Versions Compared

Old Version 7

changes.mady.by.user Cameron Ahana

Saved on

compared with

New Version Current

changes.mady.by.user Cameron Ahana

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Since UH is a G-Suite, our hawaii.edu domain has unlimited storage for google drive.

...

Service Accounts

Access our service accounts through the Google Developers Console.  Erik, Frank and I are owners of the project "Tenure" that created the 2 service accounts.

The client secret json files are loaded on the respective test/trng/prod servers under the home directory's .tenure-conf folder

  • Created the file manually on the servers using vi, clicked 'a' for adding text and then copy and pasted the contents of the json file on my local to the vi editor; using 'i' (insert in vi) doesn't copy all the content and the beginning part gets cut off

Old Service Accounts

The test service account email address is tenure-service-account@robotic-vista-178000.iam.gserviceaccount.com

The prod service account email address is tenure-service-account@its-tenure-and-promotion-proj.iam.gserviceaccount.com

The client secret json files are loaded on the respective test/trngThere's one for test and one for prod.

There's a uhtnptst@hawaii.edu and a uhtnp@hawaii.edu user which the service account acts on behalf of the logged in user. These users have been granted an admin role created by Help Desk and that admin role is granted access to Drives and Docs.

Code Block
Grant domain-wide delegation authority for the following clientIDs under the G Suite project named "Tenure"
* 100382501517502303226
* 102969607084129771179
Grant admin access role to uhtnptst@hawaii.edu, which is the exact same role that you granted to uhtnp@hawaii.edu; this role is restricted to Drives and Docs.

With the service account acting on behalf of the uhtnp user, the service account no longer needs to be a member on the shared drive; only the uhtnp user needs to be on the shared drive.

  • uhtnptst is only added to TEST shared drives, i.e. application IDs starting with 199000xx
  • uhtnp is only added to PROD shared drives, i.e. application IDs starting at 1000

The client secret json files are deprecated and new p12 keys were generated to perform the delegation. Those p12 files are loaded on the respective test/prod servers under the home directory's .tenure-conf folder

...

  • TOCs not retained
  • hyperlinks retained
  • bookmarks retained?
  • ask Moriko if she's willing to share her word document

 

 

 

...