gam7 7.8.2__py3-none-any.whl → 7.9.1__py3-none-any.whl

gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.08.02'
+__version__ = '7.09.01'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -4785,8 +4785,9 @@ def defaultSvcAcctScopes():
   scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
   saScopes = {}
   for scope in scopesList:
-    saScopes.setdefault(scope['api'], [])
-    saScopes[scope['api']].append(scope['scope'])
+    if not scope.get('offByDefault'):
+      saScopes.setdefault(scope['api'], [])
+      saScopes[scope['api']].append(scope['scope'])
   saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
   saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
   saScopes[API.DRIVETD] = saScopes[API.DRIVE3]
@@ -12232,7 +12233,7 @@ def checkServiceAccount(users):
 
   def authorizeScopes(message):
     long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
-                f'?clientScopeToAdd={",".join(checkScopes)}'
+                f'?clientScopeToAdd={",".join(sorted(checkScopes))}'
                 f'&clientIdToAdd={service_account}&overwriteClientId=true')
     if GC.Values[GC.DOMAIN]:
       long_url += f'&dn={GC.Values[GC.DOMAIN]}'
@@ -12244,10 +12245,12 @@ def checkServiceAccount(users):
   allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
   checkScopesSet = set()
   saScopes = {}
+  checkDeprecatedScopes = True
   useColor = False
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg in {'scope', 'scopes'}:
+      checkDeprecatedScopes = False
       for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
         api = API.getSvcAcctScopeAPI(scope)
         if api is not None:
@@ -12264,10 +12267,12 @@ def checkServiceAccount(users):
     testPass = createGreenText('PASS')
     testFail = createRedText('FAIL')
     testWarn = createYellowText('WARN')
+    testDeprecated = createRedText('DEPRECATED')
   else:
     testPass = 'PASS'
     testFail = 'FAIL'
     testWarn = 'WARN'
+    testDeprecated = 'DEPRECATED'
   if Act.Get() == Act.CHECK:
     if not checkScopesSet:
       for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
@@ -12275,7 +12280,7 @@ def checkServiceAccount(users):
   else:
     if not checkScopesSet:
       scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
-      selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES])
+      selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES] if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] else None)
       if selectedScopes is None:
         return False
       i = 0
@@ -12337,7 +12342,7 @@ def checkServiceAccount(users):
   if saTokenStatus == testFail:
     invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
   _getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
-  if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] and API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
+  if API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
     GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.IAM_SCOPE]
   key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
   if key_type == 'default':
@@ -12399,6 +12404,38 @@ def checkServiceAccount(users):
         allScopesPass = False
       printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
     Ind.Decrement()
+    if checkDeprecatedScopes:
+      deprecatedScopes = sorted(API.DEPRECATED_SCOPES)
+      jcount = len(deprecatedScopes)
+      printKeyValueListWithCount([Msg.DEPRECATED_SCOPES, '',
+                                  Ent.Singular(Ent.USER), user,
+                                  Ent.Choose(Ent.SCOPE, jcount), jcount],
+                                 i, count)
+      Ind.Increment()
+      j = 0
+      for scope in deprecatedScopes:
+        j += 1
+        # try with and without email scope
+        for scopes in [[scope, API.USERINFO_EMAIL_SCOPE], [scope]]:
+          try:
+            credentials = getSvcAcctCredentials(scopes, user)
+            credentials.refresh(request)
+            break
+          except (httplib2.HttpLib2Error, google.auth.exceptions.TransportError, RuntimeError) as e:
+            handleServerError(e)
+          except google.auth.exceptions.RefreshError:
+            continue
+        if credentials.token:
+          token_info = callGAPI(oa2, 'tokeninfo', access_token=credentials.token)
+          if scope in token_info.get('scope', '').split(' ') and user == token_info.get('email', user).lower():
+            scopeStatus = testDeprecated
+            allScopesPass = False
+          else:
+            scopeStatus = testPass
+        else:
+          scopeStatus = testPass
+        printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
+      Ind.Decrement()
     service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
     if allScopesPass:
       if Act.Get() == Act.CHECK:
@@ -28081,6 +28118,7 @@ def simplifyChromeSchema(schema):
                  'settings': {}
                 }
   fieldDescriptions = schema['fieldDescriptions']
+  savedSettingName = ''
   for mtype in schema['definition']['messageType']:
     for setting in mtype['field']:
       setting_name = setting['name']
@@ -28089,6 +28127,9 @@ def simplifyChromeSchema(schema):
                       'descriptions':  [],
                       'type': setting['type'],
                      }
+      if setting_dict['type'] == 'TYPE_INT64' and savedSettingName:
+        setting_dict['name'] = savedSettingName
+      savedSettingName = ''
       if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED':
         setting_dict['type'] = 'TYPE_LIST'
       if setting_dict['type'] == 'TYPE_ENUM':
@@ -28110,6 +28151,7 @@ def simplifyChromeSchema(schema):
                   break
             break
       elif setting_dict['type'] == 'TYPE_MESSAGE':
+        savedSettingName = setting_name
         continue
       else:
         setting_dict['enums'] = None
@@ -28215,14 +28257,11 @@ def doDeleteChromePolicy():
     entityActionFailedWarning(kvList, str(e))
 
