Skip to content

Commit

Permalink
feat(variables): rework INPRO-1449
Browse files Browse the repository at this point in the history
  • Loading branch information
jazzlyn committed Dec 9, 2022
1 parent bad96cf commit d879417
Show file tree
Hide file tree
Showing 11 changed files with 279 additions and 34 deletions.
2 changes: 1 addition & 1 deletion .terraform-docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,4 @@ settings:
indent: 2
required: true
sensitive: true
type: true
type: false
82 changes: 78 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,31 @@
<!-- markdownlint-disable MD041 -->
<!-- markdownlint-disable MD033 -->
<!-- markdownlint-disable MD028 -->

<!-- PROJECT SHIELDS -->
<!--
*** I'm using markdown "reference style" links for readability.
*** Reference links are enclosed in brackets [ ] instead of parentheses ( ).
*** See the bottom of this document for the declaration of the reference variables
*** for contributors-url, forks-url, etc. This is an optional, concise syntax you may use.
*** https://www.markdownguide.org/basic-syntax/#reference-style-links
-->

[![pre-commit][pre-commit-shield]][pre-commit-url]
[![Terraform][terraform-shield]][terraform-url]

# Dynamic User- and Group Management for Google Workspace with Terraform

IAC Implementation for User- and Group Management in Google Workspace (formerly GSuite)

## How to use this module

This module is published at Terraform Registry, see [Terraform Registry](https://registry.terraform.io/modules/strg-at/user-group-management/googleworkspace) for Details.
This module is published at Terraform Registry, see [Terraform Registry][tf-registry-module] for Details.

This repo has the following folder structure:
* [modules](modules/): This folder contains a set of modules for maintaining Users and Groups in Google Workspace.
* [examples](examples/): This folder shows examples on how to use this module with different data sources as well as an example for a data source and authentication with the Google API.

- [modules](modules/): This folder contains a set of modules for maintaining Users and Groups in Google Workspace.
- [examples](examples/): This folder shows examples on how to use this module with different data sources as well as an example for a data source and authentication with the Google API.

### Google Cloud Service account

Expand All @@ -27,4 +45,60 @@ This code is released under the MIT License. Please see [LICENSE](LICENSE) for m

## Authors

* **[Jasmin Müller](mailto:[email protected])** (:octocat: [jazzlyn](https://github.com/jazzlyn)) - implementation
- **[Jasmin Müller](mailto:[email protected])** (:octocat: [jazzlyn](https://github.com/jazzlyn)) - implementation

<!-- MARKDOWN LINKS & IMAGES -->
<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->

<!-- Links -->

[tf-registry-module]: https://registry.terraform.io/modules/strg-at/user-group-management/googleworkspace

<!-- Badges -->

[pre-commit-shield]: https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&style=for-the-badge
[pre-commit-url]: https://github.com/pre-commit/pre-commit
[terraform-shield]: https://img.shields.io/badge/terraform-1.x-844fba?style=for-the-badge&logo=terraform
[terraform-url]: https://www.terraform.io/

<!-- prettier-ignore-start -->
<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_googleworkspace"></a> [googleworkspace](#requirement\_googleworkspace) | 0.7.0 |

## Providers

No providers.

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_group_settings"></a> [group\_settings](#module\_group\_settings) | ./modules/group_settings | n/a |
| <a name="module_groups"></a> [groups](#module\_groups) | ./modules/groups | n/a |
| <a name="module_groups_in_group"></a> [groups\_in\_group](#module\_groups\_in\_group) | ./modules/groups_in_group | n/a |
| <a name="module_users"></a> [users](#module\_users) | ./modules/users | n/a |
| <a name="module_users_external_to_groups"></a> [users\_external\_to\_groups](#module\_users\_external\_to\_groups) | ./modules/users_external_to_groups | n/a |
| <a name="module_users_to_groups"></a> [users\_to\_groups](#module\_users\_to\_groups) | ./modules/users_to_groups | n/a |

## Resources

No resources.

## Inputs

| Name | Description | Default | Required |
|------|-------------|---------|:--------:|
| <a name="input_group_settings"></a> [group\_settings](#input\_group\_settings) | contains all defined group setting templates for Google Groups | n/a | yes |
| <a name="input_groups"></a> [groups](#input\_groups) | contains objects representing all defined Google Groups | n/a | yes |
| <a name="input_users"></a> [users](#input\_users) | contains objects representing all defined Google Users | n/a | yes |
| <a name="input_users_external"></a> [users\_external](#input\_users\_external) | contains objects representing all defined external Users | `{}` | no |

