Google Drive

the google drive connector enables automated interactions with google drive, allowing for efficient file and folder management, including creation, duplication, and deletion, as well as data sharing and collaboration the google drive connector for swimlane turbine provides a comprehensive suite of actions to manage files and folders directly within your security workflows with this integration, users can create, copy, and delete files and folders, manage spreadsheets, and list files based on specific queries, all without leaving the swimlane platform this seamless connection enhances productivity by automating routine google drive tasks, ensuring that document management is both efficient and secure by leveraging the google drive connector, swimlane turbine users can focus on critical security tasks while the connector handles the intricacies of file management google cloud platform and google admin provisioning prerequisites to utilize the google drive connector for swimlane turbine, ensure you have the following prerequisites oauth2 client credentials with the following parameters client id the unique identifier for your application client secret a secret known only to the application and the authorization server refresh token a token used to obtain a new access token when the current one expires service account authentication with the following parameter credentials a file containing credentials such as client email and private key for a google service account gcp project creation log in to gcp console here https //console cloud google com/ navigate to this link to create a new project https //console cloud google com/projectcreate name your project and click create we recommend specific and recognizable project names navigate to your projects, and select your new project enabling individual apis you will need to navigate to these links and enable the following apis google drive api https //console cloud google com/apis/library/drive googleapis com this will bring up the individual api dashboard when successfully enabled continue through the links provided below until all are enabled if the links become deprecated, make sure you use the explicit names provided google sheets api https //console cloud google com/apis/library/sheets googleapis com after this, navigate back to the apis and services dashboard and verify that all apis are listed, either by using the filter or looking at the list if any apis are missing, go back and enable them configuring a service account google workspace connector requires a google service account to authenticate open https //console developers google com/iam admin/serviceaccounts select the appropriate project click + create new service account assign a name for the service account and add a description, click create and continue click the select a role dropdown and type “owner” in the filter choose owner and click continue for the menu specifying grant users access to this service account (optional) you may select users or skip and click done this is not required for the connector click on the newly created service account email navigate to the keys menu click add key , select create new key , select json format, and click create make sure you download the json file presented this file will be needed when configuring the asset in swimlane navigate to the details menu at the top of the screen copy down the unique id to be used in the setting api scopes step below delegating domain wide authority (recommended) in order to support accessing multiple user accounts, the domain wide authority must be enabled before creating a service account choosing not to delegate domain wide authority will heavily limit the scope of what this connector can do if the connector will only operate against a single account, the next section (setting api scopes) can be skipped setting api scopes after creating a service account, the necessary api scopes required to be authorized must be set from https //admin google com/ , navigate to security > api controls and then click manage domain wide delegation at the bottom of the window click add new in the client id field, enter the unique id from the service account details menu enter the following csv value into the oauth scopes (comma delimited) input https //www googleapis com/auth/drive, https //www googleapis com/auth/spreadsheets click authorize asset setup prerequisites json file downloaded when the service account key was created asset configuration credentials the contents of the json credentials key file downloaded when creating a service account must be base64 encoded when creating the swimlane google workspace asset for linux and mac $ cat \<path to credentials json> | base64 for windows using powershell \[convert] tobase64string((get content path "your file path" encoding byte)) now copy the base64 encoded string and paste it into the service account json field delegate account the delegate account value is used to determine which account to operate when running actions this value should be the email address for the target account (the mailbox you are trying to read/write) some actions provide an optional input to override the asset value in most if not all cases an admin account of the google workspace should be used it should not be the service account email customer id the unique id for the customer's google workspace account as an account administrator, you can also use the my customer alias to represent your account's customer id the customer id is also returned as part of the user resource in order to get this value, navigate to https //admin google com then go to account account settings , and you will find it listed oauth 2 0 to configure oauth 2 0 for the swimlane google workspace connector, follow these steps navigate to the https //console cloud google com/ select your project from the top menu in the left sidebar, select "apis & services" > "credentials " click the "+ create credentials" button and select "oauth 2 0 client id " under "application type," select "web application " enter a name for the oauth 2 0 client click "create " a dialog with your client id and client secret will appear click "ok" to close the dialog next to the oauth 2 0 client you just created, click on the pencil icon to edit the client under "scopes for google apis," add the necessary scopes that are required for your connector (as specified in the "setting api scopes" section of this readme) click "save " your oauth 2 0 client is now configured and ready to be used with the swimlane google workspace connector once this is configured, you