Trying to use the new Google Admin SDK for some group creation and adding/removing members to those groups. This is actually just updating some code I had that was previously using the old provisioning API.
I'm trying to add a group as a member of a group, with the role of OWNER. I get an error from Google. If I try to add a group as a member with the role as just MEMBER, it's fine. Only with role OWNER does it return the error. Here's an example:
POST https://www.googleapis.com/admin/directory/v1/groups/mygroup/members
{
"email": "myGroupToAddAsMember@mydomain.com",
"role": "OWNER"
}
I get the following response from Google:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "Invalid Input: memberKey"
}
],
"code": 400,
"message": "Invalid Input: memberKey"
}
}
I have also tried adding the group as MEMBER, then updating the membership and changing the role to OWNER. This gets the same error.
I can go into the Admin web interface and change the membership to owner, so the system apparently is ok with it. What am I doing wrong? Thanks for your help.
EDIT: This appears to be a known issue (Issue 3791: Unable to insert group owner using Directory API if the owner is group as well) in Google's bug tracking although there is no resolution yet. I haven't been able to determine any programmable workarounds. Anyone?
I logged a case with Google Support a while back regarding this. This behavior actually became an issue we noticed with the latest version of GADS - as it uses the Directory API now.
Essentially, this is expected behavior. Google don't want groups owning groups. Previously, the Provisioning API overruled this and there was another bug which also allowed you to manually add a group as an owner of a group via the UI (not sure if this is fixed yet).
tl;dr This is expected behavior and Google don't plan to change it last I heard.