0

In Google Cloud Platform, I created a project. Then I enabled Google Drive API for that project. Then I created a service account.

I was able to upload file to Google Drive with that service account successfully.

But when I tried to create a folder using that service account:

authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
    json_key_io: File.open(SERVICE_ACCOUNT_PKCS12_FILE_PATH),
    scope: 'https://www.googleapis.com/auth/drive.metadata')

drive_service = Google::Apis::DriveV3::DriveService.new
drive_service.client_options.application_name = APPLICATION_NAME
drive_service.authorization = authorizer

metadata = Google::Apis::DriveV3::File.new(name: folder_name)
folder = drive_service.create_file(metadata,
    fields: 'id',
    content_type: 'application/vnd.google-apps.folder',
)

I got insufficientPermissions error

/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/google-api-client-0.50.0/lib/google/apis/core/http_command.rb:228:in `check_status': insufficientPermissions: Insufficient Permission: Request had insufficient authentication scopes. (Google::Apis::ClientError)

I looked around but couldn't not figure out how to grant necessary permission to the service account to create a folder.

Appreciate any help.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Dong Nguyen
  • 1
  • 1

1 Answers1

0

The Google drive file.create method requires consent to be granted to the application with one of the following scopes

enter image description here

You appear to be using, which is not high enough permissions to create a file or in this case a directory.

https://www.googleapis.com/auth/drive.metadata

Tip: if you are using a service account there is really no reason not to just always use the full drive scope. You control the service account anyway.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • I tried to configure an OAuth consent screen, but it didn't help. It doesn't seem to be related. – Dong Nguyen Aug 27 '22 at 13:22
  • This has nothing to do with the consent screen Its in your code. Your code is requesting the wrong scope of authorization. **scope: 'https://www.googleapis.com/auth/drive.metadata')** <-- change that – Linda Lawton - DaImTo Aug 27 '22 at 13:29
  • I used the scope `https://www.googleapis.com/auth/drive` and the result is a file, not a folder. I followed the idea on [this github thread](https://github.com/googleapis/google-api-ruby-client/issues/722) to change the scope to `https://www.googleapis.com/auth/drive.metadata` and got permission error. – Dong Nguyen Aug 28 '22 at 03:47