A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".
To get more information about GroupMembership, see:
resource "google_cloud_identity_group" "group" {
display_name = "my-identity-group"
parent = "customers/A01b123xz"
group_key {
id = "my-identity-group@example.com"
}
labels = {
"cloudidentity.googleapis.com/groups.discussion_forum" = ""
}
}
resource "google_cloud_identity_group" "child-group" {
display_name = "my-identity-group-child"
parent = "customers/A01b123xz"
group_key {
id = "my-identity-group-child@example.com"
}
labels = {
"cloudidentity.googleapis.com/groups.discussion_forum" = ""
}
}
resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
group = google_cloud_identity_group.group.id
preferred_member_key {
id = google_cloud_identity_group.child-group.group_key[0].id
}
roles {
name = "MEMBER"
}
}
resource "google_cloud_identity_group" "group" {
display_name = "my-identity-group"
parent = "customers/A01b123xz"
group_key {
id = "my-identity-group@example.com"
}
labels = {
"cloudidentity.googleapis.com/groups.discussion_forum" = ""
}
}
resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
group = google_cloud_identity_group.group.id
preferred_member_key {
id = "cloud_identity_user@example.com"
}
roles {
name = "MEMBER"
}
roles {
name = "MANAGER"
}
}
The following arguments are supported:
roles
-
(Required)
The MembershipRoles that apply to the Membership.
Must not contain duplicate MembershipRoles with the same name.
Structure is documented below.
group
-
(Required)
The name of the Group to create this membership in.
name
-
(Required)
The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER.
Possible values are: OWNER
, MANAGER
, MEMBER
.
expiry_detail
-
(Optional)
The MembershipRole expiry details, only supported for MEMBER role.
Other roles cannot be accompanied with MEMBER role having expiry.
Structure is documented below.
The expiry_detail
block supports:
expire_time
-
(Required)
The time at which the MembershipRole will expire.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond
resolution and up to nine fractional digits.
Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".member_key
-
(Optional, Beta)
EntityKey of the member.
Structure is documented below.
preferred_member_key
-
(Optional)
EntityKey of the member.
Structure is documented below.
The member_key
block supports:
id
-
(Required)
The ID of the entity.
For Google-managed entities, the id must be the email address of an existing
group or user.
For external-identity-mapped entities, the id must be a string conforming
to the Identity Source's requirements.
Must be unique within a namespace.
namespace
-
(Optional)
The namespace in which the entity exists.
If not specified, the EntityKey represents a Google-managed entity
such as a Google user or a Google Group.
If specified, the EntityKey represents an external-identity-mapped group.
The namespace must correspond to an identity source created in Admin Console
and must be in the form of identitysources/{identity_source_id}
.
The preferred_member_key
block supports:
id
-
(Required)
The ID of the entity.
For Google-managed entities, the id must be the email address of an existing
group or user.
For external-identity-mapped entities, the id must be a string conforming
to the Identity Source's requirements.
Must be unique within a namespace.
namespace
-
(Optional)
The namespace in which the entity exists.
If not specified, the EntityKey represents a Google-managed entity
such as a Google user or a Google Group.
If specified, the EntityKey represents an external-identity-mapped group.
The namespace must correspond to an identity source created in Admin Console
and must be in the form of identitysources/{identity_source_id}
.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{name}}
name
-
The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.
create_time
-
The time when the Membership was created.
update_time
-
The time when the Membership was last updated.
type
-
The type of the membership.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.GroupMembership can be imported using any of these accepted formats:
{{name}}
In Terraform v1.5.0 and later, use an import
block to import GroupMembership using one of the formats above. For example:
import {
id = "{{name}}"
to = google_cloud_identity_group_membership.default
}
When using the terraform import
command, GroupMembership can be imported using one of the formats above. For example:
$ terraform import google_cloud_identity_group_membership.default {{name}}