Skip to content
This repository has been archived by the owner on Mar 1, 2023. It is now read-only.
Cat™ edited this page Aug 31, 2020 · 5 revisions

Few things about Team Drive Manager

Initial set up

Google:

  • Go to the Google Developer Console
  • Create a new API Project
    • Name it as you want in this tutorial I name it "TeamdriveManager"
    • After its created select it
  • Click on "Enable APIs"
    • Enable the Google Drive API
    • Enable the Admin SDK
    • Enable the Identity and Access Management (IAM) API
    • Enable the Cloud Resource Manager API
    • Enable the Service Management API
    • Enable the IAM Service Account Credentials API
  • Click on "Credentials"
    • "Create Credentials"
    • "Service Account Key"
    • Create a new Service Account
    • As name you should use "TeamdriveManager-Impersonate"
    • Don't select a Role
    • As Type select JSON
    • When asked say "Create without Role"
    • You will now download a JSON File. DONT LOSE THE JSON FILE!
  • Click on "Manage Service Accounts"
    • click on the mail address of the Service Account
    • Click Edit in the Top
    • Click on "Show Domain-wide delegation"
    • Enable "Enable G Suite Domain-wide Delegation"
    • As Product name just use the Project name again
    • Press Save
    • copy the Client ID to notepad.exe or so
  • Go to the Admin Console (admin.google.com/YOURDOMAIN)
    • Go into "Security" (or use the search bar)
    • Select "Show more" and then "Advanced settings"
    • Select "Manage API client access" in the "Authentication" section
    • In the "Client Name" field enter the service account’s "Client ID"
    • In the next field, "One or More API Scopes", enter the following
    • https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/service.management

Terminal:

All commands and their usage is described within the program, just use --help flag

What can TeamDriveManager do?

  • assign
    • group - Assign all users from the config to the corresponding TeamDrives by using Groups
    • address - Assign an address to a specified teamdrive
    • serviceaccount - Assign all ServiceAccounts from the projects defined in the config to the configured Group
  • combinations
    • project_accounts_keys - Creates a project, creates and fills it with 100 accounts and provides the keys for it
    • regenerate_keys - Re-creates service accounts for a project
  • create
    • teamdrive - Create a Teamdrive
    • project - Create a project
    • serviceaccount - Create a service account
    • group - Create a group
  • delete
    • project - Delete selected projects
    • serviceaccount - Delete all service accounts from a project
  • generate
    • rclone - Generate an rclone config
  • list
    • teamdrive - List all Teamdrives
    • group - List all groups
    • project - List al projects
    • serviceaccount - List all service accounts

Creating service accounts with TeamDriveManger

Creates 100 service accounts, project ID must be unique, non-existent and must consist of alphanumeric characters:

TeamDriveManager --concurrency 5 combinations project_accounts_keys new-project-name-xxx

Create Team Drive (aka Shared Drive)

TeamDriveManager create teamdrive "teamdrive-name"

Regenerate Service Account keys

TeamDriveManager combinations regenerate_keys 

Configuration file structure

{
  "ServiceAccountFile": "/full/path/to/impersonation/file.json",
  "ServiceAccountFolder": "/full/path/to/service/accounts/directory/",
  "Impersonate": "administrator@domain.tld",
  "Organization": "organization_ID",
  "Domain": "domain.tld",
  "Projects": [
    "project-1",
    "project-2",
    "project-3"
  ],
  "ServiceAccountGroup": "serviceaccounts",
  "TeamDriveConfig": {
    "NamePrefix": "SomePrefix",
    "GlobalUsers": {
      "organizer": {
        "user@domain.tld": "me"
      }
    },
    "BlackList": null,
    "GroupAssignments": [
      {
        "TeamDriveName": " : Videos",
        "GroupAddresses": {
          "organizer": "xxxxxxxxxxxxxxxxxxxx"
        }
      },
      {
        "TeamDriveName": " : Music",
        "GroupAddresses": {
          "organizer": "xxxxxxxxxxxxxxxxxxxx"
        }
      }
    ]
  }
}

Known (user) errors

PANI[0000] Error listing projects: Get https://cloudresourcemanager.googleapis.com/v1/projects?alt=json&prettyPrint=false: oauth2: cannot fetch token: 400 Bad Request
Response: {
  "error": "invalid_request",
  "error_description": "Invalid impersonation \u0026quot;sub\u0026quot; field."
}

Value for "Impersonate" in config.json has to be like user@domain.tld


PANI[0000] open "/wrong/path/to/the/file/teamdrive-impersonation-file.json": no such file or directory
panic: (*logrus.Entry) (0xb7c4a0,0xc0002bca80)

Wrong path, check it again.


PANI[0000] unexpected end of JSON input
panic: (*logrus.Entry) (0xb7c4a0,0xc0002c6a80)

JSON file is corrupted


time="2019-12-06T21:53:57+01:00" level=panic msg="read E:\service-accounts\: Referensen (handle) är felaktig."
panic: (*logrus.Entry) (0xb6a7e0,0xc00024c7e0)

Path to where save the service accounts credentials is wrong.