearchPattern> <RESubstitution> <Tag> <String>)*
(attach <FileName> [charset <Charset>])*
[html [<Boolean>]] (attach <FileName> [charset <Charset>])*
(embedimage <FileName> <String>)*
[newuser <EmailAddress> firstname|givenname <String> lastname|familyname <string> password <Password>]
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
[threadid <String>]
gam <UserTypeEntity> sendemail recipient|to <RecipientEntity>
[replyto <EmailAddress>]
[cc <RecipientEntity>] [bcc <RecipientEntity>] [singlemessage]
[subject <String>] [<MessageContent>] [html [<Boolean>]]
[subject <String>]
[<MessageContent>]
(replace <Tag> <String>)*
(replaceregex <RESearchPattern> <RESubstitution> <Tag> <String>)*
(attach <FileName> [charset <Charset>])*
[html [<Boolean>]] (attach <FileName> [charset <Charset>])*
(embedimage <FileName> <String>)*
[newuser <EmailAddress> firstname|givenname <String> lastname|familyname <string> password <Password>]
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
[threadid <String>]
gam <UserTypeEntity> sendemail from <EmailAddress>
[replyto <EmailAddress>]
[cc <RecipientEntity>] [bcc <RecipientEntity>] [singlemessage]
[subject <String>] [<MessageContent>] [html [<Boolean>]]
[subject <String>]
[<MessageContent>]
(replace <Tag> <String>)*
(replaceregex <RESearchPattern> <RESubstitution> <Tag> <String>)*
(attach <FileName> [charset <Charset>])*
[html [<Boolean>]] (attach <FileName> [charset <Charset>])*
(embedimage <FileName> <String>)*
[newuser <EmailAddress> firstname|givenname <String> lastname|familyname <string> password <Password>]
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
[threadid <String>]
gam <UserTypeEntity> sendreply
(((query <QueryGmail> [querytime<String> <Date>]*) [or|and])+) | (ids <MessageIDEntity>)
[replyto <EmailAddress>]
[subject <String>] [<MessageContent>] [html [<Boolean>]]
(attach <FileName> [charset <CharSet>])*
(embedimage <FileName> <String>)*
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
# Shared Drives - Administrator
@@ -5711,7 +5692,6 @@ gam download storagefile <StorageBucketObjectName>
fullname|
gender|
givenname|firstname|
guestaccountinfo|
id|
ims|im|
includeinglobaladdresslist|gal|
@@ -5719,7 +5699,6 @@ gam download storagefile <StorageBucketObjectName>
isdelegatedadmin|admin|isadmin|
isenforcedin2sv|is2svenforced|
isenrolledin2sv|is2svenrolled|
isguestuser|
ismailboxsetup|
keyword|keywords|
language|languages|
@@ -5765,7 +5744,7 @@ gam download storagefile <StorageBucketObjectName>
(language clear|<LanguageList>)|
(lastname|familyname <String>)|
(note clear|([text_html|text_plain] <UserNoteContent))|
(ou|org|orgunitpath <OrgUnitPath>|<OrgUnitID>|root)
(ou|org|orgunitpath <OrgUnitPath>|<OrgUnitID>)
(password (random [<Integer>])|(uniquerandom [<Integer>])|
blocklogin|
prompt|uniqueprompt|
@@ -5821,12 +5800,12 @@ gam download storagefile <StorageBucketObjectName>
<UserClearAttribute> ::=
(address clear)|
(otheremail clear)|
(externalid clear)|
(im clear)|
(keyword clear)|
(location clear)|
(organization clear)|
(otheremail clear)|
(phone clear)|
(posix clear)|
(relation clear)|
@@ -5839,18 +5818,6 @@ gam download storagefile <StorageBucketObjectName>
<UserMultiAttribute>|
<UserClearAttribute>
<UserMultiAttributeFilterName> ::=
address|addresses|
externalid|externalids|
im|ims|
keyword|keywords|
location|locations|
orgainzation|organizations|
otheremail|otheremails|
phone|phones|
relation|relations|
website|websites
gam create|add user <EmailAddress> [ignorenullpassword] <UserAttribute>*
[verifynotinvitable|alwaysevict]
(groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
@@ -5905,8 +5872,6 @@ gam info user [<UserItem>]
[nolicenses|nolicences|licenses|licences]
[noschemas|allschemas|(schemas|custom|customschemas <SchemaNameList>)]
[userview] <UserFieldName>* [fields <UserFieldNameList>]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[(products|product <ProductIDList>)|(skus|sku <SKUIDList>)]
[formatjson]
@@ -5943,8 +5908,6 @@ gam info users <UserTypeEntity>
[nolicenses|nolicences|licenses|licences]
[noschemas|allschemas|(schemas|custom|customschemas <SchemaNameList>)]
[userview] <UserFieldName>* [fields <UserFieldNameList>]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[(products|product <ProductIDList>)|(skus|sku <SKUIDList>)]
[formatjson]
@@ -5981,8 +5944,6 @@ gam <UserTypeEntity> info users
[nolicenses|nolicences|licenses|licences]
[noschemas|allschemas|(schemas|custom|customschemas <SchemaNameList>)]
[userview] <UserFieldName>* [fields <UserFieldNameList>]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[(products|product <ProductIDList>)|(skus|sku <SKUIDList>)]
[formatjson]
@@ -6002,8 +5963,6 @@ gam print users [todrive <ToDriveAttribute>*]
[schemas|custom|customschemas all|<SchemaNameList>]
[emailpart|emailparts|username]
[userview] [basic|full|allfields|(<UserFieldName>*|fields <UserFieldNameList>)]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
[formatjson [quotechar <Character>]] [quoteplusphonenumbers]
[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
@@ -6021,8 +5980,6 @@ gam print users [todrive <ToDriveAttribute>*] select <UserTypeEntity>
[schemas|custom|customschemas all|<SchemaNameList>]
[emailpart|emailparts|username]
[userview] [basic|full|allfields|(<UserFieldName>*|fields <UserFieldNameList>)]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
[formatjson [quotechar <Character>]] [quoteplusphonenumbers]
[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
@@ -6038,8 +5995,6 @@ gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
[schemas|custom|customschemas all|<SchemaNameList>]
[emailpart|emailparts|username]
[userview] [basic|full|allfields|(<UserFieldName>*|fields <UserFieldNameList>)]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
[formatjson [quotechar <Character>]] [quoteplusphonenumbers]
[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
@@ -6951,7 +6906,6 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
[copyfilepermissions [<Boolean>]]
[copyfileinheritedpermissions [<Boolean>]
[copyfilenoninheritedpermissions [<Boolean>]
[copyfolderpermissions [<Boolean>]]
[copymergewithparentfolderpermissions [<Boolean>]]
[copymergedtopfolderpermissions [<Boolean>]]
[copytopfolderpermissions [<Boolean>]]
@@ -6981,7 +6935,6 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
[createshortcutsfornonmovablefiles [<Boolean>]]
[duplicatefiles overwriteolder|overwriteall|duplicatename|uniquename|skip]
[duplicatefolders merge|duplicatename|uniquename|skip]
[copyfolderpermissions [<Boolean>]]
[copymergewithparentfolderpermissions [<Boolean>]]
[copymergedtopfolderpermissions [<Boolean>]]
[copytopfolderpermissions [<Boolean>]]
@@ -7540,7 +7493,7 @@ gam <UserTypeEntity> print filecounts [todrive <ToDriveAttribute>*]
[filenamematchpattern <REMatchPattern>]
<PermissionMatch>* [<PermissionMatchMode>] [<PermissionMatchAction>]
[excludetrashed]
[showsize] [showsizeunits] [showmimetypesize]
[showsize] [showmimetypesize]
[showlastmodification] [pathdelimiter <Character>]
(addcsvdata <FieldName> <String>)*
[summary none|only|plus] [summaryuser <String>]
@@ -7556,7 +7509,7 @@ gam <UserTypeEntity> show filecounts
[filenamematchpattern <REMatchPattern>]
<PermissionMatch>* [<PermissionMatchMode>] [<PermissionMatchAction>]
[excludetrashed]
[showsize] [showsizeunits] [showmimetypesize]
[showsize] [showmimetypesize]
[showlastmodification] [pathdelimiter <Character>]
[summary none|only|plus] [summaryuser <String>]
@@ -7626,7 +7579,7 @@ gam <UserTypeEntity> print filelist [todrive <ToDriveAttribute>*]
[excludetrashed]
[maxfiles <Integer>] [nodataheaders <String>]
[countsonly [summary none|only|plus] [summaryuser <String>]
[showsource] [showsize] [showsizeunits] [showmimetypesize]]
[showsource] [showsize] [showmimetypesize]]
[countsrowfilter]
[filepath|fullpath [folderpathonly [<Boolean>]] [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
[allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
@@ -8923,21 +8876,19 @@ gam <UserTypeEntity> show sheetrange <DriveFileEntity>
gam <UserTypeEntity> delete tokens clientid <ClientID>
gam info gcporgid
gam <UserTypeEntity> print tokens|token [todrive <ToDriveAttribute>*] [clientid <ClientID>]
[usertokencounts|(aggregateusersby|orderby clientid|id|appname|displaytext)]
[delimiter <Character>] [gcpdetails]
[delimiter <Character>]
gam <UserTypeEntity> show tokens|token|3lo|oauth [clientid <ClientID>]
[usertokencounts|(aggregateusersby|orderby clientid|id|appname|displaytext)]
[delimiter <Character>] [gcpdetails]
[delimiter <Character>]
gam print tokens|token [todrive <ToDriveAttribute>*] [clientid <ClientID>]
[usertokencounts|(aggregateusersby|orderby clientid|id|appname|displaytext)]
[delimiter <Character>] [gcpdetails]
[delimiter <Character>]
[<UserTypeEntity>]
gam show tokens|token [clientid <ClientID>]
[usertokencounts|(aggregateusersby|orderby clientid|id|appname|displaytext)]
[delimiter <Character>] [gcpdetails]
[delimiter <Character>]
[<UserTypeEntity>]
# Users - YouTube

View File

@@ -1,309 +1,3 @@
7.38.02
Added license SKU `1010470009` for `AI Expanded Access`; abbreviation `aiexpandedaccess`.
Renamed license SKU `1010470001` from `Gemini Enterprise` to `Gemini Enterprise - Legacy`.
7.38.01
Added `root` as a synonym for '/' in command line arguments that specify an OU.
This is to avoid issues where a stand-alone `/` on the command line may be mis-interpreted
by the command line interpreter as a reference to the file system root.
7.38.00
Added variable `gcp_org_id` to `gam.cfg` that is used by the following commands;
by setting the value, additional API calls are eliminated.
```
gam create project
gam create gcpfolder
gam create|update|delete caalevel
gam print|show caalevels
gam print|show tokens gcpdetails
```
You can get and set the `gam.cfg/gcp_org_id` value with these commands:
```
$ gam info gcporgid
organizations/906207637890
$ gam config gcp_org_id organizations/906207637890 save
```
You can get and set the `gam.cfg/customer_id` value with these commands:
```
$ gam info customerid
C78abc9de
$ gam config customer_id C78abc9de save
```
Added the following options to `gam report <ActivityApplicationName>`.
```
applicationinfofilter <String>
networkinfofilter <String>
statusfilter <String>
includesensitivedata
```
7.37.00
Added new client access scopes used by `gam print tokens`.
```
[*] 52) Resource Manager API - Organizations readonly
[*] 53) Resource Manager API - Projects readonly
```
Added option `gcpdetails` to `gam print tokens` that uses these scopes to get additional project information.
7.36.03
Added command to send email replies that causes Gmail to recognize the message
in conversation mode for the user sending the reply and the user receiving the reply;
GAM supplies the necessary headers and options.
```
gam <UserTypeEntity> sendreply
(((query <QueryGmail> [querytime<String> <Date>]*) [or|and])+) | (ids <MessageIDEntity>)
[replyto <EmailAddress>]
[subject <String>] [<MessageContent>] [html [<Boolean>]]
(attach <FileName> [charset <CharSet>])*
(embedimage <FileName> <String>)*
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
gam user user@domain.com sendreply query "rfc822MsgId:<CAAMmEdqj43...1OsQ@mail.gmail.com>" textmessage "Thanks for the information"
gam user user@domain.com sendreply ids 19cfc3506c02c22b textmessage "Thanks for the information"
```
* See: https://github.com/GAM-team/GAM/wiki/Send-Email#conversation-mode
7.36.02
Added option `threadid <String>` to `gam [<UserTypeEntity>] sendemail` that causes Gmail to recognize the message
in conversation mode in for the user sending the message.
* See: https://github.com/GAM-team/GAM/wiki/Send-Email#conversation-mode
7.36.01
Fixed bug in `gam info|print|show policies` where the `policyQuery/query` field was not displayed.
Added option `noidmapping` to `gam info|print|show policies` to suppress adding the `policyQuery/groupEmail` and
`policyQuery/orgUnitPath` name fields that are mapped from the `policyQuery/group` and `policyQuery/orgInit` id fields.
7.36.00
Added options `filtermultiattrtype` and filtermultiattrcustom` to `gam info user` and
`gam print users` that support filtering `<UserMultiAttribute>` display based on `type` or `customType`.
```
<UserMultiAttributeFilterName> ::=
address|addresses|
externalid|externalids|
im|ims|
keyword|keywords|
location|locations|
orgainzation|organizations|
otheremail|otheremails|
phone|phones|
relation|relations|
website|websites
```
* `filtermultiattrtype <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `type` is `<String>`
* `filtermultiattrcustom <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `customType` is `<String>`
```
gam info user user@domain.com quick filtermultiattrtype organizations work filtermultiattrcustom phones private
```
7.35.03
Updated `gam <UserTypeEntity> print filelist|filecounts` to handle options `showsize` and `showsizeunits` as independent options.
* `showsize` - Display a column `Size` with a byte count
* `showsizeunits` - Display a column `SizeUnits` with a formatted size with units
If you select both options, you can sort multiple rows using the `Size` column.
7.35.02
Added option `showsizeunits` to `gam gam <UserTypeEntity> print filelist|filecounts` as an alternative to option `showsize`.
* `showsize` - 31549200951 - This is a byte count
* `showsizeunits` - 31.55 GB - This is as shown in the Admin console
7.35.01
The following commands have been updated to not verify the existence of `gam.cfg` credentials files
as the WARNING messages about the missing files can be confusing to new users setting up GAM.
```
gam checkconn
gam oauth|oauth2
gam version
```
7.35.00
Windows `gam-7.wx.yz-x86_64.msi` has been replaced with `gam-7.wx.yz-x86_64.exe`.
Windows `gam-7.wx.yz-arm64.msi` has been replaced with `gam-7.wx.yz-arm64.exe`.
Updated cacerts.pem to avoid to following error in `gam checkconn`.
```
Checking raw.githubusercontent.com (185.199.110.133) (2)... ERROR
Certificate verification failed. If you are behind a firewall / proxy server that does TLS / SSL inspection you may need to point GAM at your certificate authority file by setting cacerts_pem = /path/to/your/certauth.pem in gam.cfg.
```
If you have customized cacerts.pem, update your version with the `Operating CA: Let's Encrypt` values from the GAM default version.
7.34.13
Fixed bug in `gam info policies <CIPolicyNameEntity> ... formatjson` where extraneous line
`Show Info 1 Policy` was displayed.
7.34.12
Fixed build errors that prevented Windows zip files from being created.
Added option `returnidonly` to `gam create|update printer` that causes GAM to return just the ID
of the printer.
7.34.11
Updated gam-install.sh script for macOS/Linux to properly config GAM when the answer to the following question is No.
```
Can you run a full browser on this machine? (usually Y for macOS, N for Linux if you SSH into this machine)
```
7.34.10
Fixed bug where `formatjson quotechar <Character>` on the command line did not override `redirect csv <FileName> multiprocess quotechar <Character>`.
7.34.09
Updated `gam <UserTypeEntity> update photo` to delete the user's existing photo
before performing the update as the API update will succeed but not replace a user's existing self-set photo.
7.34.08
Rebuild to avoid the following error:
```
requests/__init__.py:113: RequestsDependencyWarning: urllib3 (2.6.3) or chardet (6.0.0.post1)/charset_normalizer (3.4.4) doesn't match a supported version!
```
7.34.07
Added the following command to create a guest user.
* See: https://support.google.com/a/answer/16558545
```
gam create guestuser <EmailAddress>
```
Added the following items to `<UserFieldName>`:
* `guestaccountinfo` - Additional guest-related metadata fields
* `isguestuser` - Indicates if the inserted user is a guest
7.34.06
Added option `copyfolderpermissions [<Boolean>]` to `gam <UserTypeEntity> copy|move drivefile`.
When `copyfolderpermissions false` is specified, no folder permissions are copied; this simplifies
disabling all folder permission copying.
When not specified or `copyfolderpermissions [true]` is specified, folder permissions are copied based on the following options:
```
copymergewithparentfolderpermissions [<Boolean>]
copymergedtopfolderpermissions [<Boolean>]
copytopfolderpermissions [<Boolean>]
copytopfolderiheritedpermissions [<Boolean>]
copytopfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders
copymergedsubfolderpermissions [<Boolean>]
copysubfolderpermissions [<Boolean>]
copysubfolderinheritedpermissions [<Boolean>]
copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders
```
7.34.05
Updated `gam report <ActivityApplictionName>` to perform a reverse chronological sort
on all rows across multiple users and/or event names; this is consistent with the behavior
in the Admin console. Use option `notimesort` to suppress this sort.
7.34.04
Updated `gam <UserTypeEntity> create drivefileacl <DriveFileEntity> user <UserItem> role owner` to better
handle the case where the current owner of a file is suspended. Previously, the command was displayed as an error
even though the ownership was changed.
```
gam user currentowner@domain.com add drivefileacl <DriveFileID> user newowner@domain.com role owner
User: currentowner@domain.com, Add 1 Drive File/Folder ACL
User: currentowner@domain.com, Drive File/Folder ID: <DriveFileID>, Permission ID: newowner@domain.com, Add Failed: Sorry, the items were successfully shared but emails could not be sent to newowner@domain.com.
```
Now the command is displayed as a success with a note indicating that the ownership change email was not sent.
```
gam user currentowner@domain.com add drivefileacl <DriveFileID> user newowner@domain.com role owner
User: currentowner@domain.com, Add 1 Drive File/Folder ACL
User: currentowner@domain.com, Drive File/Folder ID: <DriveFileID>, Permission ID: newowner@domain.com, Added: Sorry, the items were successfully shared but emails could not be sent to newowner@domain.com.
New Owner
id: 10834698115409747890
type: user
emailAddress: newowner@domain.com
domain: domain.com
role: owner
permissionDetails:
role: writer
type: file
inherited: True
inheritedFrom: Unknown
role: owner
type: file
inherited: False
deleted: False
pendingOwner: False
```
7.34.03
Updated to Python 3.14.3
Updated Cryptography to 46.0.5
Updated `gam course <CourseID> create student|teacher <EmailAddress>` error message when
`<EmailAddress>` is not in a trusted domain to remove suggestion about creating an invitation.
7.34.02
Updated GAM to prevent errors like the following:
```
ERROR: Unable to find the server at oauth2.googleapis.com
ERROR: Unable to find the server at gmail.googleapis.com
```
If you experience any unexpected errors, post a message to:
* The GAM Discussion Forum (google-apps-manager@googlegroups.com)
* The GAM Public Chat Room (https://chat.google.com/app/chat/AAAA4BULhWo)
7.34.01
Updated `gam create|update adminrole` to handle the following errors:
```
ERROR: 400: invalid - Invalid Role privileges
ERROR: 400: required - Required parameter: [resource.privileges[n].service_id]
```
7.34.00
Added variable `csv_output_header_required` to `gam.cfg` that is a comma separated list of `<Strings>`
that are required to be in the list of column headers in the CSV file written by a gam print command.
This will typically be used to specify headers that are required in subsequent commands that process
the CSV file even if the API didn't return any data for those columns.
Updated the following commands to not require the `Directory API - Domains` scope
unless the `internal` or `external` options are used to request the member category.
```
gam info|print groups
gam print|show group-members
gam info|print cigroups
gam print|show cigroup-members
gam <UserTypeEntity> print|show filesharecounts
```
7.33.03
Fixed bug in `gam [<UserTypeEntity>] sendemail ... from <EmailAddress> replyto <EmailAddress>`
@@ -1699,7 +1393,7 @@ Re-run the command specify a new service account name with: saname <ServiceAccou
Native support for Windows 11 Arm-based devices.
Renamed some macOS and Linux binary installer files to align on terminology. Everything is "arm64" now, no "aarch64".
Renamed some MacOS and Linux binary installer files to align on terminology. Everything is "arm64" now, no "aarch64".
7.06.05
@@ -2308,7 +2002,7 @@ for `[R] 35) Meet API (supports readonly)` as it is a special case.
7.00.39
Supported macOS versions are now in the download filename.
Supported MacOS versions are now in the download filename.
Minor code fixes.
@@ -4111,11 +3805,11 @@ See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Display#fil
6.65.12
Additional updates on macOS when a `gam csv` command is interrupted with a contol-C.
Additional updates on MacOS when a `gam csv` command is interrupted with a contol-C.
6.65.11
Updated multiprocessing to handle the following error that occurs on macOS when a `gam csv` command
Updated multiprocessing to handle the following error that occurs on MacOS when a `gam csv` command
is interrupted with a contol-C.
```
multiprocessing/resource_tracker.py:224: UserWarning: resource_tracker: There appear to be N leaked semaphore objects to clean up at shutdown
@@ -6276,7 +5970,7 @@ Improved code for `gam [<UserTypeEntity>] create teamdrive <Name> ou <OrgUnitIte
6.29.04
Updated multiprocessing on macOS to use `spawn` instead of `fork` when starting subprocesses
Updated multiprocessing on MacOS to use `spawn` instead of `fork` when starting subprocesses
as `fork` was unreliable when large numbers (>20) of threads were used; subprocesses would
hang and never complete.
@@ -6398,7 +6092,7 @@ then filters the list to only those in `<PeopleContactGroupItem>`; quota limits
6.28.03
Build macOS x86_64 and arm64 executables.
Build MacOS x86_64 and arm64 executables.
6.28.02
@@ -6636,7 +6330,7 @@ This addresses the following issue:
Updated `gam <UserTypeEntity> add|delete|update|print|show datastudiopermissions` to display an appropriate
error message, `The caller does not have permission`, when the user doesn't have permission to execute the command.
Previously, the following incorrect error message was displayed:
`ERROR: Data Studio API not enabled. Please run "gam update project" and "gam user user@domain.com update serviceaccount"`
`ERROR: Data Studio API not enabled. Please run "gam update project" and "gam user user@domain.com check serviceaccount"`
6.26.14
@@ -6745,7 +6439,7 @@ Added command that allows checking if a user is a member of specific groups and
6.26.00
Build macOS universal version.
Build MacOS universal version.
* Upgraded to OpenSSL 3.0.5 where possible.
@@ -6918,7 +6612,7 @@ and display drive labels on files. Please test/experiment and report any issues.
To use these commands you must add the 'Drive Labels API' to your project and update your service account authorization.
```
gam update project
gam user user@domain.com update serviceaccount
gam user user@domain.com check serviceaccount
```
Supported editions for this feature: Business Standard and Business Plus; Enterprise; Education Standard and Education Plus; G Suite Business; Essentials.
@@ -7116,7 +6810,7 @@ ERROR: 403: permissionDenied - Google Forms API has not been used in project XXX
```
is replaced with
```
ERROR: Forms API not enabled. Please run "gam update project" and "gam user user@domain.com update serviceaccount"
ERROR: Forms API not enabled. Please run "gam update project" and "gam user user@domain.com check serviceaccount"
```
6.23.00
@@ -9474,7 +9168,7 @@ To use this feature you must add the `People API` to your project and authorize
* `People API - Other Contacts - read only`: https://www.googleapis.com/auth/contacts.other.readonly
```
gam update project
gam user user@domain.com update serviceaccount
gam user user@domain.com check serviceaccount
```
Added commands to display user's contact groups using the People API.
@@ -9515,7 +9209,7 @@ To use these features you must add the `People API` to your project and authoriz
```
gam update project
gam oauth create
gam user user@domain.com update serviceaccount
gam user user@domain.com check serviceaccount
```
Following Jay's lead, added new license SKU `Cloud Search`.
@@ -9554,7 +9248,7 @@ Added commands to display Data Studio assets and display/manage Data Studio perm
To use these commands you must add the `Data Studio API` to your project and update your service account authorization.
```
gam update project
gam user user@domain.com update serviceaccount
gam user user@domain.com check serviceaccount
```
This is a first release from me, experiment and use with caution.
@@ -10597,7 +10291,7 @@ Added commands to support the new Device Management API.
To use these commands you must update your service account authorization.
```
gam user user@domain.com update serviceaccount
gam user user@domain.com check serviceaccount
```
In the following places a Google Admin email address is required; by default the admin email address in `oauth2.txt` is used.
@@ -11587,7 +11281,7 @@ ID of the created Team Drive as output. This will be useful in scripts that crea
want to perform subsequent GAM command on the Team Drive. This ID will only be valid when the return code
of the command is 0; program accordingly.
```
Linux/macOS
Linux/MacOS
teamDriveId=`gam user user@domain.com create teamdrive ... returnidonly`
Windows PowerShell
$teamDriveId = & gam user user@domain.com create teamdrive ... returnidonly`
@@ -11679,7 +11373,7 @@ file ID of the created file as output. This will be useful in scripts that creat
want to perform subsequent GAM command on the file. This file ID will only be valid when the return code
of the command is 0; program accordingly.
```
Linux/macOS
Linux/MacOS
fileId=`gam user user@domain.com create drivefile ... returnidonly`
Windows PowerShell
$fileId = & gam user user@domain.com create drivefile ... returnidonly`
@@ -15762,7 +15456,7 @@ gam print group-members [todrive [<ToDriveAttribute>]]
4.55.44
Improve macOS version of GAM's use of OpenSSL 1.0.2n.
Improve MacOS version of GAM's use of OpenSSL 1.0.2n.
Recode pyinstaller .spec files.
4.55.43
@@ -15789,7 +15483,7 @@ Fixed bug that made some gam print commands throw an exception.
4.55.40
Update macOS version of GAM to use OpenSSL 1.0.2n.
Update MacOS version of GAM to use OpenSSL 1.0.2n.
4.55.39
@@ -18615,7 +18309,7 @@ Changed gam info user formatjson to show licenses in SKU ID (SKU Display Name) f
4.42.00
Fixed problem where control-C was not recognized when multiple processes were running via gam batch/csv.
Gam terminates cleanly on Linux/macOS when you hit control-C in this situation; on Windows exceptions are
Gam terminates cleanly on Linux/MacOS when you hit control-C in this situation; on Windows exceptions are
thrown but Gam does terminate.
4.41.08