 CHROME_SCHEMA_SPECIAL_CASES = {
+# duration
   'chrome.users.AutoUpdateCheckPeriodNewV2':
     {'autoupdatecheckperiodminutesnew':
        {'casedField': 'autoUpdateCheckPeriodMinutesNew',
         'type': 'duration', 'minVal': 1, 'maxVal': 720}},
-  'chrome.users.Avatar':
-    {'useravatarimage':
-       {'casedField': 'userAvatarImage',
-        'type': 'downloadUri'}},
   'chrome.users.BrowserSwitcherDelayDurationV2':
     {'browserswitcherdelayduration':
        {'casedField': 'browserSwitcherDelayDuration',
@@ -28264,10 +28303,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
     {'maxinvalidationfetchdelay':
        {'casedField': 'maxInvalidationFetchDelay',
         'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}},
-  'chrome.users.PrintingMaxSheetsAllowed':
-    {'printingmaxsheetsallowednullable':
-       {'casedField': 'printingMaxSheetsAllowedNullable',
-        'type': 'value', 'minVal': 1, 'maxVal': None}},
   'chrome.users.PrintJobHistoryExpirationPeriodNewV2':
     {'printjobhistoryexpirationperioddaysnew':
        {'casedField': 'printJobHistoryExpirationPeriodDaysNew',
@@ -28291,10 +28326,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
      'updatessuppressedstarttime':
        {'casedField': 'updatesSuppressedStartTime',
         'type': 'timeOfDay'}},
-  'chrome.users.Wallpaper':
-    {'wallpaperimage':
-       {'casedField': 'wallpaperImage',
-        'type': 'downloadUri'}},
   'chrome.devices.EnableReportUploadFrequencyV2':
     {'reportdeviceuploadfrequency':
        {'casedField': 'reportDeviceUploadFrequency',
@@ -28303,10 +28334,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
     {'uptimelimitduration':
        {'casedField': 'uptimeLimitDuration',
         'type': 'duration', 'minVal': 1, 'maxVal': 365}},
-  'chrome.devices.SignInWallpaperImage':
-    {'devicewallpaperimage':
-       {'casedField': 'deviceWallpaperImage',
-        'type': 'downloadUri'}},
   'chrome.devices.kiosk.AcPowerSettingsV2':
     {'acidletimeout':
        {'casedField': 'acIdleTimeout',
@@ -28333,10 +28360,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
      'batteryscreenofftimeout':
        {'casedField': 'batteryScreenOffTimeout',
         'type': 'duration', 'minVal': 0, 'maxVal': 35000}},
-  'chrome.devices.managedguest.Avatar':
-    {'useravatarimage':
-       {'casedField': 'userAvatarImage',
-        'type': 'downloadUri'}},
   'chrome.devices.managedguest.BrowsingDataLifetimeV2':
     {'browsinghistoryttl':
        {'casedField': 'browsingHistoryTtl',
@@ -28378,6 +28401,56 @@ CHROME_SCHEMA_SPECIAL_CASES = {
     {'sessiondurationlimit':
        {'casedField': 'sessionDurationLimit',
         'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
+# value
+  'chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays':
+    {'gaialockscreenofflinesignintimelimitdays':
+       {'casedField': 'gaiaLockScreenOfflineSigninTimeLimitDays',
+        'type': 'value', 'minVal': 0, 'maxVal': 365}},
+  'chrome.users.GaiaOfflineSigninTimeLimitDays':
+    {'gaiaofflinesignintimelimitdays':
+       {'casedField': 'gaiaOfflineSigninTimeLimitDays',
+        'type': 'value', 'minVal': 0, 'maxVal': 365}},
+  'chrome.users.PrintingMaxSheetsAllowed':
+    {'printingmaxsheetsallowednullable':
+       {'casedField': 'printingMaxSheetsAllowedNullable',
+        'type': 'value', 'minVal': 1, 'maxVal': None}},
+  'chrome.users.RemoteAccessHostClipboardSizeBytes':
+    {'remoteaccesshostclipboardsizebytes':
+       {'casedField': 'remoteAccessHostClipboardSizeBytes',
+        'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
+  'chrome.users.SamlLockScreenOfflineSigninTimeLimitDays':
+    {'samllockscreenofflinesignintimelimitdays':
+       {'casedField': 'samlLockScreenOfflineSigninTimeLimitDays',
+        'type': 'value', 'minVal': 0, 'maxVal': 365}},
+  'chrome.devices.ExtensionCacheSize':
+    {'extensioncachesize':
+       {'casedField': 'extensionCacheSize',
+        'type': 'value', 'minVal': 1048576, 'maxVal': None, 'default': 268435456}},
+  'chrome.devices.managedguest.PrintingMaxSheetsAllowed':
+    {'printingmaxsheetsallowednullable':
+       {'casedField': 'printingMaxSheetsAllowedNullable',
+        'type': 'value', 'minVal': 1, 'maxVal': None}},
+  'chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes':
+    {'remoteaccesshostclipboardsizebytes':
+       {'casedField': 'remoteAccessHostClipboardSizeBytes',
+        'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
+# downloadUri
+  'chrome.users.Avatar':
+    {'useravatarimage':
+       {'casedField': 'userAvatarImage',
+        'type': 'downloadUri'}},
+  'chrome.users.Wallpaper':
+    {'wallpaperimage':
+       {'casedField': 'wallpaperImage',
+        'type': 'downloadUri'}},
+  'chrome.devices.SignInWallpaperImage':
+    {'devicewallpaperimage':
+       {'casedField': 'deviceWallpaperImage',
+        'type': 'downloadUri'}},
+  'chrome.devices.managedguest.Avatar':
+    {'useravatarimage':
+       {'casedField': 'userAvatarImage',
+        'type': 'downloadUri'}},
   'chrome.devices.managedguest.Wallpaper':
     {'wallpaperimage':
        {'casedField': 'wallpaperImage',
@@ -57259,6 +57332,7 @@ def printDiskUsage(users):
             topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}'
           else:
             topFolder['path'] = topFolder['name']
+          topFolder.pop('ownedByMe', None)
         elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'):
           topFolder['path'] = MY_DRIVE
         else:
@@ -57269,7 +57343,6 @@ def printDiskUsage(users):
           if owners:
             topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown')
