Google Admin SDK - Create posix attributes on existing user

Question

I can't create posix attributes on existing account in admin.google.com (also known as Google Cloud Identity / Google Directory) using Admin SDK (Directory API).

To explain my issue, I will use the API tester : https://developers.google.com/admin-sdk/directory/v1/reference/users/update?apix=true

I use the update function to update an existing account without POSIX attributes. To do that I copy the request body below and use request key : testmdr@contoso.com :

{
  "posixAccounts": [
    {
      "username": "testmdr_contoso_com",
      "uid": "2147483645", # I use id between 65535 and 2147483647 (explain: in google documentation)
      "gid": "1001",
      "homeDirectory": "/home/testmdr_contoso.com",
      "shell": "/bin/bash"
    }
  ]
}

I obtain an 503 error :

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "backendError",
    "message": "Service unavailable. Please try again"
   }
  ],
  "code": 503,
  "message": "Service unavailable. Please try again"
 }
}

If I update name or other, it works. If I update existing POSIX attribute (existing because create when connection on GCE using OS Login functionality :Here), it works.

Please help me if it's limitation or bug

Answer 1

The requestKey should be the UUID of the user . . . There are probably better ways to do this, but you can get the username / name(requestKey/UUID) by querying the metadata on an oslogin-enabled instance, e.g. (first column is username, second column is requestKey for API tester):

curl -s "http://metadata.google.internal/computeMetadata/v1/oslogin/users?pagesize=50&pagetoken=0" -H "Metadata-Flavor: Google" | \
    jq -r '.loginProfiles[]|.posixAccounts[].username,.name' | \
    paste - -

(You may have to play with the pagesize & pagetoken parameters)