View File

@@ -10,7 +10,7 @@ OPTIONS:
-d Directory where gam folder will be installed. Default is \$HOME/bin/
-a Architecture to install (x86_64, arm64). Default is to detect your arch with "uname -m".
-o OS we are running (linux, macos). Default is to detect your OS with "uname -s".
-b OS version. Default is to detect on macOS and Linux.
-b OS version. Default is to detect on MacOS and Linux.
-l Just upgrade GAM to latest version. Skips project creation and auth.
-p Profile update (true, false). Should script add gam command to environment. Default is true.
-u Admin user email address to use with GAM. Default is to prompt.
@@ -247,7 +247,7 @@ case $gamos in
archgrep="-arm64\|-aarch64"
;;
*)
echo_red "ERROR: this installer currently only supports x86_64 and arm64 macOS. Looks like you're running on ${gamarch}. Exiting."
echo_red "ERROR: this installer currently only supports x86_64 and arm64 MacOS. Looks like you're running on ${gamarch}. Exiting."
exit
;;
esac
@@ -256,19 +256,19 @@ case $gamos in
versionless_urls=$(echo -e "$gam_macos_urls" | \
grep -e "-macos-")
if [ "$versionless_urls" == "" ]; then
# versions after 7.00.38 include macOS version info
# versions after 7.00.38 include MacOS version info
gam_macos_vers=$(echo -e "$gam_macos_urls" | \
grep --only-matching -e '-macos[0-9\.]*' | \
cut -c 7-10)
for gam_mac_ver in $gam_macos_vers; do
if version_gt $currentversion $gam_mac_ver; then
download_url=$(echo -e "$gam_macos_urls" | grep "$gam_mac_ver")
echo_green "You are running macOS ${currentversion} Using GAM compiled against ${gam_mac_ver}"
echo_green "You are running MacOS ${currentversion} Using GAM compiled against ${gam_mac_ver}"
break
fi
done
if [ -z ${download_url+x} ]; then
echo_red "Sorry, you are running macOS ${osversion} but GAM on ${gamarch} requires macOS ${gam_mac_ver} or newer. Exiting."
echo_red "Sorry, you are running MacOS ${osversion} but GAM on ${gamarch} requires MacOS ${gam_mac_ver} or newer. Exiting."
exit
fi
else
@@ -283,13 +283,13 @@ case $gamos in
esac
download_url=$(echo -e "$download_urls" | grep -e $archgrep)
if version_gt "$osversion" "$minimum_version"; then
echo_green "You are running macOS ${osversion}, good. Downloading GAM from ${download_url}."
echo_green "You are running MacOS ${osversion}, good. Downloading GAM from ${download_url}."
else
echo_red "Sorry, you are running macOS ${osversion} but GAM on ${gamarch} requires macOS ${minimum_version}. Exiting."
echo_red "Sorry, you are running MacOS ${osversion} but GAM on ${gamarch} requires MacOS ${minimum_version}. Exiting."
exit
fi
if [ -z ${download_url+x} ]; then
echo_red "Sorry, you are running macOS ${currentversion} but GAM on ${gamarch} requires macOS ${minimum_version}. Exiting."
echo_red "Sorry, you are running MacOS ${currentversion} but GAM on ${gamarch} requires MacOS ${minimum_version}. Exiting."
exit
fi
fi
@@ -302,7 +302,7 @@ case $gamos in
grep ".zip")
;;
*)
echo_red "Sorry, this installer currently only supports Linux and macOS. Looks like you're running on ${gamos}. Exiting."
echo_red "Sorry, this installer currently only supports Linux and MacOS. Looks like you're running on ${gamos}. Exiting."
exit
;;
esac
@@ -368,15 +368,18 @@ if [ "$upgrade_only" = true ]; then
exit
fi
# Set config command
#config_cmd="config no_browser false"
while true; do
read -p "Can you run a full browser on this machine? (usually Y for macOS, N for Linux if you SSH into this machine) " yn
read -p "Can you run a full browser on this machine? (usually Y for MacOS, N for Linux if you SSH into this machine) " yn
case $yn in
[Yy]*)
"$target_gam" config no_browser false save
break
;;
[Nn]*)
"$target_gam" config no_browser true save
# config_cmd="config no_browser true"
touch "$target_folder/nobrowser.txt" > /dev/null 2>&1
break
;;
*)
@@ -394,6 +397,7 @@ while true; do
if [ "$adminuser" == "" ]; then
read -p "Please enter your Google Workspace admin email address: " adminuser
fi
# "$target_gam" $config_cmd create project $adminuser
"$target_gam" create project $adminuser
rc=$?
if (( $rc == 0 )); then
@@ -419,6 +423,7 @@ while $project_created; do
read -p "Are you ready to authorize GAM to perform Google Workspace management operations as your admin account? (yes or no) " yn
case $yn in
[Yy]*)
# "$target_gam" $config_cmd oauth create $adminuser
"$target_gam" oauth create $adminuser
rc=$?
if (( $rc == 0 )); then
@@ -448,6 +453,7 @@ while $admin_authorized; do
read -p "Please enter the email address of a regular Google Workspace user: " regularuser
fi
echo_yellow "Great! Checking service account scopes.This will fail the first time. Follow the steps to authorize and retry. It can take a few minutes for scopes to PASS after they've been authorized in the admin console."
# "$target_gam" $config_cmd user $regularuser check serviceaccount
"$target_gam" user $regularuser check serviceaccount
rc=$?
if (( $rc == 0 )); then
@@ -469,6 +475,7 @@ while $admin_authorized; do
done
echo_green "Here's information about your new GAM installation:"
#"$target_gam" $config_cmd save version extended
"$target_gam" version extended
rc=$?
if (( $rc != 0 )); then

View File

@@ -1,116 +0,0 @@
; --- 1. PREPROCESSOR DEFINITIONS ---
#define AppVersion GetEnv("GAMVERSION")
#if AppVersion == ""
#define AppVersion "7.0.0"
#endif
; Pull architecture directly from GitHub Actions environment variable
#define RunnerArch GetEnv("RUNNER_ARCH")
[Setup]
; --- 2. CORE APPLICATION INFO ---
AppId={{D86B52B2-EFE9-4F9D-8BA3-9D84B9B2D319}
AppName=GAM7
AppVersion={#AppVersion}
AppPublisher=GAM Team - google-apps-manager@googlegroups.com
DefaultDirName={sd}\GAM7
LicenseFile=dist\gam\gam7\LICENSE
PrivilegesRequired=admin
ChangesEnvironment=yes
; Tell Inno Setup to use a custom signtool defined via the command line
SignTool=gamsigntool
; --- 3. COMPRESSION & OPTIMIZATION ---
Compression=lzma2/ultra64
SolidCompression=yes
; --- 4. DYNAMIC ARCHITECTURE CONFIGURATION ---
; GitHub Actions RUNNER_ARCH is typically uppercase "ARM64" or "X64"
#if RunnerArch == "ARM64" || RunnerArch == "arm64"
ArchitecturesAllowed=arm64
ArchitecturesInstallIn64BitMode=arm64
OutputBaseFilename=gam-{#AppVersion}-windows-arm64
#else
ArchitecturesAllowed=x64compatible
ArchitecturesInstallIn64BitMode=x64compatible
OutputBaseFilename=gam-{#AppVersion}-windows-x86_64
#endif
[Messages]
; Custom error if an admin tries to run the ARM64 installer on an Intel machine
#if RunnerArch == "ARM64" || RunnerArch == "arm64"
WindowsVersionNotSupported=You downloaded the ARM64 version of GAM, but this computer has an Intel or AMD processor.%n%nPlease go back to the release page and download the x86_64 installer instead.
#endif
[Files]
; --- 5. DYNAMIC FILE INCLUSION ---
Source: "dist\gam\gam7\*"; DestDir: "{app}"; Flags: ignoreversion recursesubdirs createallsubdirs
[Registry]
; --- 6. PATH ENVIRONMENT VARIABLE ---
Root: HKLM; Subkey: "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"; \
ValueType: expandsz; ValueName: "Path"; ValueData: "{olddata};{app}"; \
Check: NeedsAddPath(ExpandConstant('{app}'))
[Code]
const
ERROR_SUCCESS = 0;
function MsiEnumRelatedProducts(lpUpgradeCode: string; dwReserved: Integer; iProductIndex: Integer; lpProductBuf: string): Integer;
external 'MsiEnumRelatedProductsW@msi.dll stdcall';
function UninstallWixMSI(): Boolean;
var
UpgradeCode: string;
ProductCode: string;
ResultCode: Integer;
begin
UpgradeCode := '{D86B52B2-EFE9-4F9D-8BA3-9D84B9B2D319}';
ProductCode := StringOfChar(' ', 39);
ResultCode := MsiEnumRelatedProducts(UpgradeCode, 0, 0, ProductCode);
if ResultCode = ERROR_SUCCESS then
begin
ProductCode := Trim(ProductCode);
Exec('msiexec.exe', '/x ' + ProductCode + ' /qn /norestart', '', SW_HIDE, ewWaitUntilTerminated, ResultCode);
end;
Result := True;
end;
function InitializeSetup(): Boolean;
begin
// --- Architecture Warning for Emulation ---
#if RunnerArch != "ARM64" && RunnerArch != "arm64"
if IsArm64() then
begin
if MsgBox('Notice: You are installing the Intel (x86_64) build of GAM on an ARM processor.' + #13#10#13#10 +
'While this will work via Windows emulation, it will perform worse than the native ARM64 version.' + #13#10#13#10 +
'Do you want to continue with the installation anyway?',
mbConfirmation, MB_YESNO) = idNo then
begin
Result := False;
Exit;
end;
end;
#endif
UninstallWixMSI();
Result := True;
end;
function NeedsAddPath(Param: string): boolean;
var
OrigPath: string;
begin
if not RegQueryStringValue(HKEY_LOCAL_MACHINE,
'SYSTEM\CurrentControlSet\Control\Session Manager\Environment',
'Path', OrigPath)
then begin
Result := True;
exit;
end;
Result := Pos(';' + Param + ';', ';' + OrigPath + ';') = 0;
end;

View File

@@ -8,7 +8,7 @@
Manufacturer="GAM Team - google-apps-manager@googlegroups.com"
UpgradeCode="D86B52B2-EFE9-4F9D-8BA3-9D84B9B2D319">
<Package
InstallerVersion="500" Compressed="yes" InstallScope="perMachine" />
InstallerVersion="200" Compressed="yes" InstallScope="perMachine" />
<MajorUpgrade
DowngradeErrorMessage=

File diff suppressed because it is too large Load Diff

View File

@@ -1,72 +1,3 @@
#
# This is a custom certificate authority bundle for GAM
# It's composed of Let's Encrypt Root CAs and Google's
# certificate bundle. This should be the minimal list of
# CAs required to talk to Google and Github.
# Operating CA: Let's Encrypt
# Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1
# Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1
# Label: "ISRG Root X1"
# Serial: 172886928669790476064670243504169061120
# MD5 Fingerprint: 0c:d2:f9:e0:da:17:73:e9:ed:86:4d:a5:e3:70:e7:4e
# SHA1 Fingerprint: ca:bd:2a:79:a1:07:6a:31:f2:1d:25:36:35:cb:03:9d:43:29:a5:e8
# SHA256 Fingerprint: 96:bc:ec:06:26:49:76:f3:74:60:77:9a:cf:28:c5:a7:cf:e8:a3:c0:aa:e1:1a:8f:fc:ee:05:c0:bd:df:08:c6
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
# Operating CA: Let's Encrypt
# Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X2
# Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X2
# Label: "ISRG Root X2"
# Serial: 87493402998870891108772069816698636114
# MD5 Fingerprint: d3:9e:c4:1e:23:3c:a6:df:cf:a3:7e:6d:e0:14:e6:e5
# SHA1 Fingerprint: bd:b1:b9:3c:d5:97:8d:45:c6:26:14:55:f8:db:95:c7:5a:d1:53:af
# SHA256 Fingerprint: 69:72:9b:8e:15:a8:6e:fc:17:7a:57:af:b7:17:1d:fc:64:ad:d2:8c:2f:ca:8c:f1:50:7e:34:45:3c:cb:14:70
-----BEGIN CERTIFICATE-----
MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw
CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00
MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT
ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw
EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW
+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9
ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI
zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
/q4AaOeMSQ+2b1tbFfLn
-----END CERTIFICATE-----
# Operating CA: DigiCert
# Issuer: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
# Subject: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com

View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
# Copyright (C) 2026 Ross Scroggs All Rights Reserved.
# Copyright (C) 2024 Ross Scroggs All Rights Reserved.
#
# All Rights Reserved.
#
@@ -107,7 +107,6 @@ class GamAction():
SAVE = 'save'
SEND = 'send'
SENDEMAIL = 'snem'
SENDREPLY = 'sner'
SET = 'set '
SETUP = 'setu'
SHARE = 'shar'
@@ -226,7 +225,6 @@ class GamAction():
SAVE: ['Saved', 'Save'],
SEND: ['Sent', 'Send'],
SENDEMAIL: ['Email Sent', 'Send Email'],
SENDREPLY: ['Reply Sent', 'Send Reply'],
SET: ['Set', 'Set'],
SETUP: ['Set Up', 'Set Up'],
SHARE: ['Shared', 'Share'],

View File

@@ -54,7 +54,6 @@ CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
CLOUDIDENTITY_POLICY_BETA = 'cloudidentitypolicybeta'
CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations'
CLOUDRESOURCEMANAGER = 'cloudresourcemanager'
CLOUDRESOURCEMANAGERV1 = 'cloudresourcemanagerv1'
CONTACTS = 'contacts'
CONTACTDELEGATION = 'contactdelegation'
DATATRANSFER = 'datatransfer'
@@ -104,6 +103,7 @@ TASKS = 'tasks'
VAULT = 'vault'
YOUTUBE = 'youtube'
#
BUSINESSACCOUNTMANAGEMENT_SCOPE = 'https://www.googleapis.com/auth/business.manage'
CHROMEVERSIONHISTORY_URL = 'https://versionhistory.googleapis.com/v1/chrome/platforms'
DRIVE_SCOPE = 'https://www.googleapis.com/auth/drive'
DRIVE_FILE_SCOPE = 'https://www.googleapis.com/auth/drive.file'
@@ -119,6 +119,7 @@ STORAGE_READONLY_SCOPE = 'https://www.googleapis.com/auth/devstorage.read_only'
STORAGE_READWRITE_SCOPE = 'https://www.googleapis.com/auth/devstorage.read_write'
USERINFO_EMAIL_SCOPE = 'https://www.googleapis.com/auth/userinfo.email' # email
USERINFO_PROFILE_SCOPE = 'https://www.googleapis.com/auth/userinfo.profile' # profile
VAULT_SCOPES = ['https://www.googleapis.com/auth/ediscovery', 'https://www.googleapis.com/auth/ediscovery.readonly']
REQUIRED_SCOPES = [USERINFO_EMAIL_SCOPE, USERINFO_PROFILE_SCOPE]
REQUIRED_SCOPES_SET = set(REQUIRED_SCOPES)
NUM_CLIENT_SCOPES_ERROR_LIMIT = 48
@@ -137,21 +138,6 @@ SCOPELESS_APIS = {
SERVICEACCOUNTLOOKUP,
}
#
# Scopes not in the discovery doc that are still valid for the API.
EXTRA_SCOPES = {
BUSINESSACCOUNTMANAGEMENT: ['https://www.googleapis.com/auth/business.manage'],
CLOUDRESOURCEMANAGER: ['https://www.googleapis.com/auth/cloudplatformfolders',
'https://www.googleapis.com/auth/cloudplatformfolders.readonly',
'https://www.googleapis.com/auth/cloudplatformprojects',
'https://www.googleapis.com/auth/cloudplatformprojects.readonly',
'https://www.googleapis.com/auth/cloudplatformorganizations',
'https://www.googleapis.com/auth/cloudplatformorganizations.readonly',
],
VAULT: ['https://www.googleapis.com/auth/ediscovery', 'https://www.googleapis.com/auth/ediscovery.readonly'],
}
EXTRA_SCOPES[CLOUDRESOURCEMANAGERV1] = EXTRA_SCOPES[CLOUDRESOURCEMANAGER]
APIS_NEEDING_ACCESS_TOKEN = {
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
}
@@ -264,8 +250,7 @@ _INFO = {
CLOUDIDENTITY_POLICY: {'name': 'Cloud Identity API - Policy', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
CLOUDIDENTITY_POLICY_BETA: {'name': 'Cloud Identity API - Policy Beta', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
CLOUDIDENTITY_USERINVITATIONS: {'name': 'Cloud Identity API - User Invitations', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
CLOUDRESOURCEMANAGER: {'name': 'Resource Manager API v3', 'version': 'v3', 'v2discovery': True},
CLOUDRESOURCEMANAGERV1: {'name': 'Resource Manager API v1', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudresourcemanager'},
CLOUDRESOURCEMANAGER: {'name': 'Cloud Resource Manager API v3', 'version': 'v3', 'v2discovery': True},
CONTACTS: {'name': 'Contacts API', 'version': 'v3', 'v2discovery': False},
CONTACTDELEGATION: {'name': 'Contact Delegation API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
DATATRANSFER: {'name': 'Data Transfer API', 'version': 'datatransfer_v1', 'v2discovery': True, 'mappedAPI': 'admin'},
@@ -320,8 +305,9 @@ READONLY = ['readonly',]
_CLIENT_SCOPES = [
{'name': 'Business Account Management API',
'api': BUSINESSACCOUNTMANAGEMENT,
'subscopes': [],
'offByDefault': True,
'scope': EXTRA_SCOPES[BUSINESSACCOUNTMANAGEMENT]},
'scope': BUSINESSACCOUNTMANAGEMENT_SCOPE},
{'name': 'Calendar API',
'api': CALENDAR,
'subscopes': READONLY,
@@ -332,9 +318,11 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/admin.directory.device.chromebrowsers'},
{'name': 'Chrome Management API - read only',
'api': CHROMEMANAGEMENT,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/chrome.management.reports.readonly'},
{'name': 'Chrome Management API - AppDetails read only',
'api': CHROMEMANAGEMENT_APPDETAILS,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/chrome.management.appdetails.readonly'},
{'name': 'Chrome Management API - Profiles',
'api': CHROMEMANAGEMENT_CHROMEPROFILES,
@@ -342,6 +330,7 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/chrome.management.profiles'},
{'name': 'Chrome Management API - Telemetry read only',
'api': CHROMEMANAGEMENT_TELEMETRY,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/chrome.management.telemetry.readonly'},
{'name': 'Chrome Policy API',
'api': CHROMEPOLICY,
@@ -353,6 +342,7 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/admin.chrome.printers'},
{'name': 'Chrome Version History API',
'api': CHROMEVERSIONHISTORY,
'subscopes': [],
'scope': ''},
{'name': 'Classroom API - Courses',
'api': CLASSROOM,
@@ -380,9 +370,11 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/classroom.guardianlinks.students'},
{'name': 'Classroom API - Profile Emails',
'api': CLASSROOM,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/classroom.profile.emails'},
{'name': 'Classroom API - Profile Photos',
'api': CLASSROOM,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/classroom.profile.photos'},
{'name': 'Classroom API - Rosters',
'api': CLASSROOM,
@@ -412,6 +404,7 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/cloud-identity.policies'},
{'name': 'Cloud Identity API - Policy Beta',
'api': CLOUDIDENTITY_POLICY_BETA,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/cloud-identity.policies'},
{'name': 'Cloud Identity API - User Invitations',
@@ -420,14 +413,17 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/cloud-identity.userinvitations'},
{'name': 'Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)',
'api': STORAGEREAD,
'subscopes': [],
'offByDefault': True,
'scope': STORAGE_READONLY_SCOPE},
{'name': 'Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)',
'api': STORAGEWRITE,
'subscopes': [],
'offByDefault': True,
'scope': STORAGE_READWRITE_SCOPE},
{'name': 'Contacts API - Domain Shared Contacts',
'api': CONTACTS,
'subscopes': [],
'scope': 'https://www.google.com/m8/feeds'},
{'name': 'Contact Delegation API',
'api': CONTACTDELEGATION,
@@ -455,7 +451,7 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/admin.directory.group'},
{'name': 'Directory API - Mobile Devices Directory',
'api': DIRECTORY,
'subscopes': ['readonly', 'actiononly'],
'subscopes': ['readonly', 'action'],
'scope': 'https://www.googleapis.com/auth/admin.directory.device.mobile'},
{'name': 'Directory API - Organizational Units',
'api': DIRECTORY,
@@ -475,6 +471,7 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/admin.directory.userschema'},
{'name': 'Directory API - User Security',
'api': DIRECTORY,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/admin.directory.user.security'},
{'name': 'Directory API - Users',
'api': DIRECTORY,
@@ -482,19 +479,24 @@ _CLIENT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/admin.directory.user'},
{'name': 'Email Audit API',
'api': EMAIL_AUDIT,
'subscopes': [],
'offByDefault': True,
'scope': 'https://apps-apis.google.com/a/feeds/compliance/audit/'},
{'name': 'Groups Migration API',
'api': GROUPSMIGRATION,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/apps.groups.migration'},
{'name': 'Groups Settings API',
'api': GROUPSSETTINGS,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/apps.groups.settings'},
{'name': 'License Manager API',
'api': LICENSING,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/apps.licensing'},
{'name': 'People Directory API - read only',
'api': PEOPLE_DIRECTORY,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/directory.readonly'},
{'name': 'People API',
'api': PEOPLE,
@@ -502,31 +504,29 @@ _CLIENT_SCOPES = [
'scope': PEOPLE_SCOPE},
{'name': 'Pub / Sub API',
'api': PUBSUB,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/pubsub'},
{'name': 'Reports API - Audit Reports readonly',
{'name': 'Reports API - Audit Reports',
'api': REPORTS,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/admin.reports.audit.readonly'},
{'name': 'Reports API - Usage Reports readonly',
{'name': 'Reports API - Usage Reports',
'api': REPORTS,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/admin.reports.usage.readonly'},
{'name': 'Reseller API',
'api': RESELLER,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/apps.order'},
{'name': 'Resource Manager API - Organizations readonly',
'api': CLOUDRESOURCEMANAGER,
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/cloudplatformorganizations.readonly'},
{'name': 'Resource Manager API - Projects readonly',
'api': CLOUDRESOURCEMANAGER,
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/cloudplatformprojects.readonly'},
{'name': 'Service Account Lookup pseudo-API',
'api': SERVICEACCOUNTLOOKUP,
'subscopes': [],
'scope': ''},
{'name': 'Site Verification API',
'api': SITEVERIFICATION,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/siteverification'},
{'name': 'Vault API',
@@ -538,24 +538,30 @@ _CLIENT_SCOPES = [
_COMMANDDATA_CLIENT_SCOPES = [
{'name': 'Drive API - commanddata_clientaccess',
'api': DRIVE3,
'subscopes': [],
'scope': DRIVE_READONLY_SCOPE},
{'name': 'Sheets API - commanddata_clientaccess readonly',
{'name': 'Sheets API - commanddata_clientaccess',
'api': SHEETS,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/spreadsheets.readonly'},
]
_TODRIVE_CLIENT_SCOPES = [
{'name': 'Drive API - todrive_clientaccess',
'api': DRIVE3,
'subscopes': [],
'scope': DRIVE_SCOPE},
{'name': 'Drive File API - todrive_clientaccess',
'api': DRIVE3,
'subscopes': [],
'scope': DRIVE_FILE_SCOPE},
{'name': 'Gmail API - todrive_clientaccess',
'api': GMAIL,
'subscopes': [],
'scope': GMAIL_SEND_SCOPE},
{'name': 'Sheets API - todrive_clientaccess',
'api': SHEETS,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/spreadsheets'},
]
@@ -564,9 +570,11 @@ OAUTH2SA_SCOPES = 'us_scopes'
_SVCACCT_SCOPES = [
{'name': 'AlertCenter API',
'api': ALERTCENTER,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/apps.alerts'},
{'name': 'Analytics Admin API - read only',
'api': ANALYTICS_ADMIN,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/analytics.readonly'},
{'name': 'Calendar API',
'api': CALENDAR,
@@ -603,9 +611,11 @@ _SVCACCT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/chat.admin.spaces'},
{'name': 'Chat API - Spaces Delete',
'api': CHAT_SPACES_DELETE,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/chat.delete'},
{'name': 'Chat API - Spaces Delete Admin',
'api': CHAT_SPACES_DELETE_ADMIN,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/chat.admin.delete'},
{'name': 'Classroom API - Course Announcements',
'api': CLASSROOM,
@@ -625,9 +635,11 @@ _SVCACCT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/classroom.coursework.students'},
{'name': 'Classroom API - Profile Emails',
'api': CLASSROOM,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/classroom.profile.emails'},
{'name': 'Classroom API - Profile Photos',
'api': CLASSROOM,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/classroom.profile.photos'},
{'name': 'Classroom API - Rosters',
'api': CLASSROOM,
@@ -637,21 +649,13 @@ _SVCACCT_SCOPES = [
'api': CLOUDIDENTITY_DEVICES,
'subscopes': READONLY,
'scope': 'https://www.googleapis.com/auth/cloud-identity.devices'},
# {'name': 'Cloud Identity API - Policy',
# 'api': CLOUDIDENTITY_POLICY,
# 'subscopes': READONLY,
# 'roByDefault': True,
# 'scope': 'https://www.googleapis.com/auth/cloud-identity.policies'},
# {'name': 'Cloud Identity API - Policy Beta',
# 'api': CLOUDIDENTITY_POLICY_BETA,
# 'offByDefault': True,
# 'scope': 'https://www.googleapis.com/auth/cloud-identity.policies'},
# {'name': 'Cloud Identity User Invitations API',
# 'api': CLOUDIDENTITY_USERINVITATIONS,
# 'subscopes': READONLY,
# 'scope': 'https://www.googleapis.com/auth/cloud-identity'},
# {'name': 'Contacts API - Users',
# 'api': CONTACTS,
# 'subscopes': [],
# 'scope': 'https://www.google.com/m8/feeds'},
{'name': 'Drive API',
'api': DRIVE3,
@@ -659,6 +663,7 @@ _SVCACCT_SCOPES = [
'scope': DRIVE_SCOPE},
{'name': 'Drive Activity API v2 - must pair with Drive API',
'api': DRIVEACTIVITY,
'subscopes': [],
'scope': [DRIVE_READONLY_SCOPE,
'https://www.googleapis.com/auth/drive.activity']},
{'name': 'Drive Labels API - Admin',
@@ -675,24 +680,30 @@ _SVCACCT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/documents'},
{'name': 'Forms API - must pair with Drive API',
'api': FORMS,
'subscopes': [],
'scope': [DRIVE_READONLY_SCOPE,
'https://www.googleapis.com/auth/forms.body',
'https://www.googleapis.com/auth/forms.responses.readonly']},
{'name': 'Gmail API - Full Access (Labels, Messages)',
'api': GMAIL,
'subscopes': [],
'scope': 'https://mail.google.com/'},
{'name': 'Gmail API - Full Access (Labels, Messages) except delete message',
'api': GMAIL,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/gmail.modify'},
{'name': 'Gmail API - Basic Settings (Filters, IMAP, Language, POP, Vacation) - read/write, Sharing Settings (Delegates, Forwarding, SendAs) - read',
'api': GMAIL,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/gmail.settings.basic'},
{'name': 'Gmail API - Sharing Settings (Delegates, Forwarding, SendAs) - write',
'api': GMAIL,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
# {'name': 'Identity and Access Management API',
# 'api': IAM,
# 'offByDefault': True,
# 'subscopes': [],
# 'scope': CLOUD_PLATFORM_SCOPE},
{'name': 'Keep API',
'api': KEEP,
@@ -704,13 +715,16 @@ _SVCACCT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/datastudio'},
{'name': 'Meet API - Manage/Display Meeting Spaces',
'api': MEET_SPACES,
'subscopes': [],
'scope': ['https://www.googleapis.com/auth/meetings.space.created',
'https://www.googleapis.com/auth/meetings.space.settings']},
{'name': 'Meet API - Read Meeting Spaces metadata readonly',
{'name': 'Meet API - Read Meeting Spaces metadata',
'api': MEET_READONLY,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/meetings.space.readonly'},
{'name': 'OAuth2 API',
'api': OAUTH2,
'subscopes': [],
'scope': USERINFO_PROFILE_SCOPE},
{'name': 'People API',
'api': PEOPLE,
@@ -718,12 +732,15 @@ _SVCACCT_SCOPES = [
'scope': PEOPLE_SCOPE},
{'name': 'People Directory API - read only',
'api': PEOPLE_DIRECTORY,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/directory.readonly'},
{'name': 'People API - Other Contacts - read only',
'api': PEOPLE_OTHERCONTACTS,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/contacts.other.readonly'},
{'name': 'Search Console API - read only',
'api': SEARCHCONSOLE,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/webmasters.readonly'},
{'name': 'Sheets API',
@@ -732,14 +749,17 @@ _SVCACCT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/spreadsheets'},
{'name': 'Site Verification API',
'api': SITEVERIFICATION,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/siteverification'},
{'name': 'Tag Manager API - Accounts, Containers, Workspaces, Tags - read only',
'api': TAGMANAGER,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/tagmanager.readonly'},
{'name': 'Tag Manager API - Users',
'api': TAGMANAGER_USERS,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/tagmanager.manage.users'},
{'name': 'Tasks API',
@@ -748,6 +768,7 @@ _SVCACCT_SCOPES = [
'scope': 'https://www.googleapis.com/auth/tasks'},
{'name': 'Youtube API - read only',
'api': YOUTUBE,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/youtube.readonly'},
]
@@ -755,25 +776,30 @@ _SVCACCT_SCOPES = [
_SVCACCT_SPECIAL_SCOPES = [
{'name': 'Drive API - write todrive data - has access to all Drive',
'api': DRIVETD,
'subscopes': [],
'offByDefault': True,
'scope': DRIVE_SCOPE},
{'name': 'Gmail API - Full Access - read only',
'api': GMAIL,
'subscopes': [],
'offByDefault': True,
'scope': 'https://www.googleapis.com/auth/gmail.readonly'},
{'name': 'Gmail API - Send Messages - including todrive',
'api': GMAIL,
'subscopes': [],
'offByDefault': True,
'scope': GMAIL_SEND_SCOPE},
{'name': 'Sheets API - write todrive data - has access to all Sheets',
'api': SHEETSTD,
'offByDefault': True,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/spreadsheets'},
]
_USER_SVCACCT_ONLY_SCOPES = [
{'name': 'Groups Migration API',
'api': GROUPSMIGRATION,
'subscopes': [],
'scope': 'https://www.googleapis.com/auth/apps.groups.migration'},
]
@@ -813,7 +839,7 @@ def getClientScopesURLs(commanddataClientAccess, todriveClientAccess):
def getSvcAcctScopeAPI(uscope):
for scope in _SVCACCT_SCOPES:
if uscope == scope['scope'] or (uscope.endswith('.readonly') and 'readonly' in scope.get('subscopes', [])):
if uscope == scope['scope'] or (uscope.endswith('.readonly') and 'readonly' in scope['subscopes']):
return scope['api']
return None
@@ -841,7 +867,7 @@ def findAPIforScope(scopesList):
if cscope['scope'] == scope:
requiredAPIs.append(cscope['name'])
return True
if 'readonly' in cscope.get('subscopes', []) and cscope['scope']+'.readonly' == scope:
if cscope['subscopes'] == READONLY and cscope['scope']+'.readonly' == scope:
requiredAPIs.append(cscope['name']+' (supports readonly)')
return True
return False