             trashFolder['Owner'] = topFolder['Owner']
-        topFolder.pop('ownedByMe', None)
         topFolder.pop('parents', None)
         topFolder.update(zeroFolderInfo)
         topFolder.pop(sizeField, None)
@@ -58716,7 +58789,7 @@ def initCopyMoveOptions(copyCmd):
     'showPermissionMessages': False,
     'sendEmailIfRequired': False,
     'useDomainAdminAccess': False,
-    'enforceExpansiveAccess': False,
+    'enforceExpansiveAccess': GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS],
     'copiedShortcutsPointToCopiedFiles': True,
     'createShortcutsForNonmovableFiles': False,
     'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
@@ -62096,7 +62169,8 @@ def transferDrive(users):
   targetUserFolderPattern = '#user# old files'
   targetUserOrphansFolderPattern = '#user# orphaned files'
   targetIds = [None, None]
-  createShortcutsForNonmovableFiles = enforceExpansiveAccess = False
+  createShortcutsForNonmovableFiles = False
+  enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
   mergeWithTarget = False
   thirdPartyOwners = {}
   skipFileIdEntity = initDriveFileEntity()
@@ -62402,7 +62476,8 @@ def transferOwnership(users):
   body = {}
   newOwner = getEmailAddress()
   OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
-  changeParents = enforceExpansiveAccess = filepath = includeTrashed = noRecursion = False
+  changeParents = filepath = includeTrashed = noRecursion = False
+  enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
   pathDelimiter = '/'
   csvPF = fileTree = None
   addParents = ''
@@ -62728,7 +62803,8 @@ def claimOwnership(users):
   onlyOwners = set()
   skipOwners = set()
   subdomains = []
-  enforceExpansiveAccess = filepath = includeTrashed = False
+  filepath = includeTrashed = False
+  enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
   pathDelimiter = '/'
   addParents = ''
   parentBody = {}
@@ -63503,7 +63579,7 @@ def doCreateDriveFileACL():
 def updateDriveFileACLs(users, useDomainAdminAccess=False):
   fileIdEntity = getDriveFileEntity()
   isEmail, permissionId = getPermissionId()
-  enforceExpansiveAccess = None
+  enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
   removeExpiration = showTitles = updateSheetProtectedRanges = False
   showDetails = True
   csvPF = None
@@ -63541,9 +63617,6 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
   _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
   if 'role' not in body:
     missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
-  updateKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
-  if enforceExpansiveAccess is not None:
-    updateKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
   printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
   if csvPF and showTitles:
     csvPF.AddTitles(fileNameTitle)
@@ -63581,7 +63654,7 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
         permission = callGAPI(drive.permissions(), 'update',
                               bailOnInternalError=True,
                               throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
-                              **updateKwargs,
+                              useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
                               fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
                               transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
         if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
@@ -63832,7 +63905,7 @@ def doCreatePermissions():
 def deleteDriveFileACLs(users, useDomainAdminAccess=False):
   fileIdEntity = getDriveFileEntity()
   isEmail, permissionId = getPermissionId()
-  enforceExpansiveAccess = None
+  enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
   showTitles = updateSheetProtectedRanges = False
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
@@ -63847,9 +63920,6 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
     else:
       unknownArgumentExit()
   _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
-  deleteKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
-  if enforceExpansiveAccess is not None:
-    deleteKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
@@ -63882,7 +63952,7 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
                 break
         callGAPI(drive.permissions(), 'delete',
                  throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
-                 **deleteKwargs,
+                 useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
                  fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
         entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
         if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
@@ -63961,7 +64031,7 @@ def deletePermissions(users, useDomainAdminAccess=False):
     jsonData = getJSON([])
     PM = PermissionMatch()
     PM.SetDefaultMatch(False, {'role': 'owner'})
-  enforceExpansiveAccess = False
+  enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg in ADMIN_ACCESS_OPTIONS:
@@ -66200,7 +66270,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
                                     useDomainAdminAccess=useDomainAdminAccess,
                                     fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
         for permission in permissions:
-          if permission['type'] in includeTypes and permission['role'] in roles:
+          if permission['type'] in includeTypes and permission['role'] in roles and permission.get('emailAddress', ''):
             if domainList:
               _, domain = permission['emailAddress'].lower().split('@', 1)
               if domain not in domainList:

