I am running rclone in an automated job, so I am not using any interactive config and login.
I was able to use GCS remotes from a GCP compute machine with this config:
[gcs]
type = google cloud storage
bucket_policy_only = true
project_number = 00000000000
With this, rclone can login to the service account running the VM, probably through the official SDK with gets the credentials from the metadata server.
2023/02/13 09:09:23 Failed to create file system for "my-team-drive:": drive: failed when making oauth client: failed to create oauth client: empty token found - please run "rclone config reconnect my-team-drive:"
Passing a token is not an option in my scenario, and we avoid using service account files because GCP security recommandations recomend against it.
so, is there a way to make google drive work with application default credentials ?
Xery, I've added support for environment based auth for Google Drive but my experience with the Drive API is not very extensive. Could you run some tests on #6811?
I tried the project_number trick and that didn't work for me. GCP's SDK has several paths it goes down to find the “Default” credentials. It is very possible that however Rodolphe passed them was different. The two scenarios I ran into issues with was providing Workflow Identities and setting the service account env var and neither of those worked (I tried the project_number path too).
Failed to create file system for destination "gdrive:": couldn't find root directory ID: googleapi: Error 403: Request had insufficient authentication scopes.
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "googleapis.com",
"metadata": {
"method": "google.apps.drive.v3.DriveFiles.Get",
"service": "drive.googleapis.com"
},
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT"
}
]
More details:
Reason: insufficientPermissions, Message: Insufficient Permission
which seems to just indicate an issue with providing credentials to ADC on my side, not an issue with rclone, so my feedback might not be of much use in the meantime - sorry.