search

hashicorp / terraform-provider-googleworkspace

Terraform Provider for Google Workspace
https://registry.terraform.io/providers/hashicorp/googleworkspace
Mozilla Public License 2.0
130 stars 58 forks source link

Not authorized to update admin users #440

Open charles-astrafy opened 1 year ago

charles-astrafy commented 1 year ago

Terraform Version

Terraform 1.3.9

Affected Resource(s)

googleworkspace_user

Problem:

It seems terraform cannot update a user that has some admin rights defined. The SA we use with terrafomr has super admin roles on Google Workspaces but still we get the following error when trying to update a user that has some admin roles defined:

--> Error: googleapi: Error 403: Not Authorized to access this resource/api, forbidden

Expected Behavior

We would expect terraform to be able to manage also admin users.

SamuZad commented 4 months ago

For what it's worth: the provider can manage admin users, but only if domain-wide delegation is enabled: https://developers.google.com/workspace/guides/create-credentials#delegate_domain-wide_authority_to_your_service_account

The docs should definitely be clearer about this