Impersonate for Shared Drives

What is the problem you are having with rclone?

I've got a lot of Shared Drive > Shared Drive migrations to do over the next week or two. The source Shared Drive is a clone from Box.com and we are now splitting it down into individual shared drives based on the second or third level folder in the hierarchy.

We use the Google Drive impersonate to send files to a users My Drive really well, so familiar with that concept and the service account access.

I've been looking to see if we can do the same thing with a single remote config and an env command for the team_drive

Here's how you impersonate for My Drive

export RCLONE_CONFIG_TSP_IMPERSONATE_MYDRIVE_DEST_IMPERSONATE=user@mydomain 

I've tried the same to set the Team drive ID, but with no luck.

export RCLONE_CONFIG_TSP_IMPERSONATE_MYDRIVE_DEST_TEAM_DRIVE=ABC123456 

Is this possible, and if so, how?

Basically I'm trying to find a way I don't have to create a config for every single Shared Drive migration as I have about 150 of them to do.

How can I set the team_drive for the config via an environment variable, and how can I impersonate the admin user (via the service account) that has access to every shared drive?

Run the command 'rclone version' and share the full output of the command.

 rclone --version
rclone v1.61.1
- os/version: debian 11.7 (64 bit)
- os/kernel: 5.10.0-21-cloud-amd64 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.19.4
- go/linking: static
- go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Google Drive

The command you were trying to run (eg rclone copy /tmp remote:tmp)


export RCLONE_CONFIG_tsp_shared_dest_IMPERSONATE=admin.user@domain.com

rclone mv -vvP tsp_shared_sync_source:/"Program/Global/Energy/" tsp_shared_dest:/ --server-side-across-configs --create-empty-src-dirs --drive-server-side-across-configs  --log-file tsp.log >/dev/null 2>&1

The rclone config contents with secrets removed.

[tsp_shared_dest]
type = drive
client_id = 9xxxxxxxxxxxxxxxxxxi
client_secret = GxxxxxxxxxxxxxxxxxxC
scope = drive
token = {"access_token":"yxxxxxxxxxxxxxxxxxx">
team_drive = 0xxxxxxxxxxxxxxxxxxA
root_folder_id =

Also have tried with a service account

[tsp_shared_contracts_sync_dest]
type = drive
client_id = 1xxxxxxxxxxxx2
client_secret = GxxxxxxxxxxxxC
scope = drive
service_account_file = ~/remotes/oauth2service.json
team_drive = 0xxxxxxxxxxxxxxxxxxA
root_folder_id =

A log from the command with the -vv flag

rclone -vvP lsf tsp_shared_contracts_sync_dest:
2023/07/03 10:44:06 DEBUG : rclone: Version "v1.61.1" starting with parameters ["rclone" "-vvP" "lsf" "tsp_shared_contracts_sync_dest:"]
2023/07/03 10:44:06 DEBUG : Creating backend with remote "tsp_shared_contracts_sync_dest:"
2023/07/03 10:44:06 DEBUG : Using config file from "/home/me/.config/rclone/rclone.conf"
2023-07-03 10:44:06 ERROR : : error listing: failed to get Shared Drive info: googleapi: Error 404: Shared drive not found: 0xxxxxxxxxxxxxxxxxxA, notFound
Transferred:              0 B / 0 B, -, 0 B/s, ETA -
Errors:                 2 (retrying may help)
Elapsed time:         0.2s
2023/07/03 10:44:06 DEBUG : 6 go routines active
2023/07/03 10:44:06 Failed to lsf with 2 errors: last error was: error in ListJSON: failed to get Shared Drive info: googleapi: Error 404: Shared drive not found: 0xxxxxxxxxxxxxxxxxxA, notFound

You can set it using the RCLONE_DRIVE_TEAM_DRIVE variable.

However you may prefer to set it just on the remote. Let's say your remote is called tsp_shared_dest:.

You can use

tsp_shared_dest,team_drive=XXXXX:

to access the team drive and this has the advantage it doesn't affect any other google drive remotes on the command line.

You can also use RCLONE_CONFIG_tsp_shared_dest_TEAM_DRIVE=XXX if you prefer.

The same technique should work for impersonate so what you wrote above should work.

You could also use something like

tsp_shared_dest,team_drive=XXXXX,impersonate=aaa@bbb.com:

I hope that helps

This is what I'm after, thanks.

For now I managed to get the Super Admin account with all the access, I'll play with the impersonate again later.

Thanks @ncw

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.