View File

@@ -177,8 +177,6 @@ ENFORCE_EXPANSIVE_ACCESS = 'enforce_expansive_access'
EVENT_MAX_RESULTS = 'event_max_results'
# Path to extra_args.txt
EXTRA_ARGS = 'extra_args'
# Google Cloud Project Organization ID
GCP_ORG_ID = 'gcp_org_id'
# Gmail CSE certificates directory
GMAIL_CSE_INCERT_DIR = 'gmail_cse_incert_dir'
# Gmail CSE KACL wrapped key files
@@ -333,7 +331,7 @@ CSV_INPUT_ROW_FILTER_ITEMS = {CSV_INPUT_ROW_FILTER, CSV_INPUT_ROW_FILTER_MODE,
CSV_OUTPUT_ROW_FILTER_ITEMS = {CSV_OUTPUT_HEADER_FILTER, CSV_OUTPUT_HEADER_DROP_FILTER,
CSV_OUTPUT_HEADER_FORCE, CSV_OUTPUT_HEADER_ORDER,
CSV_OUTPUT_HEADER_REQUIRED,
# CSV_OUTPUT_HEADER_REQUIRED,
CSV_OUTPUT_ROW_FILTER, CSV_OUTPUT_ROW_FILTER_MODE,
CSV_OUTPUT_ROW_DROP_FILTER, CSV_OUTPUT_ROW_DROP_FILTER_MODE,
CSV_OUTPUT_ROW_LIMIT}
@@ -378,7 +376,7 @@ Defaults = {
CSV_OUTPUT_HEADER_DROP_FILTER: '',
CSV_OUTPUT_HEADER_FORCE: '',
CSV_OUTPUT_HEADER_ORDER: '',
CSV_OUTPUT_HEADER_REQUIRED: '',
# CSV_OUTPUT_HEADER_REQUIRED: '',
CSV_OUTPUT_LINE_TERMINATOR: 'lf',
CSV_OUTPUT_QUOTE_CHAR: '\'"\'',
CSV_OUTPUT_ROW_FILTER: '',
@@ -405,7 +403,6 @@ Defaults = {
ENABLE_GCLOUD_REAUTH: FALSE,
EVENT_MAX_RESULTS: '250',
EXTRA_ARGS: '',
GCP_ORG_ID: '',
GMAIL_CSE_INCERT_DIR: '',
GMAIL_CSE_INKEY_DIR: '',
INPUT_DIR: '.',
@@ -553,7 +550,7 @@ VAR_INFO = {
CSV_OUTPUT_HEADER_DROP_FILTER: {VAR_TYPE: TYPE_HEADERFILTER},
CSV_OUTPUT_HEADER_FORCE: {VAR_TYPE: TYPE_HEADERFORCEREQUIRED},
CSV_OUTPUT_HEADER_ORDER: {VAR_TYPE: TYPE_HEADERORDER},
CSV_OUTPUT_HEADER_REQUIRED: {VAR_TYPE: TYPE_HEADERFORCEREQUIRED},
# CSV_OUTPUT_HEADER_REQUIRED: {VAR_TYPE: TYPE_HEADERFORCEREQUIRED},
CSV_OUTPUT_LINE_TERMINATOR: {VAR_TYPE: TYPE_CHOICE, VAR_CHOICES: {'cr': '\r', 'lf': '\n', 'crlf': '\r\n'}},
CSV_OUTPUT_QUOTE_CHAR: {VAR_TYPE: TYPE_CHARACTER},
CSV_OUTPUT_ROW_FILTER: {VAR_TYPE: TYPE_ROWFILTER},
@@ -580,7 +577,6 @@ VAR_INFO = {
ENABLE_GCLOUD_REAUTH: {VAR_TYPE: TYPE_BOOLEAN},
EVENT_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 2500)},
EXTRA_ARGS: {VAR_TYPE: TYPE_FILE, VAR_SIGFILE: FN_EXTRA_ARGS_TXT, VAR_SFFT: ('', FN_EXTRA_ARGS_TXT), VAR_ACCESS: os.R_OK},
GCP_ORG_ID: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
GMAIL_CSE_INCERT_DIR: {VAR_TYPE: TYPE_DIRECTORY},
GMAIL_CSE_INKEY_DIR: {VAR_TYPE: TYPE_DIRECTORY},
INPUT_DIR: {VAR_TYPE: TYPE_DIRECTORY},

View File

@@ -830,7 +830,6 @@ class GamCLArgs():
ARG_CSEKEYPAIRS = 'csekeypairs'
ARG_CURRENTPROJECTID = 'currentprojectid'
ARG_CUSTOMER = 'customer'
ARG_CUSTOMERID = 'customerid'
ARG_DATASTUDIOASSET = 'datastudioasset'
ARG_DATASTUDIOASSETS = 'datastudioassets'
ARG_DATASTUDIOPERMISSION = 'datastudiopermission'
@@ -914,7 +913,6 @@ class GamCLArgs():
ARG_FORWARDINGADDRESS = 'forwardingaddress'
ARG_FORWARDINGADDRESSES = 'forwardingaddresses'
ARG_GCPFOLDER = 'gcpfolder'
ARG_GCPORGID = 'gcporgid'
ARG_GCPSERVICEACCOUNT = 'gcpserviceaccount'
ARG_GMAIL = 'gmail'
ARG_GMAILPROFILE = 'gmailprofile'

View File

@@ -242,7 +242,6 @@ class GamEntity():
FORWARDING_ADDRESS = 'fwda'
GCP_FOLDER = 'gcpf'
GCP_FOLDER_NAME = 'gcpn'
GCP_ORG_ID = 'gcpo'
GMAIL_PROFILE = 'gmpr'
GROUP = 'grou'
GROUP_ALIAS = 'gali'
@@ -614,7 +613,6 @@ class GamEntity():
FORWARDING_ADDRESS: ['Forwarding Addresses', 'Forwarding Address'],
GCP_FOLDER: ['GCP Folders', 'GCP Folder'],
GCP_FOLDER_NAME: ['GCP Folder Names', 'GCP Folder Name'],
GCP_ORG_ID: ['GCP Organization ID', 'GCP Organization ID'],
GMAIL_PROFILE: ['Gmail Profile', 'Gmail Profile'],
GROUP: ['Groups', 'Group'],
GROUP_ALIAS: ['Group Aliases', 'Group Alias'],

View File

@@ -129,8 +129,6 @@ GAM_CFG_SECTION_NAME = 'gcsn'
GAM_PATH = 'gpth'
# Python source, PyInstaller or StaticX?
GAM_TYPE = 'gtyp'
# Shared Service Account HTTP Object
HTTP_OBJECT = 'http'
# Length of last Got message
LAST_GOT_MSG_LEN = 'lgml'
# License SKUs
@@ -252,7 +250,7 @@ Globals = {
CSV_OUTPUT_HEADER_FILTER: [],
CSV_OUTPUT_HEADER_FORCE: [],
CSV_OUTPUT_HEADER_ORDER: [],
CSV_OUTPUT_HEADER_REQUIRED: [],
# CSV_OUTPUT_HEADER_REQUIRED: [],
CSV_OUTPUT_NO_ESCAPE_CHAR: None,
CSV_OUTPUT_QUOTE_CHAR: None,
CSV_OUTPUT_ROW_DROP_FILTER: [],
@@ -284,7 +282,6 @@ Globals = {
GAM_CFG_SECTION_NAME: '',
GAM_PATH: '.',
GAM_TYPE: '',
HTTP_OBJECT: None,
LAST_GOT_MSG_LEN: 0,
LICENSE_SKUS: [],
MAKE_BUILDING_ID_NAME_MAP: True,

View File

@@ -94,7 +94,7 @@ _SKUS = {
'1010430001': {
'product': '101043', 'aliases': ['gwas', 'plusstorage'], 'displayName': 'Google Workspace Additional Storage'},
'1010470001': {
'product': '101047', 'aliases': ['geminient', 'duetai'], 'displayName': 'Gemini Enterprise - Legacy'},
'product': '101047', 'aliases': ['geminient', 'duetai'], 'displayName': 'Gemini Enterprise'},
'1010470002': {
'product': '101047', 'aliases': ['gwlabs', 'workspacelabs'], 'displayName': 'Google Workspace Labs'},
'1010470003': {
@@ -109,8 +109,6 @@ _SKUS = {
'product': '101047', 'aliases': ['aimeetingsandmessaging'], 'displayName': 'AI Meetings and Messaging'},
'1010470008': {
'product': '101047', 'aliases': ['geminiultra'], 'displayName': 'Google AI Ultra for Business'},
'1010470009': {
'product': '101047', 'aliases': ['aiexpandedaccess'], 'displayName': 'AI Expanded Access'},
'1010490001': {
'product': '101049', 'aliases': ['eeu'], 'displayName': 'Endpoint Education Upgrade'},
'1010500001': {

View File

@@ -6,7 +6,7 @@
\deftab720
\pard\pardeftab720\sl276\slmult1\sa200\qc\partightenfactor0
\f0\fs22 \cf0 Copyright 2026 Jay Lee\
\f0\fs22 \cf0 Copyright 2025 Jay Lee\
\pard\pardeftab720\sa200\qc\partightenfactor0
\f1\b \cf0 Licensed under the Apache License, Version 2.0 (the "License");\

View File

@@ -1,115 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|ARM">
<Configuration>Debug</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|ARM64">
<Configuration>Debug</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGInstrument|ARM">
<Configuration>PGInstrument</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGInstrument|ARM64">
<Configuration>PGInstrument</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGInstrument|Win32">
<Configuration>PGInstrument</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGInstrument|x64">
<Configuration>PGInstrument</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGUpdate|ARM">
<Configuration>PGUpdate</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGUpdate|ARM64">
<Configuration>PGUpdate</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGUpdate|Win32">
<Configuration>PGUpdate</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="PGUpdate|x64">
<Configuration>PGUpdate</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM">
<Configuration>Release</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM64">
<Configuration>Release</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{447F05A8-F581-4CAC-A466-5AC7936E207E}</ProjectGuid>
<RootNamespace>_hashlib</RootNamespace>
<Keyword>Win32Proj</Keyword>
</PropertyGroup>
<Import Project="python.props" />
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>NotSet</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<PropertyGroup>
<TargetExt>$(PyStdlibPydExt)</TargetExt>
</PropertyGroup>
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="pyproject.props" />
<Import Project="openssl.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup>
<_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
</PropertyGroup>
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies>ws2_32.lib;crypt32.lib;advapi32.lib;user32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\Modules\_hashopenssl.c" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="..\PC\python_nt.rc" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="pythoncore.vcxproj">
<Project>{cf7ac3d1-e2df-41d2-bea6-1e2556cdea26}</Project>
<ReferenceOutputAssembly>false</ReferenceOutputAssembly>
</ProjectReference>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

View File

@@ -15,14 +15,12 @@
<_DLLSuffix Condition="$(Platform) == 'ARM64'">$(_DLLSuffix)-arm64</_DLLSuffix>
<_DLLSuffix Condition="$(Platform) == 'x64'">$(_DLLSuffix)-x64</_DLLSuffix>
</PropertyGroup>
<!-- GAM Static Build: Disable missing DLL/PDB copy
<ItemGroup>
<_SSLDLL Include="$(opensslOutDir)\libcrypto$(_DLLSuffix).dll" />
<_SSLDLL Include="$(opensslOutDir)\libcrypto$(_DLLSuffix).pdb" />
<_SSLDLL Include="$(opensslOutDir)\libssl$(_DLLSuffix).dll" />
<_SSLDLL Include="$(opensslOutDir)\libssl$(_DLLSuffix).pdb" />
</ItemGroup>
-->
<Target Name="_CopySSLDLL" Inputs="@(_SSLDLL)" Outputs="@(_SSLDLL->'$(OutDir)%(Filename)%(Extension)')" AfterTargets="Build">
<Copy SourceFiles="@(_SSLDLL)" DestinationFolder="$(OutDir)" />
</Target>

View File

@@ -1,147 +1,128 @@
// Node.js script to launch Simply Sign Desktop app and log a user in
// using native Windows keystrokes and screenshot-desktop for reliable CI imaging.
// Node.js script that implements an Appium client which will launch
// Simply Sign Desktop app and log a user in. Once logged in it should
// be possible to use tools like signtool.exe to sign Windows EXE/MSI files
// with the Certum certificate.
import { execSync, spawn } from 'child_process';
import { Key, remote } from 'webdriverio';
import { exec } from 'child_process';
import { TOTP } from 'totp-generator';
import path from 'path';
import fs from 'fs';
async function screenshot(driver, filename) {
// uncomment to save .png screenshots
await driver.saveScreenshot(filename);
return
}
function sleep(ms) {
return new Promise(resolve => setTimeout(resolve, ms));
}
// Native PowerShell Keystroke Sender
function sendKeys(keys) {
const script = `$wshell = New-Object -ComObject wscript.shell; $wshell.SendKeys('${keys}')`;
execSync(`powershell -Command "${script}"`);
}
// Native PowerShell Desktop Clear
function minimizeAllWindows() {
console.log('Minimizing all rogue background windows...');
const script = `$shell = New-Object -ComObject "Shell.Application"; $shell.MinimizeAll()`;
async function executeCommand(command) {
try {
execSync(`powershell -Command "${script}"`);
} catch (err) {
console.log('Minimize command failed silently.');
let { stdout, stderr } = await exec(command);
return stdout;
} catch (error) {
console.error(`Error executing command: ${command}`);
console.error(`Error details: ${error}`);
throw error;
}
}
async function takeScreenshot(filename) {
const workspace = process.env.GITHUB_WORKSPACE || process.cwd();
const fullPath = path.join(workspace, filename);
const psScript = `
Add-Type -AssemblyName System.Windows.Forms;
Add-Type -AssemblyName System.Drawing;
$Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen;
if ($Screen.Width -eq 0 -or $Screen.Height -eq 0) {
Write-Error "Screen dimensions are 0x0. Desktop not fully initialized.";
exit 1;
}
$bitmap = New-Object System.Drawing.Bitmap $Screen.Width, $Screen.Height;
$graphic = [System.Drawing.Graphics]::FromImage($bitmap);
$graphic.CopyFromScreen($Screen.Left, $Screen.Top, 0, 0, $bitmap.Size);
$bitmap.Save('${fullPath}');
`;
try {
execSync(`powershell -Command "${psScript}"`);
console.log(`Saved screenshot: ${fullPath}`);
} catch (err) {
console.error(`Failed to save screenshot ${fullPath}:`, err.message);
}
}
// Fire and forget application launcher
function launchSSD() {
const child = spawn('C:\\Program Files\\Certum\\SimplySign Desktop\\SimplySignDesktop.exe', [], {
detached: true,
stdio: 'ignore'
});
child.unref();
}
async function runSSD() {
await takeScreenshot('001.png');
minimizeAllWindows();
await sleep(2000);
await takeScreenshot('002.png');
sendKeys('{ESC}');
await sleep(2000);
await takeScreenshot('003.png');
//sendKeys('{ESC}');
//await sleep(2000);
//await takeScreenshot('004.png');
//sendKeys('{ESC}');
//await sleep(2000);
//await takeScreenshot('005.png');
//sendKeys('%{F4}');
//await sleep(2000);
//await takeScreenshot('006.png');
//sendKeys('%{F4}');
//await sleep(2000);
//await takeScreenshot('007.png');
const opts = {
port: 4723,
logLevel: "silent",
capabilities: {
platformName: "Windows",
"appium:app": "C:\\Program Files\\Certum\\SimplySign Desktop\\SimplySignDesktop.exe",
"appium:automationName": "Windows",
},
};
// Re-execute SSD to open login dialog
launchSSD();
await sleep(3000);
await takeScreenshot('008.png');
launchSSD();
await sleep(3000);
await takeScreenshot('009.png');
// 2. Login Flow
console.log('Typing credentials...');
// Type Email
sendKeys('jay0lee@gmail.com');
await sleep(500);
await takeScreenshot('010.png');
// Tab to next field
sendKeys('{TAB}');
await sleep(500);
// Generate and type TOTP
console.log(`Our secret is ${process.env.TOTP_SECRET.length} characters.`);
const { otp } = await TOTP.generate(process.env.TOTP_SECRET, {algorithm: 'SHA-256'});
console.log(`Our token is ${otp.length} characters.`);
sendKeys(otp);
await sleep(500);
await takeScreenshot('011.png');
// Submit
sendKeys('{ENTER}');
console.log('Login sequence complete.');
// Screenshot cascade to monitor the window closing
await takeScreenshot('012.png');
await sleep(500);
await takeScreenshot('013.png');
await sleep(500);
await takeScreenshot('014.png');
await sleep(500);
console.log('Exiting script, leaving SimplySign running in background.');
// Verification block to list all PNGs in the workspace
console.log('\n--- Screenshot Verification ---');
const workspace = process.env.GITHUB_WORKSPACE || process.cwd();
let driver;
try {
const files = fs.readdirSync(workspace);
const pngFiles = files.filter(f => f.endsWith('.png'));
console.log(`Target Directory: ${workspace}`);
console.log(`Found ${pngFiles.length} .png files:`);
pngFiles.forEach(f => console.log(` - ${f}`));
} catch (err) {
console.error(`Error reading directory ${workspace}:`, err.message);
driver = await remote(opts);
// Github Actions Win ARM64 is stuck on a OOB screen that steals focus
// These enter / escapes should dismiss it.
const runner_arch = process.env.RUNNER_ARCH;
if ( runner_arch === "ARM64" ) {
console.log('Running on ARM64...');
await sleep(3000); // Pause execution for 3 seconds
await screenshot(driver, 'oob1.png');
await driver.sendKeys([Key.Enter]);
await sleep(3000); // Pause execution for 3 seconds
await screenshot(driver, 'oob2.png');
await driver.sendKeys([Key.Enter]);
await sleep(3000); // Pause execution for 3 seconds
await screenshot(driver, 'oob3.png');
await driver.sendKeys([Key.Escape]);
await screenshot(driver, 'oob6.png');
} else {
console.log('NOT running on ARM64');
}
console.log('-------------------------------\n');
// Execute SSD again to open login dialog
exec('"C:\\Program Files\\Certum\\SimplySign Desktop\\SimplySignDesktop.exe"', (error, stdout, stderr) => {
if (error) {
console.error(`exec error: ${error}`);
return;
}
});
await sleep(3000);
// Login
const windows = await driver.getWindowHandles();
const login_window = windows[0]
await driver.switchWindow(login_window);
await screenshot(driver, 'login01.png');
const id_value = 'jay0lee@gmail.com';
const id_arr = [...id_value];
await driver.sendKeys(id_arr);
await screenshot(driver, 'login02.png');
await driver.sendKeys([Key.Tab]);
console.log('Our secret is ' + process.env.TOTP_SECRET.length + ' characters.');
// We wait until the last possible second to generate
// our TOTP to ensure it's still valid.
const { otp } = await TOTP.generate(process.env.TOTP_SECRET, {algorithm: 'SHA-256'});
console.log('Our token is ' + otp.length + ' characters.');
const otp_arr = [...otp];
await driver.sendKeys(otp_arr);
await screenshot(driver, 'login03.png');
await driver.sendKeys([Key.Enter]);
// TODO: it's expected that on successful login the window
// will close and these screenshots will error out. Figure
// out how to handle that gracefully.
await screenshot(driver, 'login04.png');
await sleep(500);
await screenshot(driver, 'login05.png');
await sleep(500);
await screenshot(driver, 'login06.png');
await sleep(500);
await screenshot(driver, 'login07.png');
await sleep(500);
await screenshot(driver, 'login08.png');
await sleep(500);
await screenshot(driver, 'login09.png');
await sleep(500);
await screenshot(driver, 'login10.png');
await sleep(500);
await screenshot(driver, 'login11.png');
await sleep(500);
await screenshot(driver, 'login12.png');
} catch (error) {
console.error(error);
//console.error("Error during Appium run:");
}
// INTENTIONAL Keep driver open so tray icon for Certum doesn't close
// finally {
// if (driver) {
// await driver.deleteSession(); // Close the Appium session
// }
//}
}
runSSD();

View File

@@ -14,9 +14,8 @@
There are seven values in `gam.cfg` that can be used to filter the output from `gam print` commands.
* `csv_output_header_filter` - A list of `<RegularExpressions>` used to select specific column headers to include
* `csv_output_header_drop_filter` - A list of `<RegularExpressions>` used to select specific column headers to exclude
* `csv_output_header_force` - A list of `<Strings>` used to specify the exact column headers to include
* `csv_output_header_order` - A list of `<Strings>` used to specify the column header order; any headers in the file but not in the list will appear after the header* `csv_output_header_required` - A list of `<Strings>` used to specify column headers that are included even if the print command doesn't return them
s in the list.
* `csv_output_header_force` - A list of <Strings> used to specify the exact column headers to include
* `csv_output_header_order` - A list of <Strings> used to specify the column header order; any headers in the file but not in the list will appear after the headers in the list.
* `csv_output_row_filter` - A list or JSON dictionary used to include specific rows based on column values
* `csv_output_row_drop_filter` - A list or JSON dictionary used to exclude specific rows based on column values
* `csv_output_row_limit` - A limit on the number of rows written

View File

@@ -99,25 +99,14 @@ Typically, you will enclose the entire list in double quotes and quote each item
## Manage printers
When creating a printer you must specify: `displayname`, `ou`, `uri` and `makeandmodel` or `driverless`.
```
gam create printer <PrinterAttribute>+ [nodetails|returnidonly]
gam update printer <PrinterID> <PrinterAttribute>+ [nodetails|returnidonly]
gam create printer <PrinterAttribute>+ [nodetails]
gam update printer <PrinterID> <PrinterAttribute>+ [nodetails]
gam delete printer
<PrinterIDList>|
<FileSelector>|
<CSVFileSelector>
```
By default, when a printer is created/updated, GAM outputs details of the printer.
* `nodetails` - Suppress the datails output.
* `returnidonly` - Display just the printer ID of the created printer as output
To retrieve the printer ID with `returnidonly`:
```
Linux/MacOS
printerId=$(gam create printer ... returnidonly)
Windows PowerShell
$printerId = & gam create printer ... returnidonly
```
The printer ID will only be valid when the return code of the command is 0; program accordingly.
By default, when a printer is created/updated, GAM outputs details of the printer; the `nodetails` option suppresses this output.
## Display printers
Display information about a single printer.

View File

@@ -58,7 +58,7 @@ See: https://cloud.google.com/identity/docs/concepts/supported-policy-api-settin
Display selected policies.
```
gam info policies <CIPolicyEntity>
[nowarnings] [noappnames] [noidmappimg]
[nowarnings] [noappnames]
[formatjson]
```
@@ -72,17 +72,13 @@ By default, policy warnings are displayed, use the 'nowarnings` option to suppre
By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist`
to get the application name for the application ID. Use option `noappnames` to suppress these calls.
By default, additional API calls are made to add the `policyQuery/groupEmail` and `policyQuery/orgUnitPath` fields
that are mapped from the `policyQuery/group` and `policyQuery/orgUnit` fields. Use option `noidmapping'
to suppress these calls and not add the additional fields.
By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format.
Display all or filtered policies.
```
gam show policies
[filter <String>] [nowarnings] [noappnames] [noidmappimg]
[filter <String>] [nowarnings] [noappnames]
[group <REMatchPattern>] [ou|org|orgunit <REMatchPattern>]
[formatjson]
```
@@ -96,16 +92,12 @@ By default, policy warnings are displayed, use the `nowarnings` option to suppre
By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist`
to get the application name for the application ID. Use option `noappnames` to suppress these calls.
By default, additional API calls are made to add the `policyQuery/groupEmail` and `policyQuery/orgUnitPath` fields
that are mapped from the `policyQuery/group` and `policyQuery/orgUnit` fields. Use option `noidmapping'
to suppress these calls and not add the additional fields.
By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format.
```
gam print policies [todrive <ToDriveAttribute>*]
[filter <String>] [nowarnings] [noappnames] [noidmappimg]
[filter <String>] [nowarnings] [noappnames]
[group <REMatchPattern>] [ou|org|orgunit <REMatchPattern>]
[formatjson [quotechar <Character>]]
```
@@ -116,10 +108,6 @@ By default, all policies are displayed:
By default, policy warnings are displayed, use the `nowarnings` option to suppress their display.
By default, additional API calls are made to add the `policyQuery/groupEmail` and `policyQuery/orgUnitPath` fields
that are mapped from the `policyQuery/group` and `policyQuery/orgUnit` fields. Use option `noidmapping'
to suppress these calls and not add the additional fields.
By default, additional API calls are made for `settings/workspace_marketplace.apps_allowlist`
to get the application name for the application ID. Use option `noappnames` to suppress these calls.

View File

@@ -319,8 +319,6 @@ Data fields identified in a `csvkmd` argument.
(select <ProjectIDList> | <FileSelector> | <CSVFileSelector>)
<PrinterIDEntity> ::=
<PrinterIDList> | <FileSelector> | <CSVFileSelector>
<QueryDriveFile> :: = <String> See: https://developers.google.com/workspace/drive/api/guides/search-files
<QuerySharedDrive> ::= <String> See: https://developers.google.com/workspace/drive/api/guides/search-shareddrives
<RecipientEntity> ::=
<EmailAddressEntity> | (select <UserTypeEntity>)
<ResourceEntity> ::=
@@ -331,22 +329,22 @@ Data fields identified in a `csvkmd` argument.
<SerialNumberList> | <FileSelector> | <CSVFileSelector>
<SharedDriveIDEntity> ::=
<DriveFileItem> |
(shareddriveid <DriveFileItem>) | (shareddriveid:<DriveFileItem>)
(teamdriveid <DriveFileItem>) | (teamdriveid:<DriveFileItem>)
<SharedDriveNameEntity> ::=
(shareddrive <SharedDriveName>) | (shareddrive:<SharedDriveName>)
(teamdrive <SharedDriveName>) | (teamdrive:<SharedDriveName>)
<SharedDriveEntity> ::=
<SharedDriveIDEntity> |
<SharedDriveNameEntity>
<SharedDriveAdminQueryEntity> ::=
(shareddriveadminquery <QuerySharedDrive>) | (shareddriveadminquery:<QuerySharedDrive>)
(teamdriveadminquery <QueryTeamDrive>) | (teamdriveadminquery:<QueryTeamDrive>)
<SharedDriveEntityAdmin> ::=
<SharedDriveIDEntity> |
<SharedDriveNameEntity>|
<SharedDriveAdminQueryEntity>
<SharedDriveFileNameEntity> ::=
(shareddrivefilename <DriveFileName>) | (shareddrivefilename:<DriveFileName>)
(teamdrivefilename <DriveFileName>) | (teamdrivefilename:<DriveFileName>)
<SharedDriveFileQueryEntity> ::=
(shareddrivequery <QueryDriveFile>) | (shareddrivequery:<QueryDriveFile>)
(teamdrivequery <QueryDriveFile>) | (teamdrivequery:<QueryDriveFile>)
<SharedDriveFileQueryShortcut> ::=
all_files | all_folders | all_google_files | all_non_google_files | all_items
<SiteACLScopeEntity> ::=

View File

@@ -114,9 +114,9 @@ ous_and_children_na_ns
(anydrivefilename <DriveFileName>)|(anydrivefilename:<DriveFileName>)
<SharedDriveID> ::= <String>
<SharedDriveName> ::= <String>
<SharedDriveIDEntity> ::= (shareddriveid <DriveFileItem>) | (shareddriveid:<DriveFileItem>)
<SharedDriveNameEntity> ::= (shareddrive <SharedDriveName>) | (shareddrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::= (shareddrivefilename <DriveFileName>) | (shareddrivefilename:<DriveFileName>)
<SharedDriveIDEntity> ::= (teamdriveid <DriveFileItem>) | (teamdriveid:<DriveFileItem>)
<SharedDriveNameEntity> ::= (teamdrive <SharedDriveName>) | (teamdrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::= (teamdrivefilename <DriveFileName>) | (teamdrivefilename:<DriveFileName>)
<SharedDriveEntity> ::=
<SharedDriveIDEntity> |
<SharedDriveNameEntity>
@@ -327,7 +327,7 @@ Use these options to select users for GAM commands.
* `ou_arch` - Archived users
* `ou_ns` - Non-suspended users
* `ou_susp` - Suspended users
* `ou_na_ns` - Non-archived and non-suspended users
* `ou_na_ns` - Non-archived and nn-suspended users
## Users in the Organization Unit `<OrgUnitItem>` and all of its sub Organization Units
* `ou_and_children|ou_and_children_na|ou_and_children_arch|ou_and_children_ns|ou_and_children_susp|ou_and_children_na_ns <OrgUnitItem>`
@@ -336,7 +336,7 @@ Use these options to select users for GAM commands.
* `ou_and_children_arch` - Archived users
* `ou_and_children_ns` - Non-suspended users
* `ou_and_children_susp` - Suspended users
* `ou_and_children_na_ns` - Non-archived and non-suspended users
* `ou_and_children_na_ns` - Non-archived and nn-suspended users
## Users directly in the Organization Units `<OrgUnitList>`
* `ous|ous_na|ous_arch|ous_ns|ous_susp|ous_na_ns <OrgUnitList>` - Users directly in the Organization Units `<OrgUnitList>`
@@ -345,7 +345,7 @@ Use these options to select users for GAM commands.
* `ous_arch` - Archived users
* `ous_ns` - Non-suspended users
* `ous_susp` - Suspended users
* `ous_na_ns` - Non-archived and non-suspended users
* `ous_na_ns` - Non-archived and nn-suspended users
`<OrgUnitList>` may require special quoting based on whether the OUs contain spaces, commas or single quotes.

View File

@@ -3,7 +3,6 @@
- [Notes](#Notes)
- [API documentation](#api-documentation)
- [Grant Service Account Rights to Manage CAA](#grant-service-account-rights-to-manage-caa)
- [Get Google Cloud organization ID for your workspace](#Get Google Cloud organization ID for your workspace)
- [Definitions](#definitions)
- [Parameters for Basic Levels](#parameters-for-basic-levels)
- [Create an Access Level](#create-an-access-level)
@@ -37,15 +36,6 @@ In order for GAM to manage CAA access levels, you need to grant your service acc
10. Click `Save`. It may take 15 minutes or more for the role permissions to propagate.
11. Confirm the role is in place by re-running `gam print caalevels`
## Get Google Cloud organization ID for your workspace
This ID is used by the caalevel commands; to eliminate additional API calls,
you can get the value and store it in the `gam.cfg/gcp_org_id` variable.
```
$ gam info gcporgid
organizations/906207637890
$ gam config gcp_org_id organizations/906207637890 save
```
## Definitions
```
<JSONData> ::= (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) |

View File

@@ -4,8 +4,6 @@
- [Update customer](#update-customer)
- [Display customer](#display-customer)
- [Display instance](#display-instance)
- [Display Customer ID](#display-customer-id)
- [Display GCP organization ID](#display-gcp-organization-id)
## API documentation
* [Directory API - Customers](https://developers.google.com/admin-sdk/directory/reference/rest/v1/customers)
@@ -47,19 +45,3 @@ gam info instance [formatjson]
```
By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format.
## Display Customer ID
You can get and set the `gam.cfg/customer_id` value with these commands:
```
$ gam info customerid
C78abc9de
$ gam config customer_id C78abc9de save
```
## Display GCP organization ID
You can get and set the `gam.cfg/gcp_org_id` value with these commands:
```
$ gam info gcporgid
organizations/906207637890
$ gam config gcp_org_id organizations/906207637890 save
```

View File

@@ -25,41 +25,41 @@ start a new terminal session and reissue the command from above.
## Executable, Manual
* Executable Archive, Manual, Linux/Google Cloud Shell
- `gam-7.wx.yz-linux-x86_64-glibc2.35.tar.xz`
- `gam-7.wx.yz-linux-x86_64-glibc2.36.tar.xz`
- `gam-7.wx.yz-linux-x86_64-glibc2.39.tar.xz`
- `gam-7.wx.yz-linux-x86_64-legacy.tar.xz`
- Download the archive, extract the contents into some directory.
- Start a terminal session.
* Executable Archive, Manual, Raspberry Pi/ChromeOS ARM devices
- `gam-7.wx.yz-linux-arm64-glibc2.35.tar.xz`
- `gam-7.wx.yz-linux-arm64-glibc2.36.tar.xz`
- `gam-7.wx.yz-linux-arm64-glibc2.39.tar.xz`
- `gam-7.wx.yz-linux-arm64-legacy.tar.xz`
- Download the archive, extract the contents into some directory.
- Start a terminal session.
* Executable Archive, Manual, Mac OS versions Sonoma, Sequoia - M1/M2
- `gam-7.wx.yz-macos14.8-arm64.tar.xz`
- `gam-7.wx.yz-macos14.7-arm64.tar.xz`
- Download the archive, extract the contents into some directory.
- Start a terminal session.
* Executable Archive, Manual, Mac OS versions Sequoia - M2/M3
- `gam-7.wx.yz-macos15.7-arm64.tar.xz`
- Download the archive, extract the contents into some directory.
- Start a terminal session.
* Executable Archive, Manual, Mac OS, versions Sequoia, Tahoe - Intel
- `gam-7.wx.yz-macos15.7-x86_64.tar.xz`
- `gam-7.wx.yz-macos15.6-arm64.tar.xz`
- Download the archive, extract the contents into some directory.
- Start a terminal session.
* Executable Archive, Manual, Mac OS versions Tahoe - M2/M3/M4
- `gam-7.wx.yz-macos26.3-arm64.tar.xz`
- `gam-7.wx.yz-macos26.0-arm64.tar.xz`
- Download the archive, extract the contents into some directory.
- Start a terminal session.
* Executable Archive, Manual, Mac OS versions Tahoe - Intel
- `gam-7.wx.yz-macos26.3-x86_64.tar.xz`
* Executable Archive, Manual, Mac OS, versions Ventura, Sonoma - Intel
- `gam-7.wx.yz-macos13.7-x86_64.tar.xz`
- Download the archive, extract the contents into some directory.
- Start a terminal session.
* Executable Archive, Manual, Mac OS, versions Sequoia, Tahoe - Intel
- `gam-7.wx.yz-macos15.6-x86_64.tar.xz`
- Download the archive, extract the contents into some directory.
- Start a terminal session.
@@ -69,7 +69,7 @@ start a new terminal session and reissue the command from above.
- Start a Command Prompt/PowerShell session.
* Executable Installer, Manual, Windows 64 bit
- `gam-7.wx.yz-windows-x86_64.exe`
- `gam-7.wx.yz-windows-x86_64.msi`
- Download the installer and run it.
- Start a Command Prompt/PowerShell session.
@@ -79,7 +79,7 @@ start a new terminal session and reissue the command from above.
- Start a Command Prompt/PowerShell session.
* Executable Installer, Manual, Windows 11 ARM
- `gam-7.wx.yz-windows-arm64.exe`
- `gam-7.wx.yz-windows-arm64.msi`
- Download the installer and run it.
- Start a Command Prompt/PowerShell session.

View File

@@ -49,8 +49,7 @@
<DriveFolderID> ::= <String>
<DriveFolderIDList> ::= "<DriveFolderID>(,<DriveFolderID>)*"
<DriveFolderName> ::= <String>
<QueryDriveFile> :: = <String> See: https://developers.google.com/workspace/drive/api/guides/search-files
<QuerySharedDrive> ::= <String> See: https://developers.google.com/workspace/drive/api/guides/search-shareddrives
<QueryDriveFile> :: = <String> See: https://developers.google.com/drive/api/v3/search-files
<DriveFileQueryEntity> ::=
(query <QueryDriveFile>) | (query:<QueryDriveFile>)
<DriveFileQueryShortcut> ::=
@@ -91,15 +90,15 @@
<SharedDriveID> ::= <String>
<SharedDriveName> ::= <String>
<SharedDriveIDEntity> ::= (shareddriveid <SharedDriveID>) | (shareddriveid:<SharedDriveID>)
<SharedDriveNameEntity> ::= (shareddrive <SharedDriveName>) | (shareddrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::= (shareddrivefilename <DriveFileName>) | (shareddrivefilename:<DriveFileName>)
<SharedDriveIDEntity> ::= (teamdriveid <SharedDriveID>) | (teamdriveid:<SharedDriveID>)
<SharedDriveNameEntity> ::= (teamdrive <SharedDriveName>) | (teamdrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::= (teamdrivefilename <DriveFileName>) | (teamdrivefilename:<DriveFileName>)
<SharedDriveEntity> ::=
<SharedDriveIDEntity> |
<SharedDriveNameEntity>
<SharedDriveAdminQueryEntity> ::=
(shareddriveadminquery <QuerySharedDrive>) | (shareddriveadminquery:<QuerySharedDrive>)
(teamdriveadminquery <QueryTeamDrive>) | (teamdriveadminquery:<QueryTeamDrive>)
<SharedDriveFileQueryEntity> ::=
(query <QueryDriveFile>) | (query:<QueryDriveFile>)
<SharedDriveFileQueryShortcut> ::=
@@ -336,13 +335,13 @@ Select a Shared Drive file by giving its unique ID.
```
<SharedDriveIDEntity> ::=
<DriveFileItem> |
(shareddriveid <DriveFileItem>) | (shareddriveid:<DriveFileItem>)
(teamdriveid <DriveFileItem>) | (teamdriveid:<DriveFileItem>)
```
### Examples
```
gam user testuser show fileinfo 1234ABCD
gam user testuser show fileinfo id 1234ABCD
gam user testuser show fileinfo shareddriveid 1234ABCD
gam user testuser show fileinfo teamdriveid 1234ABCD
```
## Select Shared Drive file by name
If you have the name, a search must be performed to find the ID that matches the name.
@@ -351,16 +350,16 @@ You must specify the Shared Drive, either by ID or name, and the name of the fil
Remember, searching for a file by name may return several file IDs if you have multiple files with the same name.
```
<SharedDriveIDEntity> ::=
(shareddriveid <DriveFileItem>) | (shareddriveid:<DriveFileItem>)
(teamdriveid <DriveFileItem>) | (teamdriveid:<DriveFileItem>)
<SharedDriveNameEntity> ::=
(shareddrive <SharedDriveName>) | (shareddrive:<SharedDriveName>)
(teamdrive <SharedDriveName>) | (teamdrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::=
(shareddrivefilename <DriveFileName>) | (shareddrivefilename:<DriveFileName>)
(teamdrivefilename <DriveFileName>) | (teamdrivefilename:<DriveFileName>)
```
### Examples
```
gam user testuser show fileinfo shareddriveid 1234ABCD shareddrivefilename "Test File"
gam user testuser show fileinfo shareddrive "Shared Drive 1" shareddrivefilename "Test File"
gam user testuser show fileinfo teamdriveid 1234ABCD teamdrivefilename "Test File"
gam user testuser show fileinfo teamdrive "Shared Drive 1" teamdrivefilename "Test File"
```
## Select Shared Drive file by query
You can use a query to find a file ID. You perform the query on all Shared Drives or a specific Shared Drive.
@@ -368,7 +367,7 @@ You can use a query to find a file ID. You perform the query on all Shared Drive
See: [Drive Query](https://developers.google.com/drive/api/v3/search-files)
```
<SharedDriveFileQueryEntity> ::=
(shareddrivequery <QueryDriveFile>) | (shareddrivequery:<QueryDriveFile>)
(teamdrivequery <QueryDriveFile>) | (teamdrivequery:<QueryDriveFile>)
<SharedDriveFileQueryShortcut> ::=
all_files | all_folders | all_google_files | all_non_google_files | all_items
```
@@ -381,32 +380,32 @@ Keyword to query mappings for `<DriveFileQueryShortcut>`:
### Examples
```
gam user testuser show fileinfo shareddrivequery "name='Test File'"
gam user testuser show fileinfo shareddriveid 1234ABCD shareddrivequery "name='Test File'"
gam user testuser show fileinfo shareddrive shareddrive "Shared Drive 1" shareddrivequery "name='Test File'"
gam user testuser show fileinfo shareddriveid 1234ABCD all_non_google_files
gam user testuser show fileinfo teamdrivequery "name='Test File'"
gam user testuser show fileinfo teamdriveid 1234ABCD teamdrivequery "name='Test File'"
gam user testuser show fileinfo teamdrive teamdrive "Shared Drive 1" teamdrivequery "name='Test File'"
gam user testuser show fileinfo teamdriveid 1234ABCD all_non_google_files
```
## Select root folder of a Shared Drive by ID
The root folder of a Shared Drive is a folder, you select it by giving its unique ID.
```
<SharedDriveIDEntity> ::=
<DriveFileItem> |
(shareddriveid <DriveFileItem>) | (shareddriveid:<DriveFileItem>)
(teamdriveid <DriveFileItem>) | (teamdriveid:<DriveFileItem>)
```
### Examples
```
gam user testuser show fileinfo 1234ABCD
gam user testuser show fileinfo shareddriveid 1234ABCD
gam user testuser show fileinfo teamdriveid 1234ABCD
```
## Select root folder of a Shared Drive by name
If you have a Shared Drive name, a search must be performed to find the ID that matches the name.
```
<SharedDriveNameEntity> ::=
(shareddrive <SharedDriveName>) | (shareddrive:<SharedDriveName>)
(teamdrive <SharedDriveName>) | (teamdrive:<SharedDriveName>)
```
### Examples
```
gam user testuser show fileinfo shareddrive "Shared Drive 1"
gam user testuser show fileinfo teamdrive "Shared Drive 1"
```

