Accessing the Administrator Audit Log via Google Script - google-apps-script

Despite fervent searches, I don't believe I have come up with quite the results I am needing. Within the Google Apps for Business Administrator console, under "Reports" there is the "Audit Log." This audit log nearly displays everything I need; however, I am needing the actual name of the file instead of the fileID provided in the report.
The ultimate endgame is to generate, via Google Script, an automated daily report that gives this same data to a few users daily. Is there any means by which I may access this data? I have been pouring over the APIs, and perhaps I've missed something, but I don't feel that I've found what I needed.
Any thoughts and help would be greatly appreciated. Thank you for your time and considerations.

This is possible using the Google Apps Admin Audit API. This uses OAuth and that is a bit tricky to setup sometimes. You can see the set up process in this video that we did. Except as the example shows, instead of the YouTube APIs enable the Apps Reporting and Audit APIs in the API Console.
I built out a simple example of this that you can see in operation. Access this URL after having been logged in as the domain admin. It will automatically create a Spreadsheet in your Drive with the latest Audit logs exported. This is a web app that is deployed as "Run as user".
I've open sourced this Github here. You should substitute in the right OAuth2 Client ID/Secret. The code is pretty rough so you'll want to clean it up. I am selectively logging a few columns but if you look at the API docs, there are other things you can log as well.
Once the OAuth token is set up you can have this run on a trigger as well as long as you refresh the token.
Hope this helps.

Related

How do I get Google Drive access for a desktop app?

I'm trying to write a Python program that uses Google Drive to do some custom backup and sync work from my Linux desktop.
I started using the PyDrive2 library, and followed its recommendations on how to sign up for Drive API access. When I run my program, it accesses Drive as I'd expect it to, but my authorization expires after a few hours, which is not going to work for a program that runs in cron. I thought this might be because my app is not verified, so I looked into verification, but it's asking for things like a my application's home page. Mine isn't a web-based application, so I don't have one.
Is there a good way to access Google Drive APIs from a non-web application?
if your access is expireing after only a few hours it sounds like you are not requesting offline access and storing the refresh token for later use.
If you followed Quickstart pyton You may have noticed this section. The users credetinals that being the refresh otken and the access token are stored in token.json for future use by your application.
# The file token.json stores the user's access and refresh tokens, and is
# created automatically when the authorization flow completes for the first
# time.
if os.path.exists('token.json'):
creds = Credentials.from_authorized_user_file('token.json', SCOPES)
I thought this might be because my app is not verified, so I looked into verification, but it's asking for things like a my application's home page.
Your application only really needs to be verified if you are going to have other uses using it. If your only using it yourself then you really only need to remove it from testing phase and put it into production then your refresh tokens will last longer then seven days.
You could try to use a service account but i don't know of anyone who has gotten service account authorization to work with curl.

Get Google Drive video view count from Apps Script API?

I have a series of videos uploaded to a specific Google Drive folder, and I'd like to get the view count for each video/file. Literally as simple as "file_id" "10 views".
From extensive research, it seems this is quite simply impossible within Google Apps Script today? Per this old answer, both the Drive API and the Drive Activity API only report edit or comment activity, while view activity is ignored. The Reports API does support this, but only for users with Admin access in an Enterprise account (not for us plebes who just want to know view counts on our own files).
And per this Apps Script documentation, it seems that onOpen() triggers don't run for views (which blocks a "view_count + 1 on open of this specific file" sort of analytics).
Before I give up, I figured I'd run it past this brilliant community: am I missing anything? Is there some way to get view count on videos stored and accessed through Google Drive?
Answer:
You are correct in your findings that you can not get video view count information through the Drive API. You must use the Admin SDK to obtain this information.
Feature Request:
You can however let Google know that this is a feature that is important for access to their APIs, and that you would like to request they implement it.
Google's Issue Tracker is a place for developers to report issues and make feature requests for their development services, I'd urge you to make a feature request there. The best component to file this under would be the Google Drive component, with the Feature Request template.

Google Apps Script personal script won't authorize [duplicate]