need to provide the refresh token in the asset if you don't know how to achieve this, swimlane will provide you with a script that will help you get the refresh token limitations when not using a delegated account while service accounts can perform many of the same actions as regular user accounts, they have some limitations when it comes to interacting with user data in particular, a service account with its own gmail setup may not be able to interact with user data in the same way a regular user would for example, it might not be able to access a user's emails, contacts, or google drive files capabilities add a sub sheet to a google sheet copy file copy folder create a new folder create a new shared drive create a new spreadsheet delete file list files upload file configurations google drive oauth2 authentication authenticates using oauth2 credentials configuration parameters parameter description type required client id the client id for the oauth 2 0 application string required client secret the client secret for the oauth 2 0 application string required refresh token oauth 2 0 refresh token used to obtain new access tokens if using a refresh token, you must also provide a client id and secret string required http proxy the http proxy to use for outbound http requests string optional verify ssl verify ssl boolean optional google drive service account authentication authenticates using google service account configuration parameters parameter description type required credentials base64 encoded contents from service account json credentials file see readme for setup instructions string required delegate account account to execute integrations under if not specified, the integration will run as a service account using a service account will introduce limitations see readme string optional http proxy the http proxy to use for outbound http requests string optional verify ssl verify ssl boolean optional actions add sub sheet creates a new sub sheet within an existing google sheet using the specified name and parent sheet id endpoint method get input argument name type required description sub sheet name string required name of the resource parent sheet id string required unique identifier row count number optional count value column count number optional count value input example {"sub sheet name" "test sheet","parent sheet id" "16bani3nrq7abylu9qbhzy4xbutvhmfhc59vthpavenk","row count" 1024,"column count" 26} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response spreadsheetid string unique identifier response replies array output field response replies response replies addsheet object output field response replies addsheet response replies addsheet properties object output field response replies addsheet properties response replies addsheet properties sheetid number unique identifier response replies addsheet properties title string output field response replies addsheet properties title response replies addsheet properties index number output field response replies addsheet properties index response replies addsheet properties sheettype string type of the resource response replies addsheet properties gridproperties object unique identifier output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"spreadsheetid" "1hj9 zpo9vmrbb29qequ0azsoeejafwd7s4auisoc5pc","replies" \[{}]}} copy file creates a duplicate of the specified file in google drive using the provided file id endpoint method get input argument name type required description file id string required unique identifier destination folder id string optional unique identifier new file name string optional name of the resource input example {"file id" "1 3r9tzkeyyr5biibhhih1wzkdetonbgp","destination folder id" "1 3r9tzkeyyr5biibhhih1wzkdetonbgp","new file name" "new file"} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response kind string output field response kind response id string unique identifier response name string name of the resource response mimetype string type of the resource output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"kind" "drive#file","id" "1sjphv4cey8fixxf5ugkoi9dn xtcgewimvw0mfdnqri","name" "xyztest","mimetype" "application/vnd google apps spreadsheet"}} copy folder creates a duplicate of the specified folder in google drive using source and destination folder ids endpoint method get input argument name type required description source folder id string required unique identifier destination folder id string required unique identifier new folder name string optional name of the resource input example {"source folder id" "1 3r9tzkeyyr5biibhhih1wzkdetonbgp","destination folder id" "1 3r9tzkeyyr5biibhhih1wzkdetonbgp","new folder name" "new file"} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response success boolean whether the operation was successful response id string unique identifier response name string name of the resource output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"success"\ true,"id" "1wo7f9zbqdkdgyvopxax7eq4xtlth10bw","name" "xyz"}} create folder creates a new folder in google drive using the specified name endpoint method get input argument name type required description name string required name of the resource parent folder id string optional unique identifier input example {"name" "my folder","parent folder id" "1 3r9tzkeyyr5biibhhih1wzkdetonbgp"} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response kind string output field response kind response id string unique identifier response name string name of the resource response mimetype string type of the resource output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"kind" "drive#file","id" "11c2qfmtynyzjghbn13ouxxdxt6l4nied","name" "test","mimetype" "application/vnd google apps folder"}} create shared drive initiates the creation of a new shared drive in google drive using the specified name endpoint method get input argument name type required description name string required the name of this shared drive hidden boolean optional whether the shared drive is hidden from default view restrictions object optional parameter for create shared drive restrictions copyrequireswriterpermission boolean optional whether the options to copy, print, or download files inside this shared drive, should be disabled for readers and commenters when this restriction is set to true, it will override the similarly named field to true for any file inside this shared drive restrictions domainusersonly boolean optional whether access to this shared drive and items inside this shared drive is restricted to users of the domain to which