Skip to content

Commit

Permalink
New: add group_settings support INPRO-372
Browse files Browse the repository at this point in the history
  • Loading branch information
jazzlyn committed May 25, 2021
1 parent c06c2e7 commit be38c0c
Show file tree
Hide file tree
Showing 12 changed files with 104 additions and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ IAC Implementation for User- and Group Management in Google Workspace (formerly
## How to use this module

This repo has the following folder structure:
* [modules](modules/): This folder contains a set of modules for maintaining Users and Groups in Google Workspace. The modules are basically standalone, however a proper data source is needed.
* [modules](modules/): This folder contains a set of modules for maintaining Users and Groups in Google Workspace.
* [examples](examples/): This folder shows examples on how to use this module with different data sources as well as an example for a data source and authentication with the Google API.

### Google Cloud Service account
Expand Down
6 changes: 6 additions & 0 deletions examples/example-with-google-buckets/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ data "google_storage_bucket_object_content" "groups" {
bucket = "example-data"
}

data "google_storage_bucket_object_content" "group_settings" {
name = "group_settings.yaml"
bucket = "example-data"
}

data "google_storage_bucket_object_content" "users" {
name = "users.yaml"
bucket = "example-data"
Expand All @@ -55,6 +60,7 @@ module "user-group-management" {
gsuite = gsuite
}
groups = yamldecode(data.google_storage_bucket_object_content.groups.content)
group_settings = yamldecode(data.google_storage_bucket_object_content.group_settings.content)
users = yamldecode(data.google_storage_bucket_object_content.users.content)
users_external = yamldecode(data.google_storage_bucket_object_content.users_external.content)
}
2 changes: 2 additions & 0 deletions examples/example-with-local-files/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ terraform {

locals {
groups = yamldecode(file("${path.module}/groups.yaml"))
group_settings = yamldecode(file("${path.module}/group-settings.yaml"))
users = yamldecode(file("${path.module}/users.yaml"))
users_external = yamldecode(file("${path.module}/users_external.yaml"))
}
Expand All @@ -42,6 +43,7 @@ module "user-group-management" {
gsuite = gsuite
}
groups = local.groups
group_settings = local.group_settings
users = local.users
users_external = local.users_external
}
34 changes: 34 additions & 0 deletions examples/example-yaml-files/group_settings.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# ---------------------------------------------------------------------------------------------------------------------
# GOOGLE GROUP SETTINGS
# ---------------------------------------------------------------------------------------------------------------------
#
# For details on allowed parameters check https://registry.terraform.io/providers/DeviaVir/gsuite/latest/docs/resources/group_settings

anyone-mail-allowed:
allow_external_members: "true"
allow_web_posting: "false"
archive_only: "false"
include_in_global_address_list: "true"
spam_moderation_level: "ALLOW"
who_can_contact_owner: "ALL_MANAGERS_CAN_CONTACT"
who_can_discover_group: "ALL_IN_DOMAIN_CAN_DISCOVER"
who_can_join: "INVITED_CAN_JOIN"
who_can_leave_group: "NONE_CAN_LEAVE"
who_can_post_message: "ANYONE_CAN_POST"
who_can_view_group: "ALL_MEMBERS_CAN_VIEW"
who_can_view_membership: "ALL_IN_DOMAIN_CAN_VIEW"

# default
default:
allow_external_members: null
allow_web_posting: null
archive_only: null
include_in_global_address_list: null
spam_moderation_level: null
who_can_contact_owner: null
who_can_discover_group: null
who_can_join: null
who_can_leave_group: null
who_can_post_message: null
who_can_view_group: null
who_can_view_membership: null
2 changes: 2 additions & 0 deletions examples/example-yaml-files/groups.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
one-group:
email: '[email protected]'
name: 'Example group'
settings: 'anyone-mail-allowed'
aliases:
- '[email protected]'
groups: []
Expand All @@ -16,6 +17,7 @@ one-group:
another-group:
email: '[email protected]'
name: 'Another Example group'
settings: 'default'
aliases: []
groups:
- 'one-group'
4 changes: 4 additions & 0 deletions examples/example-yaml-files/users_external.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# ---------------------------------------------------------------------------------------------------------------------
# EXTERNAL USER WITH GROUP MEMBERSHIPS
# ---------------------------------------------------------------------------------------------------------------------

[email protected]:
roles:
- 'one-group'
10 changes: 10 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,16 @@ module "groups" {
group = each.value
}

module "group_settings" {
for_each = var.groups
source = "./modules/group_settings"
providers = {
gsuite = gsuite
}
group_settings = var.group_settings
group = each.value
}

module "groups_in_group" {
for_each = var.groups
depends_on = [module.groups]
Expand Down
29 changes: 29 additions & 0 deletions modules/group_settings/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
terraform {
required_providers {
gsuite = {
source = "DeviaVir/gsuite"
version = "0.1.58"
}
}
}

# ---------------------------------------------------------------------------------------------------------------------
# Ressource documentation: https://registry.terraform.io/providers/DeviaVir/gsuite/latest/docs/resources/group_settings
# ---------------------------------------------------------------------------------------------------------------------

resource "gsuite_group_settings" "group_settings" {
email = var.group.email

allow_external_members = var.group_settings[var.group.settings].allow_external_members
allow_web_posting = var.group_settings[var.group.settings].allow_web_posting
archive_only = var.group_settings[var.group.settings].archive_only
include_in_global_address_list = var.group_settings[var.group.settings].include_in_global_address_list
spam_moderation_level = var.group_settings[var.group.settings].spam_moderation_level
who_can_contact_owner = var.group_settings[var.group.settings].who_can_contact_owner
who_can_discover_group = var.group_settings[var.group.settings].who_can_discover_group
who_can_join = var.group_settings[var.group.settings].who_can_join
who_can_leave_group = var.group_settings[var.group.settings].who_can_leave_group
who_can_post_message = var.group_settings[var.group.settings].who_can_post_message
who_can_view_group = var.group_settings[var.group.settings].who_can_view_group
who_can_view_membership = var.group_settings[var.group.settings].who_can_view_membership
}
Empty file.
9 changes: 9 additions & 0 deletions modules/group_settings/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "group_settings" {
type = any
description = "contains all defined group setting templates for Google Groups"
}

variable "group" {
type = any
description = "contains an object representing a Google Group"
}
2 changes: 2 additions & 0 deletions modules/users_external_to_groups/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Module for adding external users to groups
This module is optional. For details on how to use it check [examples](examples/).
5 changes: 5 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ variable "groups" {
description = "contains objects representing all defined Google Groups"
}

variable "group_settings" {
type = map(any)
description = "contains all defined group setting templates for Google Groups"
}

variable "users" {
type = map(any)
description = "contains objects representing all defined Google Users"
Expand Down

0 comments on commit be38c0c

Please sign in to comment.