Open xingao267 opened 3 years ago
API doc for how to upgrade a group to security group https://cloud.google.com/identity/docs/how-to/update-group-to-security-group
From the API doc, it seems I need to first create a regular Google group, and then update it to be a security group by adding an additional label. Is it possible with Terraform to create a security group in one terraform apply
execution?
To confirm, Security Groups must be PATCH
ed into existence from a normal group. Otherwise this error is returned:
Error 400: Cannot create a security group directly
I attempted to describe the change to Terraform, which sees it as requiring replacement:
# module.asdf.google_cloud_identity_group.self must be replaced
-/+ resource "google_cloud_identity_group" "self" {
~ create_time = "2021-02-24T16:21:37.499934Z" -> (known after apply)
~ id = "groups/asdfasdf" -> (known after apply)
~ labels = { # forces replacement
+ "cloudidentity.googleapis.com/groups.security" = ""
# (1 unchanged element hidden)
}
~ name = "groups/asdfasdf" -> (known after apply)
~ update_time = "2021-02-24T16:21:37.499934Z" -> (known after apply)
# (2 unchanged attributes hidden)
~ group_key {
id = "asdf@asdf.com"
}
}
So, if this provider learns how to PATCH group labels then that would be enough for basic support. However it would require two terraform apply
passes as stated above. Addressing this would likely require adding some special casing 😄
b/245963372
For some additional background: https://github.com/hashicorp/terraform-provider-googleworkspace/issues/113
Friends, first of all, thank you for the provider support. Do you know when security label support will be available on workspace?
Community Note
Description
Currently, only Google groups are supported in the google_cloud_identity_group resource. We should support security group as well https://cloud.google.com/identity/docs/groups#group_types. To support this, we should allow specifying multiple labels in the resource (https://github.com/GoogleCloudPlatform/magic-modules/blob/master/products/cloudidentity/api.yaml#L110).
New or Affected Resource(s)
Potential Terraform Configuration
References
0000