this shared drive belongs this restriction may be overridden by other sharing policies controlled outside of this shared drive restrictions drivemembersonly boolean optional whether access to items inside this shared drive is restricted to its members restrictions adminmanagedrestrictions boolean optional whether administrative privileges on this shared drive are required to modify restrictions restrictions sharingfoldersrequiresorganizerpermission boolean optional if true, only users with the organizer role can share folders if false, users with either the organizer role or the file organizer role can share folders input example {"name" "test drive","hidden"\ false,"restrictions" {"copyrequireswriterpermission"\ true,"domainusersonly"\ true,"drivemembersonly"\ true,"adminmanagedrestrictions"\ true,"sharingfoldersrequiresorganizerpermission"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response kind string output field response kind response id string unique identifier response name string name of the resource output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"kind" "drive#file","id" "1flz aqbblwskhkgbxihbpw58w10fydce","name" "test drive"}} create spreadsheet generates a new google sheet in google drive with the provided name endpoint method get input argument name type required description name string required name of the resource parent folder id string optional unique identifier input example {"name" "test sheet","parent folder id" "1 3r9tzkeyyr5biibhhih1wzkdetonbgp"} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response kind string output field response kind response id string unique identifier response name string name of the resource response mimetype string type of the resource output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"kind" "drive#file","id" "1hj9 zpo9vmrbb29qequ0azsoeejafwd7s4auisoc5pc","name" "test sheet","mimetype" "application/vnd google apps spreadsheet"}} delete file permanently removes a file from google drive using the specified unique file id endpoint method get input argument name type required description file id string required unique identifier input example {"file id" "1 3r9tzkeyyr5biibhhih1wzkdetonbgp"} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response success boolean whether the operation was successful response id string unique identifier output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"success"\ true,"id" "1sv7 zq jiv4kpncoug c3wykinr9lqzw"}} list files retrieve a list of files from google drive using specified search criteria defined in the 'query' parameter endpoint method get input argument name type required description corpora string optional bodies of items (files/documents) to which the query applies supported bodies are 'user', 'domain', 'drive', and 'alldrives' prefer 'user' or 'drive' to 'alldrives' for efficiency by default, corpora is set to 'user' however, this can change depending on the filter set through the 'q' parameter driveid string optional id of the shared drive to search includeitemsfromalldrives boolean optional whether both my drive and shared drive items should be included in results orderby string optional order bya comma separated list of sort keys valid keys are 'createdtime', 'folder', 'modifiedbymetime', 'modifiedtime', 'name', 'name natural', 'quotabytesused', 'recency', 'sharedwithmetime', 'starred', and 'viewedbymetime' each key sorts ascending by default, but can be reversed with the 'desc' modifier example usage folder,modifiedtime desc,name pagesize number optional the maximum number of files to return per page partial or empty result pages are possible even before the end of the files list has been reached pagetoken string optional the token for continuing a previous list request on the next page this should be set to the value of 'nextpagetoken' from the previous response spaces string optional a comma separated list of spaces to query within the corpora supported values are 'drive' and 'appdatafolder' supportsalldrives boolean optional whether the requesting application supports both my drives and shared drives q string required a query for filtering the file results includepermissionsforview string optional specifies which additional view's permissions to include in the response only 'published' is supported includelabels string optional a comma separated list of ids of labels to include in the labelinfo part of the response input example {"corpora" "user","driveid" "0aa4tgyrgb svuk9pbs","includeitemsfromalldrives"\ false,"orderby" "folder,modifiedtime desc,name","pagesize" 1000,"pagetoken" "kjandckamldskm","spaces" "drive","supportsalldrives"\ false,"q" "\\"root\\" in parents and trashed=false","includepermissionsforview" "published","includelabels" "label1"} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response nextpagetoken string output field response nextpagetoken response kind string output field response kind response incompletesearch boolean output field response incompletesearch response files array output field response files response files kind string output field response files kind response files mimetype string type of the resource response files id string unique identifier response files name string name of the resource output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"nextpagetoken" " !! ai9fv7r9nu3ftonfbvxn9umfq lyjd0xtid 0e1yx0ceu76zxakdusx1lwv2jy5j2rlkjvmwxdh ","kind" "drive#filelist","incompletesearch"\ false,"files" \[{}]}} upload file uploads a specified attachment to google drive, requiring the attachment as input endpoint method get input argument name type required description attachments array required file to be uploaded attachments file string optional parameter for upload file attachments file name string optional name of the resource attachments description string optional parameter for upload file file name string optional name of the resource mime type string optional type of the resource parent folder id string optional unique identifier input example {"file name" "7dbc0541 a8de 42a9 b7fa e264c05f981e txt","mime type" "text/plain","parent folder id" \[{"id" "drive folder id"}]} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response kind string output field response kind response id string unique identifier response name string name of the resource response mimetype string type of the resource output example {"status code" 200,"response headers"\ null,"reason" "ok","response" {"kind" "drive#file","id" "1flz aqbblwskhkgbxihbpw58w10fydce","name" "test jpg","mimetype" " / "}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt