Google Cloud Identity Group
This page shows how to write Terraform for Cloud Identity Group and write them securely.
google_cloud_identity_group (Terraform)
The Group in Cloud Identity can be configured in Terraform with the resource name google_cloud_identity_group
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_cloud_identity_group" "group-example-1" {
display_name = "group-example-1"
initial_group_config = "WITH_INITIAL_OWNER"
parent = "customers/C043jufqt"
resource "google_cloud_identity_group" "obe-bu2-cigroups-app3" {
display_name = "obe-bu2-cigroups-app3"
group_key {
id = "obe-bu2-cigroups-app3@apszaz.com"
}
initial_group_config = "WITH_INITIAL_OWNER"
resource "google_cloud_identity_group" "project_groups" {
provider = google-beta
for_each = var.only_add_permissions ? {} : local.groups
display_name = format("%s: %s (%s)", title(each.value.group), var.project_id, upper(each.value.environment))
resource "google_cloud_identity_group" "tnt1-bu1-cigroups-app3" {
display_name = "tnt1-bu1-cigroups-app3"
group_key {
id = "tnt1-bu1-cigroups-app3@apszaz.com"
}
initial_group_config = "WITH_INITIAL_OWNER"
resource "google_cloud_identity_group" "identity_groups" {
for_each = local.identity_groups_map
provider = google-beta
initial_group_config = each.value["initial_group_config"]
display_name = each.value["display_name"]
parent = each.value["parent"]
Parameters
-
create_time
optional computed - string
The time when the Group was created.
-
description
optional - string
An extended description to help users determine the purpose of a Group. Must not be longer than 4,096 characters.
-
display_name
optional - string
The display name of the Group.
The labels that apply to the Group. Must not contain more than one entry. Must contain the entry 'cloudidentity.googleapis.com/groups.discussion_forum': '' if the Group is a Google Group or 'system/groups/external': '' if the Group is an external-identity-mapped group.
-
name
optional computed - string
Resource name of the Group in the format: groups/[group_id], where group_id is the unique ID assigned to the Group.
-
parent
required - string
The resource name of the entity under which this Group resides in the Cloud Identity resource hierarchy. Must be of the form identitysources/[identity_source_id] for external-identity-mapped groups or customers/[customer_id] for Google Groups.
-
update_time
optional computed - string
The time when the Group was last updated.
-
group_key
list block-
id
required - string
The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace.
-
namespace
optional - string
The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of 'identitysources/[identity_source_id]'.
-
-
timeouts
single block
Explanation in Terraform Registry
A Cloud Identity resource representing a Group. To get more information about Group, see:
- API documentation
- How-to Guides
- Official Documentation
Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a
billing_project
and setuser_project_override
to true in the provider configuration. Otherwise the Cloud Identity API will return a 403 error. Your account must have theserviceusage.services.use
permission on thebilling_project
you defined.
Frequently asked questions
What is Google Cloud Identity Group?
Google Cloud Identity Group is a resource for Cloud Identity of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google Cloud Identity Group?
For Terraform, the yesasurya/tf-gcp-iam-group, apsureda/ci-groups and c-zuo/gcp-turbo source code examples are useful. See the Terraform Example section for further details.