gam/gamlib/glapi.py

@@ -118,6 +118,7 @@ JWT_APIS = {
   ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
   CHAT: ['https://www.googleapis.com/auth/chat.bot'],
   CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
+  IAM: [IAM_SCOPE],
   ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
   }
 #
@@ -131,6 +132,12 @@ APIS_NEEDING_ACCESS_TOKEN = {
   CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
   }
 #
+DEPRECATED_SCOPES = {
+  'https://www.googleapis.com/auth/cloud-identity',
+  'https://www.googleapis.com/auth/cloud-platform',
+  'https://www.googleapis.com/auth/iam',
+  }
+#
 REFRESH_PERM_ERRORS = [
   'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
   'invalid_grant: Token has been expired or revoked',
@@ -645,11 +652,11 @@ _SVCACCT_SCOPES = [
    'api': GMAIL,
    'subscopes': [],
    'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
-  {'name': 'Identity and Access Management API',
-   'api': IAM,
-   'offByDefault': True,
-   'subscopes': [],
-   'scope': IAM_SCOPE},
+#  {'name': 'Identity and Access Management API',
+#   'api': IAM,
+#   'offByDefault': True,
+#   'subscopes': [],
+#   'scope': CLOUD_PLATFORM_SCOPE},
   {'name': 'Keep API',
    'api': KEEP,
    'subscopes': READONLY,

