googleCloudIdentityGroupMembership
A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".
To get more information about GroupMembership, see:
- API documentation
- How-to Guides
- Official Documentation
\~> Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billingProject
and set userProjectOverride
to true in the provider configuration. Otherwise the Cloud Identity API will return a 403 error. Your account must have the serviceusageServicesUse
permission on the billingProject
you defined.
Example Usage - Cloud Identity Group Membership
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleCloudIdentityGroupChildGroup =
new google.cloudIdentityGroup.CloudIdentityGroup(this, "child-group", {
display_name: "my-identity-group-child",
group_key: [
{
id: "my-identity-group-child@example.com",
},
],
labels: [
{
"cloudidentity.googleapis.com/groups.discussion_forum": "",
},
],
parent: "customers/A01b123xz",
});
const googleCloudIdentityGroupGroup =
new google.cloudIdentityGroup.CloudIdentityGroup(this, "group", {
display_name: "my-identity-group",
group_key: [
{
id: "my-identity-group@example.com",
},
],
labels: [
{
"cloudidentity.googleapis.com/groups.discussion_forum": "",
},
],
parent: "customers/A01b123xz",
});
new google.cloudIdentityGroupMembership.CloudIdentityGroupMembership(
this,
"cloud_identity_group_membership_basic",
{
group: googleCloudIdentityGroupGroup.id,
preferred_member_key: [
{
id: `\${${googleCloudIdentityGroupChildGroup.groupKey.fqn}[0].id}`,
},
],
roles: [
{
name: "MEMBER",
},
],
}
);
Example Usage - Cloud Identity Group Membership User
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleCloudIdentityGroupGroup =
new google.cloudIdentityGroup.CloudIdentityGroup(this, "group", {
display_name: "my-identity-group",
group_key: [
{
id: "my-identity-group@example.com",
},
],
labels: [
{
"cloudidentity.googleapis.com/groups.discussion_forum": "",
},
],
parent: "customers/A01b123xz",
});
new google.cloudIdentityGroupMembership.CloudIdentityGroupMembership(
this,
"cloud_identity_group_membership_basic",
{
group: googleCloudIdentityGroupGroup.id,
preferred_member_key: [
{
id: "cloud_identity_user@example.com",
},
],
roles: [
{
name: "MEMBER",
},
{
name: "MANAGER",
},
],
}
);
Argument Reference
The following arguments are supported:
-
roles
- (Required) The MembershipRoles that apply to the Membership. Must not contain duplicate MembershipRoles with the same name. Structure is documented below. -
group
- (Required) The name of the Group to create this membership in.
name
- (Required) The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values areowner
,manager
, andmember
.
-
memberKey
- (Optional, Beta) EntityKey of the member. Structure is documented below. -
preferredMemberKey
- (Optional) EntityKey of the member. Structure is documented below.
-
id
- (Required) The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace. -
namespace
- (Optional) The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form ofidentitysources/{identitySourceId}
.
The preferredMemberKey
block supports:
-
id
- (Required) The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace. -
namespace
- (Optional) The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form ofidentitysources/{identitySourceId}
.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with format{{name}}
-
name
- The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}. -
createTime
- The time when the Membership was created. -
updateTime
- The time when the Membership was last updated. -
type
- The type of the membership.
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
Import
GroupMembership can be imported using any of these accepted formats: