Google APP被管理为“无限制”帐户存储配额服务帐户 [英] Google APPs managed "unlimited" account storage quota for service account
问题描述
为了执行备份,我创建了Google API控制台中的几个服务帐户(XXX@developer.gserviceaccount.com)。但事实证明,这些帐户的存储空间限制在15GB,也就是说,当试图将文件上传到其中一个已经拥有大约15GB的服务帐户时,出现客户端超出了他的存储配额错误。
我问大学管理员,他们不知道如何提供帮助,甚至没有看到服务帐户的电子邮件(XXX@developer.gserviceaccount.com)
所以问题是(我或大学管理员)应该做什么来删除(或增加)服务帐户的存储配额那些开放的无限学生帐户。
更新:尝试@DaImTo建议:
因此,我在我的云端硬盘网络界面中创建了一个文件夹,并将其与我的服务帐户共享。然后,通过服务帐户,我上传了一个文件到该文件夹(使用 PyDrive 库):
p>
file1 = drive.CreateFile({'title':'test2','parents':[{kind:drive#文件链接,id:shared_folder_id}]})
file1.SetContentString('some text')
file1.Upload()
print'文件ID:%s'%file1 [ id)]
permissions = file1.auth.service.permissions()。list(fileId = file1 ['id'])。execute()
printpermissions:,permissions
输出:
文件ID:XXX
权限:{u'items':[{u'kind':u'drive#permission',u'name':u'XXX@developer.gserviceaccount.com',u'domain' :u'developer.gserviceaccount.com',u'etag':u'XXX',u'emailAddress':u'XXX@developer.gserviceaccount.com',u'role':u'owner',u'键入':u'user',u'id':u'XXX',u'selfLink':u'https:/ u' /www.googleapis.com/drive/v2/files/XXX/permissions/XXX'},
{u'kind':u'drive#permission',u'name':u'< my name> ',u'domain':u'< my school domain>',u'etag':u'XXX',u'emailAddress':u'< my name> @< my school domain>', u'role':u'writer',u'type':u'user',u'id':u'XXX',u'selfLink':u'https://www.googleapis.com/drive/v2 / files / XXX / permissions / XXX'}],u'kind':u'drive#permissionList',u'etag':u'XXX',u'selfLink':u'https://www.googleapis .com / drive / v2 / files / XXX / permissions?alt = json'}
文件自动有两个权限:
1.服务帐号是所有者
2.我的主帐号是writer
确实,我可以在Web界面中查看文件,编辑它,删除等。但是,由于服务帐户是所有者,因此文件被记录在服务帐户存储配额中,所以这并不能解决我的问题,即。我的备份应用程序仍然不能超过15GB。
我试图将所有权转让给我的主账户:
file1 = drive.CreateFile({'id':file_id})
permissions = file1.auth.service.permissions()。list(fileId = file1 ['' id'])。execute()
myperm_id = permissions ['items'] [1] ['id']#这是第二个权限,即我的主账户
myperm = file1.auth。 service.permissions()。get(fileId = file1 ['id'],permissionId = myperm_id).execute()
myperm ['role'] ='owner'
file1.auth.service.permissions ().update(fileId = file1 ['id'],permissionId = myperm ['id'],body = myperm).execute()
...并且出现错误:
googleapiclient.errors.HttpError:< HttpError 403在请求https://www.googleapis.com/drive/v2/files/XXX/permissions/XXX?alt=json时返回此文件的权限不足>
我尝试附加transferOwnership ='True':
file1.auth.service.permissions()。update(fileId = file1 ['id'],permissionId = myperm ['id'],body = myperm,transferOwnership =' True')。execute()
得到了同样的错误。我被困在这里。
顺便说一下,在Google帮助中传输文件所有权
他们说:如果您是Google Apps用户,则无法将所有权转让给您所在域以外的其他人。
似乎无法将服务帐户上传文件的所有权转移到主帐户。
最后,我放弃了服务帐户方法并遵循这个方法来运行我的应用程序作为我的常规用户。
一旦完成了那里描述的步骤,我创建像这样的驱动器服务:
从pydrive.auth导入httplib2
从pydrive.drive导入GoogleAuth
导入GoogleDrive
gauth = GoogleAuth()
gauth。 LoadCredentialsFile(GoogleDriveCredentials.txt)
如果gauth.credentials为无:
gauth.LocalWebserverAuth()
elif gauth.access_token_expired:
printGoogle Drive Token Expired,Refreshing
gauth.Refresh()
else:
gauth.Authorize()
gauth.SaveCredentialsFile(GoogleDriveCredentials.txt)
drive = GoogleDrive(gauth)
其中GoogleDriveCredentials.txt的格式为:
{_ module:oauth2client.client,token_expiry:XXX,access_token:XXX,token_uri:https://accounts.google。 com / o / oauth2 / token,invalid:false,token_response:{access_token:XXX,token_type:承载者,expires_in:3600},client_id: https://accounts.google.com/o/oauth2/revoke,_class:OAuth2Credentials, ,refresh_token:XXX,user_agent:null}
ed文件的所有者在web界面中是我,它们被记录在我的主帐户的存储配额中,因此我的目标已经达到。
I have a Google account as a student. This account is managed by my university and recently the university informed us that students' accounts have now "unlimited" storage for Drive etc.
