for my Google App Engine application I would like to use the Service Account's own Google Drive, i.e. I do not wish to create a "regular" gmail account and grant privileges to my Service Account, nor I want to share files with anyone else, I just wish to use the Drive as a "internal filesystem" for the application, accessed by the application only.
My questions:
1) is such service still provided, i.e. are Service Accounts granted to use their own private Drive, or am I forced to use the "new" Google Cloud Storage?
2) where can I find any relevant & updated information regarding the storage quota for such Drive & possible options for expanding it? I browsed many forums, but all posts I found (including on SO) contains dead links and/or states various information ("I think its 5 GB", "I believe its 15 GB" etc.)
Thanks in advance to anyone who can unravel the mystery :-)
You can use the Drive resource about.get and find all the information related to your Drive.
If you make the call from your service account, you can know what is the total amount of available space returned in the parameter quotaBytesTotal for that account.
I just checked and for me it was 15 GB, so that's likely the same available space you will get.
Related
We have Google Drive account and using Google Console we created Service Admin Account which has access to folders in our Drive. Our Drive storage went out of space so application which was sending new files to Google Drive started to fail with error in the title.
We have added 100GB new storage(on Drive via Google One) but application still fails and responds with this error message.
As far as I investigated Service Accounts only have limited space so this account still has no space left even though my real account has 100GB more.
I tried to transfer ownership of folder in Drive to Service Account but I couldnt because I need to accept that and I cannot log into Service Account.
This project is old and uses google-api-php-client to connect to Drive and do other stuff.
Any help is appreciated!
EDIT: Hitting https://www.googleapis.com/drive/v2/about endpoint with same credentials as Service Account used to send files to Drive gives me this information about quota.
"quotaBytesTotal": "107374182400",
"quotaBytesUsed": "84631990",
"quotaBytesUsedInTrash": "1573901",
Which is not logical to me because there is actually free space to be used.
I have a potential idea on the issue and clarification about the scenario. Based on the fact that you do not have a Google Workspace account to work with the Service account, you could be affected by the recent workflow changes on how the transfer of ownership of files between Google Accounts.
Important notes:
Service accounts are basically Google Accounts with their own default Drive Storage, 15 GB as any free Gmail account.
You cannot increase the storage for the Service accounts.
If you are sending the files to a Personal account, and the new workflow could be blocking it or delaying the process. Which could explain the error of space, it is not the personal account with the extra 100 gb, it is the Service account, because the file never changes the ownership.
There is an Feature request that you can send also the feedback, and a similar scenario as yours has been shared by other people.
The Google Drive API, has updated some of the process but they mostly applied to Google Workspace account, you can review it here.
I am familiar with the google drive service account which allows to use account for business purpose.
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Is there similar service in one drive I am familiar with one drive for business, but it doesn't look like an alternative for service account.
if available can you tell me about available APIs.?
My main purpose is to store user uploaded files in the cloud not to collaborate with my colleagues which is provided by One-drive for Business.
These files uploaded must be available to all my colleagues, not only by me.
There are two parts to your question. Part 1 is about a service account. Microsoft Graph/OneDrive APIs do have a similar notion, its called the client-credential flow a.k.a app-only tokens. You can read more about it here:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
Please note that the permissions to this application will need to be granted by the tenant administrator.
Part 2 of your question pertains to how you will be sharing the uploaded files with everyone in your organization. By default, no one will have access to the files you put in the cloud. You will need to share them out explicitly. You have two options here:
Use the invite api to explicitly share the item with people in your organization:
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/item_invite
Create an organization sharing link(use scope='organization') and share the link with people you want to grant access to:
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/item_createlink
I'm a hobbyist student developer playing around with the Actions on Google to create a simple "text adventure" game on Google Home. Since Google Home will be speaking to the player rather than the player reading the text, I'm hoping this will create an experience similar to the "Dungeons and Dragons" roleplaying game, with the computer working as the "Dungeon Master." With the natural language assistance offered by API.AI and Actions on Google, it seemed like a good fit, since the player can respond "naturally." Here's an example of an Amazon Alexa skill that does essentially what I'm going for.
However, every time I boot up the game, it's always a new game. I'd like to store a savegame with the user's previous state in a JSON file hosted on the user's Google Drive -- Since I'm just a student doing this for fun, I don't actually have an official website or anything beyond a free Heroku server I'm running the app from, making storing saves on my end pretty much out of the question.
I've walked through the Google Drive REST quickstart for Node.js, and I've gotten that working in the console just fine. The only problem is in that quickstart, the user has to click a link to authorize the application to read the stuff in their Google Drive account, and I'm not sure how I'd be able to "click a link" and give back an access token via voice on Google Home.
Is there a way to do this via Google Drive? Or is there a better way to provide persistent data between sessions? I don't normally work in web development, so any help would be appreciated.
The bad news is you won't be able to get away from the need for a user to use his web browser to authorise your app to access his Drive.
The good news is that you only need to do this once. When your app requests authoirsation, it should specify "offline", which will result in you being given a refresh token. You should save this somewhere in your database of users. Whenever you need to access the user's Drive, you can use the saved refresh token to request an access token and you're good to go.
