Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Does drive support service accounts, so G Suite users can automate initialisation without user prompts? #879
Does this utility support using a separate service account credentials.json file? And how would you go about setting this up?
This would be great as I could automate the whole initialisation process without user prompts. Which would work well in my continuous deployment setup.
I'm imagining something where you could specify a separate credentials file during initialisation:
Hello there @cajacko, thank you for the question and welcome to drive!
Unfortunately we don't support service accounts since there hasn't been any demand for them.
Therefore I'll take this as the first request for support for Google Service Accounts. I have added
Instead of reading credentials from the environment .gd/credentials.json, we could follow the style
I'll mark this as a feature-request and if anyone would like to work on it, please feel free or I'll jump in, in about a week when I get a break from school.
@cajacko I've started the work here, initialization for the remote should be complete, what's left is figuring out the initialization process 8eb5d20
WIP that I'll complete next week when free.
Fixes #879. Allows using Google Service Accounts. To do so, initialize it with GSA credentials in JSON form: ```shell $ drive init -service-account-file ~/Desktop/gsaFile.json ``` Please make sure that you've enabled the Drive API and if you've enabled the API recently, wait a couple of minutes for the action to propagate through Google's systems, then retry.
Hey, Thanks so much for working on this. The connection is working great and I am able to pull/push/list etc.
However I'm not sure what account I am looking at. As there isn't anywhere to specify the user you want to make drive calls on behalf of. I'm not sure whose drive account it is, all that is inside it is a "Getting Started" document.
On the Google docs (https://developers.google.com/identity/protocols/OAuth2ServiceAccount) it mentions the following:
In some enterprise cases, an application can request permission to act on behalf of a particular user in an organization. Permission to perform this type of impersonation must be granted before an application can impersonate a user, and is usually handled by a domain administrator. For more information on domain administration, see Managing API client access.
To obtain an access token that grants an application delegated access to a resource, include the email address of the user in the JWT claim set as the value of the sub field.
An example of a JWT claim set that includes the sub field is shown below:
Is this something that would need to be implemented to access a specific drive account, or am I missing something in the Google Drive config side of things?
Hello @cajacko, thanks for the question. Unfortunately I don't know how to request for exact user access for a service account, because I use service accounts only for apps and organization. For example you have an app that receives selfies by upload, so you create a console.developers.google.com project and enable Google APIs access to it such as Google Drive.
So in that citation, they say set "sub" as the email of the user you'd like to use it for. Please set "sub" as the email of the user just like you would when doing the OAuth2.0 exchange in the credentials, and let's see what changes. Initializing with the JWT config ie
Hi, I added the sub property and desired email into the credentials file to no effect. Although I have been able to access a users folders by sharing them with the service account email address. So now I am able to pull a shared folder by it's ID, which is great. Although I am unable to push to a shared folder, as there does not seem to be an accompanying push by id option. Is there any support for pushing/pulling from shared folders that I am missing?
Here is a bit of context to help understand what I'm trying to do:
An organisation that uses G Suite, has unlimited drive capacity for it's users and wants to use this storage to backup data from various servers. This servers may be setup entirely with continuous deployment so the setup needs to be autonomous.
One of the users creates a backups folder that is shared throughout the organisation. This is the folder that they want the server to be backed up to.
At the moment this drive utility can be setup automatically, can pull the latest backups from the shared folder (by ID) and the last piece of the puzzle is just to be able to push to it.
This shared folder must be shared from a user account, rather than being owned by the service account, as the service account can only have the default storage quota and the organisation is already paying for unlimited storage for it's users.
I had this issue recently and realized that drive creates
I would like to make a pr related to this but i don't even know the go lang.
You can automate this job with the following:
sed -i -e 's|"Subject":""|"Subject":"'"$GOOGLE_DRIVE_BACKUP_USER"'"|g' ~/gdrive/.gd/credentials.json