To perform backups with this, I created a few service accounts in Google APIs console (XXX@developer.gserviceaccount.com). But it turns out that those accounts' storage is limited to 15GB, that is, when trying to upload files to one of service accounts that already has ~15GB in it, I get an error "the client is exceeded his storage quota".
I asked the university admins, they don't know how to help and even don't see the service account' email (XXX@developer.gserviceaccount.com) in the list of managed accounts.
So the question is what should be done (by me or by university admins) to remove (or increase) the storage quota of my service accounts when those were open with the "unlimited" student account.
Update: trying @DaImTo suggestion:
So I created a folder in my Drive web interface and shared it with my service account. Then, with service account, I uploaded a file to that folder (using PyDrive library):
file1 = drive.CreateFile({'title': 'test2', 'parents': [{"kind": "drive#fileLink", "id": shared_folder_id}]})
file1.SetContentString('some text')
file1.Upload()
print 'File ID: %s' % file1['id']
permissions = file1.auth.service.permissions().list(fileId=file1['id']).execute()
print "permissions:", permissions
Output:
File ID: XXX
permissions: {u'items': [{u'kind': u'drive#permission', u'name': u'XXX@developer.gserviceaccount.com', u'domain': u'developer.gserviceaccount.com', u'etag': u'"XXX"', u'emailAddress': u'XXX@developer.gserviceaccount.com', u'role': u'owner', u'type': u'user', u'id': u'XXX', u'selfLink': u'https://www.googleapis.com/drive/v2/files/XXX/permissions/XXX'},
{u'kind': u'drive#permission', u'name': u'<my name>', u'domain': u'<my school domain>', u'etag': u'"XXX"', u'emailAddress': u'<my name>@<my school domain>', u'role': u'writer', u'type': u'user', u'id': u'XXX', u'selfLink': u'https://www.googleapis.com/drive/v2/files/XXX/permissions/XXX'}], u'kind': u'drive#permissionList', u'etag': u'"XXX"', u'selfLink': u'https://www.googleapis.com/drive/v2/files/XXX/permissions?alt=json'}
So the uploaded file automatically has two permissions: 1. Service account is "owner" 2. My main account is "writer"
Indeed, I can see the file in web interface, edit it , delete etc. But, since the service account is the owner, the file is accounted in service account storage quota, so this doesn't solve my problem, i.e. I still cannot use more than 15GB with my backup application.
I tried to transfer the ownership to my main account:
file1 = drive.CreateFile({'id': file_id})
permissions = file1.auth.service.permissions().list(fileId=file1['id']).execute()
myperm_id = permissions['items'][1]['id'] # this is the second permission, i.e. of my main account
myperm = file1.auth.service.permissions().get(fileId=file1['id'], permissionId=myperm_id).execute()
myperm['role'] = 'owner'
file1.auth.service.permissions().update(fileId=file1['id'], permissionId=myperm['id'], body=myperm).execute()
...and got an error:
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/drive/v2/files/XXX/permissions/XXX?alt=json returned "Insufficient permissions for this file">
I tried to append transferOwnership='True':
file1.auth.service.permissions().update(fileId=file1['id'], permissionId=myperm['id'], body=myperm, transferOwnership='True').execute()
got the same error. I'm stuck here.
Btw, in Google help Transfer file ownership they say "If you're a Google Apps user, you can't transfer ownership to someone else who is outside of your domain."
It seems that it's impossible to transfer the ownership of the files uploaded by service account to the main account.
Finally I abandoned the service account approach and followed this approach to run my app as my regular user.
Once the steps described there were accomplished, I create the drive service like that:
import httplib2
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
gauth = GoogleAuth()
gauth.LoadCredentialsFile("GoogleDriveCredentials.txt")
if gauth.credentials is None:
gauth.LocalWebserverAuth()
elif gauth.access_token_expired:
print "Google Drive Token Expired, Refreshing"
gauth.Refresh()
else:
gauth.Authorize()
gauth.SaveCredentialsFile("GoogleDriveCredentials.txt")
drive = GoogleDrive(gauth)
Where GoogleDriveCredentials.txt is of the form:
{"_module": "oauth2client.client", "token_expiry": "XXX", "access_token": "XXX", "token_uri": "https://accounts.google.com/o/oauth2/token", "invalid": false, "token_response": {"access_token": "XXX", "token_type": "Bearer", "expires_in": 3600}, "client_id": "XXX.apps.googleusercontent.com", "id_token": null, "client_secret": "XXX", "revoke_uri": "https://accounts.google.com/o/oauth2/revoke", "_class": "OAuth2Credentials", "refresh_token": "XXX", "user_agent": null}
Now the uploaded files' owner is "me" in web interface and they are accounted in my main account's storage quota, so my goal is reached.
这篇关于Google APP被管理为“无限制”帐户存储配额服务帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
