Change: update configuration examples INPRO-1087

strg-at · Jun 13, 2022 · 4208ae3 · 4208ae3
1 parent efbcea6
commit 4208ae3
Show file tree

Hide file tree

Showing 12 changed files with 118 additions and 78 deletions.
diff --git a/examples/example-gsuite-authentication/terraform.tfvars.example b/examples/example-gsuite-authentication/terraform.tfvars.example
diff --git a/examples/example-gsuite-authentication/variables.tf b/examples/example-gsuite-authentication/variables.tf
diff --git a/...s/example-gsuite-authentication/README.md → ...example-provider-authentication/README.md b/...s/example-gsuite-authentication/README.md → ...example-provider-authentication/README.md
@@ -1,4 +1,4 @@
-# Example GSuite Authentication
+# Example Provider Authentication
 This folder contains an example how to implement the GSuite Authentication for Terraform.
 ## Google Cloud Service account
 ### Setup Service Account
@@ -20,6 +20,7 @@ Get the Service account with the ID provided before (Service account details), t
 https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.userschema, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/apps.groups.settings
 ```
 
-### Provide Service account credentials to Terraform
+### Provide Service account credentials to Terraform Provider
 
 Add credentials to terraform.tfvars, see [terraform.tfvars.example](terraform.tfvars.example).
+For Googleworkspace Customer ID, see [Find your customer ID](https://support.google.com/a/answer/10070793?hl=en).
diff --git a/...les/example-gsuite-authentication/main.tf → ...s/example-provider-authentication/main.tf b/...les/example-gsuite-authentication/main.tf → ...s/example-provider-authentication/main.tf
@@ -1,11 +1,21 @@
 # ---------------------------------------------------------------------------------------------------------------------
-# PROVIDE CREDENTIALS TO GSUITE PROVIDER
+# PROVIDE CREDENTIALS TO PROVIDER
 # Credentials are stored in terraform.tfvars file.
 # ---------------------------------------------------------------------------------------------------------------------
 
-provider "gsuite" {
-  impersonated_user_email = var.impersonated_user_email
-  credentials             = var.credentials
+terraform {
+  required_providers {
+    googleworkspace = {
+      source  = "hashicorp/googleworkspace"
+      version = ""
+    }
+  }
+}
+
+provider "googleworkspace" {
+  customer_id             = var.gworkspace_customer_id
+  impersonated_user_email = var.gworkspace_email
+  credentials             = var.gworkspace_credentials
   oauth_scopes = [
     "https://www.googleapis.com/auth/admin.directory.group",
     "https://www.googleapis.com/auth/apps.groups.settings",

diff --git a/examples/example-provider-authentication/terraform.tfvars.example b/examples/example-provider-authentication/terraform.tfvars.example
@@ -0,0 +1,7 @@
+# -------------------------------------------------------------------------------------------
+# Gworkspace credentials
+# -------------------------------------------------------------------------------------------
+
+#gworkspace_customer_id = "AB007cdef"
+#gworkspace_email       = "[email protected]"
+#gworkspace_credentials = "/path/to/google_credentials.json"
diff --git a/examples/example-provider-authentication/variables.tf b/examples/example-provider-authentication/variables.tf
@@ -0,0 +1,38 @@
+# -------------------------------------------------------------------------------------------
+# CONFIGURE VARIABLES
+# -------------------------------------------------------------------------------------------
+
+# -------------------------------------------------------------------------------------------
+# EXAMPLE
+#
+# Just an example.
+# Will be set to example if not set.
+# -------------------------------------------------------------------------------------------
+
+# variable "example" {
+#   description = "Just an example."
+#   type        = string
+#   default     = "example"
+#   sensitive   = true
+# }
+
+variable "gworkspace_customer_id" {
+  type        = string
+  default     = null
+  description = "customer id of google workspace"
+  sensitive   = true
+}
+
+variable "gworkspace_email" {
+  type        = string
+  default     = null
+  description = "impersonated user account for GSuite domain-wide delegation"
+  sensitive   = true
+}
+
+variable "gworkspace_credentials" {
+  type        = string
+  default     = null
+  description = "link to google credentials for service account"
+  sensitive   = true
+}
diff --git a/examples/example-with-google-buckets/main.tf b/examples/example-with-google-buckets/main.tf
@@ -1,24 +1,25 @@
+# ---------------------------------------------------------------------------------------------------------------------
 # MANAGE USERS AND GROUPS IN GOOGLE WORKSPACE
 # These templates show an example of how to use the terraform-gsuite-user-group-management module to manage Users and
 # Groups in Google Workspace. Google Buckets are used as data source.
 # ---------------------------------------------------------------------------------------------------------------------
 
 terraform {
   required_providers {
-    gsuite = {
-      source  = "DeviaVir/gsuite"
-      version = "0.1.58"
+    googleworkspace = {
+      source  = "hashicorp/googleworkspace"
+      version = ""
     }
     google = {
       source  = "hashicorp/google"
-      version = "3.66.1"
+      version = ""
     }
   }
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
-# ADD CREDENTIALS FOR GSUITE PROVIDER
-# See example-gsuite-authentication
+# ADD CREDENTIALS FOR PROVIDER AUTHENTICATION
+# See example-provider-authentication