## Outputs

No outputs.
<!-- END_TF_DOCS -->
<!-- prettier-ignore-end -->
43 changes: 38 additions & 5 deletions modules/group_settings/variables.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,42 @@
variable "group_settings" {
type = any
description = "contains all defined group setting templates for Google Groups"
}
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# CONFIGURE VARIABLES
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


variable "group" {
type = any
description = "contains an object representing a Google Group"
type = object({
email : string,
name : string,
description : optional(string),
settings : optional(string),
aliases : optional(list(string)),
members : optional(list(string)),
})
}

variable "group_settings" {
description = "contains all defined group setting templates for Google Groups"
type = map(object({
allow_external_members : optional(bool),
allow_web_posting : optional(bool),
archive_only : optional(bool),
enable_collaborative_inbox : optional(bool),
include_in_global_address_list : optional(bool),
is_archived : optional(bool),
members_can_post_as_the_group : optional(bool),
message_moderation_level : optional(string),
reply_to : optional(string),
spam_moderation_level : optional(string),
who_can_assist_content : optional(string),
who_can_contact_owner : optional(string),
who_can_discover_group : optional(string),
who_can_join : optional(string),
who_can_leave_group : optional(string),
who_can_moderate_content : optional(string),
who_can_moderate_members : optional(string),
who_can_post_message : optional(string),
who_can_view_group : optional(string),
who_can_view_membership : optional(string),
}))
}
2 changes: 1 addition & 1 deletion modules/groups/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,6 @@ terraform {
resource "googleworkspace_group" "group" {
email = var.group.email
name = var.group.name
description = "Managed with Terraform"
description = var.group.description
aliases = var.group.aliases
}
14 changes: 13 additions & 1 deletion modules/groups/variables.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,16 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# CONFIGURE VARIABLES
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


variable "group" {
type = any
description = "contains an object representing a Google Group"
type = object({
email : string,
name : string,
description : optional(string),
settings : optional(string),
aliases : optional(list(string)),
members : optional(list(string)),
})
}
29 changes: 24 additions & 5 deletions modules/groups_in_group/variables.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,28 @@
variable "groups" {
type = map(any)
description = "contains objects representing all defined Google Groups"
}
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# CONFIGURE VARIABLES
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


variable "group" {
type = any
description = "contains an object representing a Google Group"
type = object({
email : string,
name : string,
description : optional(string),
settings : optional(string),
aliases : optional(list(string)),
members : optional(list(string)),
})
}

variable "groups" {
description = "contains objects representing all defined Google Groups"
type = map(object({
email : string,
name : string,
description : optional(string),
settings : optional(string),
aliases : optional(list(string)),
members : optional(list(string)),
}))
}
6 changes: 4 additions & 2 deletions modules/users/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,17 @@ resource "googleworkspace_user" "user" {
given_name = var.user.given_name
}
aliases = var.user.aliases
archived = var.user.archived
include_in_global_address_list = var.user.include_in_global_address_list
ip_allowlist = var.user.ip_allowlist
is_admin = var.user.is_admin
org_unit_path = var.user.org_unit_path
archived = var.user.archived
suspended = var.user.suspended

lifecycle {
ignore_changes = [
recovery_email,
recovery_phone
recovery_phone,
]
}
}
20 changes: 19 additions & 1 deletion modules/users/variables.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,22 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# CONFIGURE VARIABLES
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


variable "user" {
type = any
description = "contains an object representing a Google User"
type = object({
primary_email : string,
given_name : string,
family_name : string,
password : optional(string),
aliases : optional(list(string)),
archived : optional(bool),
include_in_global_address_list : optional(bool),
ip_allowlist : optional(bool),
is_admin : optional(bool),
org_unit_path : optional(string),
suspended : optional(bool),
roles : optional(list(string)),
})
}
28 changes: 21 additions & 7 deletions modules/users_external_to_groups/variables.tf
Original file line number Diff line number Diff line change
@@ -1,14 +1,28 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# CONFIGURE VARIABLES
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


variable "groups" {
description = "contains objects representing all defined Google Groups"
type = map(object({
email : string,
name : string,
description : optional(string),
settings : optional(string),
aliases : optional(list(string)),
members : optional(list(string)),
}))
}

variable "user_external" {
type = map(any)
description = "contains an object representing an external User"
type = object({
roles : list(string),
})
}

variable "user_external_email" {
type = string
description = "contains the external User email"
}

variable "groups" {
type = map(any)
description = "contains objects representing all defined Google Groups"
type = string
}
29 changes: 27 additions & 2 deletions modules/users_to_groups/variables.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,34 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# CONFIGURE VARIABLES
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


variable "user" {
type = any
description = "contains an object representing a Google User"
type = object({
primary_email : string,
given_name : string,
family_name : string,
password : string,
aliases : optional(list(string)),
archived : optional(bool),
include_in_global_address_list : optional(bool),
ip_allowlist : optional(bool),
is_admin : optional(bool),
org_unit_path : optional(string),
suspended : optional(bool),
roles : optional(list(string)),
})
}

variable "groups" {
type = map(any)
description = "contains objects representing all defined Google Groups"
type = map(object({
email : string,
name : string,
description : optional(string),
settings : optional(string),
aliases : optional(list(string)),
members : optional(list(string)),
}))
}
Loading

0 comments on commit d879417

Please sign in to comment.