diff --git a/examples/example-gsuite-authentication/main.tf b/examples/example-gsuite-authentication/main.tf new file mode 100644 index 0000000..e9f30ea --- /dev/null +++ b/examples/example-gsuite-authentication/main.tf @@ -0,0 +1,15 @@ +# --------------------------------------------------------------------------------------------------------------------- +# PROVIDE CREDENTIALS TO GSUITE PROVIDER +# Credentials are stored in terraform.tfvars file. +# --------------------------------------------------------------------------------------------------------------------- + +provider "gsuite" { + impersonated_user_email = var.impersonated_user_email + credentials = var.credentials + oauth_scopes = [ + "https://www.googleapis.com/auth/admin.directory.group", + "https://www.googleapis.com/auth/apps.groups.settings", + "https://www.googleapis.com/auth/admin.directory.user", + "https://www.googleapis.com/auth/admin.directory.userschema", + ] +} diff --git a/examples/example-gsuite-authentication/terraform.tfvars.example b/examples/example-gsuite-authentication/terraform.tfvars.example new file mode 100644 index 0000000..b353a98 --- /dev/null +++ b/examples/example-gsuite-authentication/terraform.tfvars.example @@ -0,0 +1,2 @@ +#impersonated_user_email = "jane@example.io" +#credentials = "/path/to/google_credentials.json" diff --git a/examples/example-gsuite-authentication/variables.tf b/examples/example-gsuite-authentication/variables.tf new file mode 100644 index 0000000..74a42b0 --- /dev/null +++ b/examples/example-gsuite-authentication/variables.tf @@ -0,0 +1,11 @@ +variable "impersonated_user_email" { + type = string + default = null + description = "impersonated user account for GSuite domain-wide delegation" +} + +variable "credentials" { + type = string + default = null + description = "links to google credentials for service account" +} diff --git a/examples/example-with-google-buckets/main.tf b/examples/example-with-google-buckets/main.tf new file mode 100644 index 0000000..ab8e1ff --- /dev/null +++ b/examples/example-with-google-buckets/main.tf @@ -0,0 +1,53 @@ +# --------------------------------------------------------------------------------------------------------------------- +# MANAGE USERS AND GROUPS IN GOOGLE WORKSPACE +# These templates show an example of how to use the terraform-gsuite-user-group-management module to manage Users and +# Groups in Google Workspace. Google Buckets are used as data source. +# --------------------------------------------------------------------------------------------------------------------- +terraform { + required_providers { + gsuite = { + source = "DeviaVir/gsuite" + version = "0.1.58" + } + google = { + source = "hashicorp/google" + version = "3.66.1" + } + } +} + +# --------------------------------------------------------------------------------------------------------------------- +# ADD CREDENTIALS FOR GSUITE PROVIDER +# See example-gsuite-authentication +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +# DATA SOURCE FROM GOOGLE BUCKET +# YAML files are stored in Google Buckets with versioning enabled. Each YAML file gets its own reference. For YAML +# example files see example-yaml-files. +# --------------------------------------------------------------------------------------------------------------------- + +data "google_storage_bucket_object_content" "groups" { + name = "groups.yaml" + bucket = "example-data" +} + +data "google_storage_bucket_object_content" "users" { + name = "users.yaml" + bucket = "example-data" +} + +# --------------------------------------------------------------------------------------------------------------------- +# GOOGLE WORKSPACE USER-GROUP MANAGEMENT MODULE +# The original Github Repo is used as source to ensure future updates. The module expects groups and users data. +# --------------------------------------------------------------------------------------------------------------------- + +module "gworkspace" { + source = "git@github.com:strg-at/terraform-google-workspace-module.git" + providers = { + gsuite = gsuite + } + groups = yamldecode(data.google_storage_bucket_object_content.groups.content) + users = yamldecode(data.google_storage_bucket_object_content.users.content) +} diff --git a/examples/example-with-local-yaml-files/main.tf b/examples/example-with-local-yaml-files/main.tf new file mode 100644 index 0000000..83520e5 --- /dev/null +++ b/examples/example-with-local-yaml-files/main.tf @@ -0,0 +1,43 @@ +# --------------------------------------------------------------------------------------------------------------------- +# MANAGE USERS AND GROUPS IN GOOGLE WORKSPACE +# These templates show an example of how to use the terraform-gsuite-user-group-management module to manage Users and +# Groups in Google Workspace. Local YAML files are used as data source. +# --------------------------------------------------------------------------------------------------------------------- +terraform { + required_providers { + gsuite = { + source = "DeviaVir/gsuite" + version = "0.1.58" + } + } +} + +# --------------------------------------------------------------------------------------------------------------------- +# ADD CREDENTIALS FOR GSUITE PROVIDER +# See example-gsuite-authentication +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +# DATA SOURCE FROM LOCAL +# YAML files are stored locally. For YAML example files see example-yaml-files. +# --------------------------------------------------------------------------------------------------------------------- + +locals { + groups = yamldecode(file("${path.module}/groups.yaml")) + users = yamldecode(file("${path.module}/users.yaml")) +} + +# --------------------------------------------------------------------------------------------------------------------- +# GOOGLE WORKSPACE USER-GROUP MANAGEMENT MODULE +# The original Github Repo is used as source to ensure future updates. The module expects groups and users data. +# --------------------------------------------------------------------------------------------------------------------- + +module "gworkspace" { + source = "git@github.com:strg-at/terraform-google-workspace-module.git" + providers = { + gsuite = gsuite + } + groups = local.groups + users = local.users +} diff --git a/examples/example-yaml-files/groups.yaml b/examples/example-yaml-files/groups.yaml new file mode 100644 index 0000000..1a1bc16 --- /dev/null +++ b/examples/example-yaml-files/groups.yaml @@ -0,0 +1,17 @@ +# --------------------------------------------------------------------------------------------------------------------- +# GOOGLE GROUP +# --------------------------------------------------------------------------------------------------------------------- + +one-group: + email: 'group@example.io' + name: 'Example group' + +# --------------------------------------------------------------------------------------------------------------------- +# GOOGLE GROUP WITH ANOTHER GROUP AS MEMBER +# --------------------------------------------------------------------------------------------------------------------- + +another-group: + email: 'another-group@example.io' + name: 'Another Example group' + groups: + - one-group diff --git a/examples/example-yaml-files/users.yaml b/examples/example-yaml-files/users.yaml new file mode 100644 index 0000000..56ca8e7 --- /dev/null +++ b/examples/example-yaml-files/users.yaml @@ -0,0 +1,16 @@ +# --------------------------------------------------------------------------------------------------------------------- +# GOOGLE USER WITH GROUP MEMBERSHIPS +# --------------------------------------------------------------------------------------------------------------------- + +jane: + family_name: 'Doe' + given_name: 'Jane' + primary_email: 'jane@example.io' + recovery_email: 'jane@alternative-example.io' + recovery_phone: '+10000' + org_unit_path: / + is_suspended: false + suspension_reason: '' + role: + - group + - another-group diff --git a/main.tf b/main.tf index 436ab11..f3c4e83 100644 --- a/main.tf +++ b/main.tf @@ -34,7 +34,7 @@ module "users" { providers = { gsuite = gsuite } - user = each.value + user = each.value } module "users_to_groups" { diff --git a/modules/users_to_groups/users_to_groups.tf b/modules/users_to_groups/users_to_groups.tf index 0ecd671..94bd7a6 100644 --- a/modules/users_to_groups/users_to_groups.tf +++ b/modules/users_to_groups/users_to_groups.tf @@ -11,7 +11,7 @@ terraform { * Ressource documentation: https://registry.terraform.io/providers/DeviaVir/gsuite/latest/docs/resources/group_member */ resource "gsuite_group_member" "member" { - for_each = toset(var.user.roles) - group = var.groups[each.value].email - email = var.user.primary_email + for_each = toset(var.user.roles) + group = var.groups[each.value].email + email = var.user.primary_email }