Error when adding an entire domain as member

[alepuccetti]

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Terraform v1.5.2
+ provider registry.terraform.io/hashicorp/google v4.70.0
+ provider registry.terraform.io/hashicorp/googleworkspace v0.7.0

Affected Resource(s)

Please list the resources as a list, for example:

• googleworkspace_group_members

Terraform Configuration Files

resource "googleworkspace_group_members" "employees-test" {
  group_id = googleworkspace_group.employees-test.email

  members {
    email             = "[email protected]"
    role              = "OWNER"
    type              = "USER"
    delivery_settings = "ALL_MAIL"
  }
  members {
    email             = "[email protected]"
    role              = "OWNER"
    type              = "USER"
    delivery_settings = "ALL_MAIL"
  }
  members {
    email             = "<CUSTOMER_ID>"   # This is coped from the admin console 
    role              = "MEMBER"
    type              = "CUSTOMER"
    delivery_settings = "ALL_MAIL"
  }

  depends_on = [
    googleworkspace_group.employees-test
  ]
}

Expected Behavior

As per the docs here https://registry.terraform.io/providers/hashicorp/googleworkspace/latest/docs/resources/group_members#type. It should add all all the user within the domain to the group

Actual Behavior

Plan works fine but apply fail with this error:

Error: googleapi: Error 400: Invalid Input: memberKey, invalid
with googleworkspace_group_members.employees-test
on groups.tf line 89, in resource "googleworkspace_group_members" "employees-test":

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

[Gregesp]

Hello,

When you follow the documentation of the API (Directory API), most particularly REST Resource: members and the Method: members.insert the fields who could be use to fill the customer_id value is the id

But you could see the provider documentation, for the resources googleworkspace_group_member or googleworkspace_group_members

The field/attribute id or member_id used to pass the memberKey are managed only in Read-Only

The good syntax after a fix could be :

resource "googleworkspace_group_member" "google_groups_for_business_member_role_member_type_customer" {
  email = ""
  member_id  = var.customer_id
  group_id = googleworkspace_group.google_groups_for_business.id
  type = "CUSTOMER"
  delivery_settings = "ALL_MAIL"
  role = "MEMBER"

  timeouts {
    create = "3m"
    update = "3m"
  }
}

resource "googleworkspace_group_members" "google_groups_for_business_members_role_members_type_customer" {
  group_id = googleworkspace_group.google_groups_for_business.id

  members {
    id = var.customer_id
    email = ""
    role = "MEMBER"
    type = "CUSTOMER"
    delivery_settings = "ALL_MAIL"
  }
}

Regards,
Greg