You have a few problems that you need to solve here, and while they seem related, they're not as related as you might hope:
You need to get authorization to access a user's Drive space
You need to authenticate the user's Home (so you know this person has come back)
You have to connect the two relationships - so you know what Drive space to use for the Home device that is talking to you
You've found the answers to (1) already, and as noted, you'll need to use a browser for them to authorize you to access their Drive. You'll then store the refresh token and will be able to access it in the future.
But that is only part of the problem. Home does not provide you access to the user's Google account directly, so you'll have to manage your own account mechanism and tie it to Home. There are a few solutions here:
Home provides anonymous user identity in the JSON sent to your webhook. You can access this using getUser().user_id if you're using the Actions API library, or access this in the data.user.user_id field in the JSON. While this is similar to a browser cookie, it only stores the user ID and can't store additional data. There is also no concept of "local storage". On the plus side, this ID is consistent across devices.
You can request user information such as their name and address. But it doesn't have anything unique or account information, so this probably isn't useful to you.
You can implement an OAuth2 server and do account linking. Note that this is the other side from what you need to do with Google Drive - you'll be providing the access and refresh tokens to authenticate and authorize access to your account and the Google Home device will send these tokens back to you so you can determine who the user is. You don't actually need to store account information - you can provide token information using JSON Web Tokens (JWT) or other methods and have them store account information in a secure way. Users will use the Google Home app to actually sign-in to your service as a one-time event.
In order to handle (3), you may be thinking that (1) lets you get tokens and the OAuth solution for (2) requires you to hand out tokens. Can the two be combined? Well... probably, but it isn't as straightforward. You can't just give the Google OAuth2 endpoints to Home - they explicitly block that and you need to control your OAuth2 endpoints. You may, however, be able to build proxy endpoints - but I haven't explored the security implications of doing so.
I think you're on the right track - using Drive is a good place to store users' information. Using Home's account linking gives you a place where they have to come to your web site to authenticate and authorize their Home, and you can use this to do the same for their Drive.
Is it possible for a super admin to take ownership of a file that is currently owned by an arbitrary user? If so, which end point can do this? I've spent time digging through the API documentation and I'm not coming up with a clear answer. Everything I've found is related to the 1st version of the API.
https://developers.google.com/drive/v2/reference/
yes its possible.
look at how to use oauth2 for "delegation of authority". https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
read the drive api docs on how to use delegation on their api.
look at the drive api that changes ownership. https://developers.google.com/drive/v2/reference/permissions/update
the key part is calling that api using the service account that is impersonating that user.
beware of rate quotas using this method. if you have many files to change, you need to take care the rate is not too fast (say one per second).
Yes, the current owner can transfer ownership of a file to another user.
https://developers.google.com/drive/v2/reference/permissions/update
transferOwnership boolean Whether changing a role to 'owner'
downgrades the current owners to writers. Does nothing if the
specified role is not 'owner'. (Default: false)
Because this product is new, I am looking forward to develop an app on it so is there any limit on the API usage such as:
upload and download quota
requests per app
etc
To view your allowed quota please create a project in the Google APIs Console. In the "Service" tab, the default quota allowed for each service is indicated.
Currently for the Drive API it reads "Courtesy limit: 1,000,000,000 queries/day". It's a per app quota.
After you've enabled the Drive API you can also set a per user rate limit (by default 1000 req per 100 sec) to prevent one user from depleting your app's quota. That's available in the "Quotas" tab.
There is also a link to request more quota in the "Quotas" tab in case you need more than the default 10M req/day such requests will go through a (light) manual review process.
Also files have per-files playback limit which depends on many factors (Is the file shared publicly or just to your domain/users? Is it a video? An audio file? etc...). These rules are not disclosed at this point unfortunately but for instance a publicly shared video can't be viewed by millions of anonymous sessions per day (use Youtube for that). Nor can an image be used on a high traffic website. Google Drive cannot be used as a Web scale CDN, it is scaled for personal content sharing (you share files with friends/work group/company).
I'm getting a message saying "Sorry, you can't view or download this file at this time.
Too many users have viewed or downloaded this file recently. Please try accessing the file again later. If the file you are trying to access is particularly large or is shared with many people, it may take up to 24 hours to be able to view or download the file. If you still can't access a file after 24 hours, contact your domain administrator."
so there IS a limit, just undocumented :e
this is a file only i downloaded about 50 times in the last hour (testing some stuff)
There's no mention of rate limiting on the best practices page, or in the performance tips but—most conspicuously of all—the documentation on handling errors does not contain any errors for going over rate limits.
I seen the free request quota as for Google Drive Api's is.
1,000,000,000 requests/day.
and Default Per-user limit is:(you can increase it)
10 requests/second/user
you can visit this and login with valid account for more information
https://console.developers.google.com/project/bionic-path-686/apiui/apiview/drive/quotas
It's not only about API-Queries .. there is also a Download-Limit, i always ran into .. But Google doesn't publish the allowed amount
There are some types of limits which exists in addition to "Quotas".
Error ex.:
code=403
reason=subscriptionRateLimitExceeded
message=Rate limit exceeded for creating file subscriptions.
Similar rate limits are not well documented and can make some pain to app developers.
Read the documentation and you should find what you're looking for.
"Any type of file can be stored in Drive, up to the user's storage limit or maximum file size of 10GB"
https://developers.google.com/drive/