Rclone + Gdrive + Crypt + Service Accounts (on gsuite) redux/Sanity Check

Help and Support
1

Hello all, did a clean setup with rclone v1.59.2 on windows - most of the way there just need a sanity check, I am sure I am missing something obviously but my search here has failed me.

I have a google enterprise gsuite account with a paid user, configured for gdrive remote + crypt - works as expected

  • Followed rclone instructions for creating service accounts: Google drive

  • Created 2 new remotes:

[GoogleSA]
type = drive
scope = drive
service_account_file = ./json keys from google console.json
team_drive =

[crypt3]
type = crypt
remote = GoogleSA:/
shared_with_me = true
password =same key as regular crypt
password2 = same key as regular crypt

based on previous experimentation this is what I have found to work (mostly)

I shared the crypted folders on the gdrive interface with the service account user: name@long.google.name.iam.gserviceaccount.com
and set sharing permissions to restricted under general access ("Only people with access can open with the link")

what I experiance is that it takes 12-24 hours for these folders to be visible under GoogleSA (in crypted form) or under crypt3 (in readable form)

even after they are visible I still hit a STORAGE quota for the service account

Failed to copy: googleapi: Error 403: The user's Drive storage quota has been exceeded., storageQuotaExceeded (after I think 15 gb)

searching through docs and looking at the admin console I don't have a quota set for service accounts.

ADDENDUM: it appears to only happen on larger files (maybe over 2 gb) also something I can't find any restrictions on via gsuite console

ADDENDUM 2:

rclone about GoogleSA:/
Total: 15 GiB
Used: 14.514 GiB
Free: 497.634 MiB
Trashed: 0 B
Other: 0 B

I guess it is the 15 gig limit ?

ADDENDUM: my google fu tells me this seems like by design and 15 gig is the limit per service account hence solutions like autorclone unless I am missing something, thanks

2

A service account is effective a user with a 15G quota. Did the data make it to your shared drive? Or was it stored in the service accounts equivalent of a personal google drive?

I'm not an expert at this, hopefully one will be along shortly!

You can use the service account to impersonate a user.

3

Yes data made it there fine but as you said 15 gb quota on the service account

4

now... I am even more confused so this is more a question to everyone I guess

  • I've never really used gdrive "shared drive" with rclone or otherwise so decided to give that a shot

  • created a new shared drive

  • added the service accounts to it (via groups)

  • added team_drive via rclone config - works as expected directly and with crypt..... (same configs as I posted above otherwise)

but now... it doesn't seem to bomb out at 15 gig, all the files are on the team drive (encrypted) and I can move them to my non team drive without issue (just tested a new upload of about 175 gigs and counting (uploading about 600 gigs)

google drive web interface is showing the service account uploading the files as well

as an aside, rclone about comes back empty for both crypt and non crypt remote now - not sure if this is by design? (I tried it with a LOT of -vvvvvvvv)

ADDENDUM: To clarify, originally I was just using my regular google drive folder that I added the SA via permissions, vs. this which is an actual "shared drive"

thanks again

5

You share a user account folder, and upload to it, so the quota of this user limiting you.
Normal behaviour....