Google SA errors


#1

Right now I have 3 accounts setup with rclone

GDrive is my normal google business domain account with a single user. This works perfectly.

Team01 is a service account I setup, this is not working at all. I set this up as a Team Drive account and gave it the correct Folder information

Team02 is a 2nd service account I setup. This account I did NOT assign it to a Team Drive merely to the main account itself.

It works but only the service account can see the files. If I try and view the files via the web browser they do not appear.

rclone.conf

[GDrive]
type = drive
scope = drive
token = {access_token&;ya29.YADA-YADA-YADA-YADA;token_type;Bearer;refresh_token"1-YADA-YADA-YADAexpiry;2019-03-11T23:56:51.704339-07:00}
team_drive = 0ALfgYTQ5zuvTUk9PVA

[Team01]
type = drive
client_id = 123456789012345678901
scope = drive
service_account_file = teamloaders-Team01-0Y0A0D214Ada.json
team_drive = 0ALfgYTQ5zuvTUk9PVA

[Team02]
type = drive
client_id = 012345678901234567890
scope = drive
service_account_file = teamloaders-Team02-Y0A0D214YAda.json

You will notice the the GDrive account and the Team01 account use the same folder name, yet Team01 says it cannot see it.

https://pastebin.com/eCZryHSD


#2

By default service accounts get their own hidden area. If you want to see the files of a user then you’ll need to use --drive-impersonate - you can put impersonate = in the config file too.


#3

I did the impersonate, as you can see in the logs, and still I cannot see the files.

If I try and do the impersonate for the Team Drive account it throws errors back at me.

Team01 user is tied to Team Drive, it gives the error message of:
Failed to copy: googleapi: Error 404: File not found: 0ALfgYTQ5zuvTUk9PVA

Team02 user is tied to the My Drive impersonate uploads the file but I cannot see them.

Maybe I am doing impersonate wrong? A I supposed to impersonate the Main Google Business account user? GDrive is my official account. A little confused on the impersonate flags.


#4

I’m not 100% sure how team drives an impersonate interact…

@Animosity022 - you use service accounts don’t you - is this something you have knowlege of?


#5

From what I think, the impersonate needs to be given permissions in the API console. I’m by no means an expert on the service accounts and I’ve tested with 1.46 and I can see it does work for me.

rclone lsd TestGD: --drive-impersonate felix@domain.us
          -1 2018-06-07 10:05:06        -1 Arq Backup Data
          -1 2019-02-28 09:42:12        -1 backup
          -1 2017-06-09 09:59:43        -1 media

I’m not using a team drive.

I stepped through the docs on how to set it up for the service account. Can you give some more details on how you granted permissions?

https://rclone.org/drive/#service-account-support


#6

As soon as I get it working correctly I will post back, just got home so going to do more tinkering with it.


#7

I think the problem is the interaction between service accounts and team drives but I don’t know enough about it to say for sure!