This repository provides a streamlined solution for allowing a Python application to access Google Workspace APIs (like Google Docs, Sheets, and Drive) using a service account approach where clients share documents with your service account.
The infrastructure, including API enablement and service account creation, is managed by Terraform.
This project uses a service account approach for secure document access:
- Terraform Manages Infrastructure: Deploys all the necessary GCP resources, including a service account with Google Workspace API access.
- Service Account Creation: Terraform creates a service account and generates credentials locally for your Python application.
- Document Sharing: Clients share their Google Docs, Sheets, or Drive folders with the service account email address.
- Python App Access: Your Python application uses the service account credentials to access shared documents.
This method provides secure access to client documents without requiring individual user authentication, making it ideal for applications that need to process documents shared by clients.
- Clone this repository.
- Install
just: A command runner used for convenience. (e.g.,brew install just). - Google Cloud SDK: Make sure you have the
gcloudCLI installed and authenticated:gcloud auth login gcloud auth application-default login
- Copy the example configuration file:
cp terraform.tfvars.example terraform.tfvars
- Edit
terraform.tfvarsand set yourproject_id.
Deploy the GCP resources using a single command:
just deployThis will:
- Enable the necessary APIs (Docs, Drive, Sheets) for your project
- Create a service account for document access
- Generate service account credentials locally
Get the service account email that clients should share documents with:
terraform output service_account_emailClients should share their Google Docs, Sheets, or Drive folders with the service account email:
- Open the document/folder in Google Drive
- Click "Share"
- Add the service account email address
- Set permissions to "Viewer" or "Editor" as needed
- Click "Send"
-
Install Python Dependencies:
pip install -r requirements.txt
-
Set the Document ID (Optional): If you want to test with a specific document, export its ID as an environment variable:
export GOOGLE_DOC_ID="your-google-document-id"
-
Run the Test Script:
just test- This will test access to shared documents using the service account credentials.
- The script will show any documents shared with the service account.
- The content of the document will be converted to Markdown, preserving headings, bold, italics, and lists.
Important Notes:
- Share Documents First: Before running the test, ensure the Google Document you want to access has been shared with the service account email (
terraform output service_account_email). Otherwise, you will encounter a permission error. - Unsupported File Types: The script can identify non-native Google Docs (like
.docxfiles) but cannot read their content directly with the Google Docs API. The test will show a warning for these files. - Formatting: The script now converts the document's structure (headings, lists, bold, italics) into Markdown for a more readable output.
Here is an example of a successful run where the GOOGLE_DOC_ID environment variable was set to a native Google Doc that had been shared with the service account:
$ just test
🐍 Virtual environment already exists.
📦 Installing Python dependencies with uv...
Audited 3 packages in 3ms
🧪 Running integration test...
🔍 Testing Google Workspace API access with service account...
1. Testing Google Drive access:
✅ Service account credentials loaded successfully.
📁 Found 4 shared files:
• FAQs (application/vnd.google-apps.document)
• FAQs.docx (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
• EXP (application/vnd.google-apps.document)
• Documento sem título (application/vnd.google-apps.document)
2. Testing Google Docs access:
✅ Service account credentials loaded successfully.
🔍 Checking file type for Document ID: 1ViLz8iOIgeuLKlqqxaK8bt1WqwhjCJ76CDS8iUQ1qQo...
✅ 'FAQs' is a native Google Doc. Proceeding to read content...
✅ Successfully accessed document: FAQs
📄 Document ID: 1ViLz8iOIgeuLKlqqxaK8bt1WqwhjCJ76CDS8iUQ1qQo
📝 Document has 147 content elements
📖 Full document content (Markdown format):
# 🌿 FAQs – HOSPEDAGEM
## 🧭 Intenção do Espaço: O que posso viver, sentir e transformar ao me hospedar na Casa Örüm?
- **🌀 O que posso esperar da experiência de hospedagem na Casa Örüm?**
A Casa Örüm é mais do que um lugar para dormir — é um espaço de acolhimento, reconexão com a natureza e convivência consciente.
... (content redacted for brevity) ...
This project defaults to using a local state file (terraform.tfstate), which is suitable for individual use. For team collaboration, it is highly recommended to use a remote backend like Google Cloud Storage.
just setup: Sets up the environment and dependencies.just deploy: Deploys the infrastructure.just destroy: Destroys all created resources.just plan: Shows a plan of changes.just validate: Validates the Terraform code.just fmt: Formats the Terraform code.just outputs: Shows the Terraform outputs.just clean: Removes temporary files.
service_account_email- Email to share documents withcredentials_file_path- Path to generated credentials file
from google.oauth2 import service_account
from googleapiclient.discovery import build
# Load credentials
credentials = service_account.Credentials.from_service_account_file(
'./service-account-credentials.json',
scopes=['https://www.googleapis.com/auth/documents.readonly']
)
# Build service
service = build('docs', 'v1', credentials=credentials)
# Access shared document
document = service.documents().get(documentId='your-doc-id').execute()Run just health for comprehensive diagnostics.
For document access issues:
- Verify the document is shared with the service account email
- Check that the service account has appropriate permissions
- Ensure the document ID is correct
- Review the test script output for specific error messages