googleCloudIdentityGroup
A Cloud Identity resource representing a Group.
To get more information about Group, see:
- API documentation
- How-to Guides
- Official Documentation
\~> Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billingProject
and set userProjectOverride
to true in the provider configuration. Otherwise the Cloud Identity API will return a 403 error. Your account must have the serviceusageServicesUse
permission on the billingProject
you defined.
Example Usage - Cloud Identity Groups Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.cloudIdentityGroup.CloudIdentityGroup(
this,
"cloud_identity_group_basic",
{
display_name: "my-identity-group",
group_key: [
{
id: "my-identity-group@example.com",
},
],
initial_group_config: "WITH_INITIAL_OWNER",
labels: [
{
"cloudidentity.googleapis.com/groups.discussion_forum": "",
},
],
parent: "customers/A01b123xz",
}
);
Argument Reference
The following arguments are supported:
-
groupKey
- (Required) EntityKey of the Group. Structure is documented below. -
parent
- (Required) The resource name of the entity under which this Group resides in the Cloud Identity resource hierarchy. Must be of the form identitysources/{identity_source_id} for external-identity-mapped groups or customers/{customer_id} for Google Groups. -
labels
- (Required) One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.
-
id
- (Required) The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace. -
namespace
- (Optional) The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form ofidentitysources/{identitySourceId}
.
-
displayName
- (Optional) The display name of the Group. -
description
- (Optional) An extended description to help users determine the purpose of a Group. Must not be longer than 4,096 characters. -
initialGroupConfig
- (Optional) The initial configuration options for creating a Group. See the API reference for possible values. Default value isempty
. Possible values areinitialGroupConfigUnspecified
,withInitialOwner
, andempty
.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with format{{name}}
-
name
- Resource name of the Group in the format: groups/{group_id}, where group_id is the unique ID assigned to the Group. -
createTime
- The time when the Group was created. -
updateTime
- The time when the Group was last updated.
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
Import
Group can be imported using any of these accepted formats: