This folder contains an example how to implement the GSuite Authentication for Terraform.
Google SDK Documentation about Delegation
Go to IAM service accounts and create a Service account.
- enter Service account name
- add yourself to 'Grant users access to this service account'
In the Service account overview open the 'Actions' menu on the right of the dedicated service account and choose Manage keys. Click on 'Add key' and create a new key in JSON format, this key will be used for Terraform.
In the Service account overview open the 'Actions' menu on the right of the dedicated service account and choose Manage details.
Open this part below and Enable GSuite Domain-wide Delegation.
- Enter Product name, f.e. Terraform GSuite service
- the impersonated user account will do the terraform job and needs admin permission.
- copy ID for next step
Now go to Google Admin Console and open the Burger menu on the left. Choose Security > API controls.
Get the Service account with the ID provided before (Service account details), then add the following oauth scopes:
https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.userschema, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/apps.groups.settings
Add credentials to terraform.tfvars, see terraform.tfvars.example.