I am trying to run
this simple Google Script.
However, it does not allow me to authorise. How can I proceed?
Update 1:
As reported by
Rubén, Google says it won't fix this - #163
Some workarounds are provided in #76, #145 and #150 - showing solutions like changing GCP and providing a oauth consent screen.
Update:
Switching Google cloud project from default to a standard project have resolved the issue for some users. This is still a workaround and may not work for all. Therefore, star the issue below.
This seems to be a new issue affecting certain users. You can ★(on top left) star the issue here to let Google developers know that you're affected by this issue and to prioritize the issue.
It stopped complaining once I specified the script only needed access to the current sheet. Google explains how to do it here.
All you need to add to your code is this JsDoc annotation:
/**
* #OnlyCurrentDoc
*/
That's something that happens. To solve the issue just copy the contents of your Script, delete it, and create a brand new one with the same contents, or give it another name in case you are superstitious. If that doesn't work, create another Spreadsheet with the same contents and proceed. Sometimes it's just a temporary issue. Perhaps the problem persists due to the stored browsing data, so it would be convenient to clear it. (I challenge you to take this last move!)
After going through the process twice with a client, I can confirm that the most reliable way to fix the error currently is to go through the verification process. An important note is that after approving the scopes, some accounts need to approve every other sensitive scope that is added to the script and cloud project as well or the issue will resurface.
So the step-by-step guide is as follows:
Switch from default to standard Google Cloud Project
Fill in the OAuth Credentials screen and add all sensitive scopes
Click on "Submit for verification" and prepare a YouTube video showing both authorization process and usage of each of the sensitive
scope
Wait until the verification team sends you an email (usually 1-2 days, but no guarantee here) and reply with the link to the video, then wait for the verification process to complete
If you received a "Granted" response, continue to steps 6 & 7, if not - follow the instructions provided
Remove all previously granted permissions to the project
Reauthorize the script by running it again, everything should be working
Having the same issue no solution of listed in this thread were working for me. After faied authentification i always get the screen as the topic starter gets it, without the "advanced" option.
However i've managed to get at least a limited access and run my script on the following way:
I share the affected sheet to anybody with link, with editor access level.
Then, from incognito window (maybe it isn't necessary, but i did it so), I've logged in into my other Google account,
opened the link, which was shared,
was forced to authorize myself,
failed on authorization - but the screen with failed authorization contains the "advanced" option,
clicking on it i've got a limited access and was able to run the script.

GCP project created by an app authorized by me, but I do not have access to it?

I'm developing some automation/integration between a CRM software and my google account. I am attempting to use the Google Apps Script API so I can remotely execute functions in Google Apps Script through the integration I'm building from within the CRM software.
The only problem is, when attempting to run a function which calls a GAS function through the API, I get the following error:
"Apps Script API has not been used in project project number before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/script.googleapis.com/overview?project=103424032563 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."
This would normally be no problem, as I would simply access the GCP portal through the link and enable the GAS API, but when I try to access my project, I don't have access at all, and get the "failed to load data" error.
Further complicating my issue, GCP support will not help because they suspect I am a hacker trying to obtain access to a project that, for all they know, isn't mine.
And because I cannot access this project to authorize the API, I also cannot associate my google script with the same project, as this is a requirement for the Google Apps Script API to function.
I suspect it's the CRM software piece in which I'm developing this integration that is causing this error, (somehow the GCP project is being created by a different user,) but they haven't been all that helpful in determining what's going on.
Have any of you had a similar situation? And, if so, how did you approach solving it?
Further complicating my issue, GCP support will not help because they
suspect I am a hacker trying to obtain access to a project that, for
all they know, isn't mine.
Google Support does not refuse to help. They don't accuse you of being a hacker. Google Support can look at the project and see if you have credentials in the project and if you do they can explain how to authorize yourself. However, Google Support requires a support agreement, which is not free. If you do not have one, then you are not entitled to technical support only billing support. Look up your billing account ID and send a request for billing support. Your billing account will also show you which projects are linked to your billing account.
The issue is that you are trying to access the wrong Project ID. Figure out what is the correct Project ID. If you have the Cloud SDK installed execute this command gcloud projects list and this will tell you which projects your credentials have access to.

cannot enable BigQuery for apps script project

Since yesterday I can no longer successfully enable the BigQuery API in my apps script projects. I have done this literally hundreds of times over the past months, so I am very familiar with the process. Since yesterday the enabling doesn't actually take effect anymore.
Steps to reproduce:
Create or locate a BigQuery project & dataset, find the project numeric ID.
In Google Drive create an apps script project
Paste the following function:
var projectNumber = '1111111111'; // Google cloud BigQuery project *number* not alphanumeric id
function bqtest() {
datasets = BigQuery.Datasets.list(projectNumber);
Logger.log(datasets);
}
In [script > resources > advanced google resources] enable the BigQuery v2 API
Try to run the function, you will get an OAuth authorization pop-up and will need to grant your script access to BigQuery
You will then get an error that says that the BigQuery API needs to be enabled in the cloud console: Access Not Configured. BigQuery API has not been used in project 111111111111 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/bigquery.googleapis.com/overview?project=111111111111 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry. (line 5, file "Code")
Enable the BigQuery API in the google cloud console as instructed (tip: when you follow the URL click on "dashboard" in the left column, then "enable APIs" at the top) and verify that it's enabled
Go back to the apps script and re-run the function, you will get the same error that the BQ API needs to be enabled.
Since the error says that it may take a few minutes to propagate, go have some food, come back, try again, see the same error. I have waited overnight with no change. Normally it takes less than 10 seconds.
I have tried the above using my corporate G-suite account as well as my personal account and run into the same problem both ways.
Are others seeing the same? Where does one go for help?
This issue now appears resolved. I ended up having to sign up for silver support, pay $150, create a cloud support ticket, and eventually I got the reply "I've looked at this issue with our backend team. This is an incident that was reported today, and you're not the only one affected by it. It's a known issue. I will get back to you in a few hours with more updates." Oh great, I'm glad I got to pay to get that info :-(. So far the lack of support with GCP is confirming that I should continue spending my money elsewhere...