diff --git a/examples/example-gsuite-authentication/terraform.tfvars.example b/examples/example-gsuite-authentication/terraform.tfvars.example deleted file mode 100644 index b353a98..0000000 --- a/examples/example-gsuite-authentication/terraform.tfvars.example +++ /dev/null @@ -1,2 +0,0 @@ -#impersonated_user_email = "jane@example.io" -#credentials = "/path/to/google_credentials.json" diff --git a/examples/example-gsuite-authentication/variables.tf b/examples/example-gsuite-authentication/variables.tf deleted file mode 100644 index 74a42b0..0000000 --- a/examples/example-gsuite-authentication/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "impersonated_user_email" { - type = string - default = null - description = "impersonated user account for GSuite domain-wide delegation" -} - -variable "credentials" { - type = string - default = null - description = "links to google credentials for service account" -} diff --git a/examples/example-gsuite-authentication/README.md b/examples/example-provider-authentication/README.md similarity index 86% rename from examples/example-gsuite-authentication/README.md rename to examples/example-provider-authentication/README.md index 0c1a228..892990e 100644 --- a/examples/example-gsuite-authentication/README.md +++ b/examples/example-provider-authentication/README.md @@ -1,4 +1,4 @@ -# Example GSuite Authentication +# Example Provider Authentication This folder contains an example how to implement the GSuite Authentication for Terraform. ## Google Cloud Service account ### Setup Service Account @@ -20,6 +20,7 @@ Get the Service account with the ID provided before (Service account details), t https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.userschema, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/apps.groups.settings ``` -### Provide Service account credentials to Terraform +### Provide Service account credentials to Terraform Provider Add credentials to terraform.tfvars, see [terraform.tfvars.example](terraform.tfvars.example). +For Googleworkspace Customer ID, see [Find your customer ID](https://support.google.com/a/answer/10070793?hl=en). diff --git a/examples/example-gsuite-authentication/main.tf b/examples/example-provider-authentication/main.tf similarity index 61% rename from examples/example-gsuite-authentication/main.tf rename to examples/example-provider-authentication/main.tf index e9f30ea..259e6e5 100644 --- a/examples/example-gsuite-authentication/main.tf +++ b/examples/example-provider-authentication/main.tf @@ -1,11 +1,21 @@ # --------------------------------------------------------------------------------------------------------------------- -# PROVIDE CREDENTIALS TO GSUITE PROVIDER +# PROVIDE CREDENTIALS TO PROVIDER # Credentials are stored in terraform.tfvars file. # --------------------------------------------------------------------------------------------------------------------- -provider "gsuite" { - impersonated_user_email = var.impersonated_user_email - credentials = var.credentials +terraform { + required_providers { + googleworkspace = { + source = "hashicorp/googleworkspace" + version = "" + } + } +} + +provider "googleworkspace" { + customer_id = var.gworkspace_customer_id + impersonated_user_email = var.gworkspace_email + credentials = var.gworkspace_credentials oauth_scopes = [ "https://www.googleapis.com/auth/admin.directory.group", "https://www.googleapis.com/auth/apps.groups.settings", diff --git a/examples/example-provider-authentication/terraform.tfvars.example b/examples/example-provider-authentication/terraform.tfvars.example new file mode 100644 index 0000000..f4a1fa5 --- /dev/null +++ b/examples/example-provider-authentication/terraform.tfvars.example @@ -0,0 +1,7 @@ +# ------------------------------------------------------------------------------------------- +# Gworkspace credentials +# ------------------------------------------------------------------------------------------- + +#gworkspace_customer_id = "AB007cdef" +#gworkspace_email = "jane@example.io" +#gworkspace_credentials = "/path/to/google_credentials.json" diff --git a/examples/example-provider-authentication/variables.tf b/examples/example-provider-authentication/variables.tf new file mode 100644 index 0000000..642aef2 --- /dev/null +++ b/examples/example-provider-authentication/variables.tf @@ -0,0 +1,38 @@ +# ------------------------------------------------------------------------------------------- +# CONFIGURE VARIABLES +# ------------------------------------------------------------------------------------------- + +# ------------------------------------------------------------------------------------------- +# EXAMPLE +# +# Just an example. +# Will be set to example if not set. +# ------------------------------------------------------------------------------------------- + +# variable "example" { +# description = "Just an example." +# type = string +# default = "example" +# sensitive = true +# } + +variable "gworkspace_customer_id" { + type = string + default = null + description = "customer id of google workspace" + sensitive = true +} + +variable "gworkspace_email" { + type = string + default = null + description = "impersonated user account for GSuite domain-wide delegation" + sensitive = true +} + +variable "gworkspace_credentials" { + type = string + default = null + description = "link to google credentials for service account" + sensitive = true +} diff --git a/examples/example-with-google-buckets/main.tf b/examples/example-with-google-buckets/main.tf index d4604e1..03b760b 100644 --- a/examples/example-with-google-buckets/main.tf +++ b/examples/example-with-google-buckets/main.tf @@ -1,3 +1,4 @@ +# --------------------------------------------------------------------------------------------------------------------- # MANAGE USERS AND GROUPS IN GOOGLE WORKSPACE # These templates show an example of how to use the terraform-gsuite-user-group-management module to manage Users and # Groups in Google Workspace. Google Buckets are used as data source. @@ -5,20 +6,20 @@ terraform { required_providers { - gsuite = { - source = "DeviaVir/gsuite" - version = "0.1.58" + googleworkspace = { + source = "hashicorp/googleworkspace" + version = "" } google = { source = "hashicorp/google" - version = "3.66.1" + version = "" } } } # --------------------------------------------------------------------------------------------------------------------- -# ADD CREDENTIALS FOR GSUITE PROVIDER -# See example-gsuite-authentication +# ADD CREDENTIALS FOR PROVIDER AUTHENTICATION +# See example-provider-authentication # --------------------------------------------------------------------------------------------------------------------- @@ -54,10 +55,10 @@ data "google_storage_bucket_object_content" "users_external" { # --------------------------------------------------------------------------------------------------------------------- module "user-group-management" { - source = "strg-at/user-group-management/gsuite" - version = "0.1.0" + source = "strg-at/user-group-management/googleworkspace" + version = "" providers = { - gsuite = gsuite + googleworkspace = googleworkspace } groups = yamldecode(data.google_storage_bucket_object_content.groups.content) group_settings = yamldecode(data.google_storage_bucket_object_content.group_settings.content) diff --git a/examples/example-with-local-files/main.tf b/examples/example-with-local-files/main.tf index e1d3c98..dee5138 100644 --- a/examples/example-with-local-files/main.tf +++ b/examples/example-with-local-files/main.tf @@ -6,16 +6,16 @@ terraform { required_providers { - gsuite = { - source = "DeviaVir/gsuite" - version = "0.1.58" + googleworkspace = { + source = "hashicorp/googleworkspace" + version = "" } } } # --------------------------------------------------------------------------------------------------------------------- -# ADD CREDENTIALS FOR GSUITE PROVIDER -# See example-gsuite-authentication +# ADD CREDENTIALS FOR PROVIDER AUTHENTICATION +# See example-provider-authentication # --------------------------------------------------------------------------------------------------------------------- @@ -37,10 +37,10 @@ locals { # --------------------------------------------------------------------------------------------------------------------- module "user-group-management" { - source = "strg-at/user-group-management/gsuite" - version = "0.1.0" + source = "strg-at/user-group-management/googleworkspace" + version = "" providers = { - gsuite = gsuite + googleworkspace = googleworkspace } groups = local.groups group_settings = local.group_settings diff --git a/examples/example-yaml-files/group_settings.yaml b/examples/example-yaml-files/group_settings.yaml index f9b31c9..5745f05 100644 --- a/examples/example-yaml-files/group_settings.yaml +++ b/examples/example-yaml-files/group_settings.yaml @@ -5,30 +5,26 @@ # For details on allowed parameters check https://registry.terraform.io/providers/DeviaVir/gsuite/latest/docs/resources/group_settings anyone-mail-allowed: - allow_external_members: "true" - allow_web_posting: "false" - archive_only: "false" - include_in_global_address_list: "true" - spam_moderation_level: "ALLOW" - who_can_contact_owner: "ALL_MANAGERS_CAN_CONTACT" + allow_external_members: false + allow_web_posting: true + archive_only: false + enable_collaborative_inbox: false + include_in_global_address_list: true + is_archived: false + members_can_post_as_the_group: false + message_moderation_level: "MODERATE_NONE" + reply_to: "REPLY_TO_IGNORE" + spam_moderation_level: "MODERATE" + who_can_assist_content: "NONE" + who_can_contact_owner: "ANYONE_CAN_CONTACT" who_can_discover_group: "ALL_IN_DOMAIN_CAN_DISCOVER" - who_can_join: "INVITED_CAN_JOIN" - who_can_leave_group: "NONE_CAN_LEAVE" + who_can_join: "CAN_REQUEST_TO_JOIN" + who_can_leave_group: "ALL_MEMBERS_CAN_LEAVE" + who_can_moderate_content: "OWNERS_AND_MANAGERS" + who_can_moderate_members: "OWNERS_AND_MANAGERS" who_can_post_message: "ANYONE_CAN_POST" who_can_view_group: "ALL_MEMBERS_CAN_VIEW" - who_can_view_membership: "ALL_IN_DOMAIN_CAN_VIEW" + who_can_view_membership: "ALL_MEMBERS_CAN_VIEW" # default -default: - allow_external_members: null - allow_web_posting: null - archive_only: null - include_in_global_address_list: null - spam_moderation_level: null - who_can_contact_owner: null - who_can_discover_group: null - who_can_join: null - who_can_leave_group: null - who_can_post_message: null - who_can_view_group: null - who_can_view_membership: null +# set values to null diff --git a/examples/example-yaml-files/groups.yaml b/examples/example-yaml-files/groups.yaml index a34b6aa..39bfbd4 100644 --- a/examples/example-yaml-files/groups.yaml +++ b/examples/example-yaml-files/groups.yaml @@ -3,11 +3,11 @@ # --------------------------------------------------------------------------------------------------------------------- one-group: - email: 'group@example.io' - name: 'Example group' - settings: 'anyone-mail-allowed' + email: "group@example.io" + name: "Example group" + settings: "anyone-mail-allowed" aliases: - - 'one-alternative@example.io' + - "one-alternative@example.io" groups: [] # --------------------------------------------------------------------------------------------------------------------- @@ -15,9 +15,9 @@ one-group: # --------------------------------------------------------------------------------------------------------------------- another-group: - email: 'another-group@example.io' - name: 'Another Example group' - settings: 'default' + email: "another-group@example.io" + name: "Another Example group" + settings: "default" aliases: [] groups: - - 'one-group' + - "one-group" diff --git a/examples/example-yaml-files/users.yaml b/examples/example-yaml-files/users.yaml index 64953ce..acec124 100644 --- a/examples/example-yaml-files/users.yaml +++ b/examples/example-yaml-files/users.yaml @@ -3,15 +3,15 @@ # --------------------------------------------------------------------------------------------------------------------- jane: - primary_email: 'jane@example.io' - include_in_global_list: true - given_name: 'Jane' - family_name: 'Doe' - is_suspended: false - suspension_reason: '' - org_unit_path: '/' + primary_email: "jane@example.io" + family_name: "Doe" + given_name: "Jane" aliases: - - 'doe@example.io' - role: - - 'one-group' - - 'another-group' + - "doe@example.io" + include_in_global_address_list: true + org_unit_path: "/" + archived: false + suspended: false + roles: + - "one-group" + - "another-group" diff --git a/examples/example-yaml-files/users_external.yaml b/examples/example-yaml-files/users_external.yaml index 2287c54..ef58ff4 100644 --- a/examples/example-yaml-files/users_external.yaml +++ b/examples/example-yaml-files/users_external.yaml @@ -4,4 +4,4 @@ jane@example-external.io: roles: - - 'one-group' + - "one-group"