» google_cloud_identity_group_membership

A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".

» Example Usage - Cloud Identity Group Membership

resource "google_cloud_identity_group" "group" {
  provider = google-beta
  display_name = "my-identity-group"

  parent = "customers/A01b123xz"

  group_key {
    id = "my-identity-group@example.com"
  }

  labels = {
    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
  }
}

resource "google_cloud_identity_group" "child-group" {
  provider = google-beta
  display_name = "my-identity-group-child"

  parent = "customers/A01b123xz"

  group_key {
    id = "my-identity-group-child@example.com"
  }

  labels = {
    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
  }
}

resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
  provider = google-beta
  group    = google_cloud_identity_group.group.id

  member_key {
    id = google_cloud_identity_group.child-group.group_key[0].id
  }

  roles {
    name = "MEMBER"
  }
}

» Example Usage - Cloud Identity Group Membership User

resource "google_cloud_identity_group" "group" {
  provider = google-beta
  display_name = "my-identity-group"

  parent = "customers/A01b123xz"

  group_key {
    id = "my-identity-group@example.com"
  }

  labels = {
    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
  }
}

resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
  provider = google-beta
  group    = google_cloud_identity_group.group.id

  member_key {
    id = "cloud_identity_user@example.com"
  }

  roles {
    name = "MEMBER"
  }

  roles {
    name = "MANAGER"
  }
}

» Argument Reference

The following arguments are supported:

  • roles - (Required) The MembershipRoles that apply to the Membership. Must not contain duplicate MembershipRoles with the same name. Structure is documented below.

  • group - (Required) The name of the Group to create this membership in.

The roles block supports:

  • name - (Required) The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values are OWNER, MANAGER, and MEMBER.

  • member_key - (Optional) EntityKey of the member. Structure is documented below.

  • preferred_member_key - (Optional) EntityKey of the member. Structure is documented below.

The member_key block supports:

  • id - (Required) The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace.

  • namespace - (Optional) The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identity_source_id}.

The preferred_member_key block supports:

  • id - (Required) The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace.

  • namespace - (Optional) The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identity_source_id}.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format {{name}}

  • name - The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.

  • create_time - The time when the Membership was created.

  • update_time - The time when the Membership was last updated.

  • type - The type of the membership.

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

GroupMembership can be imported using any of these accepted formats:

$ terraform import google_cloud_identity_group_membership.default {{name}}