Support transitive membership lookup in google_cloud_identity_group_memberships

carlpett commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Currently google_cloud_identity_group_memberships only returns direct memberships. In larger organisations, it is common to build trees of groups-in-groups so eg dev@domain has members dev-us@domain and dev-eu@domain which in turn may have subgroups, etc.

What we want is a listing of all members, regardless of group membership depth. The Cloud Identity APIs used in the data source today already support this by way of GroupsMembershipsService.SearchTransitiveGroups.

New or Affected Resource(s)

google_cloud_identity_group_memberships

Potential Terraform Configuration

data "google_cloud_identity_group_memberships" "members" {
  group = "groups/123eab45c6defghi"
  transitive = true # Or something along those lines
}

References

Docs: https://pkg.go.dev/google.golang.org/api/cloudidentity/v1#GroupsMembershipsService.SearchTransitiveGroups Also noted there is that this is only supported on higher tiers of Google Workspace, so some warning in the docs may be in order.

Other

We'd be willing to contribute the code, but I'm unsure if this needs to go through the magician? Also debatable whether to do this by flag in the existing data source, or a if a new one is better.

b/308247921

carlpett commented 1 year ago

@rileykarson Is there a way for us to contribute this? If so, we'd be happy to, but would need some help with the questions above.

roaks3 commented 12 months ago

Yes, contributions can be made using documentation at https://googlecloudplatform.github.io/magic-modules/. For this, it might be worth copying an existing data source like DataSourceGoogleCloudIdentityGroupMemberships and working off of that.

hashicorp / terraform-provider-google