Google Admin SDK users watch doesn't push notifications for role changes or moving org units

Question

I subscribed and tested for all of the events listed in [1]. "add": User Created Event "delete": User Deleted Event "makeAdmin": User Admin Status Change Event "undelete": User Undeleted Event "update": User Updated Event

I used marketplace credentials for the OAuth2 watch subscription in Java. This works fine for adding user, deleting user, and changing user's name ("update" event). However, moving user to a different organization unit, adding or removing Super Admin roles don't trigger any notifications. I would expect an "update" event in this case.

Has anyone had any luck getting Google push notifications for org unit or domain admin changes?

public static final String[] SUBSCRIBE_EVENTS = { "add", "delete", "undelete", "update", "makeAdmin" };


// OAuth access.
HttpTransport httpTransport = new NetHttpTransport();
JacksonFactory jsonFactory = new JacksonFactory();
Collection<String> scopes = new ArrayList<String>();
scopes.add("https://www.googleapis.com/auth/admin.directory.user.readonly");

GoogleCredential credential;
try {
  credential = new GoogleCredential.Builder()
      .setTransport(httpTransport)
      .setJsonFactory(jsonFactory)
      .setServiceAccountId(Settings.OAUTH_MARKETPLACE_ACCOUNT_ID)
      .setServiceAccountScopes(scopes)
      .setServiceAccountUser(currentUserEmail)
      .setServiceAccountPrivateKeyFromP12File(
          new java.io.File(Settings.OAUTH_MARKETPLACE_CERTIFICATE_KEY_PATH)).build();

} catch (Exception e) {
  LOG.log(Level.SEVERE, "OAuth credential error.", e);
  return false;
}

Directory directory =
    new Directory.Builder(httpTransport, jsonFactory, credential)
        .setApplicationName(Settings.OAUTH_APPLICATION_NAME)
        .setHttpRequestInitializer(credential).build();

for (final String event : SUBSCRIBE_EVENTS) {
  Channel channel = new Channel();
  channel.setId(UUID.randomUUID().toString());
  channel.setType("web_hook");
  channel.setAddress(watchUrl);

  try {
    StringBuilder tokenSB = new StringBuilder();
    tokenSB.append("domain=").append(URLEncoder.encode(apiDomain, "UTF-8"));
    tokenSB.append("&event=").append(URLEncoder.encode(event, "UTF-8"));
    channel.setToken(tokenSB.toString());
  } catch (UnsupportedEncodingException e) {
    LOG.log(Level.SEVERE, "OAuth users.list.watch encoding error", e);
    break;
  }

  try {
    Watch watch = directory.users().watch(channel);
    watch.setDomain(apiDomain);
    watch.setEvent(event);
    watch.setProjection("full");
    watch.setViewType("admin_view");

    watch.execute();

  } catch (Exception e) {
    LOG.log(Level.SEVERE, "OAuth users.list.watch error", e);
  }
}

1. https://developers.google.com/admin-sdk/directory/v1/reference/users/watch

Answer 1

This appears to be a bug in our push notification system. If you file an issue here we can update you on the status of the problem: https://code.google.com/a/google.com/p/apps-api-issues/issues/entry?labels=Type-Defect,API-Admin