Not super-high-pri, here is how I'm handling this now. Labels change infrequently, it's easy to capture them with a one-off API call, so not a terrible solution.

create or replace function gmail_labels () 
  returns table (label jsonb ) as $$
  -- from https://developers.google.com/gmail/api/reference/rest/v1/users.labels/list
  select jsonb_array_elements('[
		{ "id": "CHAT", "name": "CHAT" },
		{ "id": "SENT", "name": "SENT" },
		{ "id": "INBOX", "name": "INBOX" },
		{ "id": "IMPORTANT", "name": "IMPORTANT" },
		{ "id": "TRASH", "name": "TRASH" },
		{ "id": "DRAFT", "name": "DRAFT" },
		{ "id": "SPAM", "name": "SPAM" },
		{ "id": "CATEGORY_FORUMS", "name": "CATEGORY_FORUMS"  },
		{ "id": "CATEGORY_UPDATES", "name": "CATEGORY_UPDATES"  },
		{ "id": "CATEGORY_PERSONAL", "name": "CATEGORY_PERSONAL"  },
		{ "id": "CATEGORY_PROMOTIONS", "name": "CATEGORY_PROMOTIONS"  },
		{ "id": "CATEGORY_SOCIAL", "name": "CATEGORY_SOCIAL"  },
		{ "id": "STARRED", "name": "STARRED" },
		{ "id": "UNREAD", "name": "UNREAD"  },
		{ "id": "Label_17", "name": "elmcity" },
		{ "id": "Label_19", "name": "letters" },
		{ "id": "Label_22", "name": "radar" },
		{ "id": "Label_23", "name": "school" },
		{ "id": "Label_24", "name": "screencast" },
		{ "id": "Label_26", "name": "timO" },
		{ "id": "Label_27", "name": "toMe" },
		{ "id": "Label_28", "name": "travel" },
		{ "id": "Label_29", "name": "Notes"  },
		{ "id": "Label_30", "name": "heartbeat" }
    ]' :: jsonb)
$$ language sql;

create or replace function gmail_name_for_label_id (label_id text) returns text as $$
  select label ->> 'name'
  from gmail_labels()
  where label ->> 'id' = label_id
$$ language sql;

I am using method 2 from https://hub.steampipe.io/plugins/turbot/googleworkspace. I acquire the credentials file like so:

gcloud auth application-default login --client-id-file=client_secret.json --scopes="https://www.googleapis.com/auth/calendar.readonly,https://www.googleapis.com/auth/contacts.other.readonly,https://www.googleapis.com/auth/contacts.readonly,https://www.googleapis.com/auth/directory.readonly,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/gmail.readonly,https://www.googleapis.com/auth/spreadsheets.readonly"

After a couple of days this happens:

googleapi: Error 401: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.

I can, and do, reacquire the credentials file. But there's a refresh token in it, shouldn't the underlying Go SDK use that to refresh the access token?

per @cbruno10:

here’s a possibly relevant discussion from the SDK repo - googleapis/google-api-go-client#111

If that works it will also benefit the Google Directory and Google Sheets plugins.

Is your feature request related to a problem? Please describe.
For tables that return large sets of data, it'll be faster and less expensive if we look at any query columns and build filters where possible before making the API requests.

Describe the solution you'd like
Add automatic filtering capabilities in tables based on quals.

Describe alternatives you've considered
Use the query column (or similar ones) when making queries.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to authorize in the plugin using OAuth 2.0 client credentials

Describe the solution you'd like
Implement support for OAuth authorization, with docs + config file support.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
To satisfy the need of CIS v1.0.0 section 4

e.g. Link sharing default, Shared drive creation, Security update for files, Target audiences, Sharing options

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
https://developers.google.com/admin-sdk/directory/reference/rest
Need to revalidate the API support for this

Describe the bug
When tilde(~) in the token_path parameter which is set in the googleworkspace.spc file then running a query returns cannot read credentials file: open ~/.config/gcloud/application_default_credentials.json: no such file or directory error

Steampipe version (steampipe -v)
Example: v0.10.0

Plugin version (steampipe plugin list)
Example: v0.0.3

To reproduce

1. After following the steps of using OAuth client, we need to add the default path to the token_path parameter in the .spc file
2. Running any query pertaining to googleworkspace tables will return cannot read credentials file: open ~/.config/gcloud/application_default_credentials.json: no such file or directory error

Expected behavior
Using ~/.config/gcloud/application_default_credentials.json as the token_path parameter should work without any errors and we should be able to query the googleworkspace tables

Additional context
Note: Providing the full path for home (without using tilde works correctly)

Is your feature request related to a problem? Please describe.
I would like to be able to specify the service account credentials inline in the config file, not in an external json file.

Describe the solution you'd like
Add support for a credentials argument in the connection config to allow a user to specify either the path to or the contents of a service account key file in JSON format. This should look roughly like the credentials arg in the Terraform google provider

After this is implemented, we may want to deprecate credential_file as it would be redundant at that point.

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
Currently, we are requesting the API to return all fields for a file (using * for fields).
If a query contains a specific field, return the exact fields that are queried.

Describe alternatives you've considered
N/A

Additional context
https://developers.google.com/drive/api/v3/fields-parameter

Describe the bug
googleworkspace_* returning empty row, if the corresponding service API is disabled.

Steampipe version (steampipe -v)
Example: v0.8.5

Plugin version (steampipe plugin list)
Example: v0.0.2

To reproduce

• Disable the corresponding service API (i.e. Gmail API).
• Run any query (select id, thread_id from googleworkspace_gmail_my_message)

Expected behavior
If the resources can't exist because the API is disabled then return zero rows. But if resources can be created while the API is disabled then we should return an error.

Additional context
N/A

Describe the bug
I can't find emails on gmail at all. Only return an empty set

Steampipe version (steampipe -v)
steampipe version 0.6.2

Plugin version (steampipe plugin list)
googleworkspace v0.0.2

To reproduce

steampipe query "select
       id,
       thread_id,
       internal_date,
       size_estimate,
       snippet
     from
       googleworkspace_gmail_my_message
     order by internal_date
     limit 10;
     "
+----+-----------+---------------+---------------+---------+
| id | thread_id | internal_date | size_estimate | snippet |
+----+-----------+---------------+---------------+---------+
+----+-----------+---------------+---------------+---------+

Expected behavior
To see 10 e-mails from my mailbox