 # ---------------------------------------------------------------------------------------------------------------------
 
 
@@ -54,10 +55,10 @@ data "google_storage_bucket_object_content" "users_external" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 module "user-group-management" {
-  source  = "strg-at/user-group-management/gsuite"
-  version = "0.1.0"
+  source  = "strg-at/user-group-management/googleworkspace"
+  version = ""
   providers = {
-    gsuite = gsuite
+    googleworkspace = googleworkspace
   }
   groups         = yamldecode(data.google_storage_bucket_object_content.groups.content)
   group_settings = yamldecode(data.google_storage_bucket_object_content.group_settings.content)

diff --git a/examples/example-with-local-files/main.tf b/examples/example-with-local-files/main.tf
@@ -6,16 +6,16 @@
 
 terraform {
   required_providers {
-    gsuite = {
-      source  = "DeviaVir/gsuite"
-      version = "0.1.58"
+    googleworkspace = {
+      source  = "hashicorp/googleworkspace"
+      version = ""
     }
   }
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
-# ADD CREDENTIALS FOR GSUITE PROVIDER
-# See example-gsuite-authentication
+# ADD CREDENTIALS FOR PROVIDER AUTHENTICATION
+# See example-provider-authentication
 # ---------------------------------------------------------------------------------------------------------------------
 
 
@@ -37,10 +37,10 @@ locals {
 # ---------------------------------------------------------------------------------------------------------------------
 
 module "user-group-management" {
-  source  = "strg-at/user-group-management/gsuite"
-  version = "0.1.0"
+  source  = "strg-at/user-group-management/googleworkspace"
+  version = ""
   providers = {
-    gsuite = gsuite
+    googleworkspace = googleworkspace
   }
   groups         = local.groups
   group_settings = local.group_settings

diff --git a/examples/example-yaml-files/group_settings.yaml b/examples/example-yaml-files/group_settings.yaml
@@ -5,30 +5,26 @@
 # For details on allowed parameters check https://registry.terraform.io/providers/DeviaVir/gsuite/latest/docs/resources/group_settings
 
 anyone-mail-allowed:
-  allow_external_members: "true"
-  allow_web_posting: "false"
-  archive_only: "false"
-  include_in_global_address_list: "true"
-  spam_moderation_level: "ALLOW"
-  who_can_contact_owner: "ALL_MANAGERS_CAN_CONTACT"
+  allow_external_members: false
+  allow_web_posting: true
+  archive_only: false
+  enable_collaborative_inbox: false
+  include_in_global_address_list: true
+  is_archived: false
+  members_can_post_as_the_group: false
+  message_moderation_level: "MODERATE_NONE"
+  reply_to: "REPLY_TO_IGNORE"
+  spam_moderation_level: "MODERATE"
+  who_can_assist_content: "NONE"
+  who_can_contact_owner: "ANYONE_CAN_CONTACT"
   who_can_discover_group: "ALL_IN_DOMAIN_CAN_DISCOVER"
-  who_can_join: "INVITED_CAN_JOIN"
-  who_can_leave_group: "NONE_CAN_LEAVE"
+  who_can_join: "CAN_REQUEST_TO_JOIN"
+  who_can_leave_group: "ALL_MEMBERS_CAN_LEAVE"
+  who_can_moderate_content: "OWNERS_AND_MANAGERS"
+  who_can_moderate_members: "OWNERS_AND_MANAGERS"
   who_can_post_message: "ANYONE_CAN_POST"
   who_can_view_group: "ALL_MEMBERS_CAN_VIEW"
-  who_can_view_membership: "ALL_IN_DOMAIN_CAN_VIEW"
+  who_can_view_membership: "ALL_MEMBERS_CAN_VIEW"
 
 # default
-default:
-  allow_external_members: null
-  allow_web_posting: null
-  archive_only: null
-  include_in_global_address_list: null
-  spam_moderation_level: null
-  who_can_contact_owner: null
-  who_can_discover_group: null
-  who_can_join: null
-  who_can_leave_group: null
-  who_can_post_message: null
-  who_can_view_group: null
-  who_can_view_membership: null
+# set values to null
diff --git a/examples/example-yaml-files/groups.yaml b/examples/example-yaml-files/groups.yaml
@@ -3,21 +3,21 @@
 # ---------------------------------------------------------------------------------------------------------------------
 
 one-group:
-  email: '[email protected]'
-  name: 'Example group'
-  settings: 'anyone-mail-allowed'
+  email: "[email protected]"
+  name: "Example group"
+  settings: "anyone-mail-allowed"
   aliases:
-    - '[email protected]'
+    - "[email protected]"
   groups: []
 
 # ---------------------------------------------------------------------------------------------------------------------
 # GOOGLE GROUP WITH ANOTHER GROUP AS MEMBER
 # ---------------------------------------------------------------------------------------------------------------------
 
 another-group:
-  email: '[email protected]'
-  name: 'Another Example group'
-  settings: 'default'
+  email: "[email protected]"
+  name: "Another Example group"
+  settings: "default"
   aliases: []
   groups:
-    - 'one-group'
+    - "one-group"
diff --git a/examples/example-yaml-files/users.yaml b/examples/example-yaml-files/users.yaml
@@ -3,15 +3,15 @@
 # ---------------------------------------------------------------------------------------------------------------------
 
 jane:
-  primary_email: '[email protected]'
-  include_in_global_list: true
-  given_name: 'Jane'
-  family_name: 'Doe'
-  is_suspended: false
-  suspension_reason: ''
-  org_unit_path: '/'
+  primary_email: "[email protected]"
+  family_name: "Doe"
+  given_name: "Jane"
   aliases:
-    - '[email protected]'
-  role:
-    - 'one-group'
-    - 'another-group'
+  - "[email protected]"
+  include_in_global_address_list: true
+  org_unit_path: "/"
+  archived: false
+  suspended: false
+  roles:
+    - "one-group"
+    - "another-group"
diff --git a/examples/example-yaml-files/users_external.yaml b/examples/example-yaml-files/users_external.yaml
@@ -4,4 +4,4 @@
 
 [email protected]:
   roles:
-    - 'one-group'
+    - "one-group"