Config google-drive shared-with-me id and secret for ubuntu server

What is the problem you are having with rclone?

ubuntu google-compute server running 18.04
Need to config so server can rclone copy shared files
Shared files are in account with:
account has some OAuth 2.0 credentials set up, look like:
xxx-xxx.apps.googleusercontent.com
with associated secret.
account also has service account set up that looks like:
xxx-compute@developer.gserviceaccount.com
has unique id but no associated secret I can see.
Can I use service account or do I have to use one of the OAuth 2.0 accts?
Does it matter? Advantages of one over the other?
What does service_account_file look like? (Couldn't find in docs)
I used service account Id for client_id but left secret empty as service account seems to have no secret.

Run the command 'rclone version' and share the full output of the command.

$ rclone --version
rclone v1.57.0

• os/version: ubuntu 18.04 (64 bit)
• os/kernel: 5.4.0-1041-gcp (x86_64)
• os/type: linux
• os/arch: amd64
• go/version: go1.17.2
• go/linking: static
• go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Google Drive

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone config

The rclone config contents with secrets removed.

[My_Share]
type = drive
client_id = xxxxx  (service account id)
scope = drive.readonly
service_account_file = rclone_acct_file.txt
shared_with_me = true

A log from the command with the -vv flag

N/A

hello and welcome to the forum,

the service account file is documented at
https://rclone.org/drive/#service-account-support

and this is an example

[gdrive]
type = drive
scope = drive
service_account_file = /path/to/service/file/test01-309420-6f8144bb217f.json

and this a redacted example of the service file

{
  "type": "service_account",
  "project_id": "test01-309420",
  "private_key_id": "",
  "private_key": "-----BEGIN PRIVATE KEY-----",
  "client_email": "xyx@xyz-309420.iam.gserviceaccount.com",
  "client_id": "",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xyz%40xyz-309420.iam.gserviceaccount.com"
}

How is the service file created?
service-account-support indicates you can select a .JSON file type when creating a new service account, but I do not see that feature when I generate a new service account. In any case, I would prefer to use an existing service account; where do I find / how do I generate the service file?

Did you click on the link shared? It's written in step #1.

Yes, but apparently I don't fully understand it.
I was originally confused because when I enter the Id of the service account, I get prompted for an OAuth client secret, which doesn't exist because I am trying to use a service account. It would be helpful if the notes indicated what to do in this situation.
However, plowing ahead...

$ rclone config
...
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> xbx-share
Option Storage.
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value.
Storage> drive
Option client_id.
Google Application Client Id
Setting your own is recommended.
See https://rclone.org/drive/#making-your-own-client-id for how to create your own.
If you leave this blank, it will use an internal key which is low performance.
Enter a string value. Press Enter for the default ("").
client_id> my-service-account-id
Option client_secret.
OAuth Client Secret.
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_secret> 
Option scope.
Scope that rclone should use when requesting access from drive.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value.
...
scope> drive.readonly
Option root_folder_id.
ID of the root folder.
Leave blank normally.
Fill in to access "Computers" folders (see docs), or for rclone to use
a non root folder as its starting point.
Enter a string value. Press Enter for the default ("").
root_folder_id> 
Option service_account_file.
Service Account Credentials JSON file path.
Leave blank normally.
Needed only if you want use SA instead of interactive login.
Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
Enter a string value. Press Enter for the default ("").
service_account_file> /my-path-to-file/my-file-name.json
Edit advanced config?
y) Yes
n) No (default)
y/n> n
Configure this as a Shared Drive (Team Drive)?
y) Yes
n) No (default)
y/n> y
Error: failed to make Fs to list Shared Drives: drive: failed when making oauth client: error opening service account credentials file: open /my-path-to-file/my-file-name.json: no such file or directory
...
2022/02/06 17:28:45 Fatal error: failed to make Fs to list Shared Drives: drive: failed when making oauth client: error opening service account credentials file: open /my-path-to-file/my-file-name.json: no such file or directory

It appears to think the .json file should already exist; I need to know how to create it / find it / download it / ...

I've linked the image below as it shows you how to create a service account that @asdffdsa linked and it's step #1 on that link.

image1407×243 55.9 KB

If you are following those steps, where are you running into a problem?

As mentioned previously, when creating a new service account, there is no (apparently no longer) a place to tick "Furnish a new private key" or select key type.

I see now. You have to create the key, then click on the far right menu for the service account and click manage keys, click add key, select json, and download the key.

There does not appear to be a way to download a .json file for an existing key.

There isn't as that's how Google is.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.