Role resource in the Terraform Googleworkspace provider. Role resides under the https://www.googleapis.com/auth/admin.directory.rolemanagement
client scope.
data "googleworkspace_privileges" "privileges" {}
locals {
read_only_privileges = [
for priv in data.googleworkspace_privileges.privileges.items : priv
if length(regexall("READ", priv.privilege_name)) > 0
]
}
resource "googleworkspace_role" "read-only" {
name = "read-only"
dynamic "privileges" {
for_each = local.read_only_privileges
content {
service_id = privileges.value["service_id"]
privilege_name = privileges.value["privilege_name"]
}
}
}
name
(String) Name of the role.privileges
(Block Set, Min: 1) The set of privileges that are granted to this role. (see below for nested schema)description
(String) A short description of the role.etag
(String) ETag of the resource.id
(String) ID of the role.is_super_admin_role
(Boolean) Returns true if the role is a super admin role.is_system_role
(Boolean) Returns true if this is a pre-defined system role.privileges
Required:
privilege_name
(String) The name of the privilege.service_id
(String) The obfuscated ID of the service this privilege is for.Import is supported using the following syntax:
terraform import googleworkspace_role.admin 12345678901234567