Open damaya opened 3 years ago
Are you sure var.gsuite_credentials
is the JSON blob export of the service account key?
Hi @DeviaVir, yes i did, in fact all worked perfect for an admin user, but not for a non admin. Thanks so much for your response.
Hi @DeviaVir thanks again for your latest feedback and help, i have tried but seems if a user is not admin within the organization cannot e.g take or import existing groups even if is authenticated with same credentials used from web console, would you please give me more hints about this use cases or limits, maybe i can check and understanding this could make some contribution in the next future, thanks in advance.
Hi @DeviaVir I have tested the provider, and it works so good using admin credentials. Thanks for this.
Scenario
As a non admin user e.g developerx@anycompany.com i am able to create groups from the Gsuite workspace https://groups.google.com/all-groups
As the same non admin user developerx@anycompany.com i use the gcloud credentials and the plan works as expected, but i cannot import any of pre-existed groups, as it just through this provider i could not create/manage none of the gsuite resources i created before manually.
Taking point 1,2 i am using the provider like this, and as i said before, it worked perfect using an admin user, but in the second scenario, it did not,
where impersonated_user_email is developerx@anycompany.com, and credentials is the path with json data i get when i authenticate with gcloud, example "/home/developerx/.config/gcloud/application_default_credentials.json"
Having this resource coded lilke:
And being sure the group already exists with mail "test@anycompany.com" , i run the import command like
terraform import gsuite_group.test "test@anycompany.com"
The error when importing a pre-existing group (which i can see from GCP account and from Gsuite workspace) is this:
Error: [ERROR] Error fetching group. Make sure the group exists: Get "https://admin.googleapis.com/admin/directory/v1/groups/test%40anydomain.com?alt=json&prettyPrint=false": private key should be a PEM or plain PKCS1 or PKCS8; parse error: asn1: syntax error: sequence truncated