googleCloudIdentityGroupMembership

A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".

To get more information about GroupMembership, see:

\~> Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billingProject and set userProjectOverride to true in the provider configuration. Otherwise the Cloud Identity API will return a 403 error. Your account must have the serviceusageServicesUse permission on the billingProject you defined.

Example Usage - Cloud Identity Group Membership

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleCloudIdentityGroupChildGroup =
  new google.cloudIdentityGroup.CloudIdentityGroup(this, "child-group", {
    display_name: "my-identity-group-child",
    group_key: [
      {
        id: "my-identity-group-child@example.com",
      },
    ],
    labels: [
      {
        "cloudidentity.googleapis.com/groups.discussion_forum": "",
      },
    ],
    parent: "customers/A01b123xz",
  });
const googleCloudIdentityGroupGroup =
  new google.cloudIdentityGroup.CloudIdentityGroup(this, "group", {
    display_name: "my-identity-group",
    group_key: [
      {
        id: "my-identity-group@example.com",
      },
    ],
    labels: [
      {
        "cloudidentity.googleapis.com/groups.discussion_forum": "",
      },
    ],
    parent: "customers/A01b123xz",
  });
new google.cloudIdentityGroupMembership.CloudIdentityGroupMembership(
  this,
  "cloud_identity_group_membership_basic",
  {
    group: googleCloudIdentityGroupGroup.id,
    preferred_member_key: [
      {
        id: `\${${googleCloudIdentityGroupChildGroup.groupKey.fqn}[0].id}`,
      },
    ],
    roles: [
      {
        name: "MEMBER",
      },
    ],
  }
);

Example Usage - Cloud Identity Group Membership User

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleCloudIdentityGroupGroup =
  new google.cloudIdentityGroup.CloudIdentityGroup(this, "group", {
    display_name: "my-identity-group",
    group_key: [
      {
        id: "my-identity-group@example.com",
      },
    ],
    labels: [
      {
        "cloudidentity.googleapis.com/groups.discussion_forum": "",
      },
    ],
    parent: "customers/A01b123xz",
  });
new google.cloudIdentityGroupMembership.CloudIdentityGroupMembership(
  this,
  "cloud_identity_group_membership_basic",
  {
    group: googleCloudIdentityGroupGroup.id,
    preferred_member_key: [
      {
        id: "cloud_identity_user@example.com",
      },
    ],
    roles: [
      {
        name: "MEMBER",
      },
      {
        name: "MANAGER",
      },
    ],
  }
);

Argument Reference

The following arguments are supported:

roles - (Required) The MembershipRoles that apply to the Membership. Must not contain duplicate MembershipRoles with the same name. Structure is documented below.
group - (Required) The name of the Group to create this membership in.

The roles block supports:

name - (Required) The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values are owner, manager, and member.

memberKey - (Optional, Beta) EntityKey of the member. Structure is documented below.
preferredMemberKey - (Optional) EntityKey of the member. Structure is documented below.

The memberKey block supports:

id - (Required) The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace.
namespace - (Optional) The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identitySourceId}.

The preferredMemberKey block supports:

id - (Required) The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace.
namespace - (Optional) The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identitySourceId}.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

id - an identifier for the resource with format {{name}}
name - The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.
createTime - The time when the Membership was created.
updateTime - The time when the Membership was last updated.
type - The type of the membership.

Timeouts

This resource provides the following Timeouts configuration options:

create - Default is 20 minutes.
update - Default is 20 minutes.
delete - Default is 20 minutes.

Import

GroupMembership can be imported using any of these accepted formats:

$ terraform import google_cloud_identity_group_membership.default {{name}}