gam/gamlib/glcfg.py

@@ -163,6 +163,8 @@ EMAIL_BATCH_SIZE = 'email_batch_size'
 ENABLE_DASA = 'enable_dasa'
 # Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
 ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
+# Value for enforceExpansiveAccess for commands that delete or update drive file ACLs/permissions.
+ENFORCE_EXPANSIVE_ACCESS = 'enforce_expansive_access'
 # When retrieving lists of calendar events from API, how many should be retrieved in each chunk
 EVENT_MAX_RESULTS = 'event_max_results'
 # Path to extra_args.txt
@@ -377,6 +379,7 @@ Defaults = {
   DEVICE_MAX_RESULTS: '200',
   DOMAIN: '',
   DRIVE_DIR: '',
+  ENFORCE_EXPANSIVE_ACCESS: FALSE,
   DRIVE_MAX_RESULTS: '1000',
   DRIVE_V3_BETA: FALSE,
   DRIVE_V3_NATIVE_NAMES: TRUE,
@@ -545,6 +548,7 @@ VAR_INFO = {
   DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
   DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
   DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
+  ENFORCE_EXPANSIVE_ACCESS: {VAR_TYPE: TYPE_BOOLEAN},
   DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
   DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
   DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},

gam/gamlib/glmsgs.py

@@ -140,12 +140,13 @@ SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
 SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
 UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
 DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
+DEPRECATED_SCOPES = 'Deprecated scopes that GAM should NEVER have DwD access to'
 SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
 
 Service Account Client name: {0} is fully authorized.
 '''
 SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
-To authorize them (in case some scopes were unselected), please go to the following link in your browser:
+To update authorization (in case some scopes were unselected), please go to the following link in your browser:
 {0}
     {1}
 
@@ -156,8 +157,8 @@ Click AUTHORIZE
 When the box closes you're done
 After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
 '''
-SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED!
-To authorize them, please go to the following link in your browser:
+SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED or should be DISABLED!
+To update authorization, please go to the following link in your browser:
 {0}
     {1}
 

{gam7-7.8.2.dist-info → gam7-7.9.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gam7
-Version: 7.8.2
+Version: 7.9.1
 Summary: CLI tool to manage Google Workspace
 Project-URL: Homepage, https://github.com/GAM-team/GAM
 Project-URL: Issues, https://github.com/GAM-team/GAM/issues

{gam7-7.8.2.dist-info → gam7-7.9.1.dist-info}/RECORD

@@ -1,4 +1,4 @@
-gam/__init__.py,sha256=bWbA30929W_vQxV1tytxhtjfUFGf9rzhVHWqNrUgUh4,3513784
+gam/__init__.py,sha256=EqqD1dpkkwSbBFUVS-L2B4ud6trEg59VU3z24ADlvj0,3517246
 gam/__main__.py,sha256=amz0-959ph6zkZKqjaar4n60yho-T37w6qWI36qx0CA,1049
 gam/cacerts.pem,sha256=82Ak7btW_2XvocLUvAwPmpx8Chi0oqtZUG1gseLK_t4,50235
 gam/cbcm-v1.1beta1.json,sha256=xO5XloCQQULmPbFBx5bckdqmbLFQ7sJ2TImhE1ysDIY,19439
@@ -23,15 +23,15 @@ gam/atom/token_store.py,sha256=7E6Ecvxa86WCvl1pJAhv78jg9OxQv8pMtIUcPhZCq04,3803
 gam/atom/url.py,sha256=pxO1TlORxyKQTQ1bkBE1unFzjnv9c8LjJkm-UEORShY,4276
 gam/gamlib/__init__.py,sha256=z5mF-y0j8pm-YNFBaiuxB4M_GAUPG-cXWwrhYwrVReM,679
 gam/gamlib/glaction.py,sha256=1Il_HrChVnPkzZwiZs5au4mFQVtq4K1Z42uIuR6qdnI,9419
-gam/gamlib/glapi.py,sha256=1P5QD850Fza_huThuNzgUAuDinLHujY8EdqzXRs_De4,34044
-gam/gamlib/glcfg.py,sha256=eJCVb_OJ6cIsPuv-0IfIjHaTh5lM9juh4HOMLDblJmE,28055
+gam/gamlib/glapi.py,sha256=7epQ2Hk9SK4Q6SImdJfvGvT5txftyfb5_jrF5K9cMpk,34253
+gam/gamlib/glcfg.py,sha256=moWpsBv5iaASEvI1VfiQiI85jUjX6tYXa1uD1Oz3Y5M,28297
 gam/gamlib/glclargs.py,sha256=zB6GMmDR_y5IRj7LuoM6-Bk_ETfNQ6sTqCNB6RdPfyg,42350
 gam/gamlib/glentity.py,sha256=fqWUlxQqPKlfFrkuPjCK2lZhhFBIZboCuO0qCxuEwqA,33691
 gam/gamlib/glgapi.py,sha256=cGtvFvvBU3XQJLgtLCjs_V5VBUem_k0b5uUrK21VmeA,39491
 gam/gamlib/glgdata.py,sha256=weRppttWm6uRyqtBoGPKoHiNZ2h28nhfUV4J_mbCszY,2707
 gam/gamlib/glglobals.py,sha256=J0xcHggVrUBzHJ5GruenKV-qV1zPKcK2qWgAgN3i5Jw,9608
 gam/gamlib/glindent.py,sha256=RfBa2LDfLIqPLL5vMfC689TCVmqn8xf-qulSzkiatrc,1228
-gam/gamlib/glmsgs.py,sha256=iHRQFm008jh2ZzuYCq3sLkxFtEupo9DLh1gzq_6Y41A,33562
+gam/gamlib/glmsgs.py,sha256=jiu6jRSspnbF25IbaTOV1NzvtCZlE-5ltfntitH2V5k,33677
 gam/gamlib/glskus.py,sha256=xJ1E2BZ_CGHN6I19c9i8DApb5bT5VT-hGyMEmQ5hSRY,15241
 gam/gamlib/gluprop.py,sha256=IyPLCyvn7-NHTUenM71YPQPXRZXx6CB5q-GtJ-FYd1c,11461
 gam/gamlib/glverlibs.py,sha256=A8rvegBF2nD6etbBRb8hsv-oZyjpD4VcUQ8PffW-bqU,992
@@ -65,8 +65,8 @@ gam/googleapiclient/discovery_cache/base.py,sha256=yCDPtxnbNN-p5_9fzBacC6P3wcUPl
 gam/googleapiclient/discovery_cache/file_cache.py,sha256=sim3Mg4HgRYo3vX75jvcKy_aV568EvIrtBfvfbw-044,4774
 gam/iso8601/__init__.py,sha256=Z2PsYbXgAH5a5xzUvgczCboPzqWpm65kRcIngCnhViU,1218
 gam/iso8601/iso8601.py,sha256=Li2FHZ4sBTWuthuQhyCvmvj0j6At8JbGzkSv2fc2RHU,4384
-gam7-7.8.2.dist-info/METADATA,sha256=_MUs7ktcgVLE5GmS8U4Uc7xSu_IAn5cKMQ7Zqutn_Lg,2977
-gam7-7.8.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-gam7-7.8.2.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
-gam7-7.8.2.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-gam7-7.8.2.dist-info/RECORD,,
+gam7-7.9.1.dist-info/METADATA,sha256=bBb1CBudSxPlVO_9OsXduoRE_D8RJs0MHCgIQUOt8b4,2977
+gam7-7.9.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+gam7-7.9.1.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
+gam7-7.9.1.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+gam7-7.9.1.dist-info/RECORD,,