Google Cloud Identity Group

google_cloud_identity_group (Terraform)

The Group in Cloud Identity can be configured in Terraform with the resource name google_cloud_identity_group. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

yesasurya/tf-gcp-iam-group

resource "google_cloud_identity_group" "group-example-1" {
  display_name         = "group-example-1"
  initial_group_config = "WITH_INITIAL_OWNER"

  parent = "customers/C043jufqt"

apsureda/ci-groups

resource "google_cloud_identity_group" "obe-bu2-cigroups-app3" {
  display_name = "obe-bu2-cigroups-app3"
  group_key {
    id = "obe-bu2-cigroups-app3@apszaz.com"
  }
  initial_group_config = "WITH_INITIAL_OWNER"

c-zuo/gcp-turbo

resource "google_cloud_identity_group" "project_groups" {
  provider = google-beta
  for_each = var.only_add_permissions ? {} : local.groups

  display_name = format("%s: %s (%s)", title(each.value.group), var.project_id, upper(each.value.environment))

apsureda/gci-groups

resource "google_cloud_identity_group" "tnt1-bu1-cigroups-app3" {
  display_name = "tnt1-bu1-cigroups-app3"
  group_key {
    id = "tnt1-bu1-cigroups-app3@apszaz.com"
  }
  initial_group_config = "WITH_INITIAL_OWNER"

neuralnetes/monorepo

resource "google_cloud_identity_group" "identity_groups" {
  for_each             = local.identity_groups_map
  provider             = google-beta
  initial_group_config = each.value["initial_group_config"]
  display_name         = each.value["display_name"]
  parent               = each.value["parent"]

Parameters

• create_time optional computed - string

The time when the Group was created.

• description optional - string

An extended description to help users determine the purpose of a Group. Must not be longer than 4,096 characters.

• display_name optional - string

The display name of the Group.

• id optional computed - string
• labels required - map from string to string

The labels that apply to the Group. Must not contain more than one entry. Must contain the entry 'cloudidentity.googleapis.com/groups.discussion_forum': '' if the Group is a Google Group or 'system/groups/external': '' if the Group is an external-identity-mapped group.

• name optional computed - string

Resource name of the Group in the format: groups/[group_id], where group_id is the unique ID assigned to the Group.

• parent required - string

The resource name of the entity under which this Group resides in the Cloud Identity resource hierarchy. Must be of the form identitysources/[identity_source_id] for external-identity-mapped groups or customers/[customer_id] for Google Groups.

• update_time optional computed - string

The time when the Group was last updated.

• group_key list block
  • id required - string

  The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace.

  • namespace optional - string

  The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of 'identitysources/[identity_source_id]'.

• timeouts single block
  • create optional - string
  • delete optional - string
  • update optional - string

Explanation in Terraform Registry

A Cloud Identity resource representing a Group. To get more information about Group, see:

• API documentation
• How-to Guides
  • Official Documentation

    Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billing_project and set user_project_override to true in the provider configuration. Otherwise the Cloud Identity API will return a 403 error. Your account must have the serviceusage.services.use permission on the billing_project you defined.