1

I'm trying to do a simple query from the Google Vault API using JSON credentials provided from the Google API console for a service account. I'm getting a 400 response (Invalid Request / Invalid Argument) with the message:

The user does not belong to a G Suite customer.

Does anyone know what I might be doing wrong? Do I have to augment the JSON with anything to indicate our G Suite Account?

Thanks in advance.

The code's fairly straight forward:

matter_id = 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
vault = Google::Apis::VaultV1::VaultService.new
scope = 'https://www.googleapis.com/auth/ediscovery.readonly'
vault.authorization = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('./xxxxxxxxxx.json'),
  scope: scope)
vault.authorization.fetch_access_token!
m = vault.get_matter(matter_id)

Update -- this has been resolved. You have to update sub after you create the credentials to impersonate a user.

matter_id = 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
vault = Google::Apis::VaultV1::VaultService.new
scope = 'https://www.googleapis.com/auth/ediscovery.readonly'
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('./xxxxxxxxxx.json'),
  scope: scope)
credentials.update!(sub: 'user@domain.com')
vault.authorization = credentials
vault.authorization.fetch_access_token!
m = vault.get_matter(matter_id)
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Jeff
  • 11
  • 4
  • Only Google Workspace users (or a domain-wide-delegate) can access Google Vault. You can either access it directly using User credentials **or** access it using a Domain-wide Delegated Service Account (in which case you likely still need to impersonate one of the Google Workspace users). – DazWilkin Jul 12 '22 at 22:19
  • Thanks for this direction, we added Domain-wide Delegation to our Service Account (which inherits from someone in the account) but it still didn't work -- same error. – Jeff Jul 15 '22 at 15:16
  • Please include some code. I've recently subscribed to Google Workspace. If I can find some time, I'll try to repro this issue as I'm interested in exploring Google Vault too. – DazWilkin Jul 15 '22 at 15:21
  • The code itself is relatively straightforward, but I've added it to the original post. – Jeff Jul 19 '22 at 20:56

0 Answers0