View File

@@ -27,13 +27,13 @@
(anydrivefilename <DriveFileName>) | (anydrivefilename:<DriveFileName>)
<SharedDriveIDEntity> ::=
<DriveFileItem> |
(shareddriveid <DriveFileItem>) | (shareddriveid:<DriveFileItem>)
(teamdriveid <DriveFileItem>) | (teamdriveid:<DriveFileItem>)
<SharedDriveName> ::= <String>
<SharedDriveNameEntity> ::=
(shareddrive <SharedDriveName>) | (shareddrive:<SharedDriveName>)
(teamdrive <SharedDriveName>) | (teamdrive:<SharedDriveName>)
<SharedDriveEntity> ::=
<SharedDriveIDEntity> |
<SharedDriveNameEntity>
<SharedDriveFileNameEntity> ::=
(shareddrivefilename <DriveFileName>) | (shareddrivefilename:<DriveFileName>)
(teamdrivefilename <DriveFileName>) | (teamdrivefilename:<DriveFileName>)
```

View File

@@ -10,310 +10,6 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
### 7.38.02
Added license SKU `1010470009` for `AI Expanded Access`; abbreviation `aiexpanded`.
### 7.38.01
Added `root` as a synonym for '/' in command line arguments that specify an OU.
This is to avoid issues where a stand-alone `/` on the command line may be mis-interpreted
by the command line interpreter as a reference to the file system root.
### 7.38.00
Added variable `gcp_org_id` to `gam.cfg` that is used by the following commands;
by setting the value, additional API calls are eliminated.
```
gam create project
gam create gcpfolder
gam create|update|delete caalevel
gam print|show caalevels
gam print|show tokens gcpdetails
```
You can get and set the `gam.cfg/gcp_org_id` value with these commands:
```
$ gam info gcporgid
organizations/906207637890
$ gam config gcp_org_id organizations/906207637890 save
```
You can get and set the `gam.cfg/customer_id` value with these commands:
```
$ gam info customerid
C78abc9de
$ gam config customer_id C78abc9de save
```
Added the following options to `gam report <ActivityApplicationName>`.
```
applicationinfofilter <String>
networkinfofilter <String>
statusfilter <String>
includesensitivedata
```
### 7.37.00
Added new client access scopes used by `gam print tokens`.
```
[*] 52) Resource Manager API - Organizations readonly
[*] 53) Resource Manager API - Projects readonly
```
Added option `gcpdetails` to `gam print tokens` that uses these scopes to get additional project information.
### 7.36.03
Added command to send email replies that causes Gmail to recognize the message
in conversation mode for the user sending the reply and the user receiving the reply;
GAM supplies the necessary headers and options.
```
gam <UserTypeEntity> sendreply
(((query <QueryGmail> [querytime<String> <Date>]*) [or|and])+) | (ids <MessageIDEntity>)
[replyto <EmailAddress>]
[subject <String>] [<MessageContent>] [html [<Boolean>]]
(attach <FileName> [charset <CharSet>])*
(embedimage <FileName> <String>)*
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
gam user user@domain.com sendreply query "rfc822MsgId:<CAAMmEdqj43...1OsQ@mail.gmail.com>" textmessage "Thanks for the information"
gam user user@domain.com sendreply ids 19cfc3506c02c22b textmessage "Thanks for the information"
```
* See: https://github.com/GAM-team/GAM/wiki/Send-Email#conversation-mode
### 7.36.02
Added option `threadid <String>` to `gam [<UserTypeEntity>] sendemail` that causes Gmail to recognize the message
in conversation mode in for the user sending the message.
* See: https://github.com/GAM-team/GAM/wiki/Send-Email#conversation-mode
### 7.36.01
Fixed bug in `gam info|print|show policies` where the `policyQuery/query` field was not displayed.
Added option `noidmapping` to `gam info|print|show policies` to suppress adding the `policyQuery/groupEmail` and
`policyQuery/orgUnitPath` name fields that are mapped from the `policyQuery/group` and `policyQuery/orgInit` id fields.
### 7.36.00
Added options `filtermultiattrtype` and filtermultiattrcustom` to `gam info user` and
`gam print users` that support filtering `<UserMultiAttribute>` display based on `type` or `customType`.
```
<UserMultiAttributeFilterName> ::=
address|addresses|
externalid|externalids|
im|ims|
keyword|keywords|
location|locations|
orgainzation|organizations|
otheremail|otheremails|
phone|phones|
relation|relations|
website|websites
```
* `filtermultiattrtype <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `type` is `<String>`
* `filtermultiattrcustom <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `customType` is `<String>`
```
gam info user user@domain.com quick filtermultiattrtype organizations work filtermultiattrcustom phones private
```
### 7.35.03
Updated `gam <UserTypeEntity> print filelist|filecounts` to handle options `showsize` and `showsizeunits` as independent options.
* `showsize` - Display a column `Size` with a byte count
* `showsizeunits` - Display a column `SizeUnits` with a formatted size with units
If you select both options, you can sort multiple rows using the `Size` column.
### 7.35.02
Added option `showsizeunits` to `gam gam <UserTypeEntity> print filelist|filecounts` as an alternative to option `showsize`.
* `showsize` - 31549200951 - This is a byte count
* `showsizeunits` - 31.55 GB - This is as shown in the Admin console
### 7.35.01
The following commands have been updated to not verify the existence of `gam.cfg` credentials files
as the WARNING messages about the missing files can be confusing to new users setting up GAM.
```
gam checkconn
gam oauth|oauth2
gam version
```
### 7.35.00
Windows `gam-7.wx.yz-x86_64.msi` has been replaced with `gam-7.wx.yz-x86_64.exe`.
Windows `gam-7.wx.yz-arm64.msi` has been replaced with `gam-7.wx.yz-arm64.exe`.
Updated cacerts.pem to avoid to following error in `gam checkconn`.
```
Checking raw.githubusercontent.com (185.199.110.133) (2)... ERROR
Certificate verification failed. If you are behind a firewall / proxy server that does TLS / SSL inspection you may need to point GAM at your certificate authority file by setting cacerts_pem = /path/to/your/certauth.pem in gam.cfg.
```
If you have customized cacerts.pem, update your version with the `Operating CA: Let's Encrypt` values from the GAM default version.
### 7.34.13
Fixed bug in `gam info policies <CIPolicyNameEntity> ... formatjson` where extraneous line
`Show Info 1 Policy` was displayed.
### 7.34.12
Fixed build errors that prevented Windows zip files from being created.
Added option `returnidonly` to `gam create|update printer` that causes GAM to return just the ID
of the printer.
### 7.34.11
Updated gam-install.sh script for macOS/Linux to properly config GAM when the answer to the following question is No.
```
Can you run a full browser on this machine? (usually Y for macOS, N for Linux if you SSH into this machine)
```
### 7.34.10
Fixed bug where `formatjson quotechar <Character>` on the command line did not override `redirect csv <FileName> multiprocess quotechar <Character>`.
### 7.34.09
Updated `gam <UserTypeEntity> update photo` to delete the user's existing photo
before performing the update as the API update will succeed but not replace a user's existing self-set photo.
### 7.34.08
Rebuild to avoid the following error:
```
requests/__init__.py:113: RequestsDependencyWarning: urllib3 (2.6.3) or chardet (6.0.0.post1)/charset_normalizer (3.4.4) doesn't match a supported version!
```
### 7.34.07
Added the following command to create a guest user.
* See: https://support.google.com/a/answer/16558545
```
gam create guestuser <EmailAddress>
```
Added the following items to `<UserFieldName>`:
* `guestaccountinfo` - Additional guest-related metadata fields
* `isguestuser` - Indicates if the inserted user is a guest
### 7.34.06
Added option `copyfolderpermissions [<Boolean>]` to `gam <UserTypeEntity> copy|move drivefile`.
When `copyfolderpermissions false` is specified, no folder permissions are copied; this simplifies
disabling all folder permission copying.
When not specified or `copyfolderpermissions [true]` is specified, folder permissions are copied based on the following options:
```
copymergewithparentfolderpermissions [<Boolean>]
copymergedtopfolderpermissions [<Boolean>]
copytopfolderpermissions [<Boolean>]
copytopfolderiheritedpermissions [<Boolean>]
copytopfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders
copymergedsubfolderpermissions [<Boolean>]
copysubfolderpermissions [<Boolean>]
copysubfolderinheritedpermissions [<Boolean>]
copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders
```
### 7.34.05
Updated `gam report <ActivityApplictionName>` to perform a reverse chronological sort
on all rows across multiple users and/or event names; this is consistent with the behavior
in the Admin console. Use option `notimesort` to suppress this sort.
### 7.34.04
Updated `gam <UserTypeEntity> create drivefileacl <DriveFileEntity> user <UserItem> role owner` to better
handle the case where the current owner of a file is suspended. Previously, the command was displayed as an error
even though the ownership was changed.
```
gam user currentowner@domain.com add drivefileacl <DriveFileID> user newowner@domain.com role owner
User: currentowner@domain.com, Add 1 Drive File/Folder ACL
User: currentowner@domain.com, Drive File/Folder ID: <DriveFileID>, Permission ID: newowner@domain.com, Add Failed: Sorry, the items were successfully shared but emails could not be sent to newowner@domain.com.
```
Now the command is displayed as a success with a note indicating that the ownership change email was not sent.
```
gam user currentowner@domain.com add drivefileacl <DriveFileID> user newowner@domain.com role owner
User: currentowner@domain.com, Add 1 Drive File/Folder ACL
User: currentowner@domain.com, Drive File/Folder ID: <DriveFileID>, Permission ID: newowner@domain.com, Added: Sorry, the items were successfully shared but emails could not be sent to newowner@domain.com.
New Owner
id: 10834698115409747890
type: user
emailAddress: newowner@domain.com
domain: domain.com
role: owner
permissionDetails:
role: writer
type: file
inherited: True
inheritedFrom: Unknown
role: owner
type: file
inherited: False
deleted: False
pendingOwner: False
```
### 7.34.03
Updated to Python 3.14.3
Updated Cryptography to 46.0.5
Updated `gam course <CourseID> create student|teacher <EmailAddress>` error message when
`<EmailAddress>` is not in a trusted domain to remove suggestion about creating an invitation.
### 7.34.02
Updated GAM to prevent errors like the following:
```
ERROR: Unable to find the server at oauth2.googleapis.com
ERROR: Unable to find the server at gmail.googleapis.com
```
If you experience any unexpected errors, post a message to:
* The GAM Discussion Forum (google-apps-manager@googlegroups.com)
* The GAM Public Chat Room (https://chat.google.com/app/chat/AAAA4BULhWo)
### 7.34.01
Updated `gam create|update adminrole` to handle the following errors:
```
ERROR: 400: invalid - Invalid Role privileges
ERROR: 400: required - Required parameter: [resource.privileges[n].service_id]
```
### 7.34.00
Added variable `csv_output_header_required` to `gam.cfg` that is a comma separated list of `<Strings>`
that are required to be in the list of column headers in the CSV file written by a gam print command.
This will typically be used to specify headers that are required in subsequent commands that process
the CSV file even if the API didn't return any data for those columns.
Updated the following commands to not require the `Directory API - Domains` scope
unless the `internal` or `external` options are used to request the member category.
```
gam info|print groups
gam print|show group-members
gam info|print cigroups
gam print|show cigroup-members
gam <UserTypeEntity> print|show filesharecounts
```
### 7.33.03
Fixed bug in `gam [<UserTypeEntity>] sendemail ... from <EmailAddress> replyto <EmailAddress>`

View File

@@ -9,30 +9,30 @@ and all necessary authentications.
## Linux and MacOS and Google Cloud Shell
In these examples, your Google Super admin is shown as gamteam@domain.com; replace with the
In these examples, your Google Super admin is shown as admin@domain.com; replace with the
actual email adddress.
In these examples, the user home folder is shown as /Users/gamteam; adjust according to your
In these examples, the user home folder is shown as /Users/admin; adjust according to your
specific situation; e.g., /home/administrator.
This example assumes that GAM7 has been installed in /Users/gamteam/bin/gam7.
This example assumes that GAM7 has been installed in /Users/admin/bin/gam7.
If you've installed GAM7 in another directory, substitute that value in the directions.
### Set a configuration directory
The default GAM configuration directory is /Users/gamteam/.gam; for more flexibility you
The default GAM configuration directory is /Users/admin/.gam; for more flexibility you
probably want to select a non-hidden location. This example assumes that the GAM
configuration directory will be /Users/gamteam/GAMConfig; If you've chosen another directory,
configuration directory will be /Users/admin/GAMConfig; If you've chosen another directory,
substitute that value in the directions.
Make the directory:
```
gamteam@server:/Users/gamteam$ mkdir -p /Users/gamteam/GAMConfig
admin@server:/Users/admin$ mkdir -p /Users/admin/GAMConfig
```
Add the following line:
```
export GAMCFGDIR="/Users/gamteam/GAMConfig"
export GAMCFGDIR="/Users/admin/GAMConfig"
```
to one of these files based on your shell:
```
@@ -44,34 +44,34 @@ to one of these files based on your shell:
Issue the following command replacing `<Filename>` with the name of the file you edited:
```
gamteam@server:/Users/gamteam$ source <Filename>
admin@server:/Users/admin$ source <Filename>
```
You need to make sure the GAM configuration directory actually exists. Test that like this:
```
gamteam@server:/Users/gamteam$ ls -l $GAMCFGDIR
admin@server:/Users/admin$ ls -l $GAMCFGDIR
```
### Set a working directory
You should establish a GAM working directory; you will store your GAM related
data in this folder and execute GAM commands from this folder. You should not use
/Users/gamteam/bin/gam7 or /Users/gamteam/GAMConfig for this purpose.
This example assumes that the GAM working directory will be /Users/gamteam/GAMWork; If you've chosen
/Users/admin/bin/gam7 or /Users/admin/GAMConfig for this purpose.
This example assumes that the GAM working directory will be /Users/admin/GAMWork; If you've chosen
another directory, substitute that value in the directions.
Make the directory:
```
gamteam@server:/Users/gamteam$ mkdir -p /Users/gamteam/GAMWork
admin@server:/Users/admin$ mkdir -p /Users/admin/GAMWork
```
### Set an alias
You should set an alias to point to /Users/gamteam/bin/gam7/gam so you can operate from the /Users/gamteam/GAMWork directory.
You should set an alias to point to /Users/admin/bin/gam7/gam so you can operate from the /Users/admin/GAMWork directory.
Aliases aren't available in scripts, so you may want to set a symlink instead, see below.
Add the following line:
```
alias gam="/Users/gamteam/bin/gam7/gam"
alias gam="/Users/admin/bin/gam7/gam"
```
to one of these files based on your shell:
```
@@ -84,48 +84,48 @@ to one of these files based on your shell:
Issue the following command replacing `<Filename>` with the name of the file you edited:
```
gamteam@server:/Users/gamteam$ source <Filename>
admin@server:/Users/admin$ source <Filename>
```
### Set a symlink
Set a symlink in `/usr/local/bin` (or some other location on $PATH) to point to GAM.
```
gamteam@server:/Users/gamteam$ ln -s "/Users/gamteam/bin/gam7/gam" /usr/local/bin/gam
admin@server:/Users/admin$ ln -s "/Users/admin/bin/gam7/gam" /usr/local/bin/gam
```
### Initialize GAM7; this should be the first GAM7 command executed.
```
gamteam@server:/Users/gamteam$ gam config drive_dir /Users/gamteam/GAMWork verify
Created: /Users/gamteam/GAMConfig
Created: /Users/gamteam/GAMConfig/gamcache
Config File: /Users/gamteam/GAMConfig/gam.cfg, Initialized
admin@server:/Users/admin$ gam config drive_dir /Users/admin/GAMWork verify
Created: /Users/admin/GAMConfig
Created: /Users/admin/GAMConfig/gamcache
Config File: /Users/admin/GAMConfig/gam.cfg, Initialized
Section: DEFAULT
...
cache_dir = /Users/gamteam/GAMConfig/gamcache
cache_dir = /Users/admin/GAMConfig/gamcache
...
config_dir = /Users/gamteam/GAMConfig
config_dir = /Users/admin/GAMConfig
...
drive_dir = /Users/gamteam/GAMWork
drive_dir = /Users/admin/GAMWork
...
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Verify initialization, this was a successful installation.
```
gamteam@server:/Users/gamteam$ ls -l $GAMCFGDIR
admin@server:/Users/admin$ ls -l $GAMCFGDIR
total 48
-rw-r-----+ 1 admin staff 1069 Mar 3 09:23 gam.cfg
drwxr-x---+ 2 admin staff 68 Mar 3 09:23 gamcache
-rw-rw-rw-+ 1 admin staff 0 Mar 3 09:23 oauth2.txt.lock
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Create your project with local browser
```
gamteam@server:/Users/gamteam$ gam create project
WARNING: Config File: /Users/gamteam/GAMConfig/gam.cfg, Item: client_secrets_json, Value: /Users/gamteam/GAMConfig/client_secrets.json, Not Found
WARNING: Config File: /Users/gamteam/GAMConfig/gam.cfg, Item: oauth2service_json, Value: /Users/gamteam/GAMConfig/oauth2service.json, Not Found
admin@server:/Users/admin$ gam create project
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Item: client_secrets_json, Value: /Users/admin/GAMConfig/client_secrets.json, Not Found
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Item: oauth2service_json, Value: /Users/admin/GAMConfig/oauth2service.json, Not Found
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gamteam@domain.com
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) admin@domain.com
Your browser has been opened to visit:
@@ -167,7 +167,7 @@ Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-p
Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Extracting public certificate
Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Done generating private key and public certificate
Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Service Account Key: SVCACCTKEY, Uploaded
Service Account OAuth2 File: /Users/gamteam/GAMConfig/oauth2service.json, Service Account Key: SVCACCTKEY, Updated
Service Account OAuth2 File: /Users/admin/GAMConfig/oauth2service.json, Service Account Key: SVCACCTKEY, Updated
Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Has rights to rotate own private key
Please go to:
@@ -185,16 +185,16 @@ Enter your Client Secret: CLIENTSECRET
6. Go back to your browser and click OK to close the "OAuth client" popup if it's still open.
That's it! Your GAM Project is created and ready to use.
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Create your project without local browser (Google Cloud Shell for instance)
```
gamteam@server:/Users/gamteam$ gam config no_browser true save
gamteam@server:/Users/gamteam$ gam create project
WARNING: Config File: /Users/gamteam/GAMConfig/gam.cfg, Item: client_secrets_json, Value: /Users/gamteam/GAMConfig/client_secrets.json, Not Found
WARNING: Config File: /Users/gamteam/GAMConfig/gam.cfg, Item: oauth2service_json, Value: /Users/gamteam/GAMConfig/oauth2service.json, Not Found
admin@server:/Users/admin$ gam config no_browser true save
admin@server:/Users/admin$ gam create project
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Item: client_secrets_json, Value: /Users/admin/GAMConfig/client_secrets.json, Not Found
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Item: oauth2service_json, Value: /Users/admin/GAMConfig/oauth2service.json, Not Found
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gamteam@domain.com
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) admin@domain.com
Go to the following link in a browser on other computer:
@@ -235,7 +235,7 @@ Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-p
Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Extracting public certificate
Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Done generating private key and public certificate
Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Service Account Key: SVCACCTKEY, Uploaded
Service Account OAuth2 File: /Users/gamteam/GAMConfig/oauth2service.json, Service Account Key: SVCACCTKEY, Updated
Service Account OAuth2 File: /Users/admin/GAMConfig/oauth2service.json, Service Account Key: SVCACCTKEY, Updated
Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Has rights to rotate own private key
Please go to:
@@ -253,7 +253,7 @@ Enter your Client Secret: CLIENTSECRET
6. Go back to your browser and click OK to close the "OAuth client" popup if it's still open.
That's it! Your GAM Project is created and ready to use.
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Enable GAM7 client access
@@ -261,7 +261,7 @@ You select a list of scopes, GAM uses a browser to get final authorization from
writes the credentials into the file oauth2.txt.
```
gamteam@server:/Users/gamteam$ gam oauth create
admin@server:/Users/admin$ gam oauth create
[*] 0) Calendar API (supports readonly)
[*] 1) Chrome Browser Cloud Management API (supports readonly)
@@ -328,7 +328,7 @@ Continue to authorization by entering a 'c'
Please enter 0-50[a|r] or s|u|e|c: c
Enter your Google Workspace admin email address? gamteam@domain.com
Enter your Google Workspace admin email address? admin@domain.com
Go to the following link in a browser on this computer or on another computer:
@@ -340,16 +340,16 @@ click the Allow button, paste "Unable to connect" URL from other computer (only
Enter verification code or paste "Unable to connect" URL from other computer (only URL data up to &scope required):
The authentication flow has completed.
Client OAuth2 File: /Users/gamteam/GAMConfig/oauth2.txt, Created
Client OAuth2 File: /Users/admin/GAMConfig/oauth2.txt, Created
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
If clicking on the link in the instructions does not work (i.e. you get a 404 or 400 error message, instead of something about 'unable to connect') the URL in the link is too long. Most likely, you have selected all scopes. Try again with fewer scopes until it works. (there is no harm in repeatedly trying)
### Enable GAM7 service account access.
```
gamteam@server:/Users/gamteam$ gam user gamteam@domain.com update serviceaccount
admin@server:/Users/admin$ gam user admin@domain.com update serviceaccount
[*] 0) AlertCenter API
[*] 1) Analytics API - read only
[*] 2) Analytics Admin API - read only
@@ -413,7 +413,7 @@ Service Account Private Key Authentication
Authentication PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
Service Account Private Key age: 1 day WARN
Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 38
https://mail.google.com/ FAIL (1/38)
https://sites.google.com/feeds FAIL (2/38)
https://www.googleapis.com/auth/analytics.readonly FAIL (3/38)
@@ -464,7 +464,7 @@ Click AUTHORIZE
When the box closes you're done
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
The link shown in the error message should take you directly to the authorization screen.
If not, make sure that you are logged in as a domain admin, then re-enter the link.
@@ -474,14 +474,14 @@ If not, make sure that you are logged in as a domain admin, then re-enter the li
Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
for the authorization to complete.
```
gamteam@server:/Users/gamteam$ gam user gamteam@domain.com check serviceaccount
admin@server:/Users/admin$ gam user admin@domain.com check serviceaccount
System time status
Your system time differs from admin.googleapis.com by less than 1 second PASS
Service Account Private Key Authentication
Authentication PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
Service Account Private Key age: 1 day WARN
Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 38
https://mail.google.com/ PASS (1/38)
https://sites.google.com/feeds PASS (2/38)
https://www.googleapis.com/auth/analytics.readonly PASS (3/38)
@@ -524,14 +524,14 @@ All scopes PASSED!
Service Account Client name: SVCACCTID is fully authorized.
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Update gam.cfg with some basic values
* `customer_id` - Having this data keeps Gam from having to make extra API calls
* `domain` - This allows you to omit the domain portion of email addresses
* `timezone local` - Gam will convert all UTC times to your local timezone
```
gamteam@server:/Users/gamteam$ gam info domain
admin@server:/Users/admin$ gam info domain
Customer ID: C01234567
Primary Domain: domain.com
Customer Creation Time: 2007-06-06T15:47:55.444Z
@@ -539,8 +539,8 @@ Primary Domain Verified: True
Default Language: en
...
gamteam@server:/Users/gamteam$ gam config customer_id C01234567 domain domain.com timezone local save verify
Config File: /Users/gamteam/GAMConfig/gam.cfg, Saved
admin@server:/Users/admin$ gam config customer_id C01234567 domain domain.com timezone local save verify
Config File: /Users/admin/GAMConfig/gam.cfg, Saved
Section: DEFAULT
...
customer_id = C01234567
@@ -550,12 +550,12 @@ Section: DEFAULT
timezone = local
...
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
## Windows
In these examples, your Google Super admin is shown as gamteam@domain.com; replace with the
In these examples, your Google Super admin is shown as admin@domain.com; replace with the
actual email adddress.
This example assumes that GAM7 has been installed in C:\GAM7; if you've installed
@@ -645,7 +645,7 @@ C:\>gam create project
WARNING: Config File: C:\GAMConfig\gam.cfg, Item: client_secrets_json, Value: C:\GAMConfig\client_secrets.json, Not Found
WARNING: Config File: C:\GAMConfig\gam.cfg, Item: oauth2service_json, Value: C:\GAMConfig\oauth2service.json, Not Found
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gamteam@domain.com
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) admin@domain.com
Your browser has been opened to visit:
@@ -714,7 +714,7 @@ C:\>gam create project
WARNING: Config File: C:\GAMConfig\gam.cfg, Item: client_secrets_json, Value: C:\GAMConfig\client_secrets.json, Not Found
WARNING: Config File: C:\GAMConfig\gam.cfg, Item: oauth2service_json, Value: C:\GAMConfig\oauth2service.json, Not Found
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gamteam@domain.com
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) admin@domain.com
Go to the following link in a browser on other computer:
@@ -848,7 +848,7 @@ Continue to authorization by entering a 'c'
Please enter 0-50[a|r] or s|u|e|c: c
Enter your Google Workspace admin email address? gamteam@domain.com
Enter your Google Workspace admin email address? admin@domain.com
Go to the following link in a browser on this computer or on another computer:
@@ -866,7 +866,7 @@ C:\>
```
### Enable GAM7 service account access.
```
C:\>gam user gamteam@domain.com update serviceaccount
C:\>gam user admin@domain.com update serviceaccount
[*] 0) AlertCenter API
[*] 1) Analytics API - read only
[*] 2) Analytics Admin API - read only
@@ -930,7 +930,7 @@ Service Account Private Key Authentication
Authentication PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
Service Account Private Key age: 1 day WARN
Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 38
https://mail.google.com/ FAIL (1/38)
https://sites.google.com/feeds FAIL (2/38)
https://www.googleapis.com/auth/analytics.readonly FAIL (3/38)
@@ -991,14 +991,14 @@ If not, make sure that you are logged in as a domain admin, then re-enter the li
Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
for the authorization to complete.
```
C:\>gam user gamteam@domain.com check serviceaccount
C:\>gam user admin@domain.com check serviceaccount
System time status
Your system time differs from admin.googleapis.com by less than 1 second PASS
Service Account Private Key Authentication
Authentication PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
Service Account Private Key age: 1 day WARN
Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 38
https://mail.google.com/ PASS (1/38)
https://sites.google.com/feeds PASS (2/38)
https://www.googleapis.com/auth/analytics.readonly PASS (3/38)

View File

@@ -129,7 +129,7 @@ See: [Downloads-Installs-GAM7](Downloads-Installs-GAM7)
### Update to latest version, use current path `C:\GAMADV-XTD3`.
You don't have to update path or scripts.
* Executable Installer, Manual, Windows 64 bit
- `gam-7.wx.yz-windows-x86_64.exe`
- `gam-7.wx.yz-windows-x86_64.msi`
- Download the installer and run it. When prompted for the Destination Foler, enter `C:\GAMADV-XTD3`.
* Executable Archive, Manual, Windows 64 bit
- `gam-7.wx.yz-windows-x86_64.zip`
@@ -139,7 +139,7 @@ Your update is complete.
### Update to latest version, use new path `C:\GAM7`.
* Executable Installer, Manual, Windows 64 bit
- `gam-7.wx.yz-windows-x86_64.exe`
- `gam-7.wx.yz-windows-x86_64.msi`
- Download the installer and run it.
- Start a Command Prompt/PowerShell session.
* Executable Archive, Manual, Windows 64 bit

View File

@@ -10,30 +10,30 @@ and all necessary authentications.
## Linux and MacOS and Google Cloud Shell
In these examples, your Google Super admin is shown as gamteam@domain.com; replace with the
In these examples, your Google Super admin is shown as admin@domain.com; replace with the
actual email adddress.
In these examples, the user home folder is shown as /Users/gamteam; adjust according to your
In these examples, the user home folder is shown as /Users/admin; adjust according to your
specific situation; e.g., /home/administrator.
This example assumes that GAM7 has been installed in /Users/gamteam/bin/gam7.
This example assumes that GAM7 has been installed in /Users/admin/bin/gam7.
If you've installed GAM7 in another directory, substitute that value in the directions.
### Set a configuration directory
The default GAM configuration directory is /Users/gamteam/.gam; for more flexibility you
The default GAM configuration directory is /Users/admin/.gam; for more flexibility you
probably want to select a non-hidden location. This example assumes that the GAM
configuration directory will be /Users/gamteam/GAMConfig; If you've chosen another directory,
configuration directory will be /Users/admin/GAMConfig; If you've chosen another directory,
substitute that value in the directions.
Make the directory:
```
gamteam@server:/Users/gamteam$ mkdir -p /Users/gamteam/GAMConfig
admin@server:/Users/admin$ mkdir -p /Users/admin/GAMConfig
```
Add the following line:
```
export GAMCFGDIR="/Users/gamteam/GAMConfig"
export GAMCFGDIR="/Users/admin/GAMConfig"
```
to one of these files based on your shell:
```
@@ -45,34 +45,34 @@ to one of these files based on your shell:
Issue the following command replacing `<Filename>` with the name of the file you edited:
```
gamteam@server:/Users/gamteam$ source <Filename>
admin@server:/Users/admin$ source <Filename>
```
You need to make sure the GAM configuration directory actually exists. Test that like this:
```
gamteam@server:/Users/gamteam$ ls -l $GAMCFGDIR
admin@server:/Users/admin$ ls -l $GAMCFGDIR
```
### Set a working directory
You should establish a GAM working directory; you will store your GAM related
data in this folder and execute GAM commands from this folder. You should not use
/Users/gamteam/bin/gam7 or /Users/gamteam/GAMConfig for this purpose.
This example assumes that the GAM working directory will be /Users/gamteam/GAMWork; If you've chosen
/Users/admin/bin/gam7 or /Users/admin/GAMConfig for this purpose.
This example assumes that the GAM working directory will be /Users/admin/GAMWork; If you've chosen
another directory, substitute that value in the directions.
Make the directory:
```
gamteam@server:/Users/gamteam$ mkdir -p /Users/gamteam/GAMWork
admin@server:/Users/admin$ mkdir -p /Users/admin/GAMWork
```
### Set an alias
You should set an alias to point to /Users/gamteam/bin/gam7/gam so you can operate from the /Users/gamteam/GAMWork directory.
You should set an alias to point to /Users/admin/bin/gam7/gam so you can operate from the /Users/admin/GAMWork directory.
Aliases aren't available in scripts, so you may want to set a symlink instead, see below.
Add the following line:
```
alias gam="/Users/gamteam/bin/gam7/gam"
alias gam="/Users/admin/bin/gam7/gam"
```
to one of these files based on your shell:
```
@@ -85,62 +85,62 @@ to one of these files based on your shell:
If you already have an alias for legacy GAM but are no longer going to run it, delete these lines:
```
function gam() { "/Users/gamteam/bin/gam/gam" "$@" ; }"
alias gam="/Users/gamteam/bin/gam/gam"
function gam() { "/Users/admin/bin/gam/gam" "$@" ; }"
alias gam="/Users/admin/bin/gam/gam"
```
If you already have an alias for legacy GAM and want to run it and GAM7, give your old alias a different name:
```
function gamstd() { "/Users/gamteam/bin/gam/gam" "$@" ; }"
alias gamstd="/Users/gamteam/bin/gam/gam"
function gamstd() { "/Users/admin/bin/gam/gam" "$@" ; }"
alias gamstd="/Users/admin/bin/gam/gam"
```
Issue the following command replacing `<Filename>` with the name of the file you edited:
```
gamteam@server:/Users/gamteam$ source <Filename>
admin@server:/Users/admin$ source <Filename>
```
### Set a symlink
Set a symlink in `/usr/local/bin` (or some other location on $PATH) to point to GAM.
```
gamteam@server:/Users/gamteam$ ln -s "/Users/gamteam/bin/gam7/gam" /usr/local/bin/gam
admin@server:/Users/admin$ ln -s "/Users/admin/bin/gam7/gam" /usr/local/bin/gam
```
Set environment variable OLDGAMPATH to point to the existing Gam directory; /Users/gamteam/bin/gam will be used in this example.
Set environment variable OLDGAMPATH to point to the existing Gam directory; /Users/admin/bin/gam will be used in this example.
If your existing Gam is in another directory, substitute that value in the directions.
```
gamteam@server:/Users/gamteam$ export OLDGAMPATH=/Users/gamteam/bin/gam
admin@server:/Users/admin$ export OLDGAMPATH=/Users/admin/bin/gam
```
Verify that OLDGAMPATH points to the correct location.
```
gamteam@server:/Users/gamteam$ ls -l $OLDGAMPATH/*.json
-rw-r-----@ 1 admin staff 553 Feb 26 10:39 /Users/gamteam/bin/gam/client_secrets.json
-rw-r-----@ 1 admin staff 2377 Feb 26 10:39 /Users/gamteam/bin/gam/oauth2service.json
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$ ls -l $OLDGAMPATH/*.json
-rw-r-----@ 1 admin staff 553 Feb 26 10:39 /Users/admin/bin/gam/client_secrets.json
-rw-r-----@ 1 admin staff 2377 Feb 26 10:39 /Users/admin/bin/gam/oauth2service.json
admin@server:/Users/admin$
```
### Initialize GAM7; this should be the first GAM7 command executed.
```
gamteam@server:/Users/gamteam$ gam config drive_dir /Users/gamteam/GAMWork verify
Created: /Users/gamteam/GAMConfig
Created: /Users/gamteam/GAMConfig/gamcache
Copied: /Users/gamteam/bin/gam/oauth2service.json, To: /Users/gamteam/GAMConfig/oauth2service.json
Copied: /Users/gamteam/bin/gam/oauth2.txt, To: /Users/gamteam/GAMConfig/oauth2.txt
Copied: /Users/gamteam/bin/gam/client_secrets.json, To: /Users/gamteam/GAMConfig/client_secrets.json
Config File: /Users/gamteam/GAMConfig/gam.cfg, Initialized
admin@server:/Users/admin$ gam config drive_dir /Users/admin/GAMWork verify
Created: /Users/admin/GAMConfig
Created: /Users/admin/GAMConfig/gamcache
Copied: /Users/admin/bin/gam/oauth2service.json, To: /Users/admin/GAMConfig/oauth2service.json
Copied: /Users/admin/bin/gam/oauth2.txt, To: /Users/admin/GAMConfig/oauth2.txt
Copied: /Users/admin/bin/gam/client_secrets.json, To: /Users/admin/GAMConfig/client_secrets.json
Config File: /Users/admin/GAMConfig/gam.cfg, Initialized
Section: DEFAULT
...
cache_dir = /Users/gamteam/GAMConfig/gamcache
cache_dir = /Users/admin/GAMConfig/gamcache
...
config_dir = /Users/gamteam/GAMConfig
config_dir = /Users/admin/GAMConfig
...
drive_dir = /Users/gamteam/GAMWork
drive_dir = /Users/admin/GAMWork
...
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Verify initialization, this was a successful installation.
```
gamteam@server:/Users/gamteam$ ls -l $GAMCFGDIR
admin@server:/Users/admin$ ls -l $GAMCFGDIR
total 48
-rw-r-----+ 1 admin staff 553 Mar 3 09:23 client_secrets.json
-rw-r-----+ 1 admin staff 1069 Mar 3 09:23 gam.cfg
@@ -149,21 +149,21 @@ drwxr-x---+ 2 admin staff 68 Mar 3 09:23 gamcache
-rw-r-----+ 1 admin staff 5104 Mar 3 09:23 oauth2.txt
-rw-rw-rw-+ 1 admin staff 0 Mar 3 09:23 oauth2.txt.lock
-rw-r-----+ 1 admin staff 2377 Mar 3 09:23 oauth2service.json
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
If the verification looks like this, then you'll have to copy client_secrets.json and oauth2service.json manually.
```
gamteam@server:/Users/gamteam$ ls -l $GAMCFGDIR
admin@server:/Users/admin$ ls -l $GAMCFGDIR
total 40
-rw-r-----+ 1 admin admin 1427 Nov 1 11:38 gam.cfg
drwxr-x---+ 16 admin admin 544 Nov 2 07:25 gamcache
-rw-r--r--+ 1 admin admin 10 Nov 2 15:31 lastupdatecheck.txt
-rw-rw-rw-+ 1 admin admin 0 Sep 19 17:28 oauth2.txt.lock
gamteam@server:/Users/gamteam$ cp -p $OLDGAMPATH/client_secrets.json $GAMCFGDIR/
gamteam@server:/Users/gamteam$ cp -p $OLDGAMPATH/oauth2service.json $GAMCFGDIR/
gamteam@server:/Users/gamteam$ cp -p $OLDGAMPATH/oauth2.txt $GAMCFGDIR/
gamteam@server:/Users/gamteam$ ls -l $GAMCFGDIR
admin@server:/Users/admin$ cp -p $OLDGAMPATH/client_secrets.json $GAMCFGDIR/
admin@server:/Users/admin$ cp -p $OLDGAMPATH/oauth2service.json $GAMCFGDIR/
admin@server:/Users/admin$ cp -p $OLDGAMPATH/oauth2.txt $GAMCFGDIR/
admin@server:/Users/admin$ ls -l $GAMCFGDIR
total 40
-rw-r-----+ 1 admin staff 553 Mar 3 09:23 client_secrets.json
-rw-r-----+ 1 admin staff 1069 Mar 3 09:23 gam.cfg
@@ -175,9 +175,9 @@ drwxr-x---+ 2 admin staff 68 Mar 3 09:23 gamcache
```
### Update your project with local browser to include the additional APIs that GAM7 uses.
```
gamteam@server:/Users/gamteam$ gam update project
admin@server:/Users/admin$ gam update project
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? gamteam@domain.com
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? admin@domain.com
Your browser has been opened to visit:
@@ -205,14 +205,14 @@ Enable 3 APIs
API: groupsmigration.googleapis.com, Enabled (2/3)
API: sheets.googleapis.com, Enabled (3/3)
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Update your project without local browser (Google Cloud Shell for instance) to include the additional APIs that GAM7 uses
```
gamteam@server:/Users/gamteam$ gam config no_browser true save
gamteam@server:/Users/gamteam$ gam update project
admin@server:/Users/admin$ gam config no_browser true save
admin@server:/Users/admin$ gam update project
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? gamteam@domain.com
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? admin@domain.com
Go to the following link in a browser on other computer:
@@ -239,7 +239,7 @@ Enable 3 APIs
API: groupsmigration.googleapis.com, Enabled (2/3)
API: sheets.googleapis.com, Enabled (3/3)
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Enable GAM7 client access
@@ -249,16 +249,17 @@ You select a list of scopes, GAM uses a browser to get final authorization from
writes the credentials into the file oauth2.txt.
```
gamteam@server:/Users/gamteam$ rm -f /Users/gamteam/GAMConfig/oauth2.txt
gamteam@server:/Users/gamteam$ gam version
GAM 7.38.02 - https://github.com/GAM-team/GAM - pyinstaller
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
admin@server:/Users/admin$ gam version
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
GAM 7.33.03 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.3 64-bit final
macOS Tahoe 26.3.1 arm64
Path: /Users/gamteam/bin/gam7
Config File: /Users/gamteam/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Python 3.14.2 64-bit final
macOS Tahoe 26.2 x86_64
Path: /Users/admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
gamteam@server:/Users/gamteam$ gam oauth create
admin@server:/Users/admin$ gam oauth create
[*] 0) Calendar API (supports readonly)
[*] 1) Chrome Browser Cloud Management API (supports readonly)
@@ -325,7 +326,7 @@ Continue to authorization by entering a 'c'
Please enter 0-50[a|r] or s|u|e|c: c
Enter your Google Workspace admin email address? gamteam@domain.com
Enter your Google Workspace admin email address? admin@domain.com
Go to the following link in a browser on this computer or on another computer:
@@ -337,13 +338,13 @@ click the Allow button, paste "Unable to connect" URL from other computer (only
Enter verification code or paste "Unable to connect" URL from other computer (only URL data up to &scope required):
The authentication flow has completed.
Client OAuth2 File: /Users/gamteam/GAMConfig/oauth2.txt, Created
Client OAuth2 File: /Users/admin/GAMConfig/oauth2.txt, Created
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Enable GAM7 service account access.
```
gamteam@server:/Users/gamteam$ gam user gamteam@domain.com update serviceaccount
admin@server:/Users/admin$ gam user admin@domain.com update serviceaccount
[*] 0) AlertCenter API
[*] 1) Analytics API - read only
[*] 2) Analytics Admin API - read only
@@ -407,7 +408,7 @@ Service Account Private Key Authentication
Authentication PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
Service Account Private Key age: 1 day WARN
Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 38
https://mail.google.com/ PASS (1/38)
https://sites.google.com/feeds FAIL (2/38)
https://www.googleapis.com/auth/analytics.readonly FAIL (3/38)
@@ -458,7 +459,7 @@ Click AUTHORIZE
When the box closes you're done
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
The link shown in the error message should take you directly to the authorization screen.
If not, make sure that you are logged in as a domain admin, then re-enter the link.
@@ -468,7 +469,7 @@ If not, make sure that you are logged in as a domain admin, then re-enter the li
Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
for the authorization to complete.
```
gamteam@server:/Users/gamteam$ gam user gamteam@domain.com check serviceaccount
admin@server:/Users/admin$ gam user admin@domain.com check serviceaccount
System time status
Your system time differs from admin.googleapis.com by less than 1 second PASS
@@ -476,7 +477,7 @@ Service Account Private Key Authentication
Authentication PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
Service Account Private Key age: 1 day WARN
Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 38
https://mail.google.com/ PASS (1/38)
https://sites.google.com/feeds PASS (2/38)
https://www.googleapis.com/auth/analytics.readonly PASS (3/38)
@@ -518,14 +519,14 @@ Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
All scopes PASSED!
Service Account Client name: SVCACCTID is fully authorized.
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
### Update gam.cfg with some basic values
* `customer_id` - Having this data keeps Gam from having to make extra API calls
* `domain` - This allows you to omit the domain portion of email addresses
* `timezone local` - Gam will convert all UTC times to your local timezone
```
gamteam@server:/Users/gamteam$ gam info domain
admin@server:/Users/admin$ gam info domain
Customer ID: C01234567
Primary Domain: domain.com
Customer Creation Time: 2007-06-06T15:47:55.444Z
@@ -533,8 +534,8 @@ Primary Domain Verified: True
Default Language: en
...
gamteam@server:/Users/gamteam$ gam config customer_id C01234567 domain domain.com timezone local save verify
Config File: /Users/gamteam/GAMConfig/gam.cfg, Saved
admin@server:/Users/admin$ gam config customer_id C01234567 domain domain.com timezone local save verify
Config File: /Users/admin/GAMConfig/gam.cfg, Saved
Section: DEFAULT
activity_max_results = 100
admin_email = ''
@@ -545,18 +546,18 @@ Section: DEFAULT
bail_on_internal_error_tries = 2
batch_size = 50
cacerts_pem = ''
cache_dir = /Users/gamteam/GAMConfig/gamcache
cache_dir = /Users/admin/GAMConfig/gamcache
cache_discovery_only = true
channel_customer_id = ''
charset = utf-8
chat_max_results = 100
classroom_max_results = 0
client_secrets_json = client_secrets.json ; /Users/gamteam/GAMConfig/client_secrets.json
client_secrets_json = client_secrets.json ; /Users/admin/GAMConfig/client_secrets.json
clock_skew_in_seconds = 10
cmdlog = ''
cmdlog_max_backups = 5
cmdlog_max_kilo_bytes = 1000
config_dir = /Users/gamteam/GAMConfig
config_dir = /Users/admin/GAMConfig
contact_max_results = 100
csv_input_column_delimiter = ,
csv_input_no_escape_char = true
@@ -573,7 +574,6 @@ Section: DEFAULT
csv_output_header_filter = ''
csv_output_header_force = ''
csv_output_header_order = ''
csv_output_header_required = ''
csv_output_line_terminator = lf
csv_output_no_escape_char = false
csv_output_quote_char = '"'
@@ -593,7 +593,7 @@ Section: DEFAULT
developer_preview_apis = ''
device_max_results = 200
domain = domain.com
drive_dir = /Users/gamteam/GAMWork
drive_dir = /Users/admin/GAMWork
drive_max_results = 1000
email_batch_size = 50
enable_dasa = false
@@ -621,8 +621,8 @@ Section: DEFAULT
no_verify_ssl = false
num_tbatch_threads = 2
num_threads = 5
oauth2_txt = oauth2.txt ; /Users/gamteam/GAMConfig/oauth2.txt
oauth2service_json = oauth2service.json ; /Users/gamteam/GAMConfig/oauth2service.json
oauth2_txt = oauth2.txt ; /Users/admin/GAMConfig/oauth2.txt
oauth2service_json = oauth2service.json ; /Users/admin/GAMConfig/oauth2service.json
output_dateformat = ''
output_timeformat = ''
people_max_results = 100
@@ -673,12 +673,12 @@ Section: DEFAULT
user_max_results = 500
user_service_account_access_only = false
gamteam@server:/Users/gamteam$
admin@server:/Users/admin$
```
## Windows
In these examples, your Google Super admin is shown as gamteam@domain.com; replace with the
In these examples, your Google Super admin is shown as admin@domain.com; replace with the
actual email adddress.
This example assumes that GAM7 has been installed in C:\GAM7; if you've installed
@@ -797,7 +797,6 @@ Section: DEFAULT
csv_output_header_filter = ''
csv_output_header_force = ''
csv_output_header_order = ''
csv_output_header_required = ''
csv_output_line_terminator = lf
csv_output_no_escape_char = false
csv_output_quote_char = '"'
@@ -964,7 +963,7 @@ C:\>dir %GAMCFGDIR%
```
C:\>gam update project
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? gamteam@domain.com
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? admin@domain.com
Your browser has been opened to visit:
@@ -996,7 +995,7 @@ C:\>
C:\>gam config no_browser true save
C:\>gam update project
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? gamteam@domain.com
Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? admin@domain.com
Go to the following link in a browser on other computer:
@@ -1034,9 +1033,10 @@ writes the credentials into the file oauth2.txt.
```
C:\>del C:\GAMConfig\oauth2.txt
C:\>gam version
GAM 7.38.02 - https://github.com/GAM-team/GAM - pythonsource
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
GAM 7.33.03 - https://github.com/GAM-team/GAM - pythonsource
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.3 64-bit final
Python 3.14.2 64-bit final
Windows 11 10.0.26200 AMD64
Path: C:\GAM7
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -1108,7 +1108,7 @@ Continue to authorization by entering a 'c'
Please enter 0-50[a|r] or s|u|e|c: c
Enter your Google Workspace admin email address? gamteam@domain.com
Enter your Google Workspace admin email address? admin@domain.com
Go to the following link in a browser on this computer or on another computer:
@@ -1127,7 +1127,7 @@ C:\>
### Enable GAM7 service account access.
```
C:\>gam user gamteam@domain.com update serviceaccount
C:\>gam user admin@domain.com update serviceaccount
[*] 0) AlertCenter API
[*] 1) Analytics API - read only
[*] 2) Analytics Admin API - read only
@@ -1191,7 +1191,7 @@ Service Account Private Key Authentication
Authentication PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
Service Account Private Key age: 1 day WARN
Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 38
https://mail.google.com/ PASS (1/38)
https://sites.google.com/feeds FAIL (2/38)
https://www.googleapis.com/auth/analytics.readonly FAIL (3/38)
@@ -1252,14 +1252,14 @@ If not, make sure that you are logged in as a domain admin, then re-enter the li
Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
for the authorization to complete.
```
C:\>gam user gamteam@domain.com check serviceaccount
C:\>gam user admin@domain.com check serviceaccount
System time status
Your system time differs from admin.googleapis.com by less than 1 second PASS
Service Account Private Key Authentication
Authentication PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
Service Account Private Key age: 1 day WARN
Domain-wide Delegation authentication:, User: gamteam@domain.com, Scopes: 38
Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 38
https://mail.google.com/ PASS (1/38)
https://sites.google.com/feeds PASS (2/38)
https://www.googleapis.com/auth/analytics.readonly PASS (3/38)
@@ -1357,7 +1357,6 @@ Section: DEFAULT
csv_output_header_filter = ''
csv_output_header_force = ''
csv_output_header_order = ''
csv_output_header_required = ''
csv_output_line_terminator = lf
csv_output_no_escape_char = false
csv_output_quote_char = '"'

View File

@@ -41,7 +41,6 @@
| License Name | License SKU | Abbreviation |
|--------------|-------------|---------------|
| AI Expanded Access | 1010470009 | aiexpanded |
| AI Meetings and Messaging | 1010470007 | aimeetingsandmessaging |
| AI Security | 1010470006 | aisecurity |
| AppSheet Core | 1010380001 | appsheetcore |

View File

@@ -56,7 +56,6 @@ The only `<VariableNames>` recognized in this `<Section>` are:
* `csv_output_header_drop_filter`
* `csv_output_header_force`
* `csv_output_header_order`
* `csv_output_header_required`
* `csv_output_row_filter`
* `csv_output_row_filter_mode`
* `csv_output_row_drop_filter`

View File

@@ -1,7 +1,6 @@
# Organizational Units
- [API documentation](#api-documentation)
- [Definitions](#definitions)
- [Special character issues](#special-character-issues)
- [Special quoting](#special-quoting)
- [Manage organizational units](#manage-organizational-units)
- [Add users to an organizational unit](#add-users-to-an-organizational-unit)
@@ -51,15 +50,6 @@ For `<UserTypeEntity>`, see: [Collections of Users](Collections-Of-Users)
For `<CrOSTypeEntity>`, see: [Collections of ChromeOS Devices](Collections-of-ChromeOS-Devices)
## Special character issues
If an organizational unit name contains a `#` or a `+`, these commands will not work due to a bug
that Google does not plan to fix.
```
gam update org|ou <OrgUnitPath>
gam delete org|ou <OrgUnitPath>
gam info org|ou <OrgUnitPath>
```
## Special quoting
You specify a single organizational unit with `org <OrgUnitPath>` and a list of organizationsl units with `orgs <OrgUnitList>`.
As organizational unit paths can contain spaces, some care must be used when entering `<OrgUnitPath>` and `<OrgUnitList>`.

View File

@@ -14,17 +14,17 @@
## API documentation
* [Activity Data Sources](https://support.google.com/a/answer/11482175)
Changes starting 2025-10-29.
* [Reports API - Admin log event changes](https://support.google.com/a/answer/16601511)
Changes starting 2025-12-20
* [Reports API - Admin log enhancements](https://workspaceupdates.googleblog.com/2025/12/google-workspace-audit-log-api.html)
Changes starting 2026-02-17.
* [Reports API - Admin log event changes](https://support.google.com/a/answer/16601511)
These pages show event/parameter names; scroll down in the left column to: Reports.
These pages show event/parameter names:
* [Reports API - Admin Activities](https://developers.google.com/workspace/admin/reports/v1/appendix/activity/admin-event-names)
* [Reports API - Activities](https://developers.google.com/workspace/admin/reports/v1/appendix/activity/access-transparency)
* [Reports API - Customer Usage](https://developers.google.com/workspace/admin/reports/v1/appendix/usage/customer)
* [Reports API - User Usage](https://developers.google.com/workspace/admin/reports/v1/appendix/usage/user)
* [Reports API - Activities](https://developers.google.com/admin-sdk/reports/v1/reference/activities)
* [Reports API - Customer Usage](https://developers.google.com/admin-sdk/reports/v1/reference/customerUsageReports)
* [Reports API - User Usage](https://developers.google.com/admin-sdk/reports/v1/reference/userUsageReport)
## Definitions
```
@@ -99,9 +99,6 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
[event|events <EventNameList>] [ip <String>]
[gmaileventtypes <NumberRangeList>]
[groupidfilter <String>] [resourcedetailsfilter <String>]
[networkinfofilter <String>] [statusfilter <String>]
[applicationinfofilter <String>] [includesensitivedata]
[notimesort]
[maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
[countsonly [bydate|summary] [eventrowfilter]]
(addcsvdata <FieldName> <String>)* [shownoactivities]
@@ -156,15 +153,6 @@ Limit to those users that are a member of at least one of a list of groups.
Limit based on resource details.
* `resourcedetailsfilter <String>` - See: https://developers.google.com/workspace/admin/reports/reference/rest/v1/activities/list#query-parameters
Limit based on 'regionCode`.
* `networkinfofilter <String>` - Format: 'regionCode="IN"'
Limit based on `statusCode`.
* `statusfilter <String>` - Format: 'statusCode="200"'
Limit based on `oAuthClientId`.
* `applicationinfofilter <String>` - Format: 'oAuthClientId="clientId"'
You can use `config csv_output_row_filter` to filter the events if the API filter can't produce the results you want.
Limit to a list of specific events.
@@ -188,9 +176,6 @@ show the most recent activity/event; this can be useful when reporting drive act
Add additional columns of data from the command line to the output.
* `addcsvdata <FieldName> <String>`
By default, a reverse chronological sort is performed on all rows across multiple users and/or event names;
this is consistent with the behavior in the Admin console. Use option `notimesort` to suppress this sort.
Display a row with a key value of `NoActivities` when there are no activities to report.
* `shownoactivities`

View File

@@ -377,9 +377,6 @@ features "CameraSet"
features "'Laptop Cart'"
features "CameraSet,'Laptop Cart'"
```
For quoting rules, see: [List Quoting Rules](Command-Line-Parsing)
## Manage buildings
When creating a building, at a minimum you must enter `address|addresslines` and `country|regioncode`.

View File

@@ -13,7 +13,6 @@
- [Send an email to users](#send-an-email-to-users)
- [Simple `replace <Tag> <String>` processing](Tag-Replace)
- [Example](#example)
- [Conversation mode](#conversation-mode)
## Note
Thanks to @bousquf for the following enhancement. You want to send a message from an authorized group
@@ -215,14 +214,14 @@ Configure it at Admin Console > Apps > Google Workspace > Gmail > Routing > SMTP
gam sendemail [recipient|to] <RecipientEntity>
[from <EmailAddress>] [mailbox <EmailAddress>] [replyto <EmailAddress>]
[cc <RecipientEntity>] [bcc <RecipientEntity>] [singlemessage]
[subject <String>] [<MessageContent>]
[subject <String>]
[<MessageContent>]
(replace <Tag> <String>)*
(replaceregex <REMatchPattern> <RESubstitution> <Tag> <String>)*
[html [<Boolean>]] (attach <FileName> [charset <Charset>])*
(embedimage <FileName> <String>)*
[newuser <EmailAddress> firstname|givenname <String> lastname|familyname <string> password <Password>]
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
[threadid <String>]
```
By default, emails will be sent from the admin user named in oauth2.txt, override this with the `from <EmailAddress>` option.
@@ -273,14 +272,14 @@ You can specify additional recipients, e.g., help desk personnel.
gam sendemail [recipient|to] <RecipientEntity> [from <EmailAddress>]
[replyto <EmailAddress>]
[cc <RecipientEntity>] [bcc <RecipientEntity>] [singlemessage]
[subject <String>] [<MessageContent>]
[subject <String>]
[<MessageContent>]
(replace <Tag> <String>)*
(replaceregex <REMatchPattern> <RESubstitution> <Tag> <String>)*
[html [<Boolean>]] (attach <FileName> [charset <Charset>])*
(embedimage <FileName> <String>)*
[newuser <EmailAddress> firstname|givenname <String> lastname|familyname <string> password <Password>]
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
[threadid <String>]
```
By default, emails will be sent from the admin user named in oauth2.txt, override this with the `from <EmailAddress>` option.
@@ -354,14 +353,14 @@ gam csv Users.csv gam sendemail "~personal" subject "Your new #domain# account`
gam <UserTypeEntity> sendemail recipient|to <RecipientEntity>
[replyto <EmailAddress>]
[cc <RecipientEntity>] [bcc <RecipientEntity>] [singlemessage]
[subject <String>] [<MessageContent>]
[subject <String>]
[<MessageContent>]
(replace <Tag> <String>)*
(replaceregex <REMatchPattern> <RESubstitution> <Tag> <String>)*
[html [<Boolean>]] (attach <FileName> [charset <Charset>])*
(embedimage <FileName> <String>)*
[newuser <EmailAddress> firstname|givenname <String> lastname|familyname <string> password <Password>]
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
[threadid <String>]
```
Emails will be sent from the users in `<UserTypeEntity>` to the recipients in `<RecipientEntity>`.
@@ -396,14 +395,14 @@ Your command line will have: `embedimage file1.jpg image1 embedimage file2.jpg i
gam <UserTypeEntity> sendemail from <EmailAddress>
[replyto <EmailAddress>]
[cc <RecipientEntity>] [bcc <RecipientEntity>] [singlemessage]
[subject <String>] [<MessageContent>]
[subject <String>]
[<MessageContent>]
(replace <Tag> <String>)*
(replaceregex <REMatchPattern> <RESubstitution> <Tag> <String>)*
[html [<Boolean>]] (attach <FileName> [charset <Charset>])*
(embedimage <FileName> <String>)*
[newuser <EmailAddress> firstname|givenname <String> lastname|familyname <string> password <Password>]
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
[threadid <String>]
```
Emails will be sent to the users in `<UserTypeEntity>`.
@@ -452,42 +451,3 @@ $ gam csv UserEmail.csv gam user "~User" sendemail to "~To" subject "~Subject" t
User: user1@domain.com, Send Email to 1 Recipient
Recipient: user2@domain.com, Message: Test, Email Sent: 17677cdfbe1146f4
```
## Conversation mode
To reply to an email and have Gmail recognize it in conversation mode for the original sender, you have to specify the
`References` and `In-Reply-to` headers with the `RFC822 Message ID` from the original message
and the `subject` from the original message.
```
gam user recipient@domain.com sendemail to sender@domain.com references "<CAAMabc...XYZQ@mail.gmail.com>" in-reply-to "<CAAMabc...XYZQ@mail.gmail.com>" subject "Re: Original subject" textmessage "Reply text"
```
If you want to have Gmail recognize the reply in conversation mode in the Sent folder of the original recipient,
you must include `threadid <String>`; you can get the 'threadId` with:
```
gam user recipient@domain.com show threads query "rfc822MsgId:<CAAMabc...XYZQ@mail.gmail.com>"
Getting all Messages that match query ((rfc822MsgId:<CAAMabc...XYZQ@mail.gmail.com>)) for recipient@domain.com
Got 1 Message that matched query ((rfc822MsgId:<CAAMabc...XYZQ@mail.gmail.com>)) for recipient@domain.com...
User: recipient@domain.com, Show 1 Thread
Thread: 19cfd414fe48430d
Message: 19cfd414fe48430d
...
gam user recipient@domain.com sendemail to sender@domain.com references "<CAAMabc...XYZQ@mail.gmail.com>" in-reply-to "<CAAMabc...XYZQ@mail.gmail.com>" subject "Re: Original subject" textmessage "Reply text" threadid 19cfd414fe48430d
```
As of version 7.36.03, GAM has a command to simplify this process.
```
gam <UserTypeEntity> sendreply
(((query <QueryGmail> [querytime<String> <Date>]*) [or|and])+) | (ids <MessageIDEntity>)
[replyto <EmailAddress>]
[subject <String>] [<MessageContent>] [html [<Boolean>]]
(attach <FileName> [charset <CharSet>])*
(embedimage <FileName> <String>)*
(<SMTPDateHeader> <Time>)* (<SMTPHeader> <String>)* (header <String> <String>)*
gam user recipient@domain.com sendreply query "rfc822MsgId:<CAAMabc...XYZQ@mail.gmail.com>" textmessage "Reply text"
```

View File

@@ -14,7 +14,6 @@
- [Change Shared Drive visibility](#change-shared-drive-visibility)
- [Display Shared Drives](#display-shared-drives)
- [Display Shared Drive Counts](#display-shared-drive-counts)
- [Display Shared Drive Storage Info](#display-shared-drive-storage-info)
- [Display List of Shared Drives in an Organizational Unit](#display-list-of-shared-drives-in-an-organizational-unit)
- [Display Count of Shared Drives in an Organizational Unit](#display-count-of-shared-drives-in-an-organizational-unit)
- [Display Shared Drive Organizers](#display-shared-drive-organizers)
@@ -172,7 +171,7 @@
withlink
<DrivePermissionsFieldNameList> ::= "<DrivePermissionsFieldName>(,<DrivePermissionsFieldName>)*"
<QuerySharedDrive> ::= <String> See: https://developers.google.com/workspace/drive/api/guides/search-shareddrives
<QueryTeamDrive> ::= <String> See: https://developers.google.com/drive/api/v3/search-parameters
<SharedDriveACLRole> ::=
manager|organizer|owner|
contentmanager|fileorganizer|
@@ -184,8 +183,8 @@
<SharedDriveName> ::= <String>
<SharedDriveEntity> ::=
<SharedDriveID>|
(shareddriveid <SharedDriveID>)|(shareddriveid:<SharedDriveID>)|
(shareddrive <SharedDriveName>)|(shareddrive:<SharedDriveName>)
(teamdriveid <SharedDriveID>)|(teamdriveid:<SharedDriveID>)|
(teamdrive <SharedDriveName>)|(teamdrive:<SharedDriveName>)
<SharedDriveFieldName> ::=
backgroundimagefile|
@@ -200,11 +199,11 @@
<SharedDriveFieldNameList> ::= "<SharedDriveFieldName>(,<SharedDriveFieldName>)*"
<SharedDriveIDEntity> ::=
<DriveFileItem>|(shareddriveid <DriveFileItem>)|(shareddriveid:<DriveFileItem>)
<DriveFileItem>|(teamdriveid <DriveFileItem>)|(teamdriveid:<DriveFileItem>)
<SharedDriveNameEntity> ::=
(shareddrive <SharedDriveName>)|(shareddrive:<SharedDriveName>)
(teamdrive <SharedDriveName>)|(teamdrive:<SharedDriveName>)
<SharedDriveAdminQueryEntity> ::=
(shareddriveadminquery <QuerySharedDrive>)|(shareddriveadminquery:<QuerySharedDrive>)
(teamdriveadminquery <QueryTeamDrive>)|(teamdriveadminquery:<QueryTeamDrive>)
<SharedDriveEntityAdmin> ::=
<SharedDriveIDEntity> |
@@ -328,11 +327,11 @@ When either of these options is chosen, no infomation about Shared Drive restric
To retrieve the Shared Drive ID with `returnidonly`:
```
Linux/MacOS
shareddriveId=$(gam create shareddrive ... returnidonly)
teamDriveId=$(gam create shareddrive ... returnidonly)
Windows PowerShell
$shareddriveId = & gam create shareddrive ... returnidonly
$teamDriveId = & gam create shareddrive ... returnidonly
Windows Command Prompt
for /f "delims=" %a in ('gam create shareddrive ... returnidonly') do set shareddriveId=%a
for /f "delims=" %a in ('gam create shareddrive ... returnidonly') do set teamDriveId=%a
```
## Bulk Create Shared Drives
@@ -423,14 +422,14 @@ By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format.
```
gam [<UserTypeEntity>] show shareddrives
[adminaccess|asadmin] [shareddriveadminquery|query <QuerySharedDrive>]
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[fields <SharedDriveFieldNameList>]
[showwebviewlink text|hyperlink]
[formatjson]
```
By default, all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `shareddriveadminquery|query <QuerySharedDrive>` - Use a query to select Shared Drives
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
@@ -442,14 +441,14 @@ By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format.
```
gam [<UserTypeEntity>] print shareddrives [todrive <ToDriveAttribute>*]
[adminaccess|asadmin] [shareddriveadminquery|query <QuerySharedDrive>]
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[fields <SharedDriveFieldNameList>]
[showwebviewlink text|hyperlink]
[formatjson [quotechar <Character>]]
```
By default, all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `shareddriveadminquery|query <QuerySharedDrive>` - Use a query to select Shared Drives
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
@@ -499,7 +498,7 @@ Options `shareddriveadminquery|query` and `shareddrives|teamdrives` are mutually
Options `shareddriveadminquery|query` and `orgunit|org|ou` require `adminaccess|asadmin`.
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `shareddriveadminquery|query <QuerySharedDrive>` - Use a query to select Shared Drives
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `shareddrives|teamdrives <SharedDriveIDList>` - Select the Shared Drive IDs specified in `<SharedDriveIDList>`
* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Select the Shared Drive IDs specified in `<FileSelector>|<CSVFileSelector>`
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
@@ -536,12 +535,12 @@ gam print shareddrives query "organizerCount = 0"
Display the number of Shared Drives.
```
gam [<UserTypeEntity>] show|print shareddrives
[adminaccess|asadmin] [shareddriveadminquery|query <QuerySharedDrive>]
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
showitemcountonly
```
By default, all Shared Drives are counted; use the following options to select a subset of Shared Drives:
* `shareddriveadminquery|query <QuerySharedDrive>` - Use a query to select Shared Drives
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
@@ -564,21 +563,6 @@ Windows Command Prompt
for /f "delims=" %a in ('gam print shareddrives showitemcountonly') do set count=%a
```
## Display Shared Drive Storage Info
Get a list of Shared Drives/organizers.
```
gam redirect csv ./SharedDriveOrganizers.csv print shareddriveorganizers includefileorganizers
```
Get SharedDrive Drive file count and storage info; use one of the following for size information:
* `showsize` - 31549200951 - This is a byte count; include `Size` in `csv_output_header_filter`
* `showsizeunits` - 31.55 GB - This is as shown in the Admin console; include `SizeUnits` in csv_output_header_filter
```
gam config csv_output_header_filter "id,name,Total,Size,SizeUnits,Item cap" csv_input_row_filter "organizers:regex:^.+$"
redirect csv ./SharedDriveStorageInfo.csv multiprocess redirect stderr - multiprocess
csv ./SharedDriveOrganizers.csv gam user "~organizers" print filecounts select shareddriveid "~id" showsize showsizeunits
```
## Display all Shared Drives with a specific organizer
Substitute actual email address for `organizer@domain.com`.
```
@@ -774,7 +758,7 @@ gam config csv_output_header_drop_filter "User,createdTime,permission.photoLink,
## Display Shared Drive access for selected Shared Drives
```
gam [<UserTypeEntity>] show shareddriveacls
[adminaccess|asadmin] [shareddriveadminquery|query <QuerySharedDrive>]
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
<PermissionMatch>* [<PermissionMatchAction>] [pmselect]
@@ -783,7 +767,7 @@ gam [<UserTypeEntity>] show shareddriveacls
[formatjson]
gam [<UserTypeEntity>] print shareddriveacls [todrive <ToDriveAttribute>*]
[adminaccess|asadmin] [shareddriveadminquery|query <QuerySharedDrive>]
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
<PermissionMatch>* [<PermissionMatchAction>] [pmselect]
@@ -793,7 +777,7 @@ gam [<UserTypeEntity>] print shareddriveacls [todrive <ToDriveAttribute>*]
```
By default, all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `shareddriveadminquery|query <QuerySharedDrive>` - Use a query to select Shared Drives
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
* `<PermissionMatch>* [<PermissionMatchAction>] pmselect` - Use permission matching to select Shared Drives; all ACLs are displayed for the selected Shared Drives
@@ -943,12 +927,12 @@ gam redirect stdout ./DeleteSharedDrives.txt multiprocess redirect stderr stdout
## Delete old empty Shared Drives
```
# Get a list of Shared Drives organizers for Shared Drives created before one year ago; alter date<-1y as required.
gam config csv_output_row_filter "createdTime:date<-1y" redirect csv ./ShareddriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
gam config csv_output_row_filter "createdTime:date<-1y" redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
# Inspect shareddriveOrganizers.csv, you'll have to deal with Shared Drives with no organizer/manager
# Get old empty Shared Drives
gam config num_threads 10 csv_input_row_filter "organizers:regex:^.+$" csv_output_row_filter "Total:count=0" redirect csv ./OldEmptySharedDrives.csv multiprocess redirect stderr - multiprocess csv ./ShareddriveOrganizers.csv gam user "~organizers" print filecounts select shareddriveid "~id" showsize
gam config num_threads 10 csv_input_row_filter "organizers:regex:^.+$" csv_output_row_filter "Total:count=0" redirect csv ./OldEmptySharedDrives.csv multiprocess redirect stderr - multiprocess csv ./TeamDriveOrganizers.csv gam user "~organizers" print filecounts select shareddriveid "~id" showsize
# Inspect OldEmptySharedDrives.csv, if you're confident of the results, proceed

View File

@@ -37,6 +37,9 @@ gam user user@domain.com update serviceaccount
[*] 11) Chat API - User Sections (supports readonly)
```
`Chat API - User Sections` is in Developer Preview; you must have a the following variables set in `gam.cfg` to use these commands.
* `developer_preview_apis = chat`
* `developer_preview_api_key = <String>`
Added `use_chat_admin_access` Boolean variable to `gam.cfg`.
```

View File

@@ -18,8 +18,8 @@
<SharedDriveID> ::= <String>
<SharedDriveName> ::= <String>
<SharedDriveEntity> ::=
<SharedDriveID>|(shareddriveid <SharedDriveID>)|(shareddriveid:<SharedDriveID>)|
(shareddrive <SharedDriveName>)|(shareddrive:<SharedDriveName>)
<SharedDriveID>|(teamdriveid <SharedDriveID>)|(teamdriveid:<SharedDriveID>)|
(teamdrive <SharedDriveName>)|(teamdrive:<SharedDriveName>)
```
## Display empty folders
```

View File

@@ -68,10 +68,10 @@
(parentid <DriveFolderID>)|
(parentname <DriveFolderName>)|
(anyownerparentname <DriveFolderName>)|
(shareddriveparentid <DriveFolderID>)|
(shareddriveparent <SharedDriveName>)|
(shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>)|
(shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>)
(teamdriveparentid <DriveFolderID>)|
(teamdriveparent <SharedDriveName>)|
(teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>)|
(teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>)
<DriveFileCopyAttribute> ::=
(contentrestrictions readonly false)|
@@ -120,7 +120,6 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
[copyfilepermissions [<Boolean>]]
[copyfileinheritedpermissions [<Boolean>]
[copyfilenoninheritedpermissions [<Boolean>]
[copyfolderpermissions [<Boolean>]]
[copymergewithparentfolderpermissions [<Boolean>]]
[copymergedtopfolderpermissions [<Boolean>]]
[copytopfolderpermissions [<Boolean>]]
@@ -232,10 +231,10 @@ and "Template" is replaced by "NewCustomer" in all copied sub files and folders
* `parentid <DriveFolderID>` - The target folder is identified by `<DriveFolderID>` which must be writable by `<UserTypeEntity>`.
* `parentname <DriveFolderName>` - A search is performed for a folder named `<DriveFolderName>` owned by `<UserTypeEntity>`.
* `anyownerparentname <DriveFolderName>` - A search is performed for a folder named `<DriveFolderName>` owned by any user but must be writable by `<UserTypeEntity>`.
* `shareddriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specific Shared Drive folder.
* `shareddriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* `teamdriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specific Shared Drive folder.
* `teamdriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* If none of the parent options are specified, the copied file/folder will be located in the source folder.
### Duplicate files
@@ -295,8 +294,6 @@ When a folder is copied, its permissions are not copied; these options control c
of the form `option [<Boolean>]`; if `<Boolean>` is omitted, `true` is assumed.
When copied, a target folder inherits the permissions of its parent folder; these options control whether/how GAM copies the existing source folder permissions.
* `copyfolderpermissions false` - The permissions of the source folders are not copied to the target folder.
* `copyfolderpermissions true` - The permissions of the source folders are copied to the target folder based on the following options; this is the default action.
When `mergewithparent` is `true`:
* `copymergewithparentfolderpermissions false` - The permissions of the source top folder are not not copied to the target folder; this is the default action.
@@ -417,15 +414,15 @@ Specify the target location on the Shared Drive, either the ID of the Shared Dri
Files/folders in root of My Drive will be merged into `<DriveFolderID>`
```
gam user user@domain.com copy drivefile root recursive shareddriveparentid <DriveFolderID> mergewithparent true
gam user user@domain.com copy drivefile root recursive teamdriveparentid <DriveFolderID> mergewithparent true
```
Files/folders in root of My Drive will be in a new folder named `My Drive` created in `<DriveFolderID>`
```
gam user user@domain.com copy drivefile root recursive shareddriveparentid <DriveFolderID> mergewithparent false
gam user user@domain.com copy drivefile root recursive teamdriveparentid <DriveFolderID> mergewithparent false
```
Files/folders in root of My Drive will be in a new folder named `<String>` created in `<DriveFolderID>`
```
gam user user@domain.com copy drivefile root recursive shareddriveparentid <SharedDriveID> mergewithparent false newfilename <String>
gam user user@domain.com copy drivefile root recursive teamdriveparentid <SharedDriveID> mergewithparent false newfilename <String>
```
### Copy content of a Shared Drive to another Shared Drive
@@ -441,7 +438,7 @@ The example is assuming that the target drive is empty.
* Non-inherited sub folder permissions are copied.
* Non-inherited file permissions are copied.
```
gam user user@domain.com copy drivefile shareddriveid 0AC_1AB shareddriveparentid 0AE_9ZX mergewithparent recursive
gam user user@domain.com copy drivefile teamdriveid 0AC_1AB teamdriveparentid 0AE_9ZX mergewithparent recursive
copymergewithparentfolderpermissions true
copytopfolderinheritedpermissions false
copytopfoldernoninheritedpermissions always
@@ -461,7 +458,7 @@ Suppose that the source drive has been updated and you want to refresh the targe
* Non-inherited file permissions are copied.
* Files and folders that have been deleted from the source drive will remain on the target drive
```
gam user user@domain.com copy drivefile shareddriveid 0AC_1AB shareddriveparentid 0AE_9ZX mergewithparent recursive
gam user user@domain.com copy drivefile teamdriveid 0AC_1AB teamdriveparentid 0AE_9ZX mergewithparent recursive
copymergewithparentfolderpermissions true
copytopfolderinheritedpermissions false
copytopfoldernoninheritedpermissions syncallfolders
@@ -481,7 +478,7 @@ gam redirect csv ./TopSDItems.csv user user@domain.com print filelist select 0AC
```
Copy the top level items to target Shared Drive; append desired permission options
```
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive shareddriveparentid 0AE_9ZX
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive teamdriveparentid 0AE_9ZX
```
### Copy content of a source Shared Drive folder to a target Shared Drive with parallel Processing
@@ -491,31 +488,31 @@ gam redirect csv ./TopSDItems.csv user user@domain.com print filelist select 1Bx
```
Create a folder on target Shared Drive with ID 0AE_9ZX, replace "New Folder Name" as desired.
```
gam user user@domain.com create drivefile mimetype gfolder shareddriveparentid 0AE-9ZX drivefilename "New Folder Name" returnidonly
gam user user@domain.com create drivefile mimetype gfolder teamdriveparentid 0AE-9ZX drivefilename "New Folder Name" returnidonly
```
Copy the folder top level items to target Shared Drive folder, assume ID 2CY-45G was returned in previous step
```
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive shareddriveparentid 2CY-45G
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive teamdriveparentid 2CY-45G
```
You can script the steps:
Linux/MacOS
```
gam redirect csv ./TopSDItems.csv user user@domain.com print filelist select 1Bx-8W3 fields id,name,mimetype depth 0
targetFolderId=$(gam user user@domain.com create drivefile mimetype gfolder shareddriveparentid 0AE-9ZX drivefilename "New Folder Name" returnidonly)
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive shareddriveparentid $targetFolderId
targetFolderId=$(gam user user@domain.com create drivefile mimetype gfolder teamdriveparentid 0AE-9ZX drivefilename "New Folder Name" returnidonly)
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive teamdriveparentid $targetFolderId
```
Windows PowerShell
```
gam redirect csv ./TopSDItems.csv user user@domain.com print filelist select 1Bx-8W3 fields id,name,mimetype depth 0
$targetFolderId = & gam user user@domain.com create drivefile mimetype gfolder shareddriveparentid 0AE-9ZX drivefilename "New Folder Name" returnidonly
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive shareddriveparentid $targetFolderId
$targetFolderId = & gam user user@domain.com create drivefile mimetype gfolder teamdriveparentid 0AE-9ZX drivefilename "New Folder Name" returnidonly
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive teamdriveparentid $targetFolderId
```
Windows Command Prompt
```
gam redirect csv ./TopSDItems.csv user user@domain.com print filelist select 1Bx-8W3 fields id,name,mimetype depth 0
for /f "delims=" %a in ('gam user user@domain.com create drivefile mimetype gfolder shareddriveparentid 0AE-9ZX drivefilename "New Folder Name" returnidonly') do set taregtFolderId=%a
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive shareddriveparentid %targetFolderId%
for /f "delims=" %a in ('gam user user@domain.com create drivefile mimetype gfolder teamdriveparentid 0AE-9ZX drivefilename "New Folder Name" returnidonly') do set taregtFolderId=%a
gam redirect stdout ./CopySharedDrive.txt multiprocess redirect stderr stdout csv TopSDItems.csv gam user user@domain.com copy drivefile "~id" recursive teamdriveparentid %targetFolderId%
```
## Move files and folders
@@ -574,7 +571,6 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
[createshortcutsfornonmovablefiles [<Boolean>]]
[duplicatefiles overwriteolder|overwriteall|duplicatename|uniquename|skip]
[duplicatefolders merge|duplicatename|uniquename|skip]
[copyfolderpermissions [<Boolean>]]
[copymergewithparentfolderpermissions [<Boolean>]]
[copymergedtopfolderpermissions [<Boolean>]]
[copytopfolderpermissions [<Boolean>]]
@@ -618,10 +614,10 @@ This is the default mode.
* `parentid <DriveFolderID>` - The target folder is identified by `<DriveFolderID>` which must be writable by `<UserTypeEntity>`.
* `parentname <DriveFolderName>` - A search is performed for a folder named `<DriveFolderName>` owned by `<UserTypeEntity>`.
* `anyownerparentname <DriveFolderName>` - A search is performed for a folder named `<DriveFolderName>` owned by any user but must be writable by `<UserTypeEntity>`.
* `shareddriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specific Shared Drive folder.
* `shareddriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* `teamdriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specific Shared Drive folder.
* `teamdriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* If none of the parent options are specified, the moved file/folder will be located in the source folder.
### Duplicate files
@@ -664,8 +660,6 @@ When a folder is moved by recreating it, its permissions are not copied by the D
For options of the form `option [<Boolean>]`; if `<Boolean>` is omitted, `true` is assumed.
When recreated, a target folder inherits the permissions of its parent folder; these options control whether/how GAM copies the existing source folder permissions;
* `copyfolderpermissions false` - The permissions of the source folders are not copied to the target folder.
* `copyfolderpermissions true` - The permissions of the source folders are copied to the target folder based on the following options; this is the default action.
When `mergewithparent` is `true`:
* `copymergewithparentfolderpermissions false` - The permissions of the source top folder are not not copied to the target folder; this is the default action.
@@ -767,14 +761,14 @@ The following command will change the parents of the top level files and folders
* No permissions are processed.
```
gam user user@domain.com move drivefile shareddriveid 0AC_1AB shareddriveparentid 0AE_9ZX mergewithparent
gam user user@domain.com move drivefile teamdriveid 0AC_1AB teamdriveparentid 0AE_9ZX mergewithparent
```
If you want the source Shared Drive with ID 0AC_1AB to be contained in a top level folder of the target Shared Drive with ID 0AE_9ZX, omit the `mergewithparent` argument.
The folder on the target Shared Drive will have the same name as the name of the source Shared Drive; use the `newfilename <DriveFileName>` to use a different name.
```
gam user user@domain.com move drivefile shareddriveid 0AC_1AB shareddriveparentid 0AE_9ZX
gam user user@domain.com move drivefile shareddriveid 0AC_1AB shareddriveparentid 0AE_9ZX newfilename "Copy of source Shared Drive"
gam user user@domain.com move drivefile teamdriveid 0AC_1AB teamdriveparentid 0AE_9ZX
gam user user@domain.com move drivefile teamdriveid 0AC_1AB teamdriveparentid 0AE_9ZX newfilename "Copy of source Shared Drive"
```
### Inter-workspace moves
@@ -784,7 +778,7 @@ Due to a restructuring, you want to move data from Shared Drive A in domaina.com
* `user@domaina.com` is a manager of both Shared Drives.
```
$ gam user user@domaina move drivefile shareddriveid <SharedDriveAID> shareddriveparentid <SharedDriveBID> mergewithparent
$ gam user user@domaina move drivefile teamdriveid <SharedDriveAID> teamdriveparentid <SharedDriveBID> mergewithparent
User: user@domaina.com, Move 1 Drive File/Folder
User: user@domaina.com, Drive Folder: Shared Drive A(<SharedDriveAID>), Move(Merge) contents with Drive Folder: Shared Drive B(<SharedDriveBID>)
User: user@domaina.com, Drive File: Filename(<FileID>), Move Failed: Bad Request. User message: "shareOutNotPermitted"
@@ -800,13 +794,13 @@ The following command will change the parents of the top level files and folders
* No permissions are processed.
```
gam user user@domain.com move drivefile shareddriveid 0AC_1AB parentid root mergewithparent
gam user user@domain.com move drivefile teamdriveid 0AC_1AB parentid root mergewithparent
```
If you want the contents of Shared Drive with ID 0AC_1AB to be contained in a top level folder of the My Drive, omit the `mergewithparent` argument.
The folder on the My Drive will have the same name as the name of the Shared Drive; use the `newfilename <DriveFileName>` to use a different name.
```
gam user user@domain.com move drivefile shareddriveid 0AC_1AB parentid root
gam user user@domain.com move drivefile shareddriveid 0AC_1AB parentid root newfilename "Copy of Shared Drive"
gam user user@domain.com move drivefile teamdriveid 0AC_1AB parentid root
gam user user@domain.com move drivefile teamdriveid 0AC_1AB parentid root newfilename "Copy of Shared Drive"
```

View File

@@ -65,9 +65,9 @@
<SharedDriveID> ::= <String>
<SharedDriveName> ::= <String>
<SharedDriveIDEntity> ::= (shareddriveid <SharedDriveID>) | (shareddriveid:<SharedDriveID>)
<SharedDriveNameEntity> ::= (shareddrive <SharedDriveName>) | (shareddrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::= (shareddrivefilename <DriveFileName>) | (shareddrivefilename:<DriveFileName>)
<SharedDriveIDEntity> ::= (teamdriveid <SharedDriveID>) | (teamdriveid:<SharedDriveID>)
<SharedDriveNameEntity> ::= (teamdrive <SharedDriveName>) | (teamdrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::= (teamdrivefilename <DriveFileName>) | (teamdrivefilename:<DriveFileName>)
<SharedDriveEntity> ::=
<SharedDriveIDEntity> |
@@ -315,8 +315,8 @@
size|
spaces|
starred|
shareddriveid|
shareddrivename|
teamdriveid|
teamdrivename|
thumbnaillink|
thumbnailversion|
title|
@@ -405,7 +405,7 @@ quotaBytesUsed - The number of storage quota bytes used by the file.
size - Size in bytes of blobs and first party editor files.
```
Previously, GAM used the `size` field when totaling file sizes, it now uses the `quotaBytesUsed` field.
The option `sizefield quotabytesused|size` allows you to select which field to use; `quotabytesused` is the default.
The option `sizefield quotabytesused|size` allows you to select which field to use.
For most MIME types, the values are the same; for the following MIME types, `quotabytesused` is larger.
```
@@ -619,10 +619,8 @@ This option is not available for `print|show filetree`.
```
((query <QueryDriveFile>) | (fullquery <QueryDriveFile>) | <DriveFileQueryShortcut>) (querytime<String> <Time>)*
```
GAM initializes the query to `'me' in owners`.
* `query "xxx"` - ` and xxx` is appended to the current query; you can repeat the query argument to build up a longer query.
* `fullquery "xxx"` - The query is set to `xxx` eliminating the initial `'me' in owners`. You must also use `showownedby any|others` as desired.
* `fullquery "xxx"` - The query is set to `xxx` eliminating the initial `'me' in owners`.
* `<DriveFileQueryShortcut>` - Predefined queries
Use the `querytime<String> <Time>` option to allow times, usually relative, to be substituted into the `query <QueryDriveFile>` option.
@@ -719,7 +717,7 @@ gam <UserTypeEntity> print filecounts [todrive <ToDriveAttribute>*]
[filenamematchpattern <REMatchPattern>]
<PermissionMatch>* [<PermissionMatchMode>] [<PermissionMatchAction>]
[excludetrashed]
[showsize] [showsizeunits] [showmimetypesize]
[showsize] [showmimetypesize]
[showlastmodification] [pathdelimiter <Character>]
(addcsvdata <FieldName> <String>)*
[summary none|only|plus] [summaryuser <String>]
@@ -735,7 +733,7 @@ gam <UserTypeEntity> show filecounts
[filenamematchpattern <REMatchPattern>]
<PermissionMatch>* [<PermissionMatchMode>] [<PermissionMatchAction>]
[excludetrashed]
[showsize] [showsizeunits] [showmimetypesize]
[showsize] [showmimetypesize]
[showlastmodification] [pathdelimiter <Character>]
[summary none|only|plus] [summaryuser <String>]
```
@@ -748,11 +746,7 @@ saying that the query is invalid when, in fact, it is but the user does not have
When `continueoninvalidquery` is true, GAM prints an error message and proceeds to the next user rather that terminating
as it does now. Of course, if the query really is invalid, you will get the message for every user.
The `showsize` option displays the total size (in bytes) of the files counted; e.g., `31549200951`.
With `print filecounts`, this will be in a column labelled `Size`.
The `showsizeunits` option displays the total size of the files counted with two decimal places and units; e.g., `31.55 GB`.
With `print filecounts`, this will be in a column labelled `SizeUnits`.
The `showsize` option displays the total size (in bytes) of the files counted.
The `showmimetypesize` option displays the total size (in bytes) of each MIME type counted.
@@ -1104,7 +1098,7 @@ gam <UserTypeEntity> print|show filelist [todrive <ToDriveAttribute>*]
[excludetrashed]
[maxfiles <Integer>] [nodataheaders <String>]
[countsonly [summary none|only|plus] [summaryuser <String>]
[showsource] [showsize] [showsizeunits] [showmimetypesize]]
[showsource] [showsize] [showmimetypesize]]
[countsrowfilter]
[filepath|fullpath [folderpathonly [<Boolean>]] [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
[allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
@@ -1308,9 +1302,7 @@ The `summaryuser <String>` option replaces the default summary user `Summary` w
The `countsonly` suboption `showsource` adds additional columns `Source` and `Name` that identify the top level folder ID and Name from which the counts are derived.
The `countsonly` suboption `showsize` adds an additional column `Size` that indicates the total size (in bytes) of the files represented on the row; e.g., `31549200951`.
The `countsonly` suboption `showsizeunits` adds an additional column `SizeUnits` that indicates the total size of the files represented on the row with two decimal places and units; e.g., `31.55 GB`.
The `countsonly` suboption `showsize` adds an additional column `Size` that indicates the total size (in bytes) of the files represented on the row.
The `countsonly` suboption `showmimetypesize` adds additional columns `<MimeType>:Size` that indicate the total size (in bytes) of each MIME type.

View File

@@ -149,10 +149,10 @@
(parentid <DriveFolderID>)|
(parentname <DriveFolderName>)|
(anyownerparentname <DriveFolderName>)|
(shareddriveparentid <DriveFolderID>)|
(shareddriveparent <SharedDriveName>)|
(shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>)|
(shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>)
(teamdriveparentid <DriveFolderID>)|
(teamdriveparent <SharedDriveName>)|
(teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>)|
(teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>)
<DriveFileCreateAttribute> ::=
<DriveFileAttribute>|
@@ -196,10 +196,10 @@ You can specify where the new file is to be located:
* `parentid <DriveFolderID>` - Folder ID.
* `parentname <DriveFolderName>` - Folder name; the folder must be owned by `<UserTypeEntity>`.
* `anyownerparentname <DriveFolderName>` - Folder name; the folder can be owned by any user, `<UserTypeEntity>` must be able to write to the folder.
* `shareddriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specfic Shared Drive folder.
* `shareddriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* `teamdriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specfic Shared Drive folder.
* `teamdriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* If none of the parent options are specified, the parent folder is the root folder.
By default, Google assigns the current time to the attributes `createdTime` and `modifiedTime`; you can assign your own values
@@ -290,7 +290,7 @@ This will create a three column CSV file SharedDriveNamesIDs.csv with columns: U
You are building student folders on a Shared Drive as an admin and want to add ACLs to the folders
allowing the student write access and you want a shortcut on the student's My Drive pointing to the folder.
By adding the student's primary email address to the CSV output, it can be used in subsequent commands.
Sustitute for admin@domain.com and `<SharedDriveID>`.
Sustitute for admin@domain.com and `<TeamDriveID>`.
```
Students.csv
primaryEmail,Name
@@ -299,7 +299,7 @@ mary@domain.com, Mary Smith
...
# Create the student folders on the Shared Drive
gam redirect csv ./StudentFolders.csv multiprocess csv Students.csv gam user admin@domain.com create drivefile mimetype gfolder drivefilename "~~Name~~ Digital Portfolio" parentid <SharedDriveID> csv addcsvdata primaryEmail "~primaryEmail"
gam redirect csv ./StudentFolders.csv multiprocess csv Students.csv gam user admin@domain.com create drivefile mimetype gfolder drivefilename "~~Name~~ Digital Portfolio" parentid <TeamDriveID> csv addcsvdata primaryEmail "~primaryEmail"
# Add ACLs granting the students write access to their folders; "~User" refers to admin@domain.com
gam csv StudentFolders.csv gam user "~User" add drivefileacl "~id" user "~primaryEmail" role fileorganizer
# Add a shortcut to the folder on the student's My Drive
@@ -389,7 +389,7 @@ User: user@domain.com, Drive Folder Path:, Create
Build in a Shared Drive Folder
```
gam user user@domain.com create drivefolderpath path "Top Folder/Middle Folder/Bottom Folder/Sub Folder" shareddriveparent "TS Shared Drive" shareddriveparentname "TS SD6 Folder"
gam user user@domain.com create drivefolderpath path "Top Folder/Middle Folder/Bottom Folder/Sub Folder" teamdriveparent "TS Shared Drive" teamdriveparentname "TS SD6 Folder"
Getting all Drive Files/Folders that match query (mimeType = 'application/vnd.google-apps.folder' and name = 'TS SD6 Folder' and trashed = false) for user@domain.com
Got 1 Drive File/Folder that matched query (mimeType = 'application/vnd.google-apps.folder' and name = 'TS SD6 Folder' and trashed = false) for user@domain.com...
User: user@domain.com, Drive Folder Path:, Create
@@ -495,10 +495,10 @@ You can change where the new file is to be located; this removes all other paren
* `parentid <DriveFolderID>` - Folder ID.
* `parentname <DriveFolderName>` - Folder name; the folder must be owned by `<UserTypeEntity>`.
* `anyownerparentname <DriveFolderName>` - Folder name; the folder can be owned by any user, `<UserTypeEntity>` must be able to write to the folder.
* `shareddriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specfic Shared Drive folder.
* `shareddriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* `teamdriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specfic Shared Drive folder.
* `teamdriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
You can add/remove parent folders without affecting other parent folders.
* `addparents|removeparents <DriveFolderIDList>` - Specify the parent folders by ID.

View File

@@ -30,13 +30,13 @@
(parentid <DriveFolderID>)|
(parentname <DriveFolderName>)|
(anyownerparentname <DriveFolderName>)|
(shareddriveparentid <DriveFolderID>)|
(shareddriveparent <SharedDriveName>)|
(shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>)|
(shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>))|
(shareddriveparentid <DriveFolderID>)|(shareddriveparent <SharedDriveName>)|
(shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>)|
(shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>)
(teamdriveparentid <DriveFolderID>)|
(teamdriveparent <SharedDriveName>)|
(teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>)|
(teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>))|
(teamdriveparentid <DriveFolderID>)|(teamdriveparent <SharedDriveName>)|
(teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>)|
(teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>)
<DriveOrderByFieldName> ::=
createddate|createdtime|

View File

@@ -15,7 +15,6 @@
- [Remove domainCanFind-domainWithLink ACLs for internal domain](#remove-domaincanfind-domainwithlink-acls-for-internal-domain)
- [Remove My Drive ACLs for external domains](#remove-my-drive-acls-for-external-domains)
- [Remove anyoneCanFind-anyoneWithLink ACLs](#remove-anyonecanfind-anyonewithlink-acls)
- [Target Audiences](#target-audiences)
## API documentation
* [Drive API - Permissions](https://developers.google.com/drive/api/v3/reference/permissions)
@@ -144,7 +143,6 @@ specify `basicpermissions` and additional permission fields, e.g., `permissions.
<FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
```
## GUI API permission name mapping
| GUI setting | API setting |
@@ -359,8 +357,8 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
For example, to get the ACLs for your Team Drives with the Team Drive name included in the output:
```
gam redirect csv ./SharedDrives.csv print shareddrives
gam redirect csv ./SharedDriveACLs.csv multiprocess csv ./SharedDrives.csv gam print drivefileacls shareddriveid "~id" addtitle "~name" fields id,domain,emailaddress,role,type,deleted
gam redirect csv ./TeamDrives.csv print teamdrives
gam redirect csv ./TeamDriveACLs.csv multiprocess csv ./TeamDrives.csv gam print drivefileacls teamdriveid "~id" addtitle "~name" fields id,domain,emailaddress,role,type,deleted
```
## Delete all ACLs except owner from a file
@@ -618,51 +616,3 @@ Delete those Shared Drive ACLs.
```
gam config num_threads 20 redirect stdout ./DeleteSharedDriveShares.txt multiprocess redirect stderr stdout csv SharedDriveShares.csv gam user "~Owner" delete drivefileacl "~id" "id:~~permission.id~~"
```
## Target Audiences
* See: https://support.google.com/a/answer/9934697
You can manage target audiences in the admin console at Directory/Target audiences.
If you click on a target audience the URL will look like this: `https://admin.google.com/ac/targetaudiences/02xcytpi0xrdqxi`
You can add this target audience to a file with:
```
gam user user@domain.com create drivefileacl <DriveFileID> domain 02xcytpi0xrdqxi.audience.googledomains.com role reader
User: user@domain.com, Add 1 Drive File/Folder ACL
User: user@domain.com, Drive File/Folder ID: <DriveFileID>, Permission ID: 02xcytpi0xrdqxi.audience.googledomains.com, Added
Test Audience
id: 02897912034288871303
type: domain
domain: 02xcytpi0xrdqxi.audience.googledomains.com
role: reader
permissionDetails:
role: reader
type: file
inherited: False
allowFileDiscovery: False
```
You can update the target audience role with:
```
gam user user@domain.com update drivefileacl <DriveFileID> id:02897912034288871303 role writer
User: user@domain.com, Update 1 Drive File/Folder ACL
User: user@domain.com, Drive File/Folder ID: <DriveFileID>, Permission ID: 02897912034288871303, Updated
Test Audience
id: 02897912034288871303
type: domain
domain: 02xcytpi0xrdqxi.audience.googledomains.com
role: writer
permissionDetails:
role: writer
type: file
inherited: False
allowFileDiscovery: False
```
You can delete the target audience from a file with:
```
gam user user@domain.com delete drivefileacl <DriveFileID> id:02897912034288871303
User: user@domain.com, Delete 1 Drive File/Folder ACL
User: user@domain.com, Drive File/Folder ID: <DriveFileID>, Permission ID: 02897912034288871303, Deleted
```

View File

@@ -26,10 +26,10 @@
(parentid <DriveFolderID>)|
(parentname <DriveFolderName>)|
(anyownerparentname <DriveFolderName>)|
(shareddriveparentid <DriveFolderID>)|
(shareddriveparent <SharedDriveName>)|
(shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>)|
(shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>)
(teamdriveparentid <DriveFolderID>)|
(teamdriveparent <SharedDriveName>)|
(teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>)|
(teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>)
```
## Create shortcuts
@@ -48,10 +48,10 @@ There are two modes of operaton:
* `parentid <DriveFolderID>` - Folder ID.
* `parentname <DriveFolderName>` - Folder name; the folder must be owned by `<UserTypeEntity>`.
* `anyownerparentname <DriveFolderName>` - Folder name; the folder can be owned by any user, `<UserTypeEntity>` must be able to write to the folder.
* `shareddriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specfic Shared Drive folder.
* `shareddriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `shareddriveparentid <SharedDriveID> shareddriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `shareddriveparent <SharedDriveName> shareddriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* `teamdriveparentid <DriveFolderID>` - Shared Drive folder ID; when used alone, this indicates a specfic Shared Drive folder.
* `teamdriveparent <SharedDriveName>` - Shared Drive name; when used alone, this indicates the root level of the Shared Drive.
* `teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>` - A Shared Drive ID and a folder name on that Shared Drive.
* `teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>` - A Shared Drive name and a folder name on that Shared Drive.
* `convertparents` - Convert all but the last parent reference in `<DriveFileEntity>` to shortcuts. My testing shows that as parents are added to a file, they are added to the front of the parents list; thus, the last parent is the original parent.
If neither `<DriveFileParentAttribute>` nor `convertparents` are specified, the shortcut is placed in the root folder (My Drive).
@@ -142,6 +142,6 @@ gam csv Shortcuts.csv matchfield code 4 gam user "~owner" create drivefileshortc
## Check shortcut validity on Shared Drives
```
gam redirect csv ./TDShortcuts.csv user organizer@domain.com print filelist select shareddriveid <SharedDriveID> showmimetype gshortcut fields id
gam redirect csv ./TDShortcuts.csv user organizer@domain.com print filelist select teamdriveid <SharedDriveID> showmimetype gshortcut fields id
gam redirect csv ./Shortcuts.csv user organizer@domain.com check drivefileshortcut csvfile TDShortcuts.csv:id csv
```

View File

@@ -430,6 +430,8 @@ user@domain.com,18e9fc6581b9acab,Archived,
user@domain.com,18e9fc58c5491f4c,Archived,
```
See below for message selection.
## Export messages/threads
Export messages in EML format.
```
@@ -462,18 +464,7 @@ By default, when exporting a message, an existing local file will not be overwri
* `overwrite true` - Overwite an existing file
* `overwrite false` - Do not overwite an existing file; add a numeric prefix and create a new file
### Export a specific set of messages
* `ids <MessageIDEntity>` - A list of message ids
### Export a selected set of messages
* `((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+` - Criteria to select messages
* `labelids <LabelIDList>` - Select messages with labels that match all of the specified label IDs.
* `max_to_export <Number>` - Limit the number of messages that will be exported; use a value of 0 for no limit
When `matchlabel <LabelName>` is specified, the following characters are replaced with a `-` in the generated query.
```
&()"|{}/
```
See below for message selection.
## Forward messages/threads
```
@@ -501,19 +492,7 @@ If `addorigfieldstosubject` is specified, GAM appends the original `from`, `to`
Fwd: Ross to TestUser (Original From: Ross Scroggs <ross.scroggs@gmail.com> To: testuser@domain.com Date: Thu, 23 Nov 2023 07:01:59 -0800)
```
### Forward a specific set of messages
* `ids <MessageIDEntity>` - A list of message ids
### Forward a selected set of messages
* `((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+` - Criteria to select messages
* `labelids <LabelIDList>` - Select messages with labels that match all of the specified label IDs.
* `max_to_forward <Number>` - Limit the number of messages that will be forwarded; use a value of 0 for no limit
* `doit` - No messages are processed unless you specify `doit`. By not specifying `doit`, you can preview the messages selected to verify that the results match your expectations.
When `matchlabel <LabelName>` is specified, the following characters are replaced with a `-` in the generated query.
```
&()"|{}/
```
See below for message selection.
## Manage messages/threads
```

View File

@@ -1,6 +1,5 @@
# Users - Photo
- [API documentation](#api-documentation)
- [Notes](#notes)
- [Definitions](#definitions)
- [Upload a user's photo from a default file](#upload-a-users-photo-from-a-default-file)
- [Upload a user's photo specifying file name](#upload-a-users-photo-specifying-file-name)
@@ -8,16 +7,11 @@
- [Upload a user's photo specifying a Google Drive owner and file name](#upload-a-users-photo-specifying-a-google-drive-owner-and-file-name)
- [Download a user's photo](#download-a-users-photo)
- [Delete a user's photo](#delete-a-users-photo)
- [Update photo fails to change user's photo](#update-photo-fails-to-change-users-photo)
- [Download a user's profile photo](Users-Profile-Photo)
## API documentation
* [Directory API - Users Photos](https://developers.google.com/admin-sdk/directory/reference/rest/v1/users.photos)
## Notes
As of version 7.34.09, `gam <UserTypeEntity> update photo` was updated to delete the user's existing photo
before performing the update as the API update will succeed but not replace a user's existing self-set photo.
## Definitions
* [`<DriveFileEntity>`](Drive-File-Selection)
* [`<UserTypeEntity>`](Collections-of-Users)
@@ -87,7 +81,3 @@ By default, the Base64 encoded data is dumped to stdout.
```
gam <UserTypeEntity> delete|del photo
```
## Update photo fails to change user's photo
If you use `gam <UserTypeEntity> update photo ...` to change a user's photo and the command succeeds
but the photo doesn't change, use `gam <UserTypeEntity> delete photo` first and then do the update.

View File

@@ -148,8 +148,6 @@
<CSVkmdSelector> |
<CSVDataSelector>
<QuerySharedDrive> ::= <String> See: https://developers.google.com/workspace/drive/api/guides/search-shareddrives
<SharedDriveACLRole> ::=
manager|organizer|owner|
contentmanager|fileorganizer|
@@ -161,8 +159,8 @@
<SharedDriveName> ::= <String>
<SharedDriveEntity> ::=
<SharedDriveID>|
(shareddriveid <SharedDriveID>)|(shareddriveid:<SharedDriveID>)|
(shareddrive <SharedDriveName>)|(shareddrive:<SharedDriveName>)
(teamdriveid <SharedDriveID>)|(teamdriveid:<SharedDriveID>)|
(teamdrive <SharedDriveName>)|(teamdrive:<SharedDriveName>)
<SharedDriveFieldName> ::=
backgroundimagefile|
@@ -176,10 +174,10 @@
themeid
<SharedDriveFieldNameList> ::= "<SharedDriveFieldName>(,<SharedDriveFieldName>)*"
<SharedDriveIDEntity> ::= (shareddriveid <DriveFileItem>) | (shareddriveid:<DriveFileItem>)
<SharedDriveNameEntity> ::= (shareddrive <SharedDriveName>) | (shareddrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::= (shareddrivefilename <DriveFileName>) | (shareddrivefilename:<DriveFileName>)
<SharedDriveFileQueryEntity> ::= (shareddrivequery <QueryDriveFile>) | (shareddrivequery:<QueryDriveFile>)
<SharedDriveIDEntity> ::= (teamdriveid <DriveFileItem>) | (teamdriveid:<DriveFileItem>)
<SharedDriveNameEntity> ::= (teamdrive <SharedDriveName>) | (teamdrive:<SharedDriveName>)
<SharedDriveFileNameEntity> ::= (teamdrivefilename <DriveFileName>) | (teamdrivefilename:<DriveFileName>)
<SharedDriveFileQueryEntity> ::= (teamdrivequery <QueryDriveFile>) | (teamdrivequery:<QueryDriveFile>)
<SharedDriveFileQueryShortcut> ::=
all_files | all_folders | all_google_files | all_non_google_files | all_items
@@ -293,11 +291,11 @@ When either of these options is chosen, no infomation about Shared Drive restric
To retrieve the Shared Drive ID with `returnidonly`:
```
Linux/MacOS
shareddriveId=$(gam user user@domain.com create shareddrive ... returnidonly)
teamDriveId=$(gam user user@domain.com create shareddrive ... returnidonly)
Windows PowerShell
$shareddriveId = & gam user user@domain.com create shareddrive ... returnidonly
$teamDriveId = & gam user user@domain.com create shareddrive ... returnidonly
Windows Command Prompt
for /f "delims=" %a in ('gam user user@domain.com create shareddrive ... returnidonly') do set shareddriveId=%a
for /f "delims=" %a in ('gam user user@domain.com create shareddrive ... returnidonly') do set teamDriveId=%a
```
## Bulk Create Shared Drives
@@ -419,12 +417,12 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
Display the number of Shared Drives.
```
gam <UserTypeEntity> show|print shareddrives
[shareddriveadminquery|query <QuerySharedDrive>]
[teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
showitemcountonly
```
By default, all Shared Drives are counted; use the following options to select a subset of Shared Drives:
* `shareddriveadminquery|query <QuerySharedDrive>` - Use a query to select Shared Drives
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
@@ -468,7 +466,7 @@ Options `shareddriveadminquery|query` and `shareddrives|teamdrives` are mutually
Options `shareddriveadminquery|query` and `orgunit|org|ou` require `adminaccess|asadmin`.
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `shareddriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `shareddrives|teamdrives <SharedDriveIDList>` - Select the Shared Drive IDs specified in `<SharedDriveIDList>`
* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Select the Shared Drive IDs specified in `<FileSelector>|<CSVFileSelector>`
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
@@ -488,7 +486,7 @@ To select organizers from any domain, use: `domainlist ""`
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
```
gam redirect csv ./ShareddriveOrganizers.csv print shareddriveorganizers
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
```
## Manage Shared Drive access
@@ -598,14 +596,14 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
## Display Shared Drive access for selected Shared Drives
```
gam <UserTypeEntity> show shareddriveacls
adminaccess [shareddriveadminquery|query <QuerySharedDrive>]
adminaccess [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
<PermissionMatch>* [<PermissionMatchAction>] [pmselect]
[oneitemperrow] [<DrivePermissionsFieldName>*|(fields <DrivePermissionsFieldNameList>)]
[formatjson [quotechar <Character>]]
gam <UserTypeEntity> print shareddriveacls [todrive <ToDriveAttribute>*]
adminaccess [shareddriveadminquery|query <QuerySharedDrive>]
adminaccess [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
<PermissionMatch>* [<PermissionMatchAction>] [pmselect]
@@ -617,7 +615,7 @@ Shared Drives in the workspace, `<UserTypeEntity>` should specify a super admin
option shoud be used.
By default, all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `shareddriveadminquery|query <QuerySharedDrive>` - Use a query to select Shared Drives
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
* `<PermissionMatch>* [<PermissionMatchAction>] pmselect` - Use permission matching to select Shared Drives

View File

@@ -1,6 +1,5 @@
# Users - Tokens
- [API documentation](#api-documentation)
- [Get Google Cloud organization ID for your workspace](#get-google-cloud-organization-id-for-your-workspace)
- [Definitions](#definitions)
- [Delete a user's token](#delete-a-users-token)
- [Display individual user's tokens](#display-individual-users-tokens)
@@ -10,15 +9,6 @@
## API documentation
* [Directory API - Tokens](https://developers.google.com/admin-sdk/directory/reference/rest/v1/tokens)
## Get Google Cloud organization ID for your workspace
This ID is used by `gam print|show token gcpdetails`; to eliminate additional API calls,
you can get the value and store it in the `gam.cfg/gcp_org_id` variable.
```
$ gam info gcporgid
organizations/906207637890
$ gam config gcp_org_id organizations/906207637890 save
```
## Definitions
* [`<UserTypeEntity>`](Collections-of-Users)
@@ -33,18 +23,14 @@ gam <UserTypeEntity> delete|del token|tokens clientid <ClientID>
```
gam <UserTypeEntity> print tokens|token [todrive <ToDriveAttributes>*] [clientid <ClientID>]
[orderby clientid|id|appname|displaytext] [delimiter <Character>]
[gcpdetails]
gam <UserTypeEntity> show tokens|token|3lo|oauth [clientid <ClientID>]
[orderby clientid|id|appname|displaytext]
[gcpdetails]
gam print tokens|token [todrive <ToDriveAttributes>*] [clientid <ClientID>]
[orderby clientid|id|appname|displaytext] [delimiter <Character>]
[<UserTypeEntity>]
[gcpdetails]
gam show tokens|token [clientid <ClientID>]
[orderby clientid|id|appname|displaytext] [delimiter <Character>]
[<UserTypeEntity>]
[gcpdetails]
```
By default, all client tokens for a user are displayed, use `clientid <ClientID>` to display a specific client token.
@@ -52,9 +38,6 @@ For each user, select the order of token presentation:
* `orderby clientid|id` - Display each user's tokens ordered by Client ID
* `orderby appname|displaytext` - Display each user's tokens ordered by App Name
Use `gcpdetails` to get project information about the client; you get the project number
and whether it is an internal project. In order to accurately determine if a project is internal, your GAM admin user must have at least the `Browser` [IAM role for the entire GCP organization](https://docs.cloud.google.com/iam/docs/roles-permissions/browser) which allows them to lookup basic metadata about your organization projects. If your admin is not able to see all GCP projects in your organization results may not be accurate.
For `print tokens`:
* `delimiter <Character>` - Separate `scopes` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.

View File

@@ -40,7 +40,6 @@
- [Print user list](#print-user-list)
- [Display user counts](#display-user-counts)
- [Verify domain membership](#verify-domain-membership)
- [Guest Users](#guest-users)
## API documentation
* [Directory API - Users](https://developers.google.com/admin-sdk/directory/reference/rest/v1/users)
@@ -170,7 +169,6 @@ queries "`"orgUnitPath=\'/Students/Lower\ School/2027\'`",`"orgUnitPath=\'/Stude
fullname|
gender|
givenname|firstname|
guestaccountinfo|
id|
ims|im|
includeinglobaladdresslist|gal|
@@ -178,7 +176,6 @@ queries "`"orgUnitPath=\'/Students/Lower\ School/2027\'`",`"orgUnitPath=\'/Stude
isdelegatedadmin|admin|isadmin|
isenforcedin2sv|is2svenforced|
isenrolledin2sv|is2svenrolled|
isguestuser|
ismailboxsetup|
keyword|keywords|
language|languages|
@@ -329,20 +326,6 @@ You can remove all instances of a `<UserMultiAttribute>` with `<UserClearAttribu
<UserMultiAttribute>|
<UserClearAttribute>
```
```
<UserMultiAttributeFilterName> ::=
address|addresses|
externalid|externalids|
im|ims|
keyword|keywords|
location|locations|
orgainzation|organizations|
otheremail|otheremails|
phone|phones|
relation|relations|
website|websites
```
## Admin Console User Info
When defining a user in the admin console, there is a section labelled `Employee information` with the following items:
* `Employee ID`
@@ -985,8 +968,6 @@ gam info user [<UserItem>]
[(products|product <ProductIDList>)|(skus|sku <SKUIDList>)]
[noschemas|allschemas|(schemas|custom|customschemas <SchemaNameList>)]
[userview] <UserFieldName>* [fields <UserFieldNameList>]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[formatjson]
```
### Display information about multiple users
@@ -1000,8 +981,6 @@ gam info users <UserTypeEntity>
[(products|product <ProductIDList>)|(skus|sku <SKUIDList>)]
[noschemas|allschemas|(schemas|custom|customschemas <SchemaNameList>)]
[userview] <UserFieldName>* [fields <UserFieldNameList>]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[formatjson]
gam <UserTypeEntity> info users
[quick]
@@ -1012,8 +991,6 @@ gam <UserTypeEntity> info users
[(products|product <ProductIDList>)|(skus|sku <SKUIDList>)]
[noschemas|allschemas|(schemas|custom|customschemas <SchemaNameList>)]
[userview] <UserFieldName>* [fields <UserFieldNameList>]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[formatjson]
```
For `info users`, unlike all other GAM commands, a `<UserTypeEntity>` value of `all users` is actually `all users_ns_susp` not `all users_ns`.
@@ -1051,11 +1028,6 @@ By default, Gam displays fields that only an adminstrator can view.
By default, Gam displays all fields for a user.
* `<UserFieldName>* [fields <UserFieldNameList>]` - Only display selected fields.
By default, all instances of `<UserMultiAttribute>` are displayed, use these options to only display instances
of a specified `type` or `customType`.
* `filtermultiattrtype <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `type` is `<String>`
* `filtermultiattrcustom <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `customType` is `<String>`
By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format.
@@ -1087,8 +1059,6 @@ gam print users [todrive <ToDriveAttribute>*]
[schemas|custom|customschemas all|<SchemaNameList>]
[emailpart|emailparts|username]
[userview] [allfields|basic|full|(<UserFieldName>*|fields <UserFieldNameList>)]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
[formatjson [quotechar <Character>]] [quoteplusphonenumbers]
[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
@@ -1115,8 +1085,6 @@ gam print users [todrive <ToDriveAttribute>*] select <UserTypeEntity>
[schemas|custom|customschemas all|<SchemaNameList>]
[emailpart|emailparts|username]
[userview] [basic|full|allfields|(<UserFieldName>*|fields <UserFieldNameList>)]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
[formatjson [quotechar <Character>]] [quoteplusphonenumbers]
[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
@@ -1131,8 +1099,6 @@ gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
[schemas|custom|customschemas all|<SchemaNameList>]
[emailpart|emailparts|username]
[userview] [basic|full|allfields|(<UserFieldName>*|fields <UserFieldNameList>)]
(filtermultiattrtype <UserMultiAttributeFilterName> <String>)*
(filtermultiattrcustom <UserMultiAttributeFilterName> <String>)*
[delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
[formatjson [quotechar <Character>]] [quoteplusphonenumbers]
[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
@@ -1168,11 +1134,6 @@ By default, Gam displays only the primary email address for each user.
* `schemas|custom all` - Display custom schema information for all schemas.
* `schemas|custom <SchemaNameList>` - Display all fields or selected fields of the specified custom schemas
By default, all instances of `<UserMultiAttribute>` are displayed, use these options to only display instances
of a specified `type` or `customType`.
* `filtermultiattrtype <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `type` is `<String>`
* `filtermultiattrcustom <UserMultiAttributeFilterName> <String>` - Display `<UserMultiAttributeFilterName>` if its `customType` is `<String>`
By default, when aliases are displayed, all aliases are displayed. Use `aliasmatchpattern <REMatchPattern>`
to limit the display of aliases to those that match `<REMatchPattern>`.
@@ -1423,11 +1384,3 @@ testuser1@domain.com,118080758787650801331,True,Test User 1
testuserxxx@domain.com,,False,Test User XXX
testuser2@domain.com,107344800159717682514,True,Test User 2
```
## Guest Users
* See: https://support.google.com/a/answer/16558545
```
gam create guestuser <EmailAddress>
```
Guest users are in the OU "/Workspace guests".

View File

@@ -11,7 +11,7 @@ It's important to confirm you are always running an official GAM7 release. The f
# GitHub Attestation (Linux/MacOS/Windows)
GitHub offers [artifict attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) which prove if a given GAM binary or archive was built by the [GAM-team/GAM](https://gitHub.com/GAM-team/GAM) project and links to the build job. This offers you certainty that the GAM executable you are running or the GAM package you downloaded were officially generated by the [GAM-team/GAM](https://gitHub.com/GAM-team/GAM) project.
To verify a given GAM executable file or package (.zip, .exe or .tar.xz) is legitimate, use the following steps:
To verify a given GAM executable file or package (.zip, .msi or .tar.xz) is legitimate, use the following steps:
1. Install the [GitHub CLI command line tool](https://github.com/cli/cli#installation).
2. Login to the tool with the command. You need a [free GitHub account](https://gitHub.com/join) for this.
```
@@ -27,7 +27,7 @@ gh attestation verify --repo GAM-team/GAM --format=json \
4. If the GAM file or package is legit you'll see output like:
```
Loaded digest sha256:a63dc5e71c0b3335865877fc7dc9248bbf7481d22995c18253a2ae71fcb9793a for file://gam-7.00.00-windows-x86_64.exe
Loaded digest sha256:a63dc5e71c0b3335865877fc7dc9248bbf7481d22995c18253a2ae71fcb9793a for file://gam-7.00.00-windows-x86_64.msi
Loaded 1 attestation from GitHub API
✓ Verification succeeded!
@@ -77,7 +77,7 @@ origin=Developer ID Application: Jay Lee (GZ85H2DRLM)
If you do not see "accepted" and "Jay Lee" as the developer ID, there may be a problem. Please report any suspicious files or concerns to the [GAM Group](https://groups.google.com/g/google-apps-manager) or the [GAM Chat Space](https://git.io/gam-chat).
# Windows Code Sign
On Windows, Official gam.exe files and EXE installer packages are signed by a [Certum Open Source code signing certificate](https://shop.certum.eu/open-source-code-signing.html). You can validate the signature and thus be sure you are running official GAM7 from the command line and GUI:
On Windows, Official gam.exe files and MSI installer packages are signed by a [Certum Open Source code signing certificate](https://shop.certum.eu/open-source-code-signing.html). You can validate the signature and thus be sure you are running official GAM7 from the command line and GUI:
# Command Line
From PowerShell, run the following command:
@@ -113,6 +113,6 @@ SignerCertificate : [Subject]
confirm that status is "Valid" and the SignerCertificate says "Open Source Developer, James Lee" (yes, James is Jay's legal name, now you know).
## GUI
From File Manager, you can right click on gam.exe or the EXE installer package and go to the Digital Signatures tab. From there you'll see the signing certificate which should show "Open Source Developer, James Lee".
From File Manager, you can right click on gam.exe or the MSI package and go to the Digital Signatures tab. From there you'll see the signing certificate which should show "Open Source Developer, James Lee".
![image](https://github.com/user-attachments/assets/dceb8cb8-36e0-4ed7-8b03-09322b49b06a)

View File

@@ -3,23 +3,23 @@
Print the current version of Gam with details
```
gam version
GAM 7.38.02 - https://github.com/GAM-team/GAM - pyinstaller
GAM 7.33.03 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.3 64-bit final
macOS Tahoe 26.3.1 arm64
Path: /Users/gamteam/bin/gam7
Config File: /Users/gamteam/GamConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Time: 2026-02-15T07:51:00-08:00
Python 3.14.2 64-bit final
macOS Tahoe 26.2 x86_64
Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Time: 2025-12-23T13:57:00-08:00
```
Print the current version of Gam with details and time offset information
```
gam version timeoffset
GAM 7.38.02 - https://github.com/GAM-team/GAM - pyinstaller
GAM 7.33.03 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.3 64-bit final
macOS Tahoe 26.3.1 arm64
Path: /Users/gamteam/bin/gam7
Python 3.14.2 64-bit final
macOS Tahoe 26.2 x86_64
Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Your system time differs from www.googleapis.com by less than 1 second
```
@@ -27,29 +27,29 @@ Your system time differs from www.googleapis.com by less than 1 second
Print the current version of Gam with extended details and SSL information
```
gam version extended
GAM 7.38.02 - https://github.com/GAM-team/GAM - pyinstaller
GAM 7.33.03 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.3 64-bit final
macOS Tahoe 26.3.1 arm64
Path: /Users/gamteam/bin/gam7
Config File: /Users/gamteam/GamConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Time: 2026-02-15T07:51:00-08:00
Python 3.14.2 64-bit final
macOS Tahoe 26.2 x86_64
Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Time: 2025-12-23T13:57:00-08:00
Your system time differs from admin.googleapis.com by less than 1 second
OpenSSL 3.6.1 27 Jan 2026
arrow 1.4.0
arrow 1.3.0
chardet 5.2.0
cryptography 46.0.5
filelock 3.21.2
google-api-python-client 2.190.0
google-auth-httplib2 0.3.0
google-auth-oauthlib 1.2.4
google-auth 2.48.0
lxml 6.0.2
httplib2 0.31.2
cryptography 46.0.1
filelock 3.19.1
google-api-python-client 2.182.0
google-auth-httplib2 0.2.0
google-auth-oauthlib 1.2.2
google-auth 2.40.3
lxml 6.0.1
httplib2 0.31.0
passlib 1.7.4
pathvalidate 3.3.1
pyscard 2.3.1
yubikey-manager 5.9.0
pyscard 2.3.0
yubikey-manager 5.8.0
admin.googleapis.com connects using TLSv1.3 TLS_AES_256_GCM_SHA384
```
@@ -65,10 +65,10 @@ google-api-python-client 2.77.0
httplib2 0.16.0
oauth2client 4.1.3
MacOS High Sierra 10.13.6 x86_64
Path: /Users/gamteam/bin/gam7
Path: /Users/Admin/bin/gam7
Version Check:
Current: 5.35.08
Latest: 7.38.02
Latest: 7.33.03
echo $?
1
```
@@ -76,7 +76,7 @@ echo $?
Print the current version number without details
```
gam version simple
7.38.02
7.33.03
```
In Linux/MacOS you can do:
```
@@ -86,13 +86,13 @@ echo $VER
Print the current version of Gam and address of this Wiki
```
gam help
GAM 7.38.02 - https://github.com/GAM-team/GAM
GAM 7.33.03 - https://github.com/GAM-team/GAM
GAM Team <google-apps-manager@googlegroups.com>
Python 3.14.3 64-bit final
macOS Tahoe 26.3.1 arm64
Path: /Users/gamteam/bin/gam7
Config File: /Users/gamteam/GamConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Time: 2026-02-15T07:51:00-08:00
Help: Syntax in file /Users/gamteam/bin/gam7/GamCommands.txt
Python 3.14.2 64-bit final
macOS Tahoe 26.2 x86_64
Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
Time: 2025-12-23T13:57:00-08:00
Help: Syntax in file /Users/Admin/bin/gam7/GamCommands.txt
Help: Documentation is at https://github.com/GAM-team/GAM/wiki
```

View File

@@ -232,11 +232,6 @@ csv_output_header_order
Any headers in the file but not in the list will appear after
the headers in the list
Default: ''
csv_output_header_required
A list of <Strings> used to specify column headers
for inclusion in the CSV file written by a gam print command
even if the API didn't return any data for those columns.
Default: ''
csv_output_line_terminator
Allowed values: cr, lf, crlf
Designates character(s) used to terminate the lines of a CSV file.
@@ -375,21 +370,6 @@ extra_args
Path to extra_args.txt
Default: Blank
Data file: extra_args.txt
gcp_org_id
The Google Cloud organization ID for your workspace.
Default: Blank
This value is used by the following commands;
by setting the value, additional API calls are eliminated.
gam create project
gam create gcpfolder
gam create|update|delete caalevel
gam print|show caalevels
gam print|show tokens gcpdetails
You can get and save the `gcp_org_id` value with these commands:
$ gam info gcporgid
organizations/906207637890
$ gam config gcp_org_id organizations/906207637890 save
gmail_cse_incert_dir
Directory for the S/MIME certificate files used by Gmail Client Side Encryption.
Default: Blank
@@ -750,8 +730,6 @@ Section: DEFAULT
csv_output_header_drop_filter = ''
csv_output_header_filter = ''
csv_output_header_force = ''
csv_output_header_order = ''
csv_output_header_required = ''
csv_output_line_terminator = lf
csv_output_no_escape_char = false
csv_output_quote_char = '"'
@@ -998,7 +976,6 @@ csv_output_header_drop_filter = ''
csv_output_header_filter = ''
csv_output_header_force = ''
csv_output_header_order = ''
csv_output_header_required = ''
csv_output_line_terminator = lf
csv_output_no_escape_char = false
csv_output_quote_char = '"'