Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Would it be possible to create a readonly version, as to reduce the scopes needed? #464

Open
DavyLandman opened this issue May 4, 2024 · 4 comments
Open

Would it be possible to create a readonly version, as to reduce the scopes needed? #464

DavyLandman opened this issue May 4, 2024 · 4 comments

Comments

@DavyLandman
Copy link

My admin is being a bit iffy about granting write rights to the organization, just for an automated backup.

I was looking at the scopes and I noticed that https://www.googleapis.com/auth/gmail.readonly exists, would it be possible to make a version that only does read-only requests? or is that a large undertaking?
@hudcap
Copy link

hudcap commented Jun 4, 2024

When you set it up for the first time, I'm pretty sure it asks for exactly which scopes you want to authorize. Can't promise, because I set this up ages ago...

@hudcap
Copy link

hudcap commented Jun 4, 2024

Yup:

got-your-back/gyb.py

Lines 470 to 489 in 493ddf9

possible_scopes = ['https://www.googleapis.com/auth/gmail.modify', # Gmail modify
'https://www.googleapis.com/auth/gmail.readonly', # Gmail readonly
'https://www.googleapis.com/auth/gmail.insert https://www.googleapis.com/auth/gmail.labels', # insert and labels
'https://mail.google.com/', # Gmail Full Access
'', # No Gmail
'https://www.googleapis.com/auth/apps.groups.migration', # Groups Archive Restore
'https://www.googleapis.com/auth/drive.appdata'] # Drive app config (used for quota)
selected_scopes = [' ', ' ', ' ', '*', ' ', '*', '*']
menu = '''Select the actions you wish GYB to be able to perform for %s
[%s] 0) Gmail Backup And Restore - read/write mailbox access
[%s] 1) Gmail Backup Only - read-only mailbox access
[%s] 2) Gmail Restore Only - write-only mailbox access and label management
[%s] 3) Gmail Full Access - read/write mailbox access and message purge
[%s] 4) No Gmail Access
[%s] 5) Groups Restore - write to G Suite Groups Archive
[%s] 6) Storage Quota - Drive app config scope used for --action quota
7) Continue

@DavyLandman
Copy link
Author

aah, my bad, I should have used the force and read the source.

@DavyLandman
Copy link
Author

DavyLandman commented Jun 6, 2024
edited
Loading

@hudcap

I now remember, I was reading the wiki and here is says:

For API Scopes, enter exactly:
https://mail.google.com/,https://www.googleapis.com/auth/apps.groups.migration,https://www.googleapis.com/auth/drive.appdata

So that what got me on the wrong foot. I'll see if it indeed also works for service accounts to be on .readonly scope.

Update: yup, just tried, the service account requires all those scopes, not possible with just the readonly scope.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DavyLandman @hudcap