Situation with this issue
I have managed to work around the issue below because I stumbled upon Animosity022's Suggestion to switch scope from drive.readonly to drive
My question
Is there any plan to fix this, to allow scope = drive.readonly with Service Accounts?
I cannot find any github issue but I wonder if developers have chosen to leave this limitation for now. If that is the case then I can mention in in the docs - I am planning on raising a PR to update then based on Google's latest UI tweaks, and it will be easy to mention this as a limitation whilst I'm in there.
Please let me know if you are aware of planned work to resolve the underlying issue
Thanks
Artemgy
Details of the issue
Even though I discovered the workaround of switching to scope = drive, I am posting this in case anyone else hits the same issue.
What is the problem you are having with rclone?
I failed to make RClone work with Google Drive service account impersonation until I changed the scope back to drive (removing readonly)
What is your rclone version (output from rclone version)
rclone v1.54.1
- os/arch: darwin/amd64
- go version: go1.16
Which OS you are using and how many bits (eg Windows 7, 64 bit)
macOS Big Sur 11.2.3 64-bit
Which cloud storage system are you using? (eg Google Drive)
Google Drive
The command you were trying to run (eg rclone copy /tmp remote:tmp)
rclone -vv --drive-impersonate me@gmail.com ls myremote:
The rclone config contents with secrets removed.
[myremote]
type = drive
scope = drive.readonly
service_account_file = /Users/me/secrets/GSA-prj-f146843544e59.json
A log from the command with the -vv flag
me@gmail.com
myremote
2021/03/25 16:32:28 DEBUG : rclone: Version "v1.54.1" starting with parameters ["rclone" "-vv" "--drive-impersonate" "me@gmail.com" "ls" "myremote:"]
2021/03/25 16:32:28 DEBUG : Using config file from "/Users/me/.config/rclone/rclone.conf"
2021/03/25 16:32:28 DEBUG : Creating backend with remote "myremote:"
2021/03/25 16:32:29 Failed to create file system for "myremote:": couldn't find root directory ID: Get "https://www.googleapis.com/drive/v3/files/root?alt=json&fields=id&prettyPrint=false&supportsAllDrives=true": oauth2: cannot fetch token: 401 Unauthorized
Response: {
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}
Other things I tried
I tried without the --drive-impersonate switch, which ran with no errors at all. However I could not see any files or folder contents - my Google Drive appeared empty - ls showed up blank, and copy gave the response There was nothing to transfer.
Workaround
rclone config and edit the remote to change scope